WO2001035685A1 - System for electronic delivery of a personal identification code - Google Patents

System for electronic delivery of a personal identification code Download PDF

Info

Publication number
WO2001035685A1
WO2001035685A1 PCT/DK2000/000620 DK0000620W WO0135685A1 WO 2001035685 A1 WO2001035685 A1 WO 2001035685A1 DK 0000620 W DK0000620 W DK 0000620W WO 0135685 A1 WO0135685 A1 WO 0135685A1
Authority
WO
WIPO (PCT)
Prior art keywords
sim card
electronic signature
code
reference code
terminal
Prior art date
Application number
PCT/DK2000/000620
Other languages
French (fr)
Inventor
Christian Paul Ward
Original Assignee
Orange A/S
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Orange A/S filed Critical Orange A/S
Priority to AU12690/01A priority Critical patent/AU1269001A/en
Priority to EP00974345A priority patent/EP1228653A1/en
Priority to BR0015445-8A priority patent/BR0015445A/en
Priority to CA002390835A priority patent/CA2390835A1/en
Priority to JP2001537299A priority patent/JP2003514469A/en
Publication of WO2001035685A1 publication Critical patent/WO2001035685A1/en
Priority to HK03100826.7A priority patent/HK1048720A1/en

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/02Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/355Personalisation of cards for use
    • G06Q20/3558Preliminary personalisation for transfer to user
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/409Device specific authentication in transaction processing
    • G06Q20/4097Device specific authentication in transaction processing using mutual authentication between devices and transaction partners
    • G06Q20/40975Device specific authentication in transaction processing using mutual authentication between devices and transaction partners using encryption therefor
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1016Devices or methods for securing the PIN and other transaction-data, e.g. by encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/56Financial cryptography, e.g. electronic payment or e-cash
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/02Terminal devices

