CA2390835A1 - System for electronic delivery of a personal identification code - Google Patents
System for electronic delivery of a personal identification code Download PDFInfo
- Publication number
- CA2390835A1 CA2390835A1 CA002390835A CA2390835A CA2390835A1 CA 2390835 A1 CA2390835 A1 CA 2390835A1 CA 002390835 A CA002390835 A CA 002390835A CA 2390835 A CA2390835 A CA 2390835A CA 2390835 A1 CA2390835 A1 CA 2390835A1
- Authority
- CA
- Canada
- Prior art keywords
- sim card
- electronic signature
- code
- sms message
- terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
- G07F7/1008—Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/02—Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/341—Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/355—Personalisation of cards for use
- G06Q20/3558—Preliminary personalisation for transfer to user
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3829—Payment protocols; Details thereof insuring higher security of transaction involving key management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/409—Device specific authentication in transaction processing
- G06Q20/4097—Device specific authentication in transaction processing using mutual authentication between devices and transaction partners
- G06Q20/40975—Device specific authentication in transaction processing using mutual authentication between devices and transaction partners using encryption therefor
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
- G07F7/1016—Devices or methods for securing the PIN and other transaction-data, e.g. by encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/56—Financial cryptography, e.g. electronic payment or e-cash
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W88/00—Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
- H04W88/02—Terminal devices
Abstract
A system is provided for electronic delivery of a PIN code in a secure, fast and efficient manner and compromising a server (3) provided with a reference code (2) for generating the PIN code. The server (3) is adapted to transmit a SMS message (9) containing an electronic signature (5) based on the reference code (2) to a SIM card (10) connected to a terminal (12). The SIM card (10) comprises means (11) for receiving and storing the SMS message (9), and means (17) for comparing the stored electronic signature (5) in the SMS message (9) with an electronic signature (20) generated from a reference code (15) entered by a user of the terminal (12). Encryption keys, generated by a triple DES
data encryption algorithm having two keys, and encryption means are provided in the server (3) and in the SIM card (10).
data encryption algorithm having two keys, and encryption means are provided in the server (3) and in the SIM card (10).
Description
T~tle~ System for electronic delivery of a ver~onal identification code Technical Field . _ The invention relates to a system for electronic delivery of a PIN (Personal Identification Number) evde and comprising a server 'secured by ineana of a ncuribcr of encryption keys and provided with a reference code for generating the-PIN
code, said system feirther comprising means for encrypting the reference cddr arid the PIN
code generated by means of the encryption key's atid'via coinrriected ~co~nunicadons means being adapted to transmit a SMS (Short Mcssage'5ervice) message 'containing an electronic signature based on the reference code to ~ a SIM (Subscriber Identity 1U Module) card connected to a terminal with input and display means.' ~' - ' Baokgrgund,~rt_ : . w.:';'. : : _. ._.
Personal identification numbers, so-called PIN codes; are gresentlyviised in'noany different situations, in particular in connection with economic 'transactioiLS;~in Which a credit card or a similar means of payment is u5ed~ together with a terrninai~. The information stored on the credit card is verified by °the~card user doling-coropletion~
of the transaction by eatering a PIN code on the cerminial's keyboard, said code being agreed with the card issuer. It is thus ensured that the user of the card is identical to the owner of the card.
The PIN code is usually assigned to the credit card in connection with the issuance thereof and generally forwarded to the user under separate cover as ordinary mail.
This method is neither completely secure nor very fast, as it may take several dgys for the letter to reach the card ovvner and thus before the owner can use his card.
WO 99139524 relates to teiecomrnuracation systems arid discloses a procedure arid a system for transmission of encrypted 5M5 messages to a mobile station. The system comprises a teleconununication network, a mobile station connected to it surd a subscriber identity module (SIM) connected to the mobile stab on, amessage svvitehing centre, and transmission software connected to the message switching cenlrc.
1be transmission sotlware comprises applications attd parameters of the encryption algorithm to be used. Hereby, SMS messages ruay be generated~tmd sent to the mobile station via the message switching centre. The S 1M card in the mobile station is adapted for receiving acrd storing an encrypted SMS message.
Brief Descripsion of ,~,nvernion The object of the invention is to provide a secure, fast aiid efficient system which is able to deliver PIN codes to the customers in a~ more advantageous manner.
A system of the above type is according to the invcrytion characterised in that said server is adapted for receiving unique information in the ftirm'of a reference code, said encryption means is adapted for computing a furst-electronic signature based on the reference code, and the server being adapted for transmitting~the first electronic signature as encrypted electronic informaxion in said SMS message, and' ~ ' ' said SIM card comprises means For comparingthe ttrstelectfivnic signature in the~SMS
message with a second electronic signature being generated' from a reference code entered by a user of the terminal arid by means of a corresponding encryption key in the SIM card, and means for allowing subsequent display of a PIN code associated with the signatures onthe display means afthe terminal, ifthe first electxvtuc signature and the second electronic signature march.
