WO2002031718A1 - Method for using services in a wireless communication network - Google Patents

Method for using services in a wireless communication network Download PDF

Info

Publication number
WO2002031718A1
WO2002031718A1 PCT/FI2001/000878 FI0100878W WO0231718A1 WO 2002031718 A1 WO2002031718 A1 WO 2002031718A1 FI 0100878 W FI0100878 W FI 0100878W WO 0231718 A1 WO0231718 A1 WO 0231718A1
Authority
WO
WIPO (PCT)
Prior art keywords
service
mobile station
messages
message
service device
Prior art date
Application number
PCT/FI2001/000878
Other languages
French (fr)
Inventor
Henna PIETILÄINEN
Otto Kolsi
Veera Lehtonen
Mikko MÄTTÖ
Original Assignee
Smarttrust Systems Oy
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Smarttrust Systems Oy filed Critical Smarttrust Systems Oy
Priority to AU2002210579A priority Critical patent/AU2002210579A1/en
Priority to EP01978467A priority patent/EP1325453A1/en
Publication of WO2002031718A1 publication Critical patent/WO2002031718A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/20Point-of-sale [POS] network systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/04Payment circuits
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/327Short range or proximity payments by means of M-devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3825Use of electronic signatures
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F17/00Coin-freed apparatus for hiring articles; Coin-freed facilities or services
    • G07F17/0014Coin-freed apparatus for hiring articles; Coin-freed facilities or services for vending, access and use of specific services not covered anywhere else in G07F17/00

Definitions

  • the invention relates to a method and communication network for using trusted services.
  • FIG. 1 An example of a prior art point-of-sale solution is the US patent 5,642,484, which provides a point-of-sale information distribution and presentation system which is centrally controlled.
  • the system comprises intelligent automated devices at the point-of sale locations, which may be coupled e.g. to a satellite, land line etc. Moreover, these systems may be arranged to alter the distribution or presentation of the information according to environment sensing information at point-of-sale level.
  • automated devices are linked e.g. via a satellite to a service bureau, which in turn is connected to an information provider.
  • the service bureau is adapted to receive data relating to the actual presentation of the information advertisements.
  • the system has sensors to detect approaching customers. This system, however, lacks interactive capabilities with the customer.
  • known systems for point-of sale advertising and subsequent responding are, however, not secure as the identity of the parties in the system can not be verified.
  • security can be introduced by e.g. using known Public Key Infrastructures for encrypting messages, creating digital signatures and for verifying the signature of a sender of a message.
  • the principle of such infrastructures can be that everyone in the communication system has a public key, that is known for everyone in the system and which is used to encrypt messages, and a private key for decrypting messages that are encrypted with the public key.
  • a common way of proving an identity is to use a signature. If a message instead is encrypted with the private key, the message can be decrypted with the public key.
  • the idea of signing messages with the RSA system is encryption with the private key and decryption with the public key, in which case it is certain that only the holder of the private key could have sent that message.
  • a key pair can be used in an opposite direction for digitally signing of messages in such a way that a message is signed with the private key (the message or a part of it is encrypted with the private key) and the signature is verified with the public key (by decrypting with the public key).
  • it is only a digest of the message that is encrypted with the private key to avoid overlong messages.
  • CA certification authority
  • a certificate lists at least the owner of the key pair, often the organization of the owner, the owner's public key, expiration information and a digital signature created using the CA's private key.
  • the public keys of the CAs are usually built into the applications that use public key systems, so the software can validate the certificate.
  • the object of the invention is a secure method for distributing trusted messages in wireless communication networks via an intermediate device.
  • a more detailed object for the secure method of the invention is to obtain security in such networks without the need for special protection for the intermediate device.
  • the method of the invention uses trusted services in a wireless communication network, which comprises a service provider, one or more service devices and one or more mobile stations.
  • the identity of the sender of messages in the communication between the parties is verified by means of digital signatures.
  • information messages are created by the service provider.
  • After proving of the identity of the sender in said messages by digitally signing the messages said signed messages are sent and stored in one or more of the service devices.
  • the signed messages are then sent from the service device(s) to one or more of the mobile stations for further communication.
  • the service provider has means for creating information messages and for digitally signing said messages
  • the service device(s) has means for sending and storing said signed messages
  • the mobile station(s) has means for verifying the signed messages received.
  • the mobile station has also means for digitally signing of the messages and for verification of certificates.
  • the identity verification is advantageously performed by means of a public key infrastructure using public and private keys as well as certificates for the signing of the messages sent in the method.
  • the method of the invention is advantageously performed by making use of a Public Key Infrastructure:
  • the following keys are stored in the components making up the wireless network of the invention.
  • the service provider and the mobile stations have their private keys for signing messages.
  • the mobile stations have or have availability to the public key of the service provider for checking the digital signatures of messages sent from the service provider and forwarded by the service devices.
  • the mobile station(s) also has availability to a certificate that binds its keys to themselves thus to prove their identity.
  • a merit of the invention is that the service devices do not need to have any own keys, as they only forward the information messages from the service providers to the mobile stations.
  • the only key needed to be stored in the service device is the public key of the CA.
  • the service device also gets the certificate of a mobile station intending to make an order.
  • the invention can be used in service devices without any secret keys and with a data communication connection that does not have to be continuous.
  • the service devices of the invention can verify the sender of the signed messages by means of the public key of the CA stored therein. Furthermore, the service devices can be used to store data about the users that have used the service and to store digital signatures.
  • the merit of the invention is that cheaper devices can be used as they are not so exposed to misuse and attacks and are thus less critical.
  • the devices can advertise their own services for users in a trusted way so that the users can be sure that the advertisements are from the right service providers/devices indicated in the messages.
  • the sender of the message can be identified by means of the digital signature.
  • the messages can not be later denied and thus they can be used for charging.
  • the processing power of the devices of the invention and the memory capacity can be compared with those of a smart card and if desired, the functionality as a whole can be performed by means of a smart card.
  • a different message can be sent every time, whereby no special counters are needed to avoid replay attacks.
  • the mobile terminal using the services does not need to send its own certificate to the device as the device can fetch it in the network from a certificate director. If it is question about a service for a limited number of users, the certificates of all possible users can be stored in the device in alternative to the embodiment in which the mobile terminal sends it certificate in connection with the use of the service.
  • Figure 1 is an example of an environment in which the invention can be performed.
  • Figure 2 is a flow scheme of an example of how the invention can be performed.
  • Figure 3 is an illustration about an example of service and how it can be used with the invention
  • FIG 1 illustrates an example of an environment in which the invention can be performed.
  • the communication system of the invention comprises in figure 1 a service provider A, service devices B1 , B2 and B3 and mobile stations C.
  • the mobile station is preferably a mobile phone. However, it can be any temper proof mobile device.
  • a certificate director usually belongs to the communication system.
  • the mobile stations are connected to the service devices with e.g. radio links and the service devices can be connected to the service provider with, e.g. cable links, optical fibres, or radio links including
  • the system of figure 1 can make use of a Public Key Infrastructure to secure a trusted communication between the parties belonging to the system.
  • the service provider stores its own private key, with which it can sign messages digitally.
  • the mobile stations can sign messages with their own private keys.
  • anyone in the system has access to the public keys of the mobile station and the service provider to check digital signatures created by means of the respective private keys.
  • the mobile stations and the service providers in the system also have certificates by means of which their identity can be verified.
  • the public keys, by means of which the identities can be verified, are included in these certificates that can be fetched from a certificate directory or they can be stored in the components.
  • a certification authority CA keeps records about key pairs and their owners.
  • the service devices do not have any own private keys, but they have the public key of a certification authority CA stored therein to check certificates sent to them.
  • A is a service provider that owns the service devices B1 , B2 and B3.
  • the service provider A might as an example offer parking services, in which case B1 , B2 and B3 can be parking measuring units or refreshment units in which case the service devices can be lemonade automates.
  • Other examples of services might be candy automates, ticket automates, gate entrances etc.
  • the idea of the invention is to enable the service devices to inform about their services to the mobile stations in a secure way so that the mobile users can be sure about who the sender of the messages is.
  • the mobile station also has to be sure about that it is secure to order the service offered in the messages without the risk of replay attacks.
  • An example of how the invention can be performed e.g. in the environment of figure 1 is shown in figure 2.
  • a service provider creates an information message, e.g. an advertisement in step 1.
  • the service provider signs the message digitally in step 2 and sends 3 the signed message to one or more service devices B.
  • the message sent from the service provider is stored 4 and thereafter sent 5 to one or more mobile stations C.
  • the message might be an advertisement for a parking service, for buying products, for participating in a questionnaire or other such service.
  • the message can appear 6 in the mobile station C in different ways, such as a short message (SMS).
  • SMS short message
  • the service device B may also be a cellular base station.
  • the message can be a cell broadcast message or other message when the mobile station C enters a certain cell area or other specified area.
  • a response message is created 7.
  • the mobile station can send its certificate to the service device in step 8 which, however, in that case usually is sent before creating the message in step 7.
  • the certificate has been signed with the private key of the CA.
  • the service device B can now check the certificate by means of the public key of the CA.
  • the mobile station C digitally signs 11 the response with the private key of the mobile station and sends 12 it to the service device B.
  • the service device might already have the certificate of the mobile station stored and in that case steps 8 - 10 are omitted.
  • the service device fetches the certificate of the mobile station from a certificate directory of the CA if it has such connection.
  • the mobile station can respond to the message received from the service device in step 6 and creates the response in step 7, which can e.g. include an order of a service.
  • the response is digitally signed by the mobile station in step 11 with its private key to prove its origin.
  • the service device can check the digital signature by means of the certificate of the mobile station.
  • the service device can perform 14 the service informed about in the information message and ordered by the mobile station.
  • Information about the use of services can be sent 15 to the service provider A from the service device B, which can use the information e.g. to charge the client or as an information source for further communication strategies.
  • the invention also provides solutions to prevent replay attacks, wherein the above mentioned order message from the mobile station to the service device is stored by someone to be repeatedly used.
  • the service provider can store different advertisements or information messages in the different service devices.
  • Each such message contains a date and a time stamp or some other changing information, e.g. a new information for every hour.
  • Every service order message has a unique message number and the time stamp that was in the information message of the device.
  • the device stores pairs constituted by a MS (Mobile Station) identity and a message number.
  • the order message is accepted if it contains the actual time stamp and a new pair of message number and MS identity.
  • the message is changed e.g. every hour and the message numbers are deleted from the database.

Landscapes

  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Finance (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Security & Cryptography (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention is concerned with a method and a wireless communication network for using trusted services. The network comprises a service provider, one or moreservice devices and one or more mobile stations. Digital signatures are used in thecommunication between the parties for identity verification. In the method, information messages are created creating by the service provider. The messages are digitallysigned to prove the identity of the sender. Said signed messages are then sent to one or more of the service devices and stored therein. From the service device(s), the signed messages are sent to one or more of the mobile stations for further communication.

Description

METHOD FOR USING SERVICES IN A WIRELESS COMMUNICATION NETWORK
TECHNICAL FIELD
The invention relates to a method and communication network for using trusted services.
BACKGROUND ART
Recent developments in information system technology have created new marketing opportunities. With improved technology available to reach customers at home and business places, interactivity becomes a greater issue.
There are, however, not yet any direct point-of-sale locations having information system techniques with interactive capabilities for use by advertisers and others.
An example of a prior art point-of-sale solution is the US patent 5,642,484, which provides a point-of-sale information distribution and presentation system which is centrally controlled. The system comprises intelligent automated devices at the point-of sale locations, which may be coupled e.g. to a satellite, land line etc. Moreover, these systems may be arranged to alter the distribution or presentation of the information according to environment sensing information at point-of-sale level. In this patent, automated devices are linked e.g. via a satellite to a service bureau, which in turn is connected to an information provider. The service bureau is adapted to receive data relating to the actual presentation of the information advertisements. The system has sensors to detect approaching customers. This system, however, lacks interactive capabilities with the customer.
Moreover, known systems for point-of sale advertising and subsequent responding are, however, not secure as the identity of the parties in the system can not be verified. In communication systems, security can be introduced by e.g. using known Public Key Infrastructures for encrypting messages, creating digital signatures and for verifying the signature of a sender of a message.
The principle of such infrastructures can be that everyone in the communication system has a public key, that is known for everyone in the system and which is used to encrypt messages, and a private key for decrypting messages that are encrypted with the public key.
A common way of proving an identity is to use a signature. If a message instead is encrypted with the private key, the message can be decrypted with the public key. The idea of signing messages with the RSA system is encryption with the private key and decryption with the public key, in which case it is certain that only the holder of the private key could have sent that message. Thus, a key pair can be used in an opposite direction for digitally signing of messages in such a way that a message is signed with the private key (the message or a part of it is encrypted with the private key) and the signature is verified with the public key (by decrypting with the public key). In practice it is only a digest of the message that is encrypted with the private key to avoid overlong messages.
To be sure that the recipient really knows that the right person holds the private key, the particular key has to be bound to an individual or corporation in some way. For this purpose, a third party is used to certify that the public key belongs to the owner. The binding of identity to a particular key pair is done using a certificate that attests to the owner's identity. This certificate must be issued by a certification authority (CA), which is an organization that verifies identities and issues certificates that bind key pairs to identities. A certificate lists at least the owner of the key pair, often the organization of the owner, the owner's public key, expiration information and a digital signature created using the CA's private key. The public keys of the CAs are usually built into the applications that use public key systems, so the software can validate the certificate. More detailed information about the technology involved in public key infrastructure systems can be found e.g. in the book "Understanding Digital Signatures" by Gail L. Grant, ISBN 0-07-012554-6. The object of the invention is a secure method for distributing trusted messages in wireless communication networks via an intermediate device.
A more detailed object for the secure method of the invention is to obtain security in such networks without the need for special protection for the intermediate device.
SUMMARY OF THE INVENTION
The method of the invention uses trusted services in a wireless communication network, which comprises a service provider, one or more service devices and one or more mobile stations. The identity of the sender of messages in the communication between the parties is verified by means of digital signatures. In the method, information messages are created by the service provider. After proving of the identity of the sender in said messages by digitally signing the messages, said signed messages are sent and stored in one or more of the service devices. The signed messages are then sent from the service device(s) to one or more of the mobile stations for further communication.
The service provider has means for creating information messages and for digitally signing said messages, the service device(s) has means for sending and storing said signed messages, and the mobile station(s) has means for verifying the signed messages received. The mobile station has also means for digitally signing of the messages and for verification of certificates.
The identity verification is advantageously performed by means of a public key infrastructure using public and private keys as well as certificates for the signing of the messages sent in the method.
The method of the invention is advantageously performed by making use of a Public Key Infrastructure: The following keys are stored in the components making up the wireless network of the invention. The service provider and the mobile stations have their private keys for signing messages. The mobile stations have or have availability to the public key of the service provider for checking the digital signatures of messages sent from the service provider and forwarded by the service devices. The mobile station(s) also has availability to a certificate that binds its keys to themselves thus to prove their identity. A merit of the invention is that the service devices do not need to have any own keys, as they only forward the information messages from the service providers to the mobile stations. The only key needed to be stored in the service device is the public key of the CA. The service device also gets the certificate of a mobile station intending to make an order.
The invention can be used in service devices without any secret keys and with a data communication connection that does not have to be continuous. The service devices of the invention can verify the sender of the signed messages by means of the public key of the CA stored therein. Furthermore, the service devices can be used to store data about the users that have used the service and to store digital signatures.
In the advantageous embodiment, wherein the device has no secret keys, the merit of the invention is that cheaper devices can be used as they are not so exposed to misuse and attacks and are thus less critical.
Thanks to the signed messages sent from the service provider, the devices can advertise their own services for users in a trusted way so that the users can be sure that the advertisements are from the right service providers/devices indicated in the messages.
The sender of the message can be identified by means of the digital signature. The messages can not be later denied and thus they can be used for charging.
The processing power of the devices of the invention and the memory capacity can be compared with those of a smart card and if desired, the functionality as a whole can be performed by means of a smart card. Depending on the memory capacity of the service device, a different message can be sent every time, whereby no special counters are needed to avoid replay attacks.
If a more extensive data connection between the service provider and the service devices is used, the mobile terminal using the services does not need to send its own certificate to the device as the device can fetch it in the network from a certificate director. If it is question about a service for a limited number of users, the certificates of all possible users can be stored in the device in alternative to the embodiment in which the mobile terminal sends it certificate in connection with the use of the service.
It is also possible to use an advertisement, which can be changed by the user, in which case the receiver can tell the desired content of the service used.
In the following the invention will be described by means of figures and examples of some advantageous embodiments. The invention is not limited to the details of the embodiments or to the services used therein.
FIGURES
Figure 1 is an example of an environment in which the invention can be performed. Figure 2 is a flow scheme of an example of how the invention can be performed. Figure 3 is an illustration about an example of service and how it can be used with the invention
DETAILED DESCRIPTION
Figure 1 illustrates an example of an environment in which the invention can be performed. The communication system of the invention comprises in figure 1 a service provider A, service devices B1 , B2 and B3 and mobile stations C. The mobile station is preferably a mobile phone. However, it can be any temper proof mobile device. In addition to the components appearing in figure 1 , a certificate director usually belongs to the communication system. The mobile stations are connected to the service devices with e.g. radio links and the service devices can be connected to the service provider with, e.g. cable links, optical fibres, or radio links including
Bluetooth radio links.
The system of figure 1 can make use of a Public Key Infrastructure to secure a trusted communication between the parties belonging to the system. For that purpose, the service provider stores its own private key, with which it can sign messages digitally. Also the mobile stations can sign messages with their own private keys. Anyone in the system has access to the public keys of the mobile station and the service provider to check digital signatures created by means of the respective private keys. There are key pairs also for encrypting and decrypting messages. The mobile stations and the service providers in the system also have certificates by means of which their identity can be verified. The public keys, by means of which the identities can be verified, are included in these certificates that can be fetched from a certificate directory or they can be stored in the components. A certification authority CA keeps records about key pairs and their owners. The service devices do not have any own private keys, but they have the public key of a certification authority CA stored therein to check certificates sent to them.
A is a service provider that owns the service devices B1 , B2 and B3. The service provider A might as an example offer parking services, in which case B1 , B2 and B3 can be parking measuring units or refreshment units in which case the service devices can be lemonade automates. Other examples of services might be candy automates, ticket automates, gate entrances etc.
The idea of the invention is to enable the service devices to inform about their services to the mobile stations in a secure way so that the mobile users can be sure about who the sender of the messages is. The mobile station also has to be sure about that it is secure to order the service offered in the messages without the risk of replay attacks. An example of how the invention can be performed e.g. in the environment of figure 1 is shown in figure 2.
A service provider creates an information message, e.g. an advertisement in step 1. To prove its identity, the service provider signs the message digitally in step 2 and sends 3 the signed message to one or more service devices B. The message sent from the service provider is stored 4 and thereafter sent 5 to one or more mobile stations C.
The message might be an advertisement for a parking service, for buying products, for participating in a questionnaire or other such service.
The message can appear 6 in the mobile station C in different ways, such as a short message (SMS). The service device B may also be a cellular base station. The message can be a cell broadcast message or other message when the mobile station C enters a certain cell area or other specified area.
If the mobile station decides to respond to the message, e.g. by requesting additional information, making an order or by answering questions or sending a report, a response message is created 7. For identity verification, the mobile station can send its certificate to the service device in step 8 which, however, in that case usually is sent before creating the message in step 7. The certificate has been signed with the private key of the CA. The service device B can now check the certificate by means of the public key of the CA. Upon approval 9 of the certificate, which is indicated for the mobile station in step 10, the mobile station C digitally signs 11 the response with the private key of the mobile station and sends 12 it to the service device B. Alternatively, the service device might already have the certificate of the mobile station stored and in that case steps 8 - 10 are omitted. This might be the case e.g. if the service is intended for a limited user group known in advance, in which case it is possible to store all or a part of the necessary certificates in the service device in advance. Another alternative is that the service device fetches the certificate of the mobile station from a certificate directory of the CA if it has such connection. Now the mobile station can respond to the message received from the service device in step 6 and creates the response in step 7, which can e.g. include an order of a service. The response is digitally signed by the mobile station in step 11 with its private key to prove its origin.
The service device can check the digital signature by means of the certificate of the mobile station. When the signature has been approved 13, the service device can perform 14 the service informed about in the information message and ordered by the mobile station.
Information about the use of services can be sent 15 to the service provider A from the service device B, which can use the information e.g. to charge the client or as an information source for further communication strategies.
The invention also provides solutions to prevent replay attacks, wherein the above mentioned order message from the mobile station to the service device is stored by someone to be repeatedly used.
Firstly, the service provider can store different advertisements or information messages in the different service devices. Each such message contains a date and a time stamp or some other changing information, e.g. a new information for every hour.
Every service order message has a unique message number and the time stamp that was in the information message of the device. The device stores pairs constituted by a MS (Mobile Station) identity and a message number. The order message is accepted if it contains the actual time stamp and a new pair of message number and MS identity. The message is changed e.g. every hour and the message numbers are deleted from the database.

Claims

1. Method for using trusted services in a wireless communication network, comprising a service provider, one or more service devices and one or more mobile stations, in which method digital signatures are used in the communication between the parties for identity verification, characterized by a) creating information messages by the service provider, b) digitally signing the messages to prove the identity of the sender of said messages, c) sending said signed messages from the service provider to one or more of the service devices and storing the signed messages therein, d) sending the signed messages from the service device(s) to one or more of the mobile stations for further communication.
2. Method of claim 1, c h a r a c t e r i z e d in that the identity verification is performed by means of Public Key Infrastructure.
3. Method of claim 2, characterized in that the digital signing in step b) is performed with the private key of the service provider.
4. Method of claim 1, characterized in that the further communication takes place by sending from the mobile station, a response to the message received by e) sending the certificate of the mobile station to the service device, f) approving the certificate at the service device, and g) sending the response from the mobile station to the service device by digitally signing the message with the private key of the mobile station.
5. Method of claim 4, characterized in that the digital signature in step e) is made by the private key of the CA.
6. Method of claim 4, characterized in that the digital signature in step g) is made by the private key of the mobile station.
7. Method of claim 1, characterized in that the further communication takes place by responding to the message from the mobile station by e) sending the response from the mobile station to the service device by digitally signing the message with the private key of the mobile station, f) approving the response at the service device by means of the certificate of the mobile station.
8. Method of claim 7, characterized in that the service device fetches the certificate of the mobile station from a certificate directory.
9. Method of claim 7, ch a ra cte rize d in that the certificate of the mobile station is stored at the service device in advance.
10. Method of claim 4, chara cterized in that the response from the mobile station to the service device is an order of a service provided by the service provider.
11. Method of claim 4, characterized by a still further communication in which the response is approved at the service device and the service ordered by the mobile station in its response is performed by the service device.
12. Method of claim 4, characterized in that the digital signature in step g) is checked by the service device by using the certificate of the mobile station.
13. Method of claim 1, characterized in that the information messages sent to the service devices from the service provider differ from each other.
14. Method of claim ^ c h a r a c t e r i z e d in that each information message contains a date and/or time and/or a number.
15. Method of claim 4, characterized in that the service devices keep record about the responses sent to them from the mobile stations.
16. Method of claim 12, c h a r a c t e r i z e d in that the records contain information about the mobile clients, as well as the date and time stamps.
17. Method of claim ^ ch a racte rized in that each service device receives more than one information message from the service provider.
18. Method of claim 1, characterized in that the information message to be sent from the service device to the mobile station is regularly changed.
19. Method of claim 18, characterized in that each such information message contains a date and a time stamp or some other changing information for every hour.
20. Method of claim 18, characterized in that every service order message has a unique message number and the time stamp that was in the information message of the device.
21. Method of claim 20, ch a racte rize d in that reply attacks are avoided by storing pairs constituted by a MS (Mobile Station) identity and a message number, and by only accepting service order messages that contain the actual time stamp and a new pair of message number and MS.
22. Wireless communication network, comprising a service provider, one or more service devices, one or more mobile stations, and means for identity verification of the parties in the communication, characterized in that a) the service provider has means for creating information messages and for digitally signing of the messages, b) the service device(s) has means for sending and storing said signed messages, c) the mobile stations have means for verifying the signed messages received and for digitally signing messages to be sent.
23. Wireless communication network of claim 19, characterized in that the means for identity verification is Public Key Infrastructure using public and private keys as well as certificates for the signing of the messages sent in the method.
24. Wireless communication network of claim 20 or 21, characterized in that it also comprises a certificate directory of a CA.
25. Wireless communication network of any of claims 19 -21, characterized in that the service devices have the public key of the CA.
PCT/FI2001/000878 2000-10-10 2001-10-10 Method for using services in a wireless communication network WO2002031718A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
AU2002210579A AU2002210579A1 (en) 2000-10-10 2001-10-10 Method for using services in a wireless communication network
EP01978467A EP1325453A1 (en) 2000-10-10 2001-10-10 Method for using services in a wireless communication network

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
FI20002234 2000-10-10
FI20002234A FI113428B (en) 2000-10-10 2000-10-10 Procedure for using services in a wireless telecommunications network

Publications (1)

Publication Number Publication Date
WO2002031718A1 true WO2002031718A1 (en) 2002-04-18

Family

ID=8559268

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/FI2001/000878 WO2002031718A1 (en) 2000-10-10 2001-10-10 Method for using services in a wireless communication network

Country Status (4)

Country Link
EP (1) EP1325453A1 (en)
AU (1) AU2002210579A1 (en)
FI (1) FI113428B (en)
WO (1) WO2002031718A1 (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2006130539A2 (en) * 2005-05-31 2006-12-07 Qualcomm Incorporated Wireless subscriber billing and distribution
US9143622B2 (en) 2006-02-17 2015-09-22 Qualcomm Incorporated Prepay accounts for applications, services and content for communication devices
US9185538B2 (en) 2005-05-31 2015-11-10 Qualcomm Incorporated Wireless subscriber application and content distribution and differentiated pricing
US9185234B2 (en) 2006-02-22 2015-11-10 Qualcomm Incorporated Automated account mapping in a wireless subscriber billing system
US9203923B2 (en) 2001-08-15 2015-12-01 Qualcomm Incorporated Data synchronization interface
US9264902B1 (en) 2007-03-02 2016-02-16 Citigroup Global Markets Inc. Systems and methods for remote authorization of financial transactions using public key infrastructure (PKI)
US10009743B2 (en) 2001-08-13 2018-06-26 Qualcomm Incorporated System and method for providing subscribed applications on wireless devices over a wireless network
US10043170B2 (en) 2004-01-21 2018-08-07 Qualcomm Incorporated Application-based value billing in a wireless subscriber network

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5592560A (en) * 1989-05-01 1997-01-07 Credit Verification Corporation Method and system for building a database and performing marketing based upon prior shopping history
US5642484A (en) * 1994-05-13 1997-06-24 Captive Communications, Inc. Pump top advertisement distribution and display system with performance and sales information feedback
US5757918A (en) * 1995-01-20 1998-05-26 Tandem Computers Incorporated Method and apparatus for user and security device authentication
US5926796A (en) * 1997-05-05 1999-07-20 Walker Asset Management Limited Partnership Method and apparatus for selling subscriptions to periodicals in a retail environment
EP1077437A2 (en) * 1999-07-07 2001-02-21 Phone.Com Inc. Method and system for distributing electronic coupons using a wireless communications system.

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5748738A (en) * 1995-01-17 1998-05-05 Document Authentication Systems, Inc. System and method for electronic transmission, storage and retrieval of authenticated documents
US5903882A (en) * 1996-12-13 1999-05-11 Certco, Llc Reliance server for electronic transaction system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5592560A (en) * 1989-05-01 1997-01-07 Credit Verification Corporation Method and system for building a database and performing marketing based upon prior shopping history
US5642484A (en) * 1994-05-13 1997-06-24 Captive Communications, Inc. Pump top advertisement distribution and display system with performance and sales information feedback
US5757918A (en) * 1995-01-20 1998-05-26 Tandem Computers Incorporated Method and apparatus for user and security device authentication
US5926796A (en) * 1997-05-05 1999-07-20 Walker Asset Management Limited Partnership Method and apparatus for selling subscriptions to periodicals in a retail environment
EP1077437A2 (en) * 1999-07-07 2001-02-21 Phone.Com Inc. Method and system for distributing electronic coupons using a wireless communications system.

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10009743B2 (en) 2001-08-13 2018-06-26 Qualcomm Incorporated System and method for providing subscribed applications on wireless devices over a wireless network
US9203923B2 (en) 2001-08-15 2015-12-01 Qualcomm Incorporated Data synchronization interface
US10043170B2 (en) 2004-01-21 2018-08-07 Qualcomm Incorporated Application-based value billing in a wireless subscriber network
WO2006130539A2 (en) * 2005-05-31 2006-12-07 Qualcomm Incorporated Wireless subscriber billing and distribution
WO2006130539A3 (en) * 2005-05-31 2007-03-15 Qualcomm Inc Wireless subscriber billing and distribution
US9185538B2 (en) 2005-05-31 2015-11-10 Qualcomm Incorporated Wireless subscriber application and content distribution and differentiated pricing
US9350875B2 (en) 2005-05-31 2016-05-24 Qualcomm Incorporated Wireless subscriber billing and distribution
US9143622B2 (en) 2006-02-17 2015-09-22 Qualcomm Incorporated Prepay accounts for applications, services and content for communication devices
US9185234B2 (en) 2006-02-22 2015-11-10 Qualcomm Incorporated Automated account mapping in a wireless subscriber billing system
US9264902B1 (en) 2007-03-02 2016-02-16 Citigroup Global Markets Inc. Systems and methods for remote authorization of financial transactions using public key infrastructure (PKI)
US9462473B2 (en) 2007-03-02 2016-10-04 Citigroup Global Markets, Inc. Systems and methods for remote authorization of financial transactions using public key infrastructure (PKI)

Also Published As

Publication number Publication date
FI20002234A0 (en) 2000-10-10
FI20002234A (en) 2002-04-11
AU2002210579A1 (en) 2002-04-22
EP1325453A1 (en) 2003-07-09
FI113428B (en) 2004-04-15

Similar Documents

Publication Publication Date Title
US5812670A (en) Traceable anonymous transactions
US6490358B1 (en) Enabling business transactions in computer networks
JP4824309B2 (en) Method for monitoring digital content provided by a content provider via a network
CN101207482B (en) System and method for implementation of single login
US5864667A (en) Method for safe communications
CN100583883C (en) Method of providing a signing key for digitally signing, verifying or encrypting data and mobile terminal
CN101764691B (en) Method, equipment and system for obtaining dynamic passwords to generate keys
US20100070761A1 (en) Reliable authentication of message sender's identity
KR20060080174A (en) Method for transmitting protected information to several receivers
CN108092779A (en) A kind of method and device for realizing electronic signature
US20080250246A1 (en) Method for Controlling Secure Transactions Using a Single Multiple Dual-Key Device, Corresponding Physical Deivce, System and Computer Program
CN103095662A (en) Online transaction safety certificate method and online transaction safety certificate system
Hassinen et al. Utilizing national public-key infrastructure in mobile payment systems
CN101189616A (en) Facilitating and authenticating transactions
CN111049835B (en) Unified identity management system of distributed public certificate service network
CN101482963A (en) Service data processing platform, system and method
US20030195857A1 (en) Communication technique to verify and send information anonymously among many parties
US8122516B2 (en) Method and system for enabling a first party to provide a second party with personalized digital content
US20110161234A1 (en) Ordering scheme
EP1325453A1 (en) Method for using services in a wireless communication network
KR101604622B1 (en) Method for Processing Mobile Payment by Using Encryption Matrix Authentication
TW200806002A (en) Message authentication system and message authentication method
Adi et al. Secured multi-identity mobile infrastructure and offline mobile-assisted micro-payment application
Chen et al. A mobile ticket system based on personal trusted device
CN101004811A (en) System for processing mobile electric gift card

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ CZ DE DE DK DK DM DZ EC EE EE ES FI FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PH PL PT RO RU SD SE SG SI SK SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
121 Ep: the epo has been informed by wipo that ep was designated in this application
WWE Wipo information: entry into national phase

Ref document number: 2001978467

Country of ref document: EP

WWP Wipo information: published in national office

Ref document number: 2001978467

Country of ref document: EP

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

NENP Non-entry into the national phase

Ref country code: JP