Definitions

  • the invention relates to a system for electronic delivery of a PIN (Personal Identification Number) code and comprising a server secured by means of a number of encryption keys and provided with a reference code for generating the PIN code, said system further comprising means for encrypting the reference code and the PIN code generated by means of the encryption keys and via connected communications means being adapted to transmit a SMS (Short Message Service) message containing an electronic signature based on the reference code to a SIM (Subscriber Identity Module) card connected to a terminal with input and display means.
  • SMS Short Message Service
  • SIM Subscriber Identity Module
  • PIN codes Personal identification numbers, so-called PIN codes, are presently used in many different situations, in particular in connection with economic transactions, in which a credit card or a similar means of payment is used together with a terminal.
  • the information stored on the credit card is verified by the card user during completion of the transaction by entering a PIN code on the terminal's keyboard, said code being agreed with the card issuer. It is thus ensured that the user of the card is identical to the owner of the card.
  • the PIN code is usually assigned to the credit card in connection with the issuance thereof and generally forwarded to the user under separate cover as ordinary mail. This method is neither completely secure nor very fast, as it may take several days for the letter to reach the card owner and thus before the owner can use his card.
  • the object of the invention is to provide a secure, fast and efficient system which is able to deliver PIN codes to the customers in a more advantageous manner.
  • the SIM card comprises means for receiving and storing the encrypted SMS message, means for comparing the stored electronic signature based on the reference code in the SMS message with a reference code entered by a user of the terminal, said reference code subsequently being used to generate an electronic signature by means of a corresponding encryption key in the SIM card, and means for allowing subsequent display of the PIN code associated with the signatures on the display means of the terminal, if the stored and the entered electronic signatures match. It is thus only possible to be advised of a given PIN code, if the user of a specific terminal enters the associated reference code.
  • the exchange of the PIN code and the reference code is made exclusively in form of encrypted data signals which can only be decrypted by using the two unique encryption keys. A high degree of security delivery of PIN codes is thus obtained.
  • the electronic signature in the secure server and the electronic signature in the SIM card may be generated by a data encryption algorithm (triple DES algorithm) having two keys, each key having a word length of at least 56 bit.
  • a data encryption algorithm triple DES algorithm
  • Such an encryption algorithm provides a high decree of security against unauthorised decryption attempts.
  • the communications means connected to the secure server may use a radio communications link for transmitting the SMS message to the SIM card connected to the terminal. It is thus possible to use a mobile handset to receive SMS messages.
  • the reference codes may comprise at least six alphanumeric digits, whereby the reference code may for instance be civil registration numbers, account numbers, names, key words and any other information only known to the user.
  • the electronic signature based on the reference code may be transmitted to the SIM card in encrypted form at the same time as the SIM card is provided with a unique identification number.
  • the system for electronic delivery of a PIN code shown in the drawing comprises a secure server 3 adapted to receive unique information 1 (illustrated as a chart for filling-in personal data) in form of reference codes 2, and encryption means 4 subsequently computing the electronic signature 5 based on the reference code 2 in the server 3.
  • the server 3 communicates with a so-called over-the-air platform 6 (OTA) communicating with a SMS service centre 8 adapted to receive encrypted information 7 from the platform 6.
  • OTA over-the-air platform 6
  • the SMS service centre 8 is connected to a SIM card 10 which communicates with a mobile GSM handset 12 comprising a keyboard 13 and a display means in form of a display 14, said service centre being able to transmit completed SMS messages to the SIM card 10.
  • the SIM card 10 comprises a storage 11 for storing encrypted SMS messages 9, encryption means 16 for encrypting data 15 entered by a user of the terminal 12 via the keyboard 13 and comparator means 17 connected to the storage 11 and the keyboard 13 for comparing the stored data with entered data.
  • the comparator means 17 are further connected to means 18 for displaying the PIN code on the display 14 of the terminal 12.
  • the user When using the system the user delivers unique information 1 in form of a reference code 2 to the secure server 3.
  • the reference code 2 is used as an input signal for generating an electronic signature 5 in the server 3 by means of the encryption means 4.
  • the electronic signature 5 is transmitted via the over-the-air platform 6 to the SMS service centre 8 for administration of the SIM card, said service centre 8 converting the electronic signature 5 to a SMS message 9 suitable for transmission thereof to the SIM card 10 in question connected to the mobile handset 12.
  • the SIM card 10 comprises a storage 11 adapted to receive and store the encrypted SMS message 9.
  • the comparator means 17 are used for comparing the electronic signature 5 in the encrypted SMS message 9 with the electronic signature 20 generated by the encryption means 16, said signature 20 being generated on the basis of data entered on the keyboard in the terminal 12. If the electronic signature 5 and the electronic signature 20 entered by the user match, the comparator means 17 transmits a signal to the guide means 18 that the PIN code 19 is to be displayed on the display 14 of the mobile handset 12, whereby the PIN code is delivered to the user.
  • the terminal 12 is a mobile handset such as a cellular telephone.
  • a SIM card Subscriber Identity Module
  • the SIM card which in use forms an integrated part of the electronics of the mobile handset, contains inter alia codes identifying the mobile handset in relation to the GSM network. This identification is necessary to enable the network to determine for instance the position of the mobile terminal for transmission of mobile telephony via the most advantageous transmission tower(s) in the network at the specific time.
  • the server 3 comprises software (not shown) for generating PIN codes, a triple DES (Data Encryption Standard) encryption algorithm (reference numeral 4), an encrypted database (not shown) containing encryption keys to all of the SIM cards registered in the system and information about the connection between the numbers of the mobile handsets and the numbers of the associated SIM cards.
  • a triple DES algorithm is a three-level encryption process which is considered particularly secure against unauthorised decryption.
  • the server 3 When the secure server 3 has received the reference code from a new user and verified that the user's SIM card number is valid in the system, the server 3 generates an electronic signature 5 preferably by means of the triple DES algorithm 4 combined with the two at least 56 bit keys belonging to the user's SIM card number.
  • the electronic signature 5 is transmitted to the user's SIM card 10 as uniquely formatted GSM 8 bit SMS (Short Message System) messages.
  • the coding of the SMS messages is adapted such that the electronic signature 5 of the reference code 2 is stored in the storage 11 of the SIM card 10 and the user is notified that the generated PIN code is ready for use when a SMS message 9 is received by the user's SIM card 10.
  • the user When the user subsequently runs the program in the SIM card 10 enabling delivery of the PIN code, the user is requested by the program via the display 14 of the terminal to enter the reference code 15 on the keyboard 13 of the terminal 12.
  • the reference code 15 is coded by the encryption means 16 in the SIM card 10 by means of the same encryption algorithm used by the encryption means 4 in the secure server 3 when the reference code 2 was supplied to the secure server 3.
  • the comparator means 17 in the SIM card 10 then compares the electronic signature 5 stored in the storage 11 and based on the reference code 2 with the electronic signature 20 generated by the encryption means 16. If the two signatures match, the comparator means 17 transmits a signal to the control means 18 indicating that the PIN code 19 is to be displayed on the display 14 of the terminal 12.
  • the user is advised on the display 14 that the reference code 15 has not been accepted and is asked to enter the reference code 15 once more. If the reference code 15 after two additional attempts still is incorrect, the program is terminated and the PIN code 19 is not delivered until the user has fetched a new reference code 2 from the secure server 3, said code being either identical to or different from the initial reference code 2.
  • the user may be offered to validate the delivered PIN code.
  • the validation process is performed by the user entering the PIN code shown on the display 14 by means of the keyboard, whereafter the user is advised whether the PIN code has been entered correctly. If not, the PIN code is shown once more on the display 14 and the validation process is repeated.
  • the PIN code may be provided in the SIM card, when supplying the card with a unique identity code, whereby the PIN code never need be transmitted. This is considered a more secure embodiment preventing unauthorised decryption of the PIN code during transmission thereof.

