DATA STORAGE SYSTEM
This invention relates to data storage systems . The invention has particular, although not exclusive, relevance to the backup of data stored on a SIM
(Subscriber Identification Module) card or an R-UIM chip
(Reusable User Identifier Module) in a mobile phone.
A SIM card (or a R-UIM chip in the USA) is a detachable module for a mobile phone, the SIM card being owned by . the network operator of a mobile phone communication system and including data specific to the network operator together with data entered by and specific to the user, such as an address book storing abbreviated dialling numbers. The SIM card may be removed from an original mobile phone and inserted in a new mobile phone, thus enabling data entered on the SIM card to be used in the new mobile phone. The problem arises that where the SIM card is lost, stolen or corrupted, the data recorded on the SIM card will also be lost at considerable inconvenience to the user.
The applicant's pending application WO 02/01022 discloses a data backup system for backing up in a remote database system, data stored in a plurality of data
storage systems, such as SIM cards. Each data storage system comprises means for updating data stored in the data storage system and producing one or more data messages including a copy of the updated data. The copied data is wirelessly transmitted to the remote data database system for storage. If necessary, a data message including a copy of the stored data may then be wirelessly transmitted back to the data storage system in order to restore the data in the data storage system.
It is an object of the present invention to provide a data backup system having functionality beyond that disclosed in WO 02/01022.
In particular, it is an object of the present invention to provide a data backup system in which the messages wirelessly transmitted between the data storage system and the remote database system may be made more secure. It is a further object of the present invention to enable each user to interrogate the backup status of the stored data either at the data storage system or at the remote database, and to be able to switch the service "ON" and "OFF" at the data storage system.
According to a first aspect of the present
invention, there is provided a data storage system for use in a data backup system for backing up in a remote database system data stored in a plurality of data storage systems, the data storage system comprising means for wirelessly transmitting one or more messages to said remote data storage system, said messages including instructions for changing the data -stored . in the remote database system, wherein each message includes an identifier indicative of the data storage system.
According to a second aspect of the present invention, there is provided a data storage system for use in a data backup system for backing up in a remote database system data stored in a plurality of data storage systems, the data storage system comprising means for wirelessly transmitting messages to said remote data storage system, said messages including instructions for changing the data stored in the remote database system including a user accessible menu for switching the data backup service at the data storage system "ON" and "OFF" and sending wirelessly transmitted messages to the remote database system to inform the remote database system that the backup system at the data storage system has been switched "ON" or "OFF".
According to a third aspect of the present invention, there is provided a data storage system for use in a data backup system for backing up in a remote database system data stored in a plurality of data storage systems, the data storage system comprising means for wirelessly transmitting one or more messages to said remote data storage system, said messages including instructions for changing the data stored in the remote database system, including means for storing an indication of the data backup system currently operating in a file readable by an external reading means.
The invention also provides a method of use of a data storage system according to any aspect of the invention and a computer program including processor implementable instructions for causing a processor to perform each method.
An embodiment of the present invention will now be described by way of example only with reference to the accompanying drawings in which:
Figure 1 is an overview of an embodiment of a data backup system communicating via either the Internet or via a cellular radio communication system;
Figure 2 illustrates, schematically, the four independent states in which the data backup service running at the SIM card in Figure 1 may be;
Figure 3(a) is a schematic illustration of functional modules of software and hardware incorporated in the mobile phone of Figure 1;
Figure 3(b) is a schematic illustration of functional modules of software and hardware incorporated in the SIM card of Figure 1; Figure 4 illustrates the variables, files and buffers of the backup and restore application stored on the SIM card of Figure 3(b);
Figure 5 is a schematic illustration of the functional modules of software and hardware incorporated in the data backup service centre of the embodiment of the invention;
Figure 6 illustrates the backup data files incorporated in the phone book data store in Figure 5; Figure 7 illustrates the user data files incorporated in the subscriber data store in Figure 5; Figure 8 illustrates the configuration data files incorporated in the configuration data store in Figure 5; Figures 9, 10 and 11 illustrate the initialisation process on first use of the system by a user; Figure 12 illustrates the hierarchy of the
processing performed by the backup service as determined by the status of the flags set in the flag table shown in Figure 4 ;
Figure 13 illustrates the file structure of the abbreviated dialling number data stored in the SIM card of Figure 3(b);
Figure 14 illustrates the structure of the checksum table stored on the SIM card of Figure 3(b);
Figure 15 illustrates the structure of the checksum state table stored on the SIM card of Figure 3(b);
Figure 16 illustrates the form of the inbound message buffer stored on the SIM card of Figure 3(b);
Figures 17, 18 and 19 illustrate the form of the outbound message buffers stored on the SIM card of Figure 3(b);
Figure 20 illustrates a menu displayed on the screen of the mobile phone for switching the backup service "ON" and "OFF", or determining the status of the backup service at the SIM card; Figure 21 illustrates the processing performed when the backup service is switched "ON" using the menu of Figure 20; and
Figure 22 illustrates the processing performed when the backup service is switched "OFF" using the menu of Figure 20.
OVERVIEW
Referring firstly to Figure 1, this figure illustrates the overall operation of a data backup system in accordance with an embodiment of the invention. In this embodiment, data stored on each of a number of mobile stations la, b, c may be backed up at a remote backup data service server 3. The data to be backed up is transmitted by a wireless link between each mobile station la, b, c either via the Internet 4 or via a public land mobile network 5 and a Short Message Service Centre 6. It will be appreciated that other wireless links may be used other than the Internet and the Short Message service, but only IP and the GSM Short Message service transfer is shown and will be described in order to simplify the explanation.
