FI108183B - New method for checking data - Google Patents

Description

108183

New method for checking data

The invention relates to data transmission security and data checking especially in digital mobile communication networks.

5 Security is becoming an increasingly important factor in the telecommunications sector. The use of paper communications is decreasing and the use of modern electronic systems is constantly increasing. This trend increases the risk that information transmitted via electronic networks may fall into the wrong hands. The information may also change during the transfer due to different transmission path interference.

10 Methods have been developed to enable the recipient to detect whether information has been altered between the sending and receiving end. The same methods can be used to detect whether data has changed due to transmission path interference. Usually, these methods use some kind of error detection algorithm codes, such as parity checking.

15 One very effective way to find errors is to use a so-called. CRC • (Cyclic Redundancy Check). CRC is very effective but easy to implement: '. · A method to ensure the reliability of the information. The basic idea behind CRC is that an extra n-bit period is added to each data frame during transmission. This over-: '; the n-bit period is called the frame check period (FCS). The transmitter forms the FCS from the original data frame. The resulting frame (the original frame and. ·:. FCS connected in series) is divisible by some predefined polynomial called the CRC polynomial. The data frame transmitted at the receiving end is divided by a CRC polynomial. The remainder of the division invoice is checked and if it is zero, ;; · * The data transmitted has not changed on the transmission path.

. v. 25 In addition to error checking, it is necessary to secure the data so that only the intended recipient can find out the contents of the data frame. There are basically two different security methods available for this. These methods are based on algorithms or algorithms used to encrypt and decrypt data.

. : _ _: The first method is based on the secret key method. The secret key 30 method uses only one key or algorithm to encrypt and decrypt the data. Both the sender and the recipient of the information use the same secret key. The most important thing about the secret key method is that the key should remain secret so that only the sender and the recipient know it. One of the major problems with the secret key method is that the key should be sent secretly from 2 108183 from the first user to the second, which means that a third party has the opportunity to take possession of the secret key.

Another security method is based on a pair of secret key and public key. The user creates these two keys. The public key is distributed to va-5 released to all. All other users encrypt their public key messages with this public key. You can only decrypt an encrypted message with a secret key known only to the key publisher. An advantage of the public key method is that the secret key does not have to be transmitted anywhere, and therefore the information flood is better than the secret key method described above. The effectiveness of the method using Julio and the secret key is based on the fact that the method is very mathematically difficult, so that decryption of encrypted data without a secret key takes so long that encrypted data is already obsolete when decryption without the correct keys is completed.

Digital underlay placement is used to verify the identity of the underlay investor, the sender of the information. Preferably, the digital signature is based on the use of a secret and public key method to implement data sub-location. For example, the digital signature works as follows: For example, the sender of the message derives an error check value from the original message. After that, • •; 'The sender encrypts the error-checking brain with its own private key and sends the initial' · '' message to the recipient of the 20-year-old message and encrypted error-checking brain. The recipient will unload • ...; encrypted debugger's encryption with the sender's public key, which has been made available by the sender: The recipient also derives the error-checking brain:,:: from the original message and compares the two error-checking brains. If the brain is the same, the message is from the right sender. If the brain is different in size, the message is 25 false.

• · · • «· ·; ' It is planned that mobile networks such as GSM would be able to transmit data: V: as data packets. In GSM this is done by connecting to the GSM network the so-called General Packet Radio Seivice (GPRS) network. Figure 1 shows one possible *. GPRS network setup. The figure shows a mobile station 101 which is connected to the mobile communication center "MSC" 104 via a base station (BTS) 102 and a base station controller (BSC) '···' 103. Various networks may be connected to the mobile switching center 104, such as the Public Switched Telephone Network (PSTN) 105 and the SS7 network. The base station controller 103 is provided with a new network element called a packet control unit (PCU) 107. However, it is not necessary that the PCU (107) be located in the base station controller (103); it may also be a stand-alone unit or located at base station 3,108,183 (102). The PCU 107 is configured to control data packets. The packet network 112 is associated with other network topology via the PCU 107. A GNSS Serving GPRS Support Node 108 is provided between the GPRS core network 113 and the PCU 107. The GPRS network also includes a GPRS register 109, or more generally, a home location register 5 containing some user-specific information related to its GPRS. Through the Gateway GPRS Support Node 110, other types of packet networks 111 can be connected to the GPRS network, such as IP, OSI data or X.25 networks. In Figure 1, communication and signaling between network elements is represented by a solid line and signaling between network elements by a dashed line. A similar arrangement is planned for third generation mobile networks for transferring information in the form of packet data.

