Title of Invention	A METHOD OF DISTRIBUTING INFORMATION TO USERS IN A CELLULAR TELECOMMUNICATIONS NETWORK AND A MOBILE STATION
Abstract	A method is described which provides functionality allowing mobile stations (8) of users having certain access rights to display messages broadcast on a common channel of a cell in a cellular telecommunications network in intelligible form. The messages, before broadcast, are encrypted using a predefined encryption key, and the mobile stations (8) having a corresponding access right are provisioned with the corresponding decryption key. Mobile stations lacking the appropriate access right are able to display a message, when received and picked up, only in encrypted, i.e. unintelligible, form. Some types of message broadcast within the cellon the same common channel are deemed general access messages, which are broadcast in unencrypted form and may be displayed in intelligible form by any mobile station (8) camped on to the cell in which the message is broadcast.

Title of Invention

A METHOD OF DISTRIBUTING INFORMATION TO USERS IN A CELLULAR TELECOMMUNICATIONS NETWORK AND A MOBILE STATION

Abstract

A method is described which provides functionality allowing mobile stations (8) of users having certain access rights to display messages broadcast on a common channel of a cell in a cellular telecommunications network in intelligible form. The messages, before broadcast, are encrypted using a predefined encryption key, and the mobile stations (8) having a corresponding access right are provisioned with the corresponding decryption key. Mobile stations lacking the appropriate access right are able to display a message, when received and picked up, only in encrypted, i.e. unintelligible, form. Some types of message broadcast within the cellon the same common channel are deemed general access messages, which are broadcast in unencrypted form and may be displayed in intelligible form by any mobile station (8) camped on to the cell in which the message is broadcast.

