WO2006103383A1 - Procede pour faciliter et authentifier des transactions - Google Patents
Procede pour faciliter et authentifier des transactions Download PDFInfo
- Publication number
- WO2006103383A1 WO2006103383A1 PCT/GB2006/000637 GB2006000637W WO2006103383A1 WO 2006103383 A1 WO2006103383 A1 WO 2006103383A1 GB 2006000637 W GB2006000637 W GB 2006000637W WO 2006103383 A1 WO2006103383 A1 WO 2006103383A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- data
- storage means
- authentication
- sim
- authentication storage
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2129—Authenticate client device independently of the user
Definitions
- the invention relates to the facilitation and authentication of transactions.
- transactions between data processing apparatus such as a personal computer
- a (possibly remote) third party are facilitated and authenticated, and such facilitation and authentication may also involve the facilitation and authentication of a payment or data transfer to be made by or on behalf of the user to the third party.
- a method of authenticating an entity including providing that entity with authentication storage means having authentication information stored thereon; coupling the authentication storage means to authenticating means via a plurality of elements of a communications network for exchanging data between the authentication storage means and the authenticating means to authenticate the entity with the authenticating means; wherein said data is transmitted in messages having a predetermined message format recognisable and transmissible by each of said elements in the communications network, which message format is also used to transmit non-authentication data by each of said elements.
- apparatus for authenticating an entity including authentication storage means having authentication information stored thereon; authenticating means for coupling to the authentication storage means via a plurality of elements of a communications network for exchanging data between the authentication storage means and the authenticating means to authenticate the entity with the authenticating means; and means for transmitting said data in messages having a predetermined message format recognisable and transmissible by each of said elements in the communications network, which message format is also used to transmit non-authentication data by each of said elements.
- authentication storage means for authenticating an entity having authentication information stored thereon, the authentication storage means being connectable to authenticating means via a plurality of elements of a communications network for exchanging data between the authentication storage means and the authenticating means to authenticate the entity with the authenticating means; and including means for transmitting said data in messages having a predetermined message format recognisable and transmissible by each of said elements in the communications network, which message format is also used to transmit non- authentication data by each of said elements.
- Figure 1 shows the basic elements of a telecommunications network
- Figure 2 is a block diagram for explaining the operation of the method in relation to the data processing apparatus
- Figure 3 is a perspective view of one configuration of a dongle.
- Figure 4 is a flow chart for use in the understanding the establishment of a communication channel between a SIM and a network operator
- Figures 5A and 5B are a flow chart for use in understanding the authentication process carried out by the data processing apparatus of Figure 2.
- the data processing apparatus may be required to carry out a transaction, such as the exchange of information, with a third party, such as a remote third party with which the communication must be made over a telecommunications link (including via the Internet) .
- the third party may require that the data processing apparatus, or the user thereof for the time being, is authenticated to the satisfaction of the third party before the transaction takes place.
- the transaction may merely involve the exchange of information.
- the user of the data processing apparatus may simply need to be authenticated in order to download information from the third party.
- Such information may be information kept by the third party on behalf of the user of the data processing apparatus (for example, information relating to the user's bank account).
- the information might be information held on other data processing apparatus, such as a data network belonging to an organisation or commercial entity with which the user is connected or by whom the user is employed, thus facilitating access to that network by the user when the user is travelling.
- Another possible transaction may involve the downloading by the data processing apparatus of software from the remote location.
- the transaction may require a payment to be made by the user in order to enable the transaction to take place, such as a payment to the third party in return for the information provided.
- a payment to be made by the user in order to enable the transaction to take place, such as a payment to the third party in return for the information provided.
- the data processing apparatus may be required to operate automatically (for example, intermittently operating in an information-gathering or monitoring role, and reporting the results to a third party). In such cases, it may alternatively or additionally be necessary for the data processing apparatus to authenticate itself to the satisfaction of the third party.
- the data processing apparatus is provided with, or associated with, means (authentication storage means) for storing predetermined authentication information for authenticating that apparatus or a particular user thereof.
- the means for storing the predetermined information is removable and can thus be taken by the user and inserted into any data processing apparatus (or computer) which is adapted to receive it, so as to enable that user to be authenticated in respect to a transaction to be carried out by that user with that computer.
- the means for storing the predetermined information comprises a smart card.
- the smart card is a Subscriber Identity Module or SIM of the type used in and for authenticating the use of handsets in a mobile or cellular telecommunications network - such as a GSM (Group Special Mobile) or UMTS/3 G (Third Generation) network.
- SIM Subscriber Identity Module
- the term "SIM” is used herein, it should be appreciated that the SIM may be a 3 G USIM, an ISIM (IP-based Multimedia Subsystem - IMS), SIM, or a Universal 1 C Card (UICC - a smart card platform defined by ETSI SCP on which a SIM, USIM or ISIM can reside).
- Figure 1 shows a UMTS (3G) mobile or cellular network.
- Mobile terminal 1 is registered with the UMTS (3G) mobile telecommunications network 3.
