WO2002030039A1 - Method for authenticating an electronic document - Google Patents
Method for authenticating an electronic document Download PDFInfo
- Publication number
- WO2002030039A1 WO2002030039A1 PCT/FR2001/003066 FR0103066W WO0230039A1 WO 2002030039 A1 WO2002030039 A1 WO 2002030039A1 FR 0103066 W FR0103066 W FR 0103066W WO 0230039 A1 WO0230039 A1 WO 0230039A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- electronic document
- authentication method
- document
- control device
- mobile telecommunication
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
Definitions
- the present invention relates generally to an electronic document authentication method. More particularly, the present invention relates to a method of authenticating an electronic document by means of a mobile telecommunication device and a control device. The present invention is applicable, inter alia, to access control by presentation of electronic document.
- Identifying people by entering and verifying a password, access code, fingerprint or other biometric feature is conventional. It is also known from the state of the art to use a mobile phone for transmitting or not identifying information securely. In addition, SAGEM has marketed a mobile phone equipped with a fingerprint sensor allowing the identification of its user. Recent developments in mobile telephony have made it possible to securely transmit data, particularly identification data. A secure data transmission protocol is promoted by WAP Forum, the WTLS (Wireless Transport Layer Security Specification), more specifically intended for mobile phones with few resources. At the same time, the Bluetooth communication protocol was the subject of a proposal to secure data transfer, a proposal described in a document entitled "Bluetooth Security Architecture vl.O- white paper) published on 15.7.1999.
- the SCHLUMBERGER company announced in November 1999 the release of a security module called WIM (Wap Identity Module) implemented in a SIM card and intended to secure transactions made from WAP mobile phones.
- WIM Wip Identity Module
- the BNP bank has been offering a home banking service since December 1999 with access from a NOKIA 71 10 mobile phone, the user being identified by their subscriber number and of his password.
- An object of the present invention is to provide a simple, automatic and universal method of authenticating electronic documents, in particular administrative documents in electronic form, which cannot be easily thwarted by falsifiers.
- a subsidiary object of the present invention is to propose an electronic document authentication method which makes it possible to verify in a secure manner if the bearer of the document is its legitimate owner.
- an electronic document having been established by a issuing authority and signed by means of a private key of said authority the method according to the invention comprises a step of transmitting the electronic document by means of a telecommunication device mobile to a control device followed by a step of verifying the authenticity of said document by the control device by means of a corresponding public key and a step of verifying the identity of the holder of the electronic document.
- said identity verification step comprises entering a biometric characteristic of the wearer and comparing it with a reference biometric characteristic.
- said identity verification step comprises a request for electronic signature of test information by said bearer, said test information varying with each request, as well as a step of verification of said signature. If the signature is obtained using a bearer's private key, signature verification is carried out using a corresponding public key.
- the test information can be time information or random information.
- said identification step is carried out by the mobile telecommunications device and the result, success or failure of the identity verification, is transmitted by the mobile telecommunications device to the control device.
- test information can be derived from a message transmitted beforehand by the control device to the mobile telecommunication device.
- signature verification step is carried out by the control device.
- the public key of the authority is transmitted with the electronic document by the mobile telecommunication device to the control device.
- the bearer's public key is certified by the authority and included in the electronic document.
- the public key of the authority can be supplied by the authority to the control device by means of a telecommunications network.
- the mobile telecommunication device is a mobile phone and the electronic document is stored in the SIM card of said phone.
- the mobile phone is provided with a smart card reader and the electronic document is then stored on a smart card.
- the invention is also defined by a method of controlling the access of a user of a mobile telecommunication device to a logical or physical resource comprising a step of authenticating an electronic document as described above.
- Fig. 1 schematically represents a method of authenticating an electronic document
- Fig. 2 schematically represents the authentication method of an electronic document, according to an embodiment of the invention
- Administrative documents can be of any type, the invention being in no way limited to a particular type of document.
- authentication can find application in controlling access to a physical resource (a local, an area, a country) or logical (information, for example) but also in outright control of administrative data (police control or administrative control when filling in an electronic form, for example).
- the administrative documents in question are signed by the issuing authority using a private key of a public key algorithm such as the RSA signature or the El Gamal signature.
- the signature can relate to the whole or part of the document or to the result of a hash of the document by a predefined hash function.
- the electronic document can be stored in the mobile telecommunication device itself, for example in the internal memory or the SIM card of a mobile phone or in an additional memory such as a smart card for example, the mobile telecommunication device integrating a card reader. Access to the administrative document may be protected by means of a password, an access code or a biometric characteristic.
- the document is advantageously downloaded from a server center managed by the authority empowered to deliver the document, either directly (by means of a radio or infrared link, for example) or indirectly through of a telecommunications operator, the operator then being responsible for identifying the bearer before transmitting the document to him.
- the administrative document authentication procedure implements a mobile telecommunication device and a control device, for example an access point.
- the document is presented at the request of the terminal or on the initiative of the bearer.
