WO2008060042A1 - Method for securely transmitting device management message via broadcast channel and server and terminal thereof - Google Patents

Method for securely transmitting device management message via broadcast channel and server and terminal thereof Download PDF

Info

Publication number
WO2008060042A1
WO2008060042A1 PCT/KR2007/005253 KR2007005253W WO2008060042A1 WO 2008060042 A1 WO2008060042 A1 WO 2008060042A1 KR 2007005253 W KR2007005253 W KR 2007005253W WO 2008060042 A1 WO2008060042 A1 WO 2008060042A1
Authority
WO
WIPO (PCT)
Prior art keywords
message
authentication value
terminal
device management
server
Prior art date
Application number
PCT/KR2007/005253
Other languages
French (fr)
Inventor
Min-Jung Shon
Sung-Mu Son
Seung-Jae Lee
Youn-Sung Chu
Te-Hyun Kim
Original Assignee
Lg Electronics Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Lg Electronics Inc. filed Critical Lg Electronics Inc.
Priority to US12/514,526 priority Critical patent/US20100042836A1/en
Publication of WO2008060042A1 publication Critical patent/WO2008060042A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/18Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication

Definitions

  • the present invention relates to a broadcast (hereafter, referred to as 'BCAST') and a device management (DM), and particularly, to securely transmitting DM messages via a broadcast channel.
  • a broadcast hereafter, referred to as 'BCAST'
  • DM device management
  • a broadcast service refers to a service for providing broadcasting or various additional information via mobile terminals.
  • the broadcast service denotes a new type of service for a mobile terminal which includes both a broadcast service by which a service provider provides all subscribers subscribed to his services with useful information, and a multicast service by which a service provider provides various information only to a certain group of subscribers each subscribed to a particular subject or content.
  • a Device Management (DM) technology is typically based on bidirectional protocol and one-to-one communication protocol by which a DM server exchanges DM messages with DM clients (hereafter, referred to as 'terminal') via DM sessions.
  • the DM server must establish a DM session in order to transfer a DM command to the terminal.
  • the DM server may send a DM session notification message to the terminal in a PUSH manner in order to establish the DM session.
  • the terminal having received the message accesses the DM server to request for a DM session connection, the DM session can be established between the terminal and the DM server.
  • a BCAST server may provide BCAST services to terminals via a BCAST channel as a one way channel. Therefore, when the BCAST server (i.e., corresponding to a DM server from a DM perspective) sends a DM message to terminals, the DM message may be sent from the BCAST server to the terminals via the BCAST channel. However, from the perspective of the terminal, it should be authenticated (certified) whether the DM message received via a BCAST channel is available(validate, or appropriate) for the terminal. To this end, a separate channel is required to authenticate (certify) whether a DM message exchanged between the DM server and the terminal is available(validate, or appropriate) for the terminal.
  • the related art BCAST server sends a DM message via a one way BCAST channel, which requires a separate channel to be allocated for a message authentication. If the separate channel is allocated to authenticate the DM message, it may decrease channel efficiency as well as waste channel resource. Disclosure of Invention Technical Solution
  • an object of the present invention is to provide a method for authenticate
  • Another object of the present invention is to include a timestamp in a DM message sent from a BCAST server to a terminal via a one way channel, so as to increase efficiency when determining validity of the DM message.
  • a method for transmitting a message between devices comprising: transmitting a message including a first authentication value from a server to at least one terminal via a specific channel; receiving the message by the terminal to generate a second authentication value; and to thereafter compare the first authentication value with the generated second authentication value.
  • the comparing step may comprise determining the message to be available when the first authentication value is equal to the second authentication value, and determining the message not to be available when the first authentication value is different from the second authentication value.
  • the comparing step may further comprise executing the message when it is determined the message is available, and revoking the message when it is determined the message is not available.
  • a method for securely transmitting a message in a BCAST service may comprise: transmitting, by a server, a message which includes a first authentication value generated based upon a specific algorithm to at least one terminal via a broadcast channel; generating a second authentication value using the received message based upon the specific algorithm in the terminal; and comparing the first authentication value with the second authentication value.
  • a server may comprise: an authentication managing unit adapted to generate an authentication value; a message generating unit adapted to generate a device management message including at least one of the generated authentication value and a timestamp; and a transceiving unit adapted to transmit the generated message to at least one terminal via a broadcast channel.
