WO2000059244A1 - Procede et systeme de transmission d'informations - Google Patents

Procede et systeme de transmission d'informations Download PDF

Info

Publication number
WO2000059244A1
WO2000059244A1 PCT/FI2000/000224 FI0000224W WO0059244A1 WO 2000059244 A1 WO2000059244 A1 WO 2000059244A1 FI 0000224 W FI0000224 W FI 0000224W WO 0059244 A1 WO0059244 A1 WO 0059244A1
Authority
WO
WIPO (PCT)
Prior art keywords
mobile station
terminal
information
encryption
encrypted
Prior art date
Application number
PCT/FI2000/000224
Other languages
English (en)
Inventor
Harri Vatanen
Original Assignee
Sonera Smarttrust Oy
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sonera Smarttrust Oy filed Critical Sonera Smarttrust Oy
Priority to AU34370/00A priority Critical patent/AU3437000A/en
Publication of WO2000059244A1 publication Critical patent/WO2000059244A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/02Terminal devices

Definitions

  • the present invention relates to transmission and encryption of information.
  • the information to be transmitted is encrypted using an encryption key stored in a mobile station.
  • the information is encrypted using the mobile station.
  • Encryption can be used to protect data transmitted in telecommunication networks.
  • numerous different data encryption methods are known. These include e.g. symmetric and asymmetric encryption algorithms, such as the DES (Data Encryption Standard) and RSA (Rivest, Shamir, Adleman) algorithms. The operation of these is known to the skilled person.
  • the personal and public keys used in asymmetric encryption are often included in the application which uses them.
  • the message to be transmitted is encrypted using the receiver's public key.
  • the receiver again decrypts the encrypted message using his own personal key, which can only be used by giving a pass- word that is only known to the receiver himself.
  • Encryption keys can also be used in digital signatures, in verification of the integrity of a transmission, in certification of a transmission or in authentication of the user of a terminal device. To make a digital signature, the user electronically
  • the problem is management and storage of the keys.
  • the personal and the public encryption keys are stored in the ter- minal or workstation in which they are used, which means that the encryption tends to become dependent on the terminal.
  • activation and deactivation of the keys, their delivery and other actions pertaining to their management are at present difficult to implement.
  • the keys are often used in conjunction with a given application or service.
  • the object of the present invention is to eliminate the drawbacks referred to above or at least to significantly alleviate them.
  • a specific object of the invention is to disclose a new type of method and system for the encryption of information in such manner that the information to be encrypted is defined outside the mobile station. The information is transferred into the mo- bile station and encrypted by means of the mobile station.
  • the telecommunication system comprises a terminal and a mobile station connected to the terminal.
  • the mobile station comprises a subscriber identity module or a corresponding module.
  • the mobile station may also be replaced with a security module having the required properties to allow it to be connected to the terminal.
  • the terminal used in an embodiment of the invention is a computer, a portable computer, a mobile station or a corresponding digital terminal device.
  • the data to be encrypted is defined by means of the termi- nal.
  • the data to be encrypted is transferred into a mobile station, in which it is encrypted using an encryption key.
  • the encryption key and the decryption key have been stored in the subscriber identity module or in a corresponding module connected to the mobile station.
  • the encrypted data is transferred to the terminal .
  • the method can also be used to decrypt the encrypted data.
  • the encrypted data is transferred from the terminal into the mobile station and decrypted in the mobile station using a decryption key.
  • the encryption key and the decryption key are stored in the subscriber identity module or an equivalent module connected to the mobile station.
  • asymmetric encryption is used, which means that the encryption key is the receiver's public key and the decryption key is the receiver's personal key.
  • the encryption key and the decryp- tion key are the receiver's secret key.
  • asymmetric encryption can be used, and the user's personal secret and public keys can be used for implementing a digital signature, for verification of the integrity of the transmission, authentication of the user of the terminal and/or protection of files.
  • asymmetric encryption it is also possible to use symmetric encryption and the user's secret key.
  • the terminal is connected to the mobile station via a fixed connection, an infrared link and/or a radio link.
  • a radio link may be based e.g. on Bluetooth technology or it may be a corresponding wireless local network connection. A more detailed description of Bluetooth technology will be found e.g. on WWW page www.bluetooth.com .
  • the method of the invention may also comprise a telecommunication server.
  • a telecommunication server can be used to transmit and receive information and to encrypt and decrypt information.