- the mobile terminal 1 may be a handheld mobile telephone, a personal digital assistant (PDA) or a laptop computer equipped with a datacard.
- the mobile terminal 1 communicates wirelessly with mobile telecommunications network 3 via the radio access network (RAN) of the mobile telecommunications network 3, comprising, in the case of a UMTS network, base station (Node B) 5, and radio network controller (RNC) 7.
- RAN radio access network
- Node B base station
- RNC radio network controller
- Communications between the mobile terminal 1 and the mobile telecommunications network 3 are routed from the radio access network via serving GPRS support nodes (SGSN) 9, which may be connected by a fixed (cable) link to the mobile telecommunications network 3.
- SGSN serving GPRS support nodes
- a multiplicity of other mobile terminals are registered with the mobile telecommunications network 3.
- These mobile terminals include mobile terminals 11 and 13.
- the terminals 11 and 13 communicate with the mobile telecommunications network 3 in a similar manner to the terminal 1, that is via an appropriate Node B 5, RNC 7 and SGSN 9.
- the mobile telecommunications network 3 includes a gateway GPRS support node (GGSN) 17 which enables IP-based communications with other networks, such as the Internet 19 via an appropriate link 21.
- GGSN gateway GPRS support node
- a multiplicity of terminals are connected to the Internet (by fixed or wireless links), and a PC terminal 23 and a PDA terminal 25 are shown by way of example.
- Each of the mobile terminals 1,11 and 13 is provided with a respective SIM 15.
- authentication information is stored thereon under the control of the mobile telecommunications network 3.
- the mobile telecommunications network 3 itself stores details of each of the SIMs issued under its control (including the authentication information) in the SIM management function 50.
- this authentication information includes a plurality of key sets, which can be used to encrypt/decrypt communications with the SIM.
- a terminal 1, 11, 13 is authenticated (for example, when the user activates the terminal in the network with a view to making or receiving calls) by the network sending a challenge to the terminal 1,11,13 incorporating a SIM 15, in response to which the SIM 15 calculates a reply (dependent on the predetermined information held on the SIM - typically an authentication algorithm and a unique key Ki) and transmits it back to the mobile telecommunications network 3.
- the SIM management function 50 of the mobile telecommunications network 3 generates the challenge and which receives the reply from the terminal 1,11,13. Using information pre-stored concerning the content of the relevant SIM 15, the authentication function 50 calculates the expected value of the reply from the mobile terminal 1,11,13. If the reply received matches the expected calculated reply, the SIM 15 and the associated mobile terminal (and the user thereof) are considered to be authenticated.
- the terminal When the terminal is a mobile telephone handset, the terminal communicates wirelessly with the mobile telecommunications network 3 via the network's radio access network, although this is not essential.
- the terminal may communicate with the network via the fixed telephone network (PSTN), via a UMA "access point" and/or via the Internet.
- PSTN fixed telephone network
- the PC 23 and the PDA 25 may also be provided with a SIM 15 under the control of the network, and these SIMs permit authentication also - although not necessarily by transmission of authentication data via the RAN of network 3.
- the format of messages sent to perform authentication varies in dependence upon the type of SIM (e.g.
- SIM used and the type of authentication.
- each of the components of the telecommunications system shown in Figure 1 will be configured to handle authentication messages having a particular one of these formats. If the type of SIM is changed, this would require each of the telecommunication system components to be modified.
- the embodiment described overcomes this problem by transporting the authentication messages in an (Over The Air) OTA data packet or envelope having a standard format - for example, as described in ETSI and 3GPP Standard TS 23.048 "Security Mechanisms for the (U)SIM Application Toolkit - Stage 2", which is hereby incorporated by reference.
- the telecommunication system, components can transport the OTA data packet or envelope if they are compatible with the standard, irrespective of the format of the content of the OTA data packet or envelope.
- the authentication messages need not be in the format conventionally used for a SIM, but may have a different format.
- the SIM 15 used by the terminal 1,11,13,23,25 maybe a SIM of the type defined in the GSM or UMTS standards specifications, or may be a simulation of a SIM - that is, software or hardware that performs a function corresponding to that of the SIM (which may itself be embedded in another device).
- the SIM may be in accordance with the arrangement described in WO-A-2004 036513.
- the authentication process being described does not necessarily authenticate the human identity of the user.
- cellular telecommunication networks have pre-pay subscribers who are issued with SIMs in return for pre-payment enabling them to make calls on the network.
- the identity of such pre-pay subscribers is not known (or not necessarily known) by the networks. Nevertheless, such a user cannot make use of the network until the network has authenticated that user's SIM - that is, has confirmed that such user is a particular user who has a particular pre-paid account with the network.
- the SIMs of such pre-paid users or subscribers could equally well be used (in the manner described) in or in association with data processing apparatus or computers, for the purposes of authenticating that user.
- the SIM may be able to change the authentication information on the SIM (or simulated SIM) to take account of changed circumstances.
- the SIM maybe a SIM registered with a particular cellular telecommunications network - a network applicable to the country or region where the data processing apparatus or computer is to be used.