Full Text	CELLULAR COMMUNICATIONS This invention relates to a method of an apparatus for distributing and receiving information in a cellular telecommunications network, for example a GSM (Global System for Mobile communications) digital cellular radio network. The GSM standard is defined in a set of technical specifications issued by the European Telecommunications Standards Institute (ETSI), and there are 4 currently a number of mobile telecommunications networks operating in accordance with the GSM standard, and variants thereof, such as the DCS) 800 standard. One service provided is a service referred to as a cell broadcast (CB), or short message - cell broadcast (SMS CB), service. In this service, information in the form of pages o\~ text is transmitted on a common channel (the cell broadcast channel, CBCI I) of cells in the network. The transmission of pages is repeated at regular intervals, and users can store the information for retrieval and display by means of selective keystrokes on a mobile station, or may turn off the cell broadcast function so as not to store the information. The information is intended to include locality-specific information, such as lists of local facilities (hospitals, pharmacies, taxis, etc), local weather reports, local date/time indications, etc. At present, however, the cell broadcast functionality, although provided for in current GSM-typc networks and tlv* mobile stations used in them, has not been widely implemented in practice, in probability at least partly due to the costs associated with assembling and disseminating information via the service. In accordance with an aspect of the present invention there is provided a method of distributing information to users in a cellular telecommunications network comprising a mobile switching centre and a plurality of base stations transceivingin a plurality of cells of said network, said method comprising: providing a plurality of mobile stations, each of said mobile stations having an associated information access status; broadcasting a signal on a common channel of at least one cell of said network, said signal containing a limited access message in encrypted form, for general reception in said at least one cell; enabling first mobile stations having a first information access status to decrypt and present said message to a user in unencrypted form when being served by said cell; and ‹ preventing second mobile stations having a second information access status from presenting said message in unencrypted form to a user when being served in said cell. An advantage of this aspect of the invention is that a user not authorised to access the information can only view the message in encrypted form and unintelligibly, whereas a user having access rights to the information is able to view the message in decrypted and intelligible form services may be provided on a subscription basis. Some subscribers in the network may wish to have access to the information broadcast generally in the cell in addition to other A services provided in the telecommunications network, such as voice call services, and will take out a subscription allowing access to the cellular information broadcasting service. Other users may not wish to receive the benefit of the information broadcast in the edl* nnd will take out a subscription, perhaps at lower cost, preventing them bom Accessing the information. Preferably, the signal comprises a plurality of limited access messages each having a corresponding access right, the method comprising providing mobile stations with access rights, and enabling only mobile stations having an access right corresponding to a limited access message to present the limited access message to a user when being served in the cell. This allows the selection on a per user basis of the type of information a user is able to access, thus allowing a subscription (o be individually tailored io a subscribers'needs. The sitmal mav also contain a general access messace, the method comprising enabling both the first and second mobile stations to present the general access message to a user when being served in the cell. This allows both limited access messages and general access messages to be disseminated by broadcasts in cells of a cellular telecommunications system, allowing some information to be presented \o any user irrespective of the subscription type held. Preferably, alternative limited access messages are broadcast in cells located in different areas of the cellular telecommunications network, thereby tailoring the information within the messages to different localities and increasing the utility of the :•rvice. In accordance with a lurthcr aspect of the invention there is provided apparatus for receiving infounation in :i cePular telecommunications system, said apparatus comprising; means for storing a drr•ryption I ';\: means for receiving a message ■• ■» a ‹. ommon channel in a cell of said cellular telceommunicationssysfcm; and means for decrypting said message using said stored decryption key: and means for displaying said decrypted message to a user. This aspect provides apparatus whereby a user may receive limited access messages on a common channel o( a cell in the telecommunications system, 'and view the infornintion in decrypted form, if the mobile station of the user is provided with the decryption key, A dccr›ption key may be distributed only to cellular users having a predetermined subscription type. An embodiment of the present invention will now be described, by way of example only, with reference to the accompanying drawings, wherein: Figure ! is a block diagram schematically illustrating a cellular telecommunications system; .* Figure 2 is a block diagram schematically illustrating a cellular telecommunicationsmobile station; Figure 3 illustrates a list stored in a cell broadcast centre in accordance with the present invention; Fiizuij 4 is a flow diamam illustrating functions carried out by the cell broadcast centre in accordance with the present invention: Figures 5 and 6 illustrate data blocks broadcast in a cell in accordance with the present invention; Figure 7 is a How diagram illustrating (unctions carried out by a network management centre in accordance with the present invention; Figure 8 illustrates a short message Unnsmitted to a mobile station in accordance with the present invention; Figure 9 illustrates functions carried out by a mobile station when displaying a cell broadcast message in accordance with the present invention; Figure 10 shows an example of a display of a decrypted message in accordance with the present invention: Figure 11 illustrates an example of a display of an encrypted message in * accordance with the present invention: and Figures 12 and H arc (low diagrams illustrating encryption key updating procedures carried out in accordance with the present invention. A GSM network, referred to as a public land mobile network (PLMN). is schematically illustrated in Figure 1. This is in itself known and will not be described in detail, A mobile switching centre (MSC) 2 is connected via communication links to a number of base station controller (BSCs) 4. The BSCs 4 are dispersed geographically across areas served by the mobile switching centre 2. Each BSC 4 controls one or more base transceiver stations (BTSs) 6 located remote from, and connected by further communication Hnks to, the BSC. Each BTS 6 transmits radio signals to, and receives radio signals from, mobile stations 8 which are in an ^rea served by that BTS. That area is referred to as a "cell". A (iSM network is provided with a large number of such cells, which are ideally contiguous to provide continuous coverage over the whole network territory. The radio signals arc separated into a number of distinct communications channels. These include common channels and traffic channels. The traffic channels ate used fur point to point communications (voice calls, data calls, etc) with specific mobile stations. The common channels are received by nil mobile stntions being served by the cell and contain signalling and/or message data. The mobile switching centre 2 is also connected via communications links to other mobile switching centres in the remainder of the mobile communications network 10. and to other networks such as a public service telephone network (PSTN), which is not illustrated. The mobile switching centre 2 is provided with a home location register (HLR) 11 which is a database storing subscriber authentication data including the international mobile subscriber identities (IMSIs) which are unique to each mobile station 8T An IMS! consists of a mobile country code (3 decimal digits), a mobile network code (2 decimal digits) and a mobile subscriber code (up to 10 decimal digits) identifying a subscriber within a particular network. The IMSI is also stored in the mobile station in a subscriber identity module (SIM) (to be described below) along with other subscriber-specificinformation. The mobile switching centre is also provided with a visitor location register (VLR). not shown, which is a database temporarily storing subscriber authentication data for mobile stations active in its area. In addition, the MSC 'r- conner"‹.'d to a cell broadcast centre (CBC) 12 for originating cell broadens fCB) nit" viges in the network, a short message centre (SMC) 13 for handling the transfer of point to point short messages if within the network, a network management kentre (NMC) 14 for performing management functions in (he network, and a ‹p:lorner services system (CSS) 15 for performing customer service functions, including the updating of customer subscription data for example by manual input at workstations in the system. Referring to Figure 2. a mobile station 8, more specifically a cellular mobile telephone, comprises a transmit/receive aerial 16, a radio frequency transceiver 1 8. a speech coder/decoder 20 connected to a loudspeaker 22 and a microphone 24, a processor circuit 26 and its associated memory 28, an LCD display 30 and a manual input port (keypad) 32. The mobile station 8 is connected to a removable SIM 34 via electrical contacts 35. The SIM 34 connected to the mobile station has a SIM processor 36, for example a Hitachi 1(8 microprocessor, and SIM memory 38, which includes for example 16 kilobytes of mask-programmed ROM 38a containing the SIM operating system, 8 kilobytes of read/write LEPROM 38b for the non-volative storage of data items and 256 bytes of RAM for use by the SIM processor 36 during operations. As described above, the SIM 34 is used for the storage and retrieval of data items by the processor 26 of the mobile station 8. The command set, data file structure and data coding format for data communicated via the interface between the mobile station processor 'Vi and the SIM processor 36 are all specified, in GSM technical specification 11.11. Referring back to the network rl‹ merits illustrated in Figure I. the CBC 12 holds a set of cell broadcast messages to be broadcast within the network, and transmits them to the BS('s 4 in n‹•‹-ordance with location areas which are predefined for each message type, bach cell broadcast message is provided with a unique message identifier (a 16 bit integer), which identifies the type of the message. The RSCs ? then proceed to broadcast the message, via the respective BTSs 6, on their CBCIIs, The CBCH protocols and the timing of the broadcastsarc specified in GSM technical specificationO5,O2. The CnC 12 holds a list as illustrated in Figure 3. specifying encryption keys for each type of message which is to be broadcast in encrypted form. For each such message, the key is listed against the message identifier. Fach key is a 16 bit integer and. since the message identifiers are also 16 bit integers, no two keys in the list need to be the same. The keys are used to encrypt a message using an X()R function as will be described below. Figure 4 illustrates a procedure carried out by the CBG 12 when receiving a new message for transmission as a cell broadcast message. A new message iru/ be provided in the CMC 12 for example by manual input on a workstation associated with the ('BC. or may be provided on-line from a remote source. When the CBC 12 receives the new message, which may be an update of a previous message stored f'›r the r,»mc message identifier, the message is stored by the CBC 12 and any previous message stored for the same message identifier is overwritten, step 50, Next, the CBC 1 2 checks, usini: the m.