EP0910923A1 - Erweiterte kurznachricht, synchronisation und sicherungsverfahren eines erweiterten kurznachrichtenaustausches in einem zellularen funkkommunikationssystem - Google Patents
Erweiterte kurznachricht, synchronisation und sicherungsverfahren eines erweiterten kurznachrichtenaustausches in einem zellularen funkkommunikationssystemInfo
- Publication number
- EP0910923A1 EP0910923A1 EP97933730A EP97933730A EP0910923A1 EP 0910923 A1 EP0910923 A1 EP 0910923A1 EP 97933730 A EP97933730 A EP 97933730A EP 97933730 A EP97933730 A EP 97933730A EP 0910923 A1 EP0910923 A1 EP 0910923A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- message
- identification module
- subscriber identification
- field
- improved message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
- G07F7/1008—Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/341—Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/355—Personalisation of cards for use
- G06Q20/3552—Downloading or loading of personalisation data
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/0806—Details of the card
- G07F7/0813—Specific details related to card security
- G07F7/082—Features insuring the integrity of the data on or in the card
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/126—Applying verification of the received information the source of the received data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/12—Transmitting and receiving encryption devices synchronised or initially set up in a particular manner
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3234—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3242—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/30—Security of mobile devices; Security of mobile applications
- H04W12/35—Protecting application or service provisioning, e.g. securing SIM application provisioning
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/12—Messaging; Mailboxes; Announcements
- H04W4/14—Short messaging services, e.g. short message services [SMS] or unstructured supplementary service data [USSD]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
Definitions
- the field of the invention is that of messages exchanged in cellular radiocommunication systems Generally, these messages are exchanged between a message service center and a plurality of mobile stations. Each mobile station consists of a terminal cooperating with a microprocessor user card, called subscriber identification module (or SIM module, for "Subsc ⁇ ber Identity Module” in English). More specifically, the invention relates to a particular structure message enhancement, and a method for synchronizing and securing an enhanced message exchange having this structure
- the invention applies in particular, but not exclusively, to a system according to this GSM standard
- a terminal In general, a terminal is physical equipment used by a network user to access the telecommunications services offered. There are different types of terminals, such as in particular portable, portable or even mobile mounted on vehicles.
- the latter When a terminal is used by a user, the latter must connect his user card (SIM module) to the terminal, which is generally in the form of a smart card.
- SIM module Subscriber card
- the user card supports a main telephone application (for example the GSM application) which allows its operation, as well as that of the terminal to which it is connected, in the cellular radiocommunication system.
- the user card provides the terminal to which it is connected with a unique subscriber identifier (or IMSI identifier, for "International Mobile Subsc ⁇ ber Identity" in English).
- the user card includes means for executing commands (by example, a microprocessor and a program memory) and data storage means (for example a data memory)
- the IMSI identifier, as well as all the individual information concerning the subscriber and intended to be used by the terminal, are stored in the data storage means of the SIM module. This allows each terminal to be used with any SIM module
- SMS Short Message Service
- a mobile station When a mobile station receives a message, it stores it in the data storage means of its SIM module. The main telephone application of each SIM module makes it possible to process each message received. Originally, the only function of a message was to provide subscriber information, generally via a terminal display screen Messages, known as normal messages, which fulfill this unique function therefore only contain raw data
- the SIM module is made to do something else (that is to say essentially more commands) than what it is normally capable of fading once it is in the application phase, it is that is, once it is inserted into a mobile phone in the hands of a user
- each message makes it possible to avoid corruption of a message, whether accidentally (also due to the transmission channel between the message service center and the mobile station), or intentionally (the goal then being to modify a message to make it perform other actions, more sensitive, than those provided by the source of the message).
- the authenticity requirement of the transmitting entity ensures that it is authorized to send improved messages. Indeed, this remote application mechanism must be reserved for particular transmitters (such as operators and service providers in particular).
- the verification procedure of presentation type of secret code does not offer sufficient security guarantees in the event of interception of an improved message.
- the identification information does not vary from one message to another, it is easy for an unauthorized person to replay a message, that is to say to pass as authentic a message previously fraudulently intercepted
- one of the objectives of the present invention is to provide a synchronization method and securing an improved exchange of messages, as well as a corresponding structure improves message, which allow to resynchronize the source of messages and SIM module in case of transmission problems on the network
- Another object of the invention is to provide such a method and such an improved message structure which ensure the uniqueness of each improved message transmitted.
- Another object of the invention is to provide such a method and such an improved message structure which ensure the integrity of each improved message transmitted.
- a complementary objective of the invention is to provide such a method and such an improved message structure which ensure the authenticity of the emitted entity of the improved messages.
- an improved message of the type transmitted by a message service center to a mobile station of a communication system.
