EP1364512A2 - Procede et systeme de communication permettant de preparer un element-programme - Google Patents

Procede et systeme de communication permettant de preparer un element-programme

Info

Publication number
EP1364512A2
EP1364512A2 EP02708167A EP02708167A EP1364512A2 EP 1364512 A2 EP1364512 A2 EP 1364512A2 EP 02708167 A EP02708167 A EP 02708167A EP 02708167 A EP02708167 A EP 02708167A EP 1364512 A2 EP1364512 A2 EP 1364512A2
Authority
EP
European Patent Office
Prior art keywords
computer
program element
identification information
approval message
installation approval
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP02708167A
Other languages
German (de)
English (en)
Inventor
Rainer Falk
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Siemens AG
Original Assignee
Siemens AG
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Siemens AG filed Critical Siemens AG
Publication of EP1364512A2 publication Critical patent/EP1364512A2/fr
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/34Network arrangements or protocols for supporting network services or applications involving the movement of software or configuration parameters 
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/30Definitions, standards or architectural aspects of layered protocol stacks
    • H04L69/32Architecture of open systems interconnection [OSI] 7-layer type protocol stacks, e.g. the interfaces between the data link level and the physical level
    • H04L69/322Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions
    • H04L69/329Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions in the application layer [OSI layer 7]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/30Security of mobile devices; Security of mobile applications
    • H04W12/35Protecting application or service provisioning, e.g. securing SIM application provisioning
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/101Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measures for digital rights management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/10Integrity

