WO1999044332A1 - Procede et dispositif pour la securisation de l'acces a un service dans un reseau de telecommunication - Google Patents
Procede et dispositif pour la securisation de l'acces a un service dans un reseau de telecommunication Download PDFInfo
- Publication number
- WO1999044332A1 WO1999044332A1 PCT/DE1998/002949 DE9802949W WO9944332A1 WO 1999044332 A1 WO1999044332 A1 WO 1999044332A1 DE 9802949 W DE9802949 W DE 9802949W WO 9944332 A1 WO9944332 A1 WO 9944332A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- sequence
- network
- digits
- service
- authentication
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M15/00—Arrangements for metering, time-control or time indication ; Metering, charging or billing arrangements for voice wireline or wireless communications, e.g. VoIP
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
Definitions
- the invention relates to a method for accessing a service in a telecommunications network, for example a private network, an intelligent network or a mobile radio network, from any communication terminal, in which it is necessary to authenticate by entering numerical sequences in order to access to obtain a desired service.
- a device in a telecommunications network that enables secure authentication of a user to be carried out in the event of a service call.
- An intelligent network IN is an architecture which makes it possible in a communication network to offer services for participants in this network. These value-added services, as they are also called, offer network operators the opportunity to differentiate themselves from their competitors and to tap additional sources of income.
- the network operator needs at least one central node (service control point) in its network, which has stored the information necessary for the implementation of the services (storage of the service programs, forwarding to the responsible network node, etc. ).
- This central node is also called the executing authority.
- Participants in a communication network can take advantage of interesting new services.
- One of the more well-known services is so-called credit card calling.
- the caller is billed for the charges for calls made using his credit card. So that no abuse can be made if, for example, the 2 If the card is lost, in addition to the credit card number, it is also necessary to enter a private personal identification number (PIN) in order to gain access to the service in question.
- PIN personal identification number
- Access protection is also available or conceivable with other services, for example with subscribers in a mobile network, a private network or a private virtual network.
- the authenticating numeric code is entered via the keyboard of the terminal and transmitted transparently (i.e. in plain text) via the lines and switching nodes of the communication network.
- the object of the invention is to provide a way of making access to services in a telecommunications network more secure.
- Another parameter is also encoded, which changes each time the sequence of digits is entered again.
- Each ER Neute encryption process provides therefore a new He ⁇ result.
- the transmission takes place in the same way as in the previous authentication procedure.
- the transmitted sequence of digits is then evaluated in the central instance by also calculating a result from the known one-way function, the expected PIN and the parameters supplied and comparing it with the received value.
- This authentication method is comparatively simple. Encryption methods are known to a person skilled in the art in sufficient quantities. The implementation of the method is only necessary on the user side and at the central instance, the implementation effort is low. An existing database can easily be expanded to include a field for storing the access codes already received.
- the advantage of the described method lies clearly in the protection of participants.
- the user has no greater effort than in previous methods, because an access code had to be entered previously.
- it is effectively prevented that an unauthorized subscriber can make calls at third party costs.
- This abuse has so far been possible, since when entering the credit card number, for example, it is not a prerequisite that the user also has this credit card. So could 4 Access can be easily achieved by simply observing the number entered including the PIN.
- the access code By adding one or more changeable parameters, such as an indication of the time of the request, the access code is designed to be bug-proof. An attempt at eavesdropping on the network (on the connecting line, for example) becomes useless because a repeatedly used access code is rejected from the outset.
- a device is used to encrypt the entered PIN. This device requires an input device (keyboard), similar to that of the communication terminal.
- the entered sequence of digits is converted in the device by the mathematical one-way function, together with a changeable parameter.
- the result of the calculation is then translated together with the second parameter in multi-frequency tone dialing and transmitted to the terminal. From there, the transmission takes place to the central instance.
- Authentication is carried out in the central instance with the received access code.
- a major advantage of this procedure is the ability to enter the number long before the actual use. At least 'spying' can be effectively prevented by observing the entry of the number.
- the procedure according to the invention is particularly suitable for certain types of telecommunications networks.
- the architecture of the intelligent network should be mentioned.
- the infrastructure required for the process already exists.
- the VPN the virtual private network, which is also implemented using IN technology.
- the method is also conceivable in communication networks for mobile radio, here too the user of a device has to authenticate himself.
- Another option is a time specification, for example a division into a time grid of any type.