-^age identifier provided with the new message, whether the message identifier appears in the key list illustrated in Figure 3. If no key is held for that particular message identifier, the message will be made generally available by cell broadcast to all mobile stations served in the cells in which the message i.s to be distributed. The message is transmitted for broadcast to the relevant BSCs 4 in unencrypted form, step 52. The cell broadcast'message may consist of one or more (up to a maximum of 15) pages. Faeh cell broadcast page consists of 88 octets of information, consisting of a 6 octet header and 82 octets for message text. A 7 bit default character set is used, equating to up to 93 characters per page. Figure 5 illustrates the manner in which each page of a cell broadcast messag£ is transmitted in a cell by the BS(7BTS on the CBCH. The broadcast is divided into four blocks per page. The first block 100 contains 2 octets of data 108 indicating the serial number for the page, 2 octets of data 110 indicatingthe message identifier for the page. 1 octetofdata 112 identifying the coding scheme used for the message text, and 1 octet of data 114 indicatingthe page parameter. The remaining 16 octets of data 116 contain the first part of the message text for the page. The remaining 3 blocks 102, 10k 106 of the page broadcast consists entirely of message text, except each block is headed by a single octet of data 118 indicating the block type. The serial number indicated in block portion 108 is a 16 bit integer which is used to identify n paiticular mes^ig". The serial number is updated when a message with a given message idcniilier is updated. The serial number consists of a 12 bit message code and a four bit update number, which are incremented according to message updates. The "nessage identifier in portion 1 10 is used to identify the type of message, as described above. The coding scheme indicated in portion 112 is used to indicate the source language of the message, allowing a user to screen out any messages received in a language in which they are not conversant. The page parameter indicated in portion 1 14 is used to specify the current page number within a message and the total number of pages within the message. The message text for each page consists of up to 93 characters. If the message text within a page is shorter than 93 characters in length, the carriage return (CR) character is used to provide packing, thus bringing the total number of characters to 93. To maintain an integral number of octets, the remaining 5 bits are set to "O" as padding data at the end of the page. The block structure illustrated in Figure 5 is that of a conventional cell broadcast message, and may be received and displayed by currently-available GSM-type mobile stations in receipt of the cell broadcast channel on which the message is broadcast. Referring again to Figure 4, if on the other hand the CDC 12 detects the message identifier of the new message in the key list, the corresponding key is retrieved, step 54. The key is then used to encrypt the message, step 56, which is then transmitted to the appropriate BSCs 4. step 58. The encryption of step 56 is performed by applying an XOR function between the most significant 8 bits of the key and each odd-numbered message text octet in a page, and by applying the XOR function between the least significant 8 bits of the key and each even-numbered message text octet in a page, except the last such octet. The pages broadcast by the BSCs 4 when receiving encrypted cell broadcast messages are of the form illustrated in Figure 6, Each page consists of the same components as the unencrypted page illustrated in Figure 5, namely 4 blocks each containing the various header portions. However, the majority of the message text is encrypted, as indicated by shading in Figure 6. The last octet of each page of message text, which contains the 5 bits of padding data, is left unencrypted, in order to protect the integrity of the padding data, which would be lost if encrypted. Each of the header portions is also transmitted in unencrypted form, to allow the proper reception and reading of the data in the header portions by all mobile stations 8. In order \o properly receive and present an encrypted cell broadcast message in intelligible form to a user, a mobile station 8 must be provisioned with the decryption key corresponding with the encryption key used to encrypt the message. With the XOR function as the encryption function, the encryption/decryption process is symmetric, and the same key used to encrypt the message is used to decrypt the message. This key is referred to herein as an encryption key when to be used to encrypt data, and a decryption key when to be used to decrypt data. In order to provision the mobile station 8 with the decryption key, a remote provisioning procedure is used, involving a remote SIM updating (RSU) message being transmitted to the mobile station 8, such as described in European patent application no. EP-A-O5fl289O, the contents of which are incorporated herein by reference, or using ;tl^e "data download via SMS Point-to-point" (SMS-PP data download) procedure as described in GSM Technical ! t I Specification 11.14, "Specification of the SIM Application Toolkit for the Subscriber Identity Module - Mobile Equipment (SIM-ME) Interface". The decryption keys are transmitted using a point-to-point data transfer protocol, r such as'the GSM-defined Short Message Service (SMS), over the radio interface to the mobile station 8 for storage in the SIM 34. The SIM 34 is provided with a cell broadcast decryption keys data field dedicated to the storage of cell broadcast decryption key data. Figure 7 illustrates the procedures carried out by the NMC 14 in order to provision the mobile station 8 of a particular subscriber with decryption keys for each limited-access message type which the subscriber is entitled to have access to. The CSS 15 holds a record for the subscriber, indicating the access rights for that subscriber. These access rights are indicated by including in the subscriber record a list of the appropriate message identifiers for the message types which the subscriber should have access to. This access rights list may be updated and changed in the CSS 15. In order to provision the mobile station 8 of the subscriber, the NMC 14 first interrogates the CSS ] 5 to determine the message access rights which are held for the subscriber, step 60. The NMC 14 also interrogates the MLR 11 in order to retrieve the IMS! of the subscriber, step 62. The NMC 14 also interrogates the CBC 12 to retrieve the decryption keys correspondingto each of the message identifiers indicated in the access rights details returned by the CSS 15. step 64. Next, each of the decryption keys returned by the CBC 12 is then itself encrypted by applying the XOR function between the 16 bits of the decryption key and 16 predefermined bits of the subscriber's IMSI record, step 66. This is to ensure that the decryption key may only be used by a mobile station 8 having access to the subscriber's IMSI (which is stored in the subscriber's SIM 34). Once the decryption keys are encrypted, the NMC 14 forwards an RSU message to the SMC 13 for transmission, via the radio interface, as an SMS message to the mobile station 8 of the subscriber. The SMS message is transmitted conventionally, via a dedicated data channel, to the mobile station 8. The RSU message has the form illustrated in Figure 8, and includes a header portion 70, the message identifiers for each message type to which the subscriber should have access to, the encrypted decryption keys, and alpha tags (alphanumeric identifiers) for use by the subscriber to readily identify each of the message types. The header portion 70 includes a flag indicating that the SMS message is an RSU message, and a command indicating that the contents of the message are to be stored in the cell broadcast decryption keys data field. On receipt of the SMS message, the mobile station forwards it for f storage as an SMS message to the SIM 34. However, since the message has an RSU flag, the SIM processor 36 notes that the message is an RSU message, and updates the cell broadcast decryption keys data field in the SIM 34 with the message identifiers, the corresponding encrypted keys, and the corresponding alpha tags contained in the RSU message. The mobile station is now provided with the capability to decrypt all encrypted cell broadcast messages having message identifiers corresponding to those stored in the cell broadcast decryption keys data field. A user of the mobile station may. by appropriate keystrokes on the keypad 32, select cell broadcast messages which the mobile station is to pick up and store for possible display by the user. The user may display the alpha tags for the message types of limited access ipessages. in order to aid the selection of the limited access message types which the user wishes to have displayed. The user is also able to select fhfc message identifiers for message types of general access messages, and for message types of limited access messages which the mobile station has no decryption keys. When a cell broadcast message is received by the mobile station 8 which has a message identifierof the type selected for possible display by the user, and no message is yet stored for the message identifier, the mobile station 8 picks up the message and stores the message in a cell broadcast message data field provided in the SIM 34. If the SIM 34 already has a message stored for the message identifier in the cell broadcast message, the mobile station 8 checks the serial number of the message to determine whether it has been updated. If so, the mobile station overwrites the previously-stored message in the SIM 34 with the updated message. Otherwise, the mobile station 8 ignores the contents of the cell broadcast message. When a cell broadcast message is newly picked up and stored, the user is prompted, for example by an audio tone or by a particular icon on the LED display 30 of the mobile station 8, to indicate that a cell broadcast message is ready to be displayed. The mobile station then performs the procedures illustrated in Figure 9. The mobile station first waits for input by the user requesting the message to be displayed. On receipt of such input, the mobile station checks whether it,is currently camped on its home network (HPLMN). If the mobile station is camped on a network which is not its home network, the mobile station proceeds directly to display the stored message. If the message is encrypted, the encrypted message is displayed in a form unintelligible to the user, step 78. as the message is of the limited access type and access to the information is denied to the subscribers of other networks. If the message however is unencrypted, i.e. of the general access type, the message is displayed in an intelligible form, step 80, If the mobile station is camped on its home network, the mobile station 4 * checks whether the SIM 34 has the cell broadcast decryption keys data field provided in accordance with this invention. If not, the mobile station proceeds once again to either display on encrypted message, step 78, or an intelligible message, step 80. depending on the access type of message broadcast. If the SIM 34 currently in the mobile station does have the cell broadcast decryption keys data field, the mobile station proceeds to interrogate the SIM 34 to check whether the message identifier of the stored message is present in the cell broadcast decryption keys field. If not, the message received may be of a general access type, and the message is displayed by the mobile station 8 in . ' i intelligible form, step 80. Otherwise, the message is of a limited access type to which the user has no access rights. The message is then displayed by the mobile station 8 in encrypted, i.e. unintelligible form, to prevent receipt of the information in the message by the user, step 78. If the message identifier of the stored message is present in the cell broadcast decryption keys data field on the SIM 34, the mobile station 8 proceeds to retrieve the encrypted decryption key corresponding to the message identifier of the stored message, along with the subscriber's IMSI, from the SIM, step 82. With the encrypted decryption key and the IMSI, the mobile station 8 performs the reverse of the encryption process carried out in the NMC 14, to obtain the original decryption key. step 84. This decryption is carried out by performing an XOR function between the 16 bits of the encrypted decryption key and the same set of 16 predetermined bits from the subscriber's IMSf used in the encryption process. The mobile station 8 then proceeds to decrypt the stored message, by performing the reverse of the encryption process carried out in the CRC 12 when generating the encrypted cell broadcast message. Namely, the mobile station performs the XOR function between the 8 most significant bits of the decrypti6n key and each odd-numbered message text octet, and between the 8 least significant bits of the decryption key j; each of the even-numbered message text octets, except for the last octet fh each page (which was originally not encrypted). This returns the original cell broadcast message text, which is then displayed on the LCI) display 30 of the mobile station, step 88, in a form intelligible to the user. Figure 10 illustrates an example of an original cell broadcast message, consisting of one page containing 89 message text characters and 4 carriage return (text padding) characters. This message is encrypted as described in relation to Figure 4, and after receipt and storage by the mobile station may be displayed in accordance with the procedure shown in Figure 9. If the mobile station has been provisioned with the corresponding ■ decryption key, the message may be displayed in its original form as illustrated in Figure 10. If however the mobile station has not been provisioned with the appropriate decryption key, the message will appear as illustrated in Figure 11, as a pseudo-random character set. Because the number of bits of the encryption key is not equal to. nor a multiple of, the number of hits used per character in coding the text, there is no direct correspondence between any one of the original characters and the characters displayed in the encrypted text. In this case, the coding scheme used for the text characters utilises 7 bits per character, and the encryption keys contain 16 bits. Of course, other combinations of text character coding length and encryption key length may be used to similar effect. To ensure the long-term security of the encryption method used for limited access messages, the encryption keys used to encrypt the message texts will periodically be altered. Figure 12 illustrate a procedure carried out by the CBC 12 to update a particular encryption key. The CBC 12 first randomly generates a new 16 bit encryption key, step 90, and overwrites the previously-stored encryption key in the list illustrated in Figure 3 for the message identifier in question, step 91. Next, the CBC 12 proceeds to retrieve the message previously stored for the message identifier in question, step 92. and proceeds to encrypt the message with the newly generated encryption key, step 93, This encryption process is identical to that carried out when the message was originally received by the CBC 12 as described in relation to Figure 4, of course using a different encryption key. Once the message is encrypted, the new cell broadcast message is forwarded to the appropriate BSCs 4, step 94, for broadcast by the BTSs 6 on their CBCHs to mobile stations 8 receiving the cell broadcast channel in the cells served by the BSCs 4 in question. Once a new encryption key has been generated in the CBC 12, and the corresponding cell broadcast message has been encrypted with the newly- generated key, the mobile stations 8 of users having access rights to the same message type must be provisioned with the ntw decryption key. The first step of provisioning the mobile stations 8 of the appropriate subscribers with new decryption keys generated in the CBC 12 is the procedure carried out in Figure 13. First, the CSS 15 receives from the CBC 12 a list of message identifiers for the messages for which the decryption keys have been updated, step 95. The CSS 15 then proceeds to search its store of subscription records for the message identifiers on the updated decr›'ptionkeys list, in order to determine which subscriptions require updated decryption keys, step 96. The CSS 12 then constructs a list of such