EP1867189A1 - Gesicherte übertragung zwischen einem datenbearbeitungsgerät und einem sicherheitsmodul - Google Patents

Gesicherte übertragung zwischen einem datenbearbeitungsgerät und einem sicherheitsmodul

Info

Publication number
EP1867189A1
EP1867189A1 EP06726259A EP06726259A EP1867189A1 EP 1867189 A1 EP1867189 A1 EP 1867189A1 EP 06726259 A EP06726259 A EP 06726259A EP 06726259 A EP06726259 A EP 06726259A EP 1867189 A1 EP1867189 A1 EP 1867189A1
Authority
EP
European Patent Office
Prior art keywords
module
processing device
data processing
mob
usim
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP06726259A
Other languages
English (en)
French (fr)
Inventor
Axel Ferrazzini
Pascal Chauvaud
Diego Anza
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Orange SA
Original Assignee
France Telecom SA
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by France Telecom SA filed Critical France Telecom SA
Publication of EP1867189A1 publication Critical patent/EP1867189A1/de
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0431Key distribution or pre-distribution; Key agreement
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/02Terminal devices

Definitions

  • the invention relates to secure communication between a data processing device and a security module storing secret data.
  • the invention applies to any type of data processing device performing computer tasks and requiring, during the execution of tasks, secret data stored on a security module with which it communicates.
  • a data processing device may be for example a server, a mobile phone, a laptop or a fixed computer, a PDA (Personal Digital Assistant) type electronic assistant, a "LIVEBOX" type home gateway (LIVEBOX is a registered trademark of the applicant), a decoder for access to multimedia content, etc.
  • the data processing device is a mobile telephone allowing access to a telecommunications network.
  • the communication between the data processing device and the module can be arbitrary.
  • This communication may be a wireless communication type GSM (Global System for mobile communications), Wi-Fi, bluetooth, Irda (Infrared Data Association), or other.
  • This communication can also be wired type RTC (switched telephone network), ADSL (Asymmetric Digital Subscriber Line), or other.
  • This communication may also consist of an electrical connection in the case of electrical coupling between the data processing device and the module, the module being a chip module provided with electrical contacts.
  • This communication can also be a contactless link, the module being a contactless module (active or passive) equipped with data processing means and an antenna for communication with the Ie. device.
  • this communication may also consist of a combination of all or part of the aforementioned types of communication.
  • the invention applies to any security module able to store secret data and to communicate with a data processing device of the aforementioned type.
  • This module is removable and can therefore, as such, communicate, as desired, with one of the aforementioned data processing devices.
  • the module is a subscriber identity module USIM card type (Universal Subscriber Identity Module) coupled to a mobile phone.
  • USIM module stores secret data such as encryption keys that the phone may require when performing a computer task.
  • the invention is not limited to this type of card and can be extended to any type of module storing secret data whose transmission to a data processing device must be secured:
  • a SIM card type module Subscriber Identity Module, GSM standard - TS 51.011
  • a module of the UICC multi-application card type see TS 102.221 entitled "Smart cards; UICC-Telephone interface; Physical and logical characteristics" stores secret data and may therefore require secure communication with the device with which it is coupled.
  • GSM, UMTS, and SCP standards in particular TS 102.223 for the PUICC administration commands for any technical questions relating to the operation of a module of SIM, USIM or UICC type, respectively.
  • the module can also be a module for accessing a device of the encrypted multimedia content decoder type.
  • a type of module stores the encryption keys to be transmitted to the decoder for the decryption of an encrypted content.
  • a SIM card security module USIM or UICC.
  • This module stores in its memory all the data relating, for example to a subscription, to a personal password, to the last numbers called, etc.
  • certain data are secret and usable by the mobile phone for the execution of a computer task capable, for example, of reconstituting a scrambled content received from a content provider.
  • a service may for example consist of viewing multimedia content directly on the screen of its mobile phone. These contents are paid and are thus scrambled voluntarily by the content provider.
  • the scrambling may consist of an encryption of the multimedia content by means of an encryption key.
  • the scrambling may also consist of the extraction of bits of information in the initial content, this extraction rendering the multimedia content unreadable.
  • the encryption keys or the missing information bits then constitute secret data which can be delivered to the user, after payment to the content provider, and stored on his security module.
  • the reconstitution of the content then consists, for the device, to require, with the module, the secret data stored in the module.
  • the module transmits back the secret data requested.
  • the device Upon receipt of the secret data, the device performs the computer task of reconstituting the initial content to be viewed by the user on his phone.
