WO2000024218A1 - A method and a system for authentication - Google Patents
A method and a system for authentication Download PDFInfo
- Publication number
- WO2000024218A1 WO2000024218A1 PCT/SE1999/001786 SE9901786W WO0024218A1 WO 2000024218 A1 WO2000024218 A1 WO 2000024218A1 SE 9901786 W SE9901786 W SE 9901786W WO 0024218 A1 WO0024218 A1 WO 0024218A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- card
- electronic device
- random number
- authentication
- removable memory
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
Definitions
- the present invention relates to a method and a system for increasing the security in a system comprising and communicating with a removable memory card, such as a SIM card or a smart card.
- a removable memory card such as a SIM card or a smart card.
- GSM Global System for Mobile communication
- SIM-cards Subscriber Identity Module
- the GSM system provides communication between a base station and one or several Mobile Stations (MS) .
- MS Mobile Station
- M Mobile Equipment
- SIM card for providing each Mobile Station with a unique identity.
- GSM 02.09 “Digital cellular telecommunications system; Security aspects”
- GSM 03.20 ETS 300 929) : “Digital cellular telecommunications system; Security related network functions”.
- the network sends a Random Number (RAND) to the Mobile Station (MS) .
- the Mobile Equipment (ME) passes the random number to the SIM card.
- a command "RUN GSM ALGORITHM” is given to the SIM card as described in GSM 03.20 (ETS 300 929) : "Digital cellular telecommunications system; Security related network functions”.
- the SIM returns the values Signed RESponse calculated by a SIM (SRES) and Cryptographic key (Kc) to the mobile equipment.
- SRES Signed RESponse calculated by a SIM
- Kc Cryptographic key
- the ME sends SRES to the network.
- the network compares this value with the value of SRES which it calculates for itself. The comparison of these SRES values provides the authentication.
- the value Kc is used by the ME in any future enciphered communications with the network until the next invocation of this mechanism.
- This object is obtained by means of adding a new function in the existing SIM card so that the SIM-card will challenge the system.
- the SIM-card will issue a random number towards the network and the network then has to respond with a correct result. If not the SIM-card will be automatically switched off.
- the method can also be used in other systems than the GSM system, where it is imperative that the removable memory card should not be cracked.
- An example is when money are stored on a card ("electronic money") and where the amount can be refilled.
- Other application areas are also possible.
- Means for executing the method can be provided in integrated circuits, mobile telephones, modems, etc.
- An authentication unit for providing additional security can in this manner easily be provided in existing systems.
- - Fig. 1 is a flow chart illustrating different steps carried out when verifying the authenticity of a SIM-card located in a Mobile Station (MS) communicating with a network.
- MS Mobile Station
- FIG. 2 is a flow chart illustrating an alternative scheme according to a second embodiments
- a flow chart illustrating different steps carried out during authentication in a GSM system is shown.
- MS Mobile Station
- ME Mobile Equipment
- the SIM card then returns a status condition indicating that the status is OK and that a challenge towards the system should be issued before the command "RUN GSM algorithm” can be issued again, step 105.
- the ME requests the response from the SIM card, step 107 and the SIM card returns the values Signed RESponse calculated by a SIM (SRES) and Cryptographic key (Kc) to the mobile equipment, step 109.
- SRES Signed RESponse calculated by a SIM
- Kc Cryptographic key
- the MS then returns the SRES and the Kc to the GSM network as an authentication of the SIM card as described above, step 111.
- the ME issues a request for a random number to the SIM card, step 113 as a response to the message in step 105, which indicated that a challenge should be transmitted to the GSM network.
- the SIM card then returns a random number and a status OK message, step 115.
- the MS issues a request towards the GSM network for authentication thereof by means of transmitting the random (RAND) number to the GSM network.
- the GSM network then has to respond to this request, preferably by means of returning an SRES, which then can be verified by the SIM, see below.
- the GSM network responds with a SRES value to the MS, step 119.
- the SRES received by the MS is the transmitted from the ME to the SIM card, step 121.
- the SIM card then verifies that the SRES value is the correct value and, if so, returns a status: OK message to the ME, step 123.
- the ME will start over again with the authentication process of the GSM system, thus starting the procedure with step 113.
- the ME will continue to execute this process until the system replies with a correct answer, or until a certain, pre-set random numbers have been issued, without the system replying with a correct number.
- the SIM will indicate when no more challenges can be issued in the response indication in step 115.
- the SIM card turns itself off, i.e. it does not respond to any requests sent to it.
