WO2001093215A1 - Securisation d'echanges de donnees entre des controleurs - Google Patents
Securisation d'echanges de donnees entre des controleurs Download PDFInfo
- Publication number
- WO2001093215A1 WO2001093215A1 PCT/FR2001/001621 FR0101621W WO0193215A1 WO 2001093215 A1 WO2001093215 A1 WO 2001093215A1 FR 0101621 W FR0101621 W FR 0101621W WO 0193215 A1 WO0193215 A1 WO 0193215A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- controller
- key
- sim
- application
- card
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
- G07F7/1016—Devices or methods for securing the PIN and other transaction-data, e.g. by encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/043—Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
- H04W12/0431—Key distribution or pre-distribution; Key agreement
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W88/00—Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
- H04W88/02—Terminal devices
Definitions
- the present invention relates to securing data exchange between two controllers.
- a known solution consists in storing a mother key in the first controller, such as for example that of a security module in a point of sale terminal, and in pre-memorizing in second controllers.
- user smart cards such as credit cards or electronic purse cards, daughter keys.
- the daughter key of a second controller results from the application of the mother key and a serial number of the second controller, the smart card, to a key diversification algorithm.
- the invention relates more particularly to another context in which two controllers emanate from two distinct legal persons which a priori are not sufficiently linked for one to impose security data on the other.
- one of the legal persons is an operator of a radiotelephone network which markets removable SIM smart cards (Subscriber Identity Mobile) in mobile radiotelephone terminals and each containing a "first" controller.
- the other legal person is an editor of application smart cards, called additional cards, each containing a "second" controller, which are inserted into additional card readers of the terminals.
- the user of each terminal can acquire different additional cards from different card issuers, and a priori each containing several applications.
- the telephone operator marketing SIM cards is unable to foresee, when they are configured, the introduction of all the mother keys in each SIM card, relating to the different additional cards or to the applications which they contain. It is therefore impossible to memorize all the mother keys of the additional cards in the SIM identity cards.
- the invention aims to overcome the shortcomings of the prior art at least for the particular context above, so as to secure a data exchange between the controllers of any card and any additional card.
- a method for securing data exchanges between first and second controllers the first controller managing communications to a telecommunications network for applications implemented in the second controller, the second controller containing a controller identifier and keys. of applications deduced from a mother key, is characterized by the following steps for each application selected in the second controller: transmitting the identifier of the second controller and an identifier of the application selected from the second controller to a remote security means at through the first controller, match the identifier of the second controller with a mother key in the security means, determine the key of the selected application as a function of the selected application identifier transmitted, the corresponding mother key and 1 second controller identifier in the security means, transmit at least one parameter depending on the application key determined from the remote security means to the first controller, and use the parameter in at least the first controller to secure at least one exchange of application data ation selected between the first and second controllers.
- the first controller such as that of a SIM identity card
- the SIM card is not personalized for exchanging data with a predetermined additional card and does not previously contain a predetermined key, but is provisionally personalized to exchange data with an additional card whose issuer is recognized in the security means.
- the parameter is the application key determined itself which is transmitted in encrypted form from the remote security means to the first controller.
- the remote security means is, according to the first embodiment, a server in said telecommunications network and contains a table for matching sets of identifiers of the second controller to mother keys.
- the remote security means comprises a first server included in the telecommunications network and containing a table for matching sets of identifiers of second controller to addresses of second servers, and of second servers linked to the first server and associated respectively with sets of identifiers of the second controller corresponding to mother keys.
- the second server is addressed by the first server in response to the identifier of the second controller transmitted, determines the key of the selected application and transmits at least said parameter to the first controller through the first server.
- the application key is used in the first controller to participate in an authentication of one of the first and second controllers by the other controller, then in an authentication of the other controller by said controller in response to the authenticity of said one controller, before executing a session of the selected application only in response to the authenticity of said other controller.
- the application key is used in the first controller to determine an encryption key depending on a first random number supplied by the second controller to the first controller and on a second random number, which is provided by the first controller to the second controller to determine the encryption key in the second controller, from
- the third embodiment instead of the key of the selected application, several sets of parameters depending on the determined key and not including it are transmitted by the second server to the first controller.
- the key is not thus transmitted to the first controller, which increases security, and it is only pairs of a number and a parameter depending on this number and the key which are transmitted.
- FIG. 1 is a block diagram of a network system for implementing the method of securing the invention from a mobile terminal;
- FIG. 2 is a detailed functional block diagram of a mobile radio terminal provided with an additional smart card
- - Figure 3 is a security algorithm according to a first embodiment of one invention
- FIG. 4 is an algorithm for mutual authentication of cards for the first embodiment or a second embodiment of the invention
- FIG. 5 is an algorithm for determining a data unit encryption key for the first and second embodiments of the invention.
- FIG. 6 is a security algorithm according to the second embodiment of the invention.
- Figure 7 is a security algorithm according to a third embodiment of the invention
- Figure 8 is a mutual card authentication algorithm for the third embodiment of the invention.
- FIG. 9 is a data unit encryption key determination algorithm for the third embodiment.
- a mobile radiotelephone terminal TE of the radiotelephone network comprises a first SIM smart card constituting an identity module to removable microcontroller of the terminal, as well as a second smart card CA, called additional application card.
- the CA card is removably housed in an additional LE card reader integrated in the terminal, or possibly separate from the terminal and connected to the latter.
- the radiotelephony network RR is shown schematically by a switch of the mobile service MSC for the location area where the mobile terminal TE is at a given time, and a base station BTS connected to the switch MSC by a controller BSC base station and TE terminal by radio.
- the MSC, BSC and BTS entities mainly constitute a fixed network through which signaling, control, data and voice messages are transmitted.
- the main entity of the RR network capable of interacting with the SIM card in the TE terminal is the switch of the mobile service MSC associated with a visitor location recorder VLR and connected to at least one telephone switch with autonomy of routing CAA of the PSTN switched telephone network.
- the MSC switch manages communications for visiting mobile terminals, including the TE terminal, located at a given time in the location area served by the MSC switch.
- the controller 'of BSC base station handles particular channel allocation visitors mobile terminals and base station BTS covers the radio cell where the terminal MS is located at the given time.
- the RR radio network also includes a HLR nominal location recorder connected to the VLR recorders and analogous to a database.
- the HLR recorder contains for each radiotelephone terminal, in particular the international identity IMSI (International Mobile Subscriber Identity) of the SIM smart card (Subscriber Identity Mobile), known as the identity card, included in the terminal TE, that is to say the identity of the 'subscriber owning the SIM card, the subscription profile of the subscriber and the number of the VLR recorder to which the mobile terminal is temporarily attached.
- IMSI International Mobile Subscriber Identity
- SIM smart card Subscriber Identity Mobile
- the mobile radiotelephone terminal TE detailed in FIG. 2 comprises a radio interface 30 with the radiotelephone network RR, mainly comprising a duplexer of transmission and reception channels, frequency transposition circuits, analog-digital and digital-analog converters , a modulator and a demodulator, and a circuit for coding and decoding of
- the terminal TE also includes a speech coding and decoding circuit 31 connected to a microphone 310 and a loudspeaker 311, a microprocessor 32 associated with a non-volatile memory of EEPROM programs 33 and a RAM data memory 34 , and an input-output interface 35 serving the SIM and CA smart cards, a keyboard 36 and a graphic display 37.
- the microprocessor 32 is connected by a bus BU to the interface 30, to the circuit 31, and to the memories 33 and 34 and " by another bus BS at the input-output interface 35.
- the microprocessor 32 manages all the processing of the baseband data that the terminal receives and transmits after frequency transposition, in particular relating to the protocol layers 1, 2 and 3 of the ISO model, and supervises data exchanges between the RR network through the radio interface 30 and the SIM card through the input-output interface 35.
- the SIM smart card is connected to the input-output interface 35 including at least one LE card reader in the terminal, and peripheral sockets of the mobile terminal.
- a first controller mainly comprising a microprocessor 10, a memory 11 of ROM type including an operating system of the card and communication and application algorithms, a non-volatile memory 12 of EEPROM type which contains all the characteristics linked to the subscriber, in particular the international identity of the IMSI subscriber, and a memory 13 of RAM type intended essentially for processing data to be received from the microcontroller 32 included in the terminal and the second card CA and to transmit to them.
- ROM 11 and EEPROM 12 memories to manage applications in additional CA cards.
- the algorithm of the security method according to the invention shown in FIG. 3, or 6, or 7 is implemented in memories 11 and 12.
- Authentication algorithms AA1 and AA2 used for security according to the invention are also implemented in memories 11 and 12.
- the additional smart card CA integrates a second controller mainly comprising a microprocessor 20, a ROM memory 21 including an operating system of the CA card and one or more applications AP and the authentication algorithms AA1 and AA2 specific to the invention, a non-volatile memory 12 of the EEPROM type, and a RAM memory 13 which processes data to be received from the microcontroller 32 and from the processor 10.
- the non-volatile memory 22 also contains, according to the invention, an identifier of the card CA consisting of a serial number NS determined by the supplier of the card CA, and a respective identifier AID and a respective key KA for each application.
- the CA card is for example a bank card, an electronic purse card, or a games card.
- the ROM and EEPROM memories 11, 12, 21 and 22 in the SIM and CA cards include communication software to communicate on the one hand with the microprocessor 32 of the terminal TE, on the other hand between the processors 10 and 20 through the TE terminal, i.e. through the microprocessor 32 and the input-output interface 36.
- the TE terminal periodically interrogates to receive menus to be displayed transmitted by the card.
- the aforementioned recommendation extends the set of commands of the operating system included in the memory 11, 21 of the smart card SIM, CA to make available to the other CA card, SIM data transmitted by the smart card CA, SIM.
- the TE terminal is considered to be transparent to data exchanges between the SIM and CA cards within the framework of the security method according to the invention.
- the controller in the additional card CA communicates with the terminal TE by means of exchanges of commands and responses between the controllers in the two cards SIM and CA, then relayed by exchanges of commands and responses between the controller of the SIM card and terminal. All the typically proactive exchanges between the terminal and the CA card are thus carried out through the SIM card which appears, for the terminal, as the executor of each application selected in the CA card.
- a first specialized server SO belonging to the operator of the radiotelephony network RR.
- the server SO is for example a short message service center (Short Message Service Center) which is connected to the switch MSC of the radiotelephony network RR through an access network RA, for example a digital network with integrated ISDN services.
- the address ASO of the server SO is stored in the non-volatile memory 12 of the SIM card.
- the IMSI identity is introduced there so that the server SO can transmit a response to the SIM card despite the mobility of the terminal TE, after having found the pair VLR-MSC in the data logger. nominal location HLR.
- the SIM card and the SO short message server communicate through a bidirectional short message service (SMS) channel.
- SMS short message service
- the SO server can be a server linked to the station controllers.
- GPRS radio General Packet Radio Service
- the method of securing the invention comprises main steps E0 to E8.
- the service supplier has entrusted a mother key KM to the operator, which mother key has been stored in the operator's short message server SO.
- the terminal TE has been started by pressing an on-off button, and that a confidential code composed on the terminal keyboard has been validated so as to display a main menu on the TE terminal screen.
- next step E1 which can be almost simultaneous with step E0, the terminal TE verifies that an additional card CA has been inserted in the reader LE of the terminal. If the CA card is present in the reader, the main menu displays either the name of the CA card and / or its supplier in order to select this item to display the list of names of the AP applications contained in the CA card, when it contains several, which will be assumed hereinafter, that is to say directly the list of proactive applications available in the card, in the next step E2.
- the previous characteristics of the additional card CA are displayed after the SIM card has validated at an intermediate step E101 the code of at least one PLMN (Public Land Mobile Network) radiotelephony network read from the additional card CA and accessible via the SIM card and the RR radiotelephony network. If none of the radiotelephony network codes is recognized by the SIM card (step E102), a message "additional card rejected" is displayed on the terminal screen and the process returns to the main menu, in step E0. If after step E1, or E101, the additional card CA is considered to be introduced and / or validated, it transmits a list of identifiers of the proactive applications available in the card CA in order to display them at step E2.
- PLMN Public Land Mobile Network
- the user of the terminal TE selects a proactive application AP from among several proactive applications available in the card CA, for example by means of an elevator or navigation key, and validates this selection.
- the proactive application selected in the "second" controller in the CA card is designated by AP in the following description.
- the card CA then transmits to the SIM card the identifier AID of the selected proactive application AP and a serial number NS of the card CA, constituting an identifier of the controller of the card CA, read in the non-volatile memory 22 in step E3.
- the processor 20 in the card CA marks in the memory 22 the proactive application selected AP by a correspondence between the identifier AID and a respective key KA of the application.
- the SIM card establishes a short message containing the parameters received NS and AID and the identity of the IMSI card.
- the server SO Upon receipt of the short message, the server SO temporarily stores the IMSI identity, the selected application identifier AID and the serial number of the NS card, and searches a correspondence table for a mother key KM corresponding to the number NS serial number transmitted, or else with a prefix contained in the serial number, in step E5.
- the mother key specializes in a set of additional cards from the same card supplier, generally corresponding to a range of card serial numbers.
- the mother key is diversified into "daughter" keys respectively associated with the additional cards and with the applications offered by the supplier's additional card or cards.
- step E5 the server SO does not recognize the serial number NS, it transmits to the SIM card a message of refusal of application selected so as to announce it to the user, by a message displayed of the type "Selected application refused", and to break the communication of the SIM card with the server SO, in step E51.
- step E5 a mother key KM corresponds to the serial number NS of the additional card CA
- the server SO determines the "daughter" key KA corresponding to the selected application AP by applying to a key determination algorithm d application AL, the identifier AID of the selected application AP, the corresponding mother key KM and the serial number NS of the card CA, in the next step E6.
- This procedure ensures that the application key will be different for each card and each application on the same card.
- the daughter key KA is established in two stages, first with respect to the serial number NS and the mother key, then with respect to the selected application identifier AID, or Conversely.
- the “daughter” key KA thus determined is then encrypted into an encrypted key KAC in step E7, which is transmitted in a short message addressed to the SIM card in the terminal TE, according to the identity IMSI previously stored.
- the SIM card decrypts the key KAC into the key KA in step E8 and stores it in order to approach mutual authentication of the SIM and CA cards, or else a determination of the encryption key in the SIM and CA cards, described below. after with reference to Figure 4 or 5.
- the mutual authentication triggered by the SIM card comprises, according to the embodiment illustrated in FIG. 4, a first authentication A1 of the first SIM card by the second card CA, then in response to the authenticity of the SIM card, a second authentication A2 of the second CA card by the first SIM card.
- the order of authentications is reversed: the authentication A2 of the card CA by the SIM card is first carried out, then in response to the authenticity of the second card, the authentication Al of the SIM card by the CA card is then performed.
- the authentication is only the first or the second authentication A1 or A2.
- the first authentication A1 assures the additional card C1 that the "daughter" key KA of the selected application AP has indeed been determined by the network RR, that is to say by the server SO.
- the first authentication A1 includes steps Ail to A16. Following step E8, the SIM card transmits a random number request message to the card CA in step Ail.
- the card CA reads a random number NC from its non-volatile memory 22, or else supplies this random number NC thanks to a pseudo-random generator included in the processor 20, in step A12.
- the random number NC is transmitted from the CA card to the SIM card which stores it temporarily.
- the signature SS received by the card CA is compared to the result RC in step A15. If the signature SS is different from the result RC, the selected application AP is refused in step A151 and the terminal TE displays a message "Selected application refused".
- the card CA requests to execute the second authentication A2 to the SIM card, by transmitting an authentication request to it in step A21.
- the second authentication A2 has steps A22 to A25 equivalent to steps A12 to A15 in the first authentication A1, as if the cards were interchanged.
- the SIM card selects a pseudo-random number NS read from the non-volatile memory 12, or supplied by - a pseudo-random generator included in the processor 10, to step A22, and transmits it in a command to the additional card CA, which stores it in RAM 23.
- the processor 20 of the additional card CA again reads the selected application key KA in the memory 22 for the apply with the random number received NS to a second authentication algorithm AA2 in step A23.
- step A25 in the SIM card the result RS determined in step A24 and the signature
- the authentication algorithms AA1 and AA2 are considered above to be different, they can alternatively be identical.
- the method of mutual authentication shown in FIG. 4 is replaced by a method of determining the data unit encryption key shown in FIG. 5.
- step A11 the authentication request is replaced by a securing request so that on the one hand the card CA transmits the random number NC to the SIM card in step A12, on the other hand the card SIM transmits the random number NS to the card CA in step A22.
- the random numbers NC and NS which are transmitted from one card to the other are respectively stored in steps A13 and A23.
- an encryption key KC is determined by applying the random numbers NC and
- the encryption key KC is used in a step A28 to encrypt an application protocol data unit APDU to be transmitted from one of the cards, for example the SIM card, to the other card CA and in a step A29 to decrypt the APDUC encrypted unit in said other card.
- the same encryption key can be used to encrypt-decrypt a first data unit, such as a command from the SIM card to the CA card, and a second data unit, such as a response from the card. CA to the SIM card. Whenever a couple of command- response must be exchanged, a respective encryption key is thus determined.
- the key KC is used to sign each data unit APDU to be transmitted, or else is used to sign and encrypt each data unit.
- the data unit encryption / signature key can be used longer than for the encryption of a command / response pair, for example for the entire duration of a session.
- session we mean the time that elapses between the start of the use of an AID application and the end of its use.
- the second embodiment of the method of the invention is implemented when the supplier of the additional cards does not trust the operator of the radiotelephone network RR sufficiently to entrust him with his mother key KM.
- the operator's server SO which supplies the requested key KA but a second server SP belonging to the service provider issuing the additional cards.
- the server SP (Service Provider) is located outside of the radiotelephone network RR and is for example connected to the switched telephone network PSTN through a broadband network RHD such as the Internet network.
- RHD broadband network
- the SIM card does not communicate directly with the server SP of the service provider, but through the server SO of the operator.
- the SO server is also connected to the RHD broadband network and includes a table addresses of servers of additional card providers so as to correspond to each NS serial number of additional cards, or to a prefix of this serial number, that is to say to a category of additional cards, a ASP address of a respective SP server.
- the SO server receives short messages transmitted by the MSC switch to which the TE terminal is temporarily attached, interprets them, as we will see below, and encapsulates them into IP (Internet Protocol) messages to route them to the SP server. through the RHD network.
- IP Internet Protocol
- the server SO retrieves IP data messages containing selected application keys, transmitted by the server SP and decapsulates them appropriately to transmit them, preferably after decryption and encryption, via the RA and RR to the TE terminal containing the SIM card.
- the securing method according to this second embodiment comprises, as shown in FIG. 6, the steps E0 to E4 already described with reference to FIG. 3, and after the step E4, steps E9 to E15.
- the server SO In response to the short message containing the identity IMSI of the SIM card, the serial number NS of the additional card CA and the identifier AID of the selected application AP transmitted in step E4, the server SO stores the identity IMSI, the identifier AID and the serial number NS and consults a correspondence table between the serial numbers of the additional cards and the addresses of the servers of suppliers of these additional cards, in step E9. If the NS serial number of the CA card is not found in the previous table, the SO server transmits a message application refusal selected on the SIM card, which displays the message "Application selected refused" and breaks the communication with the server SO, in step E91.
- the SO server establishes an IP message containing the ASP provider server address read in the table, the ASO address of the SO server , the selected application identifier AID and the card serial number NS, in step E10.
- the server SP stores the data ASO, AID and NS, and applies to an application key determination algorithm AL the application identifier received AID, the serial number received NS and the key corresponding mother KM for the category of cards to which the additional card CA belongs, at step Eli.
- Execution of the diversified key algorithm AL produces a "daughter" key KA.
- the key KA is then encrypted in an encrypted key KACH which is encapsulated in an IP message to be transmitted as a function of the address ASO to the short message server SO, through the network RHD, in step E12.
- the encrypted key KACH is decrypted into the key KA which is stored in the server SO in step E13.
- the server SO reads the identity IMSI so as to find the terminal TE via the register HLR, encrypts the key received KA in another encrypted key KAC which is encapsulated in a short message transmitted to the terminal TE at l 'step E14.
- the encrypted key KAC which is decrypted into the initial key KA in step E15.
- the key KA is then stored in the RAM memory 13 of the SIM card so to use it for mutual authentication of the SIM and CA cards according to the algorithm shown in FIG. 4, or for the determination of the data unit encryption key according to the algorithm shown in FIG. 5.
- the encrypted keys KAC and KACI are different a priori, the encryption-decryption algorithm between the server SP and SO being a priori different from the encryption-decryption algorithm between the server SO and the SIM card.
- the supplier of additional cards has even less confidence in the operator of the radiotelephone network RR and does not wish to communicate to him the key KA associated with the selected application AP.
- the supplier communicates to the operator only pairs of pairs of random numbers and "session keys".
- the session keys are signatures or results within the meaning of the authentifications A1 and A2 already described with reference to FIG. 4 and are stored in the SIM card to be used as and when the sessions of the selected application AP.
- the third embodiment of the invention comprises steps E0 to E4 described with reference to FIG. 3 and steps E9 to Eli described with reference to FIG. 6, as well as steps El6 to E20 after step Eli as shown in figure 7.
- the server SP of the additional card supplier has supplied the daughter key KA of the selected application AP as a function of the identifier AID, the serial number NS and the mother key KM
- the server SP search in a quadruple list table, a list corresponding to . the application key KA, in step E16.
- This list includes several sets of parameters depending on the determined key KA, such as I quadruplets [NC1, SS1, NSI, RS1] to [NCI, SSI, NSI, RSI] respectively for I sessions SE1 to SEI of the selected application.
- a session of the selected application is the execution of the application between two tasks executed by the SIM card, for example after switching on the TE terminal or after leaving another application.
- the integer I can be equal to a few tens.
- the list of I quadruplets is then encapsulated in an IP message which is transmitted as a function of the address ASO from the server SP to the short message server SO through the network RHD.
- the SO server decapsulates the IP message and stores the list of I quadruplets.
- the IMSI identity attached to the SIM card is read from the SO server in order to find the TE terminal via of the HLR recorder, in step E17.
- the list of quadruplets is then encapsulated in short messages transmitted from the server SO to the SIM card through the RA and RR networks.
- the I quadruplets are extracted from the short messages received and stored in the non-volatile memory 22 of the SIM card in order to use them for the next I sessions of the selected application AP, which each begin with mutual authentication of the SIM cards and CA, as shown in Figure 8, or by determining the data unit encryption key according to the algorithm in Figure 9.
- step E19 in FIG. 7 the method returns to step E19 following a request for a list of quadruplets by the SIM card to the server SP through the server SO in step E20.
- the SP server then provides a new list of quadruplets.
- the SIM and CA cards authenticate each other, in a manner analogous to the authentications A1 and A2, as shown in FIG. 8.
- the first and second authentications are designated by the marks al and a2, due to the few differences which will appear below.
- the SIM card Prior to the first authentication a1, it is assumed that the SIM card has stored at least the quadruplet [NCi, SSi, NSi, RSi] normally intended for the session SEi which is activated at an initial step a0.
- the SIM card ignores the selected application key KA.
- the additional card CA cannot randomly generate the number NCi since it is impossible for the list communicated to the SIM card to contain all the signatures corresponding to all the random numbers.
- the additional card CA increments by a unit a session number counter NSE included in the processor 20, in a step all1.
- the counter has a sufficiently high maximum count, for example corresponding to at least four bytes, so that its count can be incremented by one unit at each session during the lifetime of the CA card.
- the card CA determines the number NCi in step all2 by applying the integer NSE and the application key KA read from memory 22 to the function f contained in the ROM memory 21.
- the determined number NCi is then transmitted to "first "controller in the SIM card so that the latter selects the set of parameters [NCi, SSi, NSi, RSi] in the quadruplet table received as a function of the determined number NCi transmitted in step al3.
- the first authentication a1 of the SIM card in the card CA consists in communicating the signature SSi of the SIM card in the card CA, and in performing steps a14, a5 and a51 like steps A14, A15 and A151 to calculate the result RCi of the application of the determined number NCi and the key KA to the first algorithm AA1 and compare the result RCi with the signature SSi of the selected set.
- the second authentication a2 of the card CA in the SIM card begins with a request by the card CA in step a21 and a communication of the random number NSi of the selected set, from the SIM card to the card CA, in step a22. Then steps a23 and a25, a251 and a252 similar to steps A22, A23, A25, A251 and A252 are executed to determine a signature SCi resulting from the application of the communicated random number NSi and the key KA to the second algorithm AA2 in the CA card, then to compare the RSi result of the selected set with the signature SCi communicated by the CA card to the SIM card.
- step a15 or step a25 when the corresponding comparison is negative, the session of the selected application is refused (step al51 or a251).
- step a25 when the result RSi is equal to the signature SCi, the session SEi of the selected application is started (step a252).
- the SIM and CA cards do not communicate the signatures SSi and SCi to each other and communicate only the numbers NCi and NSi, and the comparison steps a15 and a25 in FIG. 8 are deleted for the determination of an encryption key, for example when the SIM card wishes to transmit an APDU unit in step a10.
- the encryption key results from the following steps: increment in step alll an integer NSE by one unit to determine with the application key KA a number NCi in step all2, transmit to 1 step al2 the determined number NCi at the "first" SIM card controller to select in step al3 the set of parameters NCi, SSi, NSi and RSi containing the number determined in the SIM card, determine in step al4 the result RCi of the set of parameters selected as a function of the application of said determined number NCi and of the key KA to the first algorithm AA1 in the "second" controller of the additional card CA, communicate in step a22 the random number NSi of the set of parameters selected on the card CA, determine in step a23 the signature SCi of the set of parameters selected by applying the random number communicated NSi and the key KA to the second algorithm AA2 in l a CA card, and determine in steps a26 and a27 an encryption key KC according to the set of parameters selected in the SIM card and the CA card, so as to
- the invention has been described above with respect to securing data exchange between the controllers of two SIM and CA smart cards, the invention applies generally to securing between any first controller and any second controller having to communicate with each other, the term controller covering a data processing means or unit, such as a microprocessor, or even more completely an entity, such as a terminal, a server, etc.
- the first controller may be a point of sale terminal and the second controller a credit card, the telecommunications network to which the terminal is connected then being the switched telephone network.
- the first and second controllers are those of a dual-mode radiotelephone terminal.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
Description
Claims
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
AU2001264025A AU2001264025A1 (en) | 2000-05-26 | 2001-05-25 | Making secure data exchanges between controllers |
EP01938340A EP1290646A1 (fr) | 2000-05-26 | 2001-05-25 | Securisation d'echanges de donnees entre des controleurs |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FR0006880A FR2809555B1 (fr) | 2000-05-26 | 2000-05-26 | Securisation d'echanges de donnees entre des controleurs |
FR00/06880 | 2000-05-26 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2001093215A1 true WO2001093215A1 (fr) | 2001-12-06 |
Family
ID=8850755
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/FR2001/001621 WO2001093215A1 (fr) | 2000-05-26 | 2001-05-25 | Securisation d'echanges de donnees entre des controleurs |
Country Status (6)
Country | Link |
---|---|
US (1) | US20030119482A1 (fr) |
EP (1) | EP1290646A1 (fr) |
CN (1) | CN1185586C (fr) |
AU (1) | AU2001264025A1 (fr) |
FR (1) | FR2809555B1 (fr) |
WO (1) | WO2001093215A1 (fr) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN100407129C (zh) * | 2001-12-25 | 2008-07-30 | 株式会社Ntt都科摩 | 通信设备和限制内容访问与存储的方法 |
Families Citing this family (27)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
FR2825555B1 (fr) * | 2001-05-30 | 2004-03-12 | Nilcom | Systeme de messages courts, notamment de messages prepayes |
US7551913B1 (en) | 2001-12-05 | 2009-06-23 | At&T Mobility Ii Llc | Methods and apparatus for anonymous user identification and content personalization in wireless communication |
US8060139B2 (en) | 2002-06-24 | 2011-11-15 | Toshiba American Research Inc. (Tari) | Authenticating multiple devices simultaneously over a wireless link using a single subscriber identity module |
US20090015379A1 (en) * | 2004-05-19 | 2009-01-15 | Einar Rosenberg | Apparatus and method for context-based wireless information processing |
US8676249B2 (en) * | 2003-05-19 | 2014-03-18 | Tahnk Wireless Co., Llc | Apparatus and method for increased security of wireless transactions |
WO2004105359A2 (fr) * | 2003-05-19 | 2004-12-02 | Einar Rosenberg | Dispositif et procede permettant d'obtenir une securite accrue au cours de transactions par voie hertzienne |
FR2856229B1 (fr) * | 2003-06-11 | 2005-09-16 | Ercom Engineering Reseaux Comm | Systeme permettant de securiser des donnees transmises au moyen de telephones mobiles programmables via un reseau de telephonie mobile, notamment de type gsm |
CN1879071B (zh) * | 2003-11-07 | 2010-06-09 | 意大利电信股份公司 | 用于认证数据处理系统的用户的方法和系统 |
FR2863425B1 (fr) * | 2003-12-04 | 2006-02-10 | Gemplus Card Int | Procede et systeme de configuration automatique d'appareil dans un reseau de communication |
US7907935B2 (en) * | 2003-12-22 | 2011-03-15 | Activcard Ireland, Limited | Intelligent remote device |
US7613480B2 (en) * | 2003-12-31 | 2009-11-03 | At&T Mobility Ii Llc | Multiple subscription subscriber identity module (SIM) card |
ATE413077T1 (de) * | 2004-06-25 | 2008-11-15 | Telecom Italia Spa | Verfahren und system zum schutz von während der kommunikation zwischen benutzern ausgetauschten informationen |
TWI280770B (en) * | 2004-07-09 | 2007-05-01 | Inventec Appliances Corp | System against illegal use of mobile phone |
US20060099991A1 (en) * | 2004-11-10 | 2006-05-11 | Intel Corporation | Method and apparatus for detecting and protecting a credential card |
JP4709556B2 (ja) * | 2005-01-13 | 2011-06-22 | 株式会社東芝 | 端末機器に装着される電子装置及び通信システム |
KR101207467B1 (ko) * | 2005-12-16 | 2012-12-03 | 삼성전자주식회사 | 이동 통신 시스템에서 세션 정보 관리 방법 및 시스템과 그장치 |
CN101102190A (zh) * | 2006-07-04 | 2008-01-09 | 华为技术有限公司 | 生成本地接口密钥的方法 |
WO2008042302A2 (fr) * | 2006-09-29 | 2008-04-10 | Narian Technologies Corp. | Dispositif et procédé utilisant des communications en champ proche |
US8254573B2 (en) * | 2007-03-30 | 2012-08-28 | Tektronix, Inc. | System and method for ciphering key forwarding and RRC packet deciphering in a UMTS monitoring system |
HU230695B1 (hu) * | 2007-10-20 | 2017-09-28 | Andrá Vilmos | Eljárás egyedi hozzáférésű információtartalom kommunikációs eszköz biztonságos tároló részegységében történő elhelyezésének előkészítésére, valamint elhelyezésére |
CN101459512B (zh) * | 2007-12-11 | 2010-11-10 | 结行信息技术(上海)有限公司 | 通过不受信任通讯渠道对智能卡安装/初始化应用的方法 |
US9189256B2 (en) * | 2008-11-20 | 2015-11-17 | Nokia Technologies Oy | Method and apparatus for utilizing user identity |
US8447699B2 (en) * | 2009-10-13 | 2013-05-21 | Qualcomm Incorporated | Global secure service provider directory |
WO2011085314A1 (fr) * | 2010-01-08 | 2011-07-14 | Gallagher Kevin N | Présentoir d'addition pour le client comportant un dispositif de communication sans fil |
EP2458808A1 (fr) * | 2010-11-30 | 2012-05-30 | Gemalto SA | Procédé d'accès à un élément sécurisé et élément et système sécurisés correspondants |
US9064253B2 (en) * | 2011-12-01 | 2015-06-23 | Broadcom Corporation | Systems and methods for providing NFC secure application support in battery on and battery off modes |
FR2999748A1 (fr) * | 2012-12-14 | 2014-06-20 | France Telecom | Procede de securisation d'une demande d'execution d'une premiere application par une deuxieme application |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
FR2719925A1 (fr) * | 1994-05-10 | 1995-11-17 | Bull Cp8 | Procédé pour produire une clé commune dans deux dispositifs en vue de mettre en Óoeuvre une procédure cryptographique commune, et appareil associé. |
FR2771528A1 (fr) * | 1997-11-25 | 1999-05-28 | Gemplus Card Int | Procede de gestion des donnees dans une carte a puce |
Family Cites Families (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB9104909D0 (en) * | 1991-03-08 | 1991-04-24 | Int Computers Ltd | Access control in a distributed computer system |
US5369705A (en) * | 1992-06-03 | 1994-11-29 | International Business Machines Corporation | Multi-party secure session/conference |
US5537474A (en) * | 1994-07-29 | 1996-07-16 | Motorola, Inc. | Method and apparatus for authentication in a communication system |
US6069957A (en) * | 1997-03-07 | 2000-05-30 | Lucent Technologies Inc. | Method and apparatus for providing hierarchical key system in restricted-access television system |
US6418472B1 (en) * | 1999-01-19 | 2002-07-09 | Intel Corporation | System and method for using internet based caller ID for controlling access to an object stored in a computer |
US6952770B1 (en) * | 2000-03-14 | 2005-10-04 | Intel Corporation | Method and apparatus for hardware platform identification with privacy protection |
-
2000
- 2000-05-26 FR FR0006880A patent/FR2809555B1/fr not_active Expired - Fee Related
-
2001
- 2001-05-25 WO PCT/FR2001/001621 patent/WO2001093215A1/fr not_active Application Discontinuation
- 2001-05-25 EP EP01938340A patent/EP1290646A1/fr not_active Withdrawn
- 2001-05-25 US US10/296,547 patent/US20030119482A1/en not_active Abandoned
- 2001-05-25 AU AU2001264025A patent/AU2001264025A1/en not_active Abandoned
- 2001-05-25 CN CNB018133568A patent/CN1185586C/zh not_active Expired - Fee Related
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
FR2719925A1 (fr) * | 1994-05-10 | 1995-11-17 | Bull Cp8 | Procédé pour produire une clé commune dans deux dispositifs en vue de mettre en Óoeuvre une procédure cryptographique commune, et appareil associé. |
FR2771528A1 (fr) * | 1997-11-25 | 1999-05-28 | Gemplus Card Int | Procede de gestion des donnees dans une carte a puce |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN100407129C (zh) * | 2001-12-25 | 2008-07-30 | 株式会社Ntt都科摩 | 通信设备和限制内容访问与存储的方法 |
Also Published As
Publication number | Publication date |
---|---|
AU2001264025A1 (en) | 2001-12-11 |
CN1185586C (zh) | 2005-01-19 |
US20030119482A1 (en) | 2003-06-26 |
CN1444755A (zh) | 2003-09-24 |
FR2809555B1 (fr) | 2002-07-12 |
FR2809555A1 (fr) | 2001-11-30 |
EP1290646A1 (fr) | 2003-03-12 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2001093215A1 (fr) | Securisation d'echanges de donnees entre des controleurs | |
EP1190399B1 (fr) | Procede de pre-controle d'un programme contenu dans une carte a puce additionnelle d'un terminal | |
EP1757130B1 (fr) | Deverrouillage securise d'un terminal mobile | |
EP1547426B1 (fr) | Identification d un terminal aupres d un serveur | |
EP1179271B1 (fr) | Terminal radiotelephonique avec une carte a puce dotee d'un navigateur | |
EP1371207B1 (fr) | Dispositif portable pour securiser le trafic de paquets dans une plate-forme hote | |
EP1909462B1 (fr) | Procédé de mise à disposition cloisonnée d'un service électronique | |
CA2566186A1 (fr) | Transfert de donnees entre deux cartes a puce | |
EP1157575B1 (fr) | Authentification dans un reseau de radiotelephonie | |
EP2047697B1 (fr) | Personnalisation d'un terminal de radiocommunication comprenant une carte sim | |
FR2820848A1 (fr) | Gestion dynamique de listes de droits d'acces dans un objet electronique portable | |
EP1190398B1 (fr) | Preparation et execution d'un programme dans une carte a puce additionnelle d'un terminal | |
WO2007066039A2 (fr) | Recouvrement de cles de dechiffrement perimees | |
EP1400090B1 (fr) | Procede et dispositif de securisation des communications dans un reseau informatique | |
WO2001093528A2 (fr) | Procede de communication securisee entre un reseau et une carte a puce d'un terminal | |
EP3021273A1 (fr) | Procédé de sécurisation d'une transaction entre un terminal mobile et un serveur d'un fournisseur de service par l'intermédiaire d'une plateforme | |
WO2003079714A1 (fr) | Procede d'echange d'informations d'authentification entre une entite de communciation et un serveur-operateur | |
WO2004114229A1 (fr) | Methode d´allocation de ressources securisees dans un module de securite | |
EP1321005B1 (fr) | Procede d'implantation d'informations sur un identifiant | |
EP1413158A1 (fr) | Procede d'acces a un service specifique propose par un operateur virtuel et carte a puce d'un dispositif correspondant | |
WO2001099449A1 (fr) | Filtrage d'unites de donnees dans une carte d'identite d'un terminal avec lecteur de carte a puce additionnelle | |
WO2003061312A1 (fr) | Procede de transmission de donnees entre un terminal d'un reseau de telecommunication et un equipement de ce reseau | |
EP1808831A1 (fr) | Préparation et exécution d'un programme dans une carte à puce additionnelle d'un terminal | |
FR2872978A1 (fr) | Procede d'authentification securise sur un reseau sans fil conforme a la norme 802.11, systeme et dispositif pour la mise en oeuvre du procede | |
WO2003003655A1 (fr) | Procede de communication radiofrequence securisee |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
WWE | Wipo information: entry into national phase |
Ref document number: 2001938340 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 10296547 Country of ref document: US |
|
WWE | Wipo information: entry into national phase |
Ref document number: 018133568 Country of ref document: CN |
|
WWP | Wipo information: published in national office |
Ref document number: 2001938340 Country of ref document: EP |
|
NENP | Non-entry into the national phase |
Ref country code: JP |
|
WWW | Wipo information: withdrawn in national office |
Ref document number: 2001938340 Country of ref document: EP |