WO2000024218A1 - Procede et systeme d'authentification - Google Patents

Procede et systeme d'authentification Download PDF

Info

Publication number
WO2000024218A1
WO2000024218A1 PCT/SE1999/001786 SE9901786W WO0024218A1 WO 2000024218 A1 WO2000024218 A1 WO 2000024218A1 SE 9901786 W SE9901786 W SE 9901786W WO 0024218 A1 WO0024218 A1 WO 0024218A1
Authority
WO
WIPO (PCT)
Prior art keywords
card
electronic device
random number
authentication
removable memory
Prior art date
Application number
PCT/SE1999/001786
Other languages
English (en)
Inventor
Magnus HALLENSTÅL
Original Assignee
Telefonaktiebolaget Lm Ericsson (Publ)
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Telefonaktiebolaget Lm Ericsson (Publ) filed Critical Telefonaktiebolaget Lm Ericsson (Publ)
Priority to AU14222/00A priority Critical patent/AU1422200A/en
Priority to JP2000577853A priority patent/JP2002528978A/ja
Priority to DE19983656T priority patent/DE19983656T1/de
Publication of WO2000024218A1 publication Critical patent/WO2000024218A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication

Definitions

  • the present invention relates to a method and a system for increasing the security in a system comprising and communicating with a removable memory card, such as a SIM card or a smart card.
  • a removable memory card such as a SIM card or a smart card.
  • GSM Global System for Mobile communication
  • SIM-cards Subscriber Identity Module
  • the GSM system provides communication between a base station and one or several Mobile Stations (MS) .
  • MS Mobile Station
  • M Mobile Equipment
  • SIM card for providing each Mobile Station with a unique identity.
  • GSM 02.09 “Digital cellular telecommunications system; Security aspects”
  • GSM 03.20 ETS 300 929) : “Digital cellular telecommunications system; Security related network functions”.
  • the network sends a Random Number (RAND) to the Mobile Station (MS) .
  • the Mobile Equipment (ME) passes the random number to the SIM card.
  • a command "RUN GSM ALGORITHM” is given to the SIM card as described in GSM 03.20 (ETS 300 929) : "Digital cellular telecommunications system; Security related network functions”.
  • the SIM returns the values Signed RESponse calculated by a SIM (SRES) and Cryptographic key (Kc) to the mobile equipment.
  • SRES Signed RESponse calculated by a SIM
  • Kc Cryptographic key
  • the ME sends SRES to the network.
  • the network compares this value with the value of SRES which it calculates for itself. The comparison of these SRES values provides the authentication.
  • the value Kc is used by the ME in any future enciphered communications with the network until the next invocation of this mechanism.
  • This object is obtained by means of adding a new function in the existing SIM card so that the SIM-card will challenge the system.
  • the SIM-card will issue a random number towards the network and the network then has to respond with a correct result. If not the SIM-card will be automatically switched off.
  • the method can also be used in other systems than the GSM system, where it is imperative that the removable memory card should not be cracked.
  • An example is when money are stored on a card ("electronic money") and where the amount can be refilled.
  • Other application areas are also possible.
  • Means for executing the method can be provided in integrated circuits, mobile telephones, modems, etc.
  • An authentication unit for providing additional security can in this manner easily be provided in existing systems.
  • - Fig. 1 is a flow chart illustrating different steps carried out when verifying the authenticity of a SIM-card located in a Mobile Station (MS) communicating with a network.
  • MS Mobile Station
  • FIG. 2 is a flow chart illustrating an alternative scheme according to a second embodiments
  • a flow chart illustrating different steps carried out during authentication in a GSM system is shown.
  • MS Mobile Station
  • ME Mobile Equipment
  • the SIM card then returns a status condition indicating that the status is OK and that a challenge towards the system should be issued before the command "RUN GSM algorithm” can be issued again, step 105.
  • the ME requests the response from the SIM card, step 107 and the SIM card returns the values Signed RESponse calculated by a SIM (SRES) and Cryptographic key (Kc) to the mobile equipment, step 109.
  • SRES Signed RESponse calculated by a SIM
  • Kc Cryptographic key
  • the MS then returns the SRES and the Kc to the GSM network as an authentication of the SIM card as described above, step 111.
  • the ME issues a request for a random number to the SIM card, step 113 as a response to the message in step 105, which indicated that a challenge should be transmitted to the GSM network.
  • the SIM card then returns a random number and a status OK message, step 115.
  • the MS issues a request towards the GSM network for authentication thereof by means of transmitting the random (RAND) number to the GSM network.
  • the GSM network then has to respond to this request, preferably by means of returning an SRES, which then can be verified by the SIM, see below.
  • the GSM network responds with a SRES value to the MS, step 119.
  • the SRES received by the MS is the transmitted from the ME to the SIM card, step 121.
  • the SIM card then verifies that the SRES value is the correct value and, if so, returns a status: OK message to the ME, step 123.
  • the ME will start over again with the authentication process of the GSM system, thus starting the procedure with step 113.
  • the ME will continue to execute this process until the system replies with a correct answer, or until a certain, pre-set random numbers have been issued, without the system replying with a correct number.
  • the SIM will indicate when no more challenges can be issued in the response indication in step 115.
  • the SIM card turns itself off, i.e. it does not respond to any requests sent to it.
  • a Mobile Station receives a random number from the GSM network, step 201.
  • the Mobile Equipment (ME) of the MS issues a command "RUN GSM- algorith ", step 203.
  • the SIM card then returns a status condition indicating that the status is not OK and that a challenge towards the system should be issued, step 205. This could for example be carried out by adding a new code as a response to the command "RUN GSM algorithm" .
  • the Mobile Equipment issues a request for a random number to the SIM card, step 207.
  • the SIM card returns a random number (RAND2) together with a status: OK message, step 209.
  • This random number is then transmitted towards the system by the mobile station, step 211.
  • the GSM system then returns an SRES value (SRES2), step 213.
  • the ME transmits the SRES value (SRES2) to the SIM card, step 215.
  • the SIM card compares this value with the value of SRES2 which it calculates for itself. The comparison of these SRES values provides the system authentication and the SIM returns an acknowledge message (status: OK) to the Mobile Equipment if the compared SRES2 values match, step 217.
  • the ME will start over again with the authentication process of the GSM system, thus starting the procedure with step 207.
  • the ME will continue to execute this procedure, until the system replies with a correct answer, or until a certain, pre-set random numbers have been issued, without the system replying with a correct number.
  • the SIM will indicate when no more challenges can be issued in the response indication in step 209.
  • the SIM card turns itself off, i.e. it does not respond to any requests sent to it.
  • the ME issues the command RUN GSM algorithm towards the SIM card, step 219.
  • the SIM card the responds with a status: OK message, step 221.
  • the ME issues a command GET RESPONSE towards the SIM card, step 223.
  • the SIM card the responds with the SRES and the Kc as described above, step 225.
  • the SRES and the Kc is then transmitted by the MS to the GSM system as authentication of the SIM card, step 227.
  • the SIM card only challenges the system, i.e. sends a random number to the system, every N time, N being a positive integer > 1, that the system challenges the SIM card.
  • the method and system as described herein can also be employed in other kinds of systems than the systems described above.
  • the method is possible to use in any system provided with means for authenticating an electronic device connected to the system.
  • the system will then comprise a first authentication unit which then communicates with a second authentication unit located in the electronic device using a method corresponding to the method described above.
  • the method and system as described herein provides a significantly increased security for different kinds of removable memory card, such as SIM cards, smart cards, and other kinds of systems where a mutual authentication process between an electronic device and the system is required for ensuring an acceptable security.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)
  • Telephone Function (AREA)