  • This reconstitution can consist for example of a decryption by means of encryption key.
  • This reconstitution can also consist in adding the bits of information extracted from the initial content.
  • the big problem is that the connection between the phone and the security module is not secure.
  • a malicious third party can then intercept the messages passing between the device and the module and extract the secret data.
  • the knowledge of this data then gives the possibility to the malicious third party to fraudulently use the rights of a legitimate user for his own account without the content provider noticing it. More seriously, this third party has the opportunity to disseminate this secret data to other people. In the latter case, the number of frauds increases exponentially, thereby creating a certain revenue shortfall for a content
  • An object of the invention is to secure a communication between a security module and a data processing device, particularly when this communication is for secret data to remain confidential, and this, whatever the device to which the module is connected .
  • the subject of the invention is a method for creating a secure link between a data processing device and a security module, the data processing device being able to communicate with a security module that stores at least one security module.
  • secret data k necessary for the execution by the device of a computer task, the data processing device and the security module being able to communicate with a telecommunications network, characterized in that it comprises the steps following:
  • telecommunication delivers at least K encryption key to both the module and the data processing device identified
  • a decryption step in which the device decrypts the result received by means of said at least one encryption key K received and obtains said at least one secret data item k,
  • reception means able to receive at least one encryption key K
  • encryption means capable of encrypting said at least one secret data k by means of said at least one encryption key K received
  • transmission means for transmitting the result of the encryption of said at least one secret data item to the device executing its computer task.
  • decryption means capable of decrypting the result received by means of said at least one encryption key K delivered, in order to obtain said at least one secret data item k,
  • Execution means adapted to use said at least one secret data k for the execution of the computer task.
  • the subject of the invention is also the trusted server, characterized in that it comprises:
  • the invention also relates to a computer program adapted to be implemented on a trusted server, characterized in that said program comprises code instructions which, when the program is executed on the trusted server performs the steps following:
  • the invention also relates to a computer program adapted to be implemented on a data processing device capable of communicating with a security module storing at least one secret data k necessary for the execution of a computer task. by the data processing device, characterized in that said program comprises code instructions which, when the program is executed on the data processing device performs the following steps:
  • the encryption step having as its object the encryption of said at least secret data k by means of said at least one encryption key K,
  • a trusted server transmits an encryption signal to both the module and the device in order to encrypt the transferring one or more secret data from the module to the device.
  • This encryption of the communication guarantees the confidentiality of the secret data transmitted between the data processing device and the module.
  • This solution also offers the advantage of securing communication between a module and a set of data processing devices with which the module can be made to communicate.
  • the delivery of an encryption key may advantageously be performed at a convenient time. For example, when the module is removed from a data processing device and inserted into another device, the trusted server is able to deliver, preferably at insertion, a new key at a time to this other device. data processing and module to ensure the confidentiality of secret data transmitted between this other device and the module.
  • Figure 1 is a block diagram of a computer system to which the invention can be applied.
  • Figure 2 is an algorithm illustrating the various steps of an embodiment of the invention.
  • FIG. 1 represents a SYS computer system in which the invention can be implemented. In this figure is shown
  • a mobile phone MOB coupled to a USIM card type security module; in our example, the phone is UMTS type;
  • a UT user of the mobile phone who is subscribed with a telecommunication operator to access r computer resources of a RES network by means of his mobile phone MOB.
  • the MOB telephone comprises processing means such as a processor capable of executing computer programs for carrying out computer tasks consisting, in our example, of reconstituting scrambled content by means of a first encryption key k.
  • processing means such as a processor capable of executing computer programs for carrying out computer tasks consisting, in our example, of reconstituting scrambled content by means of a first encryption key k.
  • this scrambled content is encrypted content provided by an FDC content provider connected to the RES network.
  • the MOB phone also includes memory means
