RANGARAJAN RAGHAVENDRAN (IN)
VUPPU VIDYARANYA (IN)
| US20090253406A1 | 2009-10-08 | |||
| US20120009979A1 | 2012-01-12 | |||
| EP2592853A1 | 2013-05-15 |
| CLAIMS 1] A method for mitigating instances of Electronic Universal Integrated Circuit Card (eUICC) blockage in a communications environment (000) by remotely implementing a discretion facility arranged to contextually determine as to whether or not any underlying attack and its quorum genuinely warrant eUICC blockage. 2] The method of claim 1 , wherein the communications environment (000) includes at least one device (002) chosen among mobile equipments, M2M devices and their equivalents, characterized in that said device (002) is equipped with a eUICC (001 ) subscribed for interactive, over-the-air communications with at least one mobile network operator (003). 3] The method of claim 1 , further comprising the establishment of a cloud-based service (004) hosting the discretion facility, particularly a discretionary logic, for contextually mitigating instances of eUICC blockage, characterized in that said cloud-based service (004) is capable of maintaining an attack counter, and having interactive communications with the at least one mobile network operator (003). ] The method of claim 1 or 3, further comprising a step of transmitting over-the-air from eUICC (001 ) to the at least one mobile network operator (003) an alert message chosen among: a) an attack detection message (006) being issued after every incidence of attack on said eUICC (001 ); and b) an attack counter blocked message (008) issued after blockage of said eUICC (001 ) as a result of an attack count exceeding a predefined threshold value. ] The method of claim 4, wherein transmission of messages (006) and (008) is alternatively subject to a system-defined delay, of preferably 100 commands, to avoid detection by a potential hacker of the success and reporting of any attack. ] The method of claim 4, further comprising a step, to be undertaken by the at least one mobile network operator (003) in role of a trusted service provider, of adding contextual indicia incidental to the content of any alert message received by said at least one mobile network operator (003), to thereby constitute an augmented message (007). ] The method of claim 6, wherein contextual indicia are chosen among time, date, application ID, and device ID identifying with the device (002) and messages (006) and (008) received by the at least one mobile network operator (003). ] The method of claim 4, further comprising a step of forwarding the message (007) to the contextual discretion facility or cloud-based service (003) for applying discretion as to whether or not the underlying attack and its quorum genuinely warrant eUICC blockage. ] The method of claim 1 , wherein the step of reaching discretion as to whether or not the underlying attack and its quorum genuinely warrant eUICC blockage comprises classifying all attacks and their cumulative quorum as genuine, therein excluding, as non-genuine, every instance, and its contribution to the quorum, of an attack which is expected at particular locations or as part of authorized testing and system updates being implemented in the environment (001). 0] The method of claim 9, wherein information of particular locations, time-zones, dates and scheduling of authorized testing and system updates in the environment (001) in which attacks are expected and thus to be excluded, is preemptively notified to the cloud-based service (004). 1] The method of claim 1 , comprising a further step, to be initiated by the discretion facility or cloud-based service (004) upon the determination of any attack and its contribution to the quorum not genuinely warranting eUICC blockage, of alternatively among: a) assuming a non-reactive stance, and not logging any increase in the quorum of attacks reported to thereby maintain the attack counter quorum below the pre-defined threshold required for genuinely warranting eUICC blockage in the event that the message (007) received is based on an underlying attack detection message (006); and b) generating a message (010) for resetting the attack counter on eUICC (001) to thereby unblock eUICC (001) and re-operationalise device (002). ] The method of claim 11 , wherein the message (010) is relayed first, from the cloud-based service (004) to the at least one mobile network operator (003) - preferranly via internet protocol (005) - and subsequently over-the-air to eUICC (001 ) to thereby unblock eUICC (001) and re-operationalise device (002). ] A system for contextually mitigating instances of eUICC blockage in a communications environment (000), comprising: a) Computerized logic hosted with the at least one mobile network operator (003) for adding contextual indicia incidental to the content of any alert message received from eUICC (001), to thereby constitute an augmented message (007); and b) A cloud-based service (004) for remotely maintaining an attack counter, and having interactive communications with the at least one mobile network operator (003) for implementation of the discretionary logic necessary for the determination as to whether or not any reported attack and its quorum genuinely warrant eUICC blockage. ] The system of claim 13, further characterized in that the cloud-based service (004) and the at least one mobile network operator (003) communicate via internet protocol (005) whereas the at least one mobile network operator (003) and eUICC (001) communicate over-the-air, to thereby allow mitigating instances of eUICC blockage across all generations of eUICC equipped devices irrespective of whether or not said devices support next-generation communication protocols. ] The system of claim 13, further characterized in the non-requirement of any modifications to existing eUICC (001) and device (002) to thereby allow mitigating instances of eUICC blockage as a plug-and-play utility across all generations of eUICC equipped devices. |
[001] Field of the present invention
[002] The present invention relates generally to the security and service continuity aspects of embedded Universal Integrated Circuit Card application environments and, in that, more particularly to the optimization of aforesaid aspects by contextual determination besides nature and quorum of the circumstances which warrant blockage of the eUICC involved.
