DK174672B1 - Electronic identification code delivery system - Google Patents

Electronic identification code delivery system Download PDF

Info

Publication number
DK174672B1
DK174672B1 DK199901608A DKPA199901608A DK174672B1 DK 174672 B1 DK174672 B1 DK 174672B1 DK 199901608 A DK199901608 A DK 199901608A DK PA199901608 A DKPA199901608 A DK PA199901608A DK 174672 B1 DK174672 B1 DK 174672B1
Authority
DK
Denmark
Prior art keywords
sim card
electronic signature
code
terminal
reference code
Prior art date
Application number
DK199901608A
Other languages
Danish (da)
Inventor
Christian Paul Ward
Original Assignee
Orange As
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority to DK199901608A priority Critical patent/DK174672B1/en
Application filed by Orange As filed Critical Orange As
Priority to EP00974345A priority patent/EP1228653A1/en
Priority to CA002390835A priority patent/CA2390835A1/en
Priority to PCT/DK2000/000620 priority patent/WO2001035685A1/en
Priority to CNB008168326A priority patent/CN1167298C/en
Priority to AU12690/01A priority patent/AU1269001A/en
Priority to BR0015445-8A priority patent/BR0015445A/en
Priority to JP2001537299A priority patent/JP2003514469A/en
Publication of DK199901608A publication Critical patent/DK199901608A/en
Priority to HK03100826.7A priority patent/HK1048720A1/en
Application granted granted Critical
Publication of DK174672B1 publication Critical patent/DK174672B1/en

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/02Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/355Personalisation of cards for use
    • G06Q20/3558Preliminary personalisation for transfer to user
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/409Device specific authentication in transaction processing
    • G06Q20/4097Device specific authentication in transaction processing using mutual authentication between devices and transaction partners
    • G06Q20/40975Device specific authentication in transaction processing using mutual authentication between devices and transaction partners using encryption therefor
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1016Devices or methods for securing the PIN and other transaction-data, e.g. by encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/56Financial cryptography, e.g. electronic payment or e-cash
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/02Terminal devices

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • General Physics & Mathematics (AREA)
  • Accounting & Taxation (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Theoretical Computer Science (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Signal Processing (AREA)
  • Finance (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)
  • Telephone Function (AREA)

Description

DK 174672 B1DK 174672 B1

Opfindelsen angår et system til elektronisk udlevering af en PIN-kode, omfattende en med et antal krypteringsnøgler sikret server, der har fået tilført en referencekode for frembringelse af PIN-koden, samt organer for kryptering af referencekoden og den ved hjælp af krypteringsnøgleme frembragte PIN-kode, og som via tilsluttede kommunika-5 tionsorganer er i stand til at overføre en SMS-besked indeholdende en elektronisk signatur baseret på referencekoden til et SIM-kort omfattende organer til at modtage og lagre den krypterede SMS-besked, hvilket SIM-kort er tilsluttet en terminal med inddata- og visningsorganer.BACKGROUND OF THE INVENTION 1. Field of the Invention The invention relates to a system for electronically delivering a PIN code, comprising a server secured by a number of encryption keys, to which a reference code has been supplied for generating the PIN code, as well as means for encrypting the reference code and the code, which is capable of transmitting via SMS a communication message containing an electronic signature based on the reference code to a SIM card comprising means for receiving and storing the encrypted SMS message, which SIM card is connected to a terminal with input and display means.

Personlige identifikationsnumre, såkaldte PIN-koder, anvendes for tiden i mange forskel- 10 lige sammenhænge, især i forbindelse med økonomiske transaktioner, hvor der anvendes et kreditkort eller et lignende betalingsmiddel sammen med en terminal. Informationen, der er lagret i kreditkortet, verificeres af kortets brugerunder fuldførelsen af transaktionen ved, at brugeren indtaster en med kortudstederen aftalt PIN-kode på terminalens tastatur. Herved sikres, at brugeren af kortet er identisk med kortets ejer.Personal identification numbers, so-called PINs, are currently used in many different contexts, especially in financial transactions where a credit card or similar payment method is used with a terminal. The information stored in the credit card is verified by the card user during the completion of the transaction by the user entering a PIN code agreed with the card issuer on the terminal's keyboard. This ensures that the user of the card is identical to the card owner.

15 PIN-koden tildeles almindeligvis kreditkortet i forbindelse med udstedelsen, og sendes i regelen til brugeren separat som almindelig postforsendelse. Denne fremgangsmåde er for det første ikke fuldstændig sikker, og den har for det andet den ulempe, at det kan tage adskillige dage, inden brevet når frem til kortindehaveren, og denne herefter kan tage kreditkortet i brug.The PIN code is usually assigned to the credit card in connection with the issuance and is usually sent to the user separately as a regular postal mail. Firstly, this procedure is not completely secure and, secondly, it has the disadvantage that it may take several days before the letter reaches the cardholder and it can then use the credit card.