- said improved message comprising a header and a body, said body containing in particular a first field for storing remote commands belonging to an application remote from said mobile station, said mobile station consisting of a terminal cooperating with a module subscriber identification, said terminal comprising means for receiving said improved message, said subscriber identification module comprising means for storing and processing said improved message received by the terminal, said module subscriber identification serving as support for said remote application and comprising means for executing said remote commands, said improved message being characterized in that said body also comprises a second field for storing the current value of a counter of synchronization, said current value of the synchronization counter being intended to be compared with a previous value of the synchronization counter stored in the subscriber identification module, so that said improved message is accepted or refused by the identification module d subscriber according to the result of the comparison of the current
- synchronization between the message service center and the subscriber identification module is based on the use of a counter shared between these two entities.
- Each message transmitted to the SIM module contains the current value of this synchronization counter This current value is distinct for each message
- the SIM module keeps the previous value of the synchronization counter, which it compares to the current value contained in each message, in order to accept or reject this message
- the SIM module can resynchronize with the message source as of the following message since the current value of the synchronization counter is contained in each message
- the body of said improved message also includes a third field storing a first location information of the storage location in iesdits module data storage means of a subscriber identity from said previous value of the synchronization counter.
- the SIM module supports several remote applications. Indeed, in this case, when it receives a message, it is the content of the third field which allows the SIM module to know which synchronization counter to use.
- said means for storing data of the subscriber identification module have a hierarchical structure at least three levels and comprise at least the following three types of files: master file, or main directory; specialized file, or secondary directory placed under said master file; elementary file, placed under one of said specialized files, said parent specialized file, or directly under said master file, said parent master file, a system elementary file (EF SMS System), specific to said remote application, containing a second location information of the storage location, in said means for storing data of the subscriber identification module, of said previous value of the synchronization counter, said improved message is characterized in that said first location information contained in said third field of storage is an identifier of a specialized file or of a master file to which said system elementary file relates according to a predetermined search strategy in the data storage means.
- each message includes an identifier allowing the SIM module to find the elementary system file to which the remote application sending this message is linked.
- This system elementary file notably includes the previous value of the synchronization counter associated with
- said body also comprises a fourth field for storing a cryptogram, known as a transmitted cryptogram, the calculation of which involves at least in part the content of the second field for storing the current value of the synchronization counter, said transmitted cryptogram being intended to be compared with another cryptogram, said local cryptogram, calculated by the subscriber identification module, so that said improved message is accepted by the subscriber identification module
- the SIM module knows which current value was used for the calculation of the cryptogram and can therefore calculate the comparison cryptrogram (local cryptogram) on the same bases.
- the tiansmission of the current value of the counter in the message also ensures that a message received can be accepted, even if the message or messages sent before it are not yet received (or never arrive)
- the calculation of said transmitted cryptograms and verification also involves at least in part the content of the first storage field of the remote commands.
- the calculation of said transmitted and verification cryptograms involves at least all of the content of the second storage field of the current value of the synchronization counter and all of the content of the first storage field of remote commands In this way, we increase the quality of security
- the calculation of said tiansmis and verification cryptograms is carried out with a cryptographic function belonging to the group comprising
- SUBSTITUTE SHEET (RULE 26) the cryptographic functions with secret key, and the cryptographic functions with public key
- said subscriber identification module storing, in said data storage means of the subscriber identification module, a cryptographic function and an associated key specific to said remote application and making it possible to calculate said local cryptogram
- said improved message is characterized in that the body of said improved message also comprises a fifth field for storing third location location information, in said data storage means, said cryptographic function and said associated key specific to said remote application.
- the SIM module supports several remote applications, each associated with a separate pair (cryptographic function, key), and where the SIM module stores the different pairs associated with these different applications. Indeed, in this case, when it receives a message, it is the content of the fifth field which allows the SIM module to know which pair (cryptographic function, key) to use
- said third field also constitutes said fifth field , said first location information also constituting said third location information.
- the content of the third field allows the SIM module to know not only which synchronization counter to use, but also which pair (cryptographic function, key)
- said body also comprises a sixth field for storing a checksum, called a transmitted checksum, the calculation of which at least partly involves the content of the first storage field for remote commands, said transmitted checksum being intended to be compared to another checksum, called local checksum, calculated by the subscriber identification module, so that said improved message is accepted by the subscriber identification module if the transmitted and local checksums are identical, and refused otherwise
- checksum or English checksum
- said subscriber identification module comprising an input / output line on which it receives local commands, appearing: relating to a local application at said mobile station, said improved message is characterized in that said commands remote contained in said first field of said improved message are substantially identical to said local commands received on the input / output line
- the SIM module can manage both types of local and remote commands, without the need to duplicate the executable code of the SIM module (code generally located in ROM memory and or in EEPROM memory)
- the invention also relates to a method for synchronizing and securing an exchange of improved messages between a message service center and a mobile station of a cellular radiocommunication system, each improved message comprising a header and a body, said body containing in particular a first remote command storage field belonging to an application remote from said mobile station, said mobile station consisting of a terminal cooperating with a subscriber identification module, said terminal comprising means for receiving said message improves, said subscriber identification module comprising means for storage and processing of said improved message received by the terminal, said subscriber identification module serving as support for said remote application and comprising means for executing said remote commands, said method being characterized in that it comprises in particular the following steps, said message service center transmits to said mobile station an improved message, the body of which also includes a second field for storing the current value of a synchronization counter, the subscriber identification module of the mobile station compares said current value of the synchronization counter, contained in said message improves with a previous value of the synchronization counter, stored in the subscriber identification module, the
- the current value of the synchronization counter is incremented by a predetermined step, and said improved message is accepted by the subscriber identification module. only if said current value of the synchronization counter is greater than said previous value
- any new current value must be greater than that contained in the last accepted message (i.e. the previous value stored in the SIM module)
- said step of updating the previous value of the synchronization counter with said current value is carried out only if the difference between said current and previous values is less than a predetermined maximum incrementation step.