In the particular embodiment to be described, each mobile station la, b, c consists of a mobile phone 7 in which a respective SIM card 8 is inserted, a number of software modules running on the SIM card in order to implement the data backup service. The data transfer between the antenna 9 of each mobile station la, b, c and the data backup service server 3 in this particular embodiment takes place either via IP messages transmitted
via the Internet or using the point-to-point Short Message service (SMS) facility as defined, for example, in part 03.40 of the GSM specification. This SMS facility enables short text messages and other data to be sent in a store and forward manner to or from a mobile station in TDMA timeslots other than those used to contain speech data.
Each IP or SMS message comprises transport protocol data relating to the type, destination and originator of the message and a payload. The payload includes, during backup processing by the system, backup data as user defined data produced by the SIM card 8. On receipt of the IP or SMS message including the backup data, the backup data service server 3 is able to store a backup version of the data transmitted from the mobile station 1. Where there is too much backup data to be included in a single SMS or IP message, the backup data will be transmitted in a series of messages. In the event of loss of the SIM card, or corruption of the data on the SIM card, a copy of the backup version of the data may be wirelessly transmitted as restore data in the payload of one or more SMS messages or IP messages back to the mobile phone 7 and used to restore the data on the SIM card 8.
Referring now also to Figure 2 , this figure illustrates the four states which the data backup service running on the SIM card 8 can take, that is:
i) an as issued state; ii) an initialization state; iii) a processing state; and iv) an inactive state.
On switching on the mobile phone 7 for the first time or on first use of the backup service after installation on the SIM card inserted on the mobile phone, the data backup service will enter the as issued state and undergo a procedure to determine whether the phone has functions which support the backup service. If the particular mobile phone cannot support the data backup service, the service enters the inactive state, otherwise the backup service enters the initialisation state.
In the initialisation stage, on the first use of the SIM card in the backup service, during an initialisation procedure a 16 bit random number or "SIMSeed" is generated to secure all messages exchanged between the SIM card and the data backup service centre as will be
described in more detail later. The backup service then passes to the processing state.
In the processing state, the user is able to switch the backup service "ON" or "OFF" via a menu displayable on the display of the mobile phone, and operable by the keyboard on the mobile phone as will be described in more detail hereafter. The user is also able to interrogate the backup status of his SIM card, either via the menu, or by interrogating a web page generated by the data backup service server 3.
The data to be backed up is periodically automatically interrogated in response to polling signals known as "Status Commands" generated by the mobile phone 7 when the data backup service is not otherwise occupied, to look for changes in the data to ascertain whether any new data has been entered via the keyboard of the mobile phone which needs to be backed up. Restore messages are instigated by a user request to the backup data service server 3.
Configuration messages relating to the configuration settings of the SIM card 8 and the data backup service server 3 are also transmitted either way between the SIM
card and the data backup service server.
On receipt of messages by either the SIM card 8 or the data backup service server 3 , that is , backup messages, restore messages and configuration messages, appropriate acknowledgement messages are transmitted back to the originating device.
In summary, as indicated in Figure 2, whilst the backup service is in the processing state, the SIM card 8 is able to transmit to the data backup service server 3 , via the mobile phone 7 :
i) Backup Messages informing the data backup service centre 3 that a change has occurred in the data files to be backed up, the messages including the changed data to be backed up at the data backup service server 3; ii) Restore Acknowledgement Messages in response to restore messages from the data backup service server
3 in the event of a successful, or unsuccessful, restore operation at the SIM card 8; iii) Server Configuration Messages for enabling the user to register for the service and subsequently to send a message to the data backup service server 3 that
he wants to switch the backup service "ON" or "OFF"; and iv) SIM Configuration Acknowledgement Messages in response to configuration messages received from the backup and restore service server 3 and executed at the SIM card 8.
On the other hand, whilst the backup service at the SIM card is in the processing state, the backup service at the SIM card 8 is able to receive from the data backup service server 3 :
i) Backup Acknowledgement Messages following successful, or unsuccessful, backup at the data backup service server 3; ii) Restore Messages including data to be restored on the SIM card 8; iii) SIM Configuration Messages for changing the configuration settings of the SIM card 8; and iv) Server Configuration Acknowledgement Messages in response to Server Configuration Messages received at the data backup service server 3 from the SIM card 8 and executed at the data backup service server 3.
Each message type, for example, backup, restore, SIM configuration acknowledgement etc, is identified by means of a 1-byte "Protocol identifier" (PID) at the beginning of the payload for the messages in order to enable the recipient equipment, that is the SIM card 8 or the server 3, to deal with the incoming message in the appropriate manner.
The individual components of the data backup system enabling the functioning of the data backup service will now be described in more detail.
MOBILE STATION
Referring to Figure 3, this figure describes schematically the functional modules of software and data incorporated in a mobile phone 7 (Figure 3(a)) and associated SIM card 8 (Figure (3b)) in so much as they are necessary to understand the present invention. Further components which are conventionally included in mobile stations, for example for receiving and transmitting speech data, have been omitted for the sake of clarity.