20 Fra WO Al 99/39524 kendes en procedure og et system til behandling af meddelelser i et telekommunikationssystem. Dette omfatter et SIM-kort med tekniske midler til at modtage og lagre krypterede SMS-beskeder. Det viste system er dog ikke i stand til at viderebehandle de på SIM-kortet lagrede beskeder, f.eks. ved sammenligning med en indtastet kode eller lignende.20 WO Al 99/39524 discloses a procedure and a system for processing messages in a telecommunication system. This includes a SIM card with technical means for receiving and storing encrypted SMS messages. However, the displayed system is unable to process the messages stored on the SIM card, e.g. by comparison with an entered code or the like.

25 Formålet med opfindelsen er at anvise et sikkert, hurtigt og effektivt system, der er i stand til at udlevere PIN-koder til kunder på en mere hensigtsmæssig måde.The object of the invention is to provide a secure, fast and efficient system capable of delivering PIN codes to customers in a more convenient manner.

2 DK 174672 B12 DK 174672 B1

Et system af den indledningsvis nævnte art er ifølge opfindelsen ejendommeligt ved, at SIM-kortet omfatter organer til at sammenligne den lagrede, elektroniske signatur baseret på referencekoden i SMS-beskeden med en af en bruger af terminalen indtastet referencekode, der efterfølgende anvendes til at frembringe en elektronisk signatur ved 5 hjælp af en tilsvarende krypteringsnøgle i SIM-kortet, samt organer til, under forudsætning af at der er overensstemmelse mellem den lagrede og den indtastede elektroniske signatur, efterfølgende at tillade en visning af den til signaturerne hørende PIN-kode på terminalens visningsorgan. Det er således kun muligt at opnå kendskab til en given PIN-kode, hvis brugeren af en bestemt terminal indtaster den tilhørende referencekode.According to the invention, a system of the kind mentioned initially is characterized in that the SIM card comprises means for comparing the stored electronic signature based on the reference code in the SMS message with a reference code entered by a user of the terminal, which is subsequently used to generate an electronic signature by means of a corresponding encryption key in the SIM card, and means for, provided that there is a correspondence between the stored and the entered electronic signature, subsequently allowing a display of the signature PIN code of the terminal display means. Thus, it is only possible to know a given PIN code if the user of a particular terminal enters the corresponding reference code.

10 Udvekslingen af PIN-koden og referencekoden sker udelukkende i form af krypterede datasignaler, der kun lader sig dekryptere ved anvendelse af de to unikke krypterings-nøgler. Herved opnås en stor sikkerhed ved udlevering af PIN-koder.10 The exchange of the PIN code and the reference code takes place solely in the form of encrypted data signals which can only be decrypted using the two unique encryption keys. This provides a high level of security when delivering PINs.

Fremdeles kan ifølge opfindelsen den elektroniske signatur i den sikrede server og den elektroniske signatur i SIM-kortet frembringes af en datakrypteringsalgoritme (triple-15 DES-algoritme) med to nøgler, der hver har en ordlængde på mindst 56 bit. En sådan krypteringsalgoritme udviser en stor sikkerhed over for uautoriserede forsøg på dekryp-tering.Still, according to the invention, the electronic signature in the secured server and the electronic signature in the SIM card can be generated by a data encryption algorithm (triple-15 DES algorithm) with two keys, each having a word length of at least 56 bits. Such an encryption algorithm exhibits a high degree of security against unauthorized attempts at decryption.

Endvidere kan ifølge opfindelsen kommunikationsorganeme tilsluttet den sikrede server anvende en radioforbindelse til at transmittere SMS-beskeden til SIM-kortet tilsluttet 20 terminalen. Derved bliver det muligt at anvende en mobil terminal til modtagelse af SMS-beskeder.Furthermore, according to the invention, the communication means connected to the secured server can use a radio connection to transmit the SMS message to the SIM card connected to the terminal. This makes it possible to use a mobile terminal for receiving SMS messages.

Desuden kan ifølge opfindelsen referencekodeme omfatte mindst 6 alfanumeriske cifre.In addition, according to the invention, the reference codes may comprise at least 6 alphanumeric digits.

Derved bliver det muligt at anvende f.eks. CPR-numre, kontonumre, navne, nøgleord eller anden information, der kun kendes af brugeren, som referencekode.This makes it possible to use e.g. CPR numbers, account numbers, names, keywords or other information known only by the user as a reference code.