It is thus only possible to be advised of a PIN code, if the user ~f a specific terminal enters the associatod reference code. ?he exchange of the PIN code and the reference code is made exclusively in form of encrypted data signals which can only be decrypted by using the two unique encryption keys. A high decree of security delivery of PIN codes is thus obtained.
Furthermore according to the invention said S1M card is adapted for being provided with the PIN code when supplying the S!M card with a unique identity code.
Hereby, .
the PIN code never needs to be transmitted and therefore unauthorised decr3.~tion of the PIN coda can be prevented.
Moreover, according to a preferred embodiment of the inventioir, said SIM card is adapted to receive the PIhT code in the form of an encrypted data signal, 'The invention also relates to a mobile telephone comprising a terminal with input meaz~.s and display means, and a STM card including means adapted for ieceiving and storing an encrypted SMS message, characterised in that the SIM~card~comprisas:
comparator means adapted For comparing a first electronic signature in the encrypted SMS message with a second electronic signature being geaei~ted.frorr~ a reference code entered by a user of t(ze tcrmiaal and by means of a corresponding encryption key in the SIM card, and means for allowing subsequent display of a P1N code e~sssociated with the signatures on the display rne~ns of the terminal, if the fu-st electronic signature and the second electronic si (nature snatch.
Preferred embodiment of the mobil a phone according to the invention is claimed in the dependent claims 5 and 6.
Finally, the invention relates to a SIM card including storage means adapted for receiving and storing an encrypted 5MS message, characterised in that said SI'M card comprises:
encryption means adapted for generatinget second electronic signature from a reference cede entered by a usEr of the terminal and by means of a corresponding encz-yption key in the SIM card, and camparator means adapted for comparing a frst electronic signature in~the encrypted SNlS message urith said second electrotuc signature and aanstnitting a signal to a control means indicating that a PIN code is to be delivered to a user.
(referred embodiment of a 5IM card according to the invention are claimed in the dependent claims 8 and 9.
Brief Description of the Drawing ~ ... .. .. . _ ._ . . . .
1 o The invention is explained in greater devil below with reference to the accompanying drawing illustrating a flow chart of a preferred embodiment of the invention.
Best Mode fir ,Carrvir~a hut the tnventivn --~ -The system for electronic delivery of a P1N code shown in the drawing comprises a secured server 3 adapted to receive unique information 1 (illustrated as ~a chart for I5 filiing-in personal data) in form of reference codas 2, and encryption means 4 subsequently catnputing the electronic signature 5 based on the reference code 2 in the server 3. The server 3 communicates with a so-called ever-the-air platform (OTA) communicating with a SMS service centre 8 adapted to receive encrypted information 7 from the platform 6. The SMS ser~~ice centre 8 is connected to a SIM
20 card 10 which communicates~with a mobile handset 12 of the GSM cope comprising a keyboard 13 and a display means in form of a display 14, said sen~ice centre being able to transmit completed SM5 messages to the SIM card 10. The SIM card 10 comprises a su~ragc 11. for storing encrypted SMS messages 9, encryption means for encrypting data 15 catered by a user of the terminal !2 v is the keyboard 13 and comparison means 17 connected to the storage I 1 and the keyboard 13 for comparing the stored data with entered data. The comparison means l 7 are further connected to means 18 fir displaying the PIN code on the display 14 of the terminal 12.
When using the system the user delivers unique information 1 in form of a reference code 2 to the secured server 3. The reference code 2 is used as an input signal for generating an electronic signature 5 in the server 3 by means of the encryption means 4. The electronic signature 5 is transmitted via the over-the=air platfvrtn 6 to the SMS
service centre 8 for administration of the SIM card, said serYice centre 8 converting the electronic signature 5 to a 5MS message 9 suitable for transmission thereof to the SIM card 10 in question connected to the mobile handset 12. The SIM card 10 comprises a storage 11 adapted to receive and store the encrypted SMS message 9.
The comparison means 17 are used for comparing the electronic signature 5 in the cnczyptcd SMS message 9 with the. electronic signature 20 ' generated by the encryption mesas 16, said signature 20 being generated on the basis of data entered on the keyboard in the teirninal 12. If the electronic signature 5 and the electronic signature 20 entered by the user match, the comparison means 17 transmits a signal to the guide means 18 that the PIN code 19 is to be displayed on the display 14 of the mobile handset 12, whereby the PIN cede is delivered to the user.
In a preferred embodiment of the iavention the cermitsal 12 is a mobile handset such as a cellular telephone. A S1M card (subscriber Identity Module) is required for operating mobile handsets adapted for communication via an existing GSM
network.
