The Field of the Invention

The invention deals with preservation of the continuity of service in a telecommunications network.

In particular the invention relates to continuity of service when using mobile telecommunication handsets such as mobile phones and specifically when such handsets are equipped with a retrievable security token, typically used for authentication on the network.

Such a token typically includes processing and memory means. The best known of these tokens is the smart card or Sim card, but such tokens can also be realized under another shape.

The invention relates more specifically to the preservation of the continuity of service when an end-user is deprived of is security token in case of loss or theft of said token, typically due to theft or loss of the associated handset.

The invention applies typically but not exclusively to SIM Card replacement in the GSM (Global System for Mobile Communication) world where SIM plays an important role in identifying subscribers to the GSM network operator for services such as voice communications, mobile services, and mobile transactions.

The user is typically titular of an account from which rights are debited which may correspond to the durations of communications realized by the user.

Prior Art

The current process to recover GSM subscription and personal data in case of mobile theft or loss is complex. At theft or loss, the subscriber must call the operator customer service to deactivate the stolen/lost SIM card (to prevent unauthorized calls) and get the IMEI number of the stolen/lost mobile device to declare the theft/loss to the police.

After the theft/loss declaration, the subscriber receives a recovery card 20 and must call the customer service again for activation.

On subscriber side, at least two numbers must be known: the customer service number that is generally a specific phone number for theft/loss declaration, and the IMEI number of the stolen/lost mobile device. Most of the time, the subscribers do not know these two numbers. Moreover, the subscription cannot be recovered until reception of the recovery card 20 : the SIM card is sent at home a few days after the declaration or can be retrieved at Point of Sales (if any). Continuity of service can not be fully ensured by the operator.

On mobile operator's side, associated customer care costs are significant and intermediary calls are lost.

The process and efficiency of SIM replacement become a hassle when large amounts of SIM cards need to be replaced, causing subscribers undue inconvenience in most cases.

In addition, the processes involved may have been automated as a standard operation at the point-of-sale level, but they are still not satisfactory to most operators for performing a remote (outside POS) card replacement. For a prepaid subscriber's SIM replacement, it is even impossible to most operators while the existing account information is unknown to the network operator.

The aim of the invention is to provide a solution for better ensuring the continuity of service at the end-user level in case of a theft or a loss of a handset and therefore of the associated authenticating token.

The invention aims at providing a solution which is efficient, easy to implement and low cost.

Summary

The solution is a method for limiting a risk of a user-level break of continuity of service in a mobile telecommunications network according to the object recited in claim 1.

Another aspect of the invention is a mobile telecommunications gear as recited in the appended claims.

Brief Description of the attached Drawings

Figure 1 is a view of a telecommunications system in which the invention can be applied. Figure 2 is a file structure of a recovery card according to the invention in a particular embodiment which allows a remote replacement of the previous SIM card.

Detailed Description In the described illustrated example, the account will be identified typically with a parameter called IMSI (International Mobile Subscriber Identity), as is known in the art. Nevertheless, the invention is not limited to this example, and any other parameters identifying a subscriber account is part of the invention. Figure 1 is a view of a telecommunications system that includes: - an original card 10 ;

- a recovery card 20 ;

- a mobile phone 30 where a SIM card can be inserted into;

- the mobile phone communicates with a SMS center or SMSC 40; and

- the SMS center or SMSC 40 communicates with a SIM data management 50 communicating with a plurality of entities able to manage the account attached to each SIM card. Management of a SIM card includes network authentication, mobile localization, and the like.

For each SIM card, there are two basic elements on the card in order for the network to identify the subscribers: (1) an IMSI (International Mobile Subscriber Identity) and, (2) a Ki (Authentication key). The IMSI serves as the account identifier, whereas the Ki is used when the subscriber's mobile station

(handset/phone) is requesting to logon to the network. There is an ICCID (IC

Card Identifier) on the card in order for the operator to act which SIM card ID serves as the serial number of the card in most cases. The network authenticates the SIM card (identified by the IMSI value) based on the authentication result generated by the Ki and the on-card authentication algorithm, for example, the Comp128 algorithm defined in the

GSM specification.

