WO2001027886A1 - Distribution de certificateurs - Google Patents

Distribution de certificateurs Download PDF

Info

Publication number
WO2001027886A1
WO2001027886A1 PCT/FI2000/000874 FI0000874W WO0127886A1 WO 2001027886 A1 WO2001027886 A1 WO 2001027886A1 FI 0000874 W FI0000874 W FI 0000874W WO 0127886 A1 WO0127886 A1 WO 0127886A1
Authority
WO
WIPO (PCT)
Prior art keywords
aforementioned
certificate
end user
certification
service
Prior art date
Application number
PCT/FI2000/000874
Other languages
English (en)
Inventor
Antti HÄMÄLÄINEN
Original Assignee
Sonera Smarttrust Oy
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sonera Smarttrust Oy filed Critical Sonera Smarttrust Oy
Priority to AU77929/00A priority Critical patent/AU7792900A/en
Priority to EP00967940A priority patent/EP1242981A1/fr
Publication of WO2001027886A1 publication Critical patent/WO2001027886A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/02Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • G06Q20/3229Use of the SIM of a M-device as secure element
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3821Electronic credentials
    • G06Q20/38215Use of certificates or encrypted proofs of transaction rights
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3234Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/56Financial cryptography, e.g. electronic payment or e-cash
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless

Definitions

  • a method for arranging the certificate of an end user for a service to be used on a terminal de- vice, which terminal device has been equipped with a subscriber identity module, in a certification system comprising a trusted database on which an initialisation file has been stored that contains information stored on the subscriber identity module when manufac- tured; a trust manager that controls the transmission of messages relating to the certificates in a certification system; a trust mapper that controls the information content of the certificates to be created; a certification authority who is responsible for the certificates; and a trusted database on which the assigned certificates are stored that verify the digital signature of the end user and ensure safe use of the service .
  • GSM Global System for Mobile communications
  • the additional services connected with the mobile networks have correspond- ingly increased at an accelerating tempo.
  • the application fields are most versatile.
  • the mobile telephone may be used as a means of payment for, e.g. petty purchases, such as soft drinks and car wash automates. Everyday activities, such as payment transactions, bank services, etc., have been added, and will be added also in the future, to the functionality of the present mobile phones.
  • the mobile stations of the next generation will be more advanced in respect of the service level and data transfer capacity as compared with the previous ones.
  • a digital GSM mobile station for commercial transactions, such as electronic payments of a bill or a fee.
  • the patent publication US 5,221,838 discloses a device that may be used for paying.
  • the publication describes an electronic payment system in which as the payment terminal, a terminal device capable of wireless and/or wired data transfer is used.
  • the terminal device as described in the publication comprises a card reader, a keyboard, and a bar code reader for feeding the information, and a display for displaying the payment related information.
  • the patent publication WO 94/11849 discloses a method for using telecommunication services and for effecting payment traffic by means of a mobile telephone system.
  • the publication describes a method which comprises a terminal device that is in connection via the telephone network with the mainframe of the service provider that comprises the payment system of the service provider.
  • a subscriber identity module may be inserted that comprises the subscriber details for identifying the subscriber and for encrypting the telephone traffic.
  • the details may be downloaded into the terminal device to be used in the mobile phones.
  • a GSM system is mentioned in which a subscriber identity module or a SIM card is used (Subscriber Identity Module, SIM) as the subscriber identification device.
  • SIM Subscriber Identity Module
  • the mobile station is in connection with the base station of the mobile communication network.
  • the connection in accordance with the publication is established from the base station to the payment system, and the sum liable to a charge as well as the data required for the subscriber identification is transmitted to the payment system.
  • the client inserts a service card of a bank that contains a SIM unit in the terminal device of a GSM network.
  • the terminal device may be a standard GSM mobile station.
  • the digital signature is derived by encrypting the hash total computed at the information to be sent with a sender's private key. As nobody, except the sender, knows the private key, the recipient may, when decoding the encryption with the sender's public key, make sure that the information is unmodified and generated by using the private key only known to the sender.
  • An example of an algorithm used in digital signing is the RSA ciphering algorithm, which is an encryption system of both the public key and the pri- vate key and which is also used for encrypting messages .
  • an electronic identity is needed as well as means for identifying and authenticating the identity.
  • This kind of electronic identity may also be a so-called network identity (Net-ID, Network Identity) .
  • An electronic identity is based on personal data stored on a subscriber identity module or equivalent and a pair of keys, a private key and a public key that have been stored on a certification database for a trusted third party. This kind of technique makes it possible to provide the authorities or other service providers with, for instance, the identification of parties, electronic signature, encryption and non- repudiation of transaction safely enough.
  • the identity is used to mean an individualising piece of information relating to a person that helps to identify the person.
  • the identity may be used to mean an indi- vidualising piece of information standing for an application or service that helps to identify the application or service.