The SIM card, which in use forms an integrated part of the elec4ronics of the mobile handset, contains inrer ells codes identifying the mobile handset in relation to the GSM network. This identification is necessary to enable the network to determine far instance the position of the mobile terminal for transmission of mobile telephony via the most advantageous transmission tower(s) in the network at the specific time.
The sem~er 3 comprises software (not shown) for generating PIN codes, a triple DES
b (Data Encryption Standard) encryption algorithm (reference numeral 4), an encrypted datrabase (not shown) containing encryption b;eys tv all of the SIM cards registered in the system and information .about the connection between the numbers ~ of the mobile handsets and the numbers of the associated ~ SIM cards. A triple DES
algorithm is an encryption process ~ in three levels which is considered particular 1y secure against unauthorised decryption. ' - ~ ' v When the secured server 3 has received the reference-~code from ~a~ new user and verified that the user's SIM card number is valid in the system, the server 3 generates an electronic sigslauue 5 preferably by means of the triple -AE5 algorithm 4 combined with the two keys of at least 55 bit belonging ~io the user's SIM
card number. ThE electronic signature 5 is transmitted to the user's SIM card ~ 10 ~as as uniquely formatted G5M S bit SM5 (Short Messager~'Sysiem) message The coiling ' of the SMS messages is adapted such that the electronic signat<ire ~5 ~of the rice code 2 is stored in the storage 11 of the SIM card !0 sad die-usei is notiFied that the generated PIN cede is ready for use when a SMS message 9 is received by the user's SIM card 10. ' When the user subsequently runs the program in the SIM card 10 enabling delivery of the PIN code, the user is requested by the program wia the displajr -14' of the terminal to enter the referents code 15 on the keyboard 1~3 cif the terminal 12. For gcneraeing another electronic signature 20, the reference node 15 is i;odcd by the encryption means 16 in the SIM card a0 bytncans of the same encryption algorithm used by the encryption means 4 in the secured server 3 when the reference node was supplied to the secured server 3. The comparison means 17 in the SIM card then compares the electronic signature 5 stored in the storage 11 and based on the ~referra~ce code Z with the electronic signature 20 generated by the encryption means 16. If the two signatures match, the comparison means 17 transmits a signal to the ,guide means 18 indicating that the PIN code 19 is to be displayed on the display 14 of the terminal 12. If the two electronic signatures arc not identical, the user is advised on the display 14 that the reference code 15 has not baen accepted arid is asked to enter the reference code 15 once more. If the reference code 1S after tvvo additional attempts still is incorrect, the program is interrupted and the PIN
code 19 is not delivered until the user has fetched a new reference code 2 from the secured server 3, said code being eithez~ identical to or different from the initial reference code 2.
In order to ensure that the delivered PIN code is read correctly, the user may be offered validation of the delivered PIN code, The validation process is pcrforrned by the user entering the PIN code shown on the display 14 by means of the keyboard, whereafter the user is advised whether the PIN code has been entered correctly. If not, the PIN code is shown once mere on the display 14 and the validation process can be repeated. =
In an alternative embodiment the PIN code nay be provided in the SIM card, when the card is supplied with a unique identity code, vV$ereby the PIN code never need be transmitted. This is considered a more secure embodiment, unauchvrised decryption of the PIN code duri~c~g transmission therieof thus being prevented.
The invention is not restricted to the above preferred embodiment, but may be altered in many ways without thereby deviating from the scope of the invention.
code, said system feirther comprising means for encrypting the reference cddr arid the PIN
code generated by means of the encryption key's atid'via coinrriected ~co~nunicadons means being adapted to transmit a SMS (Short Mcssage'5ervice) message 'containing an electronic signature based on the reference code to ~ a SIM (Subscriber Identity 1U Module) card connected to a terminal with input and display means.' ~' - ' Baokgrgund,~rt_ : . w.:';'. : : _. ._.
Personal identification numbers, so-called PIN codes; are gresentlyviised in'noany different situations, in particular in connection with economic 'transactioiLS;~in Which a credit card or a similar means of payment is u5ed~ together with a terrninai~. The information stored on the credit card is verified by °the~card user doling-coropletion~
of the transaction by eatering a PIN code on the cerminial's keyboard, said code being agreed with the card issuer. It is thus ensured that the user of the card is identical to the owner of the card.
The PIN code is usually assigned to the credit card in connection with the issuance thereof and generally forwarded to the user under separate cover as ordinary mail.
This method is neither completely secure nor very fast, as it may take several dgys for the letter to reach the card ovvner and thus before the owner can use his card.
WO 99139524 relates to teiecomrnuracation systems arid discloses a procedure arid a system for transmission of encrypted 5M5 messages to a mobile station. The system comprises a teleconununication network, a mobile station connected to it surd a subscriber identity module (SIM) connected to the mobile stab on, amessage svvitehing centre, and transmission software connected to the message switching cenlrc.