- the central entity can on the one hand check whether the received access code is a current value.
- the additional transmission of the changeable parameter may not be necessary if the transmitter and receiver are otherwise synchronized in time.
- Another possibility is the generation of a mathematical series with an initial number n, the subsequent number n2 being able to result from its predecessor number nl in various ways, e.g. B. adding up a fixed value.
- the first, simpler method is content with an encryption process.
- the one-way function f is applied to one or more changeable parameters and the PIN, possibly extended by a string known to the DTMF transmitter and the telecommunications service.
- the result from f (Parameter1, [Parameter2, ...], PIN) is converted into a string of digits and this is then transmitted by the DTMF transmitter.
- Two-stage encryption is more complex to implement and also requires more computing power for the sender and receiver, but it also offers significantly higher protection.
- a first encryption step takes place as in the one-step procedure mentioned above.
- a second pass with a second mathematical algorithm f (which can be identical to the first function f), the result is calculated as follows: f (parameter xl [, parameter x2, ..], f (parameter yl [, Parameters y2], PIN), PIN).
- a generalized encryption procedure prescribes the multiple use of one or different algorithms, each with the input parameters PIN and additional changeable parameters.
- the result of the encryption is not a numerical sequence of digits, or the result cannot be transmitted without MVF tones (as with ISDN), the result must still be translated into one before transmission.
- the authentication procedure checks the transmitted code. This determines whether the subscriber is authorized to access a service. In addition, it can be determined whether the access code authorizing access to the service is being misused. 7
- the authentication can be carried out as follows:
- the central instance checks whether the access code sent has already been received once in a predetermined time interval.
- the central entity calculates the expected access code using the same one-way function and the second parameter contained in the received access code and compares the result with the received one. If the calculated and the received access code match, the authentication is successful. The subscriber is granted access to the desired service.
- the encryption device may be advantageous to integrate into the communication terminal. So the participant has no second device that can be lost. Transmission errors from the encryption device to the terminal are also avoided.
- a generator for DTMF tones already present in the terminal can be used and modified if necessary.
- FIG. 1 shows the generation, transmission and authentication of a one-time access code in an intelligent network
- FIG. 2 shows the generation of the one-time access code according to ITU X.509, one-step method
- Figure 3 shows the generation of the one-time access code according to ITU X.509, two-step process.
- FIG. 1 shows the path of an access key (PIN) from the subscriber to a central instance (SCP) in an intelligent network.
- PIN access key
- SCP central instance
- the PIN After entry into an encryption device (DTMF), the PIN is transmitted to the end device (KE) by means of multi-frequency dialing tones and from there into the communication network to the central entity (SCP).
- SCP switching centers
- SSP switching centers
- the central entity (SCP) checks the access code on the basis of already known data, eg. B. from a database (DB), and the supplied data from the supplied string of digits. After calculating the expected access code and comparing it with the received one, a feedback is made as to whether the transmitted access code is correct and therefore the access of the participant is permitted or not.
- FIG. 2 and FIG. 3 schematically show the generation of an access code which is to be transmitted to the central entity via the network.
- This requires a symmetrical key (PIN), which is known to the subscriber and to the central entity that carries out authentication.
- PIN symmetrical key
- the PIN itself is not transmitted unencrypted.