  • the USIM module includes processing means such as a processor capable of executing computer programs.
  • the USIM module also comprises storage means, in particular for storing secret data necessary for reconstituting the scrambled content stored on the MOB telephone.
  • the secret data is a first key to encryption k.
  • the module USfM further comprises means for communicating with the telecommunication network RES.
  • the USIM module is electrically cut off from the telephone.
  • Another embodiment could have been consist of a communication between the USIM module and a server connected to the network, the server being capable of performing a computer task for which the execution requires the knowledge of secret data stored on the USIM module.
  • the communication between the USIM module and the server is no longer direct, the phone, and possibly other data processing devices, can be intercalated between them.
  • a trusted server SC is connected to the network RES.
  • the purpose of this trusted server is to deliver a second encryption key K to both the phone and the USIM module.
  • This second encryption key K has the function of encrypting the transmission of the first encryption key k from the USIM module to the MOB phone.
  • only one second encryption key is transmitted.
  • the invention is not limited to this example; the number of second encryption key K transmitted may be arbitrary.
  • several second encryption keys can be used for the encryption of a first encryption key k.
  • the trusted server can transmit several second encryption keys K en bloc in order to reduce the number of messages sent to the module and to the device;
  • this trusted server SC preferably comprises means for authenticating the MOB telephone and the USIM module.
  • the trusted server relies on any useful information at its disposal to perform the authentication.
  • a first type of authentication possible is the verification of the validity of the certificate associated with the MOB phone
  • This certificate is generally issued by a trusted entity called certification server ANU (also called public key architecture) known to those skilled in the art.
  • This ANU certification authority server is able to guarantee that a certificate stored in a phone is a valid certificate and that it is not revoked.
  • the trusted server SC can then refer to this certification server ANU to determine if the certificate is valid and thus authenticate the phone.
  • a second type of authentication possible may consist of strong authentication. This second variant will be explained in the following description with reference to FIG.
  • the authentication of the USIM module is based on an IMSI / ki pair intimately linked to a USIM module. This pair is stored in the USIM module and on an AUC authentication server.
  • the authentication server performs a prior authentication step of the USIM module. This authentication verifies that the IMSI identity transmitted by the mobile is correct. This verification protects both the operator against the fraudulent use of its resources, and secondly the subscriber by prohibiting third parties to use his subscriber account.
  • the trusted server SC can then refer to this USIM card AUT authentication server in order to authenticate the USIM module.
  • the trusted server SC comprises means for communicating with the authentication server AUC of the security module.
  • the trusted server communicates with the telephone-module pair through a GSM type mobile telecommunication network.
  • This trusted server SC also comprises means for communicating with the telephone-module pair in order to deliver the second encryption die K. Preferably, this delivery takes place after a successful authentication of the phone and the module has taken place. This prior authentication step is not mandatory but necessary depending on the degree of security desired for transmitting the second encryption key K.
  • the algorithm of FIG. 2 comprises various steps illustrating an exemplary implementation of the method of the invention.
  • a USIM module is coupled to a telephone MOB.
  • the mobile phone is powered on, and the USIM module is automatically authenticated by the AUT authentication server.
  • This authentication step corresponds to that described above.
  • the user UT activates a service for example by means of an interface present on his phone.
  • the service consists of viewing multimedia content on a screen of the MOB phone.
  • the provider downloads encrypted multimedia content to the MOB phone. This content is encrypted using the first encryption key k.
  • tors of a third step ET3 the phone receives the encrypted content and stores it. This content can be decrypted either automatically without user intervention UT or on request of the user UT. _ _
  • a signal is sent to the trusted server SC to inform it of the need to create a secure link between the MOB phone and the USIM module coupled to the phone.
  • the origin of the signal can be varied. Its origin may be the MOB telephone, the USIM module, the content provider or any other element of the network having knowledge of the need for the phone to decrypt the encrypted content by means of a first encryption key k stored in the module.
  • the signal is emitted by the USIM module.
  • the USIM module has already been authenticated by the RES network when powering on the MOB phone, it remains for the trusted server to authenticate the MOB phone.
  • the phone receives an encrypted content and sends a signal to the USIM module informing the need to secure the link between the MOB phone and the USIM module, the module in turn transmitting a signal to the trusted server SC for the inform of this need.
