Note: Descriptions are shown in the official language in which they were submitted.
s~ a
" Method of recognizing the unauthorized use of an identiflcation".
The invention relates to a method of detecting the unautho
rized use of an identification assigned to a subscriber station of a
message transmission system, as defined in the introductory parts of
the Patent Claims 1 and 2.
To distinguish between different subscriber stations of a
message transmisssion system so-called identifications can be used. As
a rule, calculating the call charges is effected on the bas~is of the
identification of the subscriber station.
In a radio ~transmission sys-tem, the charges for conversations
initiated b~ a mobile radio station are calculated in a radio exchange.
German Patent Specification 24.19.615 discloses a method of identifying
a subscriber station (mobile radio station) by means of which the un-
authorized use of the identification (subscriber numter and identifica-
tion code) of the mobile radio station in the radio transmission system
can be detected. In the mobile radio station, the identification is
stored in an identification code generator, for example a magnetic card.
To operate the mobile radio station, the identification code generator
is inserted into a slot of the control unit of the mobile radio station
and the data are read by a reading device of the control unit and ap-
20 plied to a control device in the control unit. To prevent illegal copy-
ing of the magnetic cards on the kasis of the entries in a telephone
directory in which the subscriker numker is listed, each subscriker of
the radio transmission system is given a second "secret" subscriker
numker (code) which is stored on the magnetic card.
In German Patent Specification 24.19.615 it is checked, as an
identity check, whether there is agreement between the subscriker code
and sukscriber num~er. The identification code transmitted by a mobile
radio station for checking its identity, which code is formed with the
aid of an enciphering key ~nown to a subscriker, from the subscriker
30 numker, is transmitted to the radio exchange. In the radio exchange theidentification code received from the mobile radio station is deciphered
with the aid of an opposite enciphering rule. The call numker (subscri-
b_r numker) of the relevant mobile station is obtained by way of iden-
z~
tification code from the deciphering operation.
False; identifications, for example identifications which wereformed without the use of the encoding rule not known by the subscriber,
are indeed also deciphered in the radio exchange and transmitted as an
identification code to the bile radio station. ~lowever, the identi-
fication thus obtained does not correspond to the identification which
corresponds with the subscri~er numker of the mobile radio station.
When the received identification code is, for example, compared in the
identification code receiver with the subscriber numker stored on the
magnetic card, it is detected that there is no agreement and the es-ta-
blished connection is broken.
Such a method in which a fixed encoding rule is used, offers
however hardly any protection against false identifications which are
obtained in an unauthorized way by listening-in on the exchange of in-
formation on the radio transmission channel. If the exchange of infor-
mation on the radio transmission channel is overheard, then it is pos-
sible, by manipulating the identification code generator and also the
control device ~identification code receiver) in the mobile radio sta-
tion to accomplish that the call charges for this mobile radio station
are charged to the account of a different subscrib_r of the radio trans-
mission system.
A further public service is a teletext transmission system.
TE KA DE Technische Mitteilungen 1980, page 21, chapter 5 "Verbindungs-
aufbau" describes that the setting-up of a connection from a subscri~er
is initiated by operating the remote control of the television set.
When a line from the subscriker station to the telete~t exchange is free,
then - after the loop has ~een closed, which is necessary to supply the
teletext modem with supply current - the automatic selection of a call
numker assigned to the exchange starts. If the connection to the ex-
change can be made, then the subscrib_r numker (identification~ storeclin the subscriber numker is transmitted to the teletext exchange via a
control comprised in the subscriber station. The identification which,
for example, consists of up to 11 figures of an ISO-7-Bit-Code and an
additional check byte is used in the teletext exchange to check the
autorisation and for the correct calculation of the charges. In additlon,
measures can be taken to provide that the teletext exchange requests a
so-called pass w~rd (identification code) from the subscriber station ke-
fore the teletext exchange allows access to the information components
50~.
stored there.
Also in this case the identification (subscriber number and
identification code) can be overheard, using methods similar to those
used to listen-in on telephone conversations and the identification
stored in an identification code generator of the teletext modem can
be changed with the object of fraud.
The invention has for its object to prevent call charges from
being charged to the account of other subscribers of the message trans-
mission system by the use of manipulated identifications, which can be
obtained in an unauthorized way by l:istening-in on the exchange of in-
formation via a message transmission channel.
; This object is accom~lished by means of the characterizing
parts of the Patent Claims 1 and 2.