  • the terminal is connected to the telecommunication server via a TCP/IP connection, a mobile connection and/or a corresponding communication link.
  • the module connected to the mobile station is a security module comprising means for encrypting electronic data transfer of the security module, decrypting encrypted data and implementing a digital signature and means for connecting the security module to a mobile station or terminal to allow electronic data transfer.
  • the invention makes it possible to implement encryption in a manner independent of the terminal as the encryption keys are placed on the subscriber identity module of the mobile station.
  • Other advantages achieved are e.g. the possibility of updating the encryption keys and, if necessary, defining access rights regarding the encryption keys via an over-the- air (OTA) interface.
  • OTA over-the- air
  • Fig. 1 presents a system according to the invention
  • Fig. 2 presents a block diagram representing the operation of an embodiment of the invention. DETAILED DESCRIPTION OF THE INVENTION
  • a system as presented in Fig. 1 comprises a terminal 1 and a mobile station 2 comprising a subscriber identity module (SIM) or an equivalent module connected to the mobile station 2.
  • SIM subscriber identity module
  • the terminal 1 is connected to the mobile station 2.
  • the terminal 1 comprises means 5 for its connection to the mobile station 2.
  • the terminal 1 also comprises means (CPU) for data processing, and means (APP1) for transferring data to the mobile station 2.
  • the subscriber identity module (SIM) or corresponding module connected to the mobile station 2 comprises means (RAM) for storing an encryption key and a decryption key and means (RSA1) for the encryption of data and/or decryption of encrypted data. Encryption and decryption are implemented using the encryption key and/or decryption key stored in the subscriber identity module (SIM) .
  • the user defines via his terminal 1 the data to be encrypted and transfers the data to the mobile station 2.
  • the data is transferred to the mobile station 2 using data transfer software (APP1) comprised in the terminal 1.
  • APP1 data transfer software
  • the user encrypts the data using his mobile station 2.
  • the encryption of the data may be implemented using either asymmetric encryption, preferably the RSA algorithm or a corresponding algorithm, in which the encryption key is the receiver's public key and the decryption key is the receiver's personal key.
  • symmetric encryption preferably the DES algorithm or a corresponding algorithm in which the encryption key and the decryption key are the receiver's secret key.
  • the applications (RSA1) needed for encryption are located in the subscriber identity module (SIM) of the mobile station 2 or in a corresponding module connected to the mobile station 2. After the data has been encrypted, it is transferred to the terminal 1, from where it can be sent e.g. by electronic mail to the receiver.
  • the encrypted data may also be sent by means of the mobile station 2. This may be done using e.g. the short message service (SMS) or a corresponding service of the mobile communication system.
  • SMS short message service
  • the mobile station 2 may also be used to decrypt encrypted information.
  • the user transfers the encrypted data into the mobile station 2 using data transfer software (APP1) and decrypts the data using the mobile station 2.
  • APP1 data transfer software
  • the decryption is implemented using either a symmetric or an asymmetric decryption algorithm, depending on which method has been used for the encryption.
  • a telecommunication server 3 is included in the method and system of the invention as shown in Fig. 1. In the telecommunication server 3, data can be processed, transmitted, received and encrypted as well as decrypted.
  • the means (RSA2) needed for encryption and decryption and the software (APP2) enabling data transfer between the terminal 1 and the telecommunication server 3 are located in the telecommunication server 3.
  • the telecommunication server 3 also comprises means 7 for con- necting it to the terminal 1.
  • the terminal 1 comprises means 6 for connecting it to the telecommunication server 3.
  • symmetric or asymmetric encryption is used in the telecommunication server 3 as described above.
  • the decryption of information in the telecommunication server 3 is also implemented using a symmetric or asymmetric decryption algorithm.
  • a wireless local network is used between the terminal 1 and the mobile station 2.
  • a system of this type is the Bluetooth system, in which a short-range 2.4 GHz radio link is utilized.
  • the system detects the mobile station 2, carried by the user in his pocket or on his belt, and establishes a connection between the terminal 1 and the mobile station 2.
  • the user transfers the data from the terminal 1 to the mobile station 2.
  • the data transfer is accomplished using data transfer software (APP1) of the terminal. After this, the user encrypts the data or decrypts the encrypted data as described above.
  • APP1 data transfer software
  • the receiver is e.g. a telecommunication server 3 in a bank or store, provided with software constituting the payment transfer system of the bank or store.