Referring firstly to Figure 3(a), the operation of
the mobile phone is controlled by a software control module conventionally known as a phone kernel 21. This controls a radio manager module 22, which in turn controls the transmission of signals to be transmitted by antenna 9 to the public land mobile network 5 , or the processing of signals received by the antenna 9 from the public land mobile network 5.
An SMS reception unit 23 is arranged to process incoming SMS signals and cause the message to be displayed on a display (not shown) under the control of a display control unit 24 when the SMS data contains a conventional Class 1 Short Message including a text message. Where it is determined that the incoming SMS signal includes information relating to the SIM card 8, such as information relating to backup data transfer to the backup service centre 3, or, in the case of a data restore operation, data downloaded from the backup service centre 3, a SIM manager unit 25 within the mobile phone 7 is arranged to pass appropriate signals to the
SIM card 8.
The mobile phone 7 also includes an SMS assembly unit 26 which is arranged to incorporate appropriate GSM transport protocol data in SMS messages to be transmitted
through the antenna 9 under the control of the radio manager 22.
A keyboard (not shown) enables a user to input instructions to a keyboard interface 27 which is effective to interpret the instructions and distribute appropriate signals within the rest of the. mobile phone. A clock 28 is effective to produce timing signals for use by the mobile phone 7 and to produce polling signals which are sent to the SIM card 8. An area of RAM 29 including a Command Application Protocol Data Unit (C- APDU) buffer is effective to store, amongst other data, a copy of abbreviated dialling numbers and a copy of the incoming SMS messages which are sent to the SIM card 8.
In order to enable the reception and transmission of IP messages, the mobile phone also includes an IP message reception unit 30a and an IP message assembler unit 30b.
Turning now to Figure 3(b), this illustrates the functional units of the SIM card 8 which is typically a slow JAVA SIM card. The operation of the SIM card 8 is controlled by control software conventionally called a SIM kernel 3. A data communication protocol unit 32 is effective to receive and to transmit signals to or from
the mobile phone 7, the data communication protocol unit 32 including a first buffer 32a, a response-application protocol data unit (R-APDU) for buffering incoming data from the mobile phone 7 and a second buffer 32b, an SMS transport protocol data unit (SMSTPDU) for buffering SMS data prior to transfer to the mobile phone 7.
The SIM card 8 also includes a file manager 34 effective to control the input and output of data into a number of files stored within an EEPROM memory 35 on the SIM card 8. In the particular example to be described, the data to be backed up is the abbreviated dialling number data (EFADN data) stored in a so-called "Elementary File" 36 on the SIM card 8. The Elementary Files also include other elementary file data such as preferred networks, the dialling numbers of recent calls, etc, but these have been omitted from the drawing for the sake of clarity.
As so far described, the SIM card 8 is of conventional form. However, to enable the backup of data stored, for example, in the abbreviated dialling number file EFftDN, the SIM card also includes an additional software module comprising a backup and restore processing unit 41 which will be described in more detail
hereafter. This is incorporated in the SIM card 8 as a JAVA Applet either during provisioning of the SIM card or as a download during operation of the SIM card. The backup and restore processing unit 41 cooperates with the other functions on the SIM card via the SIM Application Tool Kit 43 which is conventionally included in SIM cards and includes a set of commands and procedures which enables applications existing in the SIM card 8 to interact and to cooperate with applications in the mobile phone, or the network.
The features of the SIM application tool kit 43 are defined in GSM Standard 3GPPTS 11.14 and in particular include a "Send Short Message" function 45 enabling the SIM card 8 to send data for incorporation in a Short Message to the mobile phone 7 and a poll signal control unit 47 effective to change the frequency of the polling signals which are produced by the clock 28 on the mobile phone 7.
In particular, the poll signal control unit 47 is used to cause the clock 28 on the mobile phone 7 to send polling signals to the SIM card 8 at chosen intervals, typically between 3 seconds and 30 seconds during the "idle" periods for the phone 7 following times at which
the display on the phone has been refreshed, this being a time when the SIM card is usually inactive. The value of the initial polling interval is chosen in view of the necessity of not imposing too big a burden on the battery life of the mobile station and not letting the backup system become obtrusive to the user of the mobile station. These signals constitute the "Status Command" signals indicated in Figure 2 and are used by the backup service to prompt the backup service processing at the SIM card 8. The interval between the Status Command signals may be reduced during backup and restore processing in order to speed up the backup and restore processing. Typical values will be 10 second intervals during the idle periods, decreasing to 5 second intervals during backup and restore processing.
The backup service also provides a set of indices into the data records 48a stored in an area of RAM 48 on the SIM card 8 together with a set of counters 48b for timing various processes performed in the backup service.
The EEPROM 35 incorporated in the SIM card 8 includes backup and restore service files 49 and backup and restore service buffers 50 as will now be described with reference to Figure 4, together with a file 51
including a record of the version of the backup service software currently installed on the SIM card 8.
Referring now to Figure 4, the backup and restore service variables 49 comprise a number of sets of variables each including, at any one time, data representative of whether the backup system is operative, what EFADN records need to be backed up, a record of which processes are currently pending and the SIMSeed generated in the initialisation procedure. In particular, the backup and restore service variables include system state variables 51, a checksum 52, EFADN state variables 53, a set of flags 54 and system variables 55, and a set of further indices 56 including indices into the current record being dealt with in each of the backup outbound message queue and the server configuration inbound or outbound message queues.