25 Endelig kan ifølge opfindelsen den elektroniske signatur baseret på referencekoden overføres til SIM-kortet i krypteret form samtidig med, at SIM-kortet tildeles et unikt DK 174672 B1 3 identifikationsnummer. Hermed vil uautoriserede dekrypteringer af PIN-koder under transmissionen af disse ikke kunne forekomme, og systemets sikkerhed er på denne måde forbedret.Finally, according to the invention, the electronic signature based on the reference code can be transmitted to the SIM card in encrypted form at the same time as the SIM card is assigned a unique identification number DK 174672 B1 3. This will prevent unauthorized decryption of PINs during transmission thereof and thus improve the security of the system.

Opfindelsen skal nærmere forklares i det følgende under henvisning til tegningen, som 5 viser et blokdiagram over en foretrukken udførelsesform for opfindelsen.The invention will be explained in more detail below with reference to the drawing, which shows a block diagram of a preferred embodiment of the invention.

Det på tegningen viste system til elektronisk udlevering af en PIN-kode omfatter en sikret server 3, der er i stand til at modtage unikke informationer 1 (vist som et skema til udfyldning af personlige data) i form af referencekoder 2, samt krypteringsorganer 4, der efterfølgende kan beregne den elektroniske signatur (5) baseret på referencekoden 10 2, i serveren 3. Serveren 3 står i forbindelse med en såkaldt over-the-air platform 6 (OTA), der er forbundet med et SMS-tjeneste-center 8, der er indrettet til at modtage krypterede informationer 7 fra platformen 6. SMS-tjeneste-centeret 8 er i forbindelse med et SIM-kort 10, der er forbundet til en mobil terminal 12 af GSM-typen med et tastatur 13 og et visningsorgan i form af et display 14, og er i stand til at transmittere 15 færdige SMS-beskeder videre til SIM-kortet 10. SIM-kortet 10 omfatter et lager 11 til lagring af krypterede SMS-beskeder (9), krypteringsorganer 16 til kryptering af data 15 indtastet af en bruger af terminalen 12 via tastaturet 13, sammenligningsorganer 17 forbundet til lageret 11 og tastaturet 13 til at sammenligne de lagrede data med de indtastede data. Sammenligningsorganeme 17 er endvidere tilsluttet organer 18 til at vise 20 PIN-koden på terminalens 12 display 14.The system for electronically dispensing a PIN code shown in the drawing comprises a secured server 3 capable of receiving unique information 1 (shown as a form for filling in personal data) in the form of reference codes 2, as well as encryption means 4, which can subsequently calculate the electronic signature (5) based on the reference code 10 2, in the server 3. The server 3 communicates with a so-called over-the-air platform 6 (OTA) connected to an SMS service center 8 adapted to receive encrypted information 7 from the platform 6. The SMS service center 8 is in connection with a SIM card 10 which is connected to a GSM-type mobile terminal 12 with a keyboard 13 and a display means in the in the form of a display 14, and is capable of transmitting completed SMS messages to the SIM card 10. The SIM card 10 comprises a storage 11 for storing encrypted SMS messages (9), encryption means 16 for encrypting data 15 entered by a terminal user a 12 via the keyboard 13, comparison means 17 connected to the storage 11 and the keyboard 13 to compare the stored data with the data entered. The comparator means 17 are further connected to means 18 to display the PIN code on the display 14 of the terminal 12.

Ved anvendelse af systemet afleverer brugeren en unik information 1 i form af en referencekode 2 til den sikrede server 3. Referencekoden 2 anvendes som indgangssignal til i serveren 3 at frembringe en elektronisk signatur 5 ved hjælp af krypteringsorganet 4. Den elektroniske signatur 5 transmitteres via over-the-air platformen 6 til administra-25 tion af SIM-kort videre til SMS-tjeneste centeret 8, der omdanner den elektroniske signatur 5 til en SMS-besked 9, der er egnet til transmission til det pågældende SIM-kort 10 forbundet til den mobile terminal 12. SIM-kortet 10 indeholder et lager 11, der er 4 DK 174672 B1 indrettet til at modtage og opbevare den krypterede SMS-besked 9. Sammenligningsorganerne 17 anvendes til at sammenligne den elektroniske signatur 5 i den krypterede SMS-besked 9 med den af krypteringsorganeme 16 frembragte elektroniske signatur 20, der dannes på grundlag af data 15 indtastet via tastaturet 13 i terminalen 12. Hvis der 5 er sammenfald mellem den elektroniske signatur 5 og den af brugeren indtastede elektroniske signatur 20, giver sammenligningsorganeme 17 signal til styreorganerne 18 om, at PIN-koden 19 skal vises på den mobile terminals 12 display 14. Hermed har brugeren fået udleveret sin PIN-kode.Using the system, the user delivers unique information 1 in the form of a reference code 2 to the secured server 3. The reference code 2 is used as an input signal to produce in the server 3 an electronic signature 5 by the encryption means 4. The electronic signature 5 is transmitted via -the-air platform 6 for administering SIM cards further to the SMS service center 8, which converts the electronic signature 5 into an SMS message 9 suitable for transmission to the respective SIM card 10 connected to the mobile terminal 12. The SIM card 10 contains a storage 11 which is arranged to receive and store the encrypted SMS message 9. The comparison means 17 are used to compare the electronic signature 5 in the encrypted SMS message 9. with the electronic signature 20 generated by the encryption means 16, which is formed on the basis of data 15 entered via the keyboard 13 in the terminal 12. If there is 5 coincidence between the electro the signature signature 5 and the electronic signature 20 entered by the user, the comparator means 17 signal to the control means 18 that the PIN code 19 is to be displayed on the display 14. of the mobile terminal 12, thereby giving the user his PIN code.