  • the user keeps the private key only to himself/herself , but the public key is available to all entities. It is not enough that the public key is stored as such, e.g. on an electronic mail directory because somebody might forge it and appear as the authentic holder of the key. Instead, a certification service and certificates are needed which serve as a proof given by the trusted party (certification authority) of the fact that the name, identification number and public key belong to the same person.
  • the certificate is usually a combination consisting of a public key, name and identifica- tion number etc. which the certification authority signs with his/her private key.
  • the recipient of a digitally signed message wishes to make sure of the authenticity of the message, at first he or she has to obtain the digital certificate which gives him or her the public key and the name. After that he or she has to authenticate the certificate. To be able to perform this, he or she may have to obtain some more additional certificates (a certification chain) , which have been used to authen- ticate the certificate in question.
  • a certification chain a certification chain
  • the recipient authenticates the message by using the public key received along with the certificate. If the signature passes the test, the sender is the person identified by the certificate. In certification, a special revocation list is used in which certificates are en- tered that have been taken out of use . Directory services are needed for both the certificates and the revocation list.
  • the objective of the present invention is to eliminate the drawbacks presented above or at least significantly to alleviate them.
  • One specific objective of the invention is to disclose a method that makes it possible to safely and dependably introduce the certificates required in the services.
  • Yet another objective of the invention is to disclose a method that enables one to ease the measures required of the client when introducing a new service and a certificate associated with it.
  • the method in accordance with the invention makes it possible to attach a certificate to a private key using the encryption method of the private and public key stored on a subscriber identity module.
  • the end user makes a service initialisation request which is transmitted to a trust manager operating in the network.
  • the manager verifies the identity of the user and authenticates the subscriber identity module used by the user, and based on it, sends a certification request further on to a certification authority.
  • a certificate is issued, it is transmitted to the database of a local service provider, or a public certification database in both of which it is further available, if the end user wishes to use it in a service.
  • the invention relates to a method for arranging the certificate of an end user to be used in a service on a terminal device .
  • the terminal device has been preferably equipped with a subscriber identity module.
  • the environment in which the certificate is arranged for the user is a so-called certification system which comprises at least a trusted database on which an initialisation file has been stored that com- prises the data stored on the subscriber identity module when manufactured.
  • the certification system comprises a trust manager that controls the transmission of messages associated with the certificates; a trust mapper that controls the information content of the certificates to be created; a certification authority who is responsible for the certificates; and a certification database on which the issued certifi- cates have been stored that authenticate the signature of the end user and ensure safe use of the service.
  • the certification database may be a public database available to all entities, or it may be a local data- base to which only the service provider has access.
  • the method comprises the following steps. At first a service initialisation request is made that comprises the details of the service provider and the time stamps associated with the aforementioned subscriber identity module.
  • the aforementioned service initialisation request is transmitted to the trust manager who checks the authenticity of the time stamps; it is checked that the subscriber identity module is authorised to use the services of the aforementioned service provider, and if the checking proves to be correct, a certificate is being applied for the end user by means of a certification request.
  • the certification request is sent, e.g. to a certification authority who checks the identity of the aforementioned end user, and if the checking proves to be correct, the end user is assigned a certificate.
  • the assigned certificate is attached to the pair of keys relating to the subscriber identity module of the aforementioned end user and is stored on the aforementioned certification database.
  • the certificate mentioned in this application is some kind of an instrument which enables the use of safe and dependable services .
  • the certificate might be compared, e.g. with a bank card or a credit card which are used in payment services.
  • the certificate is, however, not restricted to these examples.
  • the data relating to the aforementioned subscriber identity module is downloaded from an initialisation file stored on a trusted database.
  • the initialisation file may contain at least the following information: the public key of the issuing party, the public key of the end user for use in encrypting and decoding, the public key of the end user for use in digital signing, a predetermined fingerprint identifier along with a shared secret, a piece of shared encryption information for each card, a code corresponding to the personal identification number, a network identity and the number of the card.
  • the aforementioned service initialisation request is undersigned and encrypted with the private key of the end user stored on the subscriber identity module.
  • the encryption is decoded in the aforementioned trust manager and the authenticity of the signature is verified. If these are successful, the aforementioned steps are taken in order to apply for the certificate for the end user.
  • the assigned certificate is attached to the client data of the aforementioned service provider in the trust mapper. Further, the aforementioned trust mapper challenges the valid certificate of the end user from the certifica- tion database.
  • the certification request is sent from the trust manager to be signed and encrypted by the terminal device. After this, the undersigned and encrypted certification request is transmitted via the trust manager to the certification authority who decodes the encryption and authenticates the signature. This makes it possible to implement the identification of the end user to reach the certification authority as well .