The backup and restore service buffers 50 include an inbound message buffer 57, a backup message buffer 58, a combined acknowledgement message and restore/ configuration buffer 59 and a server configuration buffer
60.
The variables 51-56 and buffers 57-60 will now be
described in more detail .
The system state variables 51 include three variables, that is:
i) a variable having four values indicating in which of the four states indicated in Figure 2, that is the as issued, initial, processing and inactive state, the data backup service running at the SIM card 8 is in; ii) a variable indicating whether or not the backup service has been initialised, and thus has a SIMSeed; and iii) a variable indicating whether the backup service is switched "OFF" or "ON".
The checksums record 52 contains the previously calculated checksums for each EFftDN entry. During idle processing, the checksum for each entry is recalculated to determine whether any changes have been made, any changes detected being indicated in the state table 53.
The flag table 54 contains the following flags for indicating the various operating states of the backup processing, restore processing and server configuration
messages:
ACK flag: indicating that an outgoing SIM
Configuration or Restore message is in the outbound message buffer 59 waiting to be sent.
MESSAGE flag: indicates that a message is in the inbound message buffer 57.
SWPENDING flag: indicates that the SIM card 8 is waiting for an incoming backup server configuration acknowledgement message from the backup service server 3.
ACKPENDING flag: indicates that the SIM card 8 is waiting for an incoming Backup Acknowledgement message from the backup service server 3.
BACKUP flag: indicates that an outgoing backup message is waiting in the backup message buffer 58 for transmission to the backup service server 3.
The system variables 55 include a record of the SIMSeed, a key to the types of incoming messages, the current EFADN checksum value and the number of records in any outgoing backup message.
The version of the backup system software is stored as a file 100, to enable this information to be read by an external SIM card reader when required together with other information stored in the files of the SIM card 8.
The indices 48a for pointing to the current record being looked at in each of the EFADN records and the counters 48b comprising four counters for monitoring the timing of the configuration, restore, backup and server configuration message generation processes are stored on the RAM 48 for speed of operation, and also to avoid write cycle limitations on the EEPROM 35, which is designed to have a finite number of write cycles. Further counters 101 which are not required to be so fast may be incorporated in the EEPROM, for example counters for counting the number of times a message is resent.
DATA BACKUP SERVICE SERVER
Referring now to Figure 5, this figure illustrates the architecture of the data backup service server 3 in so much as is necessary to understand the present invention. This particular embodiment of the data backup server 3 is designed within a J2EE Java application framework using a series of Java beans to perform each
processing function. The embodiment is particularly configured to enable further input channels, for example, circuit switched data (data packet switching) or transfer of unstructured supplementary service data (USSD), to be added without affecting the rest of the data handling system or control functions. In order to simplify the drawing, however, only incoming and outgoing short messages are shown.
The server 3 also allows extra or alternative functionality to be added to the system without requiring reprogram ing of the low level procedures used to address the database system. This is achieved by designing the data backup service server with a presentation layer 71, a database layer 72 and a session layer 73 as follows:
i) the presentation layer 71 includes input and output message interfaces 74, 75 for enabling the input and output of data messages to and from the SIM card, a message publisher 76 for incoming messages, protocol adapters 77 for outgoing messages, an input/output message queue 78, a web interface 279, backup and backup acknowledgement message beans 79, 80 for receiving incoming backup messages and producing outgoing backup acknowledgement messages
respectively, an outgoing restore message bean 81, an incoming restore acknowledgement message bean 82, an outgoing server to SIM configuration message bean 83 and an incoming server to SIM configuration acknowledgement message bean 84, and an incoming SIM to server configuration message bean 85 and an outgoing SIM to server configuration acknowledgement message bean 86. ii) the database layer 72 includes a configuration data store 85, a subscriber data store, a phone book data store, and a call data record store 90; and iii) the session layer 73 includes a configuration data manager bean 91 for managing the input and output of data to the configuration data store 87 and the subscriber data store 88, a phone book manager bean
92 for managing the input and output of data to the phone book data store 88 and the subscriber data store 88 and a call data record event manager 93 for interfacing with the call data record store 90. Links are provided between the call data record event manager bean and both the configuration manager bean 91 and the phone book manager bean 92.
Turning now to Figures 6 and 7, these figures illustrate some of the data files included within the
data stores 85, 87, 89.
Referring firstly to Figure 6, in the ADN data store 85, a data table 171 includes a copy of the ADN data for each user as stored in the SIM card EFADN table 36 which is to be backed up by the data backup service, the data table including a field specifying the User ID for each set of ADN data. A checksum table 173 contains data duplicating the contents of the checksums 52 stored on each SIM card 8. The data store also includes a SIMSeed data table 175 including the SIMSeed entered at each SIM card.
Referring to Figure 7, the subscriber data store 88 includes a user table 177 including basic information on each subscriber to the data backup system. This will include data identifying each user via their user ID number and details about the user such as his name, address, web login and billing information.
Finally, referring now to Figure 8, the
Configuration Data Store 87 includes device table 179 includes data identifying the mobile phone, the SIM card and the ISDN number of the mobile station. A SIMSeed data table 181 will contain the SIMSeeds for each user.
Finally, a configuration data table 183 will contain configuration data for each user, i.e. whether the backup service has been switched "ON" or "OFF", a copy of this data being included in the user table 177 stored in the subscriber data store.
PROCESSING AT THE BACKUP SERVICE SERVER
A general description of the operation of the backup service server 3 will now be given.