I en foretrukken udførelsesform for opfindelsen udgøres terminalen 12 af en mobil 10 terminal, såsom en mobiltelefon. Mobile terminaler indrettet til kommunikation over et eksisterende GSM-net kræver et SIM-kort (Subscriber Identity Module) for at fungere.In a preferred embodiment of the invention, the terminal 12 is constituted by a mobile 10 terminal, such as a mobile telephone. Mobile terminals designed to communicate over an existing GSM network require a Subscriber Identity Module (SIM) card to work.

Dette SIM-kort, der under brug udgør en integreret del af den mobile terminals elektronik, indeholder blandt andet koder, der identificerer den mobile terminal over for GSM-nettet. Denne identifikation er nødvendig for at netværket kan være i stand til f.eks. at 15 positionsbestemme den mobile terminal med henblik på transmission af mobiltelefoni via den eller de transmissionsmaster i netværket, der er mest hensigtsmæssige at anvende på det pågældende tidspunkt.This SIM card, which during use forms an integral part of the mobile terminal's electronics, contains, among other things, codes that identify the mobile terminal to the GSM network. This identification is necessary for the network to be capable of e.g. determining the mobile terminal for transmission of mobile telephony via the transmission tower (s) in the network most suitable to use at that time.

Serveren 3 indeholder programmel til at frembringe PIN-koder (ikke vist), en triple DES (Data Encryption Standard) krypteringsalgoritme (henvisningstal 4), en krypteret 20 database (ikke vist) indeholdende krypteringsnøgler til alle SIM-kort registreret i systemet samt informationer vedrørende sammenhængen mellem de mobile terminalers numre og de tilhørende SIM-korts numre. En triple DES-algoritme er en kry teringsalgoritme i tre niveauer, der anses for at være særlig sikker over for uautoriseret dekryptering.Server 3 contains software for generating PINs (not shown), a triple DES (Data Encryption Standard) encryption algorithm (reference number 4), an encrypted 20 database (not shown) containing encryption keys for all SIM cards registered in the system, and information regarding the connection between the numbers of the mobile terminals and the numbers of the corresponding SIM cards. A triple DES algorithm is a three-level encryption algorithm that is considered to be particularly secure against unauthorized decryption.

Når den sikrede server 3 har modtaget referencekoden 2 fra en ny bruger og kontrol-25 leret, at brugerens SIM-kort nummer er gyldigt i systemet, frembringer serveren 3 en elektronisk signatur 5. Dette gøres fortrinsvis ved anvendelse af triple DES krypteringsalgoritmen 4 kombineret med de to nøgler på mindst 56 bit, der hører til brugerens SIM- DK 174672 B1 5 kort nummer. Den elektroniske signatur 5 transmitteres til brugerens SIM-kort 10 som særligt formatterede 8-bit GSM SMS- (Short Message System) beskeder. Kodningen af SMS-beskedeme er tilpasset således, at når en SMS-besked 9 modtages af brugerens SIM-kort 10, lagres referencekodens 2 elektroniske signatur 5 i SIM-kortets 10 lager 11, 5 og brugeren gøres opmærksom på, at frembringelsen af PIN-koden er klar til brug.When the secured server 3 has received the reference code 2 from a new user and verified that the user's SIM card number is valid in the system, the server 3 generates an electronic signature 5. This is preferably done using the triple DES encryption algorithm 4 combined with the two keys of at least 56 bits that belong to the user's SIM-DK 174672 B1 5 card number. The electronic signature 5 is transmitted to the user's SIM card 10 as specially formatted 8-bit GSM Short Message System (SMS) messages. The encoding of the SMS messages is adapted such that when an SMS message 9 is received by the user's SIM card 10, the electronic signature 5 of the reference code 2 is stored in the memory 11, 5 of the SIM card 10 and the user is informed that the generation of the PIN code the code is ready to use.