[003] Background of the present invention and description of related art
[004] eUICC-equipped mobile phones, notebooks as well as M2M devices and their corresponding services and applications have more-or-less become ubiquitous in the man-made world of today wherein these implements are commonly used for subscription-based voice and/ or data-centric communications. Security of a eUICC is fundamental to success of these communication platforms since it embodies the subscriber's unique digital identity. Consequentially, there is a need for preemptive as well as post- attack countermeasures which would serve to protect against any unauthorized access and/ or misuse of the eUICC.
[005] As all electronic systems go, eUICCs too are prone to attacks constituting security breaches or threats to identity, confidentiality, data integrity and continuity of service (or of any function additionally hosted on the eUICC). Blocking a eUICC in the wake of such attacks is a common defense strategy employed to prevent further unauthorized access and/ or misuse of the eUICC. Conventionally, a predetermined attack count is defined as the threshold to trigger blocking of a eUICC, which ultimately renders the eUICC- equipped device or eUICC-enabled function inoperational. Besides the encumbrances occasioned due to abrupt cessation in services, the subscriber must then also then face additional procedures and costs, as may be prescribed by the service provider corresponding to the eUICC, to be undertaken for resuming services. It shall therefore be advantageous to have some means to minimize the probability and recurrence of eUICC blockage, therefore enabling the subscribers to enjoy uninterrupted services. [006] A common drawback to the defense strategy listed above, is that, a predetermined attack count, irrespective of peripheral identification of the threat perceived, is always used to decide upon blocking of a eUICC. As known, attacks can be initiated by a human attacker or by malware such as a virus or worm from a networking device over-the-air or from within an intranet, and may also differ in being localized or widespread. In rare circumstances, the attack may simply be as innocuous as a user keying in the wrong Personal Identification Number ("PIN") beyond the fixed threshold number of instances allowed. A common blanket approach therefore shall always be less-than-perfect for discerning whether, or not, blocking a eUICC was really required. It shall therefore be beneficial for due consideration of the circumstantial indicia of an attack to decide upon whether, or not, the attack is real and needs to be accorded sufficient cognizance/ accounted while justifying a defense response and/or blocking the eUICC for further use.
[007] Notably among prior art, DE102005045885 (A1 ) discloses a method for unblocking of a wireless card. Here, current location of a telecommunication transmission device is determined from location data, which is compared with a stored unlocking location and the card is unlocked if the current location corresponds to the unlocking location. This method however depends on using location data as an access code and shall be ineffective if the user is unable to visit the unlocking location for some reason.
[008] The unresolved needs of art voiced hereinabove form target of research undertaken by the present inventors, who have thereby come up with novel solutions capable of meeting at least all major among said needs once and for all. Accordingly, the narration to follow enlists a few illustrious non-limiting embodiments of the present invention
[009] Objectives of the present invention
[010] The present invention is identified in effectively meeting certain objectives as set out herein under, of which:
[011] It is a primary objective to provide a method for enhancing the service continuity of eUICC-equipped devices without compromising on security. [012] It is another objective of the present invention in addition to the aforementioned objective(s),that the method so provided is capable of discretionally determining the circumstances which truly warrant blockage of a eUICC depending on circumstantial contextual indicia of the device hosting said eUICC.
[013] It is another objective of the present invention in addition to the aforementioned objective(s), that the method so provided is capable of being hosted independently of the eUICC, and furthermore preferably in a central location for addressing a plurality of eUICCs comprising the communications environment.
[014] It is another objective of the present invention in addition to the aforementioned objective(s), that the means of discretion so provided are capable of reversing an event of blockage of the eUICC involved should the circumstances be determined as less compelling.
[015] It is another objective of the present invention in addition to the aforementioned objective(s), that the means of discretion so provided are capable of reconfiguring the thresholds of attack counts calling for blockage of the eUICC involved depending on contextual indicia of the corresponding device equipped with said eUICC.
[016] It is another objective of the present invention in addition to the aforementioned objective(s), that the means so provided inculcates deferred messaging for avoiding recognition or manipulation by an attacker.
[017] It is another objective of the present invention in addition to the aforementioned objective(s), that the means so provided allow quick, preferably real-time, unblocking of blocked eUICCs without involvement of additional procedures or costs for the subscriber.
