WO2000059244A1 - Procede et systeme de transmission d'informations - Google Patents
Procede et systeme de transmission d'informations Download PDFInfo
- Publication number
- WO2000059244A1 WO2000059244A1 PCT/FI2000/000224 FI0000224W WO0059244A1 WO 2000059244 A1 WO2000059244 A1 WO 2000059244A1 FI 0000224 W FI0000224 W FI 0000224W WO 0059244 A1 WO0059244 A1 WO 0059244A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- mobile station
- terminal
- information
- encryption
- encrypted
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/03—Protecting confidentiality, e.g. by encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/045—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W88/00—Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
- H04W88/02—Terminal devices
Definitions
- the present invention relates to transmission and encryption of information.
- the information to be transmitted is encrypted using an encryption key stored in a mobile station.
- the information is encrypted using the mobile station.
- Encryption can be used to protect data transmitted in telecommunication networks.
- numerous different data encryption methods are known. These include e.g. symmetric and asymmetric encryption algorithms, such as the DES (Data Encryption Standard) and RSA (Rivest, Shamir, Adleman) algorithms. The operation of these is known to the skilled person.
- the personal and public keys used in asymmetric encryption are often included in the application which uses them.
- the message to be transmitted is encrypted using the receiver's public key.
- the receiver again decrypts the encrypted message using his own personal key, which can only be used by giving a pass- word that is only known to the receiver himself.
- Encryption keys can also be used in digital signatures, in verification of the integrity of a transmission, in certification of a transmission or in authentication of the user of a terminal device. To make a digital signature, the user electronically
- the problem is management and storage of the keys.
- the personal and the public encryption keys are stored in the ter- minal or workstation in which they are used, which means that the encryption tends to become dependent on the terminal.
- activation and deactivation of the keys, their delivery and other actions pertaining to their management are at present difficult to implement.
- the keys are often used in conjunction with a given application or service.
- the object of the present invention is to eliminate the drawbacks referred to above or at least to significantly alleviate them.
- a specific object of the invention is to disclose a new type of method and system for the encryption of information in such manner that the information to be encrypted is defined outside the mobile station. The information is transferred into the mo- bile station and encrypted by means of the mobile station.
- the telecommunication system comprises a terminal and a mobile station connected to the terminal.
- the mobile station comprises a subscriber identity module or a corresponding module.
- the mobile station may also be replaced with a security module having the required properties to allow it to be connected to the terminal.
- the terminal used in an embodiment of the invention is a computer, a portable computer, a mobile station or a corresponding digital terminal device.
- the data to be encrypted is defined by means of the termi- nal.
- the data to be encrypted is transferred into a mobile station, in which it is encrypted using an encryption key.
- the encryption key and the decryption key have been stored in the subscriber identity module or in a corresponding module connected to the mobile station.
- the encrypted data is transferred to the terminal .
- the method can also be used to decrypt the encrypted data.
- the encrypted data is transferred from the terminal into the mobile station and decrypted in the mobile station using a decryption key.
- the encryption key and the decryption key are stored in the subscriber identity module or an equivalent module connected to the mobile station.
- asymmetric encryption is used, which means that the encryption key is the receiver's public key and the decryption key is the receiver's personal key.
- the encryption key and the decryp- tion key are the receiver's secret key.
- asymmetric encryption can be used, and the user's personal secret and public keys can be used for implementing a digital signature, for verification of the integrity of the transmission, authentication of the user of the terminal and/or protection of files.
- asymmetric encryption it is also possible to use symmetric encryption and the user's secret key.
- the terminal is connected to the mobile station via a fixed connection, an infrared link and/or a radio link.
- a radio link may be based e.g. on Bluetooth technology or it may be a corresponding wireless local network connection. A more detailed description of Bluetooth technology will be found e.g. on WWW page www.bluetooth.com .
- the method of the invention may also comprise a telecommunication server.
- a telecommunication server can be used to transmit and receive information and to encrypt and decrypt information.
