WO1999018692A1 - Procede d'echange de donnees cryptees par un reseau de communication, procede correspondant de stockage et de gestion des cles de cryptage utilisees et module stockant ces cles de cryptage - Google Patents

Procede d'echange de donnees cryptees par un reseau de communication, procede correspondant de stockage et de gestion des cles de cryptage utilisees et module stockant ces cles de cryptage Download PDF

Info

Publication number
WO1999018692A1
WO1999018692A1 PCT/EP1998/005906 EP9805906W WO9918692A1 WO 1999018692 A1 WO1999018692 A1 WO 1999018692A1 EP 9805906 W EP9805906 W EP 9805906W WO 9918692 A1 WO9918692 A1 WO 9918692A1
Authority
WO
WIPO (PCT)
Prior art keywords
array
segments
encryption keys
module
value
Prior art date
Application number
PCT/EP1998/005906
Other languages
English (en)
Inventor
Andreas Martschitsch
Rudolf Ritter
Original Assignee
Swisscom Ag
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Swisscom Ag filed Critical Swisscom Ag
Priority to AU97446/98A priority Critical patent/AU9744698A/en
Publication of WO1999018692A1 publication Critical patent/WO1999018692A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless

Definitions

  • the present invention relates to a method for exchanging encrypted data via a communication network and to a corresponding method for storing and managing the encryption keys used.
  • the present invention relates to a method for exchanging encrypted data between value-added providers and their users via a communication network, such as a cellular radio network, e.g. the GSM-network, and to a corresponding method for storing and managing the encryption keys, used by a value-added provider for the end-to- end encryption of the exchanged data, the value of a particular encryption key being unknown to a key-assignment administrator.
  • GSM Global System for Mobile Communication
  • SIM subscriber identity module
  • GSM 03.20 concerning security-related network functions
  • GSM 03.21 concerning security-related algorithms.
  • GSM further provides for confidentiality of the signaling data and user data, exchanged via the radio path between the mobile station and a base station.
  • the SIM contains a ciphering key generating algorithm, which is used to compute a ciphering key based on a random number, received during the authentication process, and based on an individual subscriber identification key stored in the SIM.
  • the ciphering key is calculated in the SIM and by the GSM network and may be used for encryption and decryption of data exchanged via the radio path.
  • the data is encrypted and decrypted by means of a stream cipher algorithm, which is implemented on the mobile station, outside the SIM.
  • a value-added provider has no guarantee that data exchanged with his users is kept private in the remaining portions of the communication network, for instance, it is kept private from the operator of the communication network.
  • value-added providers using the communication network prefer their own private encryption keys. Consequently, this means that users in the communication network need to be provided with means to decrypt data from numerous value-added providers in the communication network.
  • these objects are achieved according to the invention in that at least one segment of the secret encryption key used to encrypt the exchanged data is stored in a secret array unknown to the value-added providers and their users, and in that a pointer to these segments in this array is concatenated with the encrypted data being exchanged.
  • This is advantageous because an encryption key can be specified via the communication network without transmitting the encryption key itself.
  • compact sets of encryption keys are prepared by a trusted third party filling said array with equally sized segments of said encryption keys, in that at least one encryption key is assigned to a value-added provider by a key- assignment administrator communicating pointers to the trusted third party, each specifying a different set of array elements, and in that the values of the assigned encryption keys are determined by the trusted third party assembling the segments contained in the set of array elements specified by the pointer, so that a different encryption key is assembled for each one of the specified sets of array elements.
  • different sets of encryption keys are prepared in different respective arrays for a plurality of different module manufacturers.
  • the different arrays are transmitted securely to the respective module manufacturers, where they are stored by these module manufacturers in the memory of a plurality of modules. Consequently, a different encryption key is assembled by the trusted third party from the array of each module manufacturer, by assembling the segments from each of the respective arrays according to the specified set of array elements.
  • each of the segments stored in the array is of equal size, and comprises at least two digits of an encryption key, so that with reference to one array element more than one digit of an encryption key can be identified.
  • the array is organized as a two-dimensional array, the number of elements in one of its dimensions being equal to the base of the number system of the digits of the encryption keys.