  • the time stamp mentioned in one embodiment is generated for each card separately, and the details of the time stamp are stored on a trusted database. In addition, the aforementioned time stamp may be generated for a lot of cards separately and stored on the database.
  • the present invention provides the advantage that it makes it possi- ble to dependably and without any difficulty assign a certificate to the end user and to the subscriber identity module at the disposal of the end user. All the end user has to do is to fill in a form for a service initialisation request and to send it to a predetermined address.
  • the certifica- tion authority may count on the identity of the end user and the subscriber identity module used by him or her and issue the certificate and further to handily include the assigned certificate in the services provided by the service provider and to store it on a necessary certification database.
  • Fig. 1 schematically represents one certification system of the present invention
  • Fig. 2 represents one form using which the service initialisation request may be made; and Fig. 3 represents a schematic certification system which has a message communication as defined in the invention.
  • Fig. 1 schematically represents one advanta- geous certification system in accordance with the invention.
  • the certification system comprises a trusted database TDB that contains the initialisation file IF stored on it, which initialisation file IF comprises the data stored on the subscriber identity module SIM when manufactured.
  • the trusted database TDB communicates with the card factory CF that manufactured the subscriber identity module, i.e. the card, and further on with the trust manager TM who controls the transmission of messages relating to the certificates in the certification system.
  • the trust manager TM is equipped with the necessary software and equipment so that it is able to use the encryption and signature method of the private and public keys.
  • the certification system comprises a trust mapper TMA which controls the information content of the certificates to be created.
  • the trust manager TM and the trust mapper TMA may be included in the one and the same physical device, but logically, their functions are separated from each other.
  • the trust mapper is used to manage the attaching of passwords or other codes that may have been already assigned to the user by the service provider to the certificate to be assigned to the end user EU.
  • Fig. 1 includes also a certification authority described in it who is responsible for the certificates, assigns them and if necessary, takes out the certificates from the end user.
  • the certification authority communicates with the certification database LDB on which there are the issued certificates stored that authenticate the digital signature of the end user and ensure safe use of the service .
  • the database is further in connection with the system of the service provider, in which case the service provider may verify the certificate from the certification database while the end user EU is using a service.
  • the terminal device appears a mobile station MS which includes the subscriber identity module SIM inserted in it. It must be noticed that also other terminal devices may be used as the terminal device.
  • the certification environment also comprises a registering office which the end user EU may contact when ordering a certificate.
  • This function is implemented when the service provider wants the end user to be identified personally by a clerk. This may be the question, e.g. when introducing certain bank services.
  • the service initialisation request SIR comprises as an obligatory part at least the identifying details, name or equivalent of the service provider for whose serv- ice the certificate is applied for.
  • a user ID that is already valid for a service provider SP and an associated password may be attached to the service initialisation request SIR.
  • an address (chal- lenge-URL) may be attached from which the certificate may be challenged.
  • a shared secret is attached that is used in challenging. In practise, in challenging it is checked that the shared secret given in two different places is the same, i.e.
  • Fig. 3 schematically represents one advantageous operating pattern, when the end user EU introduces a new service using the distribution system of certificates of the present invention.
  • the end user EU creates the service initialisation request SIR on his or her terminal device that is sent to the trust manager TM.
  • the trust manager TM checks the authenticity of the details coming along with the service initialisation request, i.e. in practise the time stamps of the subscriber identity module, from the trusted database TDB.
  • the trust mapper TMA tries to fit the id with the already exist- ing ids of the service provider. If this proves successful, the service mapper TMA signs a certification request that is sent to the certification authority CA.
  • the certification authority CA Upon receiving the certification request, the certification authority CA checks whether the end user may be assigned a certificate for the service of the service provider in question. If the certificate may be assigned, then the certification authority informs thereof the trust manager who transmits the certifi- cate to the terminal device MS, or at least a notification informing that the private key of the terminal device and the subscriber identity module SIM have been included in the issued certificate. Further, the issued certificate and the notification thereof are stored on the certification database LDB from which the service provider SP may check whether the end user has got a valid certificate when using the services of the service provider.
  • the end user EU When the end user EU has received the cer- tificate for a service, he may apply for other certificates using the already existing certificate. In that case, the trust mapper TMA challenges the exist- ing certificate of the end user, and if it is informed of a valid certificate, the operation is carried on as described in the above-mentioned example. Instead of the existing certificate, the end user EU may also use a certificate verifying the electronic identity of a person (HST) instead of the existing user id and password of the service provider SP.
  • HAT electronic identity of a person