  • the telephone could be the initiator of the signal.
  • the phone would emit a signal directly to the module without signaling it to the trusted server SC to inform it of the need to secure the link between the MOB phone and the USIM module.
  • the trusted server SC authenticates MOB phone identified by the authentication server ANU.
  • MOB is for the trusted server SC to achieve strong authentication. This authentication takes place in several phases; During a first phase ET41, the trusted server SC tries to obtain from the MOB at least its public key KPU to verify with the certification server ANU that the certificate associated with this public key is valid.
  • the trusted server SC transmits a challenge (also called random by the skilled person) to the mobile phone MOB.
  • the mobile phone responds by signing this challenge using the private key stored in its certificate.
  • the trusted server SC receives the signed challenge and verifies the veracity of this signature with the public key resulting from the certificate received during the ET41 phase.
  • step ET6 If it turns out that the challenge has been signed by the right issuer with a valid certificate, the authentication is successful, and the process can be continued in step ET6. Otherwise, the authentication has failed, which means that the user can not use the service (see ET5).
  • a fifth step ET5 if the authentication of the phone has failed, the trusted server SC does not continue the key issuing process.
  • the user wishing to use the service returns to the first step ET1 or the second step ET2.
  • the trusted server SC transmits, in a sixth step ET6, its second encryption key K to both the telephone and the USIM module.
  • this second encryption key K is encrypted by means of the _ _
  • This second encryption key K is also sent to the USIM module.
  • the sending is done by SMS according to the standard 3GPP TS 03.48.
  • the SMS is encrypted and its decryption can only be done by the USIM module.
  • a seventh step E7 the USIM module transmits to the MOB phone the first encryption key k encrypted by means of the second encryption key K.
  • the MOB phone receives the first encrypted key k by means of the second key K.
  • a ninth step ET9 the telephone decrypts using the second encryption key K and obtains the first encryption key k.
  • the phone then decrypts the encrypted content with the first encryption key k.
  • the multimedia content can then be read by the user.
  • the USlM module is removed from the MOB phone and inserted into another phone. The preceded resumes the same way in the first step ET2.
  • key K is a session key. This key is then usable only temporarily, for example for the identified phone - ID -
  • authentication of the module in step ET1 can take place at any time before the phone decides to transmit the second encryption key K.
  • the fourth step ET4 can also take place before the third step ET3.
  • the authentication of the phone takes place before the encrypted content is downloaded to the phone.
  • the exemplary embodiment relates to a direct link between the data processing device and the module.
  • the link is indirect, at least one other data processing device is intercalated between them.
  • the task is performed by a data processing device that is not directly connected to the security module.
  • the multimedia content is decrypted on any server of the network and that the phone is only used to view the decryption performed by this server.
  • the trusted server transmits the second encryption key K to the server in question.
  • step of issuing the second encryption key is preceded by a step of authenticating the data processing device and the module by the trusted server.
  • This double authentication ensures that each actor, namely the data processing device that carries out the computer task and (e module that stores secret data is trustworthy before any encryption key transfer K.
  • a single device requires a secure link with a single module.
  • the number of authentication is, at best, equal to the number of device and module involved by a secure link.
  • step 7 of our exemplary embodiment a single encryption key is transmitted to the phone and module that have been identified.
  • this example is not limiting, in fact, for the same computer task to be performed by the device, for example the reading of a multimedia content, it is possible that several messages including secret data can pass from the module to the device. data processing.
  • the trusted server in order to enhance the security, and if, preferably, the authentication of both the data processing device and the module is successful, the trusted server generates at least one session key as a key K encryption for performing the computer task.
  • the trusted server SC transmits at least a second encryption key K, - o -
  • the identification step is preceded by sending a signal to the trusted server (SC) to inform it of the need to create a secure link between the device and the module.
  • the initiator of this signal may be any data processing device having knowledge of the need to encrypt the communication between the device and the module.
EP06726259A 2005-04-07 2006-03-20 Gesicherte übertragung zwischen einem datenbearbeitungsgerät und einem sicherheitsmodul Withdrawn EP1867189A1 (de)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
FR0503471 2005-04-07
FR0553766 2005-12-08
PCT/FR2006/050240 WO2006106250A1 (fr) 2005-04-07 2006-03-20 Communication securisee entre un dispositif de traitement de donnees et un module de securite