Referring now again to Figure 5, during use of the backup service, incoming data from user SIM cards is received by the data input interface 75 which passes the data to one of a stack of message publishers 76 connected to the data input/output interface 75 through a load balancer (not shown). Each message publisher 76 is effective to strip off the message header from the incoming message and pass the payload to an inbound message queue in the input/output message queue 78 dependent on the message header.
The input/output message queue 78 is a Java MS queue which enables the backup service server to receive incoming messages and transmit outgoing messages at a
rate independent of the rate of message processing. The message queue 78 includes separate sub-queues for the different types of incoming messages. Dependent on whether the incoming message is a backup message, a configuration message or an acknowledgement message, the message is passed to the backup message bean 79, the SIM to server configuration message bean 85 or the restore acknowledgement message bean 82 or server to SIM configuration acknowledgement message bean 84. A backup message is passed through the phone book manager bean 92 to the phone book data store 89, whilst the configuration messages are passed through the configuration data manager bean 91 to configuration data store 87. The call data record event manager bean 93 is responsive to events handled by the phone book manager bean 92 and the configuration data manager bean 91 to perform a log of the events for archiving and billing purposes, the log being stored in the call data record store 90.
The outbound message queues in the input/output message queue 81 are buffers effective to queue messages produced by the restore message bean 81, the server to SIM configuration message manager 83 and acknowledgement messages produced by the backup acknowledgement message bean 80 and SIM to server configuration acknowledgement
message bean 86 and to output the messages through a load balancer (not shown) to one of the protocol adapters 77. Each outgoing message will include in the payload of the message a copy of the SIMSeed for the particular user in order to verify the message. At the protocol adapter 77, the appropriate transport protocol is added, the message being passed back through the data output interface 75 for onward transmission back to the SIM card 8.
The web interface 279 provides an interface for incoming and outgoing messages from the Internet. By use of this interface, a user may, for example, request that the data on a SIM card be restored using the data stored in the phone book data store 89. Alternatively, the user may add new numbers to the ADN numbers stored on the SIM card, this being useful, for example, where the SIM card is one of a number of mobile phones used in a business.
INITIALISATION PROCEDURE
Referring now to Figure 9, each time a user switches his mobile phone on, it is necessary for the backup and restore processing unit 41 on the SIM card 8 to determine firstly whether the SIM card is registered at the data backup service and whether the particular mobile phone
has the necessary features to support the backup service as the User's SIM card 8 may have been transferred to a different mobile phone 7.
In step S801, the backup and restore processing unit
41 is arranged to send a signal via the data communication protocol unit 32 to the SIM. manager 25 in the mobile phone 7 to determine whether the mobile phone 7 supports the features of the GSM specification GSM 11.14 for transfer of data between the mobile phone and the SIM card including the SIM application toolkit including polling signal control.
If in step S802 it is determined that the phone does not support GSM 11.14, in step S803 the processing is stopped, the state variable in the system state table 51 is set to "inactive" and the processing stops. If, however, it is determined that the phone does support GSM 11.14, the processing proceeds to step S804.
In step S804 the value of the variable stored in the system state table 51 indicating whether the backup service has been initialised is interrogated. If it is determined that the backup system has already been used, a SIMSeed will already have been generated for the
particular SIM card and be stored both in the SIM card system variables 56 and in the SIMSeed data tables 175, 183 at the backup service server 3. The system state variable in system state table 51 will then be set to "processing" in step S805 and the backup service will await the next system status command signal or menu select command signal.
However, if it is established from the variable value in the system state table 51 that the backup service has not yet been initialised, the procedure passes to step S806 and a 16 bit number is generated and stored in system variables 56 as the SIMSeed. This number will subsequently be included in the payload of all messages exchanged between the SIM card 8 and the backup service centre 3.
Turning now to step S807, a server configuration message will then be formatted in the server configuration message buffer 60 and in step S808, the SIMSeed value which has now been stored in the system variable table 56 will be retrieved and included in an outgoing message. The outgoing message also includes the version number of the particular JAVA Applet constituting the backup and store processing system running on the SIM
card 8. The maximum number of EFAMI records which may be stored on the particular SIM card is also included, this number being useful as a check on the new numbers being entered via the web interface 279 or during a restore process to avoid these numbers exceeding the storage capabilities of the SIM card. Finally, the message will provide an indication of whether the backup system is switched "OFF" or "ON" as indicated by the backup system flags stored in flag table 54 as will be described in more detail later. It will be appreciated that, where applicable, further or less information may be included in the outgoing message during this initialisation process.
In step S809, a counter for counting the number of status commands received from the phone since a server configuration message was sent is set in the counters store 48a in the RAM 48. The server configuration message is then assembled in the short message assembler 26 in the mobile phone 7 and transmitted to the data backup service centre 3 in step S810. It will be appreciated that whilst the backup process is still in an "initial" state, as indicated in Figure 2 it is still possible to transmit server conf guration messages to the backup server 3. As indicated in step S815, the
procedure at the SIM card 8 then stops whilst waiting for the receipt of a server configuration acknowledgement message.