Abstract

Selon l'invention, le procédé rend possible l'attachement d'un certificat à une clé privée en utilisant le procédé de chiffrage des clés publique et privée conservées sur un module d'identité d'abonné. L'abonné final effectue une requête d'initialisation de service qui est émise vers un gestionnaire de sécurité fonctionnant dans le réseau. Le gestionnaire vérifie l'identité de l'abonné et authentifie le module d'identité d'abonné utilisé par l'abonné, et sur cette base, envoie une demande de certification à une autorité de certification. Dans le cas de la délivrance d'un certificat, celui-ci est transmis à la base de données d'un fournisseur de service local, ou à une base de données publique de certification, le certificat étant disponible dans les deux bases si l'abonné final souhaite l'utiliser dans un service. De cette façon, l'abonné final n'a plus qu'à effectuer une requête d'initialisation de service, puis, il ou elle dispose du certificat concernant ce service.
PCT/FI2000/000874 1999-10-12 2000-10-11 Distribution de certificateurs WO2001027886A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
AU77929/00A AU7792900A (en) 1999-10-12 2000-10-11 Distribution of certifiers
EP00967940A EP1242981A1 (fr) 1999-10-12 2000-10-11 Distribution de certificateurs

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
FI19992197 1999-10-12
FI992197A FI19992197A (fi) 1999-10-12 1999-10-12 Varmenteiden jakelu

Publications (1)

Publication Number Publication Date
WO2001027886A1 true WO2001027886A1 (fr) 2001-04-19

Family

ID=8555437

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/FI2000/000874 WO2001027886A1 (fr) 1999-10-12 2000-10-11 Distribution de certificateurs

Country Status (5)

Country Link
EP (1) EP1242981A1 (fr)
CN (1) CN1139902C (fr)
AU (1) AU7792900A (fr)
FI (1) FI19992197A (fr)
WO (1) WO2001027886A1 (fr)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1267516A2 (fr) * 2001-06-11 2002-12-18 Daniel Büttiker Procédé de sécurisation de données se rapportant à des utilisateurs d'une infrastructure à clé publique
WO2003030109A2 (fr) * 2001-10-03 2003-04-10 Gemplus Systeme et procede pour creer un reseau securise en utilisant des justificatifs d'identite de lots de dispositifs
WO2004049093A2 (fr) * 2002-11-24 2004-06-10 Ashraf Kamal Salem Mashhour Programme pour diffuser et faciliter l'acces a des teleservices electroniques
EP1492061A1 (fr) * 2003-06-25 2004-12-29 Nagracard S.A. Méthode d'allocation de ressources sécurisées dans un module de sécurité
US8145193B2 (en) 2002-08-14 2012-03-27 Thomson Licensing Session key management for public wireless LAN supporting multiple virtual operators