Publications (1)

Publication Number Publication Date
EP1867189A1 true EP1867189A1 (de) 2007-12-19

Family

ID=36685943

Family Applications (1)

Application Number Title Priority Date Filing Date
EP06726259A Withdrawn EP1867189A1 (de) 2005-04-07 2006-03-20 Gesicherte übertragung zwischen einem datenbearbeitungsgerät und einem sicherheitsmodul

Country Status (4)

Country Link
US (1) US20090044007A1 (de)
EP (1) EP1867189A1 (de)
JP (1) JP2008535427A (de)
WO (1) WO2006106250A1 (de)

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2007085175A1 (fr) * 2006-01-24 2007-08-02 Huawei Technologies Co., Ltd. Procédé, système d'authentification et centre d'authentification reposant sur des communications de bout en bout dans le réseau mobile
US7822206B2 (en) * 2006-10-26 2010-10-26 International Business Machines Corporation Systems and methods for management and auto-generation of encryption keys
US8706642B2 (en) * 2006-12-12 2014-04-22 Lenovo (Singapore) Pte. Ltd. Apparatus, system, and method for securely authorizing changes to a transaction restriction
GB2468337C (en) * 2009-03-04 2014-08-20 Michael Ian Hawkes Method and apparatus for securing network communications
US10193873B2 (en) * 2010-09-30 2019-01-29 Comcast Cable Communications, Llc Key derivation for secure communications
KR20120132013A (ko) * 2011-05-27 2012-12-05 주식회사 팬택 휴대용 단말, 휴대용 단말의 하드웨어 모듈간에 전송되는 데이터의 보안 방법
KR20130031435A (ko) * 2011-09-21 2013-03-29 주식회사 팬택 휴대용 단말의 암호화 키 생성 및 관리 방법 및 그 장치
KR101293260B1 (ko) 2011-12-14 2013-08-09 한국전자통신연구원 이동 통신 단말 및 방법
KR101625070B1 (ko) * 2014-06-17 2016-05-27 주식회사 케이티 문자 메시지 정보 보호 방법, 단말 및 컴퓨팅 장치
FR3068498B1 (fr) * 2017-06-29 2019-07-19 Sagemcom Energy & Telecom Sas Procedes de partage et d'utilisation d'un secret