subscriptions, which are forwarded to the NMC 14 '■■» allow the NMC 14 to perform the appropriate provisioning procedures, step 97. The NMC 14 then proceeds to perform the procedure described in relation to Figure 7 for each subscription appearing on the list received from the CSS 15. This results in the mobile stations of each such subscription receiving a new RSI I message containing updated decryption keys, in encrypted form, for message types to which the subscriber has access. These decryption keys are suitable for u^e in decrypting messages encrypted with the newly-generated encrypt ion keys. The encryption/decryption mechanism utilised in the above-described embodiment utilises the two-way encryption/decryption character of the XOR function, and is sufficiently secure for use in relation to many types of information. However, it will be appreciated that other two-way encryption/ decryption mechanisms, for example using symmetric or public/private t encryption/decryption keys, may he utilised to provide more (or less) secure encryption/dccryptionmechnnisms* In the above-described embodiment, the general-access messages are not subject to the XOR function used in the encryption/decryption process. However, it would also be possible to subject the message to the XOR function using a' 'free1' key of the form of 16 bits of "0". which results in a message coding which is identical lo the original message coding. This XORing with the "free" key may be performed in the CRC 12 when "encrypting" a general access message, and/or by the mobile station 8 when "decrypting" a general access message. In effect, no encryption or decryption would take place. In the above-described embodiment, the mobile station 8 performs the decryption of the cell broadcast message text. This requires the mobile station itself to be customised, in relation to currently existing mobile station types, in order to allow the mobile station to present the encrypted cell broadcast messages in plain text form. In a further embodiment, a standard mobile station, such as a GSM (Phase 2+) mobile station supporting the SIM Toolkit as described i GSM Technical Specification 11,14. may be used. In this further embodiment, the functionality for decrypting encrypted cell broadcast messages is contained in the SIM 34 itself, the SIM 34 being SIM Toolkit enabled. In order to avoid repetition, it should be understood that the functionality described in relation to each of Figures 3, 4, 7, 8, 12 and 13 is intended to apply equally in relation to 13, This embodiment differs primarily from the first-described embodiment in that the special cell broadcast coding scheme illustrated in Figure 6 is not necessary, a conventional tfcdata download via SMS-CB" coding scheme being used instead, and in that the procedure illustrated in Figure 9 is not carried out by the mobile station, the mobile station instead passing "data download via SMS-CB" messages directly to the SIM, and subsequently being instructed by the SIM (the SIM being proactive) to display a plain text version of a cell broadcast message received in encrypted » form. Referring to Figure 4. in this embodiment any suitable type of encryption technique may be used in step 56. This may be the XOR function previously described, or other encryption techniques such as DES, RSA, etc. In place of the coding scheme illustrated in Figure 6. in this embodiment each of the BSCs 4 broadcasting encrypted cell broadcast messages formats the encrypted message as a "data download via SMS-CB" message, the encrypted message being included in the cell broadcast page along with an identifier for the key used to encrypt the message. The cell broadcast message includes a cell broadcast message identifier, which specifies the type of content contained in the cell broadcast page, and a transfer protocol identifier indicating that the message type is "SIM data download". In addition to the field dedicated to containing decryption keys, which may be populated by means of RSU procedures as described above, the SIM 34 contains a Cell Broadcast Message Identity for Data Download (CBMID) data field, as described in GSM Technical Specification 11.11, which holds data identifying t'"e message content types the subscriber wishes the mobile station 8 to accept. Furthermore, the SIM 34 includes an application programme, which may for example be stored in ROM or FI:PROM on the SIM. for performing decryption and controlling the display of the mobile station 8. When the mobile station receives the cell broadcast download message, the mobile'station 8 first queries the CBMID data field of the SIM to determine whether the message ID received for the cell broadcast message is currently selected by or for the subscriber. If a corresponding entry is found in the CBMID data field, the mobile station 8 transparently passes the cell broadcast page to the SIM 34 using a 'Veil broadcast download to SIM" command. Reception of the cell broadcast download command by the SIM 34 causes the SIM to analyse the contents of at least a portion of the cell broadcast page, wherefrom it is determined whether the cell broadcast page contains an encrypted message. If so. tlv stored programme is invoked in order to decrypt the message, using the appropriate decryption key stored in the dedicated decryption keys field. Once the message is decrypted, the SIM passes the plain text message to the mobile station in a "display text" command, in response to which the mobile station 8 displays the plain text message. In-addition to decrypting the encrypted message and commanding the mobile station 8 to display the plain text message, the SIM application programme may also perform other processes in response to data received in the cell broadcast message, such as updating the contents of the CBMID data field to select new message types, on behalf of the subscriber, which the mobile station 8 should accept and handle. As will be appreciated, in this embodiment, if a subscriber is not authorised to receive a limited access message in plain text form, the SIM may either not contain an appropriate decryption key for the message or may be at least temporarily configured by the network operator so as not to conduct the procedure described above. Instead of the procedure described above, the SIM may act in one of a variety of alternative'manners. For example, the SIM may command the mobile station 8 either to present the message to the user in encrypted form or to display an access-denied message, or may simply not any display on the mobile station, in response to a cell broadcast message containing an encrypted message which is of a type nevertheless selected by the subscriber. The functionality for the provision and processing of encrypted cell broadcast messages may thus be contained entirely within the mobile communications network and on the SIM 34. and standard (e.g. GSM Phase 2+) handsets may be used without modification. It will be appreciated that various modifications and variations may be employed in relation to the above-described embodiments. The provisioning of the mobile stations with decryption keys via the air interface, using the RSI '-type short messages, has the advantage that no action is required on the subscriber's behalf in order to provision the SIM 34 of the mobile station 8 with the decryption keys. However, the decryption keys, preferably encrypted using the subscriber's IMSI, or such like, as described, may be transmitted to the user by other methods, for example by mail. An alternative functionality of the mobile station 8 would allow the encrypted decryption keys to be manually input to the mobile station for storage in the cell broadcast decryption keys data field in the SIM 34. Other information access prevention mechanisms to those described above could also be employed, such as the remote enablement/disablement(for example using RSI I messages) of a decryption function on the mobile station, or of the cell broadcast receiving function on the mobile station. In the above-described embodiments, the SIM 34 is in the form of a module electrically connected to the mobile station 8. However, the SIM may be embodied in an entirely separate module, such as a contactless smartcard transmitting data to and from the mobile station via a radio link. Finally, although the above-described embodiments relate to a method and apparatus utilised in a OSM•rtype network, the present invention may of course be realised in other types of cellular telecommunications networks, whether using TDMA. COMA, or other types of radio interface protocols. It is envisaged that further modifications and variations may be employed without departing from the scope of the present invention. WE CLAIMS : 1. A method of distributing information to users in a cellular telecommunications network comprising a mobile switching centre and a plurality of base stations transccivingin a plurality of cells of said network, said method comprising: providing a plurality of mobile stations, each of said mobile stations having an associated information access status; broadcasting a signal on a common channel of at least one cell of said network, said signal containing a limited access message in encrypted form, for general reception in said at least one cell; 'enabling first mobile stations having a first information access status to decrypt and present said message to a user in unencrypted form when being served by said cell: and preventing second mobile stations having a second information access status from presenting said message in unencrypted form to a user when being served in said cell. 2, A method according to claim 1, wherein said first mobile stations are provided with a decryption key for said message. 3. A method according to claim 2. wherein said decryption key is held in a removable module which may he used in association with any of a plurality of mobile stations. 4. A method according to claim 3. wherein said message is decrypted in said removable module. 5. A method according to claim 2 or 3. wherein said signal contains padding data accompanying a portion of said message, and said portion is contained in said signal in unencrypted form. 6. A method according to any preceding claim, wherein said signal comprises a header portion' containing a message identifier accompanying a message and said method comprises enabling both said first and second mobile stations to read said message identifier, 7. A method according to any of the preceding claims, wherein status data defining said information access status is stored in a removable modole of a first mobile station. 8. A method according to claim 7. wherein said status data comprises a decryption key. 9. A method according to claim 8, wherein said decryption key is stored in said removable data store in encrypted form. 10. A method according to claim 9, wherein said decryption key is decrypted by said first mobile station using a data string specific to said removable module. 11. A method according to claim 10, wherein said data string is a subscriber identifier used in said cellulartelecommunicationsnetwork. 12. A method according to any of claims 7 to 11, further comprising transmitting said status data to said first mobile station via a radio interface in said cellular telecommunicationsnetwork. 13. A method according to any preceding claim, wherein said signal comprises a plurality of limited access messages each having a corresponding access right, said method comprising providing said mobile stations with said access rights and enabling only mobile stations having an access right corresponding to a limited access message to present said limited access message to a user when being served in said cell. 14. A method according to claim 13, comprising providing each of said first mobile stations with n selection of said access rights in accordance with a subscription held for each first mobile station respectively, 15. A method according to claim 13 or 14, further comprising storing encryption keys for each of a plurality of limited access message types, and encryptihg each said limited access message using an encryption key in accordance with its respective message type. 16. A method according to any of claims 13 to 15, comprising storing ;i plurality of subscription records, each said subscription record comprising access right data defining said access rights. 17„ A method according to claim 16. comprising altering said access right data for a subscription record to alter the type of limited access messages a user is able-4") receive intelligibly. 18. A method according to any preceding claim, wherein said signal contains a general access message, and wherein said method comprises enabling both said first and second mobile stations to present said general access message to a user when being served in said call. 19. A method according to claim 19. wherein said common channel is a cell broadcast channel of a GSM-typc communications system, 20. A method according to any preceding claim, wherein alternative limited access messngc(s)arc broadens! in cells located in different areas of said cellular telecommunications network. 21. Apparatus for receiving information in a cellular i tclecommunicationssystem. said apparatus comprising: means for storing a decryption key: means for receiving a message broadcast on a common channel of a cell of said cellular tclecommunicationssystem; and means for decrypting said message using said stored decryption key; and means for displaying said decrypted message to a user. 22. Apparatus according to claim 21, wherein said storage means is part of a removable module. 23. Apparatus according to claim 21 or 22, wherein said displaying means is arranged to display a message in decrypted form when a decryption key for said message is held in said storage means, and to display said message in encryptL ' form when no decryption key for said message is held in said 24. Apparatus according to claim 21, 22 or 23. wherein said decryption means is part of a removable module. 5 25. A cellular mobile telephone according to claim 21.22, 23 or 24. 26. A method of distributing information to users in a cellular teIecommoni cations network, substantially as herein described, with reference to the accompanying drawings. 27. Apparatus for receiving information in a cellular i teIecommun icat ions system, substant i a 1ly as herein * described, with reference to the accompanying drawings - 27* A cellular mobile telephone, substantially as herein described, with reference to the accompanying drawings,

