WO2011051605A1 - Method for authenticating a mobile communication terminal for providing data service, and related service-providing system and terminal - Google Patents

Method for authenticating a mobile communication terminal for providing data service, and related service-providing system and terminal Download PDF

Info

Publication number
WO2011051605A1
WO2011051605A1 PCT/FR2010/052266 FR2010052266W WO2011051605A1 WO 2011051605 A1 WO2011051605 A1 WO 2011051605A1 FR 2010052266 W FR2010052266 W FR 2010052266W WO 2011051605 A1 WO2011051605 A1 WO 2011051605A1
Authority
WO
WIPO (PCT)
Prior art keywords
terminal
link
signals
mobile communication
wireless transmission
Prior art date
Application number
PCT/FR2010/052266
Other languages
French (fr)
Inventor
Arnaud David Masson
Original Assignee
Insiteo
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Insiteo filed Critical Insiteo
Priority to EP10787835A priority Critical patent/EP2494764A1/en
Publication of WO2011051605A1 publication Critical patent/WO2011051605A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/30Security of mobile devices; Security of mobile applications
    • H04W12/35Protecting application or service provisioning, e.g. securing SIM application provisioning
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/02Services making use of location information
    • H04W4/021Services related to particular areas, e.g. point of interest [POI] services, venue services or geofences
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/18Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/06Selective distribution of broadcast services, e.g. multimedia broadcast multicast service [MBMS]; Services to user groups; One-way selective calling services

Definitions

  • the invention relates to the field of authentication of a mobile communication terminal subscribed to a service.
  • the invention relates to the field of authentication of a mobile communication terminal subscribed to a service. to actually allow him to use this service.
  • mobile communication terminal is understood to mean any portable equipment, such as a cell phone of a cellular telecommunication network, a laptop, a personal assistant or PDA (English initials set for Personal). Digital Assistant), a portable music player, a simple portable GPS navigator.
  • subscriber to a service means any terminal whose user is known and identifiable by the service management infrastructure, regardless of whether the subscription to the service is free or paid.
  • a service particularly concerned by the invention although not limiting, relates to assistance with the precise location of a mobile communication terminal equipped with satellite location functionality such as GPS (English initials set for Global Positioning). System) or Galileo, Glonass, Compass, QZSS, and other satellite positioning systems in enclosed or closed spaces in which conventional satellite signals are poorly received or not received.
  • satellite location functionality such as GPS (English initials set for Global Positioning). System) or Galileo, Glonass, Compass, QZSS, and other satellite positioning systems in enclosed or closed spaces in which conventional satellite signals are poorly received or not received.
  • pseudolites pseudolites (pseudo-satellites) capable of transmitting each, to the mobile terminals, a signal similar to those transmitted by satellites.
  • the pseudolite signals are broadcast continuously, and are therefore able to be received by any communication terminal equipped with a satellite receiver able to receive signals, for example from the GPS system entering the coverage of one or more base stations.
  • a satellite receiver able to receive signals, for example from the GPS system entering the coverage of one or more base stations.
  • a first known solution is to use secure protocols to protect the transport of information, such as the TLS protocol (English initials set for Transport Layer Security) or the SSL (Secure Socket Layer) between devices. authenticated to third parties. More precisely, the SSL protocol makes it possible to exchange information between two computers in a secure way by guaranteeing:
  • applications are known that enable a user to generate on an independent support, typically a dedicated mini calculator, a key that is entered when accessing the corporate network and to validate the identity of the user. user and to release the accesses to which he is entitled.
  • an independent support typically a dedicated mini calculator
  • the user must generate a key using the mini calculator each time he wants to access the service, and enter this key.
  • Some banks have implemented the communication of a code transmitted to a user by SMS. The latter can then access an internet banking service, such as a transfer request, by authenticating himself by entering the code he has received beforehand.
  • an internet banking service such as a transfer request
  • none of the previous solutions is adapted to automatic authentication to control the use of a service broadcast on a link or unidirectional transmission medium.
  • the present invention aims to overcome the limitations of the previous solutions by proposing a new authentication method for the use of a service broadcast on any type of transmission medium, particularly suitable for the case of a transmission medium unidirectional.
  • Another object of the present invention is to propose a method assistance in locating a mobile communication terminal in a closed environment from C / A signals of a mobile communication system using this new authentication method so as not to allow, among the mobile terminals equipped of a GPS-type satellite receiver capable of receiving signals, than those of correctly authenticated terminals.
  • This object is achieved according to the invention which has for its first object a method of assisting the location of a mobile communication terminal in a closed environment from C / A signals of a satellite positioning system, characterized in that what it involves the following steps:
  • the wireless transmission link is preferably a short-range link of the WiFi or Bluetooth type between the mobile communication terminal and at least one WiFi or Bluetooth terminal installed within said environment.
  • This link could also be data type (Datas) of cellular systems such as GSM or UMTS.
  • the method may further comprise a step of determining a location information of the mobile communication terminal from signals transmitted on the wireless transmission link. This information can then be advantageously used to determine a list of preferential base stations that the mobile communication terminal must listen among the base stations, this list then being transmitted to said terminal via said wireless transmission link.
  • the encryption key that is transmitted to the communication terminal may also advantageously be a function of the location information.
  • the service provided to the mobile terminal may depend on its location within the environment.
  • the present invention also relates to a system for assisting the location of a mobile communication terminal in a closed environment from C / A signals of a satellite positioning system, characterized in that it comprises:
  • a set of pseudolite base stations installed in said closed environment, able to broadcast coded signals according to at least one encryption key on a radiofrequency unidirectional communication link, enabling a satellite receiver equipping said mobile communication terminal to receive the signals broadcast by each of the pseudolite base stations of said set, the encryption key being chosen so that the signals encoded by the pseudolite base stations correspond to said C / A signals without alteration offset according to a time distribution law or frequency hopping type ;
  • identification means able to authenticate said terminal of mobile communication from the identification signals transmitted by the latter over a wireless transmission link separate from said unidirectional communication link, said wireless transmission link being a short-range link between the mobile communication terminal and at least one installed terminal within said environment, or a data link of a cellular radio system, said identification means being further able to transmit to said mobile communication terminal, in case of positive authentication, at least one decryption key on said wireless transmission link to enable said terminal to decrypt the coded signals it receives.
  • a third subject of the invention concerns a mobile communication terminal for implementing the method of assisting localization, characterized in that it is capable of:
  • FIG. 1 schematically illustrates a possible architecture of a location assistance system using the authentication principles according to the invention
  • FIG. 2 illustrates, in the form of a simplified block diagram, the various steps implemented in an authentication method according to the invention, for the location assistance system of FIG. 1.
  • the reference 1 indicates a location assistance system intended to provide, in a closed environment within which the system is implanted, a location aid to a mobile communication terminal 2 when this last is in the system cover.
  • the GPS system is of particular interest, it being understood that the invention also applies to other satellite positioning systems, as indicated above.
  • the location aid uses the signals transmitted by an N number of pseudolite base stations constituting a set of the system 1, four of which are visible in FIG. 1 and referenced PSI to PS4, these signals being able to be all or part of received by a GPS receiver (not shown) equipping the mobile communication terminal 2, depending on the location of the terminal at a given time.
  • the assistance system 1 is coupled to the satellite navigation system represented by the general reference 3.
  • the assistance system 1 is completely autonomous, that is to say that the basic values used are known to the system 1 without the latter being connected to the satellite navigation system 3.
  • the signals relating to the service are coded according to a C / A code and an encryption key and broadcast on a carrier frequency L1, for example equal to 1575.42 MHz on the communication medium 10.
  • the encryption key is chosen so that the signals coded by the pseudolite base stations correspond to said C / A signals without alteration.
  • the key necessary for decryption is transmitted only to mobile terminals that have been authenticated, the authentication step on the one hand, and the transmission step on the other hand, the decryption key being performed in using a wireless transmission link distinct from the communication medium 10.
  • the key transmitted to the terminal is not unique or fixed and may depend in particular on the quality of service subscribed for each terminal where it receives this key.
  • the encryption key may in a first embodiment be a temporal distribution law of presence of the information to be decoded. Thus only the terminals knowing this law can decode the signals emitted by the pseudolite base stations, these being not then altered in their original form but on the way in which they are transmitted by the pseudolite base station. In a second embodiment this can be an encryption of the C / A codes. In a third embodiment, the encryption key may be a frequency shift law, better known by the Anglo-Saxon term "frequency hopping".
  • all mobile terminals equipped with a GPS satellite receiver can receive the signals relating to the service, as soon as they enter the coverage of the pseudolite base stations, but only those of the terminals that could be authenticated as subscribers to the service. , by a separate link of the communication medium are given, by this same link, the decryption key that will allow them to interpret, that is to say, to decrypt the received coded signals.
  • the present invention does not strictly control access to the service (all the terminals actually access the service to the extent that they can receive the signals broadcast by the base stations pseudolites), but the use of this service which is limited to only correctly authenticated terminals.
  • the step referenced S0 corresponds to the continuous broadcast of the signals transmitted by the pseudolite base stations PS1-PS4 of the system and coded according to an encryption key;
  • the assistance system 1 comprises, as illustrated in FIG. 1, identification means comprising, on the one hand, a server 12 to which the pseudolite base stations are advantageously connected, and, on the other hand, at least one terminal also connected to the server, for example by a network 13 of the LAN type.
  • identification means comprising, on the one hand, a server 12 to which the pseudolite base stations are advantageously connected, and, on the other hand, at least one terminal also connected to the server, for example by a network 13 of the LAN type.
  • a number P of Wifi terminals only three of which, referenced WF1 to WF3, are visible in the figure, are used by the system to enable authentication of the terminal.
  • terminals are able to receive, automatically or on request, identification signals transmitted by the mobile communication terminal 2 on the wireless transmission link 11 separate from the GPS communication link 10 when the terminal 2 passes nearby.
  • the terminal 2 must also be equipped with means (not shown) for transmitting such WiFi signals.
  • other short-range communication links such as a Bluetooth-type link, may be used instead of or in addition to the Wifi terminals or even GSM / UMTS type links.
  • software means (not shown) at the server 12 will be able to deduce from the identification signals received by at least one terminal the identity of the terminal, and compare this identity to a list of identities corresponding to the users subscribed to the service, stored in a database (not shown) of the server. The terminal 2 is therefore authenticated as soon as its identity is actually in the known list of the server.
  • step S3 At least one decryption key (step S3) is transmitted to said terminal 2 via the WiFi terminals and on the link 11.
  • the communication terminal 2 Upon receipt of the decryption key, the communication terminal 2 is now able to effectively use the service, by decoding the coded signals transmitted by pseudolite base stations PS1-PS4 by means of the decryption key.
  • This encryption key in the case, for example, of a key composed of a temporal law, will make it possible to determine the GPS codes to be decoded and the temporal position of the transmitters to listen.
  • the GPS decoding means of the terminal 2 and the means of transmission to the local WiFi or Bluetooth network are idle before the arrival of the terminal in the coverage of the assistance system, so as not to burden the autonomy of the terminal.
  • the communication terminal 2 is an equipment having access to a public cellular network (GSM, UMTS, etc.)
  • GSM public cellular network
  • the terminal also transmits information to the terminals. concerning the last cell of the public system on which it was registered prior to sending to this terminal of the decryption key information necessary for the use of the service.
  • This information will be processed by the server 12 which can then determine more accurately and more quickly the area in which the terminal is located.
  • This information can be advantageously completed by the information of the neighboring cells transmitted to the terminal by the cellular network.
  • the location information can then be advantageously used to optimize the service rendered.
  • it may be provided to implement a step of determining a list of base stations that the mobile communication terminal 2 should preferentially listen among pseudolites base stations of said set, from said location information.
  • the selection of base stations can be very simply based on the removal of base stations that are too far from the mobile.
  • the list once defined, is advantageously transmitted to the terminal 2 via the wireless transmission link 11, for example simultaneously with the sending of the decryption key.
  • Location information can also be used to adapt the content of the service. Thus, in an airport for example, some information is rather dedicated to the potential users of the car parks, while other information will be of particular interest to the passengers of a plane using a particular company. It can thus be provided that the encryption key that is transmitted to an authenticated communication terminal 2 is a function of the location information.
  • the principle of the invention is applicable to the provision of any service. for which the service signals are broadcast on a unidirectional communication medium, the mobile terminal authentication and the decryption key transmission being performed from a transmission link separate from the communication medium providing the service .

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention relates to assistance in locating a mobile communication terminal (2) in a closed environment on the basis of signals C/A from a satellite location system. The signals C/A are encoded and broadcasted by a set of pseudolite base stations (PS1-PS4) set up within the closed environment over a unidirectional radio frequency communication link (10) enabling a satellite receiver, equipping said mobile communication terminal (2), to receive the signals broadcasted by each of the pseudolite base stations of said set. The encryption key is selected such that the signals encoded by the pseudolite base stations correspond to the uncorrupted signals C/A that are shifted according to a time distribution or frequency hopping rule. The terminal (2) is then authenticated on the basis of identification signals transmitted by the latter over a wireless transmission link (11) that is separate from said unidirectional communication link (10), said link (11) being a short link, maintained between the mobile communication terminal (2) and at least one station (WF1-WF3) set up inside the environment, or a data link of a radio cellular system. The decryption key is transmitted over the wireless transmission link to the mobile terminal if authentication is positive.

Description

PROCEDE D'AUTHENTIFICATION D'UN TERMINAL MOBILE DE COMMUNICATION POUR LA FOURNITURE D'UN SERVICE DE DONNEES, SYSTEME DE FOURNITURE DE SERVICE ET TERMINAL ASSOCIES L'invention concerne le domaine de l'authentification d'un terminal de communication mobile abonné à un service pour lui permettre effectivement l'utilisation de ce service.  The invention relates to the field of authentication of a mobile communication terminal subscribed to a service. The invention relates to the field of authentication of a mobile communication terminal subscribed to a service. to actually allow him to use this service.
Dans la suite de l'exposé, on entend par terminal de communication mobile tout équipement portatif, tel qu'un téléphone portable d'un réseau de télécommunication cellulaire, un ordinateur portable, un assistant personnel ou PDA (initiales anglo-saxonnes mises pour Personal Digital Assistant), un lecteur de musique portable, un simple navigateur GPS portatif.  In the remainder of the disclosure, mobile communication terminal is understood to mean any portable equipment, such as a cell phone of a cellular telecommunication network, a laptop, a personal assistant or PDA (English initials set for Personal). Digital Assistant), a portable music player, a simple portable GPS navigator.
En outre, on entend par « abonné à un service » tout terminal dont l'utilisateur est connu et identifiable par l'infrastructure de gestion du service, indépendamment du fait que la souscription au service soit gratuite ou payante.  In addition, the term "subscriber to a service" means any terminal whose user is known and identifiable by the service management infrastructure, regardless of whether the subscription to the service is free or paid.
Un service particulièrement concerné par l'invention, bien que non limitatif, concerne l'assistance à la localisation précise d'un terminal de communication mobile équipé d'une fonctionnalité de localisation par satellite comme le GPS (Initiales anglo-saxonnes mises pour Global Positioning System) ou les systèmes Galileo, Glonass, Compass, QZSS, et autres systèmes de positionnement par satellite, dans des espaces couverts ou fermés dans lesquels les signaux classiques émis par les satellites sont peu, voire pas reçus. Pour améliorer la continuité et la disponibilité du service de positionnement, certains organismes publics ou privés ont mis en place dans leurs bâtiments un certain nombre de stations de base dites pseudolites (pseudo-satellites) capables d'émettre chacune, à destination des terminaux mobiles, un signal similaire à ceux transmis par les satellites. Dans une telle configuration, les signaux pseudolites sont diffusés en permanence, et sont donc aptes à être reçus par tout terminal de communication doté d'un récepteur satellite apte à recevoir les signaux par exemple du système GPS entrant dans la couverture d'une ou plusieurs des stations de base. Se pose ainsi le problème de permettre l'utilisation du service aux seuls utilisateurs qui ont effectivement souscrit, gratuitement ou non, à ce service. Dans des relations client-serveur, le processus d'identification en vue d'une authentification est bien connu et permet de s'assurer que les équipements en présence sont autorisés à communiquer. A service particularly concerned by the invention, although not limiting, relates to assistance with the precise location of a mobile communication terminal equipped with satellite location functionality such as GPS (English initials set for Global Positioning). System) or Galileo, Glonass, Compass, QZSS, and other satellite positioning systems in enclosed or closed spaces in which conventional satellite signals are poorly received or not received. To improve the continuity and availability of the positioning service, some public or private organizations have set up in their buildings a number of base stations called pseudolites (pseudo-satellites) capable of transmitting each, to the mobile terminals, a signal similar to those transmitted by satellites. In such a configuration, the pseudolite signals are broadcast continuously, and are therefore able to be received by any communication terminal equipped with a satellite receiver able to receive signals, for example from the GPS system entering the coverage of one or more base stations. This raises the problem of allowing the use of the service only to users who have actually subscribed, free or not, to this service. In client-server relationships, the authentication process for authentication is well known and ensures that the devices in the presence are allowed to communicate.
Une première solution connue consiste à utiliser des protocoles sécurisés pour protéger le transport des informations, tels que le protocole TLS (initiales anglo-saxonnes mises pour Transport Layer Security) ou le protocole SSL (initiales anglo-saxonnes mises pour Secure Socket Layer) entre équipements authentifiés vis-à-vis de tiers. Plus précisément, le protocole SSL permet d'échanger des informations entre deux ordinateurs de façon sûre en garantissant :  A first known solution is to use secure protocols to protect the transport of information, such as the TLS protocol (English initials set for Transport Layer Security) or the SSL (Secure Socket Layer) between devices. authenticated to third parties. More precisely, the SSL protocol makes it possible to exchange information between two computers in a secure way by guaranteeing:
- la confidentialité des informations échangées pour éviter à tout tiers d'accéder à ces informations pendant l'échange ;  - the confidentiality of information exchanged to prevent any third party to access this information during the exchange;
- l'intégrité des informations échangées en rendant impossible la modification des informations ;  - the integrity of the information exchanged by making it impossible to modify the information;
- l'authentification, qui permet de s'assurer de l'identité du programme, de la personne ou de l'entreprise avec laquelle on communique.  - authentication, which ensures the identity of the program, the person or the company with which one communicates.
Dans d'autres solutions connues utilisant le cryptage, telles que le PGP (initiales anglo-saxonnes mises pour Pretty Good Privacy), les données échangées sont protégées par chiffrement et signature. Dans ces solutions connues, il faut transmettre une clef ou suivre une loi de répartition temporelle permettant d'écouter correctement des informations transmises par le serveur pour les seuls terminaux autorisés à le faire, les autres équipements n'étant pas autorisés à se connecter ou ne recevant que des données incompréhensibles selon les cas.  In other known solutions using encryption, such as PGP (Pretty Good Privacy), the data exchanged are protected by encryption and signature. In these known solutions, it is necessary to transmit a key or to follow a law of temporal distribution allowing to listen correctly information transmitted by the server for the only authorized terminals to do it, the other equipments not being authorized to connect or not receiving only incomprehensible data depending on the case.
Des exemples existent comme la distribution des lois de saut de fréquence ou la distribution des clefs qui changent en fonction du temps et sont transmises régulièrement au terminal .  Examples exist such as the distribution of frequency hopping laws or the distribution of keys that change as a function of time and are transmitted regularly to the terminal.
Dans les solutions précédentes, les échanges permettant l'authentification sont assurés sur le même support de communication que celui permettant la fourniture du service. Ces solutions sont ainsi inadaptées aux services radiodiffusés tels que l'assistance à la localisation via des stations de base pseudolites pour lesquels le lien ou support de communication des signaux pseudolites est unidirectionnel. Par ailleurs, de nombreux organismes publics ou privés, et de nombreuses entreprises ou groupes d'entreprises ont mis en place des moyens de sécurité d'accès aux données via des supports de communication différents de ceux permettant la fourniture du service : In the previous solutions, exchanges for authentication are provided on the same communication medium as that for providing the service. These solutions are thus unsuitable for broadcast services such as assistance with locating via pseudolite base stations for which the pseudolite signal communication link or medium is unidirectional. In addition, many public or private organizations, and many companies or groups of companies have set up data access security means via communication media different from those allowing the provision of the service:
On connaît par exemple des applications qui permettent à un utilisateur de générer sur un support indépendant, typiquement une mini calculette dédiée, une clef qui est renseignée lors de l'accès au réseau de l'entreprise et permet de valider l'identité de l'utilisateur et de libérer les accès auxquels il a droit. Dans cette solution, l'utilisateur doit générer une clef à l'aide de la mini calculette à chaque fois qu'il désire accéder au service, et saisir cette clef.  For example, applications are known that enable a user to generate on an independent support, typically a dedicated mini calculator, a key that is entered when accessing the corporate network and to validate the identity of the user. user and to release the accesses to which he is entitled. In this solution, the user must generate a key using the mini calculator each time he wants to access the service, and enter this key.
Certaines banques ont mis en place la communication d'un code transmis à un utilisateur par SMS. Ce dernier peut alors accéder à un service bancaire par internet, tel qu'une demande de virement, en s'authentifiant par saisie du code qu'il a reçu au préalable.  Some banks have implemented the communication of a code transmitted to a user by SMS. The latter can then access an internet banking service, such as a transfer request, by authenticating himself by entering the code he has received beforehand.
Ainsi, ces solutions nécessitent dans tous les cas, à chaque accès, la saisie par l'utilisateur d'un code qu'il aura préalablement obtenu, éventuellement par l'utilisation d'un équipement supplémentaire (minicalculette). Il est même possible qu'une fois l'accès autorisé ou un délai dépassé, les accès se referment et contraignent l'utilisateur à réitérer la procédure.  Thus, these solutions require in all cases, at each access, the entry by the user of a code that he has previously obtained, possibly by the use of additional equipment (minicalculette). It is even possible that once the authorized access or a deadline exceeded, the accesses close again and force the user to repeat the procedure.
De plus, ici encore, l'accès au service n'est possible que dans la mesure ou le lien ou support de transmission permettant la fourniture du service est bidirectionnel, pour que l'utilisateur puisse effectivement transmettre le code qu'il a reçu.  In addition, here again, access to the service is possible only to the extent that the link or transmission medium for providing the service is bidirectional, so that the user can actually transmit the code he has received.
Ainsi, aucune des solutions précédentes n'est adaptée à une authentification automatique permettant de contrôler l'utilisation d'un service diffusé sur un lien ou support de transmission unidirectionnel.  Thus, none of the previous solutions is adapted to automatic authentication to control the use of a service broadcast on a link or unidirectional transmission medium.
La présente invention a pour but de pallier les limitations des solutions antérieures en proposant un nouveau procédé d'authentification en vue de l'utilisation d'un service diffusé sur tout type de support de transmission, particulièrement adapté au cas d'un support de transmission unidirectionnel.  The present invention aims to overcome the limitations of the previous solutions by proposing a new authentication method for the use of a service broadcast on any type of transmission medium, particularly suitable for the case of a transmission medium unidirectional.
La présente invention a également pour but de proposer un procédé d'assistance à la localisation d'un terminal de communication mobile dans un environnement fermé à partir de signaux C/A d'un système de communication mobile utilisant ce nouveau procédé d'authentification de manière à n'autoriser, parmi les terminaux mobiles équipés d'un récepteur satellite de type GPS susceptibles de recevoir des signaux, que ceux des terminaux correctement authentifiés. Another object of the present invention is to propose a method assistance in locating a mobile communication terminal in a closed environment from C / A signals of a mobile communication system using this new authentication method so as not to allow, among the mobile terminals equipped of a GPS-type satellite receiver capable of receiving signals, than those of correctly authenticated terminals.
Ce but est atteint selon l'invention qui a pour premier objet un procédé d'assistance à la localisation d'un terminal de communication mobile dans un environnement fermé à partir de signaux C/A d'un système de localisation par satellite, caractérisé en ce qu'il comporte les étapes suivantes :  This object is achieved according to the invention which has for its first object a method of assisting the location of a mobile communication terminal in a closed environment from C / A signals of a satellite positioning system, characterized in that what it involves the following steps:
- Diffusion de signaux codés selon au moins une clef de chiffrement par un ensemble de stations de base pseudolites installées dans ledit environnement fermé, sur un lien de communication unidirectionnel radiofréquence permettant à un récepteur satellite équipant ledit terminal de communication mobile de recevoir les signaux diffusés par chacune des stations de bases pseudolites dudit ensemble, la clef de chiffrement étant choisie pour que les signaux codés par les stations de base pseudolites correspondent auxdits signaux C/A sans altération décalés selon une loi de répartition temporelle ou de type à saut de fréquence;  - Broadcasting coded signals according to at least one encryption key by a set of pseudolite base stations installed in said closed environment, on a radiofrequency unidirectional communication link enabling a satellite receiver equipping said mobile communication terminal to receive the signals broadcast by each of the pseudolite base stations of said set, the encryption key being chosen so that the signals encoded by the pseudolite base stations correspond to said C / A signals without alteration offset according to a time distribution law or frequency hopping type;
- Authentification dudit terminal de communication mobile à partir de signaux d'identification transmis par ce dernier sur une liaison de transmission sans fil distincte dudit lien de communication unidirectionnel, ladite liaison de transmission sans fil étant une liaison courte portée entre le terminal de communication mobile et au moins une borne installée à l'intérieur dudit environnement, ou une liaison de données d'un système radio cellulaire;  Authentication of said mobile communication terminal from identification signals transmitted by the latter over a wireless transmission link distinct from said unidirectional communication link, said wireless transmission link being a short-range link between the mobile communication terminal and at least one terminal installed within said environment, or a data link of a cellular radio system;
- En cas d'authentification positive, transmission audit terminal de communication mobile d'au moins une clef de déchiffrement sur ladite liaison de transmission sans fil pour permettre audit terminal de déchiffrer les signaux codés qu'il reçoit.  - In case of positive authentication, transmission to said mobile communication terminal of at least one decryption key on said wireless transmission link to enable said terminal to decrypt the coded signals it receives.
Grâce à l'utilisation d'une clef de chiffrement qui n'altère pas la forme originale des signaux C/A mais ne fait que modifier l'instant ou la fréquence d'émission de ces signaux, on garantit que tous les terminaux mobiles équipés d'un récepteur satellite classique pourront recevoir les signaux diffusés par les stations de base pseudolites, mais que seuls les terminaux correctement authentifiés seront capables d'utiliser effectivement les signaux reçus. Thanks to the use of an encryption key which does not alter the original form of the C / A signals but only modifies the instant or the frequency of transmission of these signals, it is ensured that all the mobile terminals equipped a conventional satellite receiver can receive the signals broadcast by pseudolite base stations, but only correctly authenticated terminals will be able to actually use the received signals.
La liaison de transmission sans fil est de préférence une liaison courte portée du type WiFi ou Bluetooth entre le terminal de communication mobile et au moins une borne WiFi ou Bluetooth installée à l'intérieur dudit environnement. Cette liaison pourrait être aussi du type données (Datas) de systèmes cellulaires comme le GSM ou l'UMTS.  The wireless transmission link is preferably a short-range link of the WiFi or Bluetooth type between the mobile communication terminal and at least one WiFi or Bluetooth terminal installed within said environment. This link could also be data type (Datas) of cellular systems such as GSM or UMTS.
Le procédé peut comporter en outre une étape de détermination d'une information de localisation du terminal de communication mobile à partir de signaux transmis sur la liaison de transmission sans fil. Cette information peut alors être avantageusement utilisée pour déterminer une liste de stations de base préférentielles que le terminal de communication mobile doit écouter parmi les stations de base, cette liste étant alors transmise audit terminal par l'intermédiaire de ladite liaison de transmission sans fil .  The method may further comprise a step of determining a location information of the mobile communication terminal from signals transmitted on the wireless transmission link. This information can then be advantageously used to determine a list of preferential base stations that the mobile communication terminal must listen among the base stations, this list then being transmitted to said terminal via said wireless transmission link.
La clef de chiffrement qui est transmise au terminal de communication peut en outre être avantageusement fonction de l'information de localisation. Ainsi, le service fourni au terminal mobile peut dépendre de sa localisation au sein de l'environnement.  The encryption key that is transmitted to the communication terminal may also advantageously be a function of the location information. Thus, the service provided to the mobile terminal may depend on its location within the environment.
La présente invention a également pour objet un système d'assistance à la localisation d'un terminal de communication mobile dans un environnement fermé à partir de signaux C/A d'un système de localisation par satellite, caractérisé en ce qu'il comporte :  The present invention also relates to a system for assisting the location of a mobile communication terminal in a closed environment from C / A signals of a satellite positioning system, characterized in that it comprises:
- un ensemble de stations de base pseudolites installées dans ledit environnement fermé, aptes à diffuser des signaux codés selon au moins une clef de chiffrement sur un lien de communication unidirectionnel radiofréquence, permettant à un récepteur satellite équipant ledit terminal de communication mobile de recevoir les signaux diffusés par chacune des stations de bases pseudolites dudit ensemble, la clef de chiffrement étant choisie pour que les signaux codés par les stations de base pseudolites correspondent auxdits signaux C/A sans altération décalés selon une loi de répartition temporelle ou de type à saut de fréquence;  a set of pseudolite base stations installed in said closed environment, able to broadcast coded signals according to at least one encryption key on a radiofrequency unidirectional communication link, enabling a satellite receiver equipping said mobile communication terminal to receive the signals broadcast by each of the pseudolite base stations of said set, the encryption key being chosen so that the signals encoded by the pseudolite base stations correspond to said C / A signals without alteration offset according to a time distribution law or frequency hopping type ;
- des moyens d'identification aptes à authentifier ledit terminal de communication mobile à partir des signaux d'identification transmis par ce dernier sur une liaison de transmission sans fil distincte dudit lien de communication unidirectionnel, ladite liaison de transmission sans fil étant une liaison courte portée entre le terminal de communication mobile et au moins une borne installée à l'intérieur dudit environnement, ou une liaison de données d'un système radio cellulaire, lesdits moyens d'identification étant aptes en outre à transmettre audit terminal de communication mobile, en cas d'authentification positive, au moins une clef de déchiffrement sur ladite liaison de transmission sans fil pour permettre audit terminal de déchiffrer les signaux codés qu'il reçoit. identification means able to authenticate said terminal of mobile communication from the identification signals transmitted by the latter over a wireless transmission link separate from said unidirectional communication link, said wireless transmission link being a short-range link between the mobile communication terminal and at least one installed terminal within said environment, or a data link of a cellular radio system, said identification means being further able to transmit to said mobile communication terminal, in case of positive authentication, at least one decryption key on said wireless transmission link to enable said terminal to decrypt the coded signals it receives.
Un troisième objet de l'invention concerne un terminal de communication mobile pour la mise en œuvre du procédé d'assistance à la localisation, caractérisé en ce qu'il est apte à : A third subject of the invention concerns a mobile communication terminal for implementing the method of assisting localization, characterized in that it is capable of:
- Recevoir, par l'intermédiaire dudit lien de communication unidirectionnel, les signaux codés selon ladite clef de chiffrement par ledit ensemble de stations de base pseudolites;  Receiving, via said unidirectional communication link, the signals coded according to said encryption key by said set of pseudolite base stations;
- Recevoir, par l'intermédiaire de ladite liaison de transmission sans fil ladite clef de déchiffrement ;  Receiving, via said wireless transmission link, said decryption key;
- déchiffrer les signaux codés reçus au moyen de la clef de déchiffrement.  - decrypt the coded signals received by means of the decryption key.
La présente invention, ainsi que les avantages qu'elle procure, seront mieux compris au vu de la description suivante d'un exemple non limitatif de système de localisation implémentant l'invention, faite en description aux figures annexées dans lesquelles : The present invention, as well as the advantages it provides, will be better understood in view of the following description of a nonlimiting example of a location system implementing the invention, described in the appended figures in which:
- la figure 1 illustre schématiquement une architecture possible d'un système d'assistance à la localisation utilisant les principes d'authentification selon l'invention ;  FIG. 1 schematically illustrates a possible architecture of a location assistance system using the authentication principles according to the invention;
- la figure 2 illustre sous forme d'un synoptique simplifié, les différentes étapes mises en œuvre dans un procédé d'authentification conforme à l'invention, pour le système d'assistance à la localisation de la figure 1. Sur la figure 1 annexée, la référence 1 indique un système d'assistance à la localisation destiné à fournir, dans un environnement fermé à l'intérieur duquel le système est implanté, une aide à la localisation à un terminal 2 de communication mobile lorsque ce dernier est dans la couverture du système. Dans la suite de la description, on s'intéresse plus particulièrement au système GPS, étant entendu que l'invention s'applique également à d'autres systèmes de localisation par satellites, comme indiqué précédemment. FIG. 2 illustrates, in the form of a simplified block diagram, the various steps implemented in an authentication method according to the invention, for the location assistance system of FIG. 1. In FIG. 1 appended, the reference 1 indicates a location assistance system intended to provide, in a closed environment within which the system is implanted, a location aid to a mobile communication terminal 2 when this last is in the system cover. In the rest of the description, the GPS system is of particular interest, it being understood that the invention also applies to other satellite positioning systems, as indicated above.
L'aide à la localisation utilise les signaux transmis par un nombre N de stations de base pseudolites constituant un ensemble du système 1, dont quatre sont visibles sur la figure 1 et référencées PSI à PS4, ces signaux étant aptes à être tous ou en partie reçus par un récepteur GPS (non représenté) équipant le terminal 2 de communication mobile, selon l'endroit où se trouve le terminal à un instant donné. Le système 1 d'assistance est couplé au système de navigation par satellite représenté par la référence générale 3. En variante, le système 1 d'assistance est totalement autonome, c'est à dire que les valeurs de bases utilisées sont connues du système 1 sans pour autant que celui-ci soit relié au système de navigation par satellite 3. Dans tous les cas, les stations de base pseudolites PSi (i= 1 à N) transmettent sur un lien ou support de communication GPS radiofréquence et unidirectionnel 10 des signaux de puissances déterminées, du même type que ceux émis par les satellites du système GPS 3.  The location aid uses the signals transmitted by an N number of pseudolite base stations constituting a set of the system 1, four of which are visible in FIG. 1 and referenced PSI to PS4, these signals being able to be all or part of received by a GPS receiver (not shown) equipping the mobile communication terminal 2, depending on the location of the terminal at a given time. The assistance system 1 is coupled to the satellite navigation system represented by the general reference 3. In a variant, the assistance system 1 is completely autonomous, that is to say that the basic values used are known to the system 1 without the latter being connected to the satellite navigation system 3. In all cases, pseudolite base stations PSi (i = 1 to N) transmit on a link or radio communication medium radiofrequency and unidirectional 10 signals certain powers, of the same type as those emitted by the satellites of the GPS 3 system.
Conformément à l'invention, les signaux relatifs au service (ici, l'assistance à la localisation) sont codés selon un code C/A et une clef de chiffrement et diffusés sur une fréquence porteuse Ll, par exemple égale à 1575,42 MHz sur le support de communication 10. La clef de chiffrement est choisie pour que les signaux codés par les stations de base pseudolites correspondent auxdits signaux C/A sans altération. En outre, la clef nécessaire au déchiffrement est transmise aux seuls terminaux mobiles qui ont été authentifiés, l'étape d'authentification d'une part, et l'étape de transmission d'autre part, de la clef de déchiffrement s'effectuant en utilisant une liaison de transmission sans fil distincte du support de communication 10. Avantageusement, la clef transmise au terminal n'est pas unique ni fixe et peut dépendre notamment de la qualité de service souscrite pour chaque terminal à l'endroit où il reçoit cette clef. According to the invention, the signals relating to the service (here, the assistance to the location) are coded according to a C / A code and an encryption key and broadcast on a carrier frequency L1, for example equal to 1575.42 MHz on the communication medium 10. The encryption key is chosen so that the signals coded by the pseudolite base stations correspond to said C / A signals without alteration. In addition, the key necessary for decryption is transmitted only to mobile terminals that have been authenticated, the authentication step on the one hand, and the transmission step on the other hand, the decryption key being performed in using a wireless transmission link distinct from the communication medium 10. Advantageously, the key transmitted to the terminal is not unique or fixed and may depend in particular on the quality of service subscribed for each terminal where it receives this key.
La clef de chiffrement peut dans un premier mode de réalisation être une loi de répartition temporelle de présence de l'information à décoder. Ainsi seuls les terminaux connaissant cette loi peuvent décoder les signaux émis par les stations de base pseudolites, ceux-ci n'étant alors pas altérés dans leur forme originale mais sur la façon dont ils sont émis par la station de base pseudolite. Dans un deuxième mode de réalisation cela peut être un chiffrement des codes C/A. Dans un troisième mode de réalisation, la clef de chiffrement peut être une loi de décalage en fréquences plus connue sous le terme anglo-saxon de « frequency hopping ».  The encryption key may in a first embodiment be a temporal distribution law of presence of the information to be decoded. Thus only the terminals knowing this law can decode the signals emitted by the pseudolite base stations, these being not then altered in their original form but on the way in which they are transmitted by the pseudolite base station. In a second embodiment this can be an encryption of the C / A codes. In a third embodiment, the encryption key may be a frequency shift law, better known by the Anglo-Saxon term "frequency hopping".
Ainsi, tous les terminaux mobiles équipés d'un récepteur satellite GPS peuvent recevoir les signaux relatifs au service, dès lors qu'ils pénètrent dans la couverture des stations de base pseudolites, mais seuls ceux des terminaux qui ont pu être authentifiés comme abonnés au service, par une liaison distincte du support de communication se voient remettre, par cette même liaison, la clef de déchiffrement qui leur permettra d'interpréter, c'est-à-dire de déchiffrer les signaux codés reçus. En d'autres termes, la présente invention ne contrôle pas à proprement dire l'accès au service (tous les terminaux accèdent en effet au service dans la mesure où ils peuvent recevoir les signaux diffusés par les stations de base pseudolites), mais l'utilisation de ce service qui se voit limitée aux seuls terminaux correctement authentifiés.  Thus, all mobile terminals equipped with a GPS satellite receiver can receive the signals relating to the service, as soon as they enter the coverage of the pseudolite base stations, but only those of the terminals that could be authenticated as subscribers to the service. , by a separate link of the communication medium are given, by this same link, the decryption key that will allow them to interpret, that is to say, to decrypt the received coded signals. In other words, the present invention does not strictly control access to the service (all the terminals actually access the service to the extent that they can receive the signals broadcast by the base stations pseudolites), but the use of this service which is limited to only correctly authenticated terminals.