Når brugeren dernæst afvikler det program i SIM-kortet 10, der er i stand til at udlevere PIN-koden, anmoder programmet, ved hjælp af terminalens 12 display 14, brugeren om at indtaste referencekoden 15 på terminalens 12 tastatur 13. Referencekoden 15 kodes af krypteringsorganet 16 i SIM-kortet 10 ved anvendelse af den samme krypterings-10 algoritme, som blev anvendt af krypteringsorganet 4 i den sikrede server 3, da referencekoden 2 blev tilført til den sikrede server 3, hvorved der frembringes en anden elektronisk signatur 20. Sammenligningsorganeme 17 i SIM-kortet 10 sammenligner nu den i lageret 11 lagrede på referencekoden 2 baserede elektroniske signatur 5 med den af krypteringsorganet 16 frembragte elektroniske signatur 20, og hvis de to signaturer er 15 ens, afgiver sammenligningsorganeme 17 et signal til styreorganet 18 om, at PIN-koden 19 må vises på terminalens 12 display 14. Såfremt de to elektroniske signaturer ikke er ens, gives der via displayet 14 besked til brugeren om, at referencekoden 15 ikke er godkendt, og brugeren opfordres til at prøve at indtaste referencekoden 15 igen. Hvis referencekoden 15 efter yderligere to forsøg stadig ikke er korrekt indtastet, afbrydes 20 programmet, og PIN-koden 19 kan først udleveres, når brugeren fra den sikrede server 3 har hentet en ny referencekode 2, der kan være magen til den første referencekode 2 eller forskellig fta denne.Then, when the user executes the program in the SIM card 10 capable of providing the PIN code, the program, by means of the display 14 of the terminal 12, asks the user to enter the reference code 15 on the terminal 12 of the terminal 12. The reference code 15 is encoded by the encryption means 16 in the SIM card 10 using the same encryption algorithm used by the encryption means 4 in the secured server 3, when the reference code 2 was applied to the secured server 3, thereby generating another electronic signature 20. The comparison means 17 of the SIM card 10 now compares the electronic signature 5 based on the reference code 2 stored in the memory 11 with the electronic signature 20 produced by the encryption means 16, and if the two signatures are equal, the comparators 17 give a signal to the control means 18 that The PIN code 19 must be displayed on the display 12 of the terminal 12. If the two electronic signatures are not the same, the display 14 will notify the user the week that the reference code 15 is not approved and the user is encouraged to try to enter the reference code 15 again. If, after another two attempts, the reference code 15 is still not properly entered, the program 20 is interrupted and the PIN code 19 can only be issued when the user has retrieved from the secured server 3 a new reference code 2 which may be similar to the first reference code 2 or different fta this one.

Til yderligere sikring af at den udleverede PIN-kode er aflæst korrekt, kan brugeren tilbydes validering af den udleverede PIN-kode. Dette gøres ved at lade brugeren indta-25 ste den på displayet 14 viste PIN-kode ved hjælp af tastaturet 13. Brugeren gøres herefter opmærksom på, om PIN-koden er korrekt indtastet. Hvis det ikke er tilfældet, vises PIN-koden igen af displayet 14, og valideringsprocessen gentages.To further ensure that the PIN provided is read correctly, the user can be offered validation of the PIN provided. This is done by letting the user enter the PIN code shown on the display 14 using the keypad 13. The user is then informed that the PIN code has been entered correctly. If not, the PIN will be displayed again on the display 14 and the validation process will be repeated.

DK 174672 B1 6 I en alternativ udførelsesform ville PIN-koden kunne anbringes i SIM-kortet, når dette blev forsynet med en unik identitetskode. Hermed ville man kunne undgå, at PIN-koden på noget tidspunkt transmitteres. Dette betragtes som en mere sikker udførelsesform, fordi uautoriserede dekrypteringer af PIN-koder under transmissionen af disse ikke ville 5 kunne forekomme.In an alternative embodiment, the PIN code could be placed in the SIM card when it was provided with a unique identity code. This would prevent the PIN from being transmitted at any time. This is considered a more secure embodiment because unauthorized decryption of PINs during the transmission of these would not occur.

Opfindelsen er således ikke begrænset til den foretrukne udførelsesform, men vil kunne fremstilles på andre måder, uden at der derved afviges fra opfindelsens idé.Thus, the invention is not limited to the preferred embodiment, but can be made in other ways without departing from the spirit of the invention.