Abstract

L'invention concerne un procédé et un système d'augmentation de la sécurité d'un système, comprenant et communiquant avec un carte mémoire amovible, telle qu'une carte SIM ou une carte intelligente. On ajoute à la carte SIM existante une nouvelle fonction de sorte que cette carte fasse intervenir le système. Cette carte va donc émettre un nombre aléatoire en direction du réseau qui doit proposer un résultat correct. Le cas échéant, la carte SIM s'éteindra automatiquement. L'utilisation de ce procédé et de ce système permet de réduire la possibilité pour un utilisateur de découvrir le code correct de la carte mémoire amovible au moyen d'un test massif. Ce procédé peut aussi être mis en oeuvre dans d'autres systèmes communiquant avec un dispositif électronique.
PCT/SE1999/001786 1998-10-19 1999-10-06 Procede et systeme d'authentification WO2000024218A1 (fr)

Priority Applications (3)

Application Number Priority Date Filing Date Title
AU14222/00A AU1422200A (en) 1998-10-19 1999-10-06 A method and a system for authentication
JP2000577853A JP2002528978A (ja) 1998-10-19 1999-10-06 認証方法及びシステム
DE19983656T DE19983656T1 (de) 1998-10-19 1999-10-06 Ein Verfahren und System für eine Authentisierung

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
SE9803569-4 1998-10-19
SE9803569A SE9803569L (sv) 1998-10-19 1998-10-19 Förfarande och system för autentisering

Publications (1)

Publication Number Publication Date
WO2000024218A1 true WO2000024218A1 (fr) 2000-04-27