1be transmission sotlware comprises applications attd parameters of the encryption algorithm to be used. Hereby, SMS messages ruay be generated~tmd sent to the mobile station via the message switching centre. The S 1M card in the mobile station is adapted for receiving acrd storing an encrypted SMS message.
Brief Descripsion of ,~,nvernion The object of the invention is to provide a secure, fast aiid efficient system which is able to deliver PIN codes to the customers in a~ more advantageous manner.
A system of the above type is according to the invcrytion characterised in that said server is adapted for receiving unique information in the ftirm'of a reference code, said encryption means is adapted for computing a furst-electronic signature based on the reference code, and the server being adapted for transmitting~the first electronic signature as encrypted electronic informaxion in said SMS message, and' ~ ' ' said SIM card comprises means For comparingthe ttrstelectfivnic signature in the~SMS
message with a second electronic signature being generated' from a reference code entered by a user of the terminal arid by means of a corresponding encryption key in the SIM card, and means for allowing subsequent display of a PIN code associated with the signatures onthe display means afthe terminal, ifthe first electxvtuc signature and the second electronic signature march.
It is thus only possible to be advised of a PIN code, if the user ~f a specific terminal enters the associatod reference code. ?he exchange of the PIN code and the reference code is made exclusively in form of encrypted data signals which can only be decrypted by using the two unique encryption keys. A high decree of security delivery of PIN codes is thus obtained.
Furthermore according to the invention said S1M card is adapted for being provided with the PIN code when supplying the S!M card with a unique identity code.
Hereby, .
the PIN code never needs to be transmitted and therefore unauthorised decr3.~tion of the PIN coda can be prevented.
Moreover, according to a preferred embodiment of the inventioir, said SIM card is adapted to receive the PIhT code in the form of an encrypted data signal, 'The invention also relates to a mobile telephone comprising a terminal with input meaz~.s and display means, and a STM card including means adapted for ieceiving and storing an encrypted SMS message, characterised in that the SIM~card~comprisas:
comparator means adapted For comparing a first electronic signature in the encrypted SMS message with a second electronic signature being geaei~ted.frorr~ a reference code entered by a user of t(ze tcrmiaal and by means of a corresponding encryption key in the SIM card, and means for allowing subsequent display of a P1N code e~sssociated with the signatures on the display rne~ns of the terminal, if the fu-st electronic signature and the second electronic si (nature snatch.
Preferred embodiment of the mobil a phone according to the invention is claimed in the dependent claims 5 and 6.
Finally, the invention relates to a SIM card including storage means adapted for receiving and storing an encrypted 5MS message, characterised in that said SI'M card comprises:
encryption means adapted for generatinget second electronic signature from a reference cede entered by a usEr of the terminal and by means of a corresponding encz-yption key in the SIM card, and camparator means adapted for comparing a frst electronic signature in~the encrypted SNlS message urith said second electrotuc signature and aanstnitting a signal to a control means indicating that a PIN code is to be delivered to a user.
(referred embodiment of a 5IM card according to the invention are claimed in the dependent claims 8 and 9.
Brief Description of the Drawing ~ ... .. .. . _ ._ . . . .
1 o The invention is explained in greater devil below with reference to the accompanying drawing illustrating a flow chart of a preferred embodiment of the invention.
Best Mode fir ,Carrvir~a hut the tnventivn --~ -The system for electronic delivery of a P1N code shown in the drawing comprises a secured server 3 adapted to receive unique information 1 (illustrated as ~a chart for I5 filiing-in personal data) in form of reference codas 2, and encryption means 4 subsequently catnputing the electronic signature 5 based on the reference code 2 in the server 3. The server 3 communicates with a so-called ever-the-air platform (OTA) communicating with a SMS service centre 8 adapted to receive encrypted information 7 from the platform 6. The SMS ser~~ice centre 8 is connected to a SIM
20 card 10 which communicates~with a mobile handset 12 of the GSM cope comprising a keyboard 13 and a display means in form of a display 14, said sen~ice centre being able to transmit completed SM5 messages to the SIM card 10. The SIM card 10 comprises a su~ragc 11. for storing encrypted SMS messages 9, encryption means for encrypting data 15 catered by a user of the terminal !2 v is the keyboard 13 and comparison means 17 connected to the storage I 1 and the keyboard 13 for comparing the stored data with entered data. The comparison means l 7 are further connected to means 18 fir displaying the PIN code on the display 14 of the terminal 12.