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Accounting & Taxation (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • General Business, Economics & Management (AREA)
  • Strategic Management (AREA)
  • Theoretical Computer Science (AREA)
  • Signal Processing (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Finance (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)
  • Telephone Function (AREA)

Abstract

A system is provided for electronic delivery of a PIN code in a secure, fast and efficient manner and compromising a server (3) provided with a reference code (2) for generating the PIN code. The server (3) is adapted to transmit a SMS message (9) containing an electronic signature (5) based on the reference code (2) to a SIM card (10) connected to a terminal (12). The SIM card (10) comprises means (11) for receiving and storing the SMS message (9), and means (17) for comparing the stored electronic signature (5) in the SMS message (9) with an electronic signature (20) generated from a reference code (15) entered by a user of the terminal (12). Encryption keys, generated by a triple DES data encryption algorithm having two keys, and encryption means are provided in the server (3) and in the SIM card (10).

Description

System for electronic delivery of a personal identification code.
Technical Field
The invention relates to a system for electronic delivery of a PIN (Personal Identification Number) code and comprising a server secured by means of a number of encryption keys and provided with a reference code for generating the PIN code, said system further comprising means for encrypting the reference code and the PIN code generated by means of the encryption keys and via connected communications means being adapted to transmit a SMS (Short Message Service) message containing an electronic signature based on the reference code to a SIM (Subscriber Identity Module) card connected to a terminal with input and display means.
Background Art
Personal identification numbers, so-called PIN codes, are presently used in many different situations, in particular in connection with economic transactions, in which a credit card or a similar means of payment is used together with a terminal. The information stored on the credit card is verified by the card user during completion of the transaction by entering a PIN code on the terminal's keyboard, said code being agreed with the card issuer. It is thus ensured that the user of the card is identical to the owner of the card.
The PIN code is usually assigned to the credit card in connection with the issuance thereof and generally forwarded to the user under separate cover as ordinary mail. This method is neither completely secure nor very fast, as it may take several days for the letter to reach the card owner and thus before the owner can use his card.
Brief Description of the Invention The object of the invention is to provide a secure, fast and efficient system which is able to deliver PIN codes to the customers in a more advantageous manner.
A system of the above type is according to the invention characterised in that the SIM card comprises means for receiving and storing the encrypted SMS message, means for comparing the stored electronic signature based on the reference code in the SMS message with a reference code entered by a user of the terminal, said reference code subsequently being used to generate an electronic signature by means of a corresponding encryption key in the SIM card, and means for allowing subsequent display of the PIN code associated with the signatures on the display means of the terminal, if the stored and the entered electronic signatures match. It is thus only possible to be advised of a given PIN code, if the user of a specific terminal enters the associated reference code. The exchange of the PIN code and the reference code is made exclusively in form of encrypted data signals which can only be decrypted by using the two unique encryption keys. A high degree of security delivery of PIN codes is thus obtained.
Furthermore according to the invention the electronic signature in the secure server and the electronic signature in the SIM card may be generated by a data encryption algorithm (triple DES algorithm) having two keys, each key having a word length of at least 56 bit. Such an encryption algorithm provides a high decree of security against unauthorised decryption attempts.
Moreover according to the invention the communications means connected to the secure server may use a radio communications link for transmitting the SMS message to the SIM card connected to the terminal. It is thus possible to use a mobile handset to receive SMS messages.
Furthermore according to the invention the reference codes may comprise at least six alphanumeric digits, whereby the reference code may for instance be civil registration numbers, account numbers, names, key words and any other information only known to the user.
Finally according to the invention the electronic signature based on the reference code may be transmitted to the SIM card in encrypted form at the same time as the SIM card is provided with a unique identification number. As a result, unauthorised decryption of PIN codes during transmission thereof are prevented and the security of the system is thus enhanced.
Brief Description of the Drawing
The invention is explained in greater detail below with reference to the accompanying drawing illustrating a flow chart of a preferred embodiment of the invention.
Best Mode for Carrying Out the Invention