Family

ID=20413006

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/SE1999/001786 WO2000024218A1 (fr) 1998-10-19 1999-10-06 Procede et systeme d'authentification

Country Status (6)

Country Link
JP (1) JP2002528978A (fr)
CN (1) CN1326654A (fr)
AU (1) AU1422200A (fr)
DE (1) DE19983656T1 (fr)
SE (1) SE9803569L (fr)
WO (1) WO2000024218A1 (fr)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002013568A1 (fr) * 2000-08-03 2002-02-14 Orange Personal Communications Services Limited Authentification dans un réseau de télécommunications mobile
EP1206157A2 (fr) * 2000-11-10 2002-05-15 Nokia Corporation Procédé d'identification
WO2002060210A1 (fr) * 2001-01-24 2002-08-01 Telenor Asa Procede de validation de fonctions icp dans une carte a puce
WO2002101981A1 (fr) * 2001-06-12 2002-12-19 Nokia Corporation Procede et dispositif de cryptage de transfert de donnees au niveau d'une interface d'equipement mobile de reseau radio, et equipement mobile de reseau radio
EP1612639A1 (fr) * 2004-06-30 2006-01-04 ST Incard S.r.l. Méthode de détection et de réaction contre une attaque potentielle d'une opération exécutée par un jeton ou une carte cryptographique et visant à faire respecter la sécurité.
EP1737201A1 (fr) * 2004-08-29 2006-12-27 Huawei Technologies Co., Ltd. Procede de protection securisee de la carte utilisateur
CN105632533A (zh) * 2014-11-07 2016-06-01 天津春子郡科技发展有限公司 一种具有安全加密功能的便携存储设备
EP2509351A4 (fr) * 2010-02-10 2017-06-21 ZTE Corporation Dispositif et procédé d'authentification de carte à puce
US11483709B2 (en) 2019-03-14 2022-10-25 At&T Intellectual Property I, L.P. Authentication technique to counter subscriber identity module swapping fraud attack

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004040717A (ja) * 2002-07-08 2004-02-05 Matsushita Electric Ind Co Ltd 機器認証システム
CN100449990C (zh) * 2003-08-19 2009-01-07 华为技术有限公司 固定网络终端的用户认证装置及其方法
CN1857024B (zh) * 2003-09-26 2011-09-28 艾利森电话股份有限公司 在移动通信系统中用于密码学的增强型安全性设计
KR100511317B1 (ko) * 2003-10-31 2005-08-31 엘지전자 주식회사 비접촉식 카드를 내장한 이동 통신 단말기의 카드 도용방지 방법 및 장치
WO2005046157A2 (fr) * 2003-11-11 2005-05-19 Siemens Aktiengesellschaft Procede de sauvegarde de transfert de donnees entre un premier terminal et un premier reseau et entre un second terminal et un second reseau

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0651533A2 (fr) * 1993-11-02 1995-05-03 Sun Microsystems, Inc. Procédé et dispositif pour la confidentialité et l'authentification dans un réseau sans fil mobile
WO1997015161A1 (fr) * 1995-10-17 1997-04-24 Nokia Telecommunications Oy Authentification d'abonne dans un systeme mobile de communications
FI971620A (fi) * 1997-04-16 1998-10-17 Nokia Telecommunications Oy Autentikointimenetelmä

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0651533A2 (fr) * 1993-11-02 1995-05-03 Sun Microsystems, Inc. Procédé et dispositif pour la confidentialité et l'authentification dans un réseau sans fil mobile
WO1997015161A1 (fr) * 1995-10-17 1997-04-24 Nokia Telecommunications Oy Authentification d'abonne dans un systeme mobile de communications
FI971620A (fi) * 1997-04-16 1998-10-17 Nokia Telecommunications Oy Autentikointimenetelmä