When using the system the user delivers unique information 1 in form of a reference code 2 to the secured server 3. The reference code 2 is used as an input signal for generating an electronic signature 5 in the server 3 by means of the encryption means 4. The electronic signature 5 is transmitted via the over-the=air platfvrtn 6 to the SMS
service centre 8 for administration of the SIM card, said serYice centre 8 converting the electronic signature 5 to a 5MS message 9 suitable for transmission thereof to the SIM card 10 in question connected to the mobile handset 12. The SIM card 10 comprises a storage 11 adapted to receive and store the encrypted SMS message 9.
The comparison means 17 are used for comparing the electronic signature 5 in the cnczyptcd SMS message 9 with the. electronic signature 20 ' generated by the encryption mesas 16, said signature 20 being generated on the basis of data entered on the keyboard in the teirninal 12. If the electronic signature 5 and the electronic signature 20 entered by the user match, the comparison means 17 transmits a signal to the guide means 18 that the PIN code 19 is to be displayed on the display 14 of the mobile handset 12, whereby the PIN cede is delivered to the user.
In a preferred embodiment of the iavention the cermitsal 12 is a mobile handset such as a cellular telephone. A S1M card (subscriber Identity Module) is required for operating mobile handsets adapted for communication via an existing GSM
network.
The SIM card, which in use forms an integrated part of the elec4ronics of the mobile handset, contains inrer ells codes identifying the mobile handset in relation to the GSM network. This identification is necessary to enable the network to determine far instance the position of the mobile terminal for transmission of mobile telephony via the most advantageous transmission tower(s) in the network at the specific time.
The sem~er 3 comprises software (not shown) for generating PIN codes, a triple DES
b (Data Encryption Standard) encryption algorithm (reference numeral 4), an encrypted datrabase (not shown) containing encryption b;eys tv all of the SIM cards registered in the system and information .about the connection between the numbers ~ of the mobile handsets and the numbers of the associated ~ SIM cards. A triple DES
algorithm is an encryption process ~ in three levels which is considered particular 1y secure against unauthorised decryption. ' - ~ ' v When the secured server 3 has received the reference-~code from ~a~ new user and verified that the user's SIM card number is valid in the system, the server 3 generates an electronic sigslauue 5 preferably by means of the triple -AE5 algorithm 4 combined with the two keys of at least 55 bit belonging ~io the user's SIM
card number. ThE electronic signature 5 is transmitted to the user's SIM card ~ 10 ~as as uniquely formatted G5M S bit SM5 (Short Messager~'Sysiem) message The coiling ' of the SMS messages is adapted such that the electronic signat<ire ~5 ~of the rice code 2 is stored in the storage 11 of the SIM card !0 sad die-usei is notiFied that the generated PIN cede is ready for use when a SMS message 9 is received by the user's SIM card 10. ' When the user subsequently runs the program in the SIM card 10 enabling delivery of the PIN code, the user is requested by the program wia the displajr -14' of the terminal to enter the referents code 15 on the keyboard 1~3 cif the terminal 12. For gcneraeing another electronic signature 20, the reference node 15 is i;odcd by the encryption means 16 in the SIM card a0 bytncans of the same encryption algorithm used by the encryption means 4 in the secured server 3 when the reference node was supplied to the secured server 3. The comparison means 17 in the SIM card then compares the electronic signature 5 stored in the storage 11 and based on the ~referra~ce code Z with the electronic signature 20 generated by the encryption means 16. If the two signatures match, the comparison means 17 transmits a signal to the ,guide means 18 indicating that the PIN code 19 is to be displayed on the display 14 of the terminal 12. If the two electronic signatures arc not identical, the user is advised on the display 14 that the reference code 15 has not baen accepted arid is asked to enter the reference code 15 once more. If the reference code 1S after tvvo additional attempts still is incorrect, the program is interrupted and the PIN
code 19 is not delivered until the user has fetched a new reference code 2 from the secured server 3, said code being eithez~ identical to or different from the initial reference code 2.
In order to ensure that the delivered PIN code is read correctly, the user may be offered validation of the delivered PIN code, The validation process is pcrforrned by the user entering the PIN code shown on the display 14 by means of the keyboard, whereafter the user is advised whether the PIN code has been entered correctly. If not, the PIN code is shown once mere on the display 14 and the validation process can be repeated. =
In an alternative embodiment the PIN code nay be provided in the SIM card, when the card is supplied with a unique identity code, vV$ereby the PIN code never need be transmitted. This is considered a more secure embodiment, unauchvrised decryption of the PIN code duri~c~g transmission therieof thus being prevented.
The invention is not restricted to the above preferred embodiment, but may be altered in many ways without thereby deviating from the scope of the invention.
