WO2000024218A1 - A method and a system for authentication - Google Patents

A method and a system for authentication Download PDF

Info

Publication number
WO2000024218A1
WO2000024218A1 PCT/SE1999/001786 SE9901786W WO0024218A1 WO 2000024218 A1 WO2000024218 A1 WO 2000024218A1 SE 9901786 W SE9901786 W SE 9901786W WO 0024218 A1 WO0024218 A1 WO 0024218A1
Authority
WO
WIPO (PCT)
Prior art keywords
card
electronic device
random number
authentication
removable memory
Prior art date
Application number
PCT/SE1999/001786
Other languages
English (en)
French (fr)
Inventor
Magnus HALLENSTÅL
Original Assignee
Telefonaktiebolaget Lm Ericsson (Publ)
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Telefonaktiebolaget Lm Ericsson (Publ) filed Critical Telefonaktiebolaget Lm Ericsson (Publ)
Priority to DE19983656T priority Critical patent/DE19983656T1/de
Priority to JP2000577853A priority patent/JP2002528978A/ja
Priority to AU14222/00A priority patent/AU1422200A/en
Publication of WO2000024218A1 publication Critical patent/WO2000024218A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication

Definitions

  • the present invention relates to a method and a system for increasing the security in a system comprising and communicating with a removable memory card, such as a SIM card or a smart card.
  • a removable memory card such as a SIM card or a smart card.
  • GSM Global System for Mobile communication
  • SIM-cards Subscriber Identity Module
  • the GSM system provides communication between a base station and one or several Mobile Stations (MS) .
  • MS Mobile Station
  • M Mobile Equipment
  • SIM card for providing each Mobile Station with a unique identity.
  • GSM 02.09 “Digital cellular telecommunications system; Security aspects”
  • GSM 03.20 ETS 300 929) : “Digital cellular telecommunications system; Security related network functions”.
  • the network sends a Random Number (RAND) to the Mobile Station (MS) .
  • the Mobile Equipment (ME) passes the random number to the SIM card.
  • a command "RUN GSM ALGORITHM” is given to the SIM card as described in GSM 03.20 (ETS 300 929) : "Digital cellular telecommunications system; Security related network functions”.
  • the SIM returns the values Signed RESponse calculated by a SIM (SRES) and Cryptographic key (Kc) to the mobile equipment.
  • SRES Signed RESponse calculated by a SIM
  • Kc Cryptographic key
  • the ME sends SRES to the network.
  • the network compares this value with the value of SRES which it calculates for itself. The comparison of these SRES values provides the authentication.
  • the value Kc is used by the ME in any future enciphered communications with the network until the next invocation of this mechanism.
  • This object is obtained by means of adding a new function in the existing SIM card so that the SIM-card will challenge the system.
  • the SIM-card will issue a random number towards the network and the network then has to respond with a correct result. If not the SIM-card will be automatically switched off.
  • the method can also be used in other systems than the GSM system, where it is imperative that the removable memory card should not be cracked.
  • An example is when money are stored on a card ("electronic money") and where the amount can be refilled.
  • Other application areas are also possible.
  • Means for executing the method can be provided in integrated circuits, mobile telephones, modems, etc.
  • An authentication unit for providing additional security can in this manner easily be provided in existing systems.
  • - Fig. 1 is a flow chart illustrating different steps carried out when verifying the authenticity of a SIM-card located in a Mobile Station (MS) communicating with a network.
  • MS Mobile Station
  • FIG. 2 is a flow chart illustrating an alternative scheme according to a second embodiments
  • a flow chart illustrating different steps carried out during authentication in a GSM system is shown.
  • MS Mobile Station
  • ME Mobile Equipment
  • the SIM card then returns a status condition indicating that the status is OK and that a challenge towards the system should be issued before the command "RUN GSM algorithm” can be issued again, step 105.
  • the ME requests the response from the SIM card, step 107 and the SIM card returns the values Signed RESponse calculated by a SIM (SRES) and Cryptographic key (Kc) to the mobile equipment, step 109.
  • SRES Signed RESponse calculated by a SIM
  • Kc Cryptographic key
  • the MS then returns the SRES and the Kc to the GSM network as an authentication of the SIM card as described above, step 111.
  • the ME issues a request for a random number to the SIM card, step 113 as a response to the message in step 105, which indicated that a challenge should be transmitted to the GSM network.
  • the SIM card then returns a random number and a status OK message, step 115.
  • the MS issues a request towards the GSM network for authentication thereof by means of transmitting the random (RAND) number to the GSM network.