Claims (5)

1. System til elektronisk udlevering af en PIN-kode, omfattende en med et antal krypteringsnøgler sikret server (3), der har fået tilført en referencekode (2) for frembrin- 5 gelse af PIN-koden, samt organer (4) for kryptering af referencekoden og den ved hjælp af krypteringsnøgleme frembragte PIN-kode, og som via tilsluttede kommunikationsorganer (6, 8) er i stand til at overføre en SMS-besked (9) indeholdende en elektronisk signatur (5) baseret på referencekoden (2) til et SIM-kort (10) omfattende organer (11) til at modtage og lagre den krypterede SMS-besked (9), hvilket SIM-kort er tilsluttet en 10 terminal (12) med inddata- (13) og visningsorganer (14), kendetegnet ved, at SIM-kortet (10) omfatter organer (17) til at sammenligne den lagrede, elektroniske signatur (5) baseret på referencekoden (2) i SMS-beskeden (9) med en af en bruger af terminalen (12) indtastet referencekode (15), der efterfølgende anvendes til at frembringe en elektronisk signatur (20) ved hjælp af en tilsvarende krypteringsnøgle (16) i SIM-15 kortet (10), samt organer (18) til, under forudsætning af at der er overensstemmelse mellem den lagrede (5) og den indtastede elektroniske signatur (20), efterfølgende at tillade en visning af den til signaturerne (5, 20) hørende PIN-kode på terminalens (12) visningsorgan (14).An electronic delivery system for a PIN code, comprising a server (3) secured by a number of encryption keys, to which a reference code (2) has been supplied for generating the PIN code, and means (4) for encryption of the reference code and the PIN code generated by the encryption keys and which is capable of transmitting via SMS (6, 8) communication messages (9) containing an electronic signature (5) based on the reference code (2) to a SIM card (10) comprising means (11) for receiving and storing the encrypted SMS message (9), which SIM card is connected to a terminal (12) with input (13) and display means (14), characterized in that the SIM card (10) comprises means (17) for comparing the stored electronic signature (5) based on the reference code (2) in the SMS message (9) with one of a user of the terminal (12) entered reference code (15) subsequently used to generate an electronic signature (20) by means of a corresponding encryption key (16) in the SIM-15 card (10), and means (18), provided that there is a match between the stored (5) and the entered electronic signature (20), subsequently allowing a display of the to the signatures (5, 20) of the PIN code of the display means (14) of the terminal (12). 2. System ifølge krav 1,kendetegnet ved, at den elektroniske signatur (5) i den 20 sikrede server (3) og den elektroniske signatur (20) i SIM-kortet (10) frembringes af en datakrypteringsalgoritme (triple-DES-algoritme) med to nøgler, der hver har en ordlængde på mindst 56 bit.System according to claim 1, characterized in that the electronic signature (5) in the secured server (3) and the electronic signature (20) in the SIM card (10) are generated by a data encryption algorithm (triple-DES algorithm). with two keys, each having a word length of at least 56 bits. 3. System ifølge krav 1 eller 2, kendetegnet ved, at kommunikationsorganeme (6, 8) tilsluttet den sikrede server (3) anvender en radioforbindelse til at transmittereSystem according to claim 1 or 2, characterized in that the communication means (6, 8) connected to the secured server (3) use a radio connection to transmit 25 SMS-beskeden (9) til SIM-kortet (10) tilsluttet terminalen (12). DK 174672 B1 825 The SMS message (9) to the SIM card (10) connected to the terminal (12). DK 174672 B1 8 4. System ifølge et eller flere af de foregående krav, kendetegnet ved, at referencekoderne (2, 15) omfatter mindst 6 alfanumeriske cifre.System according to one or more of the preceding claims, characterized in that the reference codes (2, 15) comprise at least 6 alphanumeric digits. 5. System ifølge et eller flere af de foregående krav, kendetegnet ved, at den elektroniske signatur (5) baseret på referencekoden (2) overføres til SIM-kortet (10) i 5 krypteret form samtidig med, at SIM-kortet (10) tildeles et unikt identifikationsnummer.System according to one or more of the preceding claims, characterized in that the electronic signature (5) based on the reference code (2) is transmitted to the SIM card (10) in encrypted form at the same time as the SIM card (10) is assigned a unique identification number.
DK199901608A 1999-11-09 1999-11-09 Electronic identification code delivery system DK174672B1 (en)

Priority Applications (9)