The system for electronic delivery of a PIN code shown in the drawing comprises a secure server 3 adapted to receive unique information 1 (illustrated as a chart for filling-in personal data) in form of reference codes 2, and encryption means 4 subsequently computing the electronic signature 5 based on the reference code 2 in the server 3. The server 3 communicates with a so-called over-the-air platform 6 (OTA) communicating with a SMS service centre 8 adapted to receive encrypted information 7 from the platform 6. The SMS service centre 8 is connected to a SIM card 10 which communicates with a mobile GSM handset 12 comprising a keyboard 13 and a display means in form of a display 14, said service centre being able to transmit completed SMS messages to the SIM card 10. The SIM card 10 comprises a storage 11 for storing encrypted SMS messages 9, encryption means 16 for encrypting data 15 entered by a user of the terminal 12 via the keyboard 13 and comparator means 17 connected to the storage 11 and the keyboard 13 for comparing the stored data with entered data. The comparator means 17 are further connected to means 18 for displaying the PIN code on the display 14 of the terminal 12.
When using the system the user delivers unique information 1 in form of a reference code 2 to the secure server 3. The reference code 2 is used as an input signal for generating an electronic signature 5 in the server 3 by means of the encryption means 4. The electronic signature 5 is transmitted via the over-the-air platform 6 to the SMS service centre 8 for administration of the SIM card, said service centre 8 converting the electronic signature 5 to a SMS message 9 suitable for transmission thereof to the SIM card 10 in question connected to the mobile handset 12. The SIM card 10 comprises a storage 11 adapted to receive and store the encrypted SMS message 9. The comparator means 17 are used for comparing the electronic signature 5 in the encrypted SMS message 9 with the electronic signature 20 generated by the encryption means 16, said signature 20 being generated on the basis of data entered on the keyboard in the terminal 12. If the electronic signature 5 and the electronic signature 20 entered by the user match, the comparator means 17 transmits a signal to the guide means 18 that the PIN code 19 is to be displayed on the display 14 of the mobile handset 12, whereby the PIN code is delivered to the user.
In a preferred embodiment of the invention the terminal 12 is a mobile handset such as a cellular telephone. A SIM card (Subscriber Identity Module) is required for operating mobile handsets adapted for communication via an existing GSM network. The SIM card, which in use forms an integrated part of the electronics of the mobile handset, contains inter alia codes identifying the mobile handset in relation to the GSM network. This identification is necessary to enable the network to determine for instance the position of the mobile terminal for transmission of mobile telephony via the most advantageous transmission tower(s) in the network at the specific time.
The server 3 comprises software (not shown) for generating PIN codes, a triple DES (Data Encryption Standard) encryption algorithm (reference numeral 4), an encrypted database (not shown) containing encryption keys to all of the SIM cards registered in the system and information about the connection between the numbers of the mobile handsets and the numbers of the associated SIM cards. A triple DES algorithm is a three-level encryption process which is considered particularly secure against unauthorised decryption.
When the secure server 3 has received the reference code from a new user and verified that the user's SIM card number is valid in the system, the server 3 generates an electronic signature 5 preferably by means of the triple DES algorithm 4 combined with the two at least 56 bit keys belonging to the user's SIM card number. The electronic signature 5 is transmitted to the user's SIM card 10 as uniquely formatted GSM 8 bit SMS (Short Message System) messages. The coding of the SMS messages is adapted such that the electronic signature 5 of the reference code 2 is stored in the storage 11 of the SIM card 10 and the user is notified that the generated PIN code is ready for use when a SMS message 9 is received by the user's SIM card 10.
When the user subsequently runs the program in the SIM card 10 enabling delivery of the PIN code, the user is requested by the program via the display 14 of the terminal to enter the reference code 15 on the keyboard 13 of the terminal 12. For generating another electronic signature 20, the reference code 15 is coded by the encryption means 16 in the SIM card 10 by means of the same encryption algorithm used by the encryption means 4 in the secure server 3 when the reference code 2 was supplied to the secure server 3. The comparator means 17 in the SIM card 10 then compares the electronic signature 5 stored in the storage 11 and based on the reference code 2 with the electronic signature 20 generated by the encryption means 16. If the two signatures match, the comparator means 17 transmits a signal to the control means 18 indicating that the PIN code 19 is to be displayed on the display 14 of the terminal 12. If the two electronic signatures are not identical, the user is advised on the display 14 that the reference code 15 has not been accepted and is asked to enter the reference code 15 once more. If the reference code 15 after two additional attempts still is incorrect, the program is terminated and the PIN code 19 is not delivered until the user has fetched a new reference code 2 from the secure server 3, said code being either identical to or different from the initial reference code 2.
In order to ensure that the delivered PIN code is read correctly, the user may be offered to validate the delivered PIN code. The validation process is performed by the user entering the PIN code shown on the display 14 by means of the keyboard, whereafter the user is advised whether the PIN code has been entered correctly. If not, the PIN code is shown once more on the display 14 and the validation process is repeated.
In an alternative embodiment the PIN code may be provided in the SIM card, when supplying the card with a unique identity code, whereby the PIN code never need be transmitted. This is considered a more secure embodiment preventing unauthorised decryption of the PIN code during transmission thereof.
The invention is not restricted to the above preferred embodiment, but may be altered in many ways without thereby deviating from the scope of the invention.

