WO2000024218A1 - Procede et systeme d'authentification - Google Patents
Procede et systeme d'authentification Download PDFInfo
- Publication number
- WO2000024218A1 WO2000024218A1 PCT/SE1999/001786 SE9901786W WO0024218A1 WO 2000024218 A1 WO2000024218 A1 WO 2000024218A1 SE 9901786 W SE9901786 W SE 9901786W WO 0024218 A1 WO0024218 A1 WO 0024218A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- card
- electronic device
- random number
- authentication
- removable memory
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
Definitions
- the present invention relates to a method and a system for increasing the security in a system comprising and communicating with a removable memory card, such as a SIM card or a smart card.
- a removable memory card such as a SIM card or a smart card.
- GSM Global System for Mobile communication
- SIM-cards Subscriber Identity Module
- the GSM system provides communication between a base station and one or several Mobile Stations (MS) .
- MS Mobile Station
- M Mobile Equipment
- SIM card for providing each Mobile Station with a unique identity.
- GSM 02.09 “Digital cellular telecommunications system; Security aspects”
- GSM 03.20 ETS 300 929) : “Digital cellular telecommunications system; Security related network functions”.
- the network sends a Random Number (RAND) to the Mobile Station (MS) .
- the Mobile Equipment (ME) passes the random number to the SIM card.
- a command "RUN GSM ALGORITHM” is given to the SIM card as described in GSM 03.20 (ETS 300 929) : "Digital cellular telecommunications system; Security related network functions”.
- the SIM returns the values Signed RESponse calculated by a SIM (SRES) and Cryptographic key (Kc) to the mobile equipment.
- SRES Signed RESponse calculated by a SIM
- Kc Cryptographic key
- the ME sends SRES to the network.
- the network compares this value with the value of SRES which it calculates for itself. The comparison of these SRES values provides the authentication.
- the value Kc is used by the ME in any future enciphered communications with the network until the next invocation of this mechanism.
- This object is obtained by means of adding a new function in the existing SIM card so that the SIM-card will challenge the system.
- the SIM-card will issue a random number towards the network and the network then has to respond with a correct result. If not the SIM-card will be automatically switched off.
- the method can also be used in other systems than the GSM system, where it is imperative that the removable memory card should not be cracked.
- An example is when money are stored on a card ("electronic money") and where the amount can be refilled.
- Other application areas are also possible.
- Means for executing the method can be provided in integrated circuits, mobile telephones, modems, etc.
- An authentication unit for providing additional security can in this manner easily be provided in existing systems.
- - Fig. 1 is a flow chart illustrating different steps carried out when verifying the authenticity of a SIM-card located in a Mobile Station (MS) communicating with a network.
- MS Mobile Station
- FIG. 2 is a flow chart illustrating an alternative scheme according to a second embodiments
- a flow chart illustrating different steps carried out during authentication in a GSM system is shown.
- MS Mobile Station
- ME Mobile Equipment
- the SIM card then returns a status condition indicating that the status is OK and that a challenge towards the system should be issued before the command "RUN GSM algorithm” can be issued again, step 105.
- the ME requests the response from the SIM card, step 107 and the SIM card returns the values Signed RESponse calculated by a SIM (SRES) and Cryptographic key (Kc) to the mobile equipment, step 109.
- SRES Signed RESponse calculated by a SIM
- Kc Cryptographic key
- the MS then returns the SRES and the Kc to the GSM network as an authentication of the SIM card as described above, step 111.
- the ME issues a request for a random number to the SIM card, step 113 as a response to the message in step 105, which indicated that a challenge should be transmitted to the GSM network.
- the SIM card then returns a random number and a status OK message, step 115.
- the MS issues a request towards the GSM network for authentication thereof by means of transmitting the random (RAND) number to the GSM network.
- the GSM network then has to respond to this request, preferably by means of returning an SRES, which then can be verified by the SIM, see below.
- the GSM network responds with a SRES value to the MS, step 119.
- the SRES received by the MS is the transmitted from the ME to the SIM card, step 121.
- the SIM card then verifies that the SRES value is the correct value and, if so, returns a status: OK message to the ME, step 123.
- the ME will start over again with the authentication process of the GSM system, thus starting the procedure with step 113.
- the ME will continue to execute this process until the system replies with a correct answer, or until a certain, pre-set random numbers have been issued, without the system replying with a correct number.
- the SIM will indicate when no more challenges can be issued in the response indication in step 115.
- the SIM card turns itself off, i.e. it does not respond to any requests sent to it.
- a Mobile Station receives a random number from the GSM network, step 201.