- a predetermined maximum incrementation step it is avoided that the counter is blocked too quickly at its maximum value.
- the life of the counter is increased, and attacks consisting of rapidly blocking the SIM module are avoided by bringing the counter to its maximum value. Indeed, when it is thus blocked, the counter cannot be reset to zero by a remote application. Only an administrative procedure can unblock it, which generates additional costs.
- said method also comprises the following step when said improved message is refused by the subscriber identification module, the latter returns to the message service center an improved message containing a specific error code, allowing the center message service to know that said improved message it previously sent was refused for a problem of synchronization of account
- the body of said improved message transmitted by the message service center to the mobile station also comprises a third field for storing a first location location information information, in said means for storing data of the subscriber identification module,
- SUBSTITUTE SHEET (RULE 26) said previous value of the synchronization counter, said step of comparison by the subscriber identification module of the current and previous values of the synchronization counter being preceded by the following steps - the subscriber identification module reads said first location information contained in the third field of said improved message, the subscriber identification module deduces the storage location from the previous value of the synchronization counter, the subscriber identification module reads, at said storage location, the value synchronization counter previous
- the body of said improved message transmitted by the message service center to the mobile station also comprises a fourth field for storing a cryptogram, called transmitted cryptogram, calculates using at least in part the content of the second storage field of the current value of the synchronization counter, and said process also comprises the following steps the subscriber identification module calculates a local cryptogram, using at least partially the content of the second field of said improved message the subscriber identification module compares said transmitted cryptogram and said local cryptogram, so that said improved message is accepted if the transmitted and local cryptograms are identical, and refused otherwise
- said method is characterized in that the body of said improved message transmitted by the message service center to the mobile station also comprises a fifth field of storage of third location information of the storage location, in said data storage means, of said cryptographic function and of said associated key, and in that said step
- said means for storing data of the subscriber identification module have a hierarchical structure at least three levels and comprise at least the following three types of files master file, or pnncipal directory, - specialized file, or secondary directory placed under said master file, elementary file, placed under one of said specialized files, said parent specialized file, or directly under said master file, said parent master file, said method is characterized in that '' a basic system file (EF SMS).
- EF SMS basic system file
- the body of said improved message transmitted by the message service center to the mobile station also comprises a sixth field for storing a checksum, called a transmitted checksum, the calculation of which involves at least in part the content of the first field for storing remote commands, said method also comprising the following steps the subscriber identification module calculates a local checksum, using at least in part the content of the first field of said improved message, the identification module subscriber compares said transmitted checksum and said local checksum
- FIG. 1 presents a particular embodiment of the structure of an improved message according to the invention
- FIGS. 2 to 4 each present an example of secure improved exchange of messages according to the method of the invention
- FIG. 5 presents an example of calculation of a cryptogram used in the method of the invention
- - Figure 6 presents a simplified flowchart of a particular embodiment of the method of the invention
- Figures 7 to 9 each present, in more detail, one of the steps appearing on the flow diagram of FIG. 6.
- the invention therefore relates to a particular structure of an improved message, as well as a method of synchronization and of securing tion of an improved message exchange with this structure
- the cellular radiocommunication system is of the GSM type and implements an improved short message service (or ESMS, for "Enhanced Short Message Service "in English) It is clear however that the invention is not limited to a GSM type system, but more generally relates to all cellular radiocommunication systems offering an improved message service.
- the improved short messages are exchanged between a short message service center (SMS-C) and one or more mobile stations (MS) among a plurality
- SMS-C short message service center
- MS mobile stations
- Each mobile station consists of a terminal cooperating with a subscriber identification module (SIM module)
- SIM module subscriber identification module
- the terminal comprises means for receiving an improved message
- the SIM module comprises means for storing and processing the improved message received by the terminal
- Each improved message contains commands remote belonging to an application remote from the SIM module
- the SIM module is used to support this remote application (and possibly others) and includes means for executing these remote commands
- FIG. 1 shows a particular embodiment of the structure of an improved message according to the invention.