Claims

Claims
1. A system for electronic delivery of a PIN (Personal Identification Number) code and comprising a server (3) secured by means of a number of encryption keys and provided with a reference code (2) for generating the PIN code, said system further comprising means (4) for encrypting the reference code and the PIN code generated by means of the encryption keys and via connected communications means (6,8) being adapted to transmit a SMS message (9) containing an electronic signature (5) based on the reference code (2) to a SIM card (10) connected to a terminal (12) with input means (13) and display means (14), c h a r a c t e r i s e d in that the SIM card (10) comprises means (11) for receiving and storing the encrypted SMS message (9), means (17) for comparing the stored electronic signature (5) based on the reference code (2) in the SMS message (9) with a reference code (15) entered by a user of the terminal (12), said reference code (15) subsequently being used to generate an electronic signature (20) by means of a corresponding encryption key (16) in the SIM card (10), and means (18) for allowing subsequent display of the PIN code associated with the signatures (5,20) on the display means (14) of the terminal (12), if the stored signature (5) and the entered electronic signature (20) match.
2. System according to claim 1, c h a r a c t e r i s e d in that the electronic signature (5) in the secure server (3) and the electronic signature (20) in the SIM card
(10) both are generated by a data encryption algorithm (triple DES algorithm) having two keys, each key having a word length of at least 56 bit.
3. System according to claim 1 or 2, c h a r a c t e r i s e d in that the communications means (6, 8) connected to the secure server (3) uses a radio communications link for transmitting the SMS message (9) to the SIM card (10) communicating with the terminal (12).
4. System according to one or more of the preceding claims, cha ra c te ri s ed in that reference codes (2, 15) comprise at least six alphanumeric digits.
5. System according to one or more of the preceding claims, characterised in that the electronic signature (5) based on the reference code (2) is transmitted to the SIM card (10) in encrypted form at the same time as the SIM card (10) is allocated an unique identification number.
PCT/DK2000/000620 1999-11-09 2000-11-09 System for electronic delivery of a personal identification code WO2001035685A1 (en)

Priority Applications (6)

Application Number Priority Date Filing Date Title
AU12690/01A AU1269001A (en) 1999-11-09 2000-11-09 System for electronic delivery of a personal identification code
EP00974345A EP1228653A1 (en) 1999-11-09 2000-11-09 System for electronic delivery of a personal identification code
BR0015445-8A BR0015445A (en) 1999-11-09 2000-11-09 System for electronic assignment of a personal identification code
CA002390835A CA2390835A1 (en) 1999-11-09 2000-11-09 System for electronic delivery of a personal identification code
JP2001537299A JP2003514469A (en) 1999-11-09 2000-11-09 System for electronic transmission of personal identification code
HK03100826.7A HK1048720A1 (en) 1999-11-09 2003-02-05 System for electronic delivery of a personal identification code

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DKPA199901608 1999-11-09
DK199901608A DK174672B1 (en) 1999-11-09 1999-11-09 Electronic identification code delivery system

Publications (1)

Publication Number Publication Date
WO2001035685A1 true WO2001035685A1 (en) 2001-05-17

Family

ID=8106504

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/DK2000/000620 WO2001035685A1 (en) 1999-11-09 2000-11-09 System for electronic delivery of a personal identification code

Country Status (9)

Country Link
EP (1) EP1228653A1 (en)
JP (1) JP2003514469A (en)
CN (1) CN1167298C (en)
AU (1) AU1269001A (en)
BR (1) BR0015445A (en)
CA (1) CA2390835A1 (en)
DK (1) DK174672B1 (en)
HK (1) HK1048720A1 (en)
WO (1) WO2001035685A1 (en)