  • This has the advantage that the full value range of a digit of a pointer of the same number system as the encryption keys can be efficiently used to indicate the positions of elements in that dimension of the array.
  • the pointers each comprise a series of digits, the positions and values of which indicating an element's position in the array.
  • This has the advantage that the value of a digit of the pointer can be used to specify the position of an array element in one direction of the array, and the position of a digit within the pointer can be used to specify the position of the array element in the other direction of the array.
  • the value of each of its digits can be used to specify the positions of multiple elements in the array, the free choice of segments for an encryption key being thereby restricted, however.
  • certain or all array elements are preferably used only once as segments of only one encryption key. In order to increase the number of available encryption keys, certain array elements are preferably used as segments of multiple encryption keys, thus reducing the security of these encryption keys.
  • the arrays are preferably stored in the memory of modules, these modules being insertable in a removable fashion into terminal equipment connected to a communication network.
  • Said modules preferably further comprise processing means to determine the encryption key used by a particular value-added provider to encrypt data transmitted via the communication network, by using the pointer concatenated with the encrypted data being exchanged.
  • Fig. 1 shows a block diagram illustrating the information exchange between a trusted third party, a key-assignment administrator, a module manufacturer, and a value-added provider.
  • Fig. 2 shows an example of an array with examples of segments of encryption keys and corresponding encryption keys and pointers.
  • Fig. 3 shows an example of a data string exchanged between a value-added provider and its users.
  • the reference number 1 in Fig. 1 indicates a trusted third party (TTP) who is responsible for preparing compact sets S A , S B of encryption keys K A ⁇ - K An , respectively K B ⁇ -K Bn , which are used by value-added providers 2 to encrypt/decrypt data exchanged with their users via a communication network, particularly a mobile telephone network, for instance a GSM, a DCS, or a UMTS network.
  • TTP trusted third party
  • the encryption keys K A ,, K Aj , K B illustrated in Fig 2 are typically composed of a series of digits of a certain number system, for instance hexadecimal, and have a predefined length, for instance sixteen hexadecimal digits stored in eight consecutive bytes, b1 -b8, b1 being the first byte and b8 being the last byte They can be created, for instance, by random number generators appropriate for this purpose, which are known to a person skilled in the art
  • a whole encryption key K B can be created as one unit, the segments b1 -b8 of an encryption key K B , can be created one at a time, or a whole array S A can be created at once, as illustrated in Fig 2 and corresponding to the set S A of encryption keys K A ⁇ -K An shown in Fig 1 , filled with segments b1 -b8 of numerous encryption keys K A ⁇ -K An
  • Segments of the encryption keys KA I -KA ⁇ are stored in an array S A , unless of course, they have already been created in this array S A , as described above
  • Storing segments with two digits of an encryption key K A ⁇ -K An in one element of the array S A has the advantage that with a reference to one array element, two digits of an encryption key K A ⁇ -K An can be specified
  • segments of more than two digits of an encryption key K A ⁇ -K An are stored in the elements of an array
  • the array S A is preferably organized as a two dimensional array SA with the number of elements in one of its dimensions, i e the number of rows or the number of columns, being equal to the base of the number system of the encryption keys K A i-K An , in this example an array S A with sixteen rows
  • there are sixteen rows in the array S A corresponding to sixteen possible values of a hexadecimal digit of a pointer K,, K,
  • the number of elements in the second dimension of the two dimensional array S A is chosen based on the length of the encryption keys K A ⁇ -K An , the number of different encryption keys KAI-KA ⁇ to be stored in the array S A , and also the amount of memory space that is available to store the resulting array S A .
  • the number of rows could also be simply a result of choosing an overall size of the array S A , according to criteria set by a person skilled in the art, for instance a size that is practical as a standard record in a file. In our example, illustrated in Fig.
  • an encryption key K AI -K A ⁇ having a key length of eight-bytes, and an array S A , having sixteen rows, sixty-four different segments b1-b8 of one byte can be stored in four columns, or in an array S A of sixty-four bytes.
  • an encryption key K Al illustrated in Fig. 2
  • a corresponding pointer K could be composed in such a fashion that each of its bytes corresponds to a column, the value of each digit in these bytes indicating the row number of an element in the corresponding column.