- the improved message comprises a header 1 and a body 2 (or TP-UD, for "Transfer layer Protocol - User Data" in English)
- Body 2 notably contains a "Commands" field 3, in which remote commands are stored.
- these are for example conventional commands (operational or administrative), defined in the GSM 1 1.1 1, ISO 78 16-4 or even EN 726-3 standards, such as SELECT, UPDATE BINARY, UPDATE RECORD , SEEK, CREATE FILE, CREATE RECORD, EXTEND, etc.
- the format of these remote commands is identical to that of the local commands that the SIM module normally receives on its input / output line. The SIM module can therefore process remote commands in the same way as local commands.
- the body 2 of the improved message of the invention comprises several other fields, namely in particular a "Synchronization counter” field 4, a “System” field 5, a "Certificate” field SMS “6 and a field” SMS-Id "7
- a "Synchronization counter” field 4 a "System” field 5
- a "Certificate” field SMS "6 a "Certificate” field SMS "6 and a field” SMS-Id "7
- the "Synchronization counter" field 4 contains the current value of a synchronization counter. As explained more precisely below, in relation to FIGS. 2 to 4, 6 and 8, this current value of the synchronization counter is intended to be compared with a previous value of this same synchronization counter, which is stored in the data storage means of the SIM module. Depending on the result of this comparison, the improved message is either accepted or refused by the SIM module.
- the "System" field 5 contains location information, in the data storage means of the SIM module, of a system file itself containing either directly elements specific to the remote application sending the message, or other information of location, in the data storage means of the SIM module, of these elements
- elements specific to the transmitting remote application we mean in particular the previous value of the synchronization counter as well as a cryptographic function and an associated key (these last two elements used to calculate a "local” cryptogram intended to be compared to a "transmitted” cryptogram contained in the "SMS certificate” field 6). It is known to provide, for the data storage means of the module
- SIM a hierarchical structure with at least three levels, with the following three types of files.
- master file or main directory
- DF specialized file
- EF - elementary file
- the aforementioned system file of the invention is for example a basic system file (EF SMS System)
- EF SMS System basic system file
- the location information contained in the "System” field 5 is then an identifier ("DF entry ") of a specialized file (DF) or of a master file (MF)
- the SIM module implements, for example, an upstream search mechanism (of the “backtracking” type), consisting of - searching for a system elementary file firstly under the specialized file or the current master file (that is to say say the one indicated by the identifier "DF entry”), then, if no system elementary file exists under the specialized file or the current master file and if the identifier "DF entry" does not indicate the master file, search for a system elementary file directly under the master file
- the SIM module reads in the improved message the identifier "DF input” contained in the field "System” 5 From this identifier "DF input”, it finds the elementary file system to which the remote application sending the message is linked.
- the SIM module reads, for example, directly the current value of the synchronization counter; and the identifier of a specialized file under which there is an EF key_op file containing the pair (cryptographic function, associated key) connected to the remote application sending the message.
- the field "SMS certificate” 6 contains a cryptogram (called “transmitted cryptogram” in the following description).
- this transmitted cryptogram is intended to be compared with a local cryptogram, which is calculated by the SIM module. Depending on the result of this comparison, the improved message is either accepted or refused by the SIM module.
- SMS-Cert 4 least significant bytes of [MAC_Alg d
- FIG. 5 presents an example of calculation of the cryptogram transmitted SMS-Cert, in the case where the algorithm Alg d
- the SMS_data concatenation is divided into n blocks B
- à B ⁇ include for example 16 bytes If the length of the SMS_data concatenation does not allow to obtain a last block B n comprising 16 bytes, this last block is justified on the left and completed on the right with bytes of value 0, from so as to build a block comprising 16 bytes called B ' n .
- R n XOR (I n . 2 , B n .,)
- I n A3A8 (K jpp disturb, R poison.,)
- R n XOR (I nl , B ' n )
- I n A3A8 (K a pp h , R n )
- I n is the result of the MAC_A3A8 function
- XOR is the operator performing a bit-by-bit "OR-exclusive" between two 16-byte strings.
- the "SMS-Id" field 7 contains a checksum (called “checksum transmitted” in the following description) As explained more precisely below, in relation to FIGS. 6 and 7, this checksum transmitted is intended to be compared to a local checksum, which is calculated by the SIM module. Depending on the result of this comparison, the improved message is either accepted or refused by the SIM module
- FIG. 6 presents a simplified flow diagram of a particular embodiment of the method of the invention for synchronizing and securing an exchange of improved messages having the structure of FIG. 1
- the method of The invention notably comprises the following steps: the message service center transmits (61) an improved message to the SIM module of the mobile station, the SIM module checks (62) the checksum transmitted, which is contained in the "SMS" field -Id "7 of the improved message, if (63) the result of the verification of the transmitted checksum is not correct, the improved message is refused by the SIM module, otherwise (64) the SIM module checks (65) the current value of the synchronization counter, which is contained in the "Synchronization counter” field 4, if (66) the result of the verification of the current value of the synchronization counter is not correct, the message am Lioré is refused by the SIM.