[018] It is yet another objective of the present invention in addition to the aforementioned objective(s), that the system necessary for implementation of the method so provided does not mandate, or minimally if required at all, any modification to existing eUICC architecture, corresponding physical media and communication protocols associated with conventional mobile equipment
[019] It is yet another objective of the present invention in addition to the aforementioned objective(s), that the method so provided are capable of implementation alternatively as a subscription-based service that may be accessed voluntarily by the user in charge of a eUICC-equipped device.
[020] It is yet another objective of the present invention in addition to the aforementioned objective(s), that the method so provided are capable of being accessed by the mobile network as a further layer utility, therefore making it not mandatory for every eUICC-equipped device to have access to internet for drawing benefit of the present invention.
[021] The manner in which the above objectives are achieved, together with other objects and advantages which will become subsequently apparent, reside in the detailed description set forth below in reference to the accompanying drawings and furthermore specifically outlined in the independent claims 1 and 13. Other advantageous embodiments of the invention are specified in the dependent claims.
[022] Brief description of the drawings
[023] Fig. 1 is a schematic illustrating the application environment and scheme of implementation of the present invention for remote contextual determination of attacks that, if exceeding a threshold count, call for blockage of eUICC.
[024] Fig. 2 is a schematic illustrating the application environment and scheme of implementation of the present invention for remote contextual determination of attacks and discretional mitigation of the circumstances which warrant blockage of the eUICC involved.
[025] Definitions
[026] In this document, the following terms shall have their underlying respective meanings: [027] "eUICC" shall mean and refer to electronic universal integrated circuit cards allowing network authentication and access, and shall so cover SIM (Subscriber Identification Module) cards and all their possible variants, irrespective of whether provided, or not, in embedded form factor.
[028] "eUICC-equipped device" shall mean and refer to all mobile equipment and M2M devices capable of receiving a eUICC.
[029] Detailed description
[030] The present invention is directed towards the fulfillment of the aforementioned objectives by enabling a cloud-based method and system for contextually mitigating instances of eUICC blockage wherein characteristically, a remote service is involved for discretionally determining the circumstances which truly warrant blockage of a eUICC, and further causing reversing an event of blockage of the eUICC involved should the circumstances be determined as less compelling. Besides the inherent utility of this methodology in alleviating the encumbrances occasioned otherwise due to abrupt cessation in services and additional procedures and costs to be faced as an aftermath by the subscriber, other ergonomic, technical and economic features imminent to the reduction of practice of the present invention are intended to be covered by ambit of the patent claim made in this document.
[031] As evident from the foregoing background of the present invention, the challenge is to obtain circumstantial indicia of an attack and infer whether it truly deserves any defense, or conversely, reverse a defense if the cause is less befitting. Normally, a eUICC has no means to verify the authenticity of peripheral information feeds, therefore making it a prime requisite for these functions be hosted off-card for able implementation.
[032] According to defining principles of the present invention explained here with general reference to Fig. 1 and Fig. 2, the application environment (000) of the present invention includes a plurality of mobile equipment/s or M2M device/s represented by (002), each equipped with a corresponding eUICC represented by (001). Equipment/s (002) are capable of communicating over the air with a cloud service (004) via an internet protocol (005), their equivalents and their various combinations.
[033] Accompanying Fig. 1 showcases scheme of implementation of the present invention for remote contextual determination of attacks that, if exceeding a threshold count, call for blockage of eUICC. As seen here, each attack detected in the eUICC (001 )generates an <Attack Detected> message (006), which is relayed, in immediate consequence or preferably after a predetermined delay, sequentially from eUICC (001) to device (002), network (003) and over internet (005) to cloud service (004).
[034] In alternative embodiments, generation of the message (006) is intentionally delayed, say per 100 commands received by the eUICC for avoiding detection of such reporting, or subjecting this step to manipulation by any attacker. It shall be understood, that said delay is configurable in metric of time and/ or message counts, to hence thwart any attempts by potential hackers to predict recognition that the card is successfully hacked and/or the system is reporting the attack for any treatment. Certain additional embodiments of the present invention suggest compensating for the delays introduced, to thereby log corrected records for attack/s. Irrespectively, such determination however is characterized in the inclusion of an interim step wherein the network (003) adds trustworthy circumstantial indicia of the attack, such as application ID, device ID, location, time and date information, to the message (006) to thereby result in an augmented message (007) to be received by the cloud service (004). As a result, the cloud service can accordingly track and determine incidences of attacks and the cumulative attack counts in this manner.