Cited By (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002023426A1 (en) * 2000-09-13 2002-03-21 First Cube Pte Ltd. A method and system using sms notification for facilitating delivery of goods
EP1309214A1 (en) * 2001-11-05 2003-05-07 Nokia Corporation Delivery of mobile station operational and self-performance test results to network in response to encrypted request message
WO2003058880A1 (en) * 2002-01-10 2003-07-17 Telia Ab (Publ) Method at access right control within mobile communication
WO2004015918A1 (en) * 2002-08-09 2004-02-19 Optisign Ltd. System and method for signing a document and verifying its authenticity
WO2004084486A1 (en) * 2003-03-18 2004-09-30 Eta-Max Method to increase security of secure systems
FR2853785A1 (en) * 2003-04-09 2004-10-15 Oberthur Card Syst Sa Electronic entity e.g. subscriber identification module card, for mobile communication, has recording unit to update and store maximal number of data, and receiving unit to verify whether received command is from authorized party
ES2219192A1 (en) * 2001-04-25 2004-11-16 Telefonaktiebolaget L M Ericsson (Publ) Cryptographic signing in small devices
AT500833A1 (en) * 2004-10-08 2006-04-15 Pribitzer Wolfgang Ing METHOD, TERMINAL AND SYSTEM FOR APPROVAL CONTROL OF A DEVICE
US7123900B2 (en) * 2003-08-12 2006-10-17 Research In Motion Limited System and method of secure message processing
DE10218191B4 (en) * 2002-01-24 2007-06-21 Vodafone Holding Gmbh Adjustable mobile terminal
CN100344195C (en) * 2004-09-24 2007-10-17 华为技术有限公司 Mobile terminal used for protecting user input information and its method
CN100343829C (en) * 2002-04-15 2007-10-17 无敌科技股份有限公司 Remote data preserving back-up restoring method
CN100367821C (en) * 2001-05-22 2008-02-06 高通股份有限公司 Local authentication in a communication system
CN100419737C (en) * 2003-02-28 2008-09-17 松下电器产业株式会社 Application authentication system, secure device, and terminal device
WO2009123395A1 (en) * 2008-04-04 2009-10-08 Lg Electronics Inc. Terminal and method for selecting secure device
EP2187363A1 (en) * 2008-11-12 2010-05-19 Oberthur Technologies Denmark A/S Personal identification number distribution device and method
CN101815267A (en) * 2010-03-05 2010-08-25 惠州Tcl移动通信有限公司 Method for encrypting short message of mobile communication terminal
GR1006978B (en) * 2009-10-02 2010-09-17 Ιντεαλ Ηλεκτρονικη Αβεε, Disclosure of a pin number through a combining sending and use of a card carrier and a text message (sms)
EA016997B1 (en) * 2008-05-14 2012-09-28 Шин, Елена Ильинична Process of remote user authentication in computer networks to perform the cellphone-assisted secure transactions
WO2012131659A1 (en) * 2011-04-01 2012-10-04 Turkcell Iletisim Hizmetleri Anonim Sirketi A system and a method enabling secure transmission of sms
US9037865B1 (en) 2013-03-04 2015-05-19 Ca, Inc. Method and system to securely send secrets to users
US9237148B2 (en) 2007-08-20 2016-01-12 Blackberry Limited System and method for displaying a security encoding indicator associated with a message attachment
US9853926B2 (en) 2014-06-19 2017-12-26 Kevin Alan Tussy Methods and systems for exchanging private messages
CN108875505A (en) * 2017-11-14 2018-11-23 北京旷视科技有限公司 Pedestrian neural network based recognition methods and device again

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7702910B2 (en) * 2002-10-24 2010-04-20 Telefonaktiebolaget L M Ericsson (Publ) Message authentication
JP4696449B2 (en) * 2004-01-09 2011-06-08 ソニー株式会社 Encryption apparatus and method
US20060217116A1 (en) * 2005-03-18 2006-09-28 Cassett Tia M Apparatus and methods for providing performance statistics on a wireless communication device
CN100450208C (en) * 2005-11-03 2009-01-07 华为技术有限公司 Short message encryption protection realizing method and system
CN100369074C (en) 2006-03-02 2008-02-13 西安西电捷通无线网络通信有限公司 Method for realizing encryption/decryption processing in SMS4 cipher algorithm
JP5337125B2 (en) * 2010-09-24 2013-11-06 株式会社エヌ・ティ・ティ・ドコモ Terminal apparatus, communication system, telephone number determination method and program
CN101982989A (en) * 2010-10-29 2011-03-02 蒋晴琴 Encryption system based on coating anti-counterfeit technology
KR101080511B1 (en) * 2011-08-03 2011-11-04 (주) 아이씨티케이 Integrated circuit chip prevneting leak of identification key and method for certification of the integrated circuit chip

