Classifications

• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04W—WIRELESS COMMUNICATION NETWORKS
  • H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
  • H04W12/06—Authentication
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L63/00—Network architectures or network communication protocols for network security
  • H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
  • H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
  • H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
  • H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
  • H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
  • H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04W—WIRELESS COMMUNICATION NETWORKS
  • H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
  • H04W12/03—Protecting confidentiality, e.g. by encryption
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
  • H04L2209/80—Wireless
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L63/00—Network architectures or network communication protocols for network security
  • H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
  • H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
  • H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04W—WIRELESS COMMUNICATION NETWORKS
  • H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
  • H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04W—WIRELESS COMMUNICATION NETWORKS
  • H04W88/00—Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
  • H04W88/02—Terminal devices

Definitions

• the invention relates to a public key infrastructure in a mobile telephone network.
• the invention also relates to mobile computer terminals, in particular having a SIM or WIM card.
• Such terminals can therefore be mobile telephones or WAP telephones. They have in common the characteristic of having a SIM or WIM card, therefore of already being identified on a network related to the operator to which the mobile telephone service has been subscribed.
• the invention relates in particular to a public key infrastructure in a mobile network.
• a universal and recurring question in the field of networks is how to ensure trust between interlocutors who do not know each other and from a distance.
• the solution exists, it consists in implementing a public key infrastructure (PKI or PKI, Public Key Infrastructure).
• PKI public key infrastructure
• This infrastructure has the advantage of offering stakeholders using this infrastructure to rely on a high security layer allowing strong authentication, signature and encryption.
• it has the drawback of its organization which remains complex, long, difficult to set up and therefore expensive for an operator.
• the interactions between the different entities identified by the certificates and the certification authority are an important part of the management of certificates, that is to say approvals including, essentially, a public key. These interactions include operations such as registration for certification, certificate renewal, certificate revocation, key backup and recovery.
• a CA Certification Authority
• the means used by the various Certification authorities to verify an identity before issuing a certificate can vary widely.
• RA Registration Authority
• An RA acts as an interface between the CA by receiving requests from users, authenticating them, and forwarding them to the CA. After receiving the response from the CA, the RA notifies the user of the result.
• RAs can be useful at the PKI level across different departments, in different geographic areas or any other unit whose policy and authentication requests vary. We can note here the drawbacks of this infrastructure: it is long and costly to set up, it has little flexibility in the generation of certificates (linked to the certification policy), it has a significant cost for the user who wishes have a certificate, it requires significant management on the side of the certification operator.
• a public key infrastructure offers high security, but has the disadvantage of prior registration with a registration authority.
• the invention aims to make the public key certification process easier.
• This object is achieved according to the invention thanks to a certification method using a public key certification authority and using at least one mobile terminal capable of receiving messages which are encrypted by this public key, characterized in that 'it comprises the step consisting in generating the public key within the mobile terminal itself, the stage consisting, for a telecommunications network entity, in acquiring this key from the terminal by a network communication, and the step consisting, for the network entity, in authenticating the terminal by a process of authenticating the interlocutor used in a usual telephone communication, the method further comprising the step of supplying the certification authority with this public key in association with the result of this identification process.
• a mobile telecommunications system comprising at least one mobile terminal and a network entity, characterized in that it comprises means for generating a public key within the mobile terminal itself and means within the telecommunications network entity to acquire this public key from the terminal by a network communication, as well as means for authenticating the terminal by an authentication process used in a usual telephone communication, the system comprising in in addition to a certification authority and means for supplying the certification authority with the public key generated by the mobile terminal in association with the result of this authentication process.
• a mobile telecommunication terminal is further proposed, characterized in that it includes means for producing at least one key intended for decrypting messages received by this terminal, as well as means for transmitting this key by network communication. via a telephony network entity, destined for a certification authority so that this becomes a public key.
• a telephony network entity destined for a certification authority so that this becomes a public key.
• the issuance of a certificate must be carried out according to a well-defined procedure and if this certificate is to have any value, face to face after, for example, examination of identity documents.
• Different trusted authorities develop different certificate issuing policies. In some cases, only the email address is sufficient. In other cases, the UNIX or Windows login and a password will be sufficient.
• the issuing process may require notarial documents beforehand, or even a complete verification of the identity "face to face”.
• the process for issuing certificates can take a completely transparent form for user (at the expense of security) or request meaningful user input and complex procedures. In general, these certification procedures must be very flexible, so organizations can adapt them to their needs.
• the public key it contains Before a certificate is issued, the public key it contains must be generated in correspondence with a private key which is confidential. Sometimes it may be useful to issue a certificate to a person for signing operations and another certificate for encryption use. Private keys, whether for signature or encryption, are kept on a physical medium (smart card, nail, USB, ...), physical medium which is held by the person he represents, for provide high security. With a view to recovery, the private encryption key is sequestered on a protected central server where it can be found in the event that the user loses his key, for example. An encryption key specifically dedicated to telephone communications is generally produced either locally (workstation or even inside a smart card) or centrally, for example in a smart card personalization workshop.
• the generation of keys locally provides maximum non-repudiation service, but involves more user participation in the delivery process. Flexibility in key management is essential for most organizations without neglecting the security side.
• a certificate is subject to a validity period. Any attempt to use a certificate before or after its validity period will fail. Therefore the mechanisms for the administration and renewal of certificates are essential for security policy.
• An administrator may want to be notified when a certificate expires, so an appropriate renewal process can be put in place and avoid any inconvenience with the use of expiring certificates.
• the certificate renewal process may involve the reuse of the same public key / private key pair or the issuance of another. A certificate can be suspended even if it is valid, for example during a flight.
• Certificate revocation consists of publishing a Certificate Revocation List (CRL) in a directory at regular intervals.
• CTL Certificate Revocation List
• the verification of this list is therefore an integral part of the authentication process.
• the infrastructure of a mobile network has been designed to guarantee high security.
• the GSM system therefore uses authentication and encryption methods. To guarantee this high level of security, the network strongly authenticates the mobile.
• the GSM system uses four types of addressing linked to the subscriber: - the IMSI is known only within the GSM network; - the TMSI corresponds to a temporary identity used to identify the mobile during mobile / network interactions; - the MSISDN corresponds to the subscriber's telephone number, it is the only identifier known from the outside. - the MSRN, which is a number assigned when the call is established.
• SIM Subscriber Identifier Module
• IMSI International Mobile Station Identity
• the abbreviation TMSI Temporal Mobile Suscriber Identity
• MSISDN Mobile Station International ISDN Number
• IMEI International Mobile Equipment Identity
• MSRN Mobile Station Roaming Number
• the GSM system uses an authentication process aimed at protecting both the subscriber but also the operator.
• a subscriber 10 wishing to authenticate on the network the network via a communication entity 20, then transmits a random number called RAND to the mobile.
• the SIM card calculates the signature of RAND using the A3 algorithm and the private key Ki stored in the SIM card.
• the result obtained is noted SRES, then sent to the network.
• the network (here entity 20), to ensure the identity of this subscriber, will do the same, that is to say that it calculates a RAND signature using A3 and the key Ki specific to each subscriber and stored on a database. If the result calculated locally is identical to that received, the subscriber is authenticated, otherwise the mobile is rejected.
• Kc an encryption key
• This key is constructed using random data transmitted by the network and a private key Ki specific to subscriber 10 and stored in the SIM card. With these two parameters a key Kc is generated with the help of the A8 algorithm. For its part, the network (entity 20) performs the same operation. The key Ki corresponding to the subscriber previously identified is in an AUC (Authentication Center) base, and the network obtains with this key Ki the same encryption key Kc on its side.
• the idea is to define a lean PKI model with the following objectives here, which are those of reducing the cost of management for the operator, ie avoiding a heavy and centralized architecture and relying on security telephony architecture and in particular the identification / authentication on which the system is based.
• this solution can be used for secure exchanges such as for example in a work environment in order to preserve the confidentiality of exchanges or else in the context of peer-to-peer communications.
• the authentication procedure has high security elements.
• the idea is to generate a key pair in the phone.
• the subscriber 10 sends his public key to a certification operator (here the entity 20 itself).
• the role of certification operator is therefore at least partially fulfilled by the mobile operator itself.
• Authentication on the GSM network is therefore strong authentication (possession of a security element and a secret). This sending to the certification server 30 is carried out in a secure tunnel.
• the operator 20 can certify this received key, because it is certain of the identity corresponding to the public key presented: non usurpation of identity possible on the GSM network. Then the operator 20 returns the certificate to its owner (case where the entity 20 is confused with the certification authority) and / or deposits it on the public certification server, here referenced 30.
• the advantages of this solution are enormous, in particular the simplified certification procedure, the absence here of a recovery process, and decentralized management transferred to the client.
• the idea is therefore to generate the bi-key here within mobile 10 with here the principles according to which the DN (distinguished name, or unique identifier) for each certificate holder is their telephone number and each certificate holder generates their bi-key and obtains a certificate by sending its public key for certification in the traditional way.
• the server automatically determines the origin of the call using the DN.
• the authentication of the sender is carried out by the telephone network (entity 20).
• the certification entity 30 which generates the certificate in correspondence with the key received is certain of the identity certified in the certificate, thanks to the identification action carried out by the telephony entity 20, and its identification means. usual mobile terminal.
• the server 30 can therefore finally generate the certificate corresponding to the public key received and then send the certificate to its owner.
• the described method is implemented by a computer program.
• This computer program is intended to be stored in / or transmitted by a data medium, and includes software instructions for executing the method by a computer device, in this case, the described measuring device.