- the Mobile Equipment (ME) of the MS issues a command "RUN GSM- algorith ", step 203.
- the SIM card then returns a status condition indicating that the status is not OK and that a challenge towards the system should be issued, step 205. This could for example be carried out by adding a new code as a response to the command "RUN GSM algorithm" .
- the Mobile Equipment issues a request for a random number to the SIM card, step 207.
- the SIM card returns a random number (RAND2) together with a status: OK message, step 209.
- This random number is then transmitted towards the system by the mobile station, step 211.
- the GSM system then returns an SRES value (SRES2), step 213.
- the ME transmits the SRES value (SRES2) to the SIM card, step 215.
- the SIM card compares this value with the value of SRES2 which it calculates for itself. The comparison of these SRES values provides the system authentication and the SIM returns an acknowledge message (status: OK) to the Mobile Equipment if the compared SRES2 values match, step 217.
- the ME will start over again with the authentication process of the GSM system, thus starting the procedure with step 207.
- the ME will continue to execute this procedure, until the system replies with a correct answer, or until a certain, pre-set random numbers have been issued, without the system replying with a correct number.
- the SIM will indicate when no more challenges can be issued in the response indication in step 209.
- the SIM card turns itself off, i.e. it does not respond to any requests sent to it.
- the ME issues the command RUN GSM algorithm towards the SIM card, step 219.
- the SIM card the responds with a status: OK message, step 221.
- the ME issues a command GET RESPONSE towards the SIM card, step 223.
- the SIM card the responds with the SRES and the Kc as described above, step 225.
- the SRES and the Kc is then transmitted by the MS to the GSM system as authentication of the SIM card, step 227.
- the SIM card only challenges the system, i.e. sends a random number to the system, every N time, N being a positive integer > 1, that the system challenges the SIM card.
- the method and system as described herein can also be employed in other kinds of systems than the systems described above.
- the method is possible to use in any system provided with means for authenticating an electronic device connected to the system.
- the system will then comprise a first authentication unit which then communicates with a second authentication unit located in the electronic device using a method corresponding to the method described above.
- the method and system as described herein provides a significantly increased security for different kinds of removable memory card, such as SIM cards, smart cards, and other kinds of systems where a mutual authentication process between an electronic device and the system is required for ensuring an acceptable security.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
- Telephonic Communication Services (AREA)
- Telephone Function (AREA)
Abstract
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
AU14222/00A AU1422200A (en) | 1998-10-19 | 1999-10-06 | A method and a system for authentication |
JP2000577853A JP2002528978A (ja) | 1998-10-19 | 1999-10-06 | 認証方法及びシステム |
DE19983656T DE19983656T1 (de) | 1998-10-19 | 1999-10-06 | Ein Verfahren und System für eine Authentisierung |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
SE9803569-4 | 1998-10-19 | ||
SE9803569A SE9803569L (sv) | 1998-10-19 | 1998-10-19 | Förfarande och system för autentisering |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2000024218A1 true WO2000024218A1 (fr) | 2000-04-27 |
Family
ID=20413006
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/SE1999/001786 WO2000024218A1 (fr) | 1998-10-19 | 1999-10-06 | Procede et systeme d'authentification |
Country Status (6)
Country | Link |
---|---|
JP (1) | JP2002528978A (fr) |
CN (1) | CN1326654A (fr) |
AU (1) | AU1422200A (fr) |
DE (1) | DE19983656T1 (fr) |
SE (1) | SE9803569L (fr) |
WO (1) | WO2000024218A1 (fr) |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2002013568A1 (fr) * | 2000-08-03 | 2002-02-14 | Orange Personal Communications Services Limited | Authentification dans un réseau de télécommunications mobile |