- the terminal is connected to the telecommunication server via a TCP/IP connection, a mobile connection and/or a corresponding communication link.
- the module connected to the mobile station is a security module comprising means for encrypting electronic data transfer of the security module, decrypting encrypted data and implementing a digital signature and means for connecting the security module to a mobile station or terminal to allow electronic data transfer.
- the invention makes it possible to implement encryption in a manner independent of the terminal as the encryption keys are placed on the subscriber identity module of the mobile station.
- Other advantages achieved are e.g. the possibility of updating the encryption keys and, if necessary, defining access rights regarding the encryption keys via an over-the- air (OTA) interface.
- OTA over-the- air
- Fig. 1 presents a system according to the invention
- Fig. 2 presents a block diagram representing the operation of an embodiment of the invention. DETAILED DESCRIPTION OF THE INVENTION
- a system as presented in Fig. 1 comprises a terminal 1 and a mobile station 2 comprising a subscriber identity module (SIM) or an equivalent module connected to the mobile station 2.
- SIM subscriber identity module
- the terminal 1 is connected to the mobile station 2.
- the terminal 1 comprises means 5 for its connection to the mobile station 2.
- the terminal 1 also comprises means (CPU) for data processing, and means (APP1) for transferring data to the mobile station 2.
- the subscriber identity module (SIM) or corresponding module connected to the mobile station 2 comprises means (RAM) for storing an encryption key and a decryption key and means (RSA1) for the encryption of data and/or decryption of encrypted data. Encryption and decryption are implemented using the encryption key and/or decryption key stored in the subscriber identity module (SIM) .
- the user defines via his terminal 1 the data to be encrypted and transfers the data to the mobile station 2.
- the data is transferred to the mobile station 2 using data transfer software (APP1) comprised in the terminal 1.
- APP1 data transfer software
- the user encrypts the data using his mobile station 2.
- the encryption of the data may be implemented using either asymmetric encryption, preferably the RSA algorithm or a corresponding algorithm, in which the encryption key is the receiver's public key and the decryption key is the receiver's personal key.
- symmetric encryption preferably the DES algorithm or a corresponding algorithm in which the encryption key and the decryption key are the receiver's secret key.
- the applications (RSA1) needed for encryption are located in the subscriber identity module (SIM) of the mobile station 2 or in a corresponding module connected to the mobile station 2. After the data has been encrypted, it is transferred to the terminal 1, from where it can be sent e.g. by electronic mail to the receiver.
- the encrypted data may also be sent by means of the mobile station 2. This may be done using e.g. the short message service (SMS) or a corresponding service of the mobile communication system.
- SMS short message service
- the mobile station 2 may also be used to decrypt encrypted information.
- the user transfers the encrypted data into the mobile station 2 using data transfer software (APP1) and decrypts the data using the mobile station 2.
- APP1 data transfer software
- the decryption is implemented using either a symmetric or an asymmetric decryption algorithm, depending on which method has been used for the encryption.
- a telecommunication server 3 is included in the method and system of the invention as shown in Fig. 1. In the telecommunication server 3, data can be processed, transmitted, received and encrypted as well as decrypted.
- the means (RSA2) needed for encryption and decryption and the software (APP2) enabling data transfer between the terminal 1 and the telecommunication server 3 are located in the telecommunication server 3.
- the telecommunication server 3 also comprises means 7 for con- necting it to the terminal 1.
- the terminal 1 comprises means 6 for connecting it to the telecommunication server 3.
- symmetric or asymmetric encryption is used in the telecommunication server 3 as described above.
- the decryption of information in the telecommunication server 3 is also implemented using a symmetric or asymmetric decryption algorithm.
- a wireless local network is used between the terminal 1 and the mobile station 2.
- a system of this type is the Bluetooth system, in which a short-range 2.4 GHz radio link is utilized.
- the system detects the mobile station 2, carried by the user in his pocket or on his belt, and establishes a connection between the terminal 1 and the mobile station 2.