  • a terminal may comprise: a transceiving unit adapted to receive a device management message including a first authentication value via a broadcast channel; and a controlling unit adapted to generate a second authentication value using the received device management message, extract the first authentication value from the device management message, and compare the first authentication value with the second authentication value.
  • a method for securely transmitting a message in a BCAST service may comprise: receiving a device management message including at least a first authentication value from a server; generating a second authentication value using the device management message based upon a specific algorithm; extracting the first authentication value from the device management message; and comparing the first authentication value with the second authentication value.
  • FIG. 1 is a block diagram of a BCAST server and a terminal in accordance with one embodiment of the present invention.
  • FIG. 2 is a block diagram illustrating a configuration of a device management message and a method for securely transmitting the device management message in accordance with one embodiment of the present invention.
  • the present invention may be applied to a Broadcasting (BCAST) system and a
  • DM Device Management
  • the present invention conceptually relates to securely transmitting a DM message including an authentication value from a BCAST server to a plurality of terminals via a one way BCAST channel. That is, the present invention may not require a separate channel used to authenticate (certify) the DM message received by the terminals from the BCAST server.
  • a BCAST server may include in a DM message a first authentication value (e.g., a signature value generated based upon RSA-RSS algorithm) and a timestamp, and then sends the DM message to at least one terminal via a one way channel (e.g., BCAST channel) or a bidirectional channel (e.g., an interaction channel).
  • a first authentication value e.g., a signature value generated based upon RSA-RSS algorithm
  • a timestamp e.g., a timestamp
  • the terminal may receive the DM message to generate a second authentication value (e.g., a signature value generated based upon the RSA-RSS algorithm).
  • the terminal may determine that the DM message received is available (validate) and thusly executes the DM message.
  • the terminal may determine that the DM message received is not available (validate), and may thereby revoke the received DM message.
  • the timestamp included in the DM message may be used to determine whether a message received is equal to a previously received message. The timestamp may be generated by another entity other than the BCAST server.
  • FIG. 1 is a block diagram of a BCAST server and a terminal in accordance with one embodiment of the present invention.
  • a wireless channel through which a DM message is transferred is implemented as one way channel in Fig. 1.
  • the wireless channel can be implemented as an interaction channel.
  • a BCAST server 100 may comprise an authentication managing unit 101 adapted to generate an authentication value (e.g., a signature value), a message generating unit 102 adapted to generate a DM message, a transceiving unit 103 adapted to transmit the generated DM message to at least one terminal 200 via a one way channel (e.g., BCAST channel or OMA BCAST TP-5 channel) or a bidirectional channel (e.g., an interaction channel), and a timestamp managing unit 104 adapted to generate a timestamp.
  • the timestamp managing unit 104 may be configured in an independent entity other than in the BCAST server 100.
  • the terminal 200 may comprise a transceiving unit 201 adapted to receive a DM message sent by the BCAST server 100, and a controlling unit (or comparing/determining unit) adapted to generate an authentication value (i.e., an authentication value generated by the terminal) using the received DM message, extract an authentication value (i.e., an authentication value generated by the server) included in the DM message, and compare the extracted authentication value with the generated authentication value to determine whether the au- thentication values are equal to each other.
  • a transceiving unit 201 adapted to receive a DM message sent by the BCAST server 100
  • a controlling unit or comparing/determining unit
  • the terms of the components of the BCAST server 100 and the terminal 200 may not be limited to the terms, but be applied to all components which can perform their functions. Also, they may be applied to other components having combined functions of each component.
  • the BCAST server 100 may transmit a DM message including an authentication value to the terminal 200 via a one way channel in order to securely transmit the DM message.
  • the authentication managing unit 101 may generate a first authentication value (i.e., an authentication value generated by a server) to be included in the DM message based upon a specific algorithm such as RSA-RSS.
  • the authentication managing unit 101 may generate the first authentication value depending on other algorithms other than the RSA-RSS.
  • the first authentication value may be a signature value, for example.