Referring now to Figure 10, this figure illustrates the processes performed at the SIM card 8 during the initialisation procedure whilst the SIM card is waiting for an incoming server configuration acknowledgement message in response to the server configuration message transmitted in step S814. As indicated above, the SIM card backup service processing is prompted by the receipt of status command polling signals which are periodically produced by the clock 28 on the mobile phone 7. Assuming that the outstanding server configuration acknowledgement message is not received first, on receipt of the next status command signal in step S901, in step S902 the timer counter set in the SIM card RAM 48 in step S809 which counts the number of status events which have occurred since the server configuration message was sent in step S810 is compared to a "timeout" value. If the counter does not exceed the timeout value, in step S903 the counter is incremented. If it is determined that the counter does exceed the time value, in step S904 the counter is reset and a new server configuration message is sent to the backup service centre server 3 duplicating
the contents of the server configuration message transmitted in step S814. In either case, the backup service at the SIM card then stops in step S906 waiting for the server configuration acknowledgement message to be received from the backup service server 3 or the next status command, whichever is the next event.
Referring now again to Figure 5, at the data backup service server 3 the incoming server configuration message is passed through a message publisher 76 where it is determined from the Protocol Identifier (PID) at the beginning of the payload to be a con iguration message and passed to the configuration message manager 93. From here the data is passed through the input/output message queue 78 to the SIM to server configuration data bean 85 which extracts the SIMSeed, the backup service software version number and the backup status together with information indicative of the user and the particular SIM card identity. This data is then passed through the configuration manager bean which controls the storing of the data within the configuration data store 87. The configuration data bean 91 then prompts the SIM to server configuration acknowledgement message bean 95 to produce a SIM configuration acknowledgement message which is stored in the outbound message queue 78 pending being
passed through a protocol adapter 77 to be transmitted via the data input/outbound system 75 as in a short message including a PID indicating that the message is a server configuration acknowledgement message.
Referring now to Figure 11, on receipt of the incoming backup service configuration acknowledgement message, in step SlOOl the backup service at the SIM card determines whether a MESSAGE flag set in the flag table 54 in the SIM card backup and restore service files 49 indicates that there is already a message in the APDU buffer 32a waiting to be dealt with by the backup service. If so, the new incoming message is ignored as the backup service can only deal with one incoming message at a time. The service then passes to step S1003 in which the SIM card waits for the server configuration acknowledgement message to be resent by the backup service centre server 3.
However, if in step SlOOl it is determined by the absence of a MESSAGE flag that there is no pending message in the APDU buffer 32a, in step S1005, the MESSAGE flag in the flag table 54 is set and a copy of the acknowledgement message is copied into the inbound message buffer 57.
In step S1006, the incoming server configuration acknowledgement message is interrogated to determine whether the SIMSeed included in the message is equal to the value of the SIMSeed stored in the system variable table 56. If the SIMSeed value does not correspond, the processing passes to step S1003 and the message is again ignored.
If the SIMSeed in the message does correspond to the stored SIMSeed, the processing passes to step S1007 in which the value of the protocol identifier in the incoming message and a variable indicating the type of message is recorded in the system variable table 56 is determined. In step S1008, the value is evaluated to determine whether the incoming message is the expected server configuration acknowledgement message in step S1008. If the incoming message is not the expected server configuration acknowledgement message, the processing again passes to step S1003. However, if the incoming message is the expected server configuration acknowledgement message, in step S1009 it is determined from the contents of the message whether the server 3 has produced a satisfactory server configuration acknowledgement message that the appropriate configuration data has been entered in the configuration
data store 83 at the backup service centre server 3.
If the message is not satisfactory, it is assumed that the further configuration message must be resent. This will happen automatically on receipt of the next status command signal in accordance with step S901, as illustrated in Figure 10. However, if the result is satisfactory, the variable indicating that the SIM card has a SIMSeed in the state system state table 51, the appropriate variable in the backup and restore service files 49 is set indicating that the SIM card has a SIMSeed in step S1010.
In step S1011, the SWPENDING flag in flag table 54 indicating that the application is waiting for a server configuration acknowledgement message is reset and in step SI012, the timer count in the counter 48a in RAM 48 of the number of status events occurring since a server configuration message was sent which was set in step S812, or was incremented in step S903, is reset to zero.
In step S1013, the state of the backup service as recorded in system state table 51 is changed to
"processing" and the backup service state at the SIM card passes to the "processing" state as indicated in Figure
SUBSEQUENT PROCESSING
It will be appreciated that during subsequent use of the backup service each message transmitted between the mobile station 1 and the data backup service server 3, or between the data backup service server 3 and the mobile station 1, will include the SIMSeed generated during the initialisation procedure. Thus for each incoming backup service message, the appropriate SIM card or server 3 will undergo the process of checking the SIMSeed as described in step SI006 above.
During further use of the backup service after initialization, the backup service will have to deal with a number of pending actions to be completed within the processing time set between each pair of status command signals. The way in which the system deals with this will now be described with reference to Figure 12.
On receipt of each polling signal, i.e. status command, received from the mobile phone 8, the backup and restore processing unit 45 will determine from the state of the flags in the flags table 54 what actions are
pending and process these in the following order:
i) any configuration acknowledgement or restore acknowledgement messages to be sent resulting in the ACK flag being set will cause the pending configuration or restore messages to be assembled and transmitted; ii) any incoming SIM configuration processing, restore processing, backup acknowledgement message processing or server configuration acknowledgement processing to be performed as causing the MESSAGE flag to be set will then be processed.
