EP1754358A1 - Verfahren zur authentifizierung einer kommunikationseinheit unter verwendung eines dauerhaft einprogrammierten geheimen codeworts - Google Patents
Verfahren zur authentifizierung einer kommunikationseinheit unter verwendung eines dauerhaft einprogrammierten geheimen codewortsInfo
- Publication number
- EP1754358A1 EP1754358A1 EP05717100A EP05717100A EP1754358A1 EP 1754358 A1 EP1754358 A1 EP 1754358A1 EP 05717100 A EP05717100 A EP 05717100A EP 05717100 A EP05717100 A EP 05717100A EP 1754358 A1 EP1754358 A1 EP 1754358A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- communication unit
- code word
- message
- cwd
- communications unit
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
Definitions
- the invention relates to a method for authenticating a communication unit.
- a communication unit is a terminal device that is connected to a communication
- a communication unit is also a user interface, via which the user can exchange messages of a certain type over distances by using services of the communication network.
- the communications network 15 enables the user to access the services that are provided by the operator of the communications network and that are referred to as the ability of the communications network to transmit certain types of information, such as voice, images or data.
- a communication network such as: voice or video transmission, packet-oriented or connection-
- Such communication units that can be connected to any, locally different access points can be, for example, mobile telephones, portable computers - so-called laptops, mobile devices without a keyboard - so-called PDAs or mobile devices without full desktop functionality, but with a defined range of functions - all of these types of communication units for access to a communication network must be specially equipped with a network card or a cell phone module.
- SIM cards are modules that are inserted into a communication unit and are used to authenticate the user of the communication unit by entering a PIN code.
- Communication network is connected and whether this communication unit is authorized to use certain services.
- the invention is therefore based on the object of specifying a method with which a communication unit can be reliably identified.
- this object is achieved with a method for authenticating a communication unit, in which a secret code word is programmed into a permanent memory in order to reliably check the communication unit.
- the secret code word is used to generate a message which is transmitted to the service provider. This message can be used to check whether the communication unit authenticated with it is authorized to purchase the service. This ensures that the services of a communication network are only purchased with appropriate, suitable communication units that are approved by the communication network operator.
- the code word can advantageously be written in during the manufacture, delivery or configuration of the communication unit.
- the code word is device-specific, manufacturer-specific and is only made known to the manufacturer of the communication unit and the service provider. This reduces the risk of spying and manipulation by unauthorized third parties.
- the code word known only to the manufacturer and the service provider it can also be checked whether the communication unit is allowed to perform the respective service.
- An embodiment of the method is advantageous in that a variable component is used in addition to the code word when generating the message. This ensures that a message is generated for each authentication process of the communication unit that differs from the previously differentiated messages. If, for example, the time is used as a variable component, the period of validity of the message can also be restricted.
- Fig.l the schematic sequence of authentication of a communication unit in an exemplary communication network
- the exemplary communication network KN comprises access points ZPx, via which a communication unit KE can be connected to the communication network KN by logging on.
- Various services DNx are also provided by the communication network KN, which are understood to mean the ability of the communication network KN to transmit information of a certain type. These DNx services can be, for example: voice transmission, access to the Internet or company-internal data networks and packet-oriented data transmission, downloading of music and video data for a fee, which service providers make available on data storage devices, etc.
- a code word CWD is programmed into the permanent memory SP of the communication unit KE when the communication unit KE is manufactured. This code word CWD is preferably device-specific and known only to the manufacturer and the service provider, in order to reduce the risk of spying and manipulation by unauthorized third parties.
- a service DN1 of a communication network KN is now to be obtained, in a first step 1 the user registers with the communication unit KE at an access point ZPl at the communication network KN. With this registration, the communication unit KE is also identified. For this purpose, the communication unit KE creates a message NA by means of scattered storage according to the so-called MD5 hashing method MD5, which is used exclusively for the authentication of the communication unit KE and is also sent in step 1.
- MD5 hashing method MD5 which is used exclusively for the authentication of the communication unit KE and is also sent in step 1.
- the user ID BK which is used to log the user on to the access point ZPl of the communication network KN, a version CWDh of the code word CWD generated by the MD5 hashing method MD5 and a random value ZW as for FIG Example uses the time to prevent the message NA from being repeated and to limit the period of validity of the message NA.
- the code word CWDh generated according to the MD5 hashing method MD5 and the random value ZW are ideally defined as so-called hexadecimal strings. These are alphanumeric strings that only consist of the symbols 0 to 9 and A to F.
- the user ID BK which is based on the MD5 hashing method
- MD5 generated code word CWDh and the random value ZW are added up and the result is the MD5 hashing again.
- MD5 procedure applied This results in an MD5 hash value HW, which is again stored as a hexadecimal string and forms the middle part of the message NA transmitted from the communication unit KE to the access point ZPl in step 1, which in its final version consists of the user ID BK, the MD5 hash value HW and the random value ZW is composed.
- This message NA is sent from the communication unit E in step 1 to the access point ZPl of the communication network KN.
- the access point ZPl reads out the information transmitted in the message NA and interprets it.