Full Text

CELLULAR COMMUNICATIONS
This invention relates to a method of an apparatus for distributing and receiving information in a cellular telecommunications network, for example a GSM (Global System for Mobile communications) digital cellular radio
network.
The GSM standard is defined in a set of technical specifications issued by the European Telecommunications Standards Institute (ETSI), and there are
4
currently a number of mobile telecommunications networks operating in accordance with the GSM standard, and variants thereof, such as the DCS) 800 standard.
One service provided is a service referred to as a cell broadcast (CB), or short message - cell broadcast (SMS CB), service. In this service, information in the form of pages o\~ text is transmitted on a common channel (the cell broadcast channel, CBCI I) of cells in the network. The transmission of pages is repeated at regular intervals, and users can store the information for retrieval and display by means of selective keystrokes on a mobile station, or may turn off the cell broadcast function so as not to store the information. The information is intended to include locality-specific information, such as lists of local facilities (hospitals, pharmacies, taxis, etc), local weather reports, local date/time indications, etc.
At present, however, the cell broadcast functionality, although provided for in current GSM-typc networks and tlv* mobile stations used in them, has not

been widely implemented in practice, in probability at least partly due to the costs associated with assembling and disseminating information via the service.
In accordance with an aspect of the present invention there is provided a method of distributing information to users in a cellular telecommunications network comprising a mobile switching centre and a plurality of base stations transceivingin a plurality of cells of said network, said method comprising:
providing a plurality of mobile stations, each of said mobile stations having an associated information access status;
broadcasting a signal on a common channel of at least one cell of said network, said signal containing a limited access message in encrypted form, for general reception in said at least one cell;
enabling first mobile stations having a first information access status to
decrypt and present said message to a user in unencrypted form when being
served by said cell; and ‹
preventing second mobile stations having a second information access status from presenting said message in unencrypted form to a user when being served in said cell.
An advantage of this aspect of the invention is that a user not authorised to access the information can only view the message in encrypted form and unintelligibly, whereas a user having access rights to the information is able to view the message in decrypted and intelligible form services may be provided on a subscription basis. Some subscribers in the network may wish to have access to the information broadcast generally in the cell in addition to other
A

services provided in the telecommunications network, such as voice call services, and will take out a subscription allowing access to the cellular information broadcasting service. Other users may not wish to receive the benefit of the information broadcast in the edl* nnd will take out a subscription, perhaps at lower cost, preventing them bom Accessing the information.
Preferably, the signal comprises a plurality of limited access messages each having a corresponding access right, the method comprising providing mobile stations with access rights, and enabling only mobile stations having an access right corresponding to a limited access message to present the limited access message to a user when being served in the cell. This allows the selection on a per user basis of the type of information a user is able to access, thus allowing a subscription (o be individually tailored io a subscribers'needs.
The sitmal mav also contain a general access messace, the method comprising enabling both the first and second mobile stations to present the general access message to a user when being served in the cell. This allows both limited access messages and general access messages to be disseminated by broadcasts in cells of a cellular telecommunications system, allowing some information to be presented \o any user irrespective of the subscription type held.
Preferably, alternative limited access messages are broadcast in cells located in different areas of the cellular telecommunications network, thereby tailoring the information within the messages to different localities and increasing the utility of the :•rvice.

In accordance with a lurthcr aspect of the invention there is provided apparatus for receiving infounation in :i cePular telecommunications system, said apparatus comprising;
means for storing a drr•ryption I ';\:
means for receiving a message ■• ■» a ‹. ommon channel in a cell of said cellular telceommunicationssysfcm; and
means for decrypting said message using said stored decryption key: and
means for displaying said decrypted message to a user.
This aspect provides apparatus whereby a user may receive limited access messages on a common channel o( a cell in the telecommunications system, 'and view the infornintion in decrypted form, if the mobile station of the user is provided with the decryption key, A dccr›ption key may be distributed only to cellular users having a predetermined subscription type.
An embodiment of the present invention will now be described, by way of example only, with reference to the accompanying drawings, wherein:
Figure ! is a block diagram schematically illustrating a cellular
telecommunications system; .*
Figure 2 is a block diagram schematically illustrating a cellular telecommunicationsmobile station;
Figure 3 illustrates a list stored in a cell broadcast centre in accordance with the present invention;
Fiizuij 4 is a flow diamam illustrating functions carried out by the cell broadcast centre in accordance with the present invention:

Figures 5 and 6 illustrate data blocks broadcast in a cell in accordance with the present invention;
Figure 7 is a How diagram illustrating (unctions carried out by a network management centre in accordance with the present invention;
Figure 8 illustrates a short message Unnsmitted to a mobile station in accordance with the present invention;
Figure 9 illustrates functions carried out by a mobile station when displaying a cell broadcast message in accordance with the present invention;
Figure 10 shows an example of a display of a decrypted message in accordance with the present invention:
Figure 11 illustrates an example of a display of an encrypted message in
* accordance with the present invention: and
Figures 12 and H arc (low diagrams illustrating encryption key updating procedures carried out in accordance with the present invention.
A GSM network, referred to as a public land mobile network (PLMN). is schematically illustrated in Figure 1. This is in itself known and will not be described in detail, A mobile switching centre (MSC) 2 is connected via communication links to a number of base station controller (BSCs) 4. The BSCs 4 are dispersed geographically across areas served by the mobile switching centre 2. Each BSC 4 controls one or more base transceiver stations (BTSs) 6 located remote from, and connected by further communication Hnks to, the BSC. Each BTS 6 transmits radio signals to, and receives radio signals from, mobile stations 8 which are in an ^rea served by that BTS. That area is

referred to as a "cell". A (iSM network is provided with a large number of such cells, which are ideally contiguous to provide continuous coverage over the whole network territory. The radio signals arc separated into a number of distinct communications channels. These include common channels and traffic channels. The traffic channels ate used fur point to point communications (voice calls, data calls, etc) with specific mobile stations. The common channels are received by nil mobile stntions being served by the cell and contain signalling and/or message data.
The mobile switching centre 2 is also connected via communications links to other mobile switching centres in the remainder of the mobile communications network 10. and to other networks such as a public service telephone network (PSTN), which is not illustrated. The mobile switching centre 2 is provided with a home location register (HLR) 11 which is a database storing subscriber authentication data including the international mobile subscriber identities (IMSIs) which are unique to each mobile station 8T An IMS! consists of a mobile country code (3 decimal digits), a mobile network code (2 decimal digits) and a mobile subscriber code (up to 10 decimal digits) identifying a subscriber within a particular network. The IMSI is also stored in the mobile station in a subscriber identity module (SIM) (to be described below) along with other subscriber-specificinformation.
The mobile switching centre is also provided with a visitor location register (VLR). not shown, which is a database temporarily storing subscriber authentication data for mobile stations active in its area.

In addition, the MSC 'r- conner"‹.'d to a cell broadcast centre (CBC) 12 for originating cell broadens fCB) nit" viges in the network, a short message centre (SMC) 13 for handling the transfer of point to point short messages
if
within the network, a network management kentre (NMC) 14 for performing management functions in (he network, and a ‹p:lorner services system (CSS) 15 for performing customer service functions, including the updating of customer subscription data for example by manual input at workstations in the system.
Referring to Figure 2. a mobile station 8, more specifically a cellular mobile telephone, comprises a transmit/receive aerial 16, a radio frequency transceiver 1 8. a speech coder/decoder 20 connected to a loudspeaker 22 and a microphone 24, a processor circuit 26 and its associated memory 28, an LCD display 30 and a manual input port (keypad) 32. The mobile station 8 is connected to a removable SIM 34 via electrical contacts 35.
The SIM 34 connected to the mobile station has a SIM processor 36, for example a Hitachi 1(8 microprocessor, and SIM memory 38, which includes for example 16 kilobytes of mask-programmed ROM 38a containing the SIM operating system, 8 kilobytes of read/write LEPROM 38b for the non-volative storage of data items and 256 bytes of RAM for use by the SIM processor 36 during operations.
As described above, the SIM 34 is used for the storage and retrieval of data items by the processor 26 of the mobile station 8. The command set, data file structure and data coding format for data communicated via the interface

between the mobile station processor 'Vi and the SIM processor 36 are all specified, in GSM technical specification 11.11.
Referring back to the network rl‹ merits illustrated in Figure I. the CBC 12 holds a set of cell broadcast messages to be broadcast within the network, and transmits them to the BS('s 4 in n‹•‹-ordance with location areas which are predefined for each message type, bach cell broadcast message is provided with a unique message identifier (a 16 bit integer), which identifies the type of the message. The RSCs ? then proceed to broadcast the message, via the respective BTSs 6, on their CBCIIs, The CBCH protocols and the timing of the broadcastsarc specified in GSM technical specificationO5,O2.
The CnC 12 holds a list as illustrated in Figure 3. specifying encryption keys for each type of message which is to be broadcast in encrypted form. For each such message, the key is listed against the message identifier. Fach key is a 16 bit integer and. since the message identifiers are also 16 bit integers, no two keys in the list need to be the same. The keys are used to encrypt a message using an X()R function as will be described below.
Figure 4 illustrates a procedure carried out by the CBG 12 when receiving a new message for transmission as a cell broadcast message. A new message iru/ be provided in the CMC 12 for example by manual input on a workstation associated with the ('BC. or may be provided on-line from a remote source.
When the CBC 12 receives the new message, which may be an update of a previous message stored f'›r the r,»mc message identifier, the message is