- the SIM module immediately updates the previous value of the counter with the current value, and this before any other verification. Then it verifies (68) the transmitted cryptogram, which is contained in the "SMS certificate” field 6; if (69) the result of the verification of the transmitted cryptogram is not correct, the improved message is refused by the SIM module, otherwise (610) the SIM module executes (61 1) the remote commands contained in the "Commands" field 3.
- the step (62) for verifying the transmitted checksum itself comprises the following steps: the SIM module reads (71), in the "SMS-Id" field 7 of the message improved, the checksum transmitted; - the SIM module calculates (72) a local checksum, according to the same calculation rule as that used to calculate the checksum transmitted; the SIM module compares (73) the checksum transmitted and the local checksum.
- the improved message is accepted (64) if the transmitted and local checksums are identical, and refused (63) otherwise.
- the step (65) for checking the current value of the synchronization counter itself comprises the following different steps - the ht SIM module (81), in the "Synchronization counter” field "4, the current value of the synchronization counter; the SIM module reads (82), in the "System” field 5 of the improved message, information on the location of a system file (EF SMS System).
- this location information is for example the identifier "DF entry" of a specialized file (DF) or of a master file
- MF to which this elementary system file (EF SMS System) relates;
- the SIM module deduces therefrom (83) the location, in the data storage means of the SIM module, of the system file (EF SMS System) which contains in particular the previous value of the synchronization counter;
- the ht SIM module 84, in the system file (EF SMS System), the value
- SUBSTITUTE SHEET (RULE 26) previous synchronization counter; the SIM module compares (85) the current value of the synchronization counter with the previous value stored in the SIM module, at this second level of verification, the improved message is accepted by the SIM module if (67) the current value is strictly greater to the previous value of the synchronization counter. The SIM module can then update (86) the previous value with the current value, if (66) the current value is less than or equal to the previous value of the synchronization counter, the improved message is refused by the SIM module. The SIM module can then return (87) to the message service center an improved message containing a specific error code, allowing the message service center to know that the improved message it previously sent has been refused for a counter synchronization problem.
- FIGS 2 to 4 show different examples of improved secure message exchange according to the method of the invention.
- E_Sync evolution of the current value of the counter
- S_Sync in the SIM module, on the right
- Each arrow represents a message.
- the step (68) for verifying the transmitted cryptogram itself comprises the different steps following the SIM module reads (91), in the "SMS certificate” field 6, the current value of the synchronization counter, the SIM module calculates (92) a local cryptogram, according to the same calculation rule as that used to calculate the transmitted cryptogram, the SIM module compares (93) the transmitted cryptogram and the local cryptogram
- the improved message is accepted (610) if the transmitted and local cryptograms are identical, and refused (69) otherwise.
- the step 92 for calculating the local cryptogram has also been presented in more detail, which itself comprises the steps following the SIM module t (94), in the "System" field 5 of the improved message, location information of a system file (EF SMS System), the SIM module deduces therefrom (95) the location, in the data storage means of the SIM module, of the system file (EF SMS System)
- This system file contains itself other location information allowing the SIM module to find the cryptographic function and its associated key, which are linked to the remote application sending the improved message,
- SIM module calculates (96) the local cryptogram, using the cryptographic function and its associated key, as explained previously.