By using a variable encoding rule (random value X) as claimed
in Claim 1, the unauthorized use of an identification obtained hy over-
hearing the exchange of information on the message transmission chan-
nel, can be prevented. If afraudulentuser has possibly obtained in an
unauthorized manner an encoding rule after a plurality of unsuccesful
trails, then by replacing the encoding rule by a different rule it is
possible to prevent the fraudulentuser from using services of the
message transmission system at the expense of other subscriber. To in-
crease the safety of the system it is possible to exclude the subscriber
station from access to services of the exchange (for exam~le teletext
exchange) after a number of unsuccessful tries with manipulated identi-
fications
; In a solution as claimed in Claim 2, the unauthorized use of
an identification which the fraudulent user has obtained by illegally
copying the identification code generator or by listening-on on the ex-
change of information vla the message transmission system, can be de-
tected. As claimed in Claim 2 the fixed data, such as subscriber nu~ber
and identification code are combined with variable data. If the stored
- fixed data are copied, then the fraudulent user can still not carry on
a conversation at the expense of another subscriber since he does not
known the stored variable data. Not until he has copied the stored fixed
data and overheard the variable data can a fraudulent user make calls
at the ex~ense of other subscribers of the message transmission system.
However, the variable data change during operation of the tw~ subscriber
stations, so that during the first conversation, or the first time the
service is utilized it may happen that such afraudulentuse cannot be
detected. ~uring the further course of operation of the two subscriber
stations, unequal variable data are set, which produce different com-
parison results in the exchange so that considered over a longer period
of time, the fraudulent user cannot try to make use of services without
the unauthorized use of the identification keing detected. A further
advantage of the method according to the invention is that the data
volume of the fixed data can be reduced to the benefit of the data vo-
lume of the variable data, so that the identification code generator
(fixed data store), for example a magnetic card, can be of a simpler
construction.
If in accordance with Patent Claim 4 the number of successful
call set-ups of the subscriber station are used as the variable data,
then the comparison and evaluation procedure in the e~change can be
easily simplified, as the comparison of encoded data, more specifically
the counting positions can ~e effected with the aid of logic circuits
of a simple construction.
In the majority oE cases manipulated identifications are ob,
tained by listening-in on the exchange of information via the message
transmission channel. In a method as claimed in Claim 5 an enciphered
co~mting position is o~tained using an enciphereing device. As the
fraudulent user knows neither the instanteneous counting position nor
the rule for enciphering the counting position, the safety measures can
still be further improved.
To prevent the possibility that the enciphering rule for en-
coding the counting position can be deciphered by repeated tries, addi-
tional fixed data are applied in accordance with Claim 6 to the enciphe-
ring device and combined with the counting position applied to the en-
ciphering device~ For the various subscriber stations of the message
transmission system this produces different enciphering rules, so that
decoding the enciphering rule will require a lot of effort.
As claimed in Claim 7 or 8, the subscri~er station transmits
by way of variable data only a portion of the encoded counting position,
which is obtained by selecting predetermined bit positions or by forming
a cross-sum. If a fraudulent user listens in on the exchange of infor-
mation vla the message transmission channel, then he will only know a
part of the encoded counting position, but not the whole counting posi-
tion. For this cross-sum it holds, that with a num~er of counting posi-
5~.
tions a]ways the same cross-sum is associated, for example the decimal
cross-sum 5 is associated with the counting positions 005,122,221. Con-
sequently, a fraudulent user can ~nlv try to guessthe whole counting
position so that usually he will already be detected during his first try.
The invention will now be described in greater detail by way
of example with reference to the accompanying drawings, in which
Figure 1 shows a block circuit diagram of a first em~odiment
and
Figure 2 shows a block circuit diagram of a second em~odiment
f the invention.
The block circuit diagram of Figure 1 shows the arrangements
used in a method according to the invention in a subscriber station T
and an exchange Z of the message transmission system. The subscriber
station T and the exchange Z comprise control units STT and STZ, res-
pectively which control the setting-up of the connections. If a sub-
scriber station T wants to utilize the service of the exchange Z, then
the exchange Z requests the subscriber station T to supply its identi-
fication. To identify itself, the subscriber station T transmits by
means of a transceiver arrangement SET the identification stored in an
identification code generator KG, for example a magnetic card, to the
exchange Z vla a message transmission channel L. The identification
thus transmitted comprises a subscriber number TNR stored on the iden-
tification code generator KG and a first identification code K1. In the
exchange Z the transmitted identification is received by a transceiver
arrangement SEZ, is applied to the control unit STZ and compared and
evaluated by the control unit STZ with an identification (subscriber
number TNR and a first identification code K1) stored in an identifi-
cation code data file KD.
Now the exchange Z transmits a random value X, that is to say a
random, variable enciphering rule to the .subscriber station T. In the
subscriber station T the received value X is applied to a deciphering
arrange~Rnt DT together with a second identification code K2 stored in
the identification code generator KG in the subscriber station T. The
enciphering arrangement DT derives from the value X and the second
identification code K2 a new value Y'. This new value Y' is transmitted
to the exchange Z via the message transmission channel L and compared
with a new value Y calculated in the exchange. If the two values Y, Y'
correspond, then the subscriber can use the services of the exchange Z.
~2~
Because of the fact that the enciphering rule is continously
changed, that is to say the value X in the exchange Z is chosen random-
ly, it can be achieved that when a fraudulent user listen-in on the
exchange of information over the message transmission channel L, he can
s not detect the identification of a subscriber station T.