- circumstances may arise (for example, the apparatus or the computer is physically moved to a different country or region) in which it is desirable or necessary to re-register the SIM with a different cellular telecommunications network. Ways in which this can be done are disclosed in our co-pending United Kingdom patent applications Nos. 0118406.8, 0122712.3 and 0130790.9 and in our corresponding PCT applications Nos.
- a SIM (and thus also a simulated SIM) may be initially provided with authentication (and other) information relating to each of a plurality of networks, the information respective to the different networks being selectively activatable.
- the users could be subscribers to a telecommunications network. Instead, they could be subscribers registered with some other centralised system which could then carry out the authentication process in the same way as in a telecommunications network. In such a case, the registration of a SIM (or simulated SIM) could be transferred from one such centralised system to another in the same manner as described above.
- an aim of the authentication process in the embodiment to be described is to facilitate a transaction between the data processing apparatus or computer and a third party.
- the authentication process is carried out by a telecommunications network, or by some other system, to which the user of the SIM is a subscriber, the satisfactory completion of the authentication process would then be communicated by that network or system to the third party - to enable the transaction to proceed.
- a payment by the user to the third party may be involved.
- An arrangement as described above, in which the authentication process is carried out by a telecommunications network or other centralised system to which the user is a subscriber advantageously facilitates the making of such payments and is particularly advantageous where (as may often be the case) the payment is for a small amount (for example, payment in return for receipt of information - e.g. weather or traffic information, or for temporary use of specific software); in such a case, the payment can be debited to the account of the subscriber held by the telecommunications network or other centralised system - and then, of course, passed on to the third party, perhaps after deduction of a handling charge.
- FIG. 2 schematically illustrates one way of operating the method described above.
- a client platform such as a Windows (RTM) based PC 23, includes an authenticator module 30 which forms part of a client sub-system which supports a SIM Application Toolkit-like command set which provides a bearer independent protocol for communication with other devices.
- the SIM Application Toolkit is described in ETSI and 3GPP Specifications TS 11.11 TS 31,111, TS 11. H and TS 102.223, which are in the public domain and hereby incorporated by reference.
- the commands supported by the authenticator module 30 are hereinafter referred to as "SIMTALK" commands.
- the authenticator module 30 includes a SIMTALK interpreter, which creates SIMTALK data packets. These data packets are transmitted using standardised secure OTA mechanisms - to be described in more detail below.
- a SIM device 32 having a SIM 15 therein is provided, and communication between the SIM device 32 and the authenticator module 30 is performed via connection 36 (which may be a wired or wireless connection).
- the SIM device 32 is capable of receiving and processing SIMTALK commands.
- the SIM device 32 maps received SIMTALK data packets onto Card Application Toolkit (CAT) to transport the SIMTALK commands to the SIM 15.
- CAT commands are bearer independent protocol commands as defined in the ETSI SCP CAT Specification TS 102.223, which is in the public domain and hereby incorporated by reference.
- the SIM 15 may also create SIMTALK data packets; these are transferred to the SIM device 34 using CAT.
- a client application 38 is provided on the PC 10, which allows the user to obtain services from a remote service operator 40. It should be understood that by “remote” it is not intended to imply that there must be a particular geographical distance between the PC 23 and the service operator 40. However, generally the service operator 40 will be controlled independently of the PC 23 - although this is not essential.
- a mobile telecommunication network 3 provides via a service gateway 44 an identity provider service 46, payment provider service 48 and SIM management service 50.
- the service gateway 44 is capable of receiving SIMTALK commands and of generating SIMTALK commands .
- the network 3 may be any type of network — the invention is not restricted to mobile telecommunication networks.
- the service gateway 44 may be provided in a computer that is linked to PC 23 by a local area network, a wide area network and/or the Internet.
- the SIM device 32 may comprise a "dongle" which allows wired or wireles communication with the PC 23.
- the communication between the SIM (or smartcard) and the PC 23 is secure.
- the communications maybe encrypted, or any other means for secure communication may be employed.
- the dongle 32 may receive the SIM 15, or may incorporate software simulating the SIM 15.
- the dongle 32 allows data for authenticating a transaction (or for any other appropriate purpose) to be passed between the dongle 32 and the PC 23 and onwardly to/from the network 32.
- Appropriate connectors are provided within the dongle 32 for allowing electronic exchange of data between the SIM 15 and the dongle 32.
- the dongle 32 further comprises a suitable connector 36 for allowing connection for data communication purposes to the PC 23.
- the connector could be a USB connector, a Firewire 1394 connector a SmartMedia (RTM) connector, a near field connector (e.g. using NFCIP-I protocol).
- RTM SmartMedia
- NFCIP-I protocol e.g. using NFCIP-I protocol
- Bluetooth (RTM) connector infra-red connector or any other suitable connector.
- the housing 52 of the dongle 32 shown in Figure 3 has a variety of push buttons 56 mounted thereon, ten of which have respective numerals from 0 to 9 displayed thereon.