- the user transfers the data from the terminal 1 to the mobile station 2.
- the data transfer is accomplished using data transfer software (APP1) of the terminal. After this, the user encrypts the data or decrypts the encrypted data as described above.
- APP1 data transfer software
- the receiver is e.g. a telecommunication server 3 in a bank or store, provided with software constituting the payment transfer system of the bank or store.
- the connection used between the terminal 1 and the telecommunication server 3 may be e.g. a TCP/IP connection, a modem con- nection, a mobile connection or a corresponding communication link.
- the telecommunication server 3 comprises means (RSA2) for the encryption of information.
- the encryption of information is implemented either as symmetric or as asymmetric encryption as described above.
- the telecommunication server 3 transfers the encrypted information to the terminal 1.
- the data transfer software (APP2) of the telecommunication server 3 and/or the data transfer software (APP1) of the terminal is used.
- the user transfers the encrypted data to the mobile station 2 and decrypts it.
- the decryption either a symmetric or an asymmetric decryption algorithm is used, depending on which method has been used for the encryption of the information.
- the encrypted informa- tion may also be sent directly from the telecommunication server 3 to the mobile station 2. This is accomplished using e.g. a short message or equivalent. After the encrypted message has been transferred from the telecommunication server 3 to the mobile station 2, the user decrypts the information as above.
- the information can also be signed digitally, and the integrity of the transmission and the sender of the data transferred can be verified.
- the user can also be authenti- cated, or the user's files can be protected in different ways as described above.
- the user can also receive encrypted information and decrypt it as described above .
- a data transfer cable is used between the terminal 1 and the mobile station 2.
- the terminal 1 is connected to the mobile station 2 e.g. via an RS232 data transfer link.
- the terminal 1 in which provided with a suitable interface 5 for the connection of an RS232 cable and data transfer software (APP1) for the use of the RS232 protocol.
- APP1 data transfer software
- the mobile station 2 is provided with an adapter to adapt the voltage levels to the levels used by the mobile station 2.
- an infrared link is used between the terminal 1 and the mobile station 2.
- the terminal 1 is provided with a suitable interface 5 for the setup of an infrared connection and data transfer software (APP1) for the use of the data transfer protocol.
- APP1 data transfer software
- the encryption keys and the decryption keys can be updated on the subscriber identity module (SIM) of the mobile station 2, and the associated access rights can be changed via an over-the-air interface, preferably via a mobile communication network.
- SIM subscriber identity module
- the terminal 1 is a computer, a portable computer, a mobile station or a corresponding digital terminal device.
- the encryption key and the decryption key are stored on a module 4 corresponding to a subscriber identity module (SIM) , connected to the mobile station 2.
- SIM subscriber identity module
- a mod- ule could be e.g. a security module as described in patent application FI981902.
- the security module 4 comprises means (RSA3) for the encryption of electronic data transfer, for the decryption of encrypted information and for implementing an electronic signa- ture, as well as means (8) for connecting the security module 4 to a mobile station 2 for electronic data transfer.
- a connection is established between the terminal 1 and the mobile station 2.
- a connection is established from the terminal 1 to the telecommunication server 3 of a bank.
- the user fetches bill data from the telecommunication server 3 into his terminal 1 by using data communications software (APP1) .
- APP1 data communications software
- the user defines the amount to be paid and other information as required, using his terminal 1.
- the bill is transferred from the terminal 1 to the mobile station 2.
- the bill is encrypted using the public key of the bank.
- the user sends the encrypted bill by means of his mobile station 2 to the telecommunication server of the bank.
