FR2817107A1 - Method for securing financial calls made through mobile telephones, comprises use of mother and diversified keys located at mobile telephone and server and accessed by personal identification number - Google Patents

Method for securing financial calls made through mobile telephones, comprises use of mother and diversified keys located at mobile telephone and server and accessed by personal identification number Download PDF

Info

Publication number
FR2817107A1
FR2817107A1 FR0014825A FR0014825A FR2817107A1 FR 2817107 A1 FR2817107 A1 FR 2817107A1 FR 0014825 A FR0014825 A FR 0014825A FR 0014825 A FR0014825 A FR 0014825A FR 2817107 A1 FR2817107 A1 FR 2817107A1
Authority
FR
France
Prior art keywords
server
key
mobile
mother
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
FR0014825A
Other languages
French (fr)
Inventor
Pierre Crego
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
MERCURY TECHNOLOGIES SARL
Original Assignee
MERCURY TECHNOLOGIES SARL
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by MERCURY TECHNOLOGIES SARL filed Critical MERCURY TECHNOLOGIES SARL
Priority to FR0014825A priority Critical patent/FR2817107A1/en
Publication of FR2817107A1 publication Critical patent/FR2817107A1/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • G06Q20/3229Use of the SIM of a M-device as secure element
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/325Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices using wireless networks
    • G06Q20/3255Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices using wireless networks using mobile network messaging services for payment, e.g. SMS
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/36Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes
    • G06Q20/363Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes with the personal data of a user
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3821Electronic credentials
    • G06Q20/38215Use of certificates or encrypted proofs of transaction rights
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/0866Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means by active credit-cards adapted therefor
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/02Terminal devices

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Security & Cryptography (AREA)
  • Finance (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

A WAP server (3) receives a user request and asks a library (4) for a certificate request which is sent to the user mobile (2). An applet in the user SIM card asks for the user identification and if correct unlocks access to a cryptographic key, calculates a dynamic certificate which depends on the message and key and sends it to the server which makes the service available if the certificate is valid

Description

<Desc/Clms Page number 1> <Desc / Clms Page number 1>

Signature électronique sur le réseau GSM/GPRS et UMTS.  Electronic signature on the GSM / GPRS and UMTS network.

1) Domaine technique d'intervention Cette demande de brevet se situe dans les transactions sécurisées et notamment dans le champ d'application de la monétique. Elle concerne les applications de signature électronique à travers un terminal mobile de nature GSM ou de personnel assistant si celui-ci comporte un lecteur de carte à puce. 1) Technical field of intervention This patent application is in secure transactions and in particular in the scope of electronic payment. It relates to electronic signature applications through a mobile terminal of the GSM nature or of assistant personnel if the latter includes a smart card reader.

Exposé du problème A ce jour il est parfaitement possible d'authentifier une personne à travers sa carte à puce, des jetons sécurisés, de l'empreinte vocale ou digitale mais cela suppose des infrastructures transactionnelles dédiées ou de nature bancaire (PC avec lecteur carte à puce, terminal de paiement..). Ceci demande un investissement particulier.  Statement of the problem To date, it is perfectly possible to authenticate a person using their smart card, secure tokens, voice or digital fingerprint, but this requires dedicated transactional or banking infrastructure (PC with card reader. chip, payment terminal ..). This requires a special investment.

L'objectif du concept est d'offrir une authentification de type grand public à travers les mobiles GSM existants, en utilisant la carte SIM intégrée au terminal. Plus de la moitié du Commerce Electronique dans les années passera par les terminaux mobiles. A ce jour, il n'existe pas de solution simple offrant une authentification forte de l'utilisateur. The objective of the concept is to offer authentication of the general public type through existing GSM mobiles, using the SIM card integrated into the terminal. More than half of Electronic Commerce over the years will go through mobile terminals. To date, there is no simple solution offering strong user authentication.

Bien que la carte SIM soit identifiée par l'opérateur télécommunications à chaque communication, cela ne suffit pas en terme de sécurité à entrer dans les nouveaux services offerts par l'Internet Mobile. Although the SIM card is identified by the telecommunications operator for each communication, it is not sufficient in terms of security to enter the new services offered by the Mobile Internet.