- a Mobile Station receives a random number from the GSM network, step 201.
- the Mobile Equipment (ME) of the MS issues a command "RUN GSM- algorith ", step 203.
- the SIM card then returns a status condition indicating that the status is not OK and that a challenge towards the system should be issued, step 205. This could for example be carried out by adding a new code as a response to the command "RUN GSM algorithm" .
- the Mobile Equipment issues a request for a random number to the SIM card, step 207.
- the SIM card returns a random number (RAND2) together with a status: OK message, step 209.
- This random number is then transmitted towards the system by the mobile station, step 211.
- the GSM system then returns an SRES value (SRES2), step 213.
- the ME transmits the SRES value (SRES2) to the SIM card, step 215.
- the SIM card compares this value with the value of SRES2 which it calculates for itself. The comparison of these SRES values provides the system authentication and the SIM returns an acknowledge message (status: OK) to the Mobile Equipment if the compared SRES2 values match, step 217.
- the ME will start over again with the authentication process of the GSM system, thus starting the procedure with step 207.
- the ME will continue to execute this procedure, until the system replies with a correct answer, or until a certain, pre-set random numbers have been issued, without the system replying with a correct number.
- the SIM will indicate when no more challenges can be issued in the response indication in step 209.
- the SIM card turns itself off, i.e. it does not respond to any requests sent to it.
- the ME issues the command RUN GSM algorithm towards the SIM card, step 219.
- the SIM card the responds with a status: OK message, step 221.
- the ME issues a command GET RESPONSE towards the SIM card, step 223.
- the SIM card the responds with the SRES and the Kc as described above, step 225.
- the SRES and the Kc is then transmitted by the MS to the GSM system as authentication of the SIM card, step 227.
- the SIM card only challenges the system, i.e. sends a random number to the system, every N time, N being a positive integer > 1, that the system challenges the SIM card.
- the method and system as described herein can also be employed in other kinds of systems than the systems described above.
- the method is possible to use in any system provided with means for authenticating an electronic device connected to the system.
- the system will then comprise a first authentication unit which then communicates with a second authentication unit located in the electronic device using a method corresponding to the method described above.
- the method and system as described herein provides a significantly increased security for different kinds of removable memory card, such as SIM cards, smart cards, and other kinds of systems where a mutual authentication process between an electronic device and the system is required for ensuring an acceptable security.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
- Telephonic Communication Services (AREA)
- Telephone Function (AREA)
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
AU14222/00A AU1422200A (en) | 1998-10-19 | 1999-10-06 | A method and a system for authentication |
DE19983656T DE19983656T1 (de) | 1998-10-19 | 1999-10-06 | Ein Verfahren und System für eine Authentisierung |
JP2000577853A JP2002528978A (ja) | 1998-10-19 | 1999-10-06 | 認証方法及びシステム |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
SE9803569-4 | 1998-10-19 | ||
SE9803569A SE9803569L (sv) | 1998-10-19 | 1998-10-19 | Förfarande och system för autentisering |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2000024218A1 true WO2000024218A1 (en) | 2000-04-27 |
Family
ID=20413006
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/SE1999/001786 WO2000024218A1 (en) | 1998-10-19 | 1999-10-06 | A method and a system for authentication |
Country Status (6)
Country | Link |
---|---|
JP (1) | JP2002528978A (sv) |
CN (1) | CN1326654A (sv) |
AU (1) | AU1422200A (sv) |
DE (1) | DE19983656T1 (sv) |
SE (1) | SE9803569L (sv) |