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002013568A1 (fr) * 2000-08-03 2002-02-14 Orange Personal Communications Services Limited Authentification dans un réseau de télécommunications mobile
EP2385661A3 (fr) * 2000-08-03 2014-01-15 Orange Authentification dans un réseau de communication mobile
EP1206157A2 (fr) * 2000-11-10 2002-05-15 Nokia Corporation Procédé d'identification
EP1206157A3 (fr) * 2000-11-10 2003-07-16 Nokia Corporation Procédé d'identification
US7024226B2 (en) 2001-01-24 2006-04-04 Telenor Asa Method for enabling PKI functions in a smart card
WO2002060210A1 (fr) * 2001-01-24 2002-08-01 Telenor Asa Procede de validation de fonctions icp dans une carte a puce
WO2002101981A1 (fr) * 2001-06-12 2002-12-19 Nokia Corporation Procede et dispositif de cryptage de transfert de donnees au niveau d'une interface d'equipement mobile de reseau radio, et equipement mobile de reseau radio
EP1612639A1 (fr) * 2004-06-30 2006-01-04 ST Incard S.r.l. Méthode de détection et de réaction contre une attaque potentielle d'une opération exécutée par un jeton ou une carte cryptographique et visant à faire respecter la sécurité.
EP1737201A1 (fr) * 2004-08-29 2006-12-27 Huawei Technologies Co., Ltd. Procede de protection securisee de la carte utilisateur
EP1737201A4 (fr) * 2004-08-29 2007-04-11 Huawei Tech Co Ltd Procede de protection securisee de la carte utilisateur
US7650139B2 (en) 2004-08-29 2010-01-19 Huawei Technologies Co., Ltd. Method for ensuring security of subscriber card
EP2509351A4 (fr) * 2010-02-10 2017-06-21 ZTE Corporation Dispositif et procédé d'authentification de carte à puce
CN105632533A (zh) * 2014-11-07 2016-06-01 天津春子郡科技发展有限公司 一种具有安全加密功能的便携存储设备
US11483709B2 (en) 2019-03-14 2022-10-25 At&T Intellectual Property I, L.P. Authentication technique to counter subscriber identity module swapping fraud attack

Also Published As

Publication number Publication date
JP2002528978A (ja) 2002-09-03
DE19983656T1 (de) 2001-09-13
AU1422200A (en) 2000-05-08
SE9803569L (sv) 2000-04-20
CN1326654A (zh) 2001-12-12
SE9803569D0 (sv) 1998-10-19

Similar Documents

Publication Publication Date Title
US7630495B2 (en) Method for protecting electronic device, and electronic device
EP1371255B1 (fr) Procede de validation de fonctions icp dans une carte a puce
US20020187808A1 (en) Method and arrangement for encrypting data transfer at an interface in mobile equipment in radio network, and mobile equipment in radio network
US8611536B2 (en) Bootstrapping authentication using distinguished random challenges
FI102235B (fi) Autentikointiavainten hallinta matkaviestinjärjestelmässä
JP4263384B2 (ja) ユーザ加入識別モジュールの認証についての改善された方法
CA2104092C (fr) Dispositif sans fil de verification d'identification
US20070293192A9 (en) Identification of a terminal to a server
AU2002230306A1 (en) Method for enabling PKI functions in a smart card
KR20060049267A (ko) 인증 벡터 생성 장치, 가입자 인증 모듈, 이동 통신시스템, 인증 벡터 생성 방법, 연산 방법 및 가입자 인증방법
WO2000024218A1 (fr) Procede et systeme d'authentification
CN101185308A (zh) 用于控制外围设备连接到接入点的方法
KR20160143333A (ko) 이중 채널을 이용한 이중 인증 방법
CN109492371B (zh) 一种数字证书空发方法及装置
US7650139B2 (en) Method for ensuring security of subscriber card
US8121580B2 (en) Method of securing a mobile telephone identifier and corresponding mobile telephone
CA2343180C (fr) Procede de renforcement de la securite de procedures d'authentification dans des systemes radiomobiles numeriques
KR20120061022A (ko) 데이터 통신망을 이용한 음성 통화망의 발신자 인증 방법 및 시스템과 이를 위한 발신측 장치, 착신 단말 및 프로그램
KR20120089388A (ko) 데이터 통신망을 이용한 음성 통화망의 발신자 인증을 요청하는 방법과 이를 위한 발신측의 스마트폰 및 프로그램
CN1124766C (zh) 在无线通信中防止应答攻击的系统和方法
US8296575B2 (en) Method for protecting electronic device, and electronic device
CN117479111B (zh) 一种基于Wi-Fi技术的离线自动付费方法、系统及装置
JPH05183507A (ja) 移動通信認証方法
EP1623592A1 (fr) Authentification d'une station d'abonnes
CN108040349A (zh) 基于虚拟sim卡的内置多虚拟sim卡方法

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 99812336.6

Country of ref document: CN

ENP Entry into the national phase

Ref document number: 2000 14222

Country of ref document: AU

Kind code of ref document: A

AK Designated states

Kind code of ref document: A1

Designated state(s): AE AL AM AT AU AZ BA BB BG BR BY CA CH CN CR CU CZ DE DK DM EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
ENP Entry into the national phase

Ref document number: 2000 577853

Country of ref document: JP

Kind code of ref document: A

RET De translation (de og part 6b)

Ref document number: 19983656

Country of ref document: DE

Date of ref document: 20010913

WWE Wipo information: entry into national phase

Ref document number: 19983656

Country of ref document: DE

122 Ep: pct application non-entry in european phase