Le concept de sécurité transactionnelle s'établi entre deux points, d'un côté une machine logicielle intégrée à la carte SIM permet de faire des authentifications à la volée sur plusieurs prestataires de services et de l'autre un serveur de reconnaissance, calcule et compare les signatures reçues. The concept of transactional security is established between two points, on the one hand a software machine integrated into the SIM card allows authentication on the fly on several service providers and on the other a recognition server, calculates and compares the signatures received.

La carte SIM intègre différentes applications avec des niveaux de sécurité adaptés à chaque service. The SIM card integrates different applications with security levels adapted to each service.

L'originalité de cette opération est qu'une carte à puce peut calculer des signatures électroniques à la volée suivant des clés de longueur variable et cohabitant sur la même carte. The originality of this operation is that a smart card can calculate electronic signatures on the fly according to keys of variable length and cohabiting on the same card.

Les services possibles : Possible services:

<Desc/Clms Page number 2><Desc / Clms Page number 2>

. Accès sécurisé à un bouquet de services WAP (banques à distance, ordres de bourses, réservations, applications billettiques etc...) Accès sécurisé à un service vocal (messageries, e-mail, text to speech) Rechargement de cartes prépayées pour des services opérateurs, Applications B to B, B to C, B to E....  . Secure access to a range of WAP services (remote banks, stock market orders, reservations, ticketing applications, etc.) Secure access to a voice service (messaging, e-mail, text to speech) Reloading of prepaid cards for services operators, B to B applications, B to C, B to E ....

. Accès sécurisé sur un portail de services entreprise (site WEB) Paiements privatifs Applications Ventes à Distance L'application répond au besoin par l'intégration au sein du téléphone mobile, d'um solution sécuritaire souple, indépendante de l'application protégée, et supportant le

Figure img00020001

sécurisation simultanée de multiples applications en assurant néanmoins leurs étanchéités. . Secure access to a corporate service portal (WEB site) Private payments Applications Remote Sales The application meets the need by integrating within the mobile phone, a flexible security solution, independent of the protected application, and supporting the
Figure img00020001

simultaneous securing of multiple applications while ensuring their watertightness.

Elle permet l'authentification forte du client, c'est à dire la certitude que l'abonné qui accède au service est un abonné authentique, autorisé à effectuer cet accès. It allows strong authentication of the client, ie the certainty that the subscriber who accesses the service is an authentic subscriber, authorized to carry out this access.

A notre connaissance, il n'existe pas de services utilisant ces concepts sur le marché. 2 Description d'une application Eléments constitutifs de l'offre L'offre produit se compose 1. d'un logiciel (applets), adaptée à toutes les versions de carte SIM actives du marché 2. d'une bibliothèque de certification utilisée par un serveur permettant le

Figure img00020002

dialogue par SMS avec l'applet. To our knowledge, there are no services using these concepts on the market. 2 Description of an application Components of the offer The product offer consists of 1. software (applets), suitable for all active SIM card versions on the market 2. a certification library used by a server allowing the
Figure img00020002

dialogue by SMS with the applet.

Il permet :

Figure img00020003

. le calcul sur le téléphone mobile de certificats dynamiques (utilisables une seule fois, donc non re jouables), après saisie par l'usager un code porteur applicatif, . la modification des clés par des fonctions disponibles sur le mobile (fonction Over The Air) a la modification par l'usager de son code porteur application. It allows:
Figure img00020003

. the calculation on the mobile phone of dynamic certificates (usable only once, therefore not replayable), after entry by the user an application carrier code,. the modification of the keys by functions available on the mobile (Over The Air function) to the modification by the user of his application carrier code.