- the dongle 32 includes means (such as software) for receiving the entry of a PIN number from a user by operating the appropriately designated push buttons 56.
- the housing 52 may further optionally provide a display 58 for prompting the user to enter their PIN number and/or for displaying the PIN number as it is entered, if desired, as well as other information.
- the user could be authorised to use the SIM 15 by obtaining some other security information from the user and comparing this with data stored on the SIM 15.
- the data obtained could be the user's fingerprint or some other characteristic which is unlikely to re-occur on another person - for example, any suitable biometric data.
- the details of the fingerprint (or other information) may be stored on the SIM or by the network 3 ID provider 46 (or elsewhere) for comparison with the input data representing the characteristics.
- the SIM used to authenticate the transaction could have the form of a conventional SIM which is provided in the dongle 32.
- This could simply be the SIM that a subscriber to a mobile network uses in their conventional mobile telephone handset to make and receive calls.
- the SIM 15 could be removably fitted directly to the PC 23 or embedded within the PC 23 (such that it cannot be readily removed or cannot be removed at all).
- the SIM may not have a separate physical form, but may be simulated by means of software and/or hardware within the PC 23 or the dongle 32.
- the SIM could be simulated or incorporated into the chip set of the PC 23.
- the SIM could be incorporated or simulated within the central processor unit of the PC 23. Such an arrangement prevents the SIM (or simulated SIM) being removed from the PC 23 (other than by rendering the PC 23 useless).
- SIM is of a form that is not readily removable from the PC 23 or dongle 32
- a subscriber to the telecommunications system may be provided with a second SIM for use, for example, in their mobile telephone handset.
- the same data may be used to provide authentication of transactions as is used to authenticate the SIM with the mobile telephone network when a call is being made.
- the SIM may have separate records for performing each authentication type. There may be a first record containing data and/or algorithms for use in authenticating transactions, and a second, separate record for use in the conventional manner for authenticating the terminal with the telecommunications network.
- the first and second records may have respective authentication keys, unique identifiers to the telecommunications network and/or unique authentication algorithms.
- the mobile telephone handset need not be authenticated with the network 3 fo rthe SIM to authenticate a transaction for the PC 23.
- the dongle 32 may also perform the functions of a conventional data card for use with a PC (or other computing device).
- the dongle will therefore include means for wireless telecommunication with the network 3.
- the dongle will be of a suitable size and will include suitable connectors for allowing it to operate as a data card, in addition to the dongle having the functions described above.
- the authenticator module 30 requests from the SIM 15 data identifying that SIM, and an indication of the identity provider 46 and service gateway 44 to which it belongs (that is the identity provider and service gateway associated with the SIM management function 50 under the control of which the SIM 15 was issued, for example) - step a. These requests by the authenticator module 30 for data from the SIM 15 are passed from the authenticator module 30 to the SIM device 32.
- the SIM device 32 forwards the request to the SIM 15 - step b.
- the SIM 15 returns its identity data, the service gateway 44 address and the address of its identity provider 46 - step c.
- the SIM device 32 forwards this data to the authenticator module 30 - step d.
- the authenticator module 30 then contacts the service gateway 44 to request initialisation data therefrom - step e.
- the authenticator module 30 may be provided with a "global" key - for example, a key that is provided to all authenticator modules 30 issued under control of the network 3. Such a key may be obfuscated in implementation. Also, the key may be updated if it is compromised.
- the authenticator module 30 provides the global key to the service gateway 44 to verify the integrity of the authenticator module 30.
- the initialisation data request is passed by the service gateway 44 to the identity provider 46.
- the identity provider checks the SIM identity data, service gateway 44 address and identity provider 46 address, and if this information is determined to be correct, the identity provider 46 generates initialisation data for the service gateway 44 which enable the service gateway 44 to establish an OTA communication path to the SIM 15 ( via the authenticator module 30 and SIM device 32) - step f.
- authentication information for each SIM is stored by the ID provider 46.
- the ID provider 46 selects a suitable key set (using key set data obtained from the SIM management function 50) for encrypting the content of the OTA data packets transmitted over the communication path.
- the header of each OTA data packet includes an indication of the type of OTA data packet (e.g. SMS text message, authentication message, etc.) and an indication of the key set selected - but not the keys themselves.
- This header data is received by the SIM 15. If it is determined that the data packet is an authentication message, the SIMTALK commands are extracted and the key set indicator is identified. The corresponding key set provided in the SIM during manufacture is accessed and used to decrypt messages received from the service gateway during the communication session now established. Optionally, new key sets may be transmitted to the SIM and corresponding key sets stored in the SIM management function 50, in order to allow new key sets to be used to encrypt messages.
- the OTA data packages are of a standard format as defined by the ETSI 3GPP Standard TS 23.048, which is in the public domain and is incorporated herein by reference.
- the form of the OTA data packages is bearer-independent.
- the OTA data packet are not necessarily transmitted over the air. They may be transmitted over the air or they may be transmitted over a fixed (wired network) including the Internet.