  • the first byte of K Al with the value 'A1 ', would be represented by the first digit of the first byte of the pointer K, having the value '1 ', thus pointing to the segment 'A1 ' in row r1 of column d .
  • the second byte of K Al with the value 'A2', would be represented by the second digit of the first byte of the pointer K, having the value '2', thus pointing to the segment 'A2' in row r2 of column d .
  • the second byte of the pointer K would refer to elements in column c2
  • the third and fourth bytes of the pointer K would refer to elements in columns c3 and c4, respectively.
  • an encryption key K A of eight-bytes can be represented by a pointer K, with four bytes pointing to eight segments in the array S A .
  • one digit of a pointer could be used to point to multiple array elements.
  • the first digit of the pointer K having the value 'A', points to the elements at rows rA and rB of column d .
  • the second digit of the pointer K j having the value ⁇ ', points to the elements at rows rE and rF of column c2.
  • the third and fourth digits of the pointer K j would refer to elements in columns c3 and c4, respectively.
  • an encryption key K Aj of eight-bytes can be represented by a pointer K j with two bytes pointing to eight segments in the array S A .
  • a pointer of just one byte could point to all the elements in two rows of the array S A .
  • twice as many equal segments b1 -b8 could be stored in an array with sixteen rows and eight columns.
  • an encryption key K B ⁇ with eight segments b1 -b8, with one byte each could be represented by a four byte pointer, each one of its eight digits pointing to a respective element in the row corresponding to the value of the digit and in the column corresponding to the position of the digit within the pointer.
  • a trusted third party (TTP) 1 is responsible for preparing the compact sets S A , S B of encryption keys M-K A ⁇ , respectively K B i-K Bn , which are used by value-added providers (VAP) 2 to encrypt/decrypt data exchanged with their users
  • encryption keys are assigned to a VAP 2 by a key-assignment administrator 5, who is kept unaware of the particular value of the assigned encryption key
  • the key-assignment administrator 5 assigns an encryption key K Al , illustrated in Fig 2, to a VAP 2 by selecting a pointer K, which has not yet been assigned
  • he is preferably provided with a key selection software program which has access to a database 51 where, for instance, assignments of pointers to VAP's 2 are being logged for specific TTP's 1
  • the key selection software program shows for a particular TTP 1 the pointers K,, K, to the array S A that are still unassigned
  • the key selection software program can, for a particular TTP 1 the
  • Respective key selection software programs can be implemented easily by a person skilled in the art
  • the assignment of a pointer K, to a VAP 2 is communicated by the key-assignment administrator 5, as indicated by arrow 9, to the respective TTP 1
  • the TTP 1 prepares compact sets S A , S B of encryption keys KAI-K A ⁇ , respectively K B ⁇ -K Bn , the different sets S A , S B preferably being transmitted securely to different module manufacturers 3 and 4, respectively, as is indicated by the arrows 7 and 8, respectively, where they are stored safely in the corresponding arrays S' A and S'B, respectively.
  • the module manufacturers 3 and 4 embed their arrays S' A and S' B securely into their respective modules, for instance an identification card such as the SIM- card used in mobile equipment, for example in mobile telephones, laptop-, or palmtop computers. This is done in a fashion known to a person skilled in the art, so that the arrays S' A and S' B cannot be read from the modules by their users.
  • the arrays S' A and S'B are loaded into the modules by means of special short messages, such as SMS short messages or as USSD data, transmitted, for instance by the trusted third party 1 , via the communication network to the user's terminal equipment, where it is received and handled by special services implemented in the module according to the SICAP method, described in EP 689 368 B1 , or according to a similar method.
  • special short messages such as SMS short messages or as USSD data
  • SMS short messages or as USSD data transmitted, for instance by the trusted third party 1 , via the communication network to the user's terminal equipment, where it is received and handled by special services implemented in the module according to the SICAP method, described in EP 689 368 B1 , or according to a similar method.
  • This latter variant could be executed at the time of personalization of the module or at the time when a user subscribes to or uses the services of a respective VAP 2 for the first time.
  • the pointer K is used by the TTP 1 , preferably by means of the mentioned key assembly software program, to assemble the corresponding segments b1-b8 stored in the arrays S A and S B , assigned to the respective module manufacturers 3 and 4.
  • the resulting encryption key K Al composed of segments stored in the elements of the array S A corresponding to the pointer K