  • the message generating unit 102 may receive the first authentication value from the authentication managing unit 101 and include the first authentication value in a DM message, thereby generating a message (i.e., a security-ensured DM message) to be transmitted to the terminal 200. Also, the message generating unit 102 may generate the DM message by further including a timestamp therein. Here, the timestamp may be generated by the timestamp managing unit 104. The timestamp may include time information as to when a certain DM message is generated.
  • the DM message generated by the message generating unit 102 is illustrated in Fig. 2. That is, the DM message may include the first authentication value (i.e., the signature value) as information for the device management, and may optionally include the timestamp.
  • the first authentication value i.e., the signature value
  • the DM message generated by the message generating unit 102 may be transferred to the transceiving unit 103.
  • the transceiving unit 103 may then forward the DM message to the terminal 200 via a one way channel (e.g., BCAST channel or TP-5).
  • a one way channel e.g., BCAST channel or TP-5.
  • the BCAST server 100 can transmit a series of DM messages (i.e., DM messages each including a signature value and a timestamp) to the terminal 200.
  • the transceiving unit 201 of the terminal 200 receives the DM message transmitted by the BCAST server 100.
  • the controlling unit 202 may extract the first authentication value (i.e., the signature value generated by the server based upon RSA-RSS) from the received DM message.
  • the controlling unit 202 may then generate a second authentication value (i.e., a signature value) using the received DM message based upon the RSA-RSS algorithm, and compare the first authentication value with the second authentication value to determine their correspondence.
  • the RSA-RSS algorithm may be the same as the algorithm used by the BCAST server for generating the first authentication value. If the algorithm is different from the algorithm used by the BCAST server for generating the first authentication value, the terminal 200 should generate the second authentication value based upon the same algorithm as that used by the BCAST server 100.
  • the controlling unit 202 may determine that the received DM message is available (validate), and thusly execute DM information included in the DM message. However, if the two authentication values are not equal to each other according to the result of the comparison, the controlling unit 202 may determine that the DM message is not available, and thereby revoke the message.
  • the revocation may mean 'delete', 'ignore' or 'return' of the message.
  • the controlling unit 202 may extract the timestamp if it is included in the received DM message. The controlling unit 202 may then determine whether the received DM message is the same as a previously received DM message using time information included in the timestamp. For example, as illustrated in Fig. 2, it is assumed that the terminal 200 has received a DM message 2 after a DM message 1 was received. As one example, time information included in the timestamp of the DM message 1 may be '13: 10: 05' (hh: mm: ss) and time information included in the timestamp of the DM message 2 may be ' 13: 30: 05'. The timestamp may also include information related to year and date; however, those information may be omitted in the present invention for the sake of brief description. Therefore, the time difference between the generation times of the DM messages 1 and 2 apparently goes to 20 minutes.
  • the controlling unit 202 of the terminal 200 may check the time information (e.g.,
  • the controlling unit 202 may revoke the DM message 2.
  • the tolerance (threshold) of the timestamp may act as a criterion for determining whether a DM message received by the terminal 200 is the same as a previously received message.
  • the present invention can securely transmit a DM message from a BCAST server to a terminal, for example, via a one way channel. Therefore, it is effective to ensure security of the DM message even if it is transmitted via the one way channel.
  • a DM message including an authentication value may be transmitted from a BCAST server to a terminal via one way channel or an interaction channel, it is effective to determine whether the DM message is available using the authentication value.
  • BCAST server to a terminal via one way channel, it is effective to determine whether the DM message is equal to a previously received message and the DM message should be executed based upon time information in the timestamp.
  • the present invention can employ hardware, software or combination thereof.
  • the methods according to the present invention may be stored in a storage medium (e.g., an internal memory in a mobile terminal, a flash memory, a hard disc, etc.), or may be implemented as codes or commands within a software program which can be operated by a processor (e.g., a microprocessor in a mobile terminal).
  • a storage medium e.g., an internal memory in a mobile terminal, a flash memory, a hard disc, etc.
  • a processor e.g., a microprocessor in a mobile terminal
  • a server and a terminal in the present invention may be implemented as one device, and a DM message transmitted from the server to the terminal may be a specific message which functions as the DM message. Therefore, the present invention can be applied to both method and apparatus for securely transmitting a message between devices.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