Family Cites Families (26)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5020105A (en) * 1986-06-16 1991-05-28 Applied Information Technologies Corporation Field initialized authentication system for protective security of electronic information networks
FR2668002B1 (fr) * 1990-10-10 1994-05-06 Gerald Mazziotto Installation radiotelephonique a service de pre-paiement securise.
US5204897A (en) * 1991-06-28 1993-04-20 Digital Equipment Corporation Management interface for license management system
US5412717A (en) * 1992-05-15 1995-05-02 Fischer; Addison M. Computer system security method and apparatus having program authorization information data structures
US5440635A (en) * 1993-08-23 1995-08-08 At&T Corp. Cryptographic protocol for remote authentication
US5384847A (en) * 1993-10-01 1995-01-24 Advanced Micro Devices, Inc. Method and apparatus for protecting cordless telephone account authentication information
FI112419B (fi) * 1996-06-06 2003-11-28 Nokia Corp Menetelmä tiedonsiirron salaamiseksi
US6081600A (en) * 1997-10-03 2000-06-27 Motorola, Inc. Method and apparatus for signaling privacy in personal communications systems
US6097817A (en) * 1997-12-10 2000-08-01 Omnipoint Corporation Encryption and decryption in communication system with wireless trunk
FR2774238B1 (fr) * 1998-01-26 2000-02-11 Alsthom Cge Alcatel Procede de transfert d'information entre un module d'identification d'abonne et un terminal mobile de radiocommunication, module d'identification d'abonne et terminal mobile correspondants
US6252544B1 (en) * 1998-01-27 2001-06-26 Steven M. Hoffberg Mobile communication device
EP1180313B1 (de) * 1999-06-02 2005-03-09 Swisscom Mobile AG Verfahren für die Bestellung und Übermittlung von digitalen Medienobjekten zu einem im Zuge der Bestellung übermittelten Ladezeitpunkt, und ein dafür ausgebildetes Kommunikationsendgerät
FI109864B (fi) * 2000-03-30 2002-10-15 Nokia Corp Tilaajan autentikaatio
US7020773B1 (en) * 2000-07-17 2006-03-28 Citrix Systems, Inc. Strong mutual authentication of devices
FI115098B (fi) * 2000-12-27 2005-02-28 Nokia Corp Todentaminen dataviestinnässä
US20020147820A1 (en) * 2001-04-06 2002-10-10 Docomo Communications Laboratories Usa, Inc. Method for implementing IP security in mobile IP networks
EP1257106B1 (de) * 2001-05-08 2005-03-23 Telefonaktiebolaget LM Ericsson (publ) Sicherer Zugang zu einem entfernten Teilnehmermodul
US7243370B2 (en) * 2001-06-14 2007-07-10 Microsoft Corporation Method and system for integrating security mechanisms into session initiation protocol request messages for client-proxy authentication
FR2826212B1 (fr) * 2001-06-15 2004-11-19 Gemplus Card Int Procede de chargement a distance d'une cle de cryptage dans un poste d'un reseau de telecommunication
US20040029562A1 (en) * 2001-08-21 2004-02-12 Msafe Ltd. System and method for securing communications over cellular networks
US6985462B2 (en) * 2001-10-05 2006-01-10 Telefonaktiebolaget Lm Ericsson (Publ) System and method for user scheduling in a communication network
GB2384403B (en) * 2002-01-17 2004-04-28 Toshiba Res Europ Ltd Data transmission links
JP4104421B2 (ja) * 2002-10-25 2008-06-18 ソフトバンクモバイル株式会社 情報通信端末におけるデータ処理方法及び情報通信端末
FR2847756B1 (fr) * 2002-11-22 2005-09-23 Cegetel Groupe Procede d'etablissement et de gestion d'un modele de confiance entre une carte a puce et un terminal radio
ATE349039T1 (de) * 2003-09-03 2007-01-15 France Telecom Vorrichtung und verfahren zur verteilung von zugangsdaten für inhalte
ATE332549T1 (de) * 2003-09-03 2006-07-15 France Telecom Vorrichtung und verfahren zur sicheren kommunikation basierend auf chipkarten