Claims (9)
1. A system for electronic delivery of electronic information and comprising a server (3) secured by means of a number of encryption keys, said system comprising encryption means (4) for encrypting the electronic information and via connected communications means (6, 8) being adapted to transmit a SMS message (9) containing the encrypted electronic information to a SIM card (10) connected to a terminal (12) with input means (13) and display means (14), said SIM card comprising means (11) for receiving and storing the encrypted SMS message (9), characterised in that said server (3) is adapted for receiving unique information in the form of a reference code (2), said encryption means (4) is adapted for computing a first electronic signature (5) based on the reference code (2), and the server being adapted for transmitting the first electronic signature (5) as encrypted electronic information in said SMS
message (9), and said SIM card (10) comprises means (17) for comparing the first electronic signature (5) in the SMS message (9) with a second electronic signature (20) being generated from a reference code (15) entered by a user of the terminal (12) and by means of a corresponding encryption key (16) in the SIM card (10), and means (18) for allowing subsequent display of a PIN code associated with the signatures (5, 20) on the display means (14) of the terminal (12), if the first electronic signature (5) and the second electronic signature (20) match.
message (9), and said SIM card (10) comprises means (17) for comparing the first electronic signature (5) in the SMS message (9) with a second electronic signature (20) being generated from a reference code (15) entered by a user of the terminal (12) and by means of a corresponding encryption key (16) in the SIM card (10), and means (18) for allowing subsequent display of a PIN code associated with the signatures (5, 20) on the display means (14) of the terminal (12), if the first electronic signature (5) and the second electronic signature (20) match.
2. A system according to claim 1, wherein said SIM card (10) is adapted for being provided with the PIN code when supplying the SIM card (10) with a unique identity code.
3. A system according to claim 1, wherein said SIM card (10) is adapted to receive the PIN code in the form of an encrypted data signal.
4. A mobile phone comprising a terminal (12) with input means (13) and display means (14), and a SIM card (10) including means (11) adapted for receiving and storing an encrypted SMS message (9), characterised in that the SIM card (10) comprises comparator means (17) adapted for comparing a first electronic signature (5) in the encrypted SMS message (9) with a second electronic signature (20) being generated from a reference code (15) entered by a user of the terminal (12) and by means of a corresponding encryption key (16) in the S1M card (10), and means (18) for allowing subsequent display of a PIN code associated with the signatures (5, 20) on the display means (14) of the terminal (12), if the first electronic signature (5) and the second electronic signature (2) match.
5. A mobile phone according to claim 4, wherein said SIM card (10) is adapted for being provided with the PIN code when supplying the SIM card (10) with a unique identity code.
6. A mobile phone according to claim 4, wherein said SIM card (10) is adapted to receive the PIN code in the form of an encrypted data signal.
7. A SIM card including storage means (11) adapted for receiving and storing an encrypted SMS message (9), characterised in that said SIM card (10) comprises encryption means (16) adapted for generating a second electronic signature (2) from a reference code (15) entered by a user of the terminal (12) and by means of a corresponding encryption key (16) in the SIM card (10), and comparator means (17) adapted for comparing a first electronic signature (5) in the encrypted SMS message (9) with said second electronic signature (20) and transmitting a signal to a control means (18) indicating that a PIN code (19) is to be delivered to a user.
8. A SIM card according to claim 7, wherein said SIM card (10) is adapted for being provided with the PIN code when supplying the SIM card (10) with a unique identity code.
9. A SIM card according to claim 8, wherein said SIM card (10) is adapted to receive the PIN code in the form of as encrypted data signal.
Applications Claiming Priority (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| DKPA199901608 | 1999-11-09 | ||
| DK199901608A DK174672B1 (en) | 1999-11-09 | 1999-11-09 | Electronic identification code delivery system |
| PCT/DK2000/000620 WO2001035685A1 (en) | 1999-11-09 | 2000-11-09 | System for electronic delivery of a personal identification code |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CA2390835A1 true CA2390835A1 (en) | 2001-05-17 |