[035] The specific arrangement and implementation narrated above resolves, in part, the challenge of obtaining circumstantial indicia associated with an attack at a remote governing site. Resolution of the remaining part, that is inferring whether any attack count truly deserves a defense, specifically blocking of the eUICC involved, or conversely, reverse said defense if the cause is less befitting is explained with reference to accompanying Fig. 2which showcases the underlying logic of discretionally mitigating the circumstances which truly warrant blockage of the eUICC involved. As seen here, a <Attack counter blocked message>(008) is generated after reaching a predetermined attack count, say 3, 5 or more, which is recognized as the threshold to trigger blocking of the eUICC involved. Message (008) is relayed, in immediate consequence of the block reached, sequentially from eUICC (001) through device (002) to network (003), and over internet (005) to cloud service (004). Irrespectively, such determination however is characterized in the inclusion of an interim step wherein the network (003) adds trustworthy circumstantial indicia of the attack, including location, time and date information, to the message (008) to thereby result in an augmented message (007) to be received by the cloud service (004). In response, the cloud service can accordingly determine whether, or not, blockage of any eUICC is truly warranted. Rules for discretion are incorporated in logic of the cloud service, which form basis of such determination, by preferably classifying all attacks and their cumulative quorum/ number as genuine excluding every instance, and its contribution to the quorum, of an attack which is expected at particular locations or as part of authorized testing and system updates being implemented in the environment. In the event blockage of any eUICC is determined not to be truly warranted, the cloud service (004) generates a <Attack counter reset message>(009) which retraces the path to eUICC (001) via the network (003) and device (002) to eUICC (001) in sequence. Once message (009) is received, the eUICC (001) is immediately unblocked leading to resumption of operations of device (002) without any additional procedures or costs for the end-user. According to an isolated aspect of the present invention, the rules for discretion embody the framework for due consideration of circumstantial indicia of an attack to decide upon whether, or not, the attack is real and needs to be accorded sufficient cognizance/ accounted while justifying a defense response, including blockage of the eUICC. For example, the rules may preclude certain time zones, locations and/or dates in relation to which the eUICC is more vulnerable, or is subjected to test environments wherein deliberate attacks are expected. In similar situations wherein the threat value of such attacks is low, the system may therefore assign a lower level of risk to cumulative attack counts, and accordingly chose to either reset the attack counter, modify the threshold for triggering any defensive countermeasure (including blocking of eUICC) or instruct the reversal (unblocking) of an blocked eUICC. As may be appreciated, these decisions together help in reducing overall incidences of eUICC blockage to only those circumstances which pose true risk and hence duly warrant blockage of eUICC as a counter / damage-control measure.
[037] According to an isolated aspect of the present invention, communications between cloud service (004) and network (003) solely needs internet protocols while, those between the device (002) and network (003) can occur alternatively via GSM or available communications network. A lateral advantage emerging from this arrangement is that eUICC-equipped devices having no access to internet also stand to draw benefit of the present invention, thus implying a truly global applicability of the present invention.
[038] Industrial applicability of the present invention shall be clearly understood from the foregoing narration, as reiterated for emphasis in the following salient features which promise positive evolution of the manner in which security and service continuity aspects of eUICC-equipped devices can be better managed:
a) Service continuity of eUICC-equipped devices is enhanced without compromising on security as blockages are restricted to only those circumstances which pose true risk and hence duly warrant blockage of eUICC as a counter / damage-control measure
b) Discretional logic for deciding upon eUICC blockage is hosted independently of the eUICC, and furthermore preferably in a central location, alternatively as a trusted subscription-based service for addressing a plurality of eUICC- equipped devices comprising the communications environment.
c) Discretional logic for deciding upon eUICC blockage is capable of unblocking a eUICC, preferably in real time, should the circumstances be determined as less compelling.
d) Discretional logic for deciding upon eUICC blockage is capable of reconfiguring the thresholds of attack counts calling for blockage of the eUICC involved depending on contextual indicia of the corresponding device equipped with said eUICC.
e) Reporting of attack messages inculcates deferred messaging for avoiding recognition or manipulation by an attacker, thereby implying another security layer. f) Quick, preferably real-time, unblocking of blocked eUICCs without involvement of additional procedures or costs for the subscriber.
g) The system of the present invention does not mandate any modification to existing eUICC architecture, corresponding physical media and communication protocols associated with conventional mobile equipment, thereby implying ready integration in existing state-of-art technologies.
h) It is yet another objective of the present invention in addition to the aforementioned objective(s), that the method so provided are capable of being accessed by the mobile network as a further layer utility, therefore making it not mandatory for every eUICC-equipped device to have access to internet for drawing benefit of the present invention
As will be realized, the present invention is capable of various other embodiments and that its several components and related details are capable of various alterations, all without departing from the basic concept of the present invention. Accordingly, the foregoing description will be regarded as illustrative in nature and not as restrictive in any form whatsoever. Modifications and variations of the method and system described herein will be obvious to those skilled in the art. Such modifications and variations are intended to come within ambit of the present invention, which shall thus be limited only by the appended claims.
Next Patent: CAPSULES FOR LOWERING CHOLESTEROL