- step referenced 94 and the start of that referenced 95 are actually already carried out, as explained above, to find the previous value of the synchronization counter (which in turn is directly stored in the system file (EF SMS System))
- step 62 of verifying the checksum like that
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- General Physics & Mathematics (AREA)
- Business, Economics & Management (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- Microelectronics & Electronic Packaging (AREA)
- Theoretical Computer Science (AREA)
- General Business, Economics & Management (AREA)
- Strategic Management (AREA)
- Accounting & Taxation (AREA)
- Power Engineering (AREA)
- Mobile Radio Communication Systems (AREA)
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FR9608906A FR2748880A1 (fr) | 1996-05-17 | 1996-07-11 | Message ameliore et procede correspondant de synchronisation et de securisation d'un echange de messages ameliores dans un systeme de radiocommunication cellulaire |
FR9608906 | 1996-07-11 | ||
PCT/FR1997/001298 WO1998003026A1 (fr) | 1996-07-11 | 1997-07-11 | Message court ameliore et procede de synchronisation et de securisation d'un echange de messages courts ameliores dans un systeme de radiocommunication cellulaire |
Publications (1)
Publication Number | Publication Date |
---|---|
EP0910923A1 true EP0910923A1 (de) | 1999-04-28 |
Family
ID=9494119
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP97933730A Withdrawn EP0910923A1 (de) | 1996-07-11 | 1997-07-11 | Erweiterte kurznachricht, synchronisation und sicherungsverfahren eines erweiterten kurznachrichtenaustausches in einem zellularen funkkommunikationssystem |
Country Status (7)
Country | Link |
---|---|
US (1) | US6367014B1 (de) |
EP (1) | EP0910923A1 (de) |
JP (1) | JP2000514625A (de) |
CN (1) | CN1230324A (de) |
AU (1) | AU721223B2 (de) |
CA (1) | CA2259287A1 (de) |
WO (1) | WO1998003026A1 (de) |
Families Citing this family (43)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB2322045B (en) * | 1997-02-11 | 2002-02-20 | Orange Personal Comm Serv Ltd | Data store |
ATE202669T1 (de) * | 1997-11-25 | 2001-07-15 | Swisscom Mobile Ag | Verfahren und informationssystem zur übertragung von informationen auf identifikationskarten |
NO311000B1 (no) * | 1999-06-10 | 2001-09-24 | Ericsson Telefon Ab L M | Sikkerhetslosning for mobile telefoner med WAP |
OA12005A (en) * | 1999-08-04 | 2006-04-19 | Nagravision Sa | Method and device for guaranteeing the integrity and authenticity of a set of data. |
SE516779C2 (sv) * | 1999-10-01 | 2002-02-26 | Ericsson Telefon Ab L M | Bärbar kommunikationsapparat med ett användargränssnitt samt en arbetsmetod för densamma |
FI113146B (fi) * | 1999-10-19 | 2004-02-27 | Setec Oy | Menetelmä autentikointiviestin käsittelemiseksi, puhelinjärjestelmä, autentikointikeskus, tilaajalaite ja SIM-kortti |
FI109319B (fi) * | 1999-12-03 | 2002-06-28 | Nokia Corp | Päätelaitteelle välitettävän elektronisen informaation suodattaminen |
FI112418B (fi) * | 2000-02-01 | 2003-11-28 | Nokia Corp | Menetelmä datan eheyden tarkastamiseksi, järjestelmä ja matkaviestin |
SE517460C2 (sv) | 2000-03-24 | 2002-06-11 | Imp Internat Ab | Metod och system för kryptering och autentisiering |
US7505935B2 (en) * | 2000-06-21 | 2009-03-17 | Chikka Pte Ltd | Trading and auction system, and methods for the authentication of buyers and sellers and for the transmission of trading instructions in a trading and auction system |
US20020029254A1 (en) * | 2000-09-06 | 2002-03-07 | Davis Terry L. | Method and system for managing personal information |
US7343408B2 (en) * | 2000-12-05 | 2008-03-11 | Mformation Technologies, Inc. | System and method for wireless data terminal management using telecommunication signaling network |
US6909904B2 (en) * | 2001-05-23 | 2005-06-21 | Nokia Corporation | System and protocol for extending functionality of wireless communication messaging |
FI20011417A (fi) * | 2001-06-29 | 2002-12-30 | Nokia Corp | Menetelmä suojata elektroninen laite ja elektroninen laite |
FI112904B (fi) * | 2001-06-29 | 2004-01-30 | Nokia Corp | Menetelmä suojata elektroninen laite ja elektroninen laite |
ITRM20010492A1 (it) * | 2001-08-08 | 2003-02-10 | Nexse S R L | Metodo per la trasmissione sicura di dati tramite messaggi del servizio messaggi brevi, o sms (short message service), di telefonia radiomob |
CN100382554C (zh) * | 2001-12-26 | 2008-04-16 | 中兴通讯股份有限公司 | 增强移动通信的短消息业务的方法及其移动终端设备 |
AUPS217002A0 (en) * | 2002-05-07 | 2002-06-06 | Wireless Applications Pty Ltd | Clarence tan |