A secure transmission of a device management message via a broadcast (BCAST) channel, by which a BCAST server can securely transmit a device management message including an authentication value to a plurality of terminals via a one way BCAST channel, and accordingly the terminals is not required to use a separate channel for authenticating the device management message received from the BCAST server.

Description

Description
METHOD FOR SECURELY TRANSMITTING DEVICE
MANAGEMENT MESSAGE VIA BROADCAST CHANNEL AND
SERVER AND TERMINAL THEREOF
Technical Field
[1] The present disclosure relates to subject matter contained in priority US Provisional
Application No. 60/858,363, filed on November 13, 2006 and Korean Application No. 10-2007-0073020, filed on July 20, 2007, which are herein expressly incorporated by reference in its entirety.
[2] The present invention relates to a broadcast (hereafter, referred to as 'BCAST') and a device management (DM), and particularly, to securely transmitting DM messages via a broadcast channel. Background Art
[3] A broadcast service refers to a service for providing broadcasting or various additional information via mobile terminals. The broadcast service denotes a new type of service for a mobile terminal which includes both a broadcast service by which a service provider provides all subscribers subscribed to his services with useful information, and a multicast service by which a service provider provides various information only to a certain group of subscribers each subscribed to a particular subject or content.
[4] A Device Management (DM) technology is typically based on bidirectional protocol and one-to-one communication protocol by which a DM server exchanges DM messages with DM clients (hereafter, referred to as 'terminal') via DM sessions. The DM server must establish a DM session in order to transfer a DM command to the terminal. Thus, the DM server may send a DM session notification message to the terminal in a PUSH manner in order to establish the DM session. Here, when the terminal having received the message accesses the DM server to request for a DM session connection, the DM session can be established between the terminal and the DM server.
[5] Recently, a BCAST server may provide BCAST services to terminals via a BCAST channel as a one way channel. Therefore, when the BCAST server (i.e., corresponding to a DM server from a DM perspective) sends a DM message to terminals, the DM message may be sent from the BCAST server to the terminals via the BCAST channel. However, from the perspective of the terminal, it should be authenticated (certified) whether the DM message received via a BCAST channel is available(validate, or appropriate) for the terminal. To this end, a separate channel is required to authenticate (certify) whether a DM message exchanged between the DM server and the terminal is available(validate, or appropriate) for the terminal.
[6] As such, the related art BCAST server sends a DM message via a one way BCAST channel, which requires a separate channel to be allocated for a message authentication. If the separate channel is allocated to authenticate the DM message, it may decrease channel efficiency as well as waste channel resource. Disclosure of Invention Technical Solution
[7] Therefore, an object of the present invention is to provide a method for authenticate
(certify) validity of a DM message even sent via a one way channel, and a server and terminal thereof.
[8] Another object of the present invention is to include a timestamp in a DM message sent from a BCAST server to a terminal via a one way channel, so as to increase efficiency when determining validity of the DM message.
[9] To achieve these and other advantages and in accordance with the purpose of the present invention, as embodied and broadly described herein, there is provided a method for transmitting a message between devices comprising: transmitting a message including a first authentication value from a server to at least one terminal via a specific channel; receiving the message by the terminal to generate a second authentication value; and to thereafter compare the first authentication value with the generated second authentication value.
[10] Preferably, the comparing step may comprise determining the message to be available when the first authentication value is equal to the second authentication value, and determining the message not to be available when the first authentication value is different from the second authentication value.
[11] Preferably, the comparing step may further comprise executing the message when it is determined the message is available, and revoking the message when it is determined the message is not available.
[12] In another aspect of the present invention, a method for securely transmitting a message in a BCAST service may comprise: transmitting, by a server, a message which includes a first authentication value generated based upon a specific algorithm to at least one terminal via a broadcast channel; generating a second authentication value using the received message based upon the specific algorithm in the terminal; and comparing the first authentication value with the second authentication value.
[13] In another aspect of the present invention, a server may comprise: an authentication managing unit adapted to generate an authentication value; a message generating unit adapted to generate a device management message including at least one of the generated authentication value and a timestamp; and a transceiving unit adapted to transmit the generated message to at least one terminal via a broadcast channel.
[14] In another aspect of the present invention, a terminal may comprise: a transceiving unit adapted to receive a device management message including a first authentication value via a broadcast channel; and a controlling unit adapted to generate a second authentication value using the received device management message, extract the first authentication value from the device management message, and compare the first authentication value with the second authentication value.