  • the GSM network then has to respond to this request, preferably by means of returning an SRES, which then can be verified by the SIM, see below.
  • the GSM network responds with a SRES value to the MS, step 119.
  • the SRES received by the MS is the transmitted from the ME to the SIM card, step 121.
  • the SIM card then verifies that the SRES value is the correct value and, if so, returns a status: OK message to the ME, step 123.
  • the ME will start over again with the authentication process of the GSM system, thus starting the procedure with step 113.
  • the ME will continue to execute this process until the system replies with a correct answer, or until a certain, pre-set random numbers have been issued, without the system replying with a correct number.
  • the SIM will indicate when no more challenges can be issued in the response indication in step 115.
  • the SIM card turns itself off, i.e. it does not respond to any requests sent to it.
  • a Mobile Station receives a random number from the GSM network, step 201.
  • the Mobile Equipment (ME) of the MS issues a command "RUN GSM- algorith ", step 203.
  • the SIM card then returns a status condition indicating that the status is not OK and that a challenge towards the system should be issued, step 205. This could for example be carried out by adding a new code as a response to the command "RUN GSM algorithm" .
  • the Mobile Equipment issues a request for a random number to the SIM card, step 207.
  • the SIM card returns a random number (RAND2) together with a status: OK message, step 209.
  • This random number is then transmitted towards the system by the mobile station, step 211.
  • the GSM system then returns an SRES value (SRES2), step 213.
  • the ME transmits the SRES value (SRES2) to the SIM card, step 215.
  • the SIM card compares this value with the value of SRES2 which it calculates for itself. The comparison of these SRES values provides the system authentication and the SIM returns an acknowledge message (status: OK) to the Mobile Equipment if the compared SRES2 values match, step 217.
  • the ME will start over again with the authentication process of the GSM system, thus starting the procedure with step 207.
  • the ME will continue to execute this procedure, until the system replies with a correct answer, or until a certain, pre-set random numbers have been issued, without the system replying with a correct number.
  • the SIM will indicate when no more challenges can be issued in the response indication in step 209.
  • the SIM card turns itself off, i.e. it does not respond to any requests sent to it.
  • the ME issues the command RUN GSM algorithm towards the SIM card, step 219.
  • the SIM card the responds with a status: OK message, step 221.
  • the ME issues a command GET RESPONSE towards the SIM card, step 223.
  • the SIM card the responds with the SRES and the Kc as described above, step 225.
  • the SRES and the Kc is then transmitted by the MS to the GSM system as authentication of the SIM card, step 227.
  • the SIM card only challenges the system, i.e. sends a random number to the system, every N time, N being a positive integer > 1, that the system challenges the SIM card.
  • the method and system as described herein can also be employed in other kinds of systems than the systems described above.
  • the method is possible to use in any system provided with means for authenticating an electronic device connected to the system.
  • the system will then comprise a first authentication unit which then communicates with a second authentication unit located in the electronic device using a method corresponding to the method described above.
  • the method and system as described herein provides a significantly increased security for different kinds of removable memory card, such as SIM cards, smart cards, and other kinds of systems where a mutual authentication process between an electronic device and the system is required for ensuring an acceptable security.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)
  • Telephone Function (AREA)
PCT/SE1999/001786 1998-10-19 1999-10-06 A method and a system for authentication WO2000024218A1 (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
DE19983656T DE19983656T1 (de) 1998-10-19 1999-10-06 Ein Verfahren und System für eine Authentisierung
JP2000577853A JP2002528978A (ja) 1998-10-19 1999-10-06 認証方法及びシステム
AU14222/00A AU1422200A (en) 1998-10-19 1999-10-06 A method and a system for authentication

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
SE9803569A SE9803569L (sv) 1998-10-19 1998-10-19 Förfarande och system för autentisering
SE9803569-4 1998-10-19

Publications (1)

Publication Number Publication Date
WO2000024218A1 true WO2000024218A1 (en) 2000-04-27

Family

ID=20413006

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/SE1999/001786 WO2000024218A1 (en) 1998-10-19 1999-10-06 A method and a system for authentication