- the subscriber When the subscriber wishes to use a service provided by a remote service operator 40 (step A of the flow chart shown in Figure 5A), the subscriber couples their SIM 15 to the PC 23 by inserting their dongle 32 containing the SIM 15 into the appropriate connecting slot of the PC 23 or using a wireless link (step B). The subscriber then activates on the PC 23 the relevant client application 32 to obtain a required service (step C).
- the client application 32 could be special software provided by or under control of a service operator 40 for installation on the subscriber's PC 23.
- a client application 32 might be a web browser for visiting an appropriate web site of the service operator 40.
- FIG. 2 To illustrate the operation of the system shown in Figure 2, an example will be given for a subscriber wishing to purchase a particular CD from a vendor which is a service operator 40.
- a graphical user interface present on the PC 23 the subscriber launches web browser software provided on the PC 23 and, via the Internet, accesses the web site of the service operator 40.
- the web browser software constitutes the client application 32, and allows access to the web site associated with the service operator 40 which distributes CDs.
- Data communication between the client application 32 and the service provider 40 may be by a fixed network (e.g. PSTN) or by a wireless network — such as the network 3 or another mobile telecommunications network.
- a fixed network e.g. PSTN
- a wireless network such as the network 3 or another mobile telecommunications network.
- the subscriber then enters the details required by the service operator 40 (such as their name and address) - step D.
- the subscriber searches the web site to identify the CD that the subscriber wishes to purchase.
- the subscriber causes the client application 32 to send a request for service message to the service operator 40 (step E) - for example by making a mouse click on a "purchase CD" button provided by the web site.
- the message includes data identifying the CD required, data identifying the subscriber (such as the subscriber's SIM identifier), including a field indicating that the subscriber has installed on their PC an authenticator module 30 which can authenticate a transaction by means of the subscriber's SIM 15.
- the service operator 40 has been provided with certain details of the subscriber, including the subscriber's name, address and the CD that they wish to order. This information might be provided by somebody who is not truly the subscriber.
- the service operator 40 constructs a service context S c (step F).
- the service context is a data packet including the following fields:
- An identifier of the service operator 40 o
- the subscriber's name (or other identifier such as a SIM identifier) o Details of the transaction to be authenticated (in this case the purchase of a CD)
- the service context Sc is sent via the Internet to the client application 32.
- the client application 32 passes the service context S c to the authenticator module 30 (step G).
- the client application 32 may add its own identifier to the service context S c to allow the network 3 to determine from which client application the transaction is derived.
- the authentication module 30 analyses the service context and establishes that a request for authentication of the transaction by the network 3 is required.
- the authentication module 30 detects whether the subscriber's dongle 32 containing their SIM 15 is present (step H). If the dongle 32 is not present, the user is prompted to make their dongle available.
- the authentication module 30 may also display a description of the transaction to be authenticated - and the subscriber can be provided with the option to approve or disapprove the transaction. Assuming the dongle is present and the transaction is approved by the subscriber, the authentication module 30 then sends a request to the service gateway 44 of the network 3 for a security token S x (step I).
- the request sent to the service gateway 44 includes the service context Sc- That data maybe transmitted over any suitable network. For example, the data may be transmitted via the Internet. The data may be transmitted over a fixed telephone network, or over the mobile or cellular infrastructure of telecommunications network 3.
- the subscriber will thereafter be authenticated by the service gateway 44 performing a challenge and response session with the SIM (by sending data via the authenticator module 30) - step J.
- the service gateway 44 will send a random challenge to the authenticator module 30, which is transmitted to the SIM 15.
- This challenge is sent as an OTA data packet that is ; encrypted using a selected key set in the manner described above.
- the SIM decrypts the OTA data packet using the corresponding key set stored on the SIM.
- the decrypted challenge is then extracted.
- the SIM 15 responds by encrypting the random challenge using both an authentication algorithm and a unique key Ki resident within the SIM 15 and assigned to that particular subscriber.
- the response is encrypted using the selected key set and encapsulated in an OTA data packet with a header indicating the key set used (and also the nature and destination of the OTA data packet).
- the OTA data packet is transmitted to the service gateway 44 via the authenticator module 30.
- the service gateway 44 decrypts the OTA data packet using the key set data obtained from the SIM management function 50 via the ID provider 46.
- the decrypted SIM response is then passed to the ID provider 46.
- the ID provider 46 analyses the response to determine whether it is the response that would be expected from that subscriber' s SIM 15. If the response is as expected, then the service gateway 44 issues a security token S x and sends this to the authenticator module 30 (step K).
- the authenticator module 30 itself need not understand the data exchanged during the challenge and response procedure - it merely acts as a conduit for this data - indeed, it will not be able to decrypt the OTA data packets because the key sets are not known to it.
- the OTA challenge data packet generated by the service gateway 44 may include a SIMTALK command which requires the subscriber to provide some security data, such as a PIN or biometric data.
- This SIMTALK command is extracted and executed by the SIM.
- the SIM then sends a command to the SIM device 32 to prompt the user to enter their PIN using the buttons 56 (or to provide biometric data).