In order for the subscriber to logon to the network, the IMSI and Ki value are preferably preloaded onto the network's Auc 70.

Otherwise it would be necessary to perform a transfer of these values, typically from the mobile handset to the network's Auc 70, with a risk for interception during transfer from the mobile to the Auc 70 and a consequent risk of fraud. Indeed if the IMSI and Ki is not present in the Auc 70, the subscriber cannot logon to the network.

The recovery card 20 includes :

- At least one one-time parameter (IMSI/Ki) known from the network (HLR,Auc 70), said one-time parameter being provided for actuation of a temporary active account, and

- Recovery parameters including a recovery IMSI/Ki attached to said card 20 and aimed at being correlated to the same account as the previous card. The reason one-time parameter(s) i.e. a temporary IMSI/Ki couple in the present case, is used rather than the straightly the recovery parameters IMSI/Ki is to ease the number of activated subscriptions at a given time.

The recovery card 20 more specifically contains the following information: 1. A recovery IMSI, Kl in a hidden file ready to be activated. In a preferred aspect the IMSI and Ki pair of the card being replaced 10 will be removed from the Auc 70, and thereafter replaced by the recovery IMSI, Ki value of the replacement (recovery) card 20, which are typically preloaded in the Auc 70. 2. A One-time IMSI, One-time Kl in order for the recovery card 20 to get the access to the network to perform one-time activation request;

3. A small hidden application with the ability to send out an Activation Request to a dedicated address for account activation by SMS, USSD String, or any other means to inform the backend for such request when the user initiate an Activation Request in the form of menu selection on the phone, or auto- trigger after the One-time account activation.

After the Recovery card 20 has sent out the Activation Request, another component at the network side, namely "the SIM Data Management System"

50, processes the Activation Request.

The SIM Data Management System 50 mainly serves the following purposes.

It receives Activation Requests from the subscribers. It deactivate the IMSI and/or Ki of the original card 10 based on the information received from the subscriber. Deactivation is done on the Auc 70, HLR 60, or any other systems required. The SIM data management system also performs activation of the

Recovery IMSI and/or Ki based on the information received from the subscriber and provides it/them to the Auc 70, HLR 60, or any other systems required. In the present case, every recovery card 20 uses the same user identifier as long as the information sent out inside the activation request contains information for identification of the previous card and therefore identification of the considered account to link to the recovery card 20.

This information identifying the previous card is for example the Original card 10's IMSI together with the recovery card 20 (SCB) embedded IMSI for reference.

In other embodiments, any other information may be sent by the recovery card 20 through the activation request, this sent information being preferably pre-correlated to said previous account of the user inside the operator's device. The SIM Data Management Server 50 determines in which HLR 60/Auc 70 the recovery IMSI/Ki resides at the time of activation. Consequently, this allows better management of HLR 60 subscription capacity and the one-time IMSI/Ki is shared with multiple cards.

The activation steps are the following ones: 1) When a handset carrying the recovery card 20 is switched on, the one-time IMSI/Ki is used to login to the network;

2) Upon successful login to the network, a program stored in the recovery card 20 automatically sends an activation request for activating said recovery account. The following describes in more detail a preferred embodiment in which the card and the operator's Auc 70 and 50 comprise means for ensuring other roles, such as identification of the robbed/lost handset, and also preservation of the personalization of the card such as phonebook entries.

There are three independent parts in the present preferred embodiment solution: the recovery card 20 availability, the remote SIM activation and the stolen device management.