- two variable parameters are encrypted here, a time specification (time, time ') and a random number.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
- Telephonic Communication Services (AREA)
Abstract
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2000533979A JP2002505552A (ja) | 1998-02-27 | 1998-10-02 | 通信ネットワークにおけるサービスへのアクセスを保証するための方法及び装置 |
BR9815697-7A BR9815697A (pt) | 1998-02-27 | 1998-10-02 | Processo e dispositivo para a segurança do acesso a um serviço em uma rede de telecomunicações |
EP98959711A EP1058982A1 (fr) | 1998-02-27 | 1998-10-02 | Procede et dispositif pour la securisation de l'acces a un service dans un reseau de telecommunication |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
DE19808523.0 | 1998-02-27 | ||
DE19808523 | 1998-02-27 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO1999044332A1 true WO1999044332A1 (fr) | 1999-09-02 |
Family
ID=7859237
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/DE1998/002949 WO1999044332A1 (fr) | 1998-02-27 | 1998-10-02 | Procede et dispositif pour la securisation de l'acces a un service dans un reseau de telecommunication |
Country Status (4)
Country | Link |
---|---|
EP (1) | EP1058982A1 (fr) |
JP (1) | JP2002505552A (fr) |
BR (1) | BR9815697A (fr) |
WO (1) | WO1999044332A1 (fr) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
FR2805422A1 (fr) * | 2000-02-18 | 2001-08-24 | Florence Louise Marcelle Morin | Dispositif autonome et independant pour fournir un code de transaction ephemere en vue d'achats par carte a puce, configurable pour une seule carte a puce |
FR2806229A1 (fr) * | 2000-03-13 | 2001-09-14 | Mathieu Schnee | Procede d'interaction ou de transaction entre un utilisateur et un fournisseur de produits ou de services et systeme pour la mise en oeuvre de ce procede |
JP4841790B2 (ja) * | 2000-03-22 | 2011-12-21 | フランス・テレコム | 不正行為に対する保護のための暗号通信方法 |
CN102930434A (zh) * | 2001-07-11 | 2013-02-13 | 格马尔托股份有限公司 | 访问虚拟运营商提供的方法及相应的芯片卡 |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP4814718B2 (ja) * | 2006-07-28 | 2011-11-16 | 株式会社リコー | 認証制御方法及び認証制御プログラム |
EP2058498B1 (fr) | 2007-11-09 | 2013-07-10 | Continental Automotive GmbH | Procédé pour la détermination de la température du carburant dans un système d'injection dans un rail commun |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
FR2701181A1 (fr) * | 1993-02-01 | 1994-08-05 | Goreta Lucas | Jeu par téléphone utilisant un objet intégrant un système de synthèse de fréquence vocale (DTMF) et de code crypté comme clef d'entrée et d'identification. |
US5363449A (en) * | 1993-03-11 | 1994-11-08 | Tandem Computers Incorporated | Personal identification encryptor and method |
DE4325459A1 (de) * | 1993-07-29 | 1995-02-09 | C2S Gmbh Cryptografische Siche | Tongeber mit Identifikations- und Authentisierungs-Einrichtung |
FR2753860A1 (fr) * | 1996-09-25 | 1998-03-27 | Fintel Sa | Procede et systeme pour securiser les prestations de services a distance des organismes financiers |
-
1998
- 1998-10-02 WO PCT/DE1998/002949 patent/WO1999044332A1/fr not_active Application Discontinuation
- 1998-10-02 BR BR9815697-7A patent/BR9815697A/pt not_active Application Discontinuation
- 1998-10-02 JP JP2000533979A patent/JP2002505552A/ja not_active Withdrawn
- 1998-10-02 EP EP98959711A patent/EP1058982A1/fr not_active Withdrawn
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
FR2701181A1 (fr) * | 1993-02-01 | 1994-08-05 | Goreta Lucas | Jeu par téléphone utilisant un objet intégrant un système de synthèse de fréquence vocale (DTMF) et de code crypté comme clef d'entrée et d'identification. |
US5363449A (en) * | 1993-03-11 | 1994-11-08 | Tandem Computers Incorporated | Personal identification encryptor and method |
DE4325459A1 (de) * | 1993-07-29 | 1995-02-09 | C2S Gmbh Cryptografische Siche | Tongeber mit Identifikations- und Authentisierungs-Einrichtung |
FR2753860A1 (fr) * | 1996-09-25 | 1998-03-27 | Fintel Sa | Procede et systeme pour securiser les prestations de services a distance des organismes financiers |
Non-Patent Citations (2)
Title |
---|
"AUTHENTICATION WITH STORED KP AND DYNAMIC PAC. OCTOBER 1982", IBM TECHNICAL DISCLOSURE BULLETIN, vol. 25, no. 5, October 1982 (1982-10-01), pages 2358 - 2360, XP002031269 * |