- the link between the telecommunication server 3 and the terminal 1 is disconnected.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
AU34370/00A AU3437000A (en) | 1999-03-18 | 2000-03-17 | Method and system for the transmission of information |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FI990616A FI990616A0 (fi) | 1999-03-18 | 1999-03-18 | Menetelmä ja järjestelmä tiedon siirtämiseksi |
FI990616 | 1999-03-18 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2000059244A1 true WO2000059244A1 (fr) | 2000-10-05 |
Family
ID=8554238
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/FI2000/000224 WO2000059244A1 (fr) | 1999-03-18 | 2000-03-17 | Procede et systeme de transmission d'informations |
Country Status (3)
Country | Link |
---|---|
AU (1) | AU3437000A (fr) |
FI (1) | FI990616A0 (fr) |
WO (1) | WO2000059244A1 (fr) |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2001049054A1 (fr) * | 1999-12-28 | 2001-07-05 | Smarttrust Systems Oy | Signature numerique |
WO2001078432A1 (fr) * | 2000-03-24 | 2001-10-18 | Smarttrust Systems Oy | Traitement d'un message |
WO2003049471A1 (fr) * | 2001-12-04 | 2003-06-12 | Giesecke & Devrient Gmbh | Memorisation de donnees et acces a des donnees dans un appareil mobile et un module utilisateur |
WO2003088054A1 (fr) | 2002-04-12 | 2003-10-23 | Vodafone Group Plc | Procede et systeme de diffusion de donnees chiffrees dans un reseau mobile |
WO2007112575A1 (fr) * | 2006-04-04 | 2007-10-11 | Research In Motion Limited | Procédé et appareil d'actualisation de clés de chiffrement sur un dispositif de communication mobile |
US7620822B2 (en) | 2004-01-09 | 2009-11-17 | Sony Corporation | Information processing system for controlling integrated circuit cards at a command level |
DE10262183B4 (de) * | 2002-04-03 | 2011-06-09 | Sagem Orga Gmbh | Mobiles Telekommunikationsgerät und Chipkartensystem |
EP2600270A1 (fr) | 2011-12-02 | 2013-06-05 | Deutsche Telekom AG | Authentification basée sur un élément d'identification et identification dotée d'une utilisation de service répartie |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB2313989A (en) * | 1996-06-06 | 1997-12-10 | Nokia Mobile Phones Ltd | Encrypted packets have frame synchronisation. |
EP0851628A1 (fr) * | 1996-12-23 | 1998-07-01 | ICO Services Ltd. | Distribution de clés pour réseau mobile |
WO1998028877A1 (fr) * | 1996-12-20 | 1998-07-02 | Nokia Mobile Phones Limited | Procede pour identifier un dispositif de transmission de donnees |
WO1998037661A1 (fr) * | 1997-02-19 | 1998-08-27 | U.S. Robotics Mobile Communications Corp. | Procede et dispositif d'authentification et de cryptage d'un terminal a distance via une liaison radio |
-
1999
- 1999-03-18 FI FI990616A patent/FI990616A0/fi unknown
-
2000
- 2000-03-17 WO PCT/FI2000/000224 patent/WO2000059244A1/fr active Application Filing
- 2000-03-17 AU AU34370/00A patent/AU3437000A/en not_active Abandoned
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB2313989A (en) * | 1996-06-06 | 1997-12-10 | Nokia Mobile Phones Ltd | Encrypted packets have frame synchronisation. |
WO1998028877A1 (fr) * | 1996-12-20 | 1998-07-02 | Nokia Mobile Phones Limited | Procede pour identifier un dispositif de transmission de donnees |
EP0851628A1 (fr) * | 1996-12-23 | 1998-07-01 | ICO Services Ltd. | Distribution de clés pour réseau mobile |
WO1998037661A1 (fr) * | 1997-02-19 | 1998-08-27 | U.S. Robotics Mobile Communications Corp. | Procede et dispositif d'authentification et de cryptage d'un terminal a distance via une liaison radio |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2001049054A1 (fr) * | 1999-12-28 | 2001-07-05 | Smarttrust Systems Oy | Signature numerique |