- the PIN (or biometric data) is encapsulated in the encrypted response OTA data packet, and is compared with a,pre-stored PIN or biometric data that the subscriber has previously provided to the ID provider 46.
- the SIM 15 includes secret data such as the authentication algorithm and the unique key Ki. It is important that this data is not obtained by an unauthorised party.
- secret data such as the authentication algorithm and the unique key Ki. It is important that this data is not obtained by an unauthorised party.
- the secret data on the SIM is not vulnerable because access to the SIM is by a mobile telephone handset which operates according to strict international standards. Only mobile telephone handsets that comply with these standards are allowed to be used in conjunction with the SIM and a mobile telecommunications network.
- the SIM is coupled to a PC 23, the secret data on the SIM may potentially be accessed by any application on or which accesses the PC 23. Therefore, the secret data on the SIM 15 is much more vulnerable to unauthorised access than when the SIM is used in a mobile telephone handset in the conventional way.
- the SIM 15 is configured to only allow limited access to the data on the SIM by the PC 23.
- SIM security modes There may be several different SIM security modes, which may be selectable by the user or network 3.
- mode 1 it is only possible for an application on the PC 23 to read identification data such as the SIM ID, SIM issuer ID and service gateway 44 and ID provider 46 address. It is not possible for the PC 23 to retrieve any other data from the SIM 15, thereby protecting the secret data stored on the SIM 15.
- the only application of the PC 23 that is allowed to access the SIM 15 is the authenticator module 30.
- the software to implement the authenticator module 30 includes a public-private key pair. These keys may be installed on the PC 23, together with the authenticator module software, prior to distribution of the PC 23 to the subscriber. Alternatively, the authenticator module 30 software and the keys may be distributed to the subscriber on a recordable media, such as a CD-rom, for installation on the PC 23.
- the SIM 15 issues a SIMTALK command to the authenticator module to request its public key and certificate.
- the SIM 15 has pre-stored thereon the root certificate associated with the authenticator module 30, and is able to check that the certificate of the authenticator module 30 is valid.
- the SIM 15 determines that the authenticator module's 30 certificate is valid, the SIM 15 generates a session key and sends this to the authenticator module 30.
- the authenticator module 30 uses this key to encrypt communications with the SIM 15.
- Knowledge of the session key enables the SIM 15 to decrypt these communications.
- the SIM 15 can therefore assume that any communications encrypted using the session key are from a trusted authenticator module (by virtue of that authenticator module having a valid certificate).
- the network 3 provides the SIM 15 with an update of valid certificates from time to time.
- the network 3 becomes aware that an authenticator module 30 has been compromised in some way, its certificate will be revoked, and this will be communicated to the SIM 15.
- the authenticator module 30 sends its public key and certificate to the SIM 15 (for example at power-up of the PC 23)
- the SIM 15 will detect that the certificate has been revoked, and will not issue a session key, so that communication between the authenticator module 30 and the SIM 15 in this security mode is not possible.
- Security mode 3 has been described in detail above, and allows an OTA communication channel to be established between the SIM 15 and the service gateway 44.
- an OTA communication channel can only be used to transmit SIMTALK commands to the SIM 15 when the GSM/3 G challenge and response procedure has been completed successfully. That is, communication in this security mode will only be possible between the service gateway 44 and the SIM 15.
- the authenticator module 30 will not be able to access the content of the data packets as they are encrypted using key sets known only to the ID provider 46 (and the SIM management function 50) and the SIM 15.
- Security mode 4 is similar to security mode 2; however there is no pre-required procedure for interaction with any other modes.
- Security mode 4 is typically used for communicating Network Access credentials such as WLAN. For the WLAN authentication this option always requires the WLAN to terminate any cryptographic authentication processing on the SIM, i.e. the EAP-Client should reside on the SIM rather with the PC application.
- the security token Sx is passed to the client application 38 (step L).
- the client application 38 then passes the security token to the service operator 40 (step M).
- the security token Sx includes data specific to a particular subscriber and a transaction with a particular by the service operator 40. Numerous transactions may be handled by the network 3, authenticator module 30 and service operator 40 in parallel. These will be distinguishable from one another by virtue of the data specific to a particular transaction with a particular by the service operator 40 in the security token S x .
- security token Sx is intercepted as it passes between the network 3 and the authenticator module 30 or between the client application 38 and the service operator 40, it will have no value to the interceptor.
- the security token S x is specific to particular transaction with a particular by the service operator 40, and the provision of a service to a particular subscriber.
- the service operator 40 On receipt of the security token S x by the service operator 40 its content is analysed and, if it is established that it corresponds to a service context Sc issued by the service operator 40, the service operator 40 may assume that the request for service (order of a CD) is legitimately made by the subscriber.
- the service operator 40 could present the Security Token Sx to the Identity Provider 46 to check the validity of the token.
- the Identity Provider 46 checks the integrity of the Security Token Sx (e.g. checks whether it was issued by the identity provider 46 or another, trusted identity provider) and validates the content of the Security Token Sx.