  • the encryption key K Bl composed of segments stored in the elements of the array S B corresponding to the pointer K
  • the VAP 2 securely stores, for instance in a protected database 21 , the received encryption keys KA, and K Bl , for use with users equipped with modules manufactured by module manufacturer 3 and 4, respectively, together with the pointer K,.
  • End-to-end encryption of user data exchanged between a VAP 2 and its users is achieved in that the communication software installed at the VAP 2, having access to the encryption keys K Al and K B , and the corresponding pointer K, encrypts user data by means of an encryption algorithm, for instance the Digital Encryption Standard (DES) or any other algorithm found suitable by a person skilled in the art, and by using the appropriate encryption keys K A , or K Bl for communicating with users equipped with modules manufactured by the manufacturer 3 or 4, respectively
  • the encrypted user data 104 is concatenated with a field 102, containing the pointer K,, an optional field 103, indicating the length, i e the number of bytes, of the encrypted user data 104, and an optional field 101 , identifying the algorithm used to encrypt the user data and identifying the trusted third party 1 responsible for the encryption keys used
  • the data 10 is received by the respective user's terminal equipment connected to the network, for instance a mobile telephone, a palmtop- or laptop computer Special software in the terminal equipment, either implemented as part of the terminal equipment or as part of a module inserted in a removable fashion in the terminal equipment, for instance an identification card, e g a SIM-card, determines the algorithm used to encrypt the user data, the trusted third party 1 responsible for the encryption keys used, the pointer K, to the particular encryption key used, and the number of bytes of encrypted user data from the values in the separate respective fields 101 , 102, and 103 of the received data 10 Based on the pointer K, the encryption key K Al or K B , IS assembled from the segments b1-b8 stored in the corresponding elements of the array S' A or S' B , which are securely stored in the module manufactured by the module manufacturer 3 or 4, respectively
  • the encrypted user data 104 in the received data 10 is then decrypted, using the assembled encryption key K A , or K Bl , by means
  • data will be encrypted by the terminal equipment, either by an appropriate program in the module or as part of the terminal equipment itself, using the same algorithm and encryption key as used by the VAP 2, and by structuring the data preferably in the same fashion as it was received from the VAP 2.
  • the communication software implemented at the VAP 2 will consequently handle the data received from a user in a similar fashion as described above; however, it will not have to assemble the encryption keys K AI or K Bi as they are stored in the database 21 , accessible to the communication software.
  • the VAP 2 In order for the VAP 2 to select the encryption key K A ⁇ or K Bi , it must be provided with information concerning the identity of the manufacturer of the modules 3 or 4 used in the users terminal equipment. This information can be obtained by polling respective information off the module, inserted in the terminal equipment of the user, by means of special messages via the communication network (for instance according to the SICAP method, described in EP 689 368 B1 , or according to a similar method) or by making a respective inquiry via the communication network to the network operator, or by keeping respective information in a local database accessible to the VAP 2.
  • segments b1-b8 of an encryption key K A ⁇ , K B ⁇ are represented by the pointer exchanged via the communication network, it should be noted that it is thoroughly possible to have only some or one segment of an encryption key represented by the exchanged pointer. In such an approach, the remaining portion of an encryption key could be securely stored in the memory of the module, or it could be exchanged together with the encrypted data. It should also be stated that the segments do not need to be of equal size.
  • the encryption keys used for the encryption of data exchanged during a session between a VAP 2 and a user can be changed during this session. This will be transparent to the receiving end, as there will simply be another pointer in the corresponding field 102 concatenated with the encrypted data 104, based on which the new encryption key, to be used for the decryption of the data 104, can easily be determined as described above.
  • encryption keys can be assigned and communicated to VAP's 2 for a fee, which may depend on the security of the particular key.
  • a VAP 2 may also be provided with multiple keys from one array. In a scenario where multiple arrays are required in the same module, it is possible to distinguish these arrays by means of corresponding array identifiers, which would be communicated to a VAP 2 together with the corresponding encryption key and pointer. Furthermore, these identifiers would be included in the transmitted data, so that at the receiving end the encryption keys could be determined from the corresponding array, as described above.