In the m~thod according to the invention shown in Figure 2
additional, changing data are present in the subscriker station T and
the exchange Z. In this e~cdiment the numker of successful connections
from the subscriber station T is used as the variable data. The coun-
ting position ZS' of a counter ZZ provided in the subscriber station Tis incremented by, for example, one for each successfully established
connection. The counting position ZS' which can ke taken from the out-
puts QO to Qn is transmitted by the transceiver arrangement SET via the
message transmission channel L, is received by the transceiver arrange-
ment SEæ in the exchange Z and is applied to the control unit STZ. Foreach successfully established connection of this subscriber station T,
the counting position of the counter ZZ1 is incremented by one by the
control unit STZ. ~hen the counting position is increased by more than
one, for example by a linearly increasing difference tm to a maximum
value, it is necessary to provide counters and stores for the last-used
difference, for example for control purposes.
During the setting-up stage of a connection, in accordance
with a method described with reference to Figure 1, the subscriber num-
ber TNR, the first i~entification code K1 and -the ccunter position ZS'
2s are transmitted to the exchange Z under the control of the control unit
STT in the subscriker station T, and compared in the exchange with the
subscriker numker TNR and the first identification code K1 stored in
the identification code data file KD, and also compared with the coun-
ting position of the counter ZZ1.
If the subscriker number TNR, the first identification code K1
and the variable data, for example the counting position, are equal to
each other, then the subscriker has access to the services of the ex-
change Z.
If the counters ZZ and ZZ1 have different counting positions,
then theexchange Z requests the subscriker station T by means of an
identification co~mand to supply the second identification code K2. The
exchange Z compares the received second identification code K2 with the
identification code K2 stored in the identification code data file KD,
5~.
and, when the tw~ identification codes K2 are not in agreement, triggers
an alarm.
If the two identification codes K2 are in agreement, then the
central control unit STZ sets the counter ZZ1 to the counting position
of the counter ZZ o:E the subscriber station T. At each subsequent and
successful connection set-up the tw~ counting positions are incremented
by one. The identification of the ~subscriber station T is stored in
the exchange Z. If during subsequent connection set-up stages the coun-
ting positions of the counters ZZ and ZZ1 are in agreement, the iden-
tification of the subscriber station T :Ls removed from the store.
Should all the subsequent comparisons have negative results,
the subscriber station T is blocked.
In the emkcdiment sho~n in Figure 2, the counting position ZS'
of the counter ZZ o~ the subscriber station T is applied to an encip-
hering arrangement which derives an enciphered counting position VZS'
therefrom. The exchange Z comprises a corresponding deciphering arrange-
ment EE, which also derives an enciphered counting position VZS from
J~' the counting position ~S of the counter ZZ1. If the identification
` procedure includes the step of comparing the enciphered ccunting posit-
ions VZS' and VZS then manipulation of identifications can be detectedin a simple manner. A fraudulent user, who does not know the enciphe-
ring rule and the counting position ZS' of the counter ZZ can only ac-
cidentally transmit the correct variable data, so that as a rule the
fraudulent user will stop his trials after a large number of unsuccess-
ful trieS.
So as to further improve the safety measures, additional fixeddata, more specifically a second identification code K2 which is also
known to the exchange Z is applied to the enciphering arrangement VE.
The enciphering arrangement VE of the subscriber station T derives the
enciphered counting position VZS' from the combination of the second
identification code K2 and the counter position ~ applied to it. Using
the deciphering arrangement EE in the exchange Z the same deciphering
procedure of the counting position ZS of the counter ZZ1 is effected
there The results are now compared in accordance with the same method
as already described in the foregoing.
A still further improvement of the safety measures can be ac-
hieved when during the set ~ g-up stage of a connec-tion only a portion
of the counting position ~S~ is transmitted as the variable data by the
s~
subscriber station T. To that end, the subscriber station T comprises
a selection circuit AST which selects predetermined bit position from,
for example, the applied enciphered counting position VZS'. A further
emkodiment is characterized in that the selection circuit AST subjects
the applied enciphered counting position VZS' to a cross-summing ope-
ration.
If a fraudulent user listens-in on the exchange of informa-
tion via the message transmission channel L, then he will only obtain
part of the enciphered counting position VZS', but not the complete
enciphered counting position VZS'. As during the cross-summing opera-
tion or when only a portion of the counting position is transmitted by
selecting the predetermined bit portions, a plurality of counting pos-
itions ZS' are possible, the fraudulent user can only try to guss the com-
plete countein~ position ZS'. As a rule the first try of the fraudulent
user to ~ the variable data is already detected, and the correspon-
ding measures can be taken.
The method according to the invention is also useful in the
credit card business and in banking, in which fixed and variable data
are stored on a magnetic card. The variable data are then, for example,
the present state of the account of the subscriber or a pass-~ord sele-
ctedfrom a set of pass-words.