WO (1) | WO2000024218A1 (sv) |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2002013568A1 (en) * | 2000-08-03 | 2002-02-14 | Orange Personal Communications Services Limited | Authentication in a mobile communications network |
EP1206157A2 (en) * | 2000-11-10 | 2002-05-15 | Nokia Corporation | Method for identification |
WO2002060210A1 (en) * | 2001-01-24 | 2002-08-01 | Telenor Asa | Method for enabling pki functions in a smart card |
WO2002101981A1 (en) * | 2001-06-12 | 2002-12-19 | Nokia Corporation | Method and arrangement for encrypting data transfer at an interface in mobile equipment in radio network, and mobile equipment in radio network |
EP1612639A1 (en) * | 2004-06-30 | 2006-01-04 | ST Incard S.r.l. | Method for detecting and reacting against possible attack to security enforcing operation performed by a cryptographic token or card |
EP1737201A1 (en) * | 2004-08-29 | 2006-12-27 | Huawei Technologies Co., Ltd. | A method for the safe protecting of the user card |
CN105632533A (zh) * | 2014-11-07 | 2016-06-01 | 天津春子郡科技发展有限公司 | 一种具有安全加密功能的便携存储设备 |
EP2509351A4 (en) * | 2010-02-10 | 2017-06-21 | ZTE Corporation | Smart card authentication device and method |
US11483709B2 (en) | 2019-03-14 | 2022-10-25 | At&T Intellectual Property I, L.P. | Authentication technique to counter subscriber identity module swapping fraud attack |
Families Citing this family (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2004040717A (ja) * | 2002-07-08 | 2004-02-05 | Matsushita Electric Ind Co Ltd | 機器認証システム |
CN100449990C (zh) * | 2003-08-19 | 2009-01-07 | 华为技术有限公司 | 固定网络终端的用户认证装置及其方法 |
ES2384634T7 (es) * | 2003-09-26 | 2018-10-11 | Telefonaktiebolaget Lm Ericsson (Publ) | Diseño de seguridad mejorado para criptografía en sistemas de comunicaciones de móviles |
KR100511317B1 (ko) * | 2003-10-31 | 2005-08-31 | 엘지전자 주식회사 | 비접촉식 카드를 내장한 이동 통신 단말기의 카드 도용방지 방법 및 장치 |
WO2005046157A2 (de) * | 2003-11-11 | 2005-05-19 | Siemens Aktiengesellschaft | Verfahren zur sicherung des datenverkehrs zwischen einem ersten endgerät und einem ersten netz sowie einem zweiten endgerät und einem zweiten netz |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0651533A2 (en) * | 1993-11-02 | 1995-05-03 | Sun Microsystems, Inc. | Method and apparatus for privacy and authentication in a mobile wireless network |
WO1997015161A1 (en) * | 1995-10-17 | 1997-04-24 | Nokia Telecommunications Oy | Subscriber authentication in a mobile communications system |
FI971620A (sv) * | 1997-04-16 | 1998-10-17 | Nokia Telecommunications Oy | Autenticeringsförfarande |
-
1998
- 1998-10-19 SE SE9803569A patent/SE9803569L/sv not_active Application Discontinuation
-
1999
- 1999-10-06 DE DE19983656T patent/DE19983656T1/de not_active Withdrawn
- 1999-10-06 AU AU14222/00A patent/AU1422200A/en not_active Abandoned
- 1999-10-06 JP JP2000577853A patent/JP2002528978A/ja active Pending
- 1999-10-06 CN CN99812336A patent/CN1326654A/zh active Pending
- 1999-10-06 WO PCT/SE1999/001786 patent/WO2000024218A1/en active Application Filing
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0651533A2 (en) * | 1993-11-02 | 1995-05-03 | Sun Microsystems, Inc. | Method and apparatus for privacy and authentication in a mobile wireless network |
WO1997015161A1 (en) * | 1995-10-17 | 1997-04-24 | Nokia Telecommunications Oy | Subscriber authentication in a mobile communications system |
FI971620A (sv) * | 1997-04-16 | 1998-10-17 | Nokia Telecommunications Oy | Autenticeringsförfarande |
Cited By (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2002013568A1 (en) * | 2000-08-03 | 2002-02-14 | Orange Personal Communications Services Limited | Authentication in a mobile communications network |
EP2385661A3 (en) * | 2000-08-03 | 2014-01-15 | Orange | Authentication in a mobile communications network |
EP1206157A2 (en) * | 2000-11-10 | 2002-05-15 | Nokia Corporation | Method for identification |
EP1206157A3 (en) * | 2000-11-10 | 2003-07-16 | Nokia Corporation | Method for identification |
US7024226B2 (en) | 2001-01-24 | 2006-04-04 | Telenor Asa | Method for enabling PKI functions in a smart card |
WO2002060210A1 (en) * | 2001-01-24 | 2002-08-01 | Telenor Asa | Method for enabling pki functions in a smart card |