Definitions

  • the invention relates to a method and a communication system for providing a program element.
  • a common cellular phone is made using
  • the software is usually loaded by the cell phone, installed and executed there to ensure different functionalities in the cell phone.
  • the cell phone is controlled by software in its radio properties (for example the frequency bands to be used, the transmission power to be used or the modulation method to be used) or other properties such as the type of
  • a mobile telephone generally a communication terminal or a mobile terminal
  • the functionality of a mobile telephone can thus be specifically changed or expanded by loading appropriate software.
  • software can be transmitted to the mobile phone via any unsecured channels, in particular via a radio channel.
  • a method for reliably providing software should advantageously not be dependent on specific assumptions about the type of software distribution.
  • a digital signature uses the principle of asymmetric cryptography, in which a private key and a corresponding public key, which together form an asymmetrical key pair, are used.
  • a certificate of the respective public cryptographic key is used to securely certify a link between the public cryptographic key and the name of the person or organization to which the public key belongs. This ensures that the key pair used, consisting of the respective private cryptographic key and public cryptographic key, is reliable.
  • asymmetric cryptography has the particular disadvantage that, for example, a high computing power is required when creating a digital signature, which often even leads to the fact that special cryptographic co-processors are used in the respective computers producing the digital signature.
  • the verification of the digital signature is a very computationally complex task due to the asymmetrical cryptographic operations to be carried out, which often considerably overwhelms the computing power resources available in a mobile telecommunications terminal.
  • sequence of certificates used to secure the public keys used must be validated for what purpose an evaluation of the data contained in the certificates, such as checking the validity of the certificates used or taking into account predefinable restrictions in the use of the respective certificates.
  • the additional security information that is, for example, the digital signature and the associated information
  • the invention is therefore based on the problem of specifying a method and a communication system for providing a program element by means of which a lower computing requirement is achieved and in which the amount of data required to transmit the security information is reduced.
  • the program element is transmitted from the first computer to the second computer. Furthermore, an installation approval message is transmitted to the second computer, wherein the installation approval message contains at least first identification information, second identification information and a cryptographic value that relates to at least the first identification information and the second identification -Information was formed contains.
  • the first identification information the program element provided is identified, preferably uniquely.
  • the second identification information it is possible to identify the second computer, also preferably uniquely.
  • the cryptographic value is formed using a symmetrical secret key, the symmetrical secret key being available, that is to say stored, both in the second computer and in an authentication unit. Using the symmetrical secret key, the cryptographic value is verified in the second computer and in the event that the verification is successful and the installation approval message contains the information that the program element may be installed and / or may be executed, the program element is installed or executed in the second computer.
  • Identification information in each case explicitly and / or implicitly.
  • An example of the information being available implicitly can be seen in the use of a cryptographic key used in each case, which permits a corresponding conclusion to be drawn about the particular instance using the key.
  • the first identification information can be a hash value that is formed via the respective program element.
  • a communication system for providing a program element has
  • the installation approval message contains at least the following information: first identification information with which the provided program element is identified, second identification information with which the second computer is identified, a cryptographic value about at least the first identification information and the second identification information,
  • a symmetrical secret key being stored in the second computer and in the authentication unit
  • the authentication unit has a unit for forming the cryptographic value using the symmetrical secret key
  • the second computer has a verification unit for verifying the cryptographic value using the symmetrical secret key
  • the invention can clearly be seen in the fact that a ticket is used in addition to the program element, which contains unambiguous, reliable security information for identifying the program element provided and the second computer, i.e. the computer on which the program element is installed or is to be carried out.
  • the reliability of the identification information is achieved by the cryptographic value that is formed via the identification information using the symmetrical secret key.
  • a program element is any type of computer program or part of one
  • executing a computer program also means interpreting a computer program, for example interpreting a computer program in Java (Java bytecode) using a virtual machine.
  • the cryptographic value can be a cryptographic hash value, which is preferably formed according to one of the following methods:
  • CBC-MAC using a known block cipher (e.g. DES, 3DES, AES, IDEA),
  • a known block cipher e.g. DES, 3DES, AES, IDEA
  • HMAC-MD5 eg MD5, SHA-1, RIPEMD, RIPEMD160
  • HMAC-SHA1 HMAC-SHA1
  • HMAC-RIPEMD HMAC-RIPEMD160
  • HMAC-RIPEMD160 • HMAC using a known hash function with shortened output (eg HMAC- MD5-80, HMAC-SHA1-80, HMAC-RIPEMD-80, HMAC-RIPEMD160-80 with output shortened to 80 bits)
  • the cryptographic hash value is also referred to as the message authentication code (MAC).
  • the functions used to determine a message authentication code are also referred to as a “keyed hash function *.
  • Additional information can be added to the ticket, i.e. the installation approval message, for example:
  • Installation approval message is reliable, that is, is valid
  • the authentication unit can be contained in the first computer, in which case both the program element and the installation approval message are stored in the first computer.
  • a further computer with a database which clearly functions as a program archive (download archive), can be provided, which transfers the desired program element to the first computer.
  • the installation approval messages which are specific to a tuple of the following units, can also be found in the download archive:
  • • second computer, and • program element can be stored in a communication network on the basis of the unique assignment of the symmetrical secret keys to the second computer and the respective authentication unit.
  • the authentication unit is not contained in the first computer, it can alternatively be provided that the authentication unit has access to the download archive and loads installation authorization messages previously stored there, if necessary.
  • the authentication unit itself can also form the cryptographic value using the symmetric secret key accessible to it.
  • the entire installation approval message itself can also be secured using a cryptographic method, for example encrypted or signed using asymmetrical or symmetrical cryptography.
  • a request message is sent from the second computer to the authentication unit with the first identification information contained in the request message and a second one
  • the authentication unit it is determined whether the program element belonging to the respective first identification information and the second computer corresponding to the second identification information, whether the program element may be installed or executed at all. If this is the case, an installation approval message is generated and sent to the second computer.
  • Both the installation approval message and the request message can contain different one-time values or the same one-time value, in which case the degree of security is further increased as part of the method.
  • the one-time value used can be, for example, a random number or a predeterminable counter value.
  • the same one-time value is used in the installation approval message and in the request message, a binding is achieved between the request message and the installation approval message, the level of cryptographic security being further increased if the cryptographic value additionally exceeds the One-time value is formed.
  • the second computer is a telecommunications terminal, for example a mobile telecommunications terminal, preferably a mobile radio communication terminal, that is to say a mobile radio telephone.
  • FIG. 1 shows a block diagram in which a communication system is shown, which is designed according to the GSM standard
  • Figure 2 is a block diagram of a communication system according to a first embodiment of the invention.
  • Figures 3a and 3b is a block diagram of a
  • Figures 4a to 4c a block diagram of a
  • FIGS. 5a and 5b message flow diagrams in the event that a
  • FIG.5a Installation approval message is transmitted, which allows an installation or execution of the program element (Fig.5a) or with an installation approval message, which does not allow the installation or execution of the program element (cf. 5 b);
  • Figure 6 is a flow chart in which the individual
  • FIG. 7 shows a flow chart in which the individual method steps that are carried out in the authentication unit according to an exemplary embodiment of the invention are shown.
  • Fig.l shows a communication system 100 with a.
  • a large number of mobile communication terminals 101 each of which is connected via an air interface 102, that is to say a radio link, to a base transceiving station (BTS) 103, also referred to below as a base station, each of which is a base station system 104 (Base Station System, BSS) are assigned, wherein a base control station (Base Station Controller, BSC) 105 is provided for each base station system 104 for controlling the base station (s) 103 contained in the base station system 104.
  • BSS Base Station System
  • BSC Base Station Controller
  • At least some of the base station systems 104 of the communication system 100 are in accordance with the GSM / GPRS / EDGE standard with a mobile switching center 106 (Mobile Switching Center, MSC) for the transmission of line-bound voice or data and with an SGSN 107 (Serving GPRS Support Node) for the transmission packet data to a gateway (Gateway GPRS Support Node, GGSN) 108 connected to a packet data network 112.
  • MSC Mobile Switching Center
  • SGSN 107 Serving GPRS Support Node
  • GGSN Gateway
  • the mobile switching center 106 is connected to a conventional telephone network 109.
  • the central exchange 106 or the SGSN 107 performs functions required for the exchange of communication connections for the operation of the mobile communication terminals 101 in the respective groups of Base station systems 104, for which a mobile switching center 106 or the SGSN 107 is "responsible".
  • the functions provided by the mobile switching center 106 or SGSN 107 include
  • Procedures that are used to interact with other communication networks for example a fixed network such as PSTN, ISDN,
  • Each base station 103 is connected via the packet data network 112 to an authentication unit 110, which is explained in more detail below.
  • the communication system 100 has at least one
  • Program element provisioning computer 111 which is also coupled to the mobile communication terminals 101 via the packet data network 112.
  • FIG. 2 shows a simplified illustration of the communication system 200 according to a first exemplary embodiment of the invention.
  • a program element 202 is stored in a program element provisioning computer 201 and is transmitted via a
  • Communication connection 203 transmitted from the program element provisioning computer 201 to a mobile communication terminal, in accordance with this exemplary embodiment a mobile telephone 101, and stored there.
  • the mobile communication terminal 101 receives the program element 202 from a source not trusted by the mobile communication terminal 101.
  • the mobile communication terminal 101 Before the actual installation or execution of the program element 202, the mobile communication terminal 101 checks whether the program element is trustworthy and whether it may be installed or executed at all.
  • the mobile communication terminal 101 requests an installation approval message from an authentication unit 204, which is explained in more detail below.
  • the authentication unit 204 Based on the request message 205, it is determined in the authentication unit 204 whether the respective program element 202 may be installed or executed on the mobile communication terminal 101 or not.
  • the result of the check is transmitted to the mobile communication terminal 101 with an installation approval message 207 from the authentication unit 204 to the mobile communication terminal 101 via the communication link 206.
  • FIG. 3a and 3b show alternative architectures of a communication system 300, 310 according to further exemplary embodiments of the invention.
  • the program element 302 is stored in the program element provisioning computer 301 (cf. FIG. 3a).
  • the program element 302 is accessed by the program element provisioning computer 301 via a first communication link 303, according to this
  • Embodiment at least partially transmit a radio link to the mobile communication terminal 101.
  • program element 302 is a second