[15] In another aspect of the present invention, a method for securely transmitting a message in a BCAST service may comprise: receiving a device management message including at least a first authentication value from a server; generating a second authentication value using the device management message based upon a specific algorithm; extracting the first authentication value from the device management message; and comparing the first authentication value with the second authentication value.
[16] The foregoing and other objects, features, aspects and advantages of the present invention will become more apparent from the following detailed description of the present invention when taken in conjunction with the accompanying drawings. Brief Description of the Drawings
[17] The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the principles of the invention.
[18] In the drawings :
[19] Fig. 1 is a block diagram of a BCAST server and a terminal in accordance with one embodiment of the present invention; and
[20] Fig. 2 is a block diagram illustrating a configuration of a device management message and a method for securely transmitting the device management message in accordance with one embodiment of the present invention. Mode for the Invention
[21] The present invention may be applied to a Broadcasting (BCAST) system and a
Device Management (DM) system, but not be limited to those systems. The present invention can be applied to other technical fields to which the technical scope of the present invention is applicable.
[22] The present invention conceptually relates to securely transmitting a DM message including an authentication value from a BCAST server to a plurality of terminals via a one way BCAST channel. That is, the present invention may not require a separate channel used to authenticate (certify) the DM message received by the terminals from the BCAST server.
[23] In more detail, according to the present invention, first, a BCAST server may include in a DM message a first authentication value (e.g., a signature value generated based upon RSA-RSS algorithm) and a timestamp, and then sends the DM message to at least one terminal via a one way channel (e.g., BCAST channel) or a bidirectional channel (e.g., an interaction channel). Second, the terminal may receive the DM message to generate a second authentication value (e.g., a signature value generated based upon the RSA-RSS algorithm). Third, when comparing the first authentication value with the second authentication value and the two authentication values are equal to each other, the terminal may determine that the DM message received is available (validate) and thusly executes the DM message. On the other hand, when the authentication values are not equal to each other, the terminal may determine that the DM message received is not available (validate), and may thereby revoke the received DM message. Fourth, the timestamp included in the DM message may be used to determine whether a message received is equal to a previously received message. The timestamp may be generated by another entity other than the BCAST server.
[24] Description will now be given in detail of embodiments of the present invention, with reference to the accompanying drawings.
[25] Fig. 1 is a block diagram of a BCAST server and a terminal in accordance with one embodiment of the present invention. A wireless channel through which a DM message is transferred is implemented as one way channel in Fig. 1. Alternatively, the wireless channel can be implemented as an interaction channel.
[26] As illustrated in Fig. 1, a BCAST server 100 according to the present invention may comprise an authentication managing unit 101 adapted to generate an authentication value (e.g., a signature value), a message generating unit 102 adapted to generate a DM message, a transceiving unit 103 adapted to transmit the generated DM message to at least one terminal 200 via a one way channel (e.g., BCAST channel or OMA BCAST TP-5 channel) or a bidirectional channel (e.g., an interaction channel), and a timestamp managing unit 104 adapted to generate a timestamp. The timestamp managing unit 104 may be configured in an independent entity other than in the BCAST server 100.
[27] Also, the terminal 200 according to the present invention may comprise a transceiving unit 201 adapted to receive a DM message sent by the BCAST server 100, and a controlling unit (or comparing/determining unit) adapted to generate an authentication value (i.e., an authentication value generated by the terminal) using the received DM message, extract an authentication value (i.e., an authentication value generated by the server) included in the DM message, and compare the extracted authentication value with the generated authentication value to determine whether the au- thentication values are equal to each other.
[28] Here, the terms of the components of the BCAST server 100 and the terminal 200 may not be limited to the terms, but be applied to all components which can perform their functions. Also, they may be applied to other components having combined functions of each component.
[29] Hereinafter, functions and operations of components of the present invention will be described.
[30] The BCAST server 100 may transmit a DM message including an authentication value to the terminal 200 via a one way channel in order to securely transmit the DM message. The authentication managing unit 101 may generate a first authentication value (i.e., an authentication value generated by a server) to be included in the DM message based upon a specific algorithm such as RSA-RSS. Here, the authentication managing unit 101 may generate the first authentication value depending on other algorithms other than the RSA-RSS. Here, the first authentication value may be a signature value, for example.