- the first part of the message is identified as user identifier BK.
- the last part of the message is interpreted as a random value ZW.
- the transmitted user ID BK and the transmitted random value ZW are used by the access point ZPl in order to use the code word CWD of the communication unit KE, which is also stored in the communication network KN for the access points ZPx, for example in a central data memory DS, using the MD5 hashing method MD5 to compute an MD5 hash value.
- the code word CWD is fetched from the central data memory DS by the access point ZPl in a step 2.
- the MD5 hash value determined by the access point ZPl is compared with the MD5 hash value HW sent by the communication unit KE. If the value calculated by the access point ZPl matches the MD5 hash value HW sent by the communication unit KF and the random value ZW that is also sent is within a defined tolerance limit, the communication unit KE is authorized to obtain the service DN1. In a step 3, the service DN1 is triggered by the access point 7P1, so that in a step 4 a corresponding response message A is sent to the communication unit KE.
- step 4 a response message A is sent to the communication unit KE that use with this communication unit KE is not permitted since the communication unit KE is classified as untrustworthy.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Power Engineering (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
Description
Claims
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
DE102004024648A DE102004024648A1 (de) | 2004-05-18 | 2004-05-18 | Verfahren zur Authentifizierung einer Kommunikationseinheit |
PCT/EP2005/051261 WO2005114945A1 (de) | 2004-05-18 | 2005-03-18 | Verfahren zur authentifizierung einer kommunikationseinheit unter verwendung eines dauerhaft einprogrammierten geheimen codeworts |
Publications (1)
Publication Number | Publication Date |
---|---|
EP1754358A1 true EP1754358A1 (de) | 2007-02-21 |
Family
ID=34961966
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP05717100A Withdrawn EP1754358A1 (de) | 2004-05-18 | 2005-03-18 | Verfahren zur authentifizierung einer kommunikationseinheit unter verwendung eines dauerhaft einprogrammierten geheimen codeworts |
Country Status (5)
Country | Link |
---|---|
US (1) | US20070234407A1 (de) |
EP (1) | EP1754358A1 (de) |
CN (1) | CN1954581A (de) |
DE (1) | DE102004024648A1 (de) |
WO (1) | WO2005114945A1 (de) |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7853150B2 (en) | 2007-01-05 | 2010-12-14 | Emcore Corporation | Identification and authorization of optoelectronic modules by host system |
EP1936906A1 (de) * | 2006-12-22 | 2008-06-25 | Koninklijke KPN N.V. | Verfahren, das einem Netzteilnehmer den Zugriff auf ein Kommunikationsnetz ermöglicht |
JP4535163B2 (ja) * | 2008-04-08 | 2010-09-01 | ソニー株式会社 | 情報処理システム、通信端末、情報処理装置、およびプログラム |
CN101729578B (zh) * | 2008-10-27 | 2013-01-23 | 华为技术有限公司 | 应用业务接入鉴权方法及接入鉴权代理 |
Family Cites Families (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP3053527B2 (ja) * | 1993-07-30 | 2000-06-19 | インターナショナル・ビジネス・マシーンズ・コーポレイション | パスワードを有効化する方法及び装置、パスワードを生成し且つ予備的に有効化する方法及び装置、認証コードを使用して資源のアクセスを制御する方法及び装置 |
US6606491B1 (en) * | 1998-06-26 | 2003-08-12 | Telefonaktiebolaget Lm Ericsson (Publ) | Subscriber validation method in cellular communication system |
GB2344977A (en) * | 1998-12-17 | 2000-06-21 | 3Com Technologies Ltd | Password generation by hashing site and time data |
US6826690B1 (en) * | 1999-11-08 | 2004-11-30 | International Business Machines Corporation | Using device certificates for automated authentication of communicating devices |
FI112418B (fi) * | 2000-02-01 | 2003-11-28 | Nokia Corp | Menetelmä datan eheyden tarkastamiseksi, järjestelmä ja matkaviestin |
DE10026326B4 (de) * | 2000-05-26 | 2016-02-04 | Ipcom Gmbh & Co. Kg | Verfahren zur kryptografisch prüfbaren Identifikation einer physikalischen Einheit in einem offenen drahtlosen Telekommunikationsnetzwerk |
US20030037237A1 (en) * | 2001-04-09 | 2003-02-20 | Jean-Paul Abgrall | Systems and methods for computer device authentication |
US20020168962A1 (en) * | 2001-05-09 | 2002-11-14 | Docomo Communications Laboratories Usa | Customized service providing scheme |
-
2004
- 2004-05-18 DE DE102004024648A patent/DE102004024648A1/de not_active Withdrawn
-
2005
- 2005-03-18 US US11/596,730 patent/US20070234407A1/en not_active Abandoned
- 2005-03-18 WO PCT/EP2005/051261 patent/WO2005114945A1/de not_active Application Discontinuation
- 2005-03-18 EP EP05717100A patent/EP1754358A1/de not_active Withdrawn
- 2005-03-18 CN CNA2005800158546A patent/CN1954581A/zh active Pending