Alternatively, there may be configuration acknowledgement messages or restore acknowledgement messages to be generated, these then generating an
ACK flag to be sent after the subsequent status command signal is received; iii) any SWPENDING flag that has been set indicating that the backup service configuration messages are awaited, the counter set in step S812 having exceeded the timeout value will cause the server configuration message to be resent; iv) any ACKPENDING flag that has been set will cause the last backup messages to be resent after a backup timeout interval has elapsed;
v) any BACKUP flag indicating a backup message is waiting to be sent will cause a backup message to be sent.
If none of the above events are pending, as indicated by the status of the associated flag, the processing will proceed with idle processing, in which backup messages are generated and stored, or the ADN files are investigated for changes as will now be described in more detail.
It will be appreciated that the number of times server configuration or backup messages are resent may be set with counters in the counter store 101 keeping a record of how many times such messages are resent.
It will also be appreciated that whilst Figure 12 illustrates a particular processing hierarchy, as described in paragraphs i) to v) above, a different hierarchy may be chosen in which, for example, backup message transmission has a higher priority.
IDLE PROCESSING
In idle processing, each record in the EFADN file is
sequentially read during the time available and the checksum for each entry calculated and compared with the checksum records 52.
Figure 13 illustrates the form of the EFADN data stored in the EFADN file 36, whilst Figure 14 illustrates the corresponding checksum values for each ADN record entry and Figure 15 illustrates the corresponding state variables 53. An index is shown pointing to ADN Record 3, the value of this index being stored in the indices 48a in RAM 48. During the idle processing, the current checksum value is calculated, for example the checksum for ADN Record 3. This calculated checksum is compared to the checksum for Record 3 in the stored checksums 52 shown in Figure 14. If the new checksum is the same as the recorded checksums 52, the State Record 3 is set as "BACKED UP" in the state table 53. If on the other hand the calculated and recorded checksums are different, the state for Record 3 is recorded as "NEED TO BE BACKED UP" in the state variables 53 as indicated in Figure 15.
SIM CARD: INCOMING SMS MESSAGES
The system is arranged such that the data in the incoming message is copied into a safe buffer in order to
process the data. This avoids data which is being processed being overwritten by a subsequent incoming short message.
Turning now to Figure 16, this figure illustrates the storage of an incoming SMS message in the inbound message buffer 57.
The incoming message is held in the R-APDU buffer 32a and copied, the copy being transferred to the inbound message buffer 57. This enables the backup and restore processing unit 41 to check the message before deleting the message in the R-APDU buffer 32a. The system is arranged such that only one incoming message will be dealt with at any one time. The size of the inbound message buffer 57 will be at least 140 bytes long in order to store a complete class 2 SMS incoming message.
A flag is set in the flag table 54 indicating whether any message is waiting in the R-APDU buffer 32a, in which case the backup service will ignore any subsequent message until the pending message is dealt with. The PID protocol identifier at the beginning of the payload for the message is checked against the message type data in the system variables table 56 to
determine whether the message is a restore message, a configuration message from the backup service centre, or an acknowledgement message.
However, the system may be arranged such that the
PID identifier is read whilst in the first APDU buffer 32a where an incoming message is determined from the protocol identifier to have a higher priority than a message currently being processed in the second buffer, the processing of the current message is aborted and the data in the second buffer 57 is overwritten by the data in the APDU buffer 32a.
During processing of the message in the buffer 57, the number of records included in the message (where the message is a restore message) is recorded in the system variables table 56 and during the restoration process the record index stored in the index table 55 is used to identify the current record being read.
SIM CARD: OUTGOING MESSAGES
Turning now to Figures 17 to 19, these figures illustrate respectively the form of the backup message outgoing queue stored in buffer 58, the restore
acknowledgement message and con iguration acknowledgement message outbound buffer 59 and the server configuration message outbound buffer 60. Each buffer will typically have a size of 140 bytes corresponding to the length of the payload of an SMS message. A single buffer may be used for restore acknowledgement messages and configuration acknowledgement messages as only one incoming restore message or SIM configuration message can be received at any one time.
In Figure 17, the arrow pointing to Record 1 is a record index in the backup outbound message queue indicating which EFADN record is being added to the message at any one time. As explained above, this index will be held in the indices store 48a in RAM 48.
The arrows pointing to Record 1 in Figures 18 and 19 are respectively a record index in the restore/SIM configuration acknowledgement message queue or the server configuration message queue. As explained above, these indices will be held in the indices store 56 in the EEPROM 35.
The server conf guration message stored in buffer 60 will generally be used to send backup service "ON" or
"OFF" instructions to the data backup service server 3 as instructed by a user using a menu as will now be described.
MENU SELECTION
As indicated above, the user is able to switch the backup service "ON" and "OFF". This is achieved by means of a menu of the type shown in Figure 20 which may be displayed on the display of the mobile phone by means of appropriate keyboard input signals. The user is able to select whether the backup service is to be switched "ON" or "OFF".
Figure 21 illustrates the processing performed when the backup "ON" is selected on the menu shown in Figure 20. In order to avoid sending an unnecessary message to the backup service server 3, in step S2001 the backup and restore processing unit 41 checks the existing state of the backup process as set in the system state variables 51. If the variable indicating the backup service is already switched "ON", the menu select "Backup ON" processing terminates. However, if the backup service state variable indicates that the backup service was not already switched "ON", in step S2002 a server
configuration message indicating that the backup service is to be switched "ON" is formatted. This message will contain an indication of the version of the backup service software which is currently running on the SIM card, this information being read out of the file 100 including an indication of the backup service software version stored on the EEPROM 35.