<Desc/Clms Page number 3> <Desc / Clms Page number 3>

3 Synoptique d'une authentification 3. 1 Analyse de l'authentification
Références numériques : $# Carte SIM =1 -Terminal Mobile ou poste client =2 # Serveur d'information de nature WAP ou autre =3 # Bibliothèque de certification =4 a Applets sur carte SIM=5 . Usager ou client final=6 . Application=7 # Code personnel=8 # Zone mémoire du serveur de contrôle = 9 # Zone mémoire de la carte SIM=10 ID Clé mère =11 * Clé diversifiée= 12 # Réseau de téléphonie mobile GSM/GPRS/UMTS= 13 # Canal de signalisation SMS ou données =14 Imaginons qu'un service mobile de nature WAP (Wireless Application Protocol) ou autre soit protégé par notre système. 3 Summary of authentication 3. 1 Analysis of authentication
Numerical references: $ # SIM card = 1 - Mobile terminal or client workstation = 2 # WAP or other information server = 3 # Certification library = 4 a Applets on SIM card = 5. User or end customer = 6. Application = 7 # Personal code = 8 # Control server memory area = 9 # SIM card memory area = 10 Mother key ID = 11 * Diversified key = 12 # GSM / GPRS / UMTS mobile phone network = 13 # Channel SMS or data signaling = 14 Let’s imagine that a WAP (Wireless Application Protocol) or other mobile service is protected by our system.

L'usager (6) commence à consulter les pages publiques du service et demande à accéder à la partie du site protégée. Le serveur d'information WAP (3) détecte cette requête et met en route la procédure d'authentification : 1. Il demande à la bibliothèque de certification (4) de calculer un message de demande de certificat à destination du poste client (2) ayant effecteur la requête à une zone sécurisée. 2. Il (3) envoie le message obtenu dans un SMS au mobile GSM (2), et attend une réponse de ce dernier avant de satisfaire à sa requête.  The user (6) begins to consult the public pages of the service and requests to access the protected part of the site. The WAP information server (3) detects this request and initiates the authentication procedure: 1. It requests the certification library (4) to calculate a certificate request message intended for the client station (2) having made the request to a secure area. 2. It (3) sends the message obtained in an SMS to the GSM mobile (2), and waits for a response from the latter before satisfying its request.

<Desc/Clms Page number 4> <Desc / Clms Page number 4>

3. Le message est reçu par le mobile GSM (2) et transmis à l'applet présente sur la carte SIM (l) du client, de façon transparente pour l'usager (6). 3. The message is received by the GSM mobile (2) and transmitted to the applet present on the customer's SIM card (l), in a manner transparent to the user (6).

4. L'applet (5) est réveillée et prend le contrôle du mobile (2). Elle demande la saisie par l'usager (6) du code porteur qui va lui permettre d'accéder au service. L'usager (6) saisit alors son code porteur. 5. Si le code est correct, il déverrouille l'accès à une clé cryptographique au sein de la carte SIM (1). L'applet (5) calcule alors un certificat dynamique dépendant du message reçu et de la clé cryptographique, et renvoie le certificat obtenu dans un SMS à destination du serveur (3). 6. Le serveur (3) reçoit ce message et le fournit à la bibliothèque de certification (4) pour être contrôlé. 7. La bibliothèque (4) indique si le certificat reçu est correct ou non. Le serveur WAP (3) peut ensuite décider de la conduite à adopter : envoi de la page demandée, envoi d'une page d'erreur, etc... Au total, deux messages SMS ont permis une authentification du client (6) auprès du serveur (3). Le contenu des messages échangés n'apporte pas d'informations à un tiers, et surtout ne permet pas le re-jeu. Le service est donc uniquement délivré aux clients disposant de l'applet (5), et d'une clé, c'est à dire des usagers (6) authentiques. 3.2 Gestion des clés La gestion des clés est un élément essentiel du système puisqu'elle permet le partage de l'applet entre plusieurs applications, tout en assurant l'étanchéité entre celles-ci. 4. The applet (5) is awakened and takes control of the mobile (2). It requests the user (6) to enter the carrier code which will allow him to access the service. The user (6) then enters their carrier code. 5. If the code is correct, it unlocks access to a cryptographic key within the SIM card (1). The applet (5) then calculates a dynamic certificate depending on the message received and the cryptographic key, and returns the certificate obtained in an SMS to the server (3). 6. The server (3) receives this message and provides it to the certification library (4) to be checked. 7. The library (4) indicates whether the received certificate is correct or not. The WAP server (3) can then decide what to do: send the requested page, send an error page, etc. In total, two SMS messages have enabled authentication of the client (6) with from the server (3). The content of the messages exchanged does not provide information to a third party, and above all does not allow re-play. The service is therefore only delivered to customers with the applet (5) and a key, that is to say authentic users (6). 3.2 Key management Key management is an essential element of the system since it allows the applet to be shared between several applications, while ensuring watertightness between them.