US20040203943A1 (en) * | 2002-06-12 | 2004-10-14 | Yigang Cai | Intelligent network application protocol communication between phone system switch and short message service center |
EP1383054A1 (de) * | 2002-07-19 | 2004-01-21 | SCHLUMBERGER Systèmes | Verfahren von Datensynchronisation für Chipkarten |
ATE383023T1 (de) * | 2002-09-16 | 2008-01-15 | Ericsson Telefon Ab L M | Sicherer zugang zu einem teilnehmermodul |
KR100952269B1 (ko) | 2002-09-16 | 2010-04-09 | 텔레폰악티에볼라겟엘엠에릭슨(펍) | 가입 모듈로의 안전 접근 |
EP1673898A1 (de) * | 2003-09-22 | 2006-06-28 | Impsys Digital Security AB | Datenkommunikations-sicherheitsanordnung und -verfahren |
US20070040669A1 (en) * | 2003-09-30 | 2007-02-22 | Koninkjike Phillips Electronics N.V. | Communications device comprising a receiver for important information, method of transmitting such information, and transmitting system using such a method |
ES2393568T3 (es) * | 2005-06-23 | 2012-12-26 | Swisscom Ag | Dispositivo con procedimiento y producto de programa informático para controlar la posibilidad de utilización de un módulo de aplicación mediante un módulo de seguridad |
DE602005015328D1 (de) | 2005-10-04 | 2009-08-20 | Swisscom Ag | Verfahren zur Anpassung der Sicherheitseinstellungen einer Kommunikationsstation und Kommunikationsstation |
US7752441B2 (en) * | 2006-02-13 | 2010-07-06 | Alcatel-Lucent Usa Inc. | Method of cryptographic synchronization |
EP2039188A2 (de) * | 2006-06-08 | 2009-03-25 | Ciaran Bradley | Verfahren und vorrichtungen für eine firewall auf sim-basis |
CN101026840A (zh) * | 2007-01-18 | 2007-08-29 | 华为技术有限公司 | 控制通信终端内用户信息的方法和执行控制的通信终端 |
KR100840901B1 (ko) * | 2007-06-22 | 2008-06-24 | 주식회사 케이티프리텔 | Ota 서비스를 제공하기 위한 시스템 및 그 방법 |
WO2009063406A2 (en) * | 2007-11-14 | 2009-05-22 | Nxp B.V. | Electronic system and method of operating an electronic system |
US8213967B2 (en) * | 2007-12-31 | 2012-07-03 | GM Global Technology Operations LLC | Preventing replay-type attacks on a vehicle communications system |
GB0812285D0 (en) * | 2008-07-04 | 2008-08-13 | Universal Systems Solution It | Mobile device security |
US8654756B2 (en) | 2008-07-18 | 2014-02-18 | Panasonic Corporation | Transmission device, reception device, transmission method, reception method, and transmission/reception system |
FR2941345B1 (fr) * | 2009-01-22 | 2013-10-11 | Antoine Getten | Dispositif de gestion a distance pour un serveur de fichiers informatiques |
KR20100098797A (ko) * | 2009-03-02 | 2010-09-10 | 삼성전자주식회사 | 듀얼 모드를 지원하는 휴대용 단말기의 동작 장치 및 방법 |
US8645695B2 (en) * | 2009-10-07 | 2014-02-04 | Blackberry Limited | System and method for managing security key architecture in multiple security contexts of a network environment |
US8812034B2 (en) * | 2011-09-30 | 2014-08-19 | Qualcomm Incorporated | Methods and apparatuses for management of SMS message identifications in a multi-mode device |
GB2558511A (en) * | 2014-04-24 | 2018-07-18 | Pismo Labs Technology Ltd | Methods and systems for configuring a system |
DE102014011044A1 (de) * | 2014-07-23 | 2016-01-28 | Giesecke & Devrient Gmbh | Teilnehmeridentitätsmodul mit Mindest-Sicherheitslevel MSL Prüfung |
JP6534913B2 (ja) * | 2015-11-06 | 2019-06-26 | 日立オートモティブシステムズ株式会社 | 情報処理装置および不正メッセージ検知方法 |
WO2018212978A1 (en) * | 2017-05-17 | 2018-11-22 | Kwourz Research Llc | Time-based encryption key derivation |
JP2022086355A (ja) * | 2020-11-30 | 2022-06-09 | 株式会社東海理化電機製作所 | 送信機、受信機、通信システム、およびプログラム |
Family Cites Families (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4654480A (en) | 1985-11-26 | 1987-03-31 | Weiss Jeffrey A | Method and apparatus for synchronizing encrypting and decrypting systems |
EP0459781B1 (de) * | 1990-05-29 | 1996-04-17 | Microchip Technology Inc. | Integrierte Schaltungen, insbesondere zum Gebrauch in Fernsteuersystemen |
US5353331A (en) * | 1992-03-05 | 1994-10-04 | Bell Atlantic Network Services, Inc. | Personal communications service using wireline/wireless integration |
GB9206679D0 (en) | 1992-03-27 | 1992-05-13 | Hutchison Microtel Limited | Mobile terminals and mobile communication networks involving such terminals |
EP0748135B1 (de) | 1993-06-15 | 1998-10-28 | Celltrace Communications Limited | Telekommunikationssystem |
US5457734A (en) * | 1993-07-08 | 1995-10-10 | At&T Ipm Corp. | Multi-band cellular radiotelephone system architecture |
US5544246A (en) | 1993-09-17 | 1996-08-06 | At&T Corp. | Smartcard adapted for a plurality of service providers and for remote installation of same |
EP0689368B1 (de) * | 1994-06-20 | 1997-05-14 | Swisscom AG | Vorrichtung zur Übermittlung von Meldungen in einem mobilen Kommunikationsnetz |