WO2002101981A1 (en) * | 2001-06-12 | 2002-12-19 | Nokia Corporation | Method and arrangement for encrypting data transfer at an interface in mobile equipment in radio network, and mobile equipment in radio network |
EP1612639A1 (en) * | 2004-06-30 | 2006-01-04 | ST Incard S.r.l. | Method for detecting and reacting against possible attack to security enforcing operation performed by a cryptographic token or card |
EP1737201A1 (en) * | 2004-08-29 | 2006-12-27 | Huawei Technologies Co., Ltd. | A method for the safe protecting of the user card |
EP1737201A4 (en) * | 2004-08-29 | 2007-04-11 | Huawei Tech Co Ltd | METHOD FOR SECURELY PROTECTING THE USER CARD |
US7650139B2 (en) | 2004-08-29 | 2010-01-19 | Huawei Technologies Co., Ltd. | Method for ensuring security of subscriber card |
EP2509351A4 (en) * | 2010-02-10 | 2017-06-21 | ZTE Corporation | Smart card authentication device and method |
CN105632533A (zh) * | 2014-11-07 | 2016-06-01 | 天津春子郡科技发展有限公司 | 一种具有安全加密功能的便携存储设备 |
US11483709B2 (en) | 2019-03-14 | 2022-10-25 | At&T Intellectual Property I, L.P. | Authentication technique to counter subscriber identity module swapping fraud attack |
Also Published As
Publication number | Publication date |
---|---|
AU1422200A (en) | 2000-05-08 |
SE9803569D0 (sv) | 1998-10-19 |
CN1326654A (zh) | 2001-12-12 |
DE19983656T1 (de) | 2001-09-13 |
JP2002528978A (ja) | 2002-09-03 |
SE9803569L (sv) | 2000-04-20 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7630495B2 (en) | Method for protecting electronic device, and electronic device | |
EP1371255B1 (en) | Method for enabling pki functions in a smart card | |
US20020187808A1 (en) | Method and arrangement for encrypting data transfer at an interface in mobile equipment in radio network, and mobile equipment in radio network | |
US8611536B2 (en) | Bootstrapping authentication using distinguished random challenges | |
FI102235B (sv) | Hantering av autenticeringsnycklar i ett mobilkommunikationssystem | |
JP4263384B2 (ja) | ユーザ加入識別モジュールの認証についての改善された方法 | |
US20060141987A1 (en) | Identification of a terminal with a server | |
AU2002230306A1 (en) | Method for enabling PKI functions in a smart card | |
KR20060049267A (ko) | 인증 벡터 생성 장치, 가입자 인증 모듈, 이동 통신시스템, 인증 벡터 생성 방법, 연산 방법 및 가입자 인증방법 | |
WO2000024218A1 (en) | A method and a system for authentication | |
CN109492371B (zh) | 一种数字证书空发方法及装置 | |
CN101185308A (zh) | 用于控制外围设备连接到接入点的方法 | |
KR20160143333A (ko) | 이중 채널을 이용한 이중 인증 방법 | |
US7650139B2 (en) | Method for ensuring security of subscriber card | |
US8121580B2 (en) | Method of securing a mobile telephone identifier and corresponding mobile telephone | |
CA2343180C (en) | Method for improving the security of authentication procedures in digital mobile radio telephone systems | |
KR20120089388A (ko) | 데이터 통신망을 이용한 음성 통화망의 발신자 인증을 요청하는 방법과 이를 위한 발신측의 스마트폰 및 프로그램 | |
CN1124766C (zh) | 在无线通信中防止应答攻击的系统和方法 | |
US8296575B2 (en) | Method for protecting electronic device, and electronic device | |
CN117479111B (zh) | 一种基于Wi-Fi技术的离线自动付费方法、系统及装置 | |
JPH05183507A (ja) | 移動通信認証方法 | |
EP1623592A1 (en) | Authentication of a subscriber station | |
CN108040349A (zh) | 基于虚拟sim卡的内置多虚拟sim卡方法 | |
KR20160143337A (ko) | 이중 채널을 이용한 이중 인증 방법 및 시스템 | |
KR20160143335A (ko) | 이중채널 기반 이중인증 방법 및 시스템 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WWE | Wipo information: entry into national phase |
Ref document number: 99812336.6 Country of ref document: CN |
|
ENP | Entry into the national phase |
Ref document number: 2000 14222 Country of ref document: AU Kind code of ref document: A |
|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AL AM AT AU AZ BA BB BG BR BY CA CH CN CR CU CZ DE DK DM EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): GH GM KE LS MW SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
ENP | Entry into the national phase |
Ref document number: 2000 577853 Country of ref document: JP Kind code of ref document: A |
|
RET | De translation (de og part 6b) |
Ref document number: 19983656 Country of ref document: DE Date of ref document: 20010913 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 19983656 Country of ref document: DE |
|
122 | Ep: pct application non-entry in european phase |