[31] The message generating unit 102 may receive the first authentication value from the authentication managing unit 101 and include the first authentication value in a DM message, thereby generating a message (i.e., a security-ensured DM message) to be transmitted to the terminal 200. Also, the message generating unit 102 may generate the DM message by further including a timestamp therein. Here, the timestamp may be generated by the timestamp managing unit 104. The timestamp may include time information as to when a certain DM message is generated.
[32] As such, the DM message generated by the message generating unit 102 is illustrated in Fig. 2. That is, the DM message may include the first authentication value (i.e., the signature value) as information for the device management, and may optionally include the timestamp.
[33] The DM message generated by the message generating unit 102 may be transferred to the transceiving unit 103. The transceiving unit 103 may then forward the DM message to the terminal 200 via a one way channel (e.g., BCAST channel or TP-5). In the manner described above, the BCAST server 100 can transmit a series of DM messages (i.e., DM messages each including a signature value and a timestamp) to the terminal 200.
[34] The transceiving unit 201 of the terminal 200 receives the DM message transmitted by the BCAST server 100. The controlling unit 202 may extract the first authentication value (i.e., the signature value generated by the server based upon RSA-RSS) from the received DM message. The controlling unit 202 may then generate a second authentication value (i.e., a signature value) using the received DM message based upon the RSA-RSS algorithm, and compare the first authentication value with the second authentication value to determine their correspondence. Here, the RSA-RSS algorithm may be the same as the algorithm used by the BCAST server for generating the first authentication value. If the algorithm is different from the algorithm used by the BCAST server for generating the first authentication value, the terminal 200 should generate the second authentication value based upon the same algorithm as that used by the BCAST server 100.
[35] According to the result of the comparison between the first authentication value and the second authentication value, if the authentication values are equal to each other, the controlling unit 202 may determine that the received DM message is available (validate), and thusly execute DM information included in the DM message. However, if the two authentication values are not equal to each other according to the result of the comparison, the controlling unit 202 may determine that the DM message is not available, and thereby revoke the message. Here, the revocation may mean 'delete', 'ignore' or 'return' of the message.
[36] In addition, the controlling unit 202 may extract the timestamp if it is included in the received DM message. The controlling unit 202 may then determine whether the received DM message is the same as a previously received DM message using time information included in the timestamp. For example, as illustrated in Fig. 2, it is assumed that the terminal 200 has received a DM message 2 after a DM message 1 was received. As one example, time information included in the timestamp of the DM message 1 may be '13: 10: 05' (hh: mm: ss) and time information included in the timestamp of the DM message 2 may be ' 13: 30: 05'. The timestamp may also include information related to year and date; however, those information may be omitted in the present invention for the sake of brief description. Therefore, the time difference between the generation times of the DM messages 1 and 2 apparently goes to 20 minutes.
[37] The controlling unit 202 of the terminal 200 may check the time information (e.g.,
'13: 30: 05' of Fig. 2) in the time stamp so as to determine whether to execute the received DM message 2. Assuming that a tolerance (threshold) of a timestamp has been set to 30 minutes, the DM message 1 and the DM message 2 may be considered as the same message. Accordingly, the controlling unit 202 may revoke the DM message 2. Here, the tolerance (threshold) of the timestamp may act as a criterion for determining whether a DM message received by the terminal 200 is the same as a previously received message.
[38] As described above, the present invention can securely transmit a DM message from a BCAST server to a terminal, for example, via a one way channel. Therefore, it is effective to ensure security of the DM message even if it is transmitted via the one way channel. [39] In addition, since a DM message including an authentication value may be transmitted from a BCAST server to a terminal via one way channel or an interaction channel, it is effective to determine whether the DM message is available using the authentication value.
[40] Furthermore, since a DM message including a timestamp is transmitted from a
BCAST server to a terminal via one way channel, it is effective to determine whether the DM message is equal to a previously received message and the DM message should be executed based upon time information in the timestamp.
[41] To implement the methods described above, the present invention can employ hardware, software or combination thereof. For example, the methods according to the present invention may be stored in a storage medium (e.g., an internal memory in a mobile terminal, a flash memory, a hard disc, etc.), or may be implemented as codes or commands within a software program which can be operated by a processor (e.g., a microprocessor in a mobile terminal).
[42] The foregoing embodiments and advantages are merely exemplary and are not to be construed as limiting the present disclosure. Many alternatives, modifications, and variations will be implemented without departing from the characteristics of the present invention and within the scope as defined in the appended claims. For example, a server and a terminal in the present invention may be implemented as one device, and a DM message transmitted from the server to the terminal may be a specific message which functions as the DM message. Therefore, the present invention can be applied to both method and apparatus for securely transmitting a message between devices.