Application Number Priority Date Filing Date Title
DK199901608A DK174672B1 (en) 1999-11-09 1999-11-09 Electronic identification code delivery system
CA002390835A CA2390835A1 (en) 1999-11-09 2000-11-09 System for electronic delivery of a personal identification code
PCT/DK2000/000620 WO2001035685A1 (en) 1999-11-09 2000-11-09 System for electronic delivery of a personal identification code
CNB008168326A CN1167298C (en) 1999-11-09 2000-11-09 System for electronic delivery of personal identification code
EP00974345A EP1228653A1 (en) 1999-11-09 2000-11-09 System for electronic delivery of a personal identification code
AU12690/01A AU1269001A (en) 1999-11-09 2000-11-09 System for electronic delivery of a personal identification code
BR0015445-8A BR0015445A (en) 1999-11-09 2000-11-09 System for electronic assignment of a personal identification code
JP2001537299A JP2003514469A (en) 1999-11-09 2000-11-09 System for electronic transmission of personal identification code
HK03100826.7A HK1048720A1 (en) 1999-11-09 2003-02-05 System for electronic delivery of a personal identification code

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DK160899 1999-11-09
DK199901608A DK174672B1 (en) 1999-11-09 1999-11-09 Electronic identification code delivery system

Publications (2)

Publication Number Publication Date
DK199901608A DK199901608A (en) 2001-05-10
DK174672B1 true DK174672B1 (en) 2003-08-25

Family

ID=8106504

Family Applications (1)

Application Number Title Priority Date Filing Date
DK199901608A DK174672B1 (en) 1999-11-09 1999-11-09 Electronic identification code delivery system

Country Status (9)

Country Link
EP (1) EP1228653A1 (en)
JP (1) JP2003514469A (en)
CN (1) CN1167298C (en)
AU (1) AU1269001A (en)
BR (1) BR0015445A (en)
CA (1) CA2390835A1 (en)
DK (1) DK174672B1 (en)
HK (1) HK1048720A1 (en)
WO (1) WO2001035685A1 (en)

Families Citing this family (32)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW498245B (en) * 2000-09-13 2002-08-11 First Cube Pte Ltd A method and system using SMS notification for facilitating delivery of goods
US7668315B2 (en) * 2001-01-05 2010-02-23 Qualcomm Incorporated Local authentication of mobile subscribers outside their home systems
NO313810B1 (en) * 2001-04-25 2002-12-02 Ericsson Telefon Ab L M Cryptographic signing in small units
DE60141905D1 (en) * 2001-11-05 2010-06-02 Nokia Corp Delivery to network of mobile stations Functional and self-test results in response to an encrypted request
SE519072C2 (en) * 2002-01-10 2003-01-07 Telia Ab Method of access control in mobile communications
DE10218191B4 (en) * 2002-01-24 2007-06-21 Vodafone Holding Gmbh Adjustable mobile terminal
CN100343829C (en) * 2002-04-15 2007-10-17 无敌科技股份有限公司 Remote data preserving back-up restoring method
GB2391669A (en) * 2002-08-09 2004-02-11 Optisign Ltd Portable device for verifying a document's authenticity
US7702910B2 (en) * 2002-10-24 2010-04-20 Telefonaktiebolaget L M Ericsson (Publ) Message authentication
JP4067985B2 (en) * 2003-02-28 2008-03-26 松下電器産業株式会社 Application authentication system and device
AU2003281970A1 (en) * 2003-03-18 2004-10-11 Eta-Max Method to increase security of secure systems
FR2853785B1 (en) * 2003-04-09 2006-02-17 Oberthur Card Syst Sa SECURE ELECTRONIC ENTITY WITH MODIFIABLE COUNTER FOR USING SECRET DATA
EP1661338A1 (en) * 2003-08-12 2006-05-31 Research In Motion Limited System and method of secure message processing
JP4696449B2 (en) * 2004-01-09 2011-06-08 ソニー株式会社 Encryption apparatus and method
CN100344195C (en) * 2004-09-24 2007-10-17 华为技术有限公司 Mobile terminal used for protecting user input information and its method
AT500833B1 (en) * 2004-10-08 2007-06-15 Pribitzer Wolfgang Ing METHOD, TERMINAL AND SYSTEM FOR APPROVAL CONTROL OF A DEVICE
US8135395B2 (en) * 2005-03-18 2012-03-13 Qualcomm Incorporated Methods and apparatus for monitoring configurable performance levels in a wireless device
CN100450208C (en) * 2005-11-03 2009-01-07 华为技术有限公司 Short message encryption protection realizing method and system
CN100369074C (en) * 2006-03-02 2008-02-13 西安西电捷通无线网络通信有限公司 Method for realizing encryption/decryption processing in SMS4 cipher algorithm
US9237148B2 (en) 2007-08-20 2016-01-12 Blackberry Limited System and method for displaying a security encoding indicator associated with a message attachment
WO2009123395A1 (en) * 2008-04-04 2009-10-08 Lg Electronics Inc. Terminal and method for selecting secure device
EA016997B1 (en) * 2008-05-14 2012-09-28 Шин, Елена Ильинична Process of remote user authentication in computer networks to perform the cellphone-assisted secure transactions
DK2461297T3 (en) * 2008-11-12 2020-12-21 Idemia Denmark As Device and method for distributing a personal ID number
GR1006978B (en) * 2009-10-02 2010-09-17 Ιντεαλ Ηλεκτρονικη Αβεε, Disclosure of a pin number through a combining sending and use of a card carrier and a text message (sms)
CN101815267A (en) * 2010-03-05 2010-08-25 惠州Tcl移动通信有限公司 Method for encrypting short message of mobile communication terminal
JP5337125B2 (en) * 2010-09-24 2013-11-06 株式会社エヌ・ティ・ティ・ドコモ Terminal apparatus, communication system, telephone number determination method and program
CN101982989A (en) * 2010-10-29 2011-03-02 蒋晴琴 Encryption system based on coating anti-counterfeit technology
TR201103175A2 (en) * 2011-04-01 2012-10-22 Turkcell �Let���M H�Zmetler� Anon�M ��Rket� A system and method for secure message transmission
KR101080511B1 (en) * 2011-08-03 2011-11-04 (주) 아이씨티케이 Integrated circuit chip prevneting leak of identification key and method for certification of the integrated circuit chip
US9037865B1 (en) 2013-03-04 2015-05-19 Ca, Inc. Method and system to securely send secrets to users
US9853926B2 (en) 2014-06-19 2017-12-26 Kevin Alan Tussy Methods and systems for exchanging private messages
CN108875505B (en) * 2017-11-14 2022-01-21 北京旷视科技有限公司 Pedestrian re-identification method and device based on neural network