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO2006106250A1 *

Also Published As

Publication number Publication date
US20090044007A1 (en) 2009-02-12
JP2008535427A (ja) 2008-08-28
WO2006106250A1 (fr) 2006-10-12

Similar Documents

Publication Publication Date Title
EP1867189A1 (de) Gesicherte übertragung zwischen einem datenbearbeitungsgerät und einem sicherheitsmodul
EP2249543B1 (de) Verfahren zum Autorisieren einer Verbindung zwischen einem IT-Endgerät und einem Ursprungsserver
EP1917756B1 (de) Verfahren zur erstellung eines sitzungsschlüssels und einheiten zur umsetzung dieses verfahrens
EP2242229A1 (de) Authentifizierungsverfahren eines mobilen Client-Endgeräts bei einem Fernserver
EP2614458A2 (de) Authentifizierungsverfahren für den zugang zu einer website
EP1784016A1 (de) Verfahren zur Sicherung der Datenübertragung zwischen einem Multimediaendgerät und einem Sicherheitsmodul
WO2010023298A2 (fr) Procedes securises de transmission et de reception de donnees entre terminaux comprenant des moyens de communication en champ proche, et terminaux correspondants
WO2015135793A1 (fr) Procédé de contrôle d'accès à une zone réservée avec contrôle de la validité d'un titre d'accès stocké dans la mémoire d'un terminal mobile
WO2016207715A1 (fr) Gestion securisee de jetons électroniques dans un telephone mobile.
EP1514377A1 (de) Schnittstellenverfahren- und einrichtung zum online-austausch von inhaltsdaten auf sichere weise
WO2007051769A1 (fr) Procede de depot securise de donnees numeriques, procede associe de recuperation de donnees numeriques, dispositifs associes pour la mise en œuvre des procedes, et systeme comprenant les dits dispositifs
WO2006035159A1 (fr) Systeme et procede cryptographique a cle publique et serveur de certification, memoires adaptees pour ce systeme
EP1419640B1 (de) Verfahren zur herstellung von neuer vorrichtungen und verfahren zum empfang und zur rundfunk von daten in einem digitalen lokalen netzwerk
EP1587238A1 (de) Verfahren zum Verifizieren, in einem Funkendgerät, der Authentizität von digitalen Zertifikaten und Authentisierungssystem
EP2471237B1 (de) Mobile elektronische vorrichtung mit konfiguration zur herstellung einer sicheren drahtlosen kommunikation
WO2017077211A1 (fr) Communication entre deux éléments de sécurité insérés dans deux objets communicants
FR2908194A1 (fr) Entite electronique portable et procede de blocage, a distance, d'une fonctionnalite d'une telle entite electronique portable
EP1502382B8 (de) Netzwerkzugangsregelverfahren
EP0566492B1 (de) Verfahren zur Authentifizierung eines Datenverarbeitungssystems aus einer Computerdiskette
WO2007077387A1 (fr) Procede de distribution de contenus televisuels soumis a abonnement
WO2021249854A1 (fr) Procédé d'acquisition et de traitement sécurisé d'une information secrète acquise
WO2010133459A1 (fr) Procede de chiffrement de parties particulieres d' un document pour les utilisateurs privileges
EP2330772A1 (de) Verschlüsselungsverfahren mit öffentlichem Schlüssel ohne Zertifikat
EP1992104A1 (de) Authentifizierung einer computervorrichtung auf benutzerebene
EP2317691A1 (de) Vorrichtung und Verfahren zur kontextueller und dynamischer Sicherung der Datenaustausch durch ein Netzwerk

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20071016

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LI LT LU LV MC NL PL PT RO SE SI SK TR

RIN1 Information on inventor provided before grant (corrected)

Inventor name: FERRAZZINI, AXEL

Inventor name: CHAUVAUD, PASCAL

Inventor name: ANZA, DIEGO

DAX Request for extension of the european patent (deleted)
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20111101

R18D Application deemed to be withdrawn (corrected)

Effective date: 20111001