  • the connection used between the terminal 1 and the telecommunication server 3 may be e.g. a TCP/IP connection, a modem con- nection, a mobile connection or a corresponding communication link.
  • the telecommunication server 3 comprises means (RSA2) for the encryption of information.
  • the encryption of information is implemented either as symmetric or as asymmetric encryption as described above.
  • the telecommunication server 3 transfers the encrypted information to the terminal 1.
  • the data transfer software (APP2) of the telecommunication server 3 and/or the data transfer software (APP1) of the terminal is used.
  • the user transfers the encrypted data to the mobile station 2 and decrypts it.
  • the decryption either a symmetric or an asymmetric decryption algorithm is used, depending on which method has been used for the encryption of the information.
  • the encrypted informa- tion may also be sent directly from the telecommunication server 3 to the mobile station 2. This is accomplished using e.g. a short message or equivalent. After the encrypted message has been transferred from the telecommunication server 3 to the mobile station 2, the user decrypts the information as above.
  • the information can also be signed digitally, and the integrity of the transmission and the sender of the data transferred can be verified.
  • the user can also be authenti- cated, or the user's files can be protected in different ways as described above.
  • the user can also receive encrypted information and decrypt it as described above .
  • a data transfer cable is used between the terminal 1 and the mobile station 2.
  • the terminal 1 is connected to the mobile station 2 e.g. via an RS232 data transfer link.
  • the terminal 1 in which provided with a suitable interface 5 for the connection of an RS232 cable and data transfer software (APP1) for the use of the RS232 protocol.
  • APP1 data transfer software
  • the mobile station 2 is provided with an adapter to adapt the voltage levels to the levels used by the mobile station 2.
  • an infrared link is used between the terminal 1 and the mobile station 2.
  • the terminal 1 is provided with a suitable interface 5 for the setup of an infrared connection and data transfer software (APP1) for the use of the data transfer protocol.
  • APP1 data transfer software
  • the encryption keys and the decryption keys can be updated on the subscriber identity module (SIM) of the mobile station 2, and the associated access rights can be changed via an over-the-air interface, preferably via a mobile communication network.
  • SIM subscriber identity module
  • the terminal 1 is a computer, a portable computer, a mobile station or a corresponding digital terminal device.
  • the encryption key and the decryption key are stored on a module 4 corresponding to a subscriber identity module (SIM) , connected to the mobile station 2.
  • SIM subscriber identity module
  • a mod- ule could be e.g. a security module as described in patent application FI981902.
  • the security module 4 comprises means (RSA3) for the encryption of electronic data transfer, for the decryption of encrypted information and for implementing an electronic signa- ture, as well as means (8) for connecting the security module 4 to a mobile station 2 for electronic data transfer.
  • a connection is established between the terminal 1 and the mobile station 2.
  • a connection is established from the terminal 1 to the telecommunication server 3 of a bank.
  • the user fetches bill data from the telecommunication server 3 into his terminal 1 by using data communications software (APP1) .
  • APP1 data communications software
  • the user defines the amount to be paid and other information as required, using his terminal 1.
  • the bill is transferred from the terminal 1 to the mobile station 2.
  • the bill is encrypted using the public key of the bank.
  • the user sends the encrypted bill by means of his mobile station 2 to the telecommunication server of the bank.
  • the link between the telecommunication server 3 and the terminal 1 is disconnected.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Cette invention se rapporte à un procédé et à un système de cryptage d'informations dans un système de transfert de données, comprenant un terminal (1), une station mobile (2) connectée au terminal (1), cette station mobile (2) comportant un module d'identité d'abonné (SIM) ou un module équivalent connecté à la station mobile (2). Dans le procédé de cette invention, les informations à crypter sont définies par le terminal (1), les informations à crypter sont transférées du terminal (1) dans la station mobile (2) et les informations sont cryptées et/ou décryptées dans la station mobile (2) à l'aide d'une clé de cryptage. La clé de cryptage et/ou la clé de décryptage sont/est stockée(s) dans la station mobile (2), dans le module d'identité d'abonné (SIM) ou dans un module correspondant (4) connecté à la station mobile (2). Dans un mode de réalisation préféré, un serveur de télécommunication (3) destiné à recevoir, à envoyer et à crypter des informations et à décrypter des informations cryptées est lié à ce procédé et à ce système.
PCT/FI2000/000224 1999-03-18 2000-03-17 Procede et systeme de transmission d'informations WO2000059244A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU34370/00A AU3437000A (en) 1999-03-18 2000-03-17 Method and system for the transmission of information