Country Status (6)

Country Link
JP (1) JP2002528978A (sv)
CN (1) CN1326654A (sv)
AU (1) AU1422200A (sv)
DE (1) DE19983656T1 (sv)
SE (1) SE9803569L (sv)
WO (1) WO2000024218A1 (sv)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002013568A1 (en) * 2000-08-03 2002-02-14 Orange Personal Communications Services Limited Authentication in a mobile communications network
EP1206157A2 (en) * 2000-11-10 2002-05-15 Nokia Corporation Method for identification
WO2002060210A1 (en) * 2001-01-24 2002-08-01 Telenor Asa Method for enabling pki functions in a smart card
WO2002101981A1 (en) * 2001-06-12 2002-12-19 Nokia Corporation Method and arrangement for encrypting data transfer at an interface in mobile equipment in radio network, and mobile equipment in radio network
EP1612639A1 (en) * 2004-06-30 2006-01-04 ST Incard S.r.l. Method for detecting and reacting against possible attack to security enforcing operation performed by a cryptographic token or card
EP1737201A1 (en) * 2004-08-29 2006-12-27 Huawei Technologies Co., Ltd. A method for the safe protecting of the user card
CN105632533A (zh) * 2014-11-07 2016-06-01 天津春子郡科技发展有限公司 一种具有安全加密功能的便携存储设备
EP2509351A4 (en) * 2010-02-10 2017-06-21 ZTE Corporation Smart card authentication device and method
US11483709B2 (en) 2019-03-14 2022-10-25 At&T Intellectual Property I, L.P. Authentication technique to counter subscriber identity module swapping fraud attack

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004040717A (ja) * 2002-07-08 2004-02-05 Matsushita Electric Ind Co Ltd 機器認証システム
CN100449990C (zh) * 2003-08-19 2009-01-07 华为技术有限公司 固定网络终端的用户认证装置及其方法
EP1671511B2 (en) * 2003-09-26 2018-03-21 Telefonaktiebolaget LM Ericsson (publ) Enhanced security design for cryptography in mobile communication systems
KR100511317B1 (ko) * 2003-10-31 2005-08-31 엘지전자 주식회사 비접촉식 카드를 내장한 이동 통신 단말기의 카드 도용방지 방법 및 장치
RU2328083C2 (ru) * 2003-11-11 2008-06-27 Сименс Акциенгезелльшафт Способ обеспечения трафика данных между первым оконечным устройством и первой сетью, а также вторым оконечным устройством и второй сетью

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0651533A2 (en) * 1993-11-02 1995-05-03 Sun Microsystems, Inc. Method and apparatus for privacy and authentication in a mobile wireless network
WO1997015161A1 (en) * 1995-10-17 1997-04-24 Nokia Telecommunications Oy Subscriber authentication in a mobile communications system
FI971620A (sv) * 1997-04-16 1998-10-17 Nokia Telecommunications Oy Autenticeringsförfarande

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0651533A2 (en) * 1993-11-02 1995-05-03 Sun Microsystems, Inc. Method and apparatus for privacy and authentication in a mobile wireless network
WO1997015161A1 (en) * 1995-10-17 1997-04-24 Nokia Telecommunications Oy Subscriber authentication in a mobile communications system
FI971620A (sv) * 1997-04-16 1998-10-17 Nokia Telecommunications Oy Autenticeringsförfarande