Claims

Claims
[1] A method for transmitting a message between devices comprising: transmitting a message including a first authentication value from a server to at least one terminal via a specific channel; receiving the message by the terminal to generate a second authentication value; and comparing the generated second authentication value with the first authentication value.
[2] The method of claim 1, wherein the comparing step comprises: determining that the message is available when the first authentication value is equal to the second authentication value, and determining that the message is not available when the first authentication value is different from the second authentication value.
[3] The method of claim 2, wherein the comparing step further comprises: executing the message when it is determined the message is available, and revoking the message when it is determined the message is not available.
[4] The method of claim 1, wherein the message is generated by the server and used for a device management by the terminal.
[5] The method of claim 1, wherein the message further comprises a timestamp generated by the server.
[6] The method of claim 1, wherein the specific channel is a broadcast channel or one way channel through which the message is transmitted from the server to the terminal.
[7] The method of claim 1, wherein the specific channel is an interaction channel between the server and the terminal.
[8] The method of claim 1, wherein the first and second authentication values are signature values.
[9] The method of claim 8, wherein the first and second authentication value are generated using a RSA-RSS algorithm.
[10] A method for securely transmitting a message in a broadcasting service comprising: including by a server a first authentication value generated using a specific algorithm in a message and transmitting the message to at least one terminal via a broadcast channel; generating by the terminal a second authentication value using the specific algorithm; and comparing the first authentication value with the second authentication value by the terminal.
[11] The method of claim 10, wherein the message is a device management message.
[12] The method of claim 10, wherein the specific algorithm is a RSS algorithm to be used for generating the first authentication value and the second authentication value.
[13] A server comprising : an authentication managing unit adapted to generate an authentication value; a message generating unit adapted to generate a device management message including at least one of the generated authentication value and a timestamp; and a transceiving unit adapted to transmit the generated message to at least one terminal via a specific channel.
[14] The server of claim 13, wherein the authentication managing unit generates the authentication value using a RSS algorithm.
[15] The server of claim 13, further comprising a timestamp managing unit adapted to generate the timestamp.
[16] The server of claim 15, wherein the timestamp managing unit is an independent entity which is not configured in the server, or the timestamp managing unit is configured in the server.
[17] The server of claim 13, wherein the specific channel is either a broadcast channel or one way channel or an interaction channel.
[18] A terminal comprising: a transceiving unit adapted to receive a device management message including a first authentication value via a specific channel; and a controlling unit adapted to generate a second authentication value using the device management message, extract the first authentication value from the device management message, and compare the first authentication value with the second authentication value.
[19] The terminal of claim 18, wherein the controlling unit extracts a timestamp from the device management message.
[20] The terminal of claim 18, wherein the controlling unit generates the second authentication value using a RSA-RSS algorithm. [21] The terminal of claim 20, wherein the RSA-RSS algorithm is the same one to be used for generating the first authentication value. [22] The terminal of claim 18, wherein the controlling unit determines that the device management message is available when the first authentication value is equal to the second authentication value, and then executes the device management message. [23] The terminal of claim 18, wherein the controlling unit determines that the device management message is not available when the first authentication value is not equal to the second authentication value, and then revokes the device management message. [24] The terminal of claim 18, wherein the controlling unit determines whether the device management message is the same as a previously received message by analyzing the timestamp extracted from the device management message. [25] The terminal of claim 18, wherein the specific channel is one of a broadcast channel, one way channel and an interaction channel. [26] A method securely transmitting a message in a broadcasting (BCAST) service comprising: receiving a device management message including at least a first authentication value from a server; generating a second authentication value using the device management message based upon a specific algorithm; extracting the first authentication value from the device management message; and comparing the first authentication value with the second authentication value. [27] The method of claim 26, further comprising: executing the device management message when the first authentication value is equal to the second authentication value. [28] The method of claim 26, further comprising: revoking the device management message when the first authentication value is not equal to the second authentication value.
PCT/KR2007/005253 2006-11-13 2007-10-24 Method for securely transmitting device management message via broadcast channel and server and terminal thereof WO2008060042A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US12/514,526 US20100042836A1 (en) 2006-11-13 2007-10-24 Method for securely transmitting device management message via broadcast channel and server and terminal thereof

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US85836306P 2006-11-13 2006-11-13
US60/858,363 2006-11-13
KR10-2007-0073020 2007-07-20
KR1020070073020A KR20080043213A (en) 2006-11-13 2007-07-20 Method for securely transmitting device management messsage via broadcast channel and server and terminal thereof

Publications (1)

Publication Number Publication Date
WO2008060042A1 true WO2008060042A1 (en) 2008-05-22

Family

ID=39661715

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2007/005253 WO2008060042A1 (en) 2006-11-13 2007-10-24 Method for securely transmitting device management message via broadcast channel and server and terminal thereof

Country Status (3)

Country Link
US (1) US20100042836A1 (en)
KR (1) KR20080043213A (en)
WO (1) WO2008060042A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2010085919A1 (en) * 2009-02-02 2010-08-05 华为终端有限公司 Method, terminal and server for sending/receiving equipment management data
EP2326047A1 (en) * 2008-09-28 2011-05-25 Huawei Technologies Co., Ltd. Method for terminal configuration and management and terminal apparatus

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP5105291B2 (en) * 2009-11-13 2012-12-26 セイコーインスツル株式会社 Long-term signature server, long-term signature terminal, long-term signature terminal program
US11265301B1 (en) * 2019-12-09 2022-03-01 Amazon Technologies, Inc. Distribution of security keys

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR19990053174A (en) * 1997-12-23 1999-07-15 정선종 How to Check Integrity of Information Using Hash Function