stored by the CBC 12 and any previous message stored for the same message identifier is overwritten, step 50,
Next, the CBC 1 2 checks, usini: the m.-^age identifier provided with the new message, whether the message identifier appears in the key list illustrated in Figure 3. If no key is held for that particular message identifier, the message will be made generally available by cell broadcast to all mobile stations served in the cells in which the message i.s to be distributed. The message is transmitted for broadcast to the relevant BSCs 4 in unencrypted form, step 52.
The cell broadcast'message may consist of one or more (up to a maximum of 15) pages. Faeh cell broadcast page consists of 88 octets of information, consisting of a 6 octet header and 82 octets for message text. A 7 bit default character set is used, equating to up to 93 characters per page.
Figure 5 illustrates the manner in which each page of a cell broadcast messag£ is transmitted in a cell by the BS(7BTS on the CBCH. The broadcast is divided into four blocks per page. The first block 100 contains 2 octets of data 108 indicating the serial number for the page, 2 octets of data 110 indicatingthe message identifier for the page. 1 octetofdata 112 identifying the coding scheme used for the message text, and 1 octet of data 114 indicatingthe page parameter. The remaining 16 octets of data 116 contain the first part of the message text for the page.
The remaining 3 blocks 102, 10k 106 of the page broadcast consists entirely of message text, except each block is headed by a single octet of data 118 indicating the block type.

The serial number indicated in block portion 108 is a 16 bit integer which is used to identify n paiticular mes^ig". The serial number is updated when a message with a given message idcniilier is updated. The serial number consists of a 12 bit message code and a four bit update number, which are incremented according to message updates.
The "nessage identifier in portion 1 10 is used to identify the type of message, as described above.
The coding scheme indicated in portion 112 is used to indicate the source language of the message, allowing a user to screen out any messages received in a language in which they are not conversant. The page parameter indicated in portion 1 14 is used to specify the current page number within a message and the total number of pages within the message.
The message text for each page consists of up to 93 characters. If the message text within a page is shorter than 93 characters in length, the carriage return (CR) character is used to provide packing, thus bringing the total number of characters to 93. To maintain an integral number of octets, the remaining 5 bits are set to "O" as padding data at the end of the page.
The block structure illustrated in Figure 5 is that of a conventional cell broadcast message, and may be received and displayed by currently-available GSM-type mobile stations in receipt of the cell broadcast channel on which the message is broadcast.
Referring again to Figure 4, if on the other hand the CDC 12 detects the message identifier of the new message in the key list, the corresponding key is

retrieved, step 54. The key is then used to encrypt the message, step 56, which is then transmitted to the appropriate BSCs 4. step 58. The encryption of step 56 is performed by applying an XOR function between the most significant 8 bits of the key and each odd-numbered message text octet in a page, and by applying the XOR function between the least significant 8 bits of the key and each even-numbered message text octet in a page, except the last such octet.
The pages broadcast by the BSCs 4 when receiving encrypted cell broadcast messages are of the form illustrated in Figure 6, Each page consists of the same components as the unencrypted page illustrated in Figure 5, namely 4 blocks each containing the various header portions. However, the majority of the message text is encrypted, as indicated by shading in Figure 6. The last octet of each page of message text, which contains the 5 bits of padding data, is left unencrypted, in order to protect the integrity of the padding data, which would be lost if encrypted. Each of the header portions is also transmitted in unencrypted form, to allow the proper reception and reading of the data in the header portions by all mobile stations 8.
In order \o properly receive and present an encrypted cell broadcast message in intelligible form to a user, a mobile station 8 must be provisioned with the decryption key corresponding with the encryption key used to encrypt the message. With the XOR function as the encryption function, the encryption/decryption process is symmetric, and the same key used to encrypt the message is used to decrypt the message. This key is referred to herein as an

encryption key when to be used to encrypt data, and a decryption key when to be used to decrypt data.
In order to provision the mobile station 8 with the decryption key, a remote provisioning procedure is used, involving a remote SIM updating (RSU) message being transmitted to the mobile station 8, such as described in European patent application no. EP-A-O5fl289O, the contents of which are incorporated herein by reference, or using ;tl^e "data download via SMS Point-to-point" (SMS-PP data download) procedure as described in GSM Technical
! t
I
Specification 11.14, "Specification of the SIM Application Toolkit for the Subscriber Identity Module - Mobile Equipment (SIM-ME) Interface". The decryption keys are transmitted using a point-to-point data transfer protocol,
r
such as'the GSM-defined Short Message Service (SMS), over the radio interface to the mobile station 8 for storage in the SIM 34. The SIM 34 is provided with a cell broadcast decryption keys data field dedicated to the storage of cell broadcast decryption key data.
Figure 7 illustrates the procedures carried out by the NMC 14 in order to provision the mobile station 8 of a particular subscriber with decryption keys for each limited-access message type which the subscriber is entitled to have access to. The CSS 15 holds a record for the subscriber, indicating the access rights for that subscriber. These access rights are indicated by including in the subscriber record a list of the appropriate message identifiers for the message types which the subscriber should have access to. This access rights list may be updated and changed in the CSS 15.

In order to provision the mobile station 8 of the subscriber, the NMC 14 first interrogates the CSS ] 5 to determine the message access rights which are held for the subscriber, step 60. The NMC 14 also interrogates the MLR 11 in order to retrieve the IMS! of the subscriber, step 62. The NMC 14 also interrogates the CBC 12 to retrieve the decryption keys correspondingto each of the message identifiers indicated in the access rights details returned by the CSS 15. step 64. Next, each of the decryption keys returned by the CBC 12 is then itself encrypted by applying the XOR function between the 16 bits of the decryption key and 16 predefermined bits of the subscriber's IMSI record, step 66. This is to ensure that the decryption key may only be used by a mobile station 8 having access to the subscriber's IMSI (which is stored in the subscriber's SIM 34).
Once the decryption keys are encrypted, the NMC 14 forwards an RSU message to the SMC 13 for transmission, via the radio interface, as an SMS message to the mobile station 8 of the subscriber. The SMS message is transmitted conventionally, via a dedicated data channel, to the mobile station 8. The RSU message has the form illustrated in Figure 8, and includes a header portion 70, the message identifiers for each message type to which the subscriber should have access to, the encrypted decryption keys, and alpha tags (alphanumeric identifiers) for use by the subscriber to readily identify each of the message types. The header portion 70 includes a flag indicating that the SMS message is an RSU message, and a command indicating that the contents of the message are to be stored in the cell broadcast decryption keys data field.

On receipt of the SMS message, the mobile station forwards it for
f storage as an SMS message to the SIM 34. However, since the message has an
RSU flag, the SIM processor 36 notes that the message is an RSU message, and
updates the cell broadcast decryption keys data field in the SIM 34 with the
message identifiers, the corresponding encrypted keys, and the corresponding
alpha tags contained in the RSU message. The mobile station is now provided
with the capability to decrypt all encrypted cell broadcast messages having
message identifiers corresponding to those stored in the cell broadcast
decryption keys data field.
A user of the mobile station may. by appropriate keystrokes on the keypad 32, select cell broadcast messages which the mobile station is to pick up and store for possible display by the user. The user may display the alpha tags for the message types of limited access ipessages. in order to aid the selection of the limited access message types which the user wishes to have displayed. The user is also able to select fhfc message identifiers for message types of general access messages, and for message types of limited access messages which the mobile station has no decryption keys.
When a cell broadcast message is received by the mobile station 8 which has a message identifierof the type selected for possible display by the user, and no message is yet stored for the message identifier, the mobile station 8 picks up the message and stores the message in a cell broadcast message data field provided in the SIM 34. If the SIM 34 already has a message stored for the message identifier in the cell broadcast message, the mobile station 8 checks the