The subscriber is provided with two SIM cards. A first SIM card called "mother SIM Card" is provided at the GSM subscription and contains the following information:

- Subscriber account information

- A first application called "IMEI tracking" application with the ability to read the IMEI number of the mobile device each time the subscriber switches on and the ability to send out this IMSI number to a dedicated address by SMS, USSD string or any other means to inform the backend each time this number is different from previously.

- A second application called "Phonebook backup/restore" application .

- A third application called "Access code update" application with the ability to let the subscriber update an access code which is required to access the recovery service said application being also able to send the updated access code to a dedicated address by SMS, USSD string or any other means to inform the backend of such update.

The second SIM card called hereafter "recovery" or "replacement" Card is provided at the recovery service subscription in view of being physically preserved for the whole remaining expected life of the original card 10. Said recovery card 20 can also be provided when a user expresses the concern to have such a recovery card 20 at hand, for example at a dedicated Point of Sale at any point in time. In this alternate situation, it will be understood that the recovery card 20 is also to be kept at the location of the user for the expected remaining life of the still at hand original card 10. Such recovery card 20 is therefore provided in circumstances that are less energy and time consuming than in the circumstances of a theft or a loss.

The "recovery" card contains the following information:

- The same mother card applications "IMEI tracking", "Phonebook backup/restore" and "Access code update" applications - The ICCID of the mother SIM in a hidden file

- The one-time IMSI, Kl in order for the recovery card 20 to get the access to the network to perform one-time activation request

- An application providing the ability to make at least one phone call to predefined phone numbers only before activation with the one time account. Usually, the predefined numbers will be the customer care center number in case for any query.

- A small hidden application with the ability to send out an Activation Request to a dedicated address for account activation by SMS, USSD String, or any other means to inform the backend for such request when the user initiate an Activation Request in the form of menu selection on the phone (a recovery access code is mandatory to proceed)

This activation application sends information (with encryption and checksum) that includes, for example: - The Old ICCID and the Old IMSI in a temporary file that is to be disabled; and

- The Recovery ICCID and the Recovery IMSI from the hidden file that is to be enabled.

For security reasons, old and recovery Kl are not sent out by the application. The sole IMSI or ICCID are sent.

The subscriber keeps the recovery card 20 with him/her and uses it in case of theft/loss by inserting it in any compatible device to automatically:

- deactivate the stolen/lost mother SIM and activate the recovery card 20 with the same MSISDN. - receive the IMEI number of the stolen/lost device by SMS thanks to the fact that the remote operator's device had been informed of the IMEI number of the lastly used handset and is therefore able

to send it back to the recovery handset carrying the recovery card 20.

- recover the phonebook previously stored on the stolen/lost SIM The recovery card 20 becomes the active SIM card, a recovery recovery card 20 or secondly recovering SIM may be provided by the operator or directly by the card manufacturer so as to replace the recovery card 20.

The recovery card 20 could be personalized to provide other services before SIM replacement phase, such as loyalty for instance, using contactless functions or other additional functions. The SIM Data Management system centrally stores the original card 10 cards information and associated recovery card 20 information (ICCD, IMSI, Kl, MSISDN...). Thanks to these data and after the recovery card 20 sent out the Activation Request, the SIM Data Management system will process the Activation Request. Anytime, anywhere, another component on the network side named Device

Management Module - DMM 80 will track the device change and store the associated IMEI in a centralized database. The device management module mainly serves the following purposes. It stores IMEI number and associated MSISDN received from IMEI tracking application. It sends the IMEI number of the stolen/lost device to the associated MSISDN. It provide reports and statistics related to the operator's device installed base.

The following steps are therefore carried out. The different steps involved are represented in Figure 1. Arrows referenced with a respective number (2 to 6) indicate the direction of each message. The different steps are: 1. The original card 10 is lost or robbed.

2. Recovery card 20 is inserted into the phone MOB, logon to the network using the One-time account identifier. The recovery card 20 then sends out the recovery card 20 information in step 3. Upon successful sending, Recovery IMSI and Kl are overwritten to replace the existing One-time account waiting for activation.