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
FI990616A FI990616A0 (fi) 1999-03-18 1999-03-18 Menetelmä ja järjestelmä tiedon siirtämiseksi
FI990616 1999-03-18

Publications (1)

Publication Number Publication Date
WO2000059244A1 true WO2000059244A1 (fr) 2000-10-05

Family

ID=8554238

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/FI2000/000224 WO2000059244A1 (fr) 1999-03-18 2000-03-17 Procede et systeme de transmission d'informations

Country Status (3)

Country Link
AU (1) AU3437000A (fr)
FI (1) FI990616A0 (fr)
WO (1) WO2000059244A1 (fr)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001049054A1 (fr) * 1999-12-28 2001-07-05 Smarttrust Systems Oy Signature numerique
WO2001078432A1 (fr) * 2000-03-24 2001-10-18 Smarttrust Systems Oy Traitement d'un message
WO2003049471A1 (fr) * 2001-12-04 2003-06-12 Giesecke & Devrient Gmbh Memorisation de donnees et acces a des donnees dans un appareil mobile et un module utilisateur
WO2003088054A1 (fr) 2002-04-12 2003-10-23 Vodafone Group Plc Procede et systeme de diffusion de donnees chiffrees dans un reseau mobile
WO2007112575A1 (fr) * 2006-04-04 2007-10-11 Research In Motion Limited Procédé et appareil d'actualisation de clés de chiffrement sur un dispositif de communication mobile
US7620822B2 (en) 2004-01-09 2009-11-17 Sony Corporation Information processing system for controlling integrated circuit cards at a command level
DE10262183B4 (de) * 2002-04-03 2011-06-09 Sagem Orga Gmbh Mobiles Telekommunikationsgerät und Chipkartensystem
EP2600270A1 (fr) 2011-12-02 2013-06-05 Deutsche Telekom AG Authentification basée sur un élément d'identification et identification dotée d'une utilisation de service répartie

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2313989A (en) * 1996-06-06 1997-12-10 Nokia Mobile Phones Ltd Encrypted packets have frame synchronisation.
EP0851628A1 (fr) * 1996-12-23 1998-07-01 ICO Services Ltd. Distribution de clés pour réseau mobile
WO1998028877A1 (fr) * 1996-12-20 1998-07-02 Nokia Mobile Phones Limited Procede pour identifier un dispositif de transmission de donnees
WO1998037661A1 (fr) * 1997-02-19 1998-08-27 U.S. Robotics Mobile Communications Corp. Procede et dispositif d'authentification et de cryptage d'un terminal a distance via une liaison radio