serial number of the message to determine whether it has been updated. If so, the mobile station overwrites the previously-stored message in the SIM 34 with the updated message. Otherwise, the mobile station 8 ignores the contents of the cell broadcast message.
When a cell broadcast message is newly picked up and stored, the user is prompted, for example by an audio tone or by a particular icon on the LED display 30 of the mobile station 8, to indicate that a cell broadcast message is ready to be displayed. The mobile station then performs the procedures illustrated in Figure 9.
The mobile station first waits for input by the user requesting the message to be displayed. On receipt of such input, the mobile station checks whether it,is currently camped on its home network (HPLMN). If the mobile station is camped on a network which is not its home network, the mobile station proceeds directly to display the stored message. If the message is encrypted, the encrypted message is displayed in a form unintelligible to the user, step 78. as the message is of the limited access type and access to the information is denied to the subscribers of other networks. If the message however is unencrypted, i.e. of the general access type, the message is displayed in an intelligible form, step 80,
If the mobile station is camped on its home network, the mobile station
4
*
checks whether the SIM 34 has the cell broadcast decryption keys data field provided in accordance with this invention. If not, the mobile station proceeds

once again to either display on encrypted message, step 78, or an intelligible message, step 80. depending on the access type of message broadcast.
If the SIM 34 currently in the mobile station does have the cell broadcast decryption keys data field, the mobile station proceeds to interrogate the SIM 34 to check whether the message identifier of the stored message is present in the cell broadcast decryption keys field. If not, the message received may be of a
general access type, and the message is displayed by the mobile station 8 in
*.
' i intelligible form, step 80. Otherwise, the message is of a limited access type to
which the user has no access rights. The message is then displayed by the
mobile station 8 in encrypted, i.e. unintelligible form, to prevent receipt of the
information in the message by the user, step 78.
If the message identifier of the stored message is present in the cell broadcast decryption keys data field on the SIM 34, the mobile station 8 proceeds to retrieve the encrypted decryption key corresponding to the message identifier of the stored message, along with the subscriber's IMSI, from the SIM, step 82.
With the encrypted decryption key and the IMSI, the mobile station 8 performs the reverse of the encryption process carried out in the NMC 14, to obtain the original decryption key. step 84. This decryption is carried out by performing an XOR function between the 16 bits of the encrypted decryption key and the same set of 16 predetermined bits from the subscriber's IMSf used in the encryption process.

The mobile station 8 then proceeds to decrypt the stored message, by performing the reverse of the encryption process carried out in the CRC 12 when generating the encrypted cell broadcast message. Namely, the mobile station performs the XOR function between the 8 most significant bits of the decrypti6n key and each odd-numbered message text octet, and between the 8 least significant bits of the decryption key j; each of the even-numbered message text octets, except for the last octet fh each page (which was originally not encrypted). This returns the original cell broadcast message text, which is then displayed on the LCI) display 30 of the mobile station, step 88, in a form intelligible to the user.
Figure 10 illustrates an example of an original cell broadcast message, consisting of one page containing 89 message text characters and 4 carriage return (text padding) characters. This message is encrypted as described in relation to Figure 4, and after receipt and storage by the mobile station may be displayed in accordance with the procedure shown in Figure 9.
If the mobile station has been provisioned with the corresponding
■
decryption key, the message may be displayed in its original form as illustrated in Figure 10.
If however the mobile station has not been provisioned with the appropriate decryption key, the message will appear as illustrated in Figure 11, as a pseudo-random character set.
Because the number of bits of the encryption key is not equal to. nor a multiple of, the number of hits used per character in coding the text, there is no

direct correspondence between any one of the original characters and the characters displayed in the encrypted text. In this case, the coding scheme used for the text characters utilises 7 bits per character, and the encryption keys contain 16 bits. Of course, other combinations of text character coding length and encryption key length may be used to similar effect.
To ensure the long-term security of the encryption method used for limited access messages, the encryption keys used to encrypt the message texts will periodically be altered. Figure 12 illustrate a procedure carried out by the CBC 12 to update a particular encryption key. The CBC 12 first randomly generates a new 16 bit encryption key, step 90, and overwrites the previously-stored encryption key in the list illustrated in Figure 3 for the message identifier
in question, step 91. Next, the CBC 12 proceeds to retrieve the message
*
previously stored for the message identifier in question, step 92. and proceeds to encrypt the message with the newly generated encryption key, step 93, This encryption process is identical to that carried out when the message was originally received by the CBC 12 as described in relation to Figure 4, of course using a different encryption key. Once the message is encrypted, the new cell broadcast message is forwarded to the appropriate BSCs 4, step 94, for broadcast by the BTSs 6 on their CBCHs to mobile stations 8 receiving the cell broadcast channel in the cells served by the BSCs 4 in question.
Once a new encryption key has been generated in the CBC 12, and the corresponding cell broadcast message has been encrypted with the newly-

generated key, the mobile stations 8 of users having access rights to the same message type must be provisioned with the ntw decryption key.
The first step of provisioning the mobile stations 8 of the appropriate subscribers with new decryption keys generated in the CBC 12 is the procedure carried out in Figure 13. First, the CSS 15 receives from the CBC 12 a list of message identifiers for the messages for which the decryption keys have been updated, step 95. The CSS 15 then proceeds to search its store of subscription records for the message identifiers on the updated decr›'ptionkeys list, in order to determine which subscriptions require updated decryption keys, step 96. The CSS 12 then constructs a list of such subscriptions, which are forwarded to the NMC 14 '■■» allow the NMC 14 to perform the appropriate provisioning procedures, step 97. The NMC 14 then proceeds to perform the procedure described in relation to Figure 7 for each subscription appearing on the list received from the CSS 15. This results in the mobile stations of each such subscription receiving a new RSI I message containing updated decryption keys, in encrypted form, for message types to which the subscriber has access. These decryption keys are suitable for u^e in decrypting messages encrypted with the newly-generated encrypt ion keys.
The encryption/decryption mechanism utilised in the above-described embodiment utilises the two-way encryption/decryption character of the XOR function, and is sufficiently secure for use in relation to many types of information. However, it will be appreciated that other two-way encryption/ decryption mechanisms, for example using symmetric or public/private

t
encryption/decryption keys, may he utilised to provide more (or less) secure encryption/dccryptionmechnnisms*
In the above-described embodiment, the general-access messages are not subject to the XOR function used in the encryption/decryption process. However, it would also be possible to subject the message to the XOR function using a' 'free1' key of the form of 16 bits of "0". which results in a message coding which is identical lo the original message coding. This XORing with the "free" key may be performed in the CRC 12 when "encrypting" a general access message, and/or by the mobile station 8 when "decrypting" a general access message. In effect, no encryption or decryption would take place.
In the above-described embodiment, the mobile station 8 performs the decryption of the cell broadcast message text. This requires the mobile station itself to be customised, in relation to currently existing mobile station types, in order to allow the mobile station to present the encrypted cell broadcast messages in plain text form. In a further embodiment, a standard mobile station, such as a GSM (Phase 2+) mobile station supporting the SIM Toolkit as described i GSM Technical Specification 11,14. may be used. In this further embodiment, the functionality for decrypting encrypted cell broadcast messages is contained in the SIM 34 itself, the SIM 34 being SIM Toolkit enabled.
In order to avoid repetition, it should be understood that the functionality described in relation to each of Figures 3, 4, 7, 8, 12 and 13 is intended to apply equally in relation to 13, This embodiment differs primarily from the first-described embodiment in that the special cell broadcast coding

scheme illustrated in Figure 6 is not necessary, a conventional tfcdata download via SMS-CB" coding scheme being used instead, and in that the procedure illustrated in Figure 9 is not carried out by the mobile station, the mobile station instead passing "data download via SMS-CB" messages directly to the SIM, and subsequently being instructed by the SIM (the SIM being proactive) to
display a plain text version of a cell broadcast message received in encrypted
» form.
Referring to Figure 4. in this embodiment any suitable type of encryption technique may be used in step 56. This may be the XOR function previously described, or other encryption techniques such as DES, RSA, etc.
In place of the coding scheme illustrated in Figure 6. in this embodiment each of the BSCs 4 broadcasting encrypted cell broadcast messages formats the encrypted message as a "data download via SMS-CB" message, the encrypted message being included in the cell broadcast page along with an identifier for the key used to encrypt the message. The cell broadcast message includes a cell broadcast message identifier, which specifies the type of content contained in the cell broadcast page, and a transfer protocol identifier indicating that the message type is "SIM data download".
In addition to the field dedicated to containing decryption keys, which may be populated by means of RSU procedures as described above, the SIM 34 contains a Cell Broadcast Message Identity for Data Download (CBMID) data field, as described in GSM Technical Specification 11.11, which holds data identifying t'"e message content types the subscriber wishes the mobile station 8

to accept. Furthermore, the SIM 34 includes an application programme, which may for example be stored in ROM or FI:PROM on the SIM. for performing decryption and controlling the display of the mobile station 8.
When the mobile station receives the cell broadcast download message, the mobile'station 8 first queries the CBMID data field of the SIM to determine whether the message ID received for the cell broadcast message is currently selected by or for the subscriber. If a corresponding entry is found in the CBMID data field, the mobile station 8 transparently passes the cell broadcast page to the SIM 34 using a 'Veil broadcast download to SIM" command.
Reception of the cell broadcast download command by the SIM 34 causes the SIM to analyse the contents of at least a portion of the cell broadcast page, wherefrom it is determined whether the cell broadcast page contains an encrypted message. If so. tlv stored programme is invoked in order to decrypt the message, using the appropriate decryption key stored in the dedicated decryption keys field. Once the message is decrypted, the SIM passes the plain text message to the mobile station in a "display text" command, in response to which the mobile station 8 displays the plain text message.
In-addition to decrypting the encrypted message and commanding the mobile station 8 to display the plain text message, the SIM application programme may also perform other processes in response to data received in the cell broadcast message, such as updating the contents of the CBMID data field to select new message types, on behalf of the subscriber, which the mobile station 8 should accept and handle.