Family
ID=8106504
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CA002390835A Abandoned CA2390835A1 (en) | 1999-11-09 | 2000-11-09 | System for electronic delivery of a personal identification code |
Country Status (9)
| Country | Link |
|---|---|
| EP (1) | EP1228653A1 (en) |
| JP (1) | JP2003514469A (en) |
| CN (1) | CN1167298C (en) |
| AU (1) | AU1269001A (en) |
| BR (1) | BR0015445A (en) |
| CA (1) | CA2390835A1 (en) |
| DK (1) | DK174672B1 (en) |
| HK (1) | HK1048720A1 (en) |
| WO (1) | WO2001035685A1 (en) |
Families Citing this family (32)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| SG98425A1 (en) * | 2000-09-13 | 2003-09-19 | First Cube Pte Ltd | A method and system using sms notification for facilitating delivery of goods |
| US7668315B2 (en) * | 2001-01-05 | 2010-02-23 | Qualcomm Incorporated | Local authentication of mobile subscribers outside their home systems |
| NO313810B1 (en) * | 2001-04-25 | 2002-12-02 | Ericsson Telefon Ab L M | Cryptographic signing in small units |
| DE60141905D1 (en) | 2001-11-05 | 2010-06-02 | Nokia Corp | Delivery to network of mobile stations Functional and self-test results in response to an encrypted request |
| SE0200061L (en) * | 2002-01-10 | 2003-01-07 | Telia Ab | Method of access control in mobile communications |
| DE10218191B4 (en) * | 2002-01-24 | 2007-06-21 | Vodafone Holding Gmbh | Adjustable mobile terminal |
| CN100343829C (en) * | 2002-04-15 | 2007-10-17 | 无敌科技股份有限公司 | Remote data preserving back-up restoring method |
| GB2391669A (en) * | 2002-08-09 | 2004-02-11 | Optisign Ltd | Portable device for verifying a document's authenticity |
| US7702910B2 (en) * | 2002-10-24 | 2010-04-20 | Telefonaktiebolaget L M Ericsson (Publ) | Message authentication |
| JP4067985B2 (en) | 2003-02-28 | 2008-03-26 | 松下電器産業株式会社 | Application authentication system and device |
| WO2004084486A1 (en) * | 2003-03-18 | 2004-09-30 | Eta-Max | Method to increase security of secure systems |
| FR2853785B1 (en) * | 2003-04-09 | 2006-02-17 | Oberthur Card Syst Sa | SECURE ELECTRONIC ENTITY WITH MODIFIABLE COUNTER FOR USING SECRET DATA |
| CN100581141C (en) | 2003-08-12 | 2010-01-13 | 捷讯研究有限公司 | System and method of secure message processing |
| JP4696449B2 (en) * | 2004-01-09 | 2011-06-08 | ソニー株式会社 | Encryption apparatus and method |
| CN100344195C (en) * | 2004-09-24 | 2007-10-17 | 华为技术有限公司 | Mobile terminal used for protecting user input information and its method |
| AT500833B1 (en) * | 2004-10-08 | 2007-06-15 | Pribitzer Wolfgang Ing | METHOD, TERMINAL AND SYSTEM FOR APPROVAL CONTROL OF A DEVICE |
| US20060217116A1 (en) * | 2005-03-18 | 2006-09-28 | Cassett Tia M | Apparatus and methods for providing performance statistics on a wireless communication device |
| CN100450208C (en) * | 2005-11-03 | 2009-01-07 | 华为技术有限公司 | Short message encryption protection realizing method and system |
| CN100369074C (en) | 2006-03-02 | 2008-02-13 | 西安西电捷通无线网络通信有限公司 | Method for realizing encryption/decryption processing in SMS4 cipher algorithm |
| US9237148B2 (en) | 2007-08-20 | 2016-01-12 | Blackberry Limited | System and method for displaying a security encoding indicator associated with a message attachment |
| WO2009123395A1 (en) | 2008-04-04 | 2009-10-08 | Lg Electronics Inc. | Terminal and method for selecting secure device |
| EA016997B1 (en) * | 2008-05-14 | 2012-09-28 | Шин, Елена Ильинична | Process of remote user authentication in computer networks to perform the cellphone-assisted secure transactions |
| DK2461297T3 (en) * | 2008-11-12 | 2020-12-21 | Idemia Denmark As | Device and method for distributing a personal ID number |
| GR1006978B (en) * | 2009-10-02 | 2010-09-17 | Ιντεαλ Ηλεκτρονικη Αβεε, | Disclosure of a pin number through a combining sending and use of a card carrier and a text message (sms) |
| CN101815267A (en) * | 2010-03-05 | 2010-08-25 | 惠州Tcl移动通信有限公司 | Method for encrypting short message of mobile communication terminal |
| JP5337125B2 (en) * | 2010-09-24 | 2013-11-06 | 株式会社エヌ・ティ・ティ・ドコモ | Terminal apparatus, communication system, telephone number determination method and program |
| CN101982989A (en) * | 2010-10-29 | 2011-03-02 | 蒋晴琴 | Encryption system based on coating anti-counterfeit technology |
| TR201103175A2 (en) * | 2011-04-01 | 2012-10-22 | Turkcell �Let���M H�Zmetler� Anon�M ��Rket� | A system and method for secure message transmission |
| KR101080511B1 (en) | 2011-08-03 | 2011-11-04 | (주) 아이씨티케이 | Integrated circuit chip prevneting leak of identification key and method for certification of the integrated circuit chip |
| US9037865B1 (en) | 2013-03-04 | 2015-05-19 | Ca, Inc. | Method and system to securely send secrets to users |
| US9853926B2 (en) | 2014-06-19 | 2017-12-26 | Kevin Alan Tussy | Methods and systems for exchanging private messages |