- the document is then transmitted from the mobile telecommunication device to the terminal and the latter verifies whether the document has been signed using the (or) private key of the authority using the (or a) corresponding public key.
- the public key or public keys of the authority or of the various authorized authorities are stored in a database or in a file at the terminal. Alternatively, they are transmitted via a telecommunications network from a server center of the authorized authority or by a server listing the public keys of the various authorized authorities. This embodiment allows easy updating of the keys generated by the authorities.
- the public key is contained in the electronic document itself, which allows direct authentication by the control device.
- the public key (s) can be provided in a form certified by a certification authority.
- the control device then verifies the certificate and then uses the public key to authenticate the document.
- the authentication of an administrative document is advantageously accompanied by the verification of the identity of the bearer.
- various identification possibilities are envisaged.
- the invention may in particular apply to border controls or police controls.
- the identification can be done by entering and analyzing a biometric characteristic of the wearer, his fingerprint or his iris for example and the comparison between the biometric characteristic entered and a reference characteristic stored in the mobile telecommunication device (SIM card, internal memory) or in an additional memory (smart card), included or not in the electronic document.
- SIM card mobile telecommunication device
- additional memory smart card
- the mobile telecommunication device or the control will then include a fingerprint reader or a camera allowing the entry of the corresponding characteristic.
- the entry is carried out at the level of the mobile telecommunication device and the result of the identification is then transmitted in secure form to the control device.
- the control device can also be equipped with one or more of these systems.
- the identification will be done at the terminal itself.
- the reference characteristic will then be provided at the terminal, accompanied by a certificate issued by a recognized authority.
- the identification is carried out by means of the entry of a private key of the carrier and the verification is carried out, preferably by the control device, by means of the corresponding public key.
- the public key is stored in a file at the control terminal.
- the holder's public key is included in the document itself.
- the private key is used by the mobile telecommunication device to sign test information.
- the test information will preferably be variable over time or even random in order to avoid the repetition of the same identification procedure.
- the test information may be a predetermined function of the time of sending the electronic document or the result of a random draw.
- the control device If, as indicated, the control device is responsible for verifying the holder's signature, it will receive the signed test information from the mobile telecommunications device. In addition, he must know the said test information generation function or receive, attached to the electronic document, the plain text test information in addition to the signed version. The control terminal with the plain and signed version of the test information and the holder's public key can then determine whether the holder is actually the holder of the document.
- the test information is generated by the mobile telecommunication device. It is also conceivable that this information is generated by the control device and transmitted to the mobile telecommunication device for signature.
- Fig. 1 schematically shows an example of the progress of an electronic document authentication procedure without identifying the holder.
- the control terminal (CP) initiates the procedure by a request (10) for the presentation of a document or the carrier of the mobile telephone (MS) takes directly the initiative of the presentation.
- the document is transmitted (15) to the terminal, after having been read, for example, from a smart card.
- the control terminal extracts (17) then from the document the public key of the authority, after possibly having verified the certificate if it is certified, verifies (18) with it the authenticity of the document and possibly returns an acknowledgment information (19).
- Fig. 2 schematically shows an example of the progress of an electronic document authentication procedure with verification of the identity of the holder, as proposed by the invention.
- the control terminal (CP) initiates the procedure by a request (20) for document presentation and a request (21) for identification comprising test information.
- the procedure is initiated directly by the carrier of the mobile phone.
- the bearer's private key is generated (22) from a password entered using the keypad of the mobile phone or is sought in the memory of the mobile phone or the SIM card after verification of a password or control of a biometric characteristic.
- the private key is used to sign (23) the test information.
- the signed information is attached (24) to the electronic document comprising the public key of the authority, the public key of the holder and possibly certificates for these two keys.
- the assembly is then transmitted (25) to the control terminal.
- the terminal After having checked (26) the certificates, the terminal extracts (27) the public key of the authority and checks (28) with it the authenticity of the document.
- the terminal extracts the public key of the holder and verifies from the signed test information whether the holder has actually signed with the private key of the holder and possibly returns (30) an acknowledgment information .
- control device and the telecommunication device have been described respectively as a terminal and a mobile telephone, it is clear that both can be implemented in different ways.
- control device can be a base station, a mobile telephone, a simple transmission / reception device.