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1998037663A1 (en) * 1997-02-19 1998-08-27 Telefonaktiebolaget Lm Ericsson Method for authorization check
WO1999009743A2 (en) * 1997-08-01 1999-02-25 Scientific-Atlanta, Inc. Conditional access system
WO1999039524A1 (en) * 1998-01-16 1999-08-05 Sonera Oyj Procedure and system for the processing of messages in a telecommunication system
WO2000020972A2 (en) * 1998-10-06 2000-04-13 L-3 Communications Corporation Programmable telecommunications security module for key encryption adaptable for tokenless use
WO2000048416A1 (en) * 1999-02-09 2000-08-17 Sonera Smarttrust Oy Method for the utilisation of applications stored on a subscriber identity module (sim) and for the secure treatment of information associated with them

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1998037663A1 (en) * 1997-02-19 1998-08-27 Telefonaktiebolaget Lm Ericsson Method for authorization check
WO1999009743A2 (en) * 1997-08-01 1999-02-25 Scientific-Atlanta, Inc. Conditional access system
WO1999039524A1 (en) * 1998-01-16 1999-08-05 Sonera Oyj Procedure and system for the processing of messages in a telecommunication system
WO2000020972A2 (en) * 1998-10-06 2000-04-13 L-3 Communications Corporation Programmable telecommunications security module for key encryption adaptable for tokenless use
WO2000048416A1 (en) * 1999-02-09 2000-08-17 Sonera Smarttrust Oy Method for the utilisation of applications stored on a subscriber identity module (sim) and for the secure treatment of information associated with them

Cited By (36)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002023426A1 (en) * 2000-09-13 2002-03-21 First Cube Pte Ltd. A method and system using sms notification for facilitating delivery of goods
ES2219192A1 (en) * 2001-04-25 2004-11-16 Telefonaktiebolaget L M Ericsson (Publ) Cryptographic signing in small devices
CN100367821C (en) * 2001-05-22 2008-02-06 高通股份有限公司 Local authentication in a communication system
EP1309214A1 (en) * 2001-11-05 2003-05-07 Nokia Corporation Delivery of mobile station operational and self-performance test results to network in response to encrypted request message
US7369846B2 (en) 2001-11-05 2008-05-06 Nokia Corporation Delivery of mobile station operational and self-performance test results to network in response to encrypted request message
WO2003058880A1 (en) * 2002-01-10 2003-07-17 Telia Ab (Publ) Method at access right control within mobile communication
DE10218191B4 (en) * 2002-01-24 2007-06-21 Vodafone Holding Gmbh Adjustable mobile terminal
CN100343829C (en) * 2002-04-15 2007-10-17 无敌科技股份有限公司 Remote data preserving back-up restoring method
WO2004015918A1 (en) * 2002-08-09 2004-02-19 Optisign Ltd. System and method for signing a document and verifying its authenticity
US7512802B2 (en) 2003-02-28 2009-03-31 Panasonic Corporation Application authentication system, secure device, and terminal device
CN100419737C (en) * 2003-02-28 2008-09-17 松下电器产业株式会社 Application authentication system, secure device, and terminal device
WO2004084486A1 (en) * 2003-03-18 2004-09-30 Eta-Max Method to increase security of secure systems
WO2004093019A1 (en) * 2003-04-09 2004-10-28 Oberthur Card Systems Sa Electronic entity secured by a modifiable counter for the uses of classified data
FR2853785A1 (en) * 2003-04-09 2004-10-15 Oberthur Card Syst Sa Electronic entity e.g. subscriber identification module card, for mobile communication, has recording unit to update and store maximal number of data, and receiving unit to verify whether received command is from authorized party
CN100375984C (en) * 2003-04-09 2008-03-19 奥贝蒂尔卡系统股份有限公司 Electronic entity secured by a modifiable counter for the uses of classified data
US7123900B2 (en) * 2003-08-12 2006-10-17 Research In Motion Limited System and method of secure message processing
US9699762B2 (en) 2003-08-12 2017-07-04 Blackberry Limited System and method of secure message processing
US8874080B2 (en) 2003-08-12 2014-10-28 Blackberry Limited Mobile communications device and method for handling received encoded messages
US8521130B2 (en) 2003-08-12 2013-08-27 Research In Motion Limited System and method of secure message processing
CN100344195C (en) * 2004-09-24 2007-10-17 华为技术有限公司 Mobile terminal used for protecting user input information and its method
AT500833B1 (en) * 2004-10-08 2007-06-15 Pribitzer Wolfgang Ing METHOD, TERMINAL AND SYSTEM FOR APPROVAL CONTROL OF A DEVICE
AT500833A1 (en) * 2004-10-08 2006-04-15 Pribitzer Wolfgang Ing METHOD, TERMINAL AND SYSTEM FOR APPROVAL CONTROL OF A DEVICE
US9237148B2 (en) 2007-08-20 2016-01-12 Blackberry Limited System and method for displaying a security encoding indicator associated with a message attachment
US8392588B2 (en) 2008-04-04 2013-03-05 Lg Electronics Inc. Terminal and method for selecting secure device
WO2009123395A1 (en) * 2008-04-04 2009-10-08 Lg Electronics Inc. Terminal and method for selecting secure device
EA016997B1 (en) * 2008-05-14 2012-09-28 Шин, Елена Ильинична Process of remote user authentication in computer networks to perform the cellphone-assisted secure transactions
EP2461297A1 (en) * 2008-11-12 2012-06-06 Oberthur Technologies Denmark A/S Personal identification number distribution device and method
EP2187363A1 (en) * 2008-11-12 2010-05-19 Oberthur Technologies Denmark A/S Personal identification number distribution device and method
US20160300077A1 (en) * 2008-11-12 2016-10-13 Oberthur Technologies Denmark A/S Personal identification number distribution device and method
GR1006978B (en) * 2009-10-02 2010-09-17 Ιντεαλ Ηλεκτρονικη Αβεε, Disclosure of a pin number through a combining sending and use of a card carrier and a text message (sms)
CN101815267A (en) * 2010-03-05 2010-08-25 惠州Tcl移动通信有限公司 Method for encrypting short message of mobile communication terminal
WO2012131659A1 (en) * 2011-04-01 2012-10-04 Turkcell Iletisim Hizmetleri Anonim Sirketi A system and a method enabling secure transmission of sms
MD20130068A2 (en) * 2011-04-01 2014-03-31 Turkcell Iletisim Hizmetleri Anonim Sirketi System and method enabling secure transmission of SMS
US9037865B1 (en) 2013-03-04 2015-05-19 Ca, Inc. Method and system to securely send secrets to users
US9853926B2 (en) 2014-06-19 2017-12-26 Kevin Alan Tussy Methods and systems for exchanging private messages
CN108875505A (en) * 2017-11-14 2018-11-23 北京旷视科技有限公司 Pedestrian neural network based recognition methods and device again