It is important to know that the information received is from the correct sender. The methods described herein are also used to establish the identity of the sender of the information as described above. One possible way to perform a backup is to derive a so-called. an authentication value, which is a kind of digital signature. The authentication value can be arranged to be derived from various inputs. The input can be, for example, the packet number, the direction of the packet to be transferred. : ': (Up, down), secret key or similar brain. Algorithm to honor '. *. the tentative brain is calculated, is the same or opposite in the sending and receiving. ; ·. 20 miles away. If the algorithm is not strong enough, it is kept secret. Calculated authentic. .. the stack value is included in each packet so that each individual packet contains * !! This key is used to verify the originality of the data packet contents. The examples described in this application generally use the absolute OR logic function (XOR function). However, it will be clear to one skilled in the art that any function f for which the opposite function f1 exists such that f '(f (x)) = x may equally well be used.

»*»

The above authentication method has one major disadvantage. It breeds mer- «« «* · *. ' packet size because the calculated authentication brain is sent in each data · · «packet separately from the other data to be transmitted. Thus, these additional authentic-30 coyote brainstorms waste some of the data transmission capacity.

It is an object of the present invention to provide a novel method for transmitting an authentication brain over a packet data transmission network without increasing the packet size. It implements simple packet-specific authentication so that the recipient can verify with one check whether the packet is valid. Another object of the invention is to provide a transmitter 35 capable of providing an authentication value to a packet so that the size of the packet 4 108183 does not increase. A third object of the invention is to provide a receiver capable of checking whether transmitted data has changed in the transmission path. A fourth object of the invention is to provide a mobile station capable of transmitting and receiving an authentication value without increasing the packet size.

5 The above objectives are achieved by combining the authentication value with the error check data so that it does not increase the packet size. Mapping the authentication value to the error check data is done using, for example, some logical function. At the receiving end, the combination of the error check value and the authentication value is processed so that the falsification of the data can be checked.

An advantage of the present invention is that, when using this arrangement in a communication system, the system bandwidth can be saved. It also allows digital signatures to be used with fixed-length frames of existing protocols without changing frame formats. This way authentication can be ensured without increasing the packet size. One important aspect is that the invention is applicable to all digital communication systems.

The steps characteristic of the process according to the invention are set forth in claim 1.

Characteristic features of the transmitter of the invention are set forth in claim 10.

The features of the receiver according to the invention are set forth in the patent 1. ' * in Claim 12.

The features of the station of the invention are set forth in claim 14.

• · · • · *

The present invention will now be described in more detail with reference to the accompanying drawings in which: * * 'Figure 1 illustrates a possible arrangement of a GPRS network, * *: Figure 2 illustrates a possible arrangement at the transmission end,: Figure 3 illustrates a possible arrangement at the reception end, and:. ·. Figure 4 is a block diagram of a mobile station.

. In the present invention, the data to be transmitted are processed similarly at both ends, i.e.. at the transmitting end and at the receiving end so that the authenticity of the message can be checked. At the transmitting end, as shown in FIG. 2, the error check value, which in this preferred embodiment is CRC 205, is derived from the original data 201. Next, the authentication value 202, which may be derived by using an input packet number or secret key and secret algorithm, is combined. The dashed line indicates that the authentication value 202 is somehow derived from the original data 201. In this preferred embodiment of the invention, the CRC 205 and the authentication value 202 are combined by a logical XOR ("absolute OR") function 203. The XOR function 203 returns 1 when exactly one of its two results is 1. Thus, the data to be transmitted comprises an original da-10 field 201 and a second field consisting of a value 308 associated with the CRC 205 and an authentication value 202 combined with the XOR function. it is clear that the authentication value 202 can be any value that is advantageously possible to derive from the original data 201.

The data received at the receiving end is arranged to be processed in the opposite way as shown in Figure 3. The data 308 processed by the XOR function is reprocessed by the XOR function 203 together with an authentication value 302 which is the same as the authentication value 202 of the transmitting end if the transmitted data has not changed. The authentication value 302 can be derived from the received data 301 in the same way as at the transmission end. According to the rules of binary algebra, this new XOR-20 processing 203 produces a CRC value of 304. By comparing 305 this CRC 304 with another, counter. to the CRC 303 calculated from the received data at the input end, it can be detected whether the data has changed in the transmission path. If comparison 302 shows that CRC.t 303; 304 are. ·: ·. same, the received data 301 has shifted unchanged 306. But if the comparison 305. ···. indicates that CRCs 303; 304 are different, it means that the original III 25 data 201 has changed on the transmission path or that the authentication value 302 was not correct at the • • · I .. receiving end. The received data can then be deleted 306.

• «» • * ·

It will be apparent to one skilled in the art that the method disclosed will disclose all instances where original data 201 has been processed between the send end and the receiving end, provided that an authentication value 202; The algorithm used to derive 302 is kept secret. If the original data 201 has been modified, the CRCs 303; 304 differ from each other as described above. Similarly, if the receiving end authentication value 302 is not: ... · the same as the transmitting end authentication value 202, the CRC values 303 compared to each other; 304 • ': do not match. This is because the XOR operation 203 performed on the received data 308 and the authentication value 302 processed by the XOR function does not yield the original CRC value 205.

6 108183

It will be apparent to one of ordinary skill in the art that the check may also be performed by calculating at the receiving end CRC from the received data 301 and then performing a new XOR operation on the XOR handled data 308 so that an authentication value is obtained. The second authentication value can be derived in some way from the received data 301 51. The two authentication values 305 are then compared to each other, and if the comparison 305 matches, the data is shifted unchanged. If the comparison does not match, the received data can be deleted. A third possibility to verify the authenticity of the data is that the receiver derives the authentication value 202 and the error check value 303 from the received data 301 and performs an XOR operation on them. The result 10 of this XOR operation is compared with the received XOR-processed data value 308. If the comparison matches, the received data is genuine, if not, the data is distorted on the transmission path.

An authentication value 202; The input 302 may preferably be a packet number or a secret key. At both ends, the same, preferably secret, algorithm for authentication value 202; 302 calculation. Thus, the authentication value 202; 302 may be, for example, a CRC of original data 201 encrypted with the sender's secret key. It will be apparent to one skilled in the art that most preferably, the authentication value 202; 302 is derived from an input that depends on the data to be transmitted. One possible authentication value 202; The input 302 is the direction (uplink or downlink) of the transmitted data packet.

It is clear that the data field can also be encrypted so that no unauthorized person can read the message. The above methods can be used for this encryption.

: "'; One possible application of the present invention is to use it in all solutions using data packet transmission. Consider, for example, a state-25 network in which mobile station 101 is connected to another mobile station 101 over a GPRS network. The mobile station 101 is arranged to secure the data to be transmitted so that it cannot be altered by unauthorized persons.When the data is ready to be transmitted, the CRC 205 is derived from the digital data 201 in the transmitter block of the mobile station 101. Similarly, the authentication value 202 is derived from the digital data 201 in the transmitter block. 30, the authentication value 202 is combined by a logical function 203. In the transmitter block of the mobile station 101, the original digital data 201 and the combination of the CRC 205 and the authentication value 202 are arranged in the same data packet to be transmitted.

For example, a data packet is transmitted over a GPRS network to another mobile station 101. The receiver block of the mobile station 101 receives a data packet, or more specifically, a combination of blocks 301 and 308, and derives an authentication value 302 in the same manner as 7108183. The derived authentication value 302 is combined with the XOR-processed data field 308 by the same logical operation 203, preferably the XOR function, as in the transmitter block. In this preferred embodiment of the invention, the result of the combination is a CRC value 304. The receiver block derives the original data of the second CRC 303 al-5 to check whether the data originates from the original sender. A check can be made by comparing 305 these two CRC values 303; 304 with each other. If the check 305 indicates that the data is undistorted 306, the receiver block of the mobile station 101 forwards the data to other blocks of the mobile station so that the user of the mobile station 101 can discover the content of the data. If the comparison 305 10 fails, it indicates that the unauthorized person has altered the data or the data has been distorted during transmission, whereby the data may be destroyed 307 in the receiver block of the mobile station 101. Alternatively, the data may be presented to the user of the mobile station 101 while indicating that the data has changed on the transmission path. It will be apparent to one skilled in the art that the data transmitted between the user of the transmitting mobile station 101 and the user of the receiving mobile station 101 may be any data that can be transmitted in a packet data network. Further, one skilled in the art will recognize that the above logical function can be implemented using hardware-level logic gates. The same result is achieved by programmatic implementation.

Figure 4 is a block diagram of a digital mobile station according to a preferred embodiment of the invention. The mobile station comprises parts typical of a conventional mobile station, such as a microphone 401, a keypad 407, a display 406, a headset 414, an antenna duplexer or switch 408, an antenna 409, and a control :. unit 405. In addition, the mobile station comprises typical transmitter and receiver blocks 404, 411. The transmitter unit 404 comprises the functions necessary for speech and channel coding, encryption and modulation, and the RF components required for signal amplification. The receiver block 411 comprises the necessary amplifier parts and functions necessary for demodulation, decryption and decoding of the channel and speech. The signal from microphone 401 is amplified in amplifier stage 402 and converted to digital in A / D converter 403, after which it is applied to transmitter block 404. The transmitter block encodes a digital signal and generates a modulated and amplified RF signal which is output to duplexer or switch. ;!. ' via block 408 to antenna 409. Receiver block 411 demodulates the received signal and decrypts and channel encodes. The resulting speech signal is converted to an analog V in a D / A converter 412, whose output signal is amplified at amplifier stage 413, after which the amplified signal is applied to a headset 414. The control unit 405 controls the operation of the mobile station, reads user control commands from the keypad 407 through.

8 108183

Further, in this preferred embodiment, the transmit block 404 comprises first means 416 for deriving an authentication value from the data to be transmitted, second means 417 for deriving an error check value from the transmitted data and third means 418 for combining said authentication value and said error check value with a logical function. Similarly, in this preferred embodiment, the receiver block 411 further comprises first means 420 for deriving a first reference value from received data, second means 421 for calculating a second error check value from received data, third means 422 for at least partially calculating a second reference value said second error check value, a second authentication value, and said first reference value, and fourth means 423 for comparing said second reference value with a third value, which is one of said second error check value, said second authentication value and said first comparator value. Said means may be any arrangement by which the described operations can be performed. The means may be, for example, a microprocessor 415 of a mobile station transmitter-404 and a receiver block 411; 419 computer programs performed to perform the procedures described above.

The present invention is not limited to the embodiment of Figure 4, which is shown by way of example only. The invention can equally be applied, for example, to analog data transmission means.

. ; * The data validation described above can also be traced so that the validation is performed in the network element. For example, the GPRS network comprises an SGSN 108 which communicates with a mobile station 101 via a logical link called an LLC. LLC includes CRC function (ETSI GSM 03.60). According to a preferred embodiment of the invention, the authentication value is added to the CRC field to enable packet-specific authentication. The advantage is that the network operator can •; ··; that the package comes from the right user. In some cases (such as user-encrypted traffic, browsing public web pages), this method can avoid using encryption. In addition, this system allows the network operator: · * to charge for network usage. To one skilled in the art: · It will be understood that SGSN 108 comprises corresponding means 415; 416; 417; 418; 419; 420; I '·': 421; 422; 423 for checking information as receiver block 404 and transmitter block 411. Said network element may also be any network element 35 other than SGSN 108. It will be apparent to one skilled in the art that in a preferred embodiment of the invention, the network element may comprise the means 415 described above; 416: 9 108183 417; 418; 419; 420; 421; 422; 423. The functions of the instruments may also be implemented by any other means suitable for telecommunications.

For example, the same functions can be performed in the base station transmitter block and the receiver block.

The disclosed method can also be applied to file management and encryption of computer systems. For example, the operating system can verify that changes to operating system settings are made by the right person by comparing user-specific values that can be derived from a user-modified file. If the configuration file has been modified by someone other than the appropriate system administrator 10, the changes will be undone.

A packet data network can be any network capable of transmitting data in the form of data packets. In addition to the GSM or UMTS GPRS network, the network may be, for example, an IP protocol network.

In a preferred embodiment of the invention, the digital signature created by the public and private key method described above can also be used as an authentication value. The CRC value may be any other error check value that can be applied to the arrangements described above.

It will be obvious to one skilled in the art that the original data 201 contained in the data packets may be encrypted so that unauthorized persons cannot discover the contents of the message. '; One possible solution to accomplish this is to use a public-private key method to encrypt the original message before the above steps.

»» · • * »•» ·

It will be apparent to one skilled in the art that said mobile station 101 may mean any station capable of transmitting data in the form of data packets.

t #> #; 25 The drive may be, for example, a computer device or any other drive using wireless data transmission.

• · ·: Similarly, one of ordinary skill in the art will recognize that the term “packet” as used herein may refer to any element, such as a frame or cell (in ATM), in which data is transmitted.

! · ': 30

Claims (16)

108183 ίο A method for checking data, characterized by: - calculating a first reference value at least partially based on a first error check value and a first authentication value (202) calculated from the data, 5. calculating a second error check value from the data, - calculating a second reference value and the second value being two of said second error check value, a second authentication value and said first reference value, - comparing said second reference value to a third value which is one of said second error check value, said second authentication value and said first reference value. 2. Förfarande enligt patentkrav 1, kännetecknat av att data har formen av packet att mändare firän en sändare account en mottagare och nändn första referdervild tillsätts packet som skall sänän. Method according to claim 1, characterized in that the data is in the form of packets transmitted from the transmitter to the receiver and said first reference value is added to the packet to be transmitted. 3. Förfarande enligt patentkrav 2, kännetecknat av att data sänds i et cellulär-5 system. A method according to claim 2, characterized in that the data is transmitted in a cellular system. The method according to claim 2, characterized in that said en-. The first and second authentication values (202; 302) are at least partially derived by a packet number. The authentication ring (202; 302) of the Förfarande enligt patent krav 2, kännetecknat av att nnd första och andra authentication (härleds etminstone delvis med ett packet number). 5. A packet of tags (202; 302) is provided with a packet of som scallons in a packet (202; 302). A method according to claim 2, characterized in that said first and second authentication values (202; 302) are derived at least partially by the direction of the packet to be transmitted. ♦ · · · '* 6. The method of claim 1, characterized in that said computation field is executed using the "absolute" function. 7. A method according to claim 1, characterized in that said method; The first and second authentication values (202; 302) are derived, at least in part, by a secret:: key. 6. Förfarande enligt patentkrav 1, kännetecknat av att nämnda beräkning utförs med användning av functionenen "ovillkorlig ELLER". The authentication ring (202; 302) of the translation protocol (202; 302) is released. 8. The Förfarande enligt patentkrav 1, the control protocol for this control and the CRC (205; 303; 304). A method according to claim 1, characterized in that said first and second error check values are CRC values (205; 303; 304). π 108183 9. Förfarande enligt patentkrav 1, kännetecknat av att nämnda första och andra: '': Authentication services beräknas ätminstone delvis utgäende frän datan. ; ' 10. Sändare, kännetecknad av att den innefattar 20. organ för att härleda authentication colors (202) frän data (201) som skall sänäs, '- organ för att härleda felk controlvärd frän data (201) som skall sänäs, och - organ för att kombinera This Authentication Function (202) and the Control Function • * "*: med en logisk function för att bilda et första reference. f, · · 11. Sändare enligt patentkrav 10, kännetecknad av att nämnda logiska function: ;; ': 25 är" ovillkorlig ELLER "(203).:.: 12. Mottagare för att ta tact data, innefattande organ för att controllera mottagna data, kännetecknad av att mottagaren innefattar - organ för att härleda et första reference value frän mottagna data, 14 108183 - organ för att beräkna ett andra feldverdärdad main mottagna data, - org för att beräkna et andra refervarvät ätminstone delvis utgäende frän det första och det andra svdet, colors det första och det andra svdet av feljande: nämnda andra super control, andra authentication certification och nämnda första reference, och - organ för att Jämföra andra reference med med tredje Värde, som är et av superordinate: nämnda andra förstavärde A method according to claim 1, characterized in that said first and second authentication values are at least partially calculated on the basis of data. A transmitter, characterized in that it comprises: - means for deriving an authentication value (202) from the data to be transmitted (201), 5 means for deriving an error check value from the data to be transmitted (201), and means for combining said authentication value (202) form. Transmitter according to claim 10, characterized in that said logical function is "absolute" (203). A receiver for receiving data including means for checking received data, characterized in that the receiver comprises: - means for deriving a first reference value from the received data, - means for calculating a second error check value from the received data, - means for calculating the second reference value which first and second values are two of said second error check value, a second authentication value, and said first ver-I. · Tail value, and. · · ·. - means for comparing said second benchmark with a third value, which is one of said second error check value, said second authentication value * · 4 "... 20 and said first reference value. • · · * · ·» Mottagar enligt patent krav 12, kännetecknad av att mottagaren inrättats fig 10 utföra en "ovillkorlig ELLER" logic function (203). A receiver according to claim 12, characterized in that the receiver •: · · · is arranged to perform an "absolute OR" logic function (203). 14. A station comprising a transmitter and a receiver, characterized in that the transmitter ': comprises: means for deriving an authentication value (202) from the data to be transmitted (201), means for deriving an error check value from the data to be transmitted (201). ), and 12 108183 means for combining said authentication value (202) and the error check value by a logical function to form a first reference value; and the receiver comprising: 5. means for deriving a first reference value from the received data, - means for calculating a second error check value from the received data, - means for calculating the second reference value at least partially based on the first and second values; first comparison values - means for comparing said second reference value to a third value which is one of said second error check value, said second authentication value and said first reference value. 14. Station innefattande en sändare och en mottagare, kännetecknad av att sända-ren innefattar ~ organ för att härleda authentication rings (202) frän data (201) som skall sändas, - organ för att härleda felkontrollvärdet frän data (201) som skall sändas and 15. an authentication value (202) of the image source function; :. och v: mottagaren innefattar. · · ·, - organ för att häreda to första reference value frän mottagna data, • · · «M ::; 20 - organ för att berrakna ett andra feld control veet mottagna data, - organ för att beräkna ett andra referernd ätminstone delvis utgäende frän det • · ... första och det andra color, colors det första och det andra color: * ! * nämnda andra feldvärdre, andra authenticationvärde och nämnda första refe- • »f, · · rensvärde, och 25. organ för att jämföra andra refervarvder med ett tredje Värde, som är ett:.: av feljande: nämnda andra felkontroll andra authentication ring and, so this is the reference ring. 15 108183 The station enligt patent krav 14, the call-in-att att mobile station (101), in-tats att utföra en "ovillkorlig ELLER" logic (203). The station of claim 14, characterized in that the mobile station 15 (101) is arranged to perform an "absolute" logic function (203). Station according to claim 14 or 15, characterized in that the station is. the mobile station (101). «Tm 1. Förfarande för datacontrol, kännetecknat av att • · · 7 • * * 20. that första referernvering beräJknas utgäende ätminstone delvis frän that första controlling authority som beräknats pä datan och et första authentication validate (202), • * l« • »- beräknas et andra felpontrollvärd datat, * · · - beräknas et andra referrvervärd ätminstone delvis utgäende frän det första och det Iff f andra förd, color det första och det andra förd får av: feländra andra '' 25 felkontrollvärde - andra referrals, - andra referrals, - andra referrals, - andra referrals, and. 13 108183 A station enligt patent groove 14 eller 15, a bending path av att stationen en en bilstation (101). a a a • a a • a a • • a a a a a a a a a a • a a • a a