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH0610802B2 (en) * 1986-06-04 1994-02-09 株式会社日立製作所 Input message matching method for distributed processing system
US6119228A (en) * 1997-08-22 2000-09-12 Compaq Computer Corporation Method for securely communicating remote control commands in a computer network
WO2000049764A1 (en) * 1999-02-18 2000-08-24 Sun Microsystems, Inc. Data authentication system employing encrypted integrity blocks
US6760752B1 (en) * 1999-06-28 2004-07-06 Zix Corporation Secure transmission system
US20060039564A1 (en) * 2000-11-17 2006-02-23 Bindu Rama Rao Security for device management and firmware updates in an operator network
WO2003028284A1 (en) * 2001-09-26 2003-04-03 Synchron Networks Secure broadcast system and method
US7349390B2 (en) * 2002-05-28 2008-03-25 Ntt Docomo, Inc. Packet transmission method and communication system
US20060193337A1 (en) * 2005-02-25 2006-08-31 Toni Paila Device management broadcast operation

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR19990053174A (en) * 1997-12-23 1999-07-15 정선종 How to Check Integrity of Information Using Hash Function

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
MENEZES A.J. ET AL.: "Handbook of Applied Cryptography", vol. CHAPTER9, 1997, CRC PRESS *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2326047A1 (en) * 2008-09-28 2011-05-25 Huawei Technologies Co., Ltd. Method for terminal configuration and management and terminal apparatus
EP2326047A4 (en) * 2008-09-28 2012-03-07 Huawei Tech Co Ltd Method for terminal configuration and management and terminal apparatus
US8438616B2 (en) 2008-09-28 2013-05-07 Huawei Technologies Co., Ltd. Method for terminal configuration and management and terminal device
EP2640005A3 (en) * 2008-09-28 2014-01-08 Huawei Technologies Co., Ltd. Method for terminal configuration and management and terminal device
WO2010085919A1 (en) * 2009-02-02 2010-08-05 华为终端有限公司 Method, terminal and server for sending/receiving equipment management data

Also Published As

Publication number Publication date
US20100042836A1 (en) 2010-02-18
KR20080043213A (en) 2008-05-16

Similar Documents

Publication Publication Date Title
JP6812571B2 (en) V2X communication device and its data communication method
US8762707B2 (en) Authorization, authentication and accounting protocols in multicast content distribution networks
US6275859B1 (en) Tree-based reliable multicast system where sessions are established by repair nodes that authenticate receiver nodes presenting participation certificates granted by a central authority
US20090158394A1 (en) Super peer based peer-to-peer network system and peer authentication method thereof
RU2008123375A (en) DEVICE CONTROL METHOD USING A BROADCAST CHANNEL
CN101193103B (en) A method and system for allocating and validating identity identifier
CN110581854A (en) intelligent terminal safety communication method based on block chain
US8274401B2 (en) Secure data transfer in a communication system including portable meters
US9954839B2 (en) Systems and methods for providing distributed authentication of service requests by identity management components
CN101163010A (en) Method of authenticating request message and related equipment
RU2008109827A (en) MOBILE STATION, RADIO ACCESS NETWORK DEVICE, MOBILE SWITCHING STATION, MOBILE COMMUNICATION SYSTEM AND METHOD OF GIVING ACCESS TO COMMUNICATION SERVICES
CN102379114A (en) Security key management in ims-based multimedia broadcast and multicast services (mbms)
JP2007529763A (en) How to get user identity for network application entities
EP1683322A1 (en) Shared secret usage for bootstrapping
CN113285932B (en) Method for acquiring edge service, server and edge device
CN104796408A (en) Single-point live login method and single-point live login device
US10979750B2 (en) Methods and devices for checking the validity of a delegation of distribution of encrypted content
US20100042836A1 (en) Method for securely transmitting device management message via broadcast channel and server and terminal thereof
US9143482B1 (en) Tokenized authentication across wireless communication networks
US20110131630A1 (en) Service access method and device, service authentication device and terminal based on temporary authentication
CN114389890A (en) User request proxy method, server and storage medium
CN1705267A (en) Method for using server resources by client via a network
CN110891067B (en) Revocable multi-server privacy protection authentication method and revocable multi-server privacy protection authentication system
CN101568116A (en) Method for obtaining certificate state information and certificate state management system
CN102868706B (en) A kind of method and system for realizing DSN content service access safeties

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07833562

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

WWE Wipo information: entry into national phase

Ref document number: 12514526

Country of ref document: US

122 Ep: pct application non-entry in european phase

Ref document number: 07833562

Country of ref document: EP

Kind code of ref document: A1