In step S2003, the SWPENDING flag indicating that the SIM card is waiting for the backup service configuration acknowledgement message from the backup service server 3 is set in the flag table 54.
In step S2004, a counter in the counters 48b in the RAM 48 indicating the number of status events which have occurred since the last server configuration message was sent is reset to zero and in step S2005 the server configuration message is sent. The processing then pauses waiting for the incoming server configuration acknowledgement message to be received from the server 3.
It will be appreciated that it is a particular feature of the menu that the version of the software constituting the backup service is transmitted to the server such that the server knows the capability of the
SIM card, such as any encryption capability, compression capability, etc.
Turning now to Figure 22, this figure illustrates the selection of the backup service "OFF" option on the menu shown in Figure 20. As in the selection of backup service "ON", the first step S2101 is a check as to whether the backup service is already switched "OFF" to avoid sending an unnecessary message to the server by interrogation of the system state variables 51. Assuming that the backup service was already switched "ON", in step S2102 any acknowledgement pending flags in the flags stored in the flags store 54 are cleared and in step S2103 the JAVA Applet 41 controlling the backup service is switched "OFF".
In step S2104, a SIM to server configuration message is formatted and in step S2105 the flag for a SIM to backup service configuration acknowledgement message pending is set.
In step S2106, the counter in the counters 48a in
RAM 48 which counts the number of status events received from the mobile phone since a server configuration message was last sent is reset to zero and in step S2107
the SIM to server configuration message is sent. The processing then stops, awaiting the acknowledgement message from the server 3.
It will be appreciated that even though the backup service may be switched "OFF" at the SIM card, at the server side the server, whilst recording the change of system state at the SIM, will still be able to provide some processing, for example, calculation of any billing relating to the particular user's use of the backup service .
In order to avoid sending an unnecessary message to the backup service server 3, the backup and restore processing unit 41 checks the existing state of the backup process as set in the system state variables 51 before causing a flag to be set to cause a server configuration message to be sent to the backup service server 3.
Thus when the user switches the backup service "OFF", assuming that the backup service was not already "OFF", a backup server configuration message will be sent to the backup service server 3. Even if the backup functionality is "OFF", during idle processing as
described above the system will still scan all the EFADN entries and detect any changes, but will not send any messages to the backup service server 3.
The menu shown in Figure 20 also includes a "Backup
Status" function, which enables the user to determine whether all the current ADN data has been backed up. It will be appreciated that the user may also interrogate the backup system via the web interface 83 at the backup service server 3, in particular the current data stored in the phone book data store 85, the subscriber data store and the configuration data store 87.
NON-AUTOMATIC BACKUP OPTION
It will be appreciated that whilst in the embodiment described above, backup of new ADN data entered by the user is automatic after the user has entered new ADN data on the SIM card, in some circumstances it is advantageous for the backup to be at the discretion of the user. In such a case, the backup and restore applet may have an option, which may be selected by the user menu, which, for example, causes the user to be notified by a message on the screen of the mobile phone as to how many EFADN records have changed, the user being asked if he/she
wishes to backup the data. Alternatively, the number of changed records may be counted and only after a predetermined number of records have changed, is the user notified. The system may also be arranged to wait for a number of data changes, then automatically to backup the data, the user having the option of how often any changes to the data are backed up, or for how long a period the system should wait before assembling a backup message.
ALTERNATIVE SIGNALLING SYSTEM CONFIGURATIONS
For messages from the backup data service centre 3 to the mobile stations 1, the Short Message Service will usually be the class 2 message service, that is where the Short Messages are not displayed on the display of the mobile phone. However the class 1 message service may be used where appropriate signals are transmitted to avoid the display of incoming Short Messages on the display where the display of such signals is not required. For messages from the mobile stations 1 to the backup data service centre 3, the message class is not restricted in any way and will generally be class 1 messages.
It will be appreciated that the data backup service server 3 may actually be located at the short message
short centre 6 and thus the short message service centre 6 may interact directly with the protocol adapters 77 at the data backup service server 3 as shown in Figure 5. Whilst the backup of data using the Short Message service as the transfer means for transmission of data between the mobile station and the public land mobile network 5 is particularly convenient as, at present, use of the Class 2 Short Message Service (i.e. Short Messages which are not displayed on the display of the mobile phone) is free to the user, it will be appreciated that there are other ways in which the data may be communicated between the mobile station 1 and the data backup service centre 3, In particular, the transfer may take place by means of transfer of unstructured supplementary service data (USSD) or IP signals transmitted via the Internet. Alternatively, data packet switching may be used.
It will also be appreciated that whilst the invention is particularly appropriate to the backup of abbreviated dialling number data on a SIM card (or R-UIM chip) in a mobile phone, a system in accordance with the invention may also be used to backup other data, particularly on a number of mobile stations. This may be other data stored on either the SIM card or within the mobile phone within the mobile stations. Alternatively,
the data backup/restore service may be used to backup and restore other data, for example within a personal computer or a personal data apparatus. Furthermore, the backup data may be used for a number of applications, for example, central download of business telephone numbers.
It will also be appreciated that whilst in the particular embodiment described the data to be backed up is determined by recalculating the checksums for the data to be backed up, the data to be backed up may be identified in other ways. For example, the data to be backed up may be identified when amendments to the data are entered via the keyboard of the phone via appropriate signals transmitted to the SIM card.