3. 3 Partage du système entre plusieurs applications
L'applet (5) gère jusqu'à 16 clés, identifiées par leur indice (0 à 15). Chaque clé appartient à une application, et chaque application gère un code porteur spécifique, différent du CHVI demandé lors de la mise sous tension du mobile (2). 3.3 Sharing the system between several applications
The applet (5) manages up to 16 keys, identified by their index (0 to 15). Each key belongs to an application, and each application manages a specific carrier code, different from the CHVI requested when the mobile is powered up (2).

Exemple :
Application 1
Code porteur 1 Example:
Application 1
Bearer code 1

<Desc/Clms Page number 5> <Desc / Clms Page number 5>

Figure img00050001

Clé 0
Application 2
Code porteur 2
Clé 3
Clé 4 On peut alors gérer plusieurs applications simultanément comme l'accès à un service de banques à distance (Application 1) et l'accès à un Intranet sécurisé (Application 2). L'usager saisit un code porteur différent selon le service auquel il accède, mais il a toujours la possibilité d'attribuer la même valeur à ses deux codes porteurs.
Figure img00050001

Key 0
Application 2
Bearer code 2
Key 3
Key 4 We can then manage several applications simultaneously such as access to a remote banking service (Application 1) and access to a secure Intranet (Application 2). The user enters a different carrier code depending on the service they are accessing, but they can always assign the same value to their two carrier codes.

Une application peut détenir deux clés au sein de la même carte SIM (1) : la première pour gérer les certificats actuels, et la seconde en réserve pour de futurs services. An application can hold two keys within the same SIM card (1): the first to manage current certificates, and the second in reserve for future services.

Il est alors possible de faire calculer les certificats avec une autre clé. It is then possible to have the certificates calculated with another key.

Une autre utilisation des clés multiples consiste à gérer plusieurs familles d'utilisateurs d'un même service, ceux qui ont la clé 3 ont par exemple, plus de droits que ceux qui

Figure img00050002

ont la clé 4.
Figure img00050003
Another use of multiple keys consists in managing several families of users of the same service, those who have key 3 have for example, more rights than those who
Figure img00050002

have the key 4.
Figure img00050003

3. 4 Modification des clés Les valeurs des clés de calcul des certificats peuvent être modifiées, grâce à l'usage d'une clé spécifique, unique dans la carte, appelée clé de gestion, et qui n'est utilisée que pour cet usage. Si cette clé est présente sur le serveur (dans la bibliothèque de certification 4), il est alors possible de changer la valeur d'une clé d'indice donné. Cette clé doit donc être détenue par une entité particulière, gestionnaire du système, et garante de son bon fonctionnement.

Figure img00050004
3.4 Modification of the keys The values of the keys for calculating the certificates can be modified, by the use of a specific key, unique in the card, called the management key, and which is used only for this use. If this key is present on the server (in the certification library 4), it is then possible to change the value of a key with a given index. This key must therefore be held by a particular entity, manager of the system, and guarantor of its proper functioning.
Figure img00050004

3. 5 Typage des clés Les clés peuvent être de deux types : simple DES (56 bits) ou triple DES (112 bits). 3.5 Typing of keys Keys can be of two types: simple DES (56 bits) or triple DES (112 bits).

Les premières permettent des calculs plus rapides mais sont plus faibles d'un point de vue cryptographique. L'usage des secondes génère des temps de calculs légèrement supérieurs mais avec une force cryptographique supérieure. The former allow faster calculations but are weaker from a cryptographic point of view. The use of seconds generates slightly higher calculation times but with a higher cryptographic strength.

Si les clés de certification peuvent être simple DES, il est recommandé que la clé de gestion soit triple DES. If the certification keys can be simple DES, it is recommended that the management key be triple DES.