Landscapes

• Engineering & Computer Science (AREA)
• Computer Security & Cryptography (AREA)
• Computer Networks & Wireless Communication (AREA)
• Signal Processing (AREA)
• Computer Hardware Design (AREA)
• Computing Systems (AREA)
• General Engineering & Computer Science (AREA)
• Mobile Radio Communication Systems (AREA)
• Telephonic Communication Services (AREA)

Applications Claiming Priority (2)

Publications (1)

Family

ID=34778678

Family Applications (1)

Country Status (6)

Families Citing this family (11)

Family Cites Families (7)

• 2004
  • 2004-02-11 FR FR0401347A patent/FR2866168A1/fr active Pending
• 2005
  • 2005-02-11 US US10/588,949 patent/US20070186097A1/en not_active Abandoned
  • 2005-02-11 JP JP2006552667A patent/JP2007525125A/ja not_active Withdrawn
  • 2005-02-11 EP EP05717618A patent/EP1714510A1/de not_active Withdrawn
  • 2005-02-11 WO PCT/FR2005/000328 patent/WO2005079090A1/fr not_active Application Discontinuation
  • 2005-02-11 CN CNA2005800043576A patent/CN1918931A/zh active Pending

Non-Patent Citations (1)

Also Published As

Similar Documents

Legal Events