HOLLOWAY C J ET AL: "EMPLOYING ONE-WAY FUNCTION METHODS FOR PIN VERIFICATION AND COMPOSITE KEY GENERATION IN ELECTRONIC FUNDS TRANSFER SYSTEMS", INTERNATIONAL DATA SECURITY CONFERENCE, 18 February 1985 (1985-02-18), pages 1 - 17, XP002031268 * |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
FR2805422A1 (fr) * | 2000-02-18 | 2001-08-24 | Florence Louise Marcelle Morin | Dispositif autonome et independant pour fournir un code de transaction ephemere en vue d'achats par carte a puce, configurable pour une seule carte a puce |
FR2806229A1 (fr) * | 2000-03-13 | 2001-09-14 | Mathieu Schnee | Procede d'interaction ou de transaction entre un utilisateur et un fournisseur de produits ou de services et systeme pour la mise en oeuvre de ce procede |
JP4841790B2 (ja) * | 2000-03-22 | 2011-12-21 | フランス・テレコム | 不正行為に対する保護のための暗号通信方法 |
CN102930434A (zh) * | 2001-07-11 | 2013-02-13 | 格马尔托股份有限公司 | 访问虚拟运营商提供的方法及相应的芯片卡 |
CN102930434B (zh) * | 2001-07-11 | 2016-08-10 | 格马尔托股份有限公司 | 访问虚拟运营商提供的方法及相应的芯片卡 |
Also Published As
Publication number | Publication date |
---|---|
EP1058982A1 (fr) | 2000-12-13 |
JP2002505552A (ja) | 2002-02-19 |
BR9815697A (pt) | 2000-11-14 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
DE69215818T2 (de) | Verfahren zur sicheren Zugangskontrolle | |
DE69926977T2 (de) | Anruferidentifizierungsauthentisierung und Leitweglenkung als Antwort hierauf | |
DE69736384T2 (de) | Verwaltung von authentifizierungsschlüsseln in einem mobilen kommunikationssystem | |
DE69534012T2 (de) | Authentifizierungsverfahren für mobile Kommunikation | |
DE19722424C1 (de) | Verfahren zum Sichern eines Zugreifens auf ein fernab gelegenes System | |
DE69933012T2 (de) | Verfahren zur dynamischen aktualisierung von einheitskryptoschlüsseln in einem zellularen telefonsystem | |
DE69828686T2 (de) | System zur verwaltung von dienstdaten in fernmeldesystemen | |
DE69730240T2 (de) | Authentifizierungsverfahren für zugangskontrollsystem und/oder für zahlungssystem | |
DE69931344T2 (de) | Nachrichtenverarbeitungsverfahren und system in einem telekommunikationssystem | |
EP0802690A1 (fr) | Dispositif de commande pour un réseau intelligent | |
DE69839090T2 (de) | Verfahren um einen service in einem daten-kommunikations-system in anspruch zu nehmen und daten-kommunikations-system | |
DE3410937A1 (de) | Verfahren zum erkennen der unerlaubten benutzung einer indentifizierung | |
WO1999044332A1 (fr) | Procede et dispositif pour la securisation de l'acces a un service dans un reseau de telecommunication | |
EP0896770A2 (fr) | Procede d'ecoute d'une ligne de telecommunications | |
EP1112666B1 (fr) | Procede de renforcement de la securite de procedures d'authentification dans des systemes radiomobiles numeriques | |
DE19821584A1 (de) | Verfahren zur Übernahme von Anrufsgebühren in einzelnen Verbindungen sowie Telefonnetz und Endgerät | |
DE69830526T2 (de) | Verbesserte Sicherheit in zellulären Telefonen | |
EP1161850A1 (fr) | Procede de distribution de cles a des abonnes de reseaux de communication | |
EP1014733B1 (fr) | Procédé d'écoutes légales d'un abonné dans un réseau intelligent | |
DE69729037T2 (de) | Billiges, automatisches und transparentes Zugriffverfahren und Protokoll für Telekommunikationsdienste-Anbieter über ISDN | |
DE69634425T2 (de) | Kommunikationsadressierungsnetzwerk und endgerät dafür | |
EP1314296B1 (fr) | Procede pour la securite d'un complement de service internet | |
DE10033289A1 (de) | Netzwerkmanagement-Server | |
DE19720274A1 (de) | Kommunikationssystem, Verfahren und Verarbeitungseinrichtung zum Vermitteln von Anrufen über ein zwischen zwei lokalen Netzen angeordnetes Übertragungsnetz | |
DE69829118T2 (de) | Validierung von anrufenden teilnehmern |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): BR JP US |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE |
|
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
WWE | Wipo information: entry into national phase |
Ref document number: 1998959711 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 09623037 Country of ref document: US |
|
WWP | Wipo information: published in national office |
Ref document number: 1998959711 Country of ref document: EP |
|
WWW | Wipo information: withdrawn in national office |
Ref document number: 1998959711 Country of ref document: EP |