WO2001078432A1 (fr) * | 2000-03-24 | 2001-10-18 | Smarttrust Systems Oy | Traitement d'un message |
WO2003049471A1 (fr) * | 2001-12-04 | 2003-06-12 | Giesecke & Devrient Gmbh | Memorisation de donnees et acces a des donnees dans un appareil mobile et un module utilisateur |
US7962762B2 (en) | 2001-12-04 | 2011-06-14 | Giesecke & Devrient Gmbh | Storing and accessing data in a mobile device and a user module |
DE10262183B4 (de) * | 2002-04-03 | 2011-06-09 | Sagem Orga Gmbh | Mobiles Telekommunikationsgerät und Chipkartensystem |
WO2003088054A1 (fr) | 2002-04-12 | 2003-10-23 | Vodafone Group Plc | Procede et systeme de diffusion de donnees chiffrees dans un reseau mobile |
US7620822B2 (en) | 2004-01-09 | 2009-11-17 | Sony Corporation | Information processing system for controlling integrated circuit cards at a command level |
WO2007112575A1 (fr) * | 2006-04-04 | 2007-10-11 | Research In Motion Limited | Procédé et appareil d'actualisation de clés de chiffrement sur un dispositif de communication mobile |
EP2600270A1 (fr) | 2011-12-02 | 2013-06-05 | Deutsche Telekom AG | Authentification basée sur un élément d'identification et identification dotée d'une utilisation de service répartie |
Also Published As
Publication number | Publication date |
---|---|
AU3437000A (en) | 2000-10-16 |
FI990616A0 (fi) | 1999-03-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP1025675B1 (fr) | Securite de commutations de donnees | |
EP0689316A2 (fr) | Procédé et dispositif pour identifier des usagers et vérifier des paquets de données dans un réseau de communications sans fil | |
AU777383B2 (en) | Authentication enforcement using decryption and authentication in a single transaction in a secure microprocessor | |
CN100452700C (zh) | 用于建立保密连接的存储卡和无线通信设备 | |
CA2303048C (fr) | Procede de securite pour transmissions dans des reseaux de telecommunications | |
US8499156B2 (en) | Method for implementing encryption and transmission of information and system thereof | |
US7076657B2 (en) | Use of short message service (SMS) for secure transactions | |
US20070239994A1 (en) | Bio-metric encryption key generator | |
EP1329081A2 (fr) | Systeme de securisation | |
CN101170413B (zh) | 一种数字证书及其私钥的获得、分发方法及设备 | |
CN101663903A (zh) | 安全的软件sim证书传送 | |
CN1249637A (zh) | 在无线系统中加密无线通信的方法 | |
KR20060104061A (ko) | 컨텐츠 전송 보호 장치 | |
CN1977559B (zh) | 保护在用户之间进行通信期间交换的信息的方法和系统 | |
CN103533539A (zh) | 虚拟sim卡参数管理方法及装置 | |
EP1142194B1 (fr) | Procede et systeme de mise en oeuvre d'une signature numerique | |
KR20040065466A (ko) | 근거리 통신 장치를 구비한 복합 이동 통신 단말의 보안통신 시스템 및 방법 | |
CN102264068B (zh) | 共享密钥协商方法与系统、网络平台及终端 | |
EP1376924B1 (fr) | Gestion de clés pour chiffrement boût à boût dans un système de communication mobile | |
JP2011118789A (ja) | 通信装置および処理システム | |
WO2006057627A1 (fr) | Appareils permettant d'etablir une liaison de voix et de donnees hautement securisee entre des parties communiquantes | |
WO2000059244A1 (fr) | Procede et systeme de transmission d'informations | |
WO2003012671A1 (fr) | Reseau de communication avec carte a puce | |
EP1437024B1 (fr) | Procede et dispositif pour reseau de telecommunications | |
CN115348578B (zh) | 一种接触者追踪方法及装置 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): GH GM KE LS MW SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
REG | Reference to national code |
Ref country code: DE Ref legal event code: 8642 |
|
122 | Ep: pct application non-entry in european phase |