3. The recovery card 20 RCAR sends out the Activation Request to the backend using this One-Time account identifier.

4. A dedicated SMSC receives the Activation Request, and passes the request to SIM Data Management 50. 5. SIM Data Management system 50 processes the request, fetches for the corresponding account information, and performs backend replacement/activation process of the account activating parameters.

6. SIM Data Management system 50 updates various systems, including Auc 70 for Card Activation. At recovery service subscription, the subscriber receives a recovery card 20 from the operator, from the operator's distribution channel or directly from the card manufacturer.

The recovery card 20 will have the file structure illustrated at figure 2 to facilitate the remote replacement and activation. The One-Time IMSI and Ki is attached to an existing account on the network for all the recovery cards 20 to logon to the network for Activation Request. This account is not able to make any phone call thanks to the network setup and thanks also to the card FDN file (Fixed Dialing Number File ). The user is enabled by this collective account for Customer Care center only. At theft or loss of mobile device, The subscriber will insert the recovery card

20 in any compatible mobile device to start the Activation Request. Upon insertion of the recovery card 20, the SIM card and the Auto-Activation application will perform the following:

The recovery card 20 will Authenticate with the network using the One-time IMSI and the response calculated from the One-time Authentication Key, Ki.

Upon successful logon to the network, the Auto-Activation application will send out an Activation Request to the SIM Data Management Server and device management module connected to the SMSC.

The SIM Data Management server will proceed to the activation/deactivation.

The device management module will flag the last IMEI number of the subscriber as the stolen/lost one.

Upon successful sending of the Activation-Request-SMS, the Auto- Activation application will exchange the One-Time IMSI and One-Time Ki with the Recovery IMSI and the recovery Ki in the hidden file of the card. It then enables the ADN and disables the FDN. The Auto-activation application will also prompt the user to "Activation in

Progress" and ask the user to Switch off and on the phone in 5 minutes. The recovery card 20 will wait for the SIM Data Management System to activate the account.

After switch on again, the recovery card 20 is activated with the same MSISDN than before theft/loss and it becomes the recovery mother card of the subscriber. The IMEI number of the stolen/lost mobile device is sent by the device management module and received by SMS.

Anytime, the subscriber can ask for phonebook restore using an associated menu. On the SIM Data Management 50 Side, the actions are as follows:

The SIM Data Management 50 receives the Activation Request, decrypts the information and checks against the checksum for validity. It then looks up from the other network repository the account information in order to deactivate the account when activated with the old IMSI/Ki. Advantageously, upon successful deactivation of Old IMSI/Ki and activation of the Recovery IMSI/Ki, the SIM Data Management System 50 can send, for example, an optional SMS to confirm the activation of the recovery card 20 (IMSI/Ki). If the SMS is successfully delivered to the handset within a predefined period, the system can record that a successful activation has been carried out.

If any failure has occurred during the previous steps, a proper exception handling process is carried out which sends an alarm to the Customer Care to investigate and take corrective measures on the recovery procedure at the backend. As preferred embodiments, the replacement authenticating module actuates the remote network system by sending a message to said remote network system which meesage requires activation of the account identifier of said replacement authenticating module.

The account identifier attached to the recovery card 20 may identify the same account as the account identified by the account identifier attached to the original card 10.

The permanent account identifier attached to the recovery card 20 may identify an account which is different from the account identified by the account identifier attached to the original card 10.

The recovery card 20 preferably stores the account identifier attached to the original card 10 and the recovery card 20 is programmed for transmitting said account identifier attached to the original card 10 to the said at least one remote system.

The activation request is advantageously sent by means of an auto- activation application executed by the recovery card 20.

The remote system may determine the account identifier to be deactivated only from the account identifier attached to the original processing device as transmitted by the recovery card 20.

The one-time logon identifier is typically the same for a set of cards in the network.