Abstract

L'invention concerne un procédé d'échange de données cryptées entre des fournisseurs (2) à valeur ajoutée et leurs utilisateurs par un réseau de communication et le procédé correspondant de stockage et de gestion des clés de cryptage (KAi, KAj, KBi) utilisées pour coder les données échangées, des segments (b1-b8) de la clé de crytage secrète (KAi, KAj, KBi) étant stockés dans un réseau secret (S'A, S'B) inconnu des fournisseurs (2) à valeur ajoutée et de leurs utilisateurs, et un pointeur (Ki) de ces segments dans ce réseau (S'A, S'B) étant concaténé avec les données cryptées (104) échangées. L'invention concerne également la préparation d'ensembles compacts (SA, SB) de clés de crytpage (KA1-KAn, KB1-KBn) par un tiers de confiance (1) remplissant les réseaux (SA, SB) de segments (b1-b8) de clés de cryptage, l'affectation de clés de cryptage (KAi, KBi) à des fournisseurs (2) à valeur ajoutée par un administrateur (5) d'affectation de clés communiquant les pointeurs (Ki) au tiers de confiance (1), ainsi que l'assemblage des clés de cryptage affectées (KAi, KBi) par le tiers de confiance (1).
PCT/EP1998/005906 1997-10-07 1998-09-16 Procede d'echange de donnees cryptees par un reseau de communication, procede correspondant de stockage et de gestion des cles de cryptage utilisees et module stockant ces cles de cryptage WO1999018692A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU97446/98A AU9744698A (en) 1997-10-07 1998-09-16 Method for exchanging encrypted data via a communication network, corresponding method for storing and managing the encryption keys used, and module storing these encryption keys

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US6131397P 1997-10-07 1997-10-07
US60/061,313 1997-10-07
EP98810398.2 1998-05-04
EP98810398 1998-05-04

Publications (1)

Publication Number Publication Date
WO1999018692A1 true WO1999018692A1 (fr) 1999-04-15

Family

ID=26151917

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP1998/005906 WO1999018692A1 (fr) 1997-10-07 1998-09-16 Procede d'echange de donnees cryptees par un reseau de communication, procede correspondant de stockage et de gestion des cles de cryptage utilisees et module stockant ces cles de cryptage

Country Status (2)

Country Link
AU (1) AU9744698A (fr)
WO (1) WO1999018692A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2007121587A1 (fr) * 2006-04-25 2007-11-01 Stephen Laurence Boren Systeme à clé distribuée dynamique et procédé de gestion d'identité, d'authentification de serveurs, de sécurité de données et de prévention d'attaques de l'homme du milieu

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2681165A1 (fr) * 1991-09-05 1993-03-12 Gemplus Card Int Procede de transmission d'information confidentielle entre deux cartes a puces.
US5574785A (en) * 1994-05-31 1996-11-12 Fujitsu Limited Enciphered communication system
WO1997016902A2 (fr) * 1995-11-02 1997-05-09 Tri-Strata Security, Inc. Procedes et systemes unifies presentant une securite de bout en bout et servant a une exploitation sur des reseaux non surs
WO1997024831A1 (fr) * 1995-12-29 1997-07-10 Mci Communications Corporation Distribution de cles de chiffrement multiples
WO1998020645A2 (fr) * 1996-11-05 1998-05-14 Tri-Strata Security, Inc. Systemes et procedes ameliores d'architecture de securite a triple signature