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7233671B2 (en) * 2003-02-13 2007-06-19 Innovative Sonic Limited Method for storing a security start value in a wireless communications system
US20050278253A1 (en) * 2004-06-15 2005-12-15 Microsoft Corporation Verifying human interaction to a computer entity by way of a trusted component on a computing device or the like
CN100466516C (zh) * 2004-09-09 2009-03-04 杭州中正生物认证技术有限公司 一种抵御重放攻击的生物认证方法
EP1672831A1 (fr) * 2004-12-16 2006-06-21 Nagravision S.A. Méthode de transmission de données numériques dans un réseau local
EP1732263A1 (fr) * 2005-06-07 2006-12-13 Sony Ericsson Mobile Communications AB Procédé et dispositif pour le changement de certificats
CN101212295B (zh) * 2006-12-26 2010-11-03 财团法人资讯工业策进会 替移动电子装置申请电子凭证及传递密钥的系统、装置及方法
CN101267307B (zh) * 2008-02-29 2011-07-06 北京中电华大电子设计有限责任公司 利用ota系统实现手机数字证书远程管理的方法
CN103854180B (zh) * 2012-12-05 2017-04-19 中国银联股份有限公司 信用凭证生成方法及其系统、应用授权方法及其系统

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1996013814A1 (fr) * 1994-10-28 1996-05-09 Behruz Vazvan Systeme de telepaiement en temps reel
EP0727894A1 (fr) * 1994-08-30 1996-08-21 Kokusai Denshin Denwa Co., Ltd Systeme de certification
WO1997027716A1 (fr) * 1996-01-24 1997-07-31 Nokia Telecommunications Oy Gestion de clefs d'authentification dans un systeme mobile de communications
US5668876A (en) * 1994-06-24 1997-09-16 Telefonaktiebolaget Lm Ericsson User authentication method and apparatus
EP0855815A2 (fr) * 1997-01-22 1998-07-29 International Business Machines Corporation Certification de clés cryptographiques pour cartes à puce
WO1999016029A1 (fr) * 1997-09-25 1999-04-01 Nokia Networks Oy Systeme electronique de paiement
WO1999035783A1 (fr) * 1998-01-09 1999-07-15 Cybersafe Corporation Technique et dispositif d'authentification de cle publique cote client avec certificats de courte duree
WO1999044114A1 (fr) * 1998-02-25 1999-09-02 Telefonaktiebolaget Lm Ericsson Procede, dispositif, et appareil d'authentification par un reseau de communication

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6233577B1 (en) * 1998-02-17 2001-05-15 Phone.Com, Inc. Centralized certificate management system for two-way interactive communication devices in data networks

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5668876A (en) * 1994-06-24 1997-09-16 Telefonaktiebolaget Lm Ericsson User authentication method and apparatus
EP0727894A1 (fr) * 1994-08-30 1996-08-21 Kokusai Denshin Denwa Co., Ltd Systeme de certification
WO1996013814A1 (fr) * 1994-10-28 1996-05-09 Behruz Vazvan Systeme de telepaiement en temps reel
WO1997027716A1 (fr) * 1996-01-24 1997-07-31 Nokia Telecommunications Oy Gestion de clefs d'authentification dans un systeme mobile de communications
EP0855815A2 (fr) * 1997-01-22 1998-07-29 International Business Machines Corporation Certification de clés cryptographiques pour cartes à puce
WO1999016029A1 (fr) * 1997-09-25 1999-04-01 Nokia Networks Oy Systeme electronique de paiement
WO1999035783A1 (fr) * 1998-01-09 1999-07-15 Cybersafe Corporation Technique et dispositif d'authentification de cle publique cote client avec certificats de courte duree
WO1999044114A1 (fr) * 1998-02-25 1999-09-02 Telefonaktiebolaget Lm Ericsson Procede, dispositif, et appareil d'authentification par un reseau de communication