306 Diversification des clés
Tous les usagers d'un même service ont des valeurs de clé différentes. La clé 0 de l'usager A n'est pas la même que la clé 0 de l'usager B. C'est d'ailleurs cette particularité qui permet d'être certain lors du contrôle d'un certificat correct que 306 Diversification of keys
All users of the same service have different key values. The key 0 of user A is not the same as the key 0 of user B. It is this particularity which makes it possible to be certain when checking a correct certificate that

<Desc/Clms Page number 6><Desc / Clms Page number 6>

l'usager qui l'a renvoyé est bien le bon (si tous les usagers avaient les mêmes clés, ils renverraient tous le même certificat, ce qui permettrait difficilement de les distinguer donc de les authentifier).  the user who returned it is the correct one (if all the users had the same keys, they would all return the same certificate, which would make it difficult to distinguish them therefore to authenticate them).

Les clés stockées dans les cartes SIM sont des clés diversifiées. Seule la bibliothèque de certification dispose des clés racine d'une application 3.7 Modification des codes
L'usager peut modifier ses codes porteurs par l'interface du mobile, en saisissant

Figure img00060001

l'ancien code, puis le nouveau. The keys stored in SIM cards are diversified keys. Only the certification library has the root keys of an application 3.7 Modification of codes
The user can modify their carrier codes via the mobile interface, by entering
Figure img00060001

the old code, then the new one.

3. 8 Evolutivité

Figure img00060002

Aujourd'hui, l'applet (5) fonctionne sur SMS, seul canal utilisable pour dialoguer avec une applet (5). 3. 8 Scalability
Figure img00060002

Today, the applet (5) works on SMS, the only channel that can be used to communicate with an applet (5).

Demain, l'usage de protocoles plus rapides (GPRS) déjà prévus par les nonnes GSM et prochainement intégrées aux mobiles permettront des performances d'authentification bien supérieures, sans rien remettre en cause de l'architecture de sécurité proposée.

Figure img00060003
Tomorrow, the use of faster protocols (GPRS) already planned by GSM standards and soon to be integrated into mobiles will allow much higher authentication performance, without jeopardizing the security architecture offered.
Figure img00060003

3. 9 Intégration dans un environnement existant Le coeur de la sécurité côté serveur est la bibliothèque de certification (4). Développée en C ANSI elle peut être intégrée à n'importe quel environnement. 3. 9 Integration into an existing environment The heart of server-side security is the certification library (4). Developed in C ANSI it can be integrated into any environment.

Elle peut être fournie sous plusieurs formes : -Fichiers sources intégrables par le client dans son système. It can be provided in several forms: - Source files that can be integrated by the client into their system.

9 Adaptation dans un autre environnement logiciel (DLL Windows, API Java, etc...) . Avec un PC communiquant par un protocole propriétaire sur IP.9 Adaptation in another software environment (Windows DLL, Java API, etc ...). With a PC communicating by a proprietary protocol over IP.

Claims (1)

Figure img00070001
Figure img00070001
 Revendications claims
Figure img00070002
Figure img00070002
 Procédé de signature électronique mettant en oeuvre des réseaux de téléphonie mobile (13) de type GSM/GPRS et UMTS ; ledit procédé étant tel que : - on calcule des signatures à la volée, lors d'une session voix ou données, en utilisant, via un canal de signalisation (14) notamment un canal SMS ou données, au moins une clé mère (11) et des clés diversifiées issues de ladite clé mère (12) ; ladite clé mère et lesdites clés diversifiés étant respectivement enregistrées :  Electronic signature method using mobile telephony networks (13) of GSM / GPRS and UMTS type; said method being such that: - signatures on the fly are calculated, during a voice or data session, using, via a signaling channel (14) in particular an SMS or data channel, at least one mother key (11) and diversified keys from said mother key (12); said mother key and said diversified keys being respectively recorded:
Figure img00070003
Figure img00070003
 'dans une zone mémoire (9) d'un serveur protégé (3) et 'dans une zone mémoire (10) de la carte SIM (1) d'un téléphone mobile (2) ; l'accès à ladite zone mémoire de la carte SIM étant contrôlé par un code d'identification personnel (8). 'in a memory area (9) of a protected server (3) and' in a memory area (10) of the SIM card (1) of a mobile phone (2); access to said memory area of the SIM card being controlled by a personal identification code (8).
FR0014825A 2000-11-17 2000-11-17 Method for securing financial calls made through mobile telephones, comprises use of mother and diversified keys located at mobile telephone and server and accessed by personal identification number Pending FR2817107A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
FR0014825A FR2817107A1 (en) 2000-11-17 2000-11-17 Method for securing financial calls made through mobile telephones, comprises use of mother and diversified keys located at mobile telephone and server and accessed by personal identification number