  • the installation approval message 306 is transmitted to the mobile communication terminal 101 via a third communication connection 307, likewise a radio connection according to this exemplary embodiment.
  • the mobile communication terminal 101 it is checked on the basis of the installation approval message 306, as will be explained in more detail below, whether the received program element 302 may be installed or executed.
  • 3b shows an alternative architecture, in which the authentication unit 305 only with the program element provisioning computer 301 via the second
  • Communication connection 304 is connected and not directly to the mobile communication terminal 101. After receiving the program element 302 or alternatively after receiving an inquiry message (not shown), the installation approval message 306 is also formed. In a further step, the installation approval message 306 is transmitted via the second communication connection 304 to the program element provisioning computer 301 and from there to the mobile communication terminal 101.
  • 4 a to 4 b show further alternatives of a communication system 400, 420, 430 according to further exemplary embodiments of the invention.
  • an archive computer 401 is provided in which a multiplicity of program elements 402, 403,... 404 are stored.
  • the archive computer 401 has a first one
  • the program element provisioning computer 409 is connected to the mobile communication terminal 101 via a second communication connection 410.
  • a program element 402, 403, 404 optionally requested by the program element provisioning computer 409 is transmitted from the archive computer 401 to the program element provisioning computer 409, temporarily stored there or stored permanently and via the third communication connection 412 to the mobile communication terminal 101 transmitted.
  • 4b shows an alternative architecture in which a large number of installation approval messages 405, 406,... 407 are stored in the archive computer 401.
  • the exemplary embodiment according to FIG. 4b differs from the exemplary embodiment according to FIG. 4a in particular in that, as in the exemplary embodiment according to FIG. 3b, the authentication unit 411 with the program element provision computer 409 via a third
  • Communication link 412 is connected. After receipt of the program element 402 or alternatively after receipt of a request message (not shown), the installation approval message 405, 406, 407 is formed.
  • the installation approval message 405 is transmitted via the third communication connection 412 to the program element provisioning computer 301 and from there via the second communication connection 410 to the mobile communication terminal 101.
  • the exemplary embodiment shown in FIG. C differs from the exemplary embodiment according to FIG. B in particular in that, as in the exemplary embodiment according to FIG. 3a, the authentication unit 411 is connected directly to the mobile communication terminal 101 via a fourth communication connection 413. According to this exemplary embodiment, the installation approval message 405 is thus transmitted directly to the mobile communication terminal 101 via the fourth communication connection 413.
  • the procedure described below, in particular the structure of the request message and the installation approval message, is identical for all the exemplary embodiments described above in which the respective messages are used.
  • the procedure for providing a program element becomes the structure of the communication system 200 according to the first to simplify the illustration of the invention
  • the program element 202 becomes the program element 202 via the first communication link 203 to the mobile
  • the request message 205 is formed by the mobile communication terminal 101.
  • the request message 205 has the following information:
  • the random number N serves to create a logical link between the request message 205 and a first type of installation authorization message 501 described below.
  • the first type of installation approval message 501 which is transmitted by the authentication unit 204 to the mobile communication terminal 101 (cf. FIG. 5 a) in the event that the program element 202 is trustworthy and on the mobile communication Terminal 101 may be installed or executed contains
  • the following information can additionally be contained in the installation approval message 501:
  • the authentication unit 204 forms an installation approval message 502 in which an error 503 is given is contained and sends this to the mobile communication terminal 101 (see FIG. 5b).
  • the request message 205 and / or the installation approval message 501 are cryptographically secured using a symmetrical cryptographic method.
  • the cryptographically strong hash value H which was formed via the program element 202, is determined according to this exemplary embodiment in accordance with the MD5 method or the SHA-1 method as a cryptographic checksum.
  • the checksum is determined using the data contained in the installation approval message of the first type 501 using a secret symmetrical key that is only known and stored in the mobile communication terminal and the authentication unit 204 , formed, for example using a method for forming a message
  • the installation approval message 501 and the information contained therein is generated in a simple and thus very efficient manner by the security information, which is formed below using the symmetrical secret key, at least via the first identification information and the second identification information, hereinafter referred to as the cryptographic value Information protected,
  • Authentication unit 204 unique secret symmetric key can in principle be used in the context of the invention any method for generating a symmetrical key and for distributing such in the two communicating units.
  • FIG. 6 shows in a flowchart 600 the individual method steps which are carried out in the mobile communication terminal 101 according to the first exemplary embodiment of the invention.
  • the program element 202 is received in the mobile communication terminal 101 in a further step (step 602) as described above.
  • the first identification information that is to say the information for identifying the program element 202, is received and stored in the mobile communication terminal 101.
  • a random number N is formed and using the random number N, the.
  • the request message 205 is formed and the identification information and the second identification information are sent to the authentication unit 204.
  • the mobile communication terminal 101 After the request message 205 has been sent in its entirety, the mobile communication terminal 101 goes into a waiting state and waits for the receipt of an installation approval message 501, 502 which is to be sent by the authentication unit 204.
  • FIG. 7 shows in a flowchart 700 the individual method steps which are carried out in the authentication unit 204 in accordance with this exemplary embodiment of the invention.
  • a transition is made to a waiting state, in which the authentication unit 204 waits for the receipt of a request message that was sent from a mobile communication terminal 101.