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
SE508844C2 (en) * 1997-02-19 1998-11-09 Postgirot Bank Ab Procedure for access control with SIM card
JP2003521820A (en) * 1997-08-01 2003-07-15 サイエンティフィック−アトランタ, インコーポレイテッド Conditional access system
FI980085A0 (en) * 1998-01-16 1998-01-16 Finland Telecom Oy Encryption in card form and annulling in encryption
US6151677A (en) * 1998-10-06 2000-11-21 L-3 Communications Corporation Programmable telecommunications security module for key encryption adaptable for tokenless use
FI107860B (en) * 1999-02-09 2001-10-15 Sonera Smarttrust Oy Procedure and systems for a telecommunications system and a subscriber identity module

Also Published As

Publication number Publication date
BR0015445A (en) 2002-11-05
EP1228653A1 (en) 2002-08-07
HK1048720A1 (en) 2003-04-11
DK199901608A (en) 2001-05-10
CA2390835A1 (en) 2001-05-17
JP2003514469A (en) 2003-04-15
WO2001035685A1 (en) 2001-05-17
CN1408187A (en) 2003-04-02
AU1269001A (en) 2001-06-06
CN1167298C (en) 2004-09-15

Similar Documents

Publication Publication Date Title
DK174672B1 (en) Electronic identification code delivery system
US10528940B2 (en) PIN servicing
US6847816B1 (en) Method for making a payment secure
US7694130B1 (en) System and method to authenticate a user utilizing a time-varying auxiliary code
US7600676B1 (en) Two factor authentications for financial transactions
US9864983B2 (en) Payment method, payment server performing the same and payment system performing the same
US5826245A (en) Providing verification information for a transaction
KR101150241B1 (en) Method and system for authorizing a transaction using a dynamic authorization code
US6990586B1 (en) Secure data transmission from unsecured input environments
US6435416B1 (en) Method of authenticating a personal code of a user of an integrated circuit card
US20030191945A1 (en) System and method for secure credit and debit card transactions
EP1873729A1 (en) Portable terminal, settlement method, and program
EA006395B1 (en) System and method for secure credit and debit card transactions
CN101485128A (en) Portable consumer device verification system
CN102186169A (en) Identity authentication method, device and system
CN111292489A (en) Card settlement terminal and card settlement system
US20200311715A1 (en) Methods and apparatus for payment card activation
AU2715501A (en) A system for recharging a prepaid value in respect of a telephone connection
US20170323302A1 (en) Security systems and methods
CN1870040A (en) Electronic transaction identification method and reading and transmission equipment used by it
WO2000008610A1 (en) Offline verification of integrated circuit card using hashed revocation list
CN100514905C (en) Method and devices for performing security control in electronic message exchanges
WO2022248726A1 (en) A method, system and apparatus for approving electronic transactions
CN113468495A (en) Method for realizing block chain fingerprint identification and authentication of personal assets
CN113011874A (en) Transaction method and device based on electronic card and controller

Legal Events

Date Code Title Description
PBP Patent lapsed

Ref document number: DK