- the identity provider 46 then sends a response to the service operator 40 indicating that the Security Token Sx is valid.
- the service gateway 44 may send data to the service operator 40 that allow the service operator 40 itself to determine the integrity and validity of the Security Token Sx.
- the CD can then be despatched.
- the service provider 22 may generate a payment context P c and use this to obtain payment from the user's account with the network 3 in the manner described in WO-A-2004 036513. Of course other methods of obtaining payment may be used.
- the communications between the PC 23 and the network 3 are preferably encrypted, as described above. It is also preferable for communications between the components within the PC 23 and within the network 3 to be encrypted- for example by use of shared keys.
- the PC 23 described in the embodiment above may be modified in accordance with an aspect of the present invention to include an integral data card module (that is, apparatus for communicating wirelessly with the radio access network of the telecommunications network 3).
- the SIM 15 In order to allow a so-equipped PC 23 to communicate with the mobile telecommunications network 3, the SIM 15 must be associated with the module to facilitate authentication with the network 3.
- the SIM 15 is readily removable from the PC.
- the SIM may be removably inserted in a SIM card receiving slot provided on the PC or connected to the PC using a dongle in the manner described above.
- the data card module is configured so that it communicates with the SIM 15 (only) via the BIOS (basic input/output system) of the PC 23. Therefore communications between the SIM 15 and the module can be made without transmitting authentication data via the operating system.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2008503568A JP5154401B2 (ja) | 2005-03-31 | 2006-02-23 | トランザクションの円滑化および認証 |
EP06709869A EP1869608A1 (fr) | 2005-03-31 | 2006-02-23 | Procede pour faciliter et authentifier des transactions |
US11/910,230 US8737964B2 (en) | 2005-03-31 | 2006-02-23 | Facilitating and authenticating transactions |
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
GB0506570.1 | 2005-03-31 | ||
GBGB0506570.1A GB0506570D0 (en) | 2005-03-31 | 2005-03-31 | Facilitating and authenticating transactions |
GB0507587.4 | 2005-04-14 | ||
GB0507587A GB2424807B (en) | 2005-03-31 | 2005-04-14 | Facilitating and authenticating transactions |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2006103383A1 true WO2006103383A1 (fr) | 2006-10-05 |
Family
ID=36406538
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/GB2006/000637 WO2006103383A1 (fr) | 2005-03-31 | 2006-02-23 | Procede pour faciliter et authentifier des transactions |
Country Status (2)
Country | Link |
---|---|
EP (1) | EP1869608A1 (fr) |
WO (1) | WO2006103383A1 (fr) |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2009106003A1 (fr) * | 2008-02-29 | 2009-09-03 | 西安西电捷通无线网络通信有限公司 | Appareil et procédé pour mise en œuvre de l'authentification d'accès de téléphone mobile dans un réseau local radio |
EP2182750A1 (fr) * | 2008-10-30 | 2010-05-05 | Vodafone Group PLC | Procédés et dispositifs d'enregistrement d'une carte intelligente dans un réseau utilisé en tant que réseau domestique |
US20160134629A1 (en) * | 2013-12-19 | 2016-05-12 | Nxp B.V. | Binding mobile device secure software components to the sim |
CN107332817A (zh) * | 2012-02-14 | 2017-11-07 | 苹果公司 | 支持多个访问控制客户端的移动装置和对应的方法 |
EP3262814A4 (fr) * | 2015-02-27 | 2018-02-28 | Samsung Electronics Co., Ltd. | Attestation par mandataire |
US10193700B2 (en) | 2015-02-27 | 2019-01-29 | Samsung Electronics Co., Ltd. | Trust-zone-based end-to-end security |
US11107047B2 (en) | 2015-02-27 | 2021-08-31 | Samsung Electronics Co., Ltd. | Electronic device providing electronic payment function and operating method thereof |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20010045451A1 (en) * | 2000-02-28 | 2001-11-29 | Tan Warren Yung-Hang | Method and system for token-based authentication |
US20030012159A1 (en) | 2001-07-13 | 2003-01-16 | Dan Vassilovski | System and method for mobile station authentication using session initiation protocol (SIP) |
GB2378094A (en) * | 2001-07-27 | 2003-01-29 | Vodafone Plc | Re-registering a SIM card with a new home network |
WO2004036467A1 (fr) | 2002-10-17 | 2004-04-29 | Vodafone Group Plc. | Facilitation et authentification de transactions |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7149545B2 (en) * | 2002-05-30 | 2006-12-12 | Nokia Corporation | Method and apparatus for facilitating over-the-air activation of pre-programmed memory devices |
-
2006
- 2006-02-23 EP EP06709869A patent/EP1869608A1/fr not_active Ceased
- 2006-02-23 WO PCT/GB2006/000637 patent/WO2006103383A1/fr active Application Filing