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1267516A2 (fr) * 2001-06-11 2002-12-18 Daniel Büttiker Procédé de sécurisation de données se rapportant à des utilisateurs d'une infrastructure à clé publique
EP1267516A3 (fr) * 2001-06-11 2004-05-06 Daniel Büttiker Procédé de sécurisation de données se rapportant à des utilisateurs d'une infrastructure à clé publique
WO2003030109A2 (fr) * 2001-10-03 2003-04-10 Gemplus Systeme et procede pour creer un reseau securise en utilisant des justificatifs d'identite de lots de dispositifs
WO2003030109A3 (fr) * 2001-10-03 2003-11-27 Gemplus Card Int Systeme et procede pour creer un reseau securise en utilisant des justificatifs d'identite de lots de dispositifs
US8145193B2 (en) 2002-08-14 2012-03-27 Thomson Licensing Session key management for public wireless LAN supporting multiple virtual operators
WO2004049093A2 (fr) * 2002-11-24 2004-06-10 Ashraf Kamal Salem Mashhour Programme pour diffuser et faciliter l'acces a des teleservices electroniques
WO2004049093A3 (fr) * 2002-11-24 2005-06-30 Ashraf Kamal Salem Mashhour Programme pour diffuser et faciliter l'acces a des teleservices electroniques
EP1492061A1 (fr) * 2003-06-25 2004-12-29 Nagracard S.A. Méthode d'allocation de ressources sécurisées dans un module de sécurité
WO2004114229A1 (fr) * 2003-06-25 2004-12-29 Nagracard S.A. Methode d´allocation de ressources securisees dans un module de securite

Also Published As

Publication number Publication date
CN1379893A (zh) 2002-11-13
AU7792900A (en) 2001-04-23
EP1242981A1 (fr) 2002-09-25
FI19992197A (fi) 2001-04-30
CN1139902C (zh) 2004-02-25

Similar Documents

Publication Publication Date Title
US7362869B2 (en) Method of distributing a public key
US8165965B2 (en) Transaction method with a mobile apparatus
US6959381B2 (en) Central key authority (CKA) database for user accounts in ABDS system
US7552333B2 (en) Trusted authentication digital signature (tads) system
FI108813B (fi) Menetelmä ja järjestelmä tietoliikennejärjestelmässä
US20030069792A1 (en) System and method for effecting secure online payment using a client payment card
KR100968662B1 (ko) 공개 키 인프라구조부를 신뢰성있고 안전하게 인에이블링하는 방법
US20020165830A1 (en) Process and device for electronic payment
US20110047082A1 (en) Remote Electronic Payment System
EP0722596A1 (fr) Procede et systeme de personnalisation securisee et decentralisee de cartes a memoire
EP1142194B1 (fr) Procede et systeme de mise en oeuvre d'une signature numerique
US20020138729A1 (en) Management of an identity module
EP1242981A1 (fr) Distribution de certificateurs
JP4104171B2 (ja) 遠隔通信オペレータによって提供されるサービスのセキュリティシステムおよび方法
TWI578253B (zh) 使用行動通訊裝置申請金融憑證之系統及其方法
EP2461297B1 (fr) Dispositif et procédé de distribution de numéros d'identification personnels
EP1171849A1 (fr) Systeme de communication et procede correspondant destine a effectuer efficacement des transactions electroniques dans des reseaux de communication mobile
Xiao et al. A purchase protocol with multichannel authentication
AU2918392A (en) Method and system for secure, decentralised personalisation of smart cards

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ CZ DE DE DK DK DM DZ EE EE ES FI FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
WWE Wipo information: entry into national phase

Ref document number: 008142343

Country of ref document: CN

WWE Wipo information: entry into national phase

Ref document number: 2000967940

Country of ref document: EP

WWP Wipo information: published in national office

Ref document number: 2000967940

Country of ref document: EP

NENP Non-entry into the national phase

Ref country code: JP

WWW Wipo information: withdrawn in national office

Ref document number: 2000967940

Country of ref document: EP