  • a request message 205 is received in a further step (step 702), then in a first test step (step 703) it is checked using the second identification information whether the authentication unit 204 is for the mobile communication terminal 101, which is identified by the second identification information is responsible, in other words, whether the authentication unit 204 supports the mobile communication terminal 101.
  • the installation approval message of the second type 502 is formed with a corresponding error information 503 and transmitted to the mobile communication terminal 101 (step 704).
  • the authentication unit 204 supports the mobile communication terminal 101 identified by the second identification information, it is checked in a second test step (step 705) using the first identification information whether the program element designated by the first identification information may be accepted by the respective mobile communication terminal 101.
  • an installation approval message 502 with the corresponding error message 503 is again formed in step 704 and transmitted to the mobile communication terminal 101.
  • the authentication unit 204 in a further step (step 706) uses the cryptographic hash value H using the MD5 method or of the SHA-1 method is determined or a stored cryptographic hash value that was previously determined specifically for the program element 202 is read out or ascertained.
  • a message authentication code is determined using the symmetrical secret key, which is known to both the authentication unit 204 and the mobile communication terminal 101.
  • step 708 the installation approval message of the first type 501 is formed and sent to the mobile communication terminal 101.
  • step 704 or 708 After sending the installation approval message first type 501 or second type 502 (steps 704 or 708) the method in the authentication unit 204 is ended (step 709).
  • step 605 If the mobile communication terminal 101 receives the installation approval message 501, 503 (step 605), it is then checked in a third test step (step 606) whether the installation approval message is an installation approval message 502 or whether the checksum, i.e. the message authentication code is invalid or whether a format error is determined.
  • the loaded program element 202 is not accepted, that is to say not installed and also not executed (symbolized in FIG. 6 by block 607).
  • a fourth check step (step 608) checks whether the first identification Information, the second identification information and the random number contained in the installation approval message of the first type 501, match the respective first identification information, second identification information and
  • Random number that was sent from the mobile communication terminal 101 in the request message 205 to the authentication unit 204 is a value that was sent from the mobile communication terminal 101 in the request message 205 to the authentication unit 204.
  • the loaded program element 202 is not accepted (block 607).
  • step 609 it is checked in a fifth test step (step 609) whether the hash value H contained in the installation approval message 501 and the hash value likewise determined by the mobile communication terminal 101 match via the program element 202.
  • the same algorithm is used in the mobile communication terminal to form the hash value as in the authentication unit 204.
  • the loaded program element is again not accepted (block 607).
  • the loaded program element 202 is accepted (step 610), that is to say the program element 202 is installed or executed.
  • step 611 After the program element 202 is accepted or not accepted (steps 610, 607), the method in the mobile communication terminal 101 is ended (step 611).
  • the order of the information, both in the request message 206 and in the installation approval message 501, can be changed flexibly.
  • the hash value H can already be contained in the request message 206.
  • the installation type approval message 501 only confirms that the hash value H contained in the request message 206 is correct. In this case, the hash value H is thus checked in the authentication unit 204 and not in the mobile communication terminal 101. It should also be pointed out that the use of a random number is optional and that the random numbers used can be different in the request message or in the first type of installation approval message 501.
  • Identification information for identifying the user of the mobile communication terminal 101 and / or for identifying the authentication unit 204 may additionally be contained in the request message 206 and / or in the installation approval message.
  • a plurality of inquiries or installation approval messages can be contained in a bundled inquiry message or bundled installation approval message and transmitted together.
  • the mobile communication terminal 101 can again check the program element by means of a further request message, optionally with another authentication unit. This procedure allows the reliability to be further increased, in particular when transmission errors occur or when an authentication unit fails.
  • a predeterminable counter value can be used.
  • An authentication unit can be provided which creates installation approval messages for any number of providers of program Elements. There can also be several
  • Authentication units can be included in the communication system, each of which creates installation approval messages for one or more providers of program elements and transmits them to the respective mobile communication terminal.
  • the authentication unit can be contained in a computer together with the program element provisioning computer or the program element provisioning computer can directly request an installation approval message from the authentication unit for the mobile communication terminal 101 and that generated installation approval message together with the program element to the mobile communication terminal.
  • the creation of an installation approval message of the first type can be made dependent on the authentication unit depending on whether a license for the respective program element is available and is known to the authentication unit.
  • a legal financial claim is justified on the basis of an installation approval message of the first type 501, for example a claim for remuneration for the use of the loaded program element.
  • the additional information described above can be divided into several installation approval messages transmitted one after the other.
  • the different installation approval messages are different Authentication instances are requested, created and transmitted to the mobile communication terminal.
  • the authentication instance is clearly provided as a ticket server, which only issues installation tickets, that is to say the installation approval messages, for program elements which are valid from the point of view of the authentication unit. These installation tickets are used to ensure that a mobile communication terminal only accepts valid software, ie only valid program elements.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Storage Device Security (AREA)

Abstract

Sont transférés au deuxième ordinateur, un élément-programme ainsi qu'un message d'autorisation d'installation contenant une première donnée d'identification, une deuxième donnée d'identification et une valeur cryptographique au moins sur ces données d'identification. La première donnée d'identification identifie l'élément-programme mis à disposition et la deuxième donnée d'identification le deuxième ordinateur. La valeur cryptographique est formée à l'aide d'un code secret symétrique qui est disponible dans le deuxième ordinateur et dans une unité d'authentification. Le code secret symétrique permet de vérifier la valeur cryptographique dans le deuxième ordinateur.
EP02708167A 2001-02-28 2002-01-25 Procede et systeme de communication permettant de preparer un element-programme Withdrawn EP1364512A2 (fr)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
DE10109546A DE10109546A1 (de) 2001-02-28 2001-02-28 Verfahren und Kommunikationssystem zum Bereitstellen eines Programm-Elements
DE10109546 2001-02-28
PCT/DE2002/000267 WO2002069598A2 (fr) 2001-02-28 2002-01-25 Procede et systeme de communication permettant de preparer un element-programme

Publications (1)

Publication Number Publication Date
EP1364512A2 true EP1364512A2 (fr) 2003-11-26

Family

ID=7675748

Family Applications (1)

Application Number Title Priority Date Filing Date
EP02708167A Withdrawn EP1364512A2 (fr) 2001-02-28 2002-01-25 Procede et systeme de communication permettant de preparer un element-programme

Country Status (4)

Country Link
US (1) US20040117612A1 (fr)
EP (1) EP1364512A2 (fr)
DE (1) DE10109546A1 (fr)
WO (1) WO2002069598A2 (fr)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE10215747B4 (de) * 2002-04-10 2004-11-18 Siemens Ag Verfahren, Computerprogramm mit Programmcode-Mitteln und Computerprogramm-Produkt zu einem geschützten Herunterladen eines elektronischen Objekts in ein Personal Area Network (PAN) sowie Personal Area Network (PAN)
US8832466B1 (en) * 2006-01-27 2014-09-09 Trustwave Holdings, Inc. Methods for augmentation and interpretation of data objects
KR101590188B1 (ko) * 2009-05-08 2016-01-29 삼성전자주식회사 휴대단말기에서 소프트웨어 패키지의 무결성을 검증하는 방법

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5343529A (en) * 1993-09-28 1994-08-30 Milton Goldfine Transaction authentication using a centrally generated transaction identifier
TW313642B (en) * 1996-06-11 1997-08-21 Ibm A uniform mechanism for using signed content
US5892904A (en) * 1996-12-06 1999-04-06 Microsoft Corporation Code certification for network transmission
US6282294B1 (en) * 1998-01-07 2001-08-28 Microsoft Corporation System for broadcasting to, and programming, a motor device in a protocol, device, and network independent fashion

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO02069598A2 *

Also Published As

Publication number Publication date
DE10109546A1 (de) 2002-09-12
WO2002069598A2 (fr) 2002-09-06
US20040117612A1 (en) 2004-06-17
WO2002069598A3 (fr) 2002-11-07

Similar Documents

Publication Publication Date Title
DE60200093T2 (de) Sichere Benutzerauthenifizierung über ein Kommunikationsnetzwerk
DE60315914T2 (de) Ad hoc Sicherheitszugriff auf Dokumente und Dienste
DE60200081T2 (de) Sichere Benutzer- und Datenauthenifizierung über ein Kommunikationsnetzwerk
DE602004011559T2 (de) Verfahren zur authentifikation von anwendungen
DE60310968T2 (de) Sicherheits- und Privatsphärenverbesserungen für Sicherheitseinrichtungen
DE69433771T2 (de) Verfahren und Vorrichtung zur Geheimhaltung und Authentifizierung in einem mobilen drahtlosen Netz
DE60211360T2 (de) Verfahren zum authentisieren eines benutzers in einem endgerät, authentisierungssystem, endgerät und authorisierungseinrichtung
DE60119857T2 (de) Verfahren und Vorrichtung zur Ausführung von gesicherten Transaktionen
EP0872076B1 (fr) Procede d'echange assiste par ordinateur de codes cryptographiques entre un premier et un second ordinateur
EP1080557B1 (fr) Procede et dispositif d'echange assiste par ordinateur de cles cryptographiques entre une premiere unite d'ordinateur et une seconde unite d'ordinateur
DE102017223898A1 (de) Sicheres Ablegen und Zugreifen von Dateien mit einer Webanwendung
EP2338255A2 (fr) Métode, produit logiciel et système d'authentification d'un utilisateur d'un réseau de télécommunication
DE102012208834A1 (de) Authentisierung eines Produktes gegenüber einem Authentisierer
DE10393847B4 (de) Verfahren und Vorrichtung zum Auffinden einer gemeinsam genutzten vertraulichen Information ohne Beeinträchtigung nicht-gemeinsam genutzter vertraulicher Informationen
EP0903027A1 (fr) Procede de gestion de cles cryptographiques, fonde sur un groupe, entre une premiere unite informatique et des unites informatiques d'un groupe
EP3595237B1 (fr) Chargement d'instructions de programme cryptographique
DE60115672T2 (de) Sicherheitsarchitektur der internet-protokoll telefonie
EP1364512A2 (fr) Procede et systeme de communication permettant de preparer un element-programme
DE102018102608A1 (de) Verfahren zur Benutzerverwaltung eines Feldgeräts
WO2003063409A2 (fr) Procede de securisation du trafic de donnees dans un environnement de reseau de telephonie mobile
WO2004098218A1 (fr) Procede pour installer ou desinstaller un code programme dans un poste d'abonne d'un systeme de radiocommunication, et poste d'abonne
EP3881486B1 (fr) Procédé de fourniture d'un élément de preuve du lieu d'origine pour un couple de clé numérique
EP4115584B1 (fr) Accès sécure et documenté d'une application à une clé
DE102022000857B3 (de) Verfahren zur sicheren Identifizierung einer Person durch eine Verifikationsinstanz
EP1048141A2 (fr) Procede de generation de cles de chiffrement asymetriques par l'utilisateur

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20030813

AK Designated contracting states

Kind code of ref document: A2

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE TR

RIN1 Information on inventor provided before grant (corrected)

Inventor name: FALK, RAINER

17Q First examination report despatched

Effective date: 20070807

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20071218