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
FR0014825A FR2817107A1 (en) 2000-11-17 2000-11-17 Method for securing financial calls made through mobile telephones, comprises use of mother and diversified keys located at mobile telephone and server and accessed by personal identification number

Publications (1)

Publication Number Publication Date
FR2817107A1 true FR2817107A1 (en) 2002-05-24

Family

ID=8856566

Family Applications (1)

Application Number Title Priority Date Filing Date
FR0014825A Pending FR2817107A1 (en) 2000-11-17 2000-11-17 Method for securing financial calls made through mobile telephones, comprises use of mother and diversified keys located at mobile telephone and server and accessed by personal identification number

Country Status (1)

Country Link
FR (1) FR2817107A1 (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2004023832A1 (en) * 2002-09-04 2004-03-18 Axalto Sa Method for calculating hashing of a message in a device communicating with a smart card
WO2004049093A2 (en) * 2002-11-24 2004-06-10 Ashraf Kamal Salem Mashhour Scheme for spreading and facilitating remote e-services
FR2856229A1 (en) * 2003-06-11 2004-12-17 Ercom Engineering Reseaux Comm Programmable mobile telephone for use in GSM network, has security module such as SIM card in Java virtual machine and cryptophony software application, where card has applet and private authentication keys
US6915124B1 (en) * 1999-10-01 2005-07-05 Telefonaktiebolaget L M Ericsson (Publ) Method and apparatus for executing secure data transfer in a wireless network
EP1553532A1 (en) * 2004-01-08 2005-07-13 Ercom Engineering Réseaux Communications Key management system for use in cryptophony, notably using a public key management infrastructure (PKI)
EP1587238A1 (en) * 2004-04-16 2005-10-19 Sagem S.A. Method for verifying in a radio terminal the authenticity of digital certificates and authentification system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2000002358A1 (en) * 1998-07-03 2000-01-13 Nokia Mobile Phones Limited Secure session set up based on the wireless application protocol
EP0989712A2 (en) * 1998-09-21 2000-03-29 Phone.Com Inc. Method and apparatus for establishing a secure connection over a one-way data path
DE19911221A1 (en) * 1999-03-12 2000-09-21 Deutsche Telekom Mobil Method for distributing keys to participants in communication networks
WO2001028155A1 (en) * 1999-10-01 2001-04-19 Telefonaktiebolaget Lm Ericsson (Publ) Method and apparatus for executing secure data transfer in a wireless network

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2000002358A1 (en) * 1998-07-03 2000-01-13 Nokia Mobile Phones Limited Secure session set up based on the wireless application protocol
EP0989712A2 (en) * 1998-09-21 2000-03-29 Phone.Com Inc. Method and apparatus for establishing a secure connection over a one-way data path
DE19911221A1 (en) * 1999-03-12 2000-09-21 Deutsche Telekom Mobil Method for distributing keys to participants in communication networks
WO2001028155A1 (en) * 1999-10-01 2001-04-19 Telefonaktiebolaget Lm Ericsson (Publ) Method and apparatus for executing secure data transfer in a wireless network