Also Published As

Publication number Publication date
CN1167298C (en) 2004-09-15
EP1228653A1 (en) 2002-08-07
BR0015445A (en) 2002-11-05
CN1408187A (en) 2003-04-02
JP2003514469A (en) 2003-04-15
DK199901608A (en) 2001-05-10
HK1048720A1 (en) 2003-04-11
AU1269001A (en) 2001-06-06
DK174672B1 (en) 2003-08-25
CA2390835A1 (en) 2001-05-17

Similar Documents

Publication Publication Date Title
EP1228653A1 (en) System for electronic delivery of a personal identification code
US8600351B2 (en) Method and apparatus for unlocking a mobile telephone type wireless communication terminal
US7231372B1 (en) Method and system for paying for goods or services
US5534857A (en) Method and system for secure, decentralized personalization of smart cards
US8214642B2 (en) System and method for distribution of credentials
US20110047082A1 (en) Remote Electronic Payment System
US20050069137A1 (en) Method of distributing a public key
US20030008637A1 (en) System and method for implementing secure mobile-based transactions in a telecommunication system
CN1711738A (en) Providing a user device with a set of access codes
JP2001513274A (en) Authorization confirmation method
KR100968662B1 (en) Method for registering and enabling pki functionalities
EP1142194B1 (en) Method and system for implementing a digital signature
EP0948851A1 (en) Method for identification of a data transmission device
KR20010085115A (en) The payment system by using the wireless terminal
EP1242981A1 (en) Distribution of certifiers
US6523011B1 (en) Communication system for transmitting accounting instructions
CN1413341A (en) A system for recharging prepaid value in respect of telephone connection
US7181429B1 (en) Apparatus and method for storing electronic money
US6832718B2 (en) Smart card payment terminal
US20170323302A1 (en) Security systems and methods
WO2001049054A1 (en) Digital signature
KR20000022597A (en) Apparatus and method for storing an amount of money
KR100336094B1 (en) Method and apparatus for changing class of electronic card
KR20040087663A (en) System and the Method for electronic settlement of accounts by using fingerprint recognition of mobile phone
KR970071336A (en) How to make reservation service using Telebanking

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
WWE Wipo information: entry into national phase

Ref document number: 2000974345

Country of ref document: EP

ENP Entry into the national phase

Ref country code: JP

Ref document number: 2001 537299

Kind code of ref document: A

Format of ref document f/p: F

WWE Wipo information: entry into national phase

Ref document number: 2390835

Country of ref document: CA

WWE Wipo information: entry into national phase

Ref document number: 008168326

Country of ref document: CN

WWP Wipo information: published in national office

Ref document number: 2000974345

Country of ref document: EP

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642