Non-Patent Citations (1)
Title |
---|
See references of WO2005114945A1 * |
Also Published As
Publication number | Publication date |
---|---|
US20070234407A1 (en) | 2007-10-04 |
WO2005114945A1 (de) | 2005-12-01 |
DE102004024648A1 (de) | 2005-12-22 |
CN1954581A (zh) | 2007-04-25 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
DE69729356T2 (de) | Verfahren und gerät zur sicherung des zugangs einer station zu mindestens einem server | |
WO2003049365A1 (de) | Nutzung eines public-key-schlüsselpaares im endgerät zur authentisierung und autorisierung des telekommunikations-teilnehmers gegenüber dem netzbetreiber und geschäftspartnern | |
DE102015220228B4 (de) | Verfahren und System zur Absicherung einer erstmaligen Kontaktaufnahme eines Mobilgeräts mit einem Gerät | |
DE102010055375B4 (de) | Automatisiertes Loginverfahren auf einer Fahrzeug-Internetseite durch ein mobiles Kommunikationsendgerät | |
DE10026326B4 (de) | Verfahren zur kryptografisch prüfbaren Identifikation einer physikalischen Einheit in einem offenen drahtlosen Telekommunikationsnetzwerk | |
EP1964042B1 (de) | Verfahren zur vorbereitung einer chipkarte für elektronische signaturdienste | |
EP1754358A1 (de) | Verfahren zur authentifizierung einer kommunikationseinheit unter verwendung eines dauerhaft einprogrammierten geheimen codeworts | |
DE102011115154B3 (de) | Verfahren zur Initialisierung und/oder Aktivierung wenigstens eines Nutzerkontos | |
DE102009009310A1 (de) | Kommunikation und Identifizierung zwischen einem Kraftfahrzeugbenutzergerät mit Head Unit und davon entfernt gelegener Vorrichtung | |
DE102008063864A1 (de) | Verfahren zur Authentifizierung einer Person gegenüber einer elektronischen Datenverarbeitungsanlage mittels eines elektronischen Schlüssels | |
WO2000014895A2 (de) | Verfahren zur erhöhung der sicherheit von authentisierungsverfahren in digitalen mobilfunksystemen | |
EP1519603A1 (de) | Verfahren zur Authentisierung eines Teilnehmers für einen über ein Kommunikationssystem angebotenen Dienst | |
EP3376419A1 (de) | System und verfahren zum elektronischen signieren eines dokuments | |
DE102013202426A1 (de) | Verfahren zum Ermöglichen einer Datenkommunikation zwischen einer Kommunikationseinrichtung eines Kraftfahrzeugs und einem Internetserver und entsprechendes System | |
EP2783320A1 (de) | Verfahren zum authentisieren einer person an einer serverinstanz | |
EP2561460A1 (de) | Verfahren zum konfigurieren einer applikation für ein endgerät | |
EP2482573A2 (de) | Verfahren zum Konfigurieren eines Kommunikationsgerätes sowie Kommunikationsgerät | |
EP1414260A1 (de) | Verfahren, System und Vorrichtungen zur Teilnehmerauthentifizierung in einem Telekommunikationsnetz | |
DE102010028217A1 (de) | Elektronisches Gerät, Telekommunikationssystem und Verfahren zum Lesen von Daten aus einem elekronischen Gerät | |
DE10215747B4 (de) | Verfahren, Computerprogramm mit Programmcode-Mitteln und Computerprogramm-Produkt zu einem geschützten Herunterladen eines elektronischen Objekts in ein Personal Area Network (PAN) sowie Personal Area Network (PAN) | |
WO2007062787A1 (de) | Erzeugung von identitäten von klienten in einem kommunikationssystem | |
EP4115584A1 (de) | Gesicherter und dokumentierter schlüsselzugriff durch eine anwendung | |
DE102004051403B4 (de) | Mobiles Kommunikationsendgerät mit Authentifizierungseinrichtung, ein solches Gerät enthaltende Netzwerkanordnung und Authentifizierungsverfahren | |
DE102011122874B4 (de) | Verfahren zum Durchführen einer Transaktion, sowie Endgerät | |
EP3934193A1 (de) | Autorisierung eines nutzerendgeräts bei der verwendung eines service im internet |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
17P | Request for examination filed |
Effective date: 20060821 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): DE FR GB |
|
17Q | First examination report despatched |
Effective date: 20070402 |
|
DAX | Request for extension of the european patent (deleted) | ||
RBV | Designated contracting states (corrected) |
Designated state(s): DE FR GB |
|
RAP1 | Party data changed (applicant data changed or rights of an application transferred) |
Owner name: NOKIA SIEMENS NETWORKS GMBH & CO. KG |
|
RAP3 | Party data changed (applicant data changed or rights of an application transferred) |
Owner name: NOKIA SIEMENS NETWORKS S.P.A. |
|
RAP3 | Party data changed (applicant data changed or rights of an application transferred) |
Owner name: NOKIA SIEMENS NETWORKS GMBH & CO. KG |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION HAS BEEN WITHDRAWN |
|
18W | Application withdrawn |
Effective date: 20080214 |