US5467398A (en) * | 1994-07-05 | 1995-11-14 | Motorola, Inc. | Method of messaging in a communication system |
-
1997
- 1997-07-11 JP JP10505687A patent/JP2000514625A/ja not_active Ceased
- 1997-07-11 CN CN97197840A patent/CN1230324A/zh active Pending
- 1997-07-11 WO PCT/FR1997/001298 patent/WO1998003026A1/fr not_active Application Discontinuation
- 1997-07-11 EP EP97933730A patent/EP0910923A1/de not_active Withdrawn
- 1997-07-11 AU AU36979/97A patent/AU721223B2/en not_active Ceased
- 1997-07-11 US US09/214,409 patent/US6367014B1/en not_active Expired - Lifetime
- 1997-07-11 CA CA002259287A patent/CA2259287A1/fr not_active Abandoned
Non-Patent Citations (1)
Title |
---|
See references of WO9803026A1 * |
Also Published As
Publication number | Publication date |
---|---|
JP2000514625A (ja) | 2000-10-31 |
US6367014B1 (en) | 2002-04-02 |
WO1998003026A1 (fr) | 1998-01-22 |
AU721223B2 (en) | 2000-06-29 |
CN1230324A (zh) | 1999-09-29 |
CA2259287A1 (fr) | 1998-01-22 |
AU3697997A (en) | 1998-02-09 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO1998003026A1 (fr) | Message court ameliore et procede de synchronisation et de securisation d'un echange de messages courts ameliores dans un systeme de radiocommunication cellulaire | |
EP0906603B1 (de) | Kommunikationssystem mit gesicherter, unabhängiger verwaltung mehrerer anwendungen pro gebraucherkarte, gebraucherkarte und verwaltungsverfahren dafür | |
EP0589757B1 (de) | Telekommunikationsanlage mit gesicherter Fernladung von Vorbezahlungsmitteln und Fernladungsverfahren dafür | |
EP1683388B1 (de) | Verfahren zur Verwaltung der Sicherheit von Anwendungen in einem Sicherheitsmodul | |
EP0973318A1 (de) | Verfahren zum Fernbezahlen mittels eines mobilen Funktelefons, die Erwerbung eines Gutes und/oder eines Dienstes und entsprechendes System und mobiles Funktelefon | |
EP0480833A1 (de) | Funktelefonanlage mit gesichertem Münzfernsprechdienst | |
EP0781065A2 (de) | Verfahren zur sicheren Benutzung eines Endgerätes eines zellularen Funkübertragungssystems sowie zugehöriges Endgerät und Benutzerkarte | |
FR2842059A1 (fr) | Procede de verouillage d'un terminal mobile de telecommunication | |
EP1483930A1 (de) | Aktualisierung eines authentifizierungsalgorithmus in einem informationssystem | |
WO2000051386A1 (fr) | Authentification dans un reseau de radiotelephonie | |
EP3308564A1 (de) | Verfahren zum laden einer virtuellen schlüssels und zugehöriges benutzerendgerät | |
EP1393272B1 (de) | Verfahren und vorrichtung zum beglaubigen einer transaktion | |
EP0066487B1 (de) | Datenübertragungssystem und in diesem System verwendete Sende- und Empfangsausrüstung | |
WO1999049647A1 (fr) | Systeme de telephonie mobile avec carte de prepaiement | |
FR2748880A1 (fr) | Message ameliore et procede correspondant de synchronisation et de securisation d'un echange de messages ameliores dans un systeme de radiocommunication cellulaire | |
WO2003045085A2 (fr) | Methode de controle d'acces a des services specifiques par un diffuseur | |
WO2001093528A2 (fr) | Procede de communication securisee entre un reseau et une carte a puce d'un terminal | |
EP1321005B1 (de) | Verfahren zum laden von informationen auf einem identifizierungsmittel | |
EP1867132B1 (de) | Verfahren und geräte zur steuerung der präsenz eines endgeräts auf einem zugangspunkt zu einem telefonnetz | |
FR3147063A1 (fr) | Procédés d’émission de données de configuration, dispositifs électroniques associés, réseau central et serveur comprenant un tel dispositif électronique | |
WO2001075817A1 (fr) | Procede d'authentification de cartes a puces | |
WO1997039539A1 (fr) | Dispositif interactif de jeu comportant un recepteur d'informations radiodiffusees, en particulier un poste radiophonique |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
17P | Request for examination filed |
Effective date: 19990211 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AT BE CH DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE |
|
RIN1 | Information on inventor provided before grant (corrected) |
Inventor name: HUET, CEDRIC Inventor name: LAGET, ANNE Inventor name: PROUST, PHILIPPE |
|
RIN1 | Information on inventor provided before grant (corrected) |
Inventor name: HUET, CEDRIC Inventor name: LAGET, ANNE Inventor name: PROUST, PHILIPPE |
|
17Q | First examination report despatched |
Effective date: 20040414 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN |
|
18D | Application deemed to be withdrawn |
Effective date: 20041026 |