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20010045451A1 (en) * | 2000-02-28 | 2001-11-29 | Tan Warren Yung-Hang | Method and system for token-based authentication |
US20030012159A1 (en) | 2001-07-13 | 2003-01-16 | Dan Vassilovski | System and method for mobile station authentication using session initiation protocol (SIP) |
GB2378094A (en) * | 2001-07-27 | 2003-01-29 | Vodafone Plc | Re-registering a SIM card with a new home network |
WO2004036467A1 (fr) | 2002-10-17 | 2004-04-29 | Vodafone Group Plc. | Facilitation et authentification de transactions |
Non-Patent Citations (1)
Title |
---|
See also references of EP1869608A1 * |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2009106003A1 (fr) * | 2008-02-29 | 2009-09-03 | 西安西电捷通无线网络通信有限公司 | Appareil et procédé pour mise en œuvre de l'authentification d'accès de téléphone mobile dans un réseau local radio |
EP2182750A1 (fr) * | 2008-10-30 | 2010-05-05 | Vodafone Group PLC | Procédés et dispositifs d'enregistrement d'une carte intelligente dans un réseau utilisé en tant que réseau domestique |
US9357375B2 (en) | 2008-10-30 | 2016-05-31 | Vodafone Group Plc | Telecommunications systems and methods and smart cards for use therewith |
CN107332817A (zh) * | 2012-02-14 | 2017-11-07 | 苹果公司 | 支持多个访问控制客户端的移动装置和对应的方法 |
EP3541106A1 (fr) * | 2012-02-14 | 2019-09-18 | Apple Inc. | Procédés et appareil de gestion de certificats euicc |
US20160134629A1 (en) * | 2013-12-19 | 2016-05-12 | Nxp B.V. | Binding mobile device secure software components to the sim |
US9584514B2 (en) * | 2013-12-19 | 2017-02-28 | Nxp B.V. | Binding mobile device secure software components to the SIM |
EP3262814A4 (fr) * | 2015-02-27 | 2018-02-28 | Samsung Electronics Co., Ltd. | Attestation par mandataire |
US10193700B2 (en) | 2015-02-27 | 2019-01-29 | Samsung Electronics Co., Ltd. | Trust-zone-based end-to-end security |
US11107047B2 (en) | 2015-02-27 | 2021-08-31 | Samsung Electronics Co., Ltd. | Electronic device providing electronic payment function and operating method thereof |
Also Published As
Publication number | Publication date |
---|---|
EP1869608A1 (fr) | 2007-12-26 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8737964B2 (en) | Facilitating and authenticating transactions | |
KR100951142B1 (ko) | 무선 네트워크를 이용해 신용 카드 개인화를 가능하게 하는방법, 시스템 및 모바일 장치 | |
US20200029215A1 (en) | Secure short message service (sms) communications | |
CN100477834C (zh) | 安全装置的安全和保密性增强 | |
EP2255507B1 (fr) | Système et procédé destinés à réaliser un envoi sécurisé de justificatifs d'identité d'abonnement à des dispositifs de communication | |
US8832795B2 (en) | Using a communications network to verify a user searching data | |
US7634280B2 (en) | Method and system for authenticating messages exchanged in a communications system | |
US7380125B2 (en) | Smart card data transaction system and methods for providing high levels of storage and transmission security | |
EP1216538B1 (fr) | Procede et appareil permettant d'executer un transfert de donnees securise dans un reseau hertzien | |
US20160285849A1 (en) | System and Method for Identity Management for Mobile Devices | |
EP3433994B1 (fr) | Procédés et appareil d'authentification basée sur sim de dispositifs sans sim | |
US20090119759A1 (en) | Method and Arrangement for Secure Authentication | |
EP2469374A1 (fr) | Facilitation et authentification de transactions | |
MXPA02002018A (es) | Seguridad dce gsm para redes de datos por paquete. | |
JP2010259074A (ja) | ワイヤレスアプリケーションプロトコルに基づく機密セッションの設定 | |
WO2006103383A1 (fr) | Procede pour faciliter et authentifier des transactions | |
CN101944216A (zh) | 双因子在线交易安全认证方法及系统 | |
CN109583154A (zh) | 一种基于Web中间件访问智能密码钥匙的系统及方法 | |
EP1715437A2 (fr) | Contrôle d'accès à des données | |
CN102264069B (zh) | 基于通用引导架构的认证控制方法、装置及系统 | |
KR100726074B1 (ko) | 무선 인터넷 사용자 인증 방법 및 시스템 | |
Knospe et al. | Secure mobile commerce | |
KR20200003767A (ko) | 결제 처리 시스템 | |
Sá | Digital receipts for local transactions in commercial spaces |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
WWE | Wipo information: entry into national phase |
Ref document number: 2008503568 Country of ref document: JP |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWW | Wipo information: withdrawn in national office |
Country of ref document: DE |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2006709869 Country of ref document: EP |
|
NENP | Non-entry into the national phase |
Ref country code: RU |
|
WWW | Wipo information: withdrawn in national office |
Country of ref document: RU |
|
WWE | Wipo information: entry into national phase |
Ref document number: 200680019419.5 Country of ref document: CN |
|
WWP | Wipo information: published in national office |
Ref document number: 2006709869 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 11910230 Country of ref document: US |