As will be appreciated, in this embodiment, if a subscriber is not authorised to receive a limited access message in plain text form, the SIM may either not contain an appropriate decryption key for the message or may be at least temporarily configured by the network operator so as not to conduct the procedure described above. Instead of the procedure described above, the SIM may act in one of a variety of alternative'manners. For example, the SIM may command the mobile station 8 either to present the message to the user in encrypted form or to display an access-denied message, or may simply not any display on the mobile station, in response to a cell broadcast message containing an encrypted message which is of a type nevertheless selected by the subscriber.
The functionality for the provision and processing of encrypted cell broadcast messages may thus be contained entirely within the mobile communications network and on the SIM 34. and standard (e.g. GSM Phase 2+) handsets may be used without modification.
It will be appreciated that various modifications and variations may be employed in relation to the above-described embodiments.
The provisioning of the mobile stations with decryption keys via the air interface, using the RSI '-type short messages, has the advantage that no action is required on the subscriber's behalf in order to provision the SIM 34 of the mobile station 8 with the decryption keys. However, the decryption keys, preferably encrypted using the subscriber's IMSI, or such like, as described, may be transmitted to the user by other methods, for example by mail. An alternative functionality of the mobile station 8 would allow the encrypted

decryption keys to be manually input to the mobile station for storage in the cell broadcast decryption keys data field in the SIM 34.
Other information access prevention mechanisms to those described above could also be employed, such as the remote enablement/disablement(for example using RSI I messages) of a decryption function on the mobile station, or of the cell broadcast receiving function on the mobile station.
In the above-described embodiments, the SIM 34 is in the form of a module electrically connected to the mobile station 8. However, the SIM may be embodied in an entirely separate module, such as a contactless smartcard transmitting data to and from the mobile station via a radio link.
Finally, although the above-described embodiments relate to a method and apparatus utilised in a OSM•rtype network, the present invention may of course be realised in other types of cellular telecommunications networks, whether using TDMA. COMA, or other types of radio interface protocols.
It is envisaged that further modifications and variations may be employed without departing from the scope of the present invention.

WE CLAIMS :
1. A method of distributing information to users in a cellular
telecommunications network comprising a mobile switching centre and a plurality of base stations transccivingin a plurality of cells of said network, said method comprising:
providing a plurality of mobile stations, each of said mobile stations having an associated information access status;
broadcasting a signal on a common channel of at least one cell of said network, said signal containing a limited access message in encrypted form, for general reception in said at least one cell;
'enabling first mobile stations having a first information access status to decrypt and present said message to a user in unencrypted form when being served by said cell: and
preventing second mobile stations having a second information access status from presenting said message in unencrypted form to a user when being served in said cell.
2, A method according to claim 1, wherein said first mobile
stations are provided with a decryption key for said message.

3. A method according to claim 2. wherein said decryption key is held in a removable module which may he used in association with any of a plurality of mobile stations.
4. A method according to claim 3. wherein said message is decrypted in said removable module.
5. A method according to claim 2 or 3. wherein said signal contains padding data accompanying a portion of said message, and said portion is contained in said signal in unencrypted form.
6. A method according to any preceding claim, wherein said signal comprises a header portion' containing a message identifier accompanying a message and said method comprises enabling both said first and second mobile stations to read said message identifier,
7. A method according to any of the preceding claims, wherein status data defining said information access status is stored in a removable modole of a first mobile station.
8. A method according to claim 7. wherein said status data comprises a decryption key.

9. A method according to claim 8, wherein said decryption key is stored in said removable data store in encrypted form.
10. A method according to claim 9, wherein said decryption key is decrypted by said first mobile station using a data string specific to said removable module.
11. A method according to claim 10, wherein said data string is a subscriber identifier used in said cellulartelecommunicationsnetwork.
12. A method according to any of claims 7 to 11, further comprising transmitting said status data to said first mobile station via a radio interface in said cellular telecommunicationsnetwork.
13. A method according to any preceding claim, wherein said signal comprises a plurality of limited access messages each having a corresponding access right,
said method comprising providing said mobile stations with said access rights and enabling only mobile stations having an access right corresponding to a limited access message to present said limited access message to a user when being served in said cell.

14. A method according to claim 13, comprising providing each of said first mobile stations with n selection of said access rights in accordance with a subscription held for each first mobile station respectively,
15. A method according to claim 13 or 14, further comprising storing encryption keys for each of a plurality of limited access message types, and encryptihg each said limited access message using an encryption key in accordance with its respective message type.
16. A method according to any of claims 13 to 15, comprising storing ;i plurality of subscription records, each said subscription record comprising access right data defining said access rights.
17„ A method according to claim 16. comprising altering said access right data for a subscription record to alter the type of limited access messages a user is able-4") receive intelligibly.
18. A method according to any preceding claim, wherein said signal contains a general access message, and wherein said method comprises enabling both said first and second mobile stations to present said general access message to a user when being served in said call.

19. A method according to claim 19. wherein said common channel is a cell broadcast channel of a GSM-typc communications system,
20. A method according to any preceding claim, wherein alternative limited access messngc(s)arc broadens! in cells located in different areas of said cellular telecommunications network.
21. Apparatus for receiving information in a cellular
i
tclecommunicationssystem. said apparatus comprising:
means for storing a decryption key:
means for receiving a message broadcast on a common channel of a cell of said cellular tclecommunicationssystem; and
means for decrypting said message using said stored decryption key; and
means for displaying said decrypted message to a user.
22. Apparatus according to claim 21, wherein said storage means is part of a removable module.
23. Apparatus according to claim 21 or 22, wherein said displaying means is arranged to display a message in decrypted form when a decryption key for said message is held in said storage means, and to display said message in encryptL ' form when no decryption key for said message is held in said

24. Apparatus according to claim 21, 22 or 23. wherein said decryption means is part of a removable module.
5 25. A cellular mobile telephone according to claim 21.22, 23 or 24.
26. A method of distributing information to users in a
cellular teIecommoni cations network, substantially as herein
described, with reference to the accompanying drawings.
27. Apparatus for receiving information in a cellular
i
teIecommun icat ions system, substant i a 1ly as herein
* described, with reference to the accompanying drawings -
27* A cellular mobile telephone, substantially as herein described, with reference to the accompanying drawings,

Documents:

1584-mas-1998-abstract.pdf

1584-mas-1998-claims filed.pdf

1584-mas-1998-claims granted.pdf

1584-mas-1998-correspondnece-others.pdf

1584-mas-1998-correspondnece-po.pdf

1584-mas-1998-description(complete)filed.pdf

1584-mas-1998-description(complete)granted.pdf

1584-mas-1998-drawings.pdf

1584-mas-1998-form 1.pdf

1584-mas-1998-form 19.pdf

1584-mas-1998-form 26.pdf

1584-mas-1998-form 3.pdf

1584-mas-1998-form 4.pdf

1584-mas-1998-form 6.pdf

1584-mas-1998-other document.pdf

1584-mas-1998-pct.pdf

« Previous Patent

Next Patent »

Patent Number

212426

Indian Patent Application Number

1584/MAS/1998

PG Journal Number

07/2008

Publication Date

15-Feb-2008

Grant Date

03-Dec-2007

Date of Filing

16-Jul-1998

Name of Patentee

ORANGE PERSONAL COMMUNICATIONS SERVICES LIMITED

Applicant Address

ST JAMES COURT, GREAT PARK ROAD ALMONDSBURRY, BRISTOL BS12 4QJ,

Inventors:

#	Inventor's Name	Inventor's Address
1	PETER FORD	18 SUMMERS MEAD, YATE, BRISTOL BS17 5RB,

PCT International Classification Number

H 04 Q 7/22

PCT International Application Number

N/A

PCT International Filing date

PCT Conventions:

#	PCT Application Number	Date of Convention	Priority Country
1	9715097.3	1997-07-17	U.K.