EP1206157A2 (fr) * | 2000-11-10 | 2002-05-15 | Nokia Corporation | Procédé d'identification |
WO2002060210A1 (fr) * | 2001-01-24 | 2002-08-01 | Telenor Asa | Procede de validation de fonctions icp dans une carte a puce |
WO2002101981A1 (fr) * | 2001-06-12 | 2002-12-19 | Nokia Corporation | Procede et dispositif de cryptage de transfert de donnees au niveau d'une interface d'equipement mobile de reseau radio, et equipement mobile de reseau radio |
EP1612639A1 (fr) * | 2004-06-30 | 2006-01-04 | ST Incard S.r.l. | Méthode de détection et de réaction contre une attaque potentielle d'une opération exécutée par un jeton ou une carte cryptographique et visant à faire respecter la sécurité. |
EP1737201A1 (fr) * | 2004-08-29 | 2006-12-27 | Huawei Technologies Co., Ltd. | Procede de protection securisee de la carte utilisateur |
CN105632533A (zh) * | 2014-11-07 | 2016-06-01 | 天津春子郡科技发展有限公司 | 一种具有安全加密功能的便携存储设备 |
EP2509351A4 (fr) * | 2010-02-10 | 2017-06-21 | ZTE Corporation | Dispositif et procédé d'authentification de carte à puce |
US11483709B2 (en) | 2019-03-14 | 2022-10-25 | At&T Intellectual Property I, L.P. | Authentication technique to counter subscriber identity module swapping fraud attack |
Families Citing this family (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2004040717A (ja) * | 2002-07-08 | 2004-02-05 | Matsushita Electric Ind Co Ltd | 機器認証システム |
CN100449990C (zh) * | 2003-08-19 | 2009-01-07 | 华为技术有限公司 | 固定网络终端的用户认证装置及其方法 |
CN1857024B (zh) * | 2003-09-26 | 2011-09-28 | 艾利森电话股份有限公司 | 在移动通信系统中用于密码学的增强型安全性设计 |
KR100511317B1 (ko) * | 2003-10-31 | 2005-08-31 | 엘지전자 주식회사 | 비접촉식 카드를 내장한 이동 통신 단말기의 카드 도용방지 방법 및 장치 |
WO2005046157A2 (fr) * | 2003-11-11 | 2005-05-19 | Siemens Aktiengesellschaft | Procede de sauvegarde de transfert de donnees entre un premier terminal et un premier reseau et entre un second terminal et un second reseau |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0651533A2 (fr) * | 1993-11-02 | 1995-05-03 | Sun Microsystems, Inc. | Procédé et dispositif pour la confidentialité et l'authentification dans un réseau sans fil mobile |
WO1997015161A1 (fr) * | 1995-10-17 | 1997-04-24 | Nokia Telecommunications Oy | Authentification d'abonne dans un systeme mobile de communications |
FI971620A (fi) * | 1997-04-16 | 1998-10-17 | Nokia Telecommunications Oy | Autentikointimenetelmä |
-
1998
- 1998-10-19 SE SE9803569A patent/SE9803569L/xx not_active Application Discontinuation
-
1999
- 1999-10-06 WO PCT/SE1999/001786 patent/WO2000024218A1/fr active Application Filing
- 1999-10-06 JP JP2000577853A patent/JP2002528978A/ja active Pending
- 1999-10-06 CN CN99812336A patent/CN1326654A/zh active Pending
- 1999-10-06 AU AU14222/00A patent/AU1422200A/en not_active Abandoned
- 1999-10-06 DE DE19983656T patent/DE19983656T1/de not_active Withdrawn
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0651533A2 (fr) * | 1993-11-02 | 1995-05-03 | Sun Microsystems, Inc. | Procédé et dispositif pour la confidentialité et l'authentification dans un réseau sans fil mobile |
WO1997015161A1 (fr) * | 1995-10-17 | 1997-04-24 | Nokia Telecommunications Oy | Authentification d'abonne dans un systeme mobile de communications |
FI971620A (fi) * | 1997-04-16 | 1998-10-17 | Nokia Telecommunications Oy | Autentikointimenetelmä |
Cited By (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2002013568A1 (fr) * | 2000-08-03 | 2002-02-14 | Orange Personal Communications Services Limited | Authentification dans un réseau de télécommunications mobile |
EP2385661A3 (fr) * | 2000-08-03 | 2014-01-15 | Orange | Authentification dans un réseau de communication mobile |
EP1206157A2 (fr) * | 2000-11-10 | 2002-05-15 | Nokia Corporation | Procédé d'identification |
EP1206157A3 (fr) * | 2000-11-10 | 2003-07-16 | Nokia Corporation | Procédé d'identification |
US7024226B2 (en) | 2001-01-24 | 2006-04-04 | Telenor Asa | Method for enabling PKI functions in a smart card |
WO2002060210A1 (fr) * | 2001-01-24 | 2002-08-01 | Telenor Asa | Procede de validation de fonctions icp dans une carte a puce |
WO2002101981A1 (fr) * | 2001-06-12 | 2002-12-19 | Nokia Corporation | Procede et dispositif de cryptage de transfert de donnees au niveau d'une interface d'equipement mobile de reseau radio, et equipement mobile de reseau radio |