| CN108875505B (en) * | 2017-11-14 | 2022-01-21 | 北京旷视科技有限公司 | Pedestrian re-identification method and device based on neural network |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| SE508844C2 (en) * | 1997-02-19 | 1998-11-09 | Postgirot Bank Ab | Procedure for access control with SIM card |
| JP2003521820A (en) * | 1997-08-01 | 2003-07-15 | サイエンティフィック−アトランタ, インコーポレイテッド | Conditional access system |
| FI980085A0 (en) * | 1998-01-16 | 1998-01-16 | Finland Telecom Oy | Encryption in card form and annulling in encryption |
| US6151677A (en) * | 1998-10-06 | 2000-11-21 | L-3 Communications Corporation | Programmable telecommunications security module for key encryption adaptable for tokenless use |
| FI107860B (en) * | 1999-02-09 | 2001-10-15 | Sonera Smarttrust Oy | Procedure and systems for a telecommunications system and a subscriber identity module |
-
1999
- 1999-11-09 DK DK199901608A patent/DK174672B1/en not_active IP Right Cessation
-
2000
- 2000-11-09 BR BR0015445-8A patent/BR0015445A/en not_active Withdrawn
- 2000-11-09 JP JP2001537299A patent/JP2003514469A/en active Pending
- 2000-11-09 EP EP00974345A patent/EP1228653A1/en not_active Withdrawn
- 2000-11-09 CN CNB008168326A patent/CN1167298C/en not_active Expired - Fee Related
- 2000-11-09 AU AU12690/01A patent/AU1269001A/en not_active Abandoned
- 2000-11-09 WO PCT/DK2000/000620 patent/WO2001035685A1/en active Application Filing
- 2000-11-09 CA CA002390835A patent/CA2390835A1/en not_active Abandoned
-
2003
- 2003-02-05 HK HK03100826.7A patent/HK1048720A1/en unknown
Also Published As
| Publication number | Publication date |
|---|---|
| JP2003514469A (en) | 2003-04-15 |
| DK174672B1 (en) | 2003-08-25 |
| WO2001035685A1 (en) | 2001-05-17 |
| BR0015445A (en) | 2002-11-05 |
| AU1269001A (en) | 2001-06-06 |
| CN1408187A (en) | 2003-04-02 |
| CN1167298C (en) | 2004-09-15 |
| EP1228653A1 (en) | 2002-08-07 |
| HK1048720A1 (en) | 2003-04-11 |
| DK199901608A (en) | 2001-05-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CA2390835A1 (en) | System for electronic delivery of a personal identification code | |
| CN100539581C (en) | Provide a set of access codes to subscriber equipment | |
| US7231372B1 (en) | Method and system for paying for goods or services | |
| US8600351B2 (en) | Method and apparatus for unlocking a mobile telephone type wireless communication terminal | |
| US6711262B1 (en) | Procedure for the control of applications stored in a subscriber identity module | |
| US6504932B1 (en) | Method of transferring information between a subscriber identification module and a radiocommunication mobile terminal, and a corresponding subscriber identification module and mobile terminal | |
| US7284123B2 (en) | Secure communication system and method for integrated mobile communication terminals comprising a short-distance communication module | |
| US20020172190A1 (en) | Method and apparatus for secure communication and key distribution in a telecommunication system | |
| WO1993010509A1 (en) | Method and system for secure, decentralised personalisation of smart cards | |
| AU1585200A (en) | Wireless portable device capable of performing various functions with enhanced security | |
| EP1161813A1 (en) | Method and system in a telecommunication system | |
| WO1998028877A1 (en) | Method for identification of a data transmission device | |
| EP2282563B1 (en) | Method for releasing a mobile communication card for the use of a servcie of a mobile communication network and user equipment for interaction with a mobile communication network | |
| CN102892096B (en) | System, method, business operation support system (BOSS) and equipment for realizing account recharge | |
| CA2261187C (en) | Communications system for transmitting accounting instructions | |
| JPH1065652A (en) | System and method for communication secrecy information | |
| AU2715501A (en) | A system for recharging a prepaid value in respect of a telephone connection | |
| CN103108316A (en) | Authentication method, device and system for aerial card writing | |
| US7386727B1 (en) | Method for digital signing of a message | |
| US8290870B2 (en) | Method and device for exchanging values between personal portable electronic entities | |
| CN100550083C (en) | The conversion method of character string and the generation of intelligent net service card and authentication method | |
| KR100336094B1 (en) | Method and apparatus for changing class of electronic card | |
| KR100336093B1 (en) | Method and apparatus for changing limitation storable money | |
| KR20040087663A (en) | System and the Method for electronic settlement of accounts by using fingerprint recognition of mobile phone | |
| KR20170058346A (en) | Method for Authenticating Payment by Code Combination |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| EEER | Examination request | ||
| FZDE | Discontinued | ||
| FZDE | Discontinued |
Effective date: 20081110 |