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2313989A (en) * 1996-06-06 1997-12-10 Nokia Mobile Phones Ltd Encrypted packets have frame synchronisation.
WO1998028877A1 (fr) * 1996-12-20 1998-07-02 Nokia Mobile Phones Limited Procede pour identifier un dispositif de transmission de donnees
EP0851628A1 (fr) * 1996-12-23 1998-07-01 ICO Services Ltd. Distribution de clés pour réseau mobile
WO1998037661A1 (fr) * 1997-02-19 1998-08-27 U.S. Robotics Mobile Communications Corp. Procede et dispositif d'authentification et de cryptage d'un terminal a distance via une liaison radio

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001049054A1 (fr) * 1999-12-28 2001-07-05 Smarttrust Systems Oy Signature numerique
WO2001078432A1 (fr) * 2000-03-24 2001-10-18 Smarttrust Systems Oy Traitement d'un message
WO2003049471A1 (fr) * 2001-12-04 2003-06-12 Giesecke & Devrient Gmbh Memorisation de donnees et acces a des donnees dans un appareil mobile et un module utilisateur
US7962762B2 (en) 2001-12-04 2011-06-14 Giesecke & Devrient Gmbh Storing and accessing data in a mobile device and a user module
DE10262183B4 (de) * 2002-04-03 2011-06-09 Sagem Orga Gmbh Mobiles Telekommunikationsgerät und Chipkartensystem
WO2003088054A1 (fr) 2002-04-12 2003-10-23 Vodafone Group Plc Procede et systeme de diffusion de donnees chiffrees dans un reseau mobile
US7620822B2 (en) 2004-01-09 2009-11-17 Sony Corporation Information processing system for controlling integrated circuit cards at a command level
WO2007112575A1 (fr) * 2006-04-04 2007-10-11 Research In Motion Limited Procédé et appareil d'actualisation de clés de chiffrement sur un dispositif de communication mobile
EP2600270A1 (fr) 2011-12-02 2013-06-05 Deutsche Telekom AG Authentification basée sur un élément d'identification et identification dotée d'une utilisation de service répartie

Also Published As

Publication number Publication date
AU3437000A (en) 2000-10-16
FI990616A0 (fi) 1999-03-18

Similar Documents

Publication Publication Date Title
EP1025675B1 (fr) Securite de commutations de donnees
EP0689316A2 (fr) Procédé et dispositif pour identifier des usagers et vérifier des paquets de données dans un réseau de communications sans fil
AU777383B2 (en) Authentication enforcement using decryption and authentication in a single transaction in a secure microprocessor
CN100452700C (zh) 用于建立保密连接的存储卡和无线通信设备
CA2303048C (fr) Procede de securite pour transmissions dans des reseaux de telecommunications
US8499156B2 (en) Method for implementing encryption and transmission of information and system thereof
US7076657B2 (en) Use of short message service (SMS) for secure transactions
US20070239994A1 (en) Bio-metric encryption key generator
EP1329081A2 (fr) Systeme de securisation
CN101170413B (zh) 一种数字证书及其私钥的获得、分发方法及设备
CN101663903A (zh) 安全的软件sim证书传送
CN1249637A (zh) 在无线系统中加密无线通信的方法
KR20060104061A (ko) 컨텐츠 전송 보호 장치
CN1977559B (zh) 保护在用户之间进行通信期间交换的信息的方法和系统
CN103533539A (zh) 虚拟sim卡参数管理方法及装置
EP1142194B1 (fr) Procede et systeme de mise en oeuvre d'une signature numerique
KR20040065466A (ko) 근거리 통신 장치를 구비한 복합 이동 통신 단말의 보안통신 시스템 및 방법
CN102264068B (zh) 共享密钥协商方法与系统、网络平台及终端
EP1376924B1 (fr) Gestion de clés pour chiffrement boût à boût dans un système de communication mobile
JP2011118789A (ja) 通信装置および処理システム
WO2006057627A1 (fr) Appareils permettant d'etablir une liaison de voix et de donnees hautement securisee entre des parties communiquantes
WO2000059244A1 (fr) Procede et systeme de transmission d'informations
WO2003012671A1 (fr) Reseau de communication avec carte a puce
EP1437024B1 (fr) Procede et dispositif pour reseau de telecommunications
CN115348578B (zh) 一种接触者追踪方法及装置

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase