WO2006040659A2 - Proxy smart card applications - Google Patents

Proxy smart card applications Download PDF

Info

Publication number
WO2006040659A2
WO2006040659A2 PCT/IB2005/003051 IB2005003051W WO2006040659A2 WO 2006040659 A2 WO2006040659 A2 WO 2006040659A2 IB 2005003051 W IB2005003051 W IB 2005003051W WO 2006040659 A2 WO2006040659 A2 WO 2006040659A2
Authority
WO
WIPO (PCT)
Prior art keywords
message
electronic device
smart card
device software
remote terminal
Prior art date
Application number
PCT/IB2005/003051
Other languages
French (fr)
Other versions
WO2006040659A3 (en
Inventor
Henry Haverinen
Pasi Eronen
Original Assignee
Nokia Corporation
Nokia, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nokia Corporation, Nokia, Inc. filed Critical Nokia Corporation
Priority to EP05850094A priority Critical patent/EP1800455A2/en
Publication of WO2006040659A2 publication Critical patent/WO2006040659A2/en
Publication of WO2006040659A3 publication Critical patent/WO2006040659A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04BTRANSMISSION
    • H04B1/00Details of transmission systems, not covered by a single one of groups H04B3/00 - H04B13/00; Details of transmission systems not characterised by the medium used for transmission
    • H04B1/38Transceivers, i.e. devices in which transmitter and receiver form a structural unit and in which at least one part is used for functions of transmitting and receiving
    • H04B1/40Circuits
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/162Implementing security features at a particular protocol layer at the data link layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/04Protocols specially adapted for terminals or networks with limited capabilities; specially adapted for terminal portability

Definitions

  • the present invention relates generally to networking systems. More particularly, the invention is related to 3GPP-Wireless LAN interworking, EAP SEVI and EAP AKA authentication and split user equipment usage scenarios.
  • New wireless LAN standards IEEE 802.1 Ii and Wi-Fi Protected Access (WPA) use Extensible Authentication Protocol (EAP) for network access authentication and key agreement.
  • EAP Extensible Authentication Protocol
  • the wireless LAN station implements an EAP peer, which communicates with an EAP server implementation on the network side.
  • EAP authentication exchange the EAP peer and the EAP server exchange EAP packets.
  • the EAP authentication server is usually a backend element which is separate from the wireless LAN access point.
  • EAP has been designed to easily support several different authentication algorithms so that a separate EAP method implementation can be used for each authentication algorithm.
  • a new 3GPP Wireless LAN interworking standard enables a wireless LAN terminal to use the 3GPP smart card based authentication mechanisms for wireless LAN network access authentication.
  • a single piece of user equipment is equipped with both the smart card and the wireless LAN interface.
  • the wireless LAN terminal uses the Extensible Authentication Protocol method for GSM Subscriber Identity Modules (EAP-SIM) or the Extensible Authentication Protocol for 3G Authentication and Key Agreement (EAP-AKA) protocols to perform network access authentication. These protocols require access to the smart card of the device. Smart cards are widely used in portable electronics devices and are discussed in detail in UK Patent No. 2,370,659, assigned to Nokia Corporation and incorporated herein by reference.
  • the wireless LAN network interface and the smart card reside in separate pieces of equipment.
  • a laptop equipped with a wireless LAN interface uses a mobile telephone, equipped with a smart card, for EAP-SIM and EAP-AKA authentication.
  • these protocols require access to a smart card located on the mobile telephone.
  • the laptop uses a Bluetooth connection to the mobile telephone in order to access the smart card for the wireless LAN authentication.
  • Other possible communication connections could also be used to connect the laptop to the mobile telephone, such as RFID, WLAN (802.1 Ix), infrared, UWB, or even a cabled connection such as a serial, parallel, or USB cable.
  • the laptop implements the EAP peer and only uses the mobile phone for the smart card operations.
  • EAP packets received from the wireless LAN network are processed by the laptop, and the laptop also generates all EAP packets that need to be transmitted to the network.
  • the EAP-SIM and EAP-AKA peers are implemented by the mobile phone.
  • the laptop passes through EAP packets from its wireless LAN interface to the mobile phone, and the mobile phone processes the EAP packets.
  • the mobile phone uses the smart card for 3GPP authentication primitives only.
  • the mobile phone generates the EAP packets that are to be transmitted to the wireless LAN network and sends them to the laptop.
  • the laptop then forwards the outgoing EAP packets to the network.
  • the smart card implements the EAP-SIM and EAP-AKA peers.
  • special EAP capable smart cards are used.
  • the laptop passes through EAP packets from its wireless LAN interface to the mobile phone, which again passes the EAP packet to the special smart card for processing.
  • the smart card processes incoming EAP packets and generates outgoing EAP packets.
  • the smart card passes its outgoing EAP packets to the mobile phone which further passes them to the laptop.
  • the laptop then transmits the EAP packets to the wireless LAN network.
  • SAP Bluetooth SIM Access Profile
  • APDU application protocol data units
  • the present invention resolves the above issues by having the EAP SBvI and EAP AKA protocols implemented by the mobile telephone, even when a low-level interface such as Bluetooth SAP is being used.
  • the laptop computer sends EAP requests to the mobile telephone over a Bluetooth connection, and the mobile telephone sends the EAP responses back to the laptop. After successful authentication, the mobile telephone sends session keys to the laptop.
  • the mobile telephone uses a standard SIM card or a universal integrated circuit card (UICC) to perform the computations required for EAP SEVI or EAP AKA authentication.
  • the protocols are implemented by software that is running in the mobile telephone. While Bluetooth is mentioned herein as an example connection between the laptop and mobile telephone, it should be understood that other connections types may be used such as RFID 3 WLAN, infrared, UWB or even cabled connections such as serial, parallel, or USB cables.
  • the present invention results in a number of advantages over conventional systems.
  • the Bluetooth SIM access profile can be used, and any smart card applications can be implemented by computer software. Additionally, operations do not have to deploy special smart cards with EAP support.
  • Figure 1 is an overview diagram of a system according to an embodiment of the present invention.
  • Figure 2 is a perspective view of a mobile telephone that can be used in the implementation of the present invention.
  • Figure 3 is a schematic representation of the telephone circuitry of the mobile telephone of Figure 2;
  • Figure 4 is a schematic representation of the circuitry of the smart card represented in Figure 3;
  • Figure 5 is a schematic diagram of the memory structure held by the smart card of Figure 3;
  • Figure 6 shows a laptop computer with an infrared port exchanging information with the mobile telephone of Figure 2;
  • Figure 7 is a flow chart showing the steps involved in the implementation of the present invention.
  • Figure 8 is a schematic representation of a network system including a mobile phone with a smart card according the to the principles of the present invention.
  • FIG. 1 shows a system 10 in which the present invention can be utilized, comprising multiple communication devices that can communicate through a network.
  • the system 10 may comprise any combination of wired or wireless networks including, but not limited to, a mobile telephone network, a wireless Local Area Network (LAN), a Bluetooth personal area network, an Ethernet LAN, a token ring LAN, a wide area network, the Internet, etc.
  • the system 10 may include both wired and wireless communication devices.
  • the system 10 shown in FIG. 1 includes a mobile telephone network 11 and the Internet 28. Connectivity to the Internet 28 may include, but is not limited to, long range wireless connections, short range wireless connections, and various wired connections including, but not limited to, telephone lines, cable lines, power lines, and the like.
  • the exemplary communication devices of system 10 may include, but are not limited to, a mobile telephone 12, a combination PDA and mobile telephone 14, a PDA 16, an integrated messaging device (IMD) 18, a desktop computer 20, and a notebook computer 22.
  • the communication devices may be stationary or mobile as when carried by an individual who is moving.
  • the communication devices may also be located in a mode of transportation including, but not limited to, an automobile, a truck, a taxi, a bus, a boat, an airplane, a bicycle, a motorcycle, etc.
  • Some or all of the communication devices may send and receive calls and messages and communicate with service providers through a wireless connection 25 to a base station 24.
  • the base station 24 may be connected to a network server 26 that allows communication between the mobile telephone network 11 and the Internet 28.
  • the system 10 may include additional communication devices and communication devices of different types.
  • the communication devices may communicate using various transmission technologies including, but not limited to, Code Division Multiple Access (CDMA), Global System for Mobile Communications (GSM), Universal Mobile Telecommunications System (UMTS), Time Division Multiple Access (TDMA), Frequency Division Multiple Access (FDMA), Transmission Control Protocol/Internet Protocol (TCP/IP), Short Messaging Service (SMS), Multimedia Messaging Service (MMS), e-mail, Instant Messaging Service (IMS), Bluetooth, IEEE 802.11, etc.
  • CDMA Code Division Multiple Access
  • GSM Global System for Mobile Communications
  • UMTS Universal Mobile Telecommunications System
  • TDMA Time Division Multiple Access
  • FDMA Frequency Division Multiple Access
  • TCP/IP Transmission Control Protocol/Internet Protocol
  • SMS Short Messaging Service
  • MMS Multimedia Messaging Service
  • e-mail e-mail
  • Bluetooth IEEE 802.11, etc.
  • a communication device may communicate using various media including, but not limited to, radio, infrared, laser, cable connection, and the like.
  • Figures 2 and 3 show one representative mobile telephone 12 according
  • the mobile telephone 12 of Figures 2 and 3 includes a housing 30, a display 32 in the form of a liquid cr microphone 36, an ear-piece 38, a battery 40, an inrrare ⁇ po ⁇ tz, an antenna w, a smart card 46 in the form of a UICC according to one embodiment of the invention, a card reader 48, radio interface circuitry 52, codeccircuitry 54, a controller 56 and a memory 58.
  • Individual circuits and elements are all of a type well known in the art, for example in the Nokia range of mobile telephones.
  • the smart card 46 includes a plastic card body 60 and a module 62 which comprises an integrated circuit 64 and contacts 66.
  • the integrated circuit 64 comprises input/output circuits 68, a processor 70 and non-volatile memory 72.
  • the mobile telephone 12 may exchange information with an external device such as a laptop computer 22 having a laptop infrared port 74 through an infrared link 76.
  • Figure 8 is a representation of the larger system, showing the communication stream among the mobile telephone 12 with smart card 46, the laptop computer 22, a wireless LAN access point 23, and the network authentication (EAP) server 26.
  • the smart card 46 can be a standard GSM SIM or 3 G UICC smart card.
  • the laptop computer 22 passes through EAP packets between the mobile telephone 12 and the wireless LAN access point 23.
  • the mobile telephone 22 intercepts APDUs that relate to EAP implementation.
  • the mobile telephone 22 includes EAP-SIM and EAP-AKA peer implementations and use a standard GSMor UICC for peer implementation.
  • FIG. 7 shows the steps involved in the implementation of the present invention.
  • the process begins at step 100 with the mobile telephone 12 receiving a message related to the smart card 46 over a Bluetooth connection.
  • the mobile telephone 12 determines whether the message (such as a command APDU) is related to a function that is implemented by computer software as a proxy smart card application. If the message is not related to a proxy smart card application software, represented at 80 in Figure 2, then at step 120 the mobile telephone 12 transmits the message to the smart card 46 for processing. However, if the message is related to a function that is implemented by the smart card application software 80, then at step 130 the mobile telephone 12 does not send anything to the smart card 46. Instead, the message is processed by the smart card application software 80. The mobile telephone software also generates any required response messages at step 140. Although the mobile telephone 12 does not send the message to the smart card 46 for processing, the mobile telephone 12 may use the services of the smart card 46 while processing the message.
  • the message such as a command APDU
  • the mobile telephone 12 processes all EAP SIM and EAP AKA related messages (APDUs) by software, but the mobile telephone 12 may forward other messages, such as generic SIM access messages, to the smart card 46. While processing the EAP SIM and EAP-AKA-related messages, the mobile telephone 12 uses the standard authentication primitives of the smart card 46.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)
  • Telephone Function (AREA)

Abstract

A system and method for the implementation of a proxy smart card application in a mobile telephone. The mobile telephone receives a smart card related message from a remote terminal. If the smart card related message is related to a function implemented by electronic device software within the mobile telephone, the electronic device software processes the message. If the smart card related message is not related to a function implemented by the electronic device software, the message is transmitted to the smart card.

Description

PROXY SMART CARD APPLICATIONS
FIELD OF THE INVENTION
[0001] The present invention relates generally to networking systems. More particularly, the invention is related to 3GPP-Wireless LAN interworking, EAP SEVI and EAP AKA authentication and split user equipment usage scenarios.
BACKGROUND OF THE INVENTION
[0002] New wireless LAN standards IEEE 802.1 Ii and Wi-Fi Protected Access (WPA) use Extensible Authentication Protocol (EAP) for network access authentication and key agreement. In this situation, the wireless LAN station implements an EAP peer, which communicates with an EAP server implementation on the network side. During the EAP authentication exchange, the EAP peer and the EAP server exchange EAP packets. The EAP authentication server is usually a backend element which is separate from the wireless LAN access point. EAP has been designed to easily support several different authentication algorithms so that a separate EAP method implementation can be used for each authentication algorithm. [0003] A new 3GPP Wireless LAN interworking standard enables a wireless LAN terminal to use the 3GPP smart card based authentication mechanisms for wireless LAN network access authentication. In the basic case, a single piece of user equipment is equipped with both the smart card and the wireless LAN interface. The wireless LAN terminal uses the Extensible Authentication Protocol method for GSM Subscriber Identity Modules (EAP-SIM) or the Extensible Authentication Protocol for 3G Authentication and Key Agreement (EAP-AKA) protocols to perform network access authentication. These protocols require access to the smart card of the device. Smart cards are widely used in portable electronics devices and are discussed in detail in UK Patent No. 2,370,659, assigned to Nokia Corporation and incorporated herein by reference.
[0004] In split user equipment (UE) situations, the wireless LAN network interface and the smart card reside in separate pieces of equipment. Typically in this case, a laptop equipped with a wireless LAN interface uses a mobile telephone, equipped with a smart card, for EAP-SIM and EAP-AKA authentication. As discussed above, these protocols require access to a smart card located on the mobile telephone. The laptop uses a Bluetooth connection to the mobile telephone in order to access the smart card for the wireless LAN authentication. Other possible communication connections could also be used to connect the laptop to the mobile telephone, such as RFID, WLAN (802.1 Ix), infrared, UWB, or even a cabled connection such as a serial, parallel, or USB cable.
[0005] In the split UE case, there are three different ways to implement the EAP peer for EAP-SIM and EAP-AKA protocols. In the first implementation, the laptop implements the EAP peer and only uses the mobile phone for the smart card operations. In this scenario, EAP packets received from the wireless LAN network are processed by the laptop, and the laptop also generates all EAP packets that need to be transmitted to the network.
[0006] In the second implementation, the EAP-SIM and EAP-AKA peers are implemented by the mobile phone. The laptop passes through EAP packets from its wireless LAN interface to the mobile phone, and the mobile phone processes the EAP packets. The mobile phone uses the smart card for 3GPP authentication primitives only. The mobile phone generates the EAP packets that are to be transmitted to the wireless LAN network and sends them to the laptop. The laptop then forwards the outgoing EAP packets to the network.
[0007] In the third implementation, the smart card implements the EAP-SIM and EAP-AKA peers. In this case, special EAP capable smart cards are used. The laptop passes through EAP packets from its wireless LAN interface to the mobile phone, which again passes the EAP packet to the special smart card for processing. The smart card processes incoming EAP packets and generates outgoing EAP packets. The smart card passes its outgoing EAP packets to the mobile phone which further passes them to the laptop. The laptop then transmits the EAP packets to the wireless LAN network.
[0008] In 3GPP standardization, it is desired that the Bluetooth SIM Access Profile (SAP) be used in the split user equipment scenario. However, SAP is a low-level interface for accessing the smart card over a Bluetooth connection. SAP contains operations for exchanging application protocol data units (APDU), so it assumes that the smart card, rather than the mobile telephone, performs all the processing. This implies that if APDUs were used to send EAP packets to the mobile telephone, the EAP SIM and EAP AKA protocols would have to be implemented by the smart card. [0009] It is currently desirable to implement EAP methods on the smart card, and they have product plans for special EAP smart cards. However, it may also be desirable for EAP methods to be implemented by the mobile telephone.
SUMMARY OF THE INVENTION
[0010] The present invention resolves the above issues by having the EAP SBvI and EAP AKA protocols implemented by the mobile telephone, even when a low-level interface such as Bluetooth SAP is being used. The laptop computer sends EAP requests to the mobile telephone over a Bluetooth connection, and the mobile telephone sends the EAP responses back to the laptop. After successful authentication, the mobile telephone sends session keys to the laptop. The mobile telephone uses a standard SIM card or a universal integrated circuit card (UICC) to perform the computations required for EAP SEVI or EAP AKA authentication. The protocols are implemented by software that is running in the mobile telephone. While Bluetooth is mentioned herein as an example connection between the laptop and mobile telephone, it should be understood that other connections types may be used such as RFID3 WLAN, infrared, UWB or even cabled connections such as serial, parallel, or USB cables.
[0011] The present invention results in a number of advantages over conventional systems. Under the present invention, the Bluetooth SIM access profile can be used, and any smart card applications can be implemented by computer software. Additionally, operations do not have to deploy special smart cards with EAP support. [0012] These and other objects, advantages and features of the invention, together with the organization and manner of operation thereof, will become apparent from the following detailed description when taken in conjunction with the accompanying drawings, wherein like elements have like numerals throughout the several drawings described below.
BRIEF DESCRIPTION OF THE DRAWINGS
[0013] Figure 1 is an overview diagram of a system according to an embodiment of the present invention;
[0014] Figure 2 is a perspective view of a mobile telephone that can be used in the implementation of the present invention;
[0015] Figure 3 is a schematic representation of the telephone circuitry of the mobile telephone of Figure 2;
[0016] Figure 4 is a schematic representation of the circuitry of the smart card represented in Figure 3;
[0017] Figure 5 is a schematic diagram of the memory structure held by the smart card of Figure 3;
[0018] Figure 6 shows a laptop computer with an infrared port exchanging information with the mobile telephone of Figure 2;
[0019] Figure 7 is a flow chart showing the steps involved in the implementation of the present invention; and
[0020] Figure 8 is a schematic representation of a network system including a mobile phone with a smart card according the to the principles of the present invention.
DETAILED DESCRIPTION OF THE INVENTION
[0021] The present invention involves the implementation of a proxy smart card application in the mobile telephone. Figure 1 shows a system 10 in which the present invention can be utilized, comprising multiple communication devices that can communicate through a network. The system 10 may comprise any combination of wired or wireless networks including, but not limited to, a mobile telephone network, a wireless Local Area Network (LAN), a Bluetooth personal area network, an Ethernet LAN, a token ring LAN, a wide area network, the Internet, etc. The system 10 may include both wired and wireless communication devices. [0022] For exemplification, the system 10 shown in FIG. 1 includes a mobile telephone network 11 and the Internet 28. Connectivity to the Internet 28 may include, but is not limited to, long range wireless connections, short range wireless connections, and various wired connections including, but not limited to, telephone lines, cable lines, power lines, and the like.
[0023] The exemplary communication devices of system 10 may include, but are not limited to, a mobile telephone 12, a combination PDA and mobile telephone 14, a PDA 16, an integrated messaging device (IMD) 18, a desktop computer 20, and a notebook computer 22. The communication devices may be stationary or mobile as when carried by an individual who is moving. The communication devices may also be located in a mode of transportation including, but not limited to, an automobile, a truck, a taxi, a bus, a boat, an airplane, a bicycle, a motorcycle, etc. Some or all of the communication devices may send and receive calls and messages and communicate with service providers through a wireless connection 25 to a base station 24. The base station 24 may be connected to a network server 26 that allows communication between the mobile telephone network 11 and the Internet 28. The system 10 may include additional communication devices and communication devices of different types.
[0024] The communication devices may communicate using various transmission technologies including, but not limited to, Code Division Multiple Access (CDMA), Global System for Mobile Communications (GSM), Universal Mobile Telecommunications System (UMTS), Time Division Multiple Access (TDMA), Frequency Division Multiple Access (FDMA), Transmission Control Protocol/Internet Protocol (TCP/IP), Short Messaging Service (SMS), Multimedia Messaging Service (MMS), e-mail, Instant Messaging Service (IMS), Bluetooth, IEEE 802.11, etc. A communication device may communicate using various media including, but not limited to, radio, infrared, laser, cable connection, and the like. [0025] Figures 2 and 3 show one representative mobile telephone 12 according to one embodiment of the invention. It should be understood, however, that the present invention is not intended to be limited to one particular type of mobile telephone 12 or other electronic device. The mobile telephone 12 of Figures 2 and 3 includes a housing 30, a display 32 in the form of a liquid cr microphone 36, an ear-piece 38, a battery 40, an inrrareα poπ tz, an antenna w, a smart card 46 in the form of a UICC according to one embodiment of the invention, a card reader 48, radio interface circuitry 52, codeccircuitry 54, a controller 56 and a memory 58. Individual circuits and elements are all of a type well known in the art, for example in the Nokia range of mobile telephones.
[0026] As shown in Figure 4, the smart card 46 includes a plastic card body 60 and a module 62 which comprises an integrated circuit 64 and contacts 66. As represented in Figure 5, the integrated circuit 64 comprises input/output circuits 68, a processor 70 and non-volatile memory 72.
[0027] Referring to Figure 6, the mobile telephone 12 may exchange information with an external device such as a laptop computer 22 having a laptop infrared port 74 through an infrared link 76. Figure 8 is a representation of the larger system, showing the communication stream among the mobile telephone 12 with smart card 46, the laptop computer 22, a wireless LAN access point 23, and the network authentication (EAP) server 26. In this situation, the smart card 46 can be a standard GSM SIM or 3 G UICC smart card. In this situation, the laptop computer 22 passes through EAP packets between the mobile telephone 12 and the wireless LAN access point 23. The mobile telephone 22 intercepts APDUs that relate to EAP implementation. The mobile telephone 22 includes EAP-SIM and EAP-AKA peer implementations and use a standard GSMor UICC for peer implementation.
[0028] Figure 7 shows the steps involved in the implementation of the present invention. The process begins at step 100 with the mobile telephone 12 receiving a message related to the smart card 46 over a Bluetooth connection. At step 110, the mobile telephone 12 determines whether the message (such as a command APDU) is related to a function that is implemented by computer software as a proxy smart card application. If the message is not related to a proxy smart card application software, represented at 80 in Figure 2, then at step 120 the mobile telephone 12 transmits the message to the smart card 46 for processing. However, if the message is related to a function that is implemented by the smart card application software 80, then at step 130 the mobile telephone 12 does not send anything to the smart card 46. Instead, the message is processed by the smart card application software 80. The mobile telephone software also generates any required response messages at step 140. Although the mobile telephone 12 does not send the message to the smart card 46 for processing, the mobile telephone 12 may use the services of the smart card 46 while processing the message.
[0029] From the viewpoint of the laptop computer 22, it does not make any difference whether a function is implemented by an actual smart card 46 or by the smart card application software 80.
[0030] In the split user equipment scenario, the mobile telephone 12 processes all EAP SIM and EAP AKA related messages (APDUs) by software, but the mobile telephone 12 may forward other messages, such as generic SIM access messages, to the smart card 46. While processing the EAP SIM and EAP-AKA-related messages, the mobile telephone 12 uses the standard authentication primitives of the smart card 46.
[0031] While several embodiments have been shown and described herein, it should be understood that changes and modifications can be made to the invention without departing from the invention in its broader aspects. For example, but without limitation, the present invention can be used in conjunction with a variety of electronic devices. In addition, while exemplary embodiments disclose using a Bluetooth connection, other connection types may be used such as RFID, WLAN, infrared, UWB, serial cable connections, parallel cable connections, or USB cable connections to name a few. Various features of the invention are defined in the following Claims:

Claims

WHAT IS CLAIMED IS:
L A method for providing smart card applications on an electronic device, comprising: receiving a smart card related message from a remote terminal; determining whether the smart card related message is related to a function implemented by electronic device software; if the smart card related message is related to a function implemented by the electronic device software, having the electronic device software process the message; and if the smart card related message is not related to a function implemented by the electronic device software, transmitting the message to the smart card.
2. The method of claim 1 , wherein the message is received via a Bluetooth connection.
3. The method of claim 1 , wherein the message is received via an RFID, WLAN, infrared, or UWB connection.
4. The method of claim 1 , wherein the message is received via a serial, parallel, or USB cable connection.
5. The method of claim 1 , wherein the message comprises a command application protocol data unit.
6. The method of claim 1 , further comprising the step of generating a response message for transmittal to the remote terminal.
7. The method of claim 1 , wherein the remote terminal comprises a laptop computer.
8. The method of claim 1, wherein the electronic device comprises a portable telephone.
9. A computer program product for providing smart card applications on a electronic device, comprising: computer code for receiving a smart card related message from a remote terminal; computer code for determining whether the smart card related message is related to a function implemented by electronic device software; computer code for, if the smart card related message is related to a function implemented by the electronic device software, having the electronic device software process the message; and computer code for, if the smart card related message is not related to a function implemented by the electronic device software, transmitting the message to the smart card.
10. The computer program product of claim 9, wherein the message is received via a Bluetooth connection.
11. The computer program product of claim 9, wherein the message is received via an RFID, WLAN5 infrared, or UWB connection.
12. The computer program product of claim 9, wherein the message is received via a serial, parallel, or USB cable connection.
13. The computer program product of claim 9, wherein the message comprises a command application protocol data unit.
14. The computer program product of claim 9, further comprising the step of generating a response message for transmittal to the remote terminal.
15. The computer program product of claim 9, wherein the remote terminal comprises a laptop computer.
16. The computer program product of claim 9, wherein the electronic device comprises a portable telephone.
17. An electronic device, comprising: a housing; a memory unit for storing electronic device software; a smart card operatively connected to the memory unit; and a data communication link for receiving smart-card related messages from a remote terminal, wherein if a smart card related message received by the electronic device is related to a function implemented by the electronic device software, the electronic device software processes the message, and wherein if a smart card related message received by the electronic device is not related to a function implemented by the electronic device software, the message is transmitted to the smart card for processing.
18. The device of claim 17, wherein the electronic device comprises a portable telephone.
19. The device of claim 17, wherein the remote terminal comprises a laptop computer.
20. The device of claim 17, wherein the data communication link comprises a Bluetooth connection link.
21. The device of claim 17, wherein the message is received via an RFID, WLAN, infrared, or UWB connection link.
22. The device of claim 17, wherein the message is received via a serial, parallel, or USB cable connection link.
23. The device of claim 17, wherein the message comprises a command application protocol data unit.
24. The device of claim 17, wherein a response message is generated by the electronic device software for transmittal to the remote terminal.
25. The device of claim 17, wherein the smart card comprises a universal integrated circuit card.
26. A module for use in an electronic device, comprising: a memory unit for storing electronic device software; a smart card operatively connected to the memory unit; and a data communication link for receiving smart-card related messages from a remote terminal, wherein if a smart card related message received by the module is related to a function implemented by the electronic device software, the electronic device software processes the message, and wherein if a smart card related message received by the module is not related to a function implemented by the electronic device software, the message is transmitted to the smart card for processing.
27. The module of claim 26, wherein the data communication link comprises a Bluetooth connection link.
28. The module of claim 26, wherein the message is received via an RFID, WLAN, infrared, or UWB connection link.
29. The module of claim 26, wherein the message is received via a serial, parallel, or USB cable connection link.
30. The module of claim 26, wherein the message comprises a command application protocol data unit.
31. The module of claim 26, wherein a response message is generated by the electronic device software for transmittal to the remote terminal.
32. The module of claim 26, wherein the smart card comprises a universal integrated circuit card.
33. A system for providing smart card applications, comprising: a remote terminal; and an electronic device including a memory unit for storing electronic device software, a smart card operatively connected to the memory unit, and a data communication link for receiving information from the remote terminal, wherein if a smart card related message received by the electronic device from the remote terminal is related to a function implemented by the electronic device software, the electronic device software processes the message, and wherein if a smart card related message received by the electronic device is not related to a function implemented by the electronic device software, the message is transmitted to the smart card for processing.
34. The system of claim 33, wherein the data communication link comprises a Bluetooth connection link.
35. The system of claim 33, wherein the message is received via an RFID, WLAN, infrared, or UWB connection link.
36. The system of claim 33, wherein the message is received via a serial, parallel, or USB cable connection link.
37. The system of claim 33, wherein the message comprises a command application protocol data unit.
38. The system of claim 33, wherein a response message is generated by the electronic device software for transmittal to the remote terminal.
39. The system of claim 33, wherein the smart card comprises a universal integrated circuit card.
PCT/IB2005/003051 2004-10-14 2005-10-12 Proxy smart card applications WO2006040659A2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
EP05850094A EP1800455A2 (en) 2004-10-14 2005-10-12 Proxy smart card applications

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US10/965,643 US8095179B2 (en) 2004-10-14 2004-10-14 Proxy smart card applications
US10/965,643 2004-10-14

Publications (2)

Publication Number Publication Date
WO2006040659A2 true WO2006040659A2 (en) 2006-04-20
WO2006040659A3 WO2006040659A3 (en) 2006-06-29

Family

ID=36148702

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2005/003051 WO2006040659A2 (en) 2004-10-14 2005-10-12 Proxy smart card applications

Country Status (5)

Country Link
US (1) US8095179B2 (en)
EP (1) EP1800455A2 (en)
KR (2) KR20070064671A (en)
CN (1) CN101069403A (en)
WO (1) WO2006040659A2 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3139650A4 (en) * 2014-05-01 2017-10-25 Sony Corporation Wireless communication apparatus

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7444137B1 (en) 2005-11-01 2008-10-28 At&T Mobility Ii Llc Cell broadcast via encoded message to an embedded client
US7426203B1 (en) * 2005-11-01 2008-09-16 At&T Mobility Ii Llc WAP push over cell broadcast
US7444133B1 (en) * 2005-11-01 2008-10-28 At&T Mobility Ii Llc Cell broadcast updates to application software
US8634720B2 (en) * 2008-02-28 2014-01-21 Robert Bosch Gmbh Remote control relay for wirelessly-controlled devices
EP2469485A1 (en) * 2010-12-22 2012-06-27 Gemalto SA Communication system
US8676709B2 (en) * 2012-07-31 2014-03-18 Google Inc. Merchant category codes in a proxy card transaction
US10003959B2 (en) * 2015-07-30 2018-06-19 Qualcomm Incorporated Subscriber identity module (SIM) access profile (SAP)
DE102019105571A1 (en) * 2018-03-09 2019-09-12 GM Global Technology Operations LLC SAFE EAP-AKA AUTHENTICATION VIA A PROXY

Family Cites Families (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CA2165201C (en) * 1993-06-15 2010-08-17 Wayne David Michaels Telecommunications system
FR2771205B1 (en) * 1997-11-20 2000-01-21 Gemplus Card Int METHOD, CHIP CARD AND TERMINALS FOR PERFORMING TRANSACTIONS THROUGH A TELECOMMUNICATION NETWORK
US20040154027A1 (en) * 1998-10-14 2004-08-05 Jean-Jacques Vandewalle Method and means for managing communications between local and remote objects in an object oriented client server system in which a client application invokes a local object as a proxy for a remote object on the server
US6547150B1 (en) * 1999-05-11 2003-04-15 Microsoft Corporation Smart card application development system and method
US6571112B1 (en) * 2000-08-03 2003-05-27 Motorola, Inc. Method and apparatus for processing an embedded message at a wireless mobile station which includes a subscriber identity module
GB0021988D0 (en) * 2000-09-07 2000-10-25 Nokia Mobile Phones Ltd Management of portable radiotelephones
US6807561B2 (en) 2000-12-21 2004-10-19 Gemplus Generic communication filters for distributed applications
KR100644865B1 (en) 2000-12-22 2006-11-13 엠텍비젼 주식회사 Mobile Phone having Wireless Modem Chip for Local Area Communication, Smart Card having Wireless Modem Chip for Local Area Communication, and Wireless data communication method using the sames
GB2370659A (en) 2000-12-29 2002-07-03 Nokia Mobile Phones Ltd Method of controlling access to a data file held by a smart card
US7418254B2 (en) * 2001-02-20 2008-08-26 Microsoft Corporation Mobile communication device dynamic service application and dynamic service application scripting
US20020162021A1 (en) * 2001-04-30 2002-10-31 Audebert Yves Louis Gabriel Method and system for establishing a remote connection to a personal security device
FR2824929B1 (en) * 2001-05-18 2003-08-08 Gemplus Card Int APPLICATION DEPLOYMENT FROM A CHIP CARD
FR2828358B1 (en) * 2001-08-02 2004-01-16 Gemplus Card Int METHOD AND DEVICE FOR COMPATIBILITY OF COMMUNICATION ON A NETWORK OF TERMINALS, FOR EXAMPLE TO ENABLE A DIALOGUE WITH AN APPLICATION ON A CHIP CARD
FR2836611A1 (en) * 2002-02-28 2003-08-29 Bull Sa Network communication method for distributed software architecture, involves storing asynchronous messages sent by card agent to standard agent or vice-versa in storage unit of network by intermediate agent
CN1235426C (en) 2002-03-31 2006-01-04 华为技术有限公司 Mobile terminal and user identification module
US6676022B1 (en) * 2002-10-04 2004-01-13 Mobile-Mind, Inc. Smart card system with command queuing
US20040076131A1 (en) * 2002-10-22 2004-04-22 Hai Qu Data download to removable modules via broadcast SMS in CDMA communication systems
US20040162105A1 (en) * 2003-02-14 2004-08-19 Reddy Ramgopal (Paul) K. Enhanced general packet radio service (GPRS) mobility management
US20040193891A1 (en) 2003-03-31 2004-09-30 Juha Ollila Integrity check value for WLAN pseudonym
FR2857207B1 (en) 2003-07-04 2005-10-14 Orange France METHOD FOR ACCESSING A POINT OF COMMUNICATION WITH AN APPLICATION LOCATED ON A SIM CARD
FR2860938A1 (en) * 2003-10-10 2005-04-15 France Telecom MESSAGE PROCESSING DEVICE AND METHOD FOR TELECOMMUNICATION TERMINAL AND TELECOMMUNICATION TERMINAL PROVIDED WITH SUCH A DEVICE
US20050272466A1 (en) 2004-05-03 2005-12-08 Nokia Corporation Selection of wireless local area network (WLAN) with a split WLAN user equipment
US8499153B2 (en) * 2004-06-24 2013-07-30 Nokia Corporation System and method of authenticating a user to a service provider
US20060059341A1 (en) * 2004-09-14 2006-03-16 Dharmadhikari Abhay A Apparatus and method capable of network access

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
3GPP DRAFT, 12 November 2003 (2003-11-12), pages 3 - 030747
3GPP DRAFT, 3 February 2004 (2004-02-03), pages 3 - 040048
3GPP DRAFT, pages 3 - 030747
3GPP TS 33.234 V6.1.0, June 2004 (2004-06-01)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3139650A4 (en) * 2014-05-01 2017-10-25 Sony Corporation Wireless communication apparatus

Also Published As

Publication number Publication date
CN101069403A (en) 2007-11-07
EP1800455A2 (en) 2007-06-27
KR20090052400A (en) 2009-05-25
KR101029568B1 (en) 2011-04-15
WO2006040659A3 (en) 2006-06-29
US20060092953A1 (en) 2006-05-04
KR20070064671A (en) 2007-06-21
US8095179B2 (en) 2012-01-10

Similar Documents

Publication Publication Date Title
KR101029568B1 (en) Proxy smart card applications
US6694134B1 (en) Terminal device emulator
EP1225778B1 (en) Wireless repeater using identification of call originator
US7216231B2 (en) Method and system for establishing a wireless communication link
KR100692115B1 (en) Authentication vector generation device, subscriber identity module, wireless communication system, authentication vector generation method, calculation method, and subscriber authentication method
KR101170843B1 (en) Method and apparatus for efficiently delivering supplementary services to multi-technology capable wireless transmit/receive units
EP1875757B1 (en) Method for the management of a peripheral unit by a sim card in wireless communication terminals, and peripheral unit for implementing the method
CN101088252B (en) Methods of providing multiple data paths using a mobile terminal and related devices
EP1886455B1 (en) System and method for accessing a web server on a device with a dynamic ip-address residing a firewall
EP1121794B1 (en) Accessing a server computer
US20060117109A1 (en) Methods and systems for exposing access network capabilities using an enabler proxy
WO2004010629A2 (en) Method and system for handovers using service description data
WO2007089757A2 (en) Remotely controlling access to subscriber data over a wireless network for a mobile device
WO2001099369A2 (en) Method and system for electronic device authentication
US6795924B1 (en) Sat back channel security solution
CN1732649A (en) Method and apparatus to establish communication
CN100571460C (en) The method and apparatus of secure roaming
CN100555978C (en) Via GPRS and GSM connection management communication equipment
KR20190062402A (en) Substitute cellularless roaming
US20080261654A1 (en) Information processing system
US20080278286A1 (en) Communication Method, System and User Terminal
Ylinen et al. Near field communication network services
EP1999926B1 (en) Improved solution for connectivity
EP2281372B1 (en) Methods for setting up an ip connection using a shared key and related electronic devices and computer program products
WO2022117381A1 (en) System and method for sim card sharing in local area networks

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KM KP KR KZ LC LK LR LS LT LU LV LY MA MD MG MK MN MW MX MZ NA NG NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU LV MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

WWE Wipo information: entry into national phase

Ref document number: 2005850094

Country of ref document: EP

NENP Non-entry into the national phase

Ref country code: DE

WWE Wipo information: entry into national phase

Ref document number: 1020077010812

Country of ref document: KR

WWE Wipo information: entry into national phase

Ref document number: 200580041201.5

Country of ref document: CN

121 Ep: the epo has been informed by wipo that ep was designated in this application
WWP Wipo information: published in national office

Ref document number: 2005850094

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 1020097008386

Country of ref document: KR