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002013568A1 (en) * 2000-08-03 2002-02-14 Orange Personal Communications Services Limited Authentication in a mobile communications network
EP2385661A3 (en) * 2000-08-03 2014-01-15 Orange Authentication in a mobile communications network
EP1206157A2 (en) * 2000-11-10 2002-05-15 Nokia Corporation Method for identification
EP1206157A3 (en) * 2000-11-10 2003-07-16 Nokia Corporation Method for identification
US7024226B2 (en) 2001-01-24 2006-04-04 Telenor Asa Method for enabling PKI functions in a smart card
WO2002060210A1 (en) * 2001-01-24 2002-08-01 Telenor Asa Method for enabling pki functions in a smart card
WO2002101981A1 (en) * 2001-06-12 2002-12-19 Nokia Corporation Method and arrangement for encrypting data transfer at an interface in mobile equipment in radio network, and mobile equipment in radio network
EP1612639A1 (en) * 2004-06-30 2006-01-04 ST Incard S.r.l. Method for detecting and reacting against possible attack to security enforcing operation performed by a cryptographic token or card
EP1737201A1 (en) * 2004-08-29 2006-12-27 Huawei Technologies Co., Ltd. A method for the safe protecting of the user card
EP1737201A4 (en) * 2004-08-29 2007-04-11 Huawei Tech Co Ltd METHOD FOR SECURELY PROTECTING THE USER CARD
US7650139B2 (en) 2004-08-29 2010-01-19 Huawei Technologies Co., Ltd. Method for ensuring security of subscriber card
EP2509351A4 (en) * 2010-02-10 2017-06-21 ZTE Corporation Smart card authentication device and method
CN105632533A (zh) * 2014-11-07 2016-06-01 天津春子郡科技发展有限公司 一种具有安全加密功能的便携存储设备
US11483709B2 (en) 2019-03-14 2022-10-25 At&T Intellectual Property I, L.P. Authentication technique to counter subscriber identity module swapping fraud attack

Also Published As

Publication number Publication date
DE19983656T1 (de) 2001-09-13
SE9803569D0 (sv) 1998-10-19
SE9803569L (sv) 2000-04-20
JP2002528978A (ja) 2002-09-03
AU1422200A (en) 2000-05-08
CN1326654A (zh) 2001-12-12

Similar Documents

Publication Publication Date Title
US7630495B2 (en) Method for protecting electronic device, and electronic device
EP1371255B1 (en) Method for enabling pki functions in a smart card
US20020187808A1 (en) Method and arrangement for encrypting data transfer at an interface in mobile equipment in radio network, and mobile equipment in radio network
US8611536B2 (en) Bootstrapping authentication using distinguished random challenges
FI102235B (sv) Hantering av autenticeringsnycklar i ett mobilkommunikationssystem
JP4263384B2 (ja) ユーザ加入識別モジュールの認証についての改善された方法
US20070293192A9 (en) Identification of a terminal to a server
AU2002230306A1 (en) Method for enabling PKI functions in a smart card
KR20060049267A (ko) 인증 벡터 생성 장치, 가입자 인증 모듈, 이동 통신시스템, 인증 벡터 생성 방법, 연산 방법 및 가입자 인증방법
WO2000024218A1 (en) A method and a system for authentication
CN101185308A (zh) 用于控制外围设备连接到接入点的方法
KR20160143333A (ko) 이중 채널을 이용한 이중 인증 방법
CN109492371B (zh) 一种数字证书空发方法及装置
US7650139B2 (en) Method for ensuring security of subscriber card
US8121580B2 (en) Method of securing a mobile telephone identifier and corresponding mobile telephone
CA2343180C (en) Method for improving the security of authentication procedures in digital mobile radio telephone systems
KR20120089388A (ko) 데이터 통신망을 이용한 음성 통화망의 발신자 인증을 요청하는 방법과 이를 위한 발신측의 스마트폰 및 프로그램
CN1124766C (zh) 在无线通信中防止应答攻击的系统和方法
US8296575B2 (en) Method for protecting electronic device, and electronic device
CN117479111B (zh) 一种基于Wi-Fi技术的离线自动付费方法、系统及装置
JPH05183507A (ja) 移動通信認証方法
WO2004100592A1 (en) Authentication of a subscriber station
CN108040349A (zh) 基于虚拟sim卡的内置多虚拟sim卡方法
KR20160143337A (ko) 이중 채널을 이용한 이중 인증 방법 및 시스템
KR20160143335A (ko) 이중채널 기반 이중인증 방법 및 시스템

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 99812336.6

Country of ref document: CN

ENP Entry into the national phase

Ref document number: 2000 14222

Country of ref document: AU

Kind code of ref document: A

AK Designated states

Kind code of ref document: A1

Designated state(s): AE AL AM AT AU AZ BA BB BG BR BY CA CH CN CR CU CZ DE DK DM EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
ENP Entry into the national phase

Ref document number: 2000 577853

Country of ref document: JP

Kind code of ref document: A

RET De translation (de og part 6b)

Ref document number: 19983656

Country of ref document: DE

Date of ref document: 20010913

WWE Wipo information: entry into national phase

Ref document number: 19983656

Country of ref document: DE

122 Ep: pct application non-entry in european phase