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2681165A1 (fr) * 1991-09-05 1993-03-12 Gemplus Card Int Procede de transmission d'information confidentielle entre deux cartes a puces.
US5574785A (en) * 1994-05-31 1996-11-12 Fujitsu Limited Enciphered communication system
WO1997016902A2 (fr) * 1995-11-02 1997-05-09 Tri-Strata Security, Inc. Procedes et systemes unifies presentant une securite de bout en bout et servant a une exploitation sur des reseaux non surs
WO1997024831A1 (fr) * 1995-12-29 1997-07-10 Mci Communications Corporation Distribution de cles de chiffrement multiples
WO1998020645A2 (fr) * 1996-11-05 1998-05-14 Tri-Strata Security, Inc. Systemes et procedes ameliores d'architecture de securite a triple signature

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
TSUROMU MATSUMOTO: "INCIDENCE STRUCTURES FOR KEY SHARING - EXTENDED ABSTRACTS -", ADVANCES IN CRYPTOLOGY - ASIACRYPT '94, 4TH. INTERNATIONAL CONFERENCE ON THE THEORY AND APPLICATIONS OF CRYPTOLOGY, WOLLONGONG, AUSTRALIA, NOV. 28 - DEC. 1, 1994 PROCEEDINGS, no. CONF. 4, 28 November 1994 (1994-11-28), PIEPRZYK J;SAFAVI-NAINI R (EDS ), pages 342 - 353, XP000527602 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2007121587A1 (fr) * 2006-04-25 2007-11-01 Stephen Laurence Boren Systeme à clé distribuée dynamique et procédé de gestion d'identité, d'authentification de serveurs, de sécurité de données et de prévention d'attaques de l'homme du milieu
US9166782B2 (en) 2006-04-25 2015-10-20 Stephen Laurence Boren Dynamic distributed key system and method for identity management, authentication servers, data security and preventing man-in-the-middle attacks

Also Published As

Publication number Publication date
AU9744698A (en) 1999-04-27

Similar Documents

Publication Publication Date Title
US5402490A (en) Process for improving public key authentication
KR102241255B1 (ko) 서버와 사용자 장비 사이의 통신을 관리하기 위한 방법
CN101035146B (zh) 无线通信设备,mac地址管理系统,无线通信方法和程序
US5249230A (en) Authentication system
EP1452027B1 (fr) Acces a un contenu de diffusion chiffre
US7296156B2 (en) System and method for SMS authentication
US4484025A (en) System for enciphering and deciphering data
US5889861A (en) Identity confidentiality method in radio communication system
US8265282B2 (en) Method of and system for secure management of data stored on electronic tags
US8254570B2 (en) Method and system for encryption of data
EP1048181B1 (fr) Procede et systeme de traitement de messages dans un systeme de telecommunications
US20080189550A1 (en) Secure Software Execution Such as for Use with a Cell Phone or Mobile Device
EP1495409B1 (fr) Procede et systeme de diffusion de donnees chiffrees dans un reseau mobile
US20120033814A1 (en) Short message service cipher
IL140367A (en) Device, system and method for secure communication and access control
EP1040630A1 (fr) Transmission de donnees
EP0781427B1 (fr) Reseau d'ordinateurs sur
US6611194B1 (en) Method for inserting a service key in a terminal and devices for implementing said method
CN102369686A (zh) 密钥信息管理方法、内容发送方法、密钥信息管理装置、许可管理装置、内容发送系统以及终端装置
WO1996008756A9 (fr) Reseau d'ordinateurs sur
US11128455B2 (en) Data encryption method and system using device authentication key
CN101223798A (zh) 安全模块中的订户身份模块能力的追溯实现
CN113228720A (zh) 用于确保大小受约束的认证协议中的安全附接的方法和装置
KR20180000220A (ko) 보안 메시지 서비스 제공 방법 및 이를 위한 장치
CN110008725A (zh) 一种用户结构化数据处理系统

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AL AM AT AT AU AZ BA BB BG BR BY CA CH CN CU CZ CZ DE DE DK DK EE EE ES FI FI GB GE GH GM HR HU ID IL IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SK SL TJ TM TR TT UA UG US UZ VN YU ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW SD SZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: KR

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: CA