Abstract
Description
Claims
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP20010976363 EP1323260A1 (en) | 2000-10-05 | 2001-10-05 | Method for authenticating an electronic document |
AU2001295661A AU2001295661A1 (en) | 2000-10-05 | 2001-10-05 | Method for authenticating an electronic document |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FR0012852A FR2815205B1 (en) | 2000-10-05 | 2000-10-05 | ELECTRONIC DOCUMENT AUTHENTICATION PROCESS |
FR00/12852 | 2000-10-05 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2002030039A1 true WO2002030039A1 (en) | 2002-04-11 |
Family
ID=8855117
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/FR2001/003066 WO2002030039A1 (en) | 2000-10-05 | 2001-10-05 | Method for authenticating an electronic document |
Country Status (4)
Country | Link |
---|---|
EP (1) | EP1323260A1 (en) |
AU (1) | AU2001295661A1 (en) |
FR (1) | FR2815205B1 (en) |
WO (1) | WO2002030039A1 (en) |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5878138A (en) * | 1996-02-12 | 1999-03-02 | Microsoft Corporation | System and method for detecting fraudulent expenditure of electronic assets |
US6026166A (en) * | 1997-10-20 | 2000-02-15 | Cryptoworx Corporation | Digitally certifying a user identity and a computer system in combination |
WO2000042794A1 (en) * | 1999-01-18 | 2000-07-20 | Keith Benson | Apparatus and method relating to authorisation control |
-
2000
- 2000-10-05 FR FR0012852A patent/FR2815205B1/en not_active Expired - Fee Related
-
2001
- 2001-10-05 WO PCT/FR2001/003066 patent/WO2002030039A1/en active Application Filing
- 2001-10-05 AU AU2001295661A patent/AU2001295661A1/en not_active Abandoned
- 2001-10-05 EP EP20010976363 patent/EP1323260A1/en not_active Withdrawn
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5878138A (en) * | 1996-02-12 | 1999-03-02 | Microsoft Corporation | System and method for detecting fraudulent expenditure of electronic assets |
US6026166A (en) * | 1997-10-20 | 2000-02-15 | Cryptoworx Corporation | Digitally certifying a user identity and a computer system in combination |
WO2000042794A1 (en) * | 1999-01-18 | 2000-07-20 | Keith Benson | Apparatus and method relating to authorisation control |
Also Published As
Publication number | Publication date |
---|---|
FR2815205B1 (en) | 2003-08-08 |
AU2001295661A1 (en) | 2002-04-15 |
EP1323260A1 (en) | 2003-07-02 |
FR2815205A1 (en) | 2002-04-12 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP2008483B1 (en) | Method of securing access to a proximity communication module in a mobile terminal | |
EP0675614B1 (en) | Apparatus for the secure exchange of data according to the RSA method limited to digital signatures and message verification and smart card containing such an apparatus | |
EP2820795B1 (en) | Method for verifying the identity of a user of a communication terminal and associated system | |
EP1549011A1 (en) | Communication method and system between a terminal and at least a communication device | |
EP0973318A1 (en) | Process for remote paying, by means of a mobile radio telephone, the acquisition of a good and/or a service, and corresponding system and mobile radio telephone | |
FR2738438A1 (en) | KEY IDENTIFICATION SYSTEM | |
WO2002102018A1 (en) | Method for authentication between a portable telecommunication object and a public access terminal | |
FR2989799A1 (en) | METHOD FOR TRANSFERRING A DEVICE TO ANOTHER RIGHTS OF ACCESS TO A SERVICE | |
EP2912818B1 (en) | Method for mutual authentication between a terminal and a remote server via a third-party portal | |
WO2005101726A1 (en) | Anonymous authentication method | |
EP2545721A1 (en) | Protection against rerouting in an nfc circuit communication channel | |
EP1336287B1 (en) | Calling from a radiotelephone terminal | |
EP0950307B1 (en) | Method and system for ensuring the security of the supply of services of telecommunication operators | |
EP2119293B1 (en) | Method and device for controlling the execution of at least one function in a short range wireless communication module of a mobile phone | |
EP3963823A1 (en) | Method for securely connecting to an onboard web service and corresponding device | |
WO2002030039A1 (en) | Method for authenticating an electronic document | |
WO2008053095A1 (en) | Portable electronic entity and method for remotely blocking a functionality of said portable electronic entity | |
WO2007048969A1 (en) | Server, system and method for encrypting digital data, particularly for an electronic signature of digital data on behalf of a group of users | |
EP1280368A1 (en) | Method for secure exchange between an informatic terminal and a distant equipment | |
FR2832576A1 (en) | Mobile user supplier identification process uses authentication function | |
EP2747041A1 (en) | Method for securing a device capable of communicating with a reader according to two authentication protocols | |
WO1998021880A1 (en) | Method and system for ensuring the security of fax transmission using an identifying card | |
FR3007929A1 (en) | METHOD FOR AUTHENTICATING A USER OF A MOBILE TERMINAL | |
WO2013140078A1 (en) | Method for identity generation and verification indicating the uniqueness of a carrier-object pair | |
FR2984648A1 (en) | Method for providing response to request by individual electronic system for banking transaction, involves analyzing specific signature using cryptographic unit, where part of unit is selected based on result of analysis of signature |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
WWE | Wipo information: entry into national phase |
Ref document number: 2001976363 Country of ref document: EP |
|
WWP | Wipo information: published in national office |
Ref document number: 2001976363 Country of ref document: EP |
|
REG | Reference to national code |
Ref country code: DE Ref legal event code: 8642 |
|
NENP | Non-entry into the national phase |
Ref country code: JP |