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6915124B1 (en) * 1999-10-01 2005-07-05 Telefonaktiebolaget L M Ericsson (Publ) Method and apparatus for executing secure data transfer in a wireless network
WO2004023832A1 (en) * 2002-09-04 2004-03-18 Axalto Sa Method for calculating hashing of a message in a device communicating with a smart card
US7376845B2 (en) 2002-09-04 2008-05-20 Axalto S.A. Method for calculating hashing of a message in a device communicating with a smart card
WO2004049093A2 (en) * 2002-11-24 2004-06-10 Ashraf Kamal Salem Mashhour Scheme for spreading and facilitating remote e-services
WO2004049093A3 (en) * 2002-11-24 2005-06-30 Ashraf Kamal Salem Mashhour Scheme for spreading and facilitating remote e-services
FR2856229A1 (en) * 2003-06-11 2004-12-17 Ercom Engineering Reseaux Comm Programmable mobile telephone for use in GSM network, has security module such as SIM card in Java virtual machine and cryptophony software application, where card has applet and private authentication keys
EP1492366A1 (en) * 2003-06-11 2004-12-29 Ercom Engineering Réseaux Communications Secure data exchange between programmable mobile phones in a wireless network
EP1553532A1 (en) * 2004-01-08 2005-07-13 Ercom Engineering Réseaux Communications Key management system for use in cryptophony, notably using a public key management infrastructure (PKI)
FR2865085A1 (en) * 2004-01-08 2005-07-15 Ercom Engineering Reseaux Comm KEY MANAGEMENT SYSTEM FOR CRYPTOPHONIC USE, IN PARTICULAR BY IMPLEMENTING PUBLIC KEY MANAGEMENT (PKI) INFRASTRUCTURE
EP1587238A1 (en) * 2004-04-16 2005-10-19 Sagem S.A. Method for verifying in a radio terminal the authenticity of digital certificates and authentification system
FR2869176A1 (en) * 2004-04-16 2005-10-21 Sagem METHOD OF VERIFYING IN A RADIO TERMINAL THE AUTHENTICITY OF DIGITAL CERTIFICATES AND AUTHENTICATION SYSTEM

Similar Documents

Publication Publication Date Title
EP0950303B1 (en) Method and system for ensuring the security of the remote supply of services of financial institutions
EP0948852B1 (en) Authenticating method for an access and/or payment control system
FR2821225A1 (en) REMOTE ELECTRONIC PAYMENT SYSTEM
EP2139218A1 (en) Method and system for managing a purchase decision taken by a purchaser using a mobile radiotelephone
WO2000049585A1 (en) Telepayment method and system for implementing said method
WO2006021661A2 (en) Secured authentication method for providing services on a data transmission network
EP1256911A1 (en) Securization method for a payment from a client to a merchant, associated location server and system
EP1456999B1 (en) Electronic signature method
WO2001088861A1 (en) Method for crediting a prepaid account
WO2006016059A1 (en) Method and system for processing a user&#39;s identity
EP0950307A2 (en) Method and system for ensuring the security of the supply of services of telecommunication operators
EP2053554A1 (en) Portable electronic device for exchanging values and method of implementing such a device
FR2817108A1 (en) Method for making payments over mobile telephone system, comprises calculation of signatures during voice or data transmission using a mother key and diversified keys derived from the mother key
CA2414469C (en) Container access control process and container access control system
FR2817107A1 (en) Method for securing financial calls made through mobile telephones, comprises use of mother and diversified keys located at mobile telephone and server and accessed by personal identification number
WO2007125252A1 (en) Method and system for managing an electronic payment
FR2836251A1 (en) Secure transfer of sensitive data via a trusted third party, uses third party to filter data that is passed on to second party after first party communicates data to the third party
FR2888691A1 (en) TRANSACTION AUTHORIZATION METHOD AND DEVICE
FR2795266A1 (en) METHOD AND SYSTEM FOR SAFE AND FAST VOICE IDENTIFICATION OF A NOMED OBJECT EMITTING AN ACOUSTIC SIGNAL
FR2872363A1 (en) METHOD AND SYSTEM FOR CERTIFYING THE IDENTITY OF A USER
WO2003079714A1 (en) Method for exchanging authentication information between a communication entity and an operator server
EP1978479A1 (en) Dynamic cryptogram
EP1301910B1 (en) Method for making secure a transaction via a telecommunication network, and system therefor
FR2812424A1 (en) Method for secure transaction of goods and services over a mobile telephone using a cellular network, uses network operator as trusted third party, and separate paths to client and vendor to authenticate each
EP1381203A1 (en) Method and system for managing provision of data managed by an external network to a terminal and associated intermediate equipment