EP1612639A1 (fr) * | 2004-06-30 | 2006-01-04 | ST Incard S.r.l. | Méthode de détection et de réaction contre une attaque potentielle d'une opération exécutée par un jeton ou une carte cryptographique et visant à faire respecter la sécurité. |
EP1737201A1 (fr) * | 2004-08-29 | 2006-12-27 | Huawei Technologies Co., Ltd. | Procede de protection securisee de la carte utilisateur |
EP1737201A4 (fr) * | 2004-08-29 | 2007-04-11 | Huawei Tech Co Ltd | Procede de protection securisee de la carte utilisateur |
US7650139B2 (en) | 2004-08-29 | 2010-01-19 | Huawei Technologies Co., Ltd. | Method for ensuring security of subscriber card |
EP2509351A4 (fr) * | 2010-02-10 | 2017-06-21 | ZTE Corporation | Dispositif et procédé d'authentification de carte à puce |
CN105632533A (zh) * | 2014-11-07 | 2016-06-01 | 天津春子郡科技发展有限公司 | 一种具有安全加密功能的便携存储设备 |
US11483709B2 (en) | 2019-03-14 | 2022-10-25 | At&T Intellectual Property I, L.P. | Authentication technique to counter subscriber identity module swapping fraud attack |
Also Published As
Publication number | Publication date |
---|---|
JP2002528978A (ja) | 2002-09-03 |
DE19983656T1 (de) | 2001-09-13 |
AU1422200A (en) | 2000-05-08 |
SE9803569L (sv) | 2000-04-20 |
CN1326654A (zh) | 2001-12-12 |
SE9803569D0 (sv) | 1998-10-19 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7630495B2 (en) | Method for protecting electronic device, and electronic device | |
EP1371255B1 (fr) | Procede de validation de fonctions icp dans une carte a puce | |
US20020187808A1 (en) | Method and arrangement for encrypting data transfer at an interface in mobile equipment in radio network, and mobile equipment in radio network | |
US8611536B2 (en) | Bootstrapping authentication using distinguished random challenges | |
FI102235B (fi) | Autentikointiavainten hallinta matkaviestinjärjestelmässä | |
JP4263384B2 (ja) | ユーザ加入識別モジュールの認証についての改善された方法 | |
CA2104092C (fr) | Dispositif sans fil de verification d'identification | |
US20070293192A9 (en) | Identification of a terminal to a server | |
AU2002230306A1 (en) | Method for enabling PKI functions in a smart card | |
KR20060049267A (ko) | 인증 벡터 생성 장치, 가입자 인증 모듈, 이동 통신시스템, 인증 벡터 생성 방법, 연산 방법 및 가입자 인증방법 | |
WO2000024218A1 (fr) | Procede et systeme d'authentification | |
CN101185308A (zh) | 用于控制外围设备连接到接入点的方法 | |
KR20160143333A (ko) | 이중 채널을 이용한 이중 인증 방법 | |
CN109492371B (zh) | 一种数字证书空发方法及装置 | |
US7650139B2 (en) | Method for ensuring security of subscriber card | |
US8121580B2 (en) | Method of securing a mobile telephone identifier and corresponding mobile telephone | |
CA2343180C (fr) | Procede de renforcement de la securite de procedures d'authentification dans des systemes radiomobiles numeriques | |
KR20120061022A (ko) | 데이터 통신망을 이용한 음성 통화망의 발신자 인증 방법 및 시스템과 이를 위한 발신측 장치, 착신 단말 및 프로그램 | |
KR20120089388A (ko) | 데이터 통신망을 이용한 음성 통화망의 발신자 인증을 요청하는 방법과 이를 위한 발신측의 스마트폰 및 프로그램 | |
CN1124766C (zh) | 在无线通信中防止应答攻击的系统和方法 | |
US8296575B2 (en) | Method for protecting electronic device, and electronic device | |
CN117479111B (zh) | 一种基于Wi-Fi技术的离线自动付费方法、系统及装置 | |
JPH05183507A (ja) | 移動通信認証方法 | |
EP1623592A1 (fr) | Authentification d'une station d'abonnes | |
CN108040349A (zh) | 基于虚拟sim卡的内置多虚拟sim卡方法 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WWE | Wipo information: entry into national phase |
Ref document number: 99812336.6 Country of ref document: CN |
|
ENP | Entry into the national phase |
Ref document number: 2000 14222 Country of ref document: AU Kind code of ref document: A |
|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AL AM AT AU AZ BA BB BG BR BY CA CH CN CR CU CZ DE DK DM EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): GH GM KE LS MW SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
ENP | Entry into the national phase |
Ref document number: 2000 577853 Country of ref document: JP Kind code of ref document: A |
|
RET | De translation (de og part 6b) |
Ref document number: 19983656 Country of ref document: DE Date of ref document: 20010913 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 19983656 Country of ref document: DE |
|
122 | Ep: pct application non-entry in european phase |