Pour ce faire, le procédé selon l'invention comprend essentiellement les étapes décrites ci-après, résumées sur la figure 2 annexée :  To do this, the process according to the invention essentially comprises the steps described below, summarized in the appended FIG. 2:
- L'étape référencée S0 correspond à la diffusion continue des signaux transmis par les stations de base pseudolites PS1-PS4 du système et codés selon une clef de chiffrement ;  The step referenced S0 corresponds to the continuous broadcast of the signals transmitted by the pseudolite base stations PS1-PS4 of the system and coded according to an encryption key;
- Lorsqu'un terminal de communication 2 entre dans la couverture de l'ensemble des stations de base pseudolites, on authentifie ce terminal en utilisant des signaux d'identification transmis par ce dernier sur une liaison 11 de transmission sans fil distincte du support de communication 10 véhiculant les signaux codés relatifs au service. Pour la mise en œuvre de cette étape référencée SI sur la figure 2, le système 1 d'assistance comporte, comme illustré sur la figure 1, des moyens d'identification comprenant d'une part, un serveur 12 auquel les stations de base pseudolites sont avantageusement reliées, et, d'autre part, au moins une borne reliée également au serveur, par exemple par un réseau 13 de type LAN. Dans l'exemple représenté, un nombre P de bornes Wifi dont trois seulement, référencées WF1 à WF3, sont visibles sur la figure, sont utilisées par le système pour permettre l'authentification du terminal. Ces bornes sont aptes à recevoir, automatiquement ou sur requête, des signaux d'identification transmis par le terminal 2 de communication mobile sur la liaison 11 de transmission sans fil distincte du lien 10 de communication GPS lorsque le terminal 2 passe à proximité. Bien entendu, le terminal 2 doit être équipé lui aussi de moyens (non représentés) lui permettant de transmettre de tels signaux Wifi. En variante, d'autres liaisons de communication à courte portée, telles qu'une liaison de type Bluetooth, peuvent être utilisées en remplacement ou en complément des bornes Wifi ou bien encore des liaisons de type GSM/UMTS. Dans tous les cas, des moyens logiciels (non représentés) au niveau du serveur 12 vont pouvoir déduire des signaux d'identification reçus par au moins l'une des bornes l'identité du terminal, et comparer cette identité à une liste d'identités correspondant aux utilisateurs abonnés au service, stockée dans une base de données (non représentée) du serveur. Le terminal 2 est par conséquent authentifié dès lors que son identité se trouve effectivement dans la liste connue du serveur. When a communication terminal 2 enters the coverage of all the pseudolite base stations, this terminal is authenticated by using identification signals transmitted by the latter on a wireless transmission link 11 distinct from the communication medium. 10 conveying the coded signals relating to the service. For the implementation of this step referenced SI in FIG. 2, the assistance system 1 comprises, as illustrated in FIG. 1, identification means comprising, on the one hand, a server 12 to which the pseudolite base stations are advantageously connected, and, on the other hand, at least one terminal also connected to the server, for example by a network 13 of the LAN type. In the example shown, a number P of Wifi terminals, only three of which, referenced WF1 to WF3, are visible in the figure, are used by the system to enable authentication of the terminal. These terminals are able to receive, automatically or on request, identification signals transmitted by the mobile communication terminal 2 on the wireless transmission link 11 separate from the GPS communication link 10 when the terminal 2 passes nearby. Of course, the terminal 2 must also be equipped with means (not shown) for transmitting such WiFi signals. In a variant, other short-range communication links, such as a Bluetooth-type link, may be used instead of or in addition to the Wifi terminals or even GSM / UMTS type links. In any case, software means (not shown) at the server 12 will be able to deduce from the identification signals received by at least one terminal the identity of the terminal, and compare this identity to a list of identities corresponding to the users subscribed to the service, stored in a database (not shown) of the server. The terminal 2 is therefore authenticated as soon as its identity is actually in the known list of the server.
- si, à l'issue de l'étape SI, le terminal 2 n'a pas été authentifié, le processus prend fin. Dans le cas contraire d'une authentification réussie (étape S2 sur la figure 2), on transmet audit terminal 2, via les bornes WiFi et sur la liaison 11, au moins une clef de déchiffrement (étape S3).  if, at the end of the step S1, the terminal 2 has not been authenticated, the process ends. In the opposite case of a successful authentication (step S2 in FIG. 2), at least one decryption key (step S3) is transmitted to said terminal 2 via the WiFi terminals and on the link 11.
- Sur réception de la clef de déchiffrement, le terminal 2 de communication est à présent apte à utiliser effectivement le service, en déchiffrant les signaux codés transmis par les stations de base pseudolites PS1-PS4 au moyen de la clef de déchiffrement. Cette clef de chiffrement dans le cas, par exemple, d'une clef composée d'une loi temporelle, va permettre de déterminer les codes GPS à décoder et la position temporelle des émetteurs à écouter. Avantageusement, les moyens de décodage GPS du terminal 2 et les moyens de transmission au réseau local WiFi ou Bluetooth sont en veille avant l'arrivée du terminal dans la couverture du système d'assistance, pour ne pas venir grever l'autonomie du terminal . Upon receipt of the decryption key, the communication terminal 2 is now able to effectively use the service, by decoding the coded signals transmitted by pseudolite base stations PS1-PS4 by means of the decryption key. This encryption key in the case, for example, of a key composed of a temporal law, will make it possible to determine the GPS codes to be decoded and the temporal position of the transmitters to listen. Advantageously, the GPS decoding means of the terminal 2 and the means of transmission to the local WiFi or Bluetooth network are idle before the arrival of the terminal in the coverage of the assistance system, so as not to burden the autonomy of the terminal.
On peut en outre avantageusement prévoir une étape additionnelle In addition, it is advantageous to provide an additional step
(non représentée) de détermination d'une information de localisation du terminal 2 de communication mobile à partir de signaux transmis sur ladite liaison 11 de transmission sans fil. En effet, la position des bornes étant connue du système, la réception des signaux par une ou plusieurs des bornes du système permet de déterminer une localisation grossière du terminal mobile. En variante, ou en complément, dans le cas où le terminal 2 de communication est un équipement disposant d'un accès à un réseau cellulaire public (GSM, UMTS...), on peut prévoir que le terminal transmette également aux bornes des informations concernant la dernière cellule du système public sur laquelle il a été inscrit préalablement à l'envoi à ce terminal de la clef de déchiffrement des informations nécessaires à l'utilisation du service. Ces informations seront traitées par le serveur 12 qui pourra alors déterminer avec plus de précision et plus rapidement la zone dans laquelle se situe le terminal. Ces informations peuvent être avantageusement complétées par les informations des cellules voisines transmises au terminal par le réseau cellulaire. (Not shown) for determining a location information of the mobile communication terminal 2 from signals transmitted on said wireless transmission link 11. Indeed, since the position of the terminals is known to the system, the reception of the signals by one or more of the terminals of the system makes it possible to determine a coarse localization of the mobile terminal. As a variant, or in addition, in the case where the communication terminal 2 is an equipment having access to a public cellular network (GSM, UMTS, etc.), it can be provided that the terminal also transmits information to the terminals. concerning the last cell of the public system on which it was registered prior to sending to this terminal of the decryption key information necessary for the use of the service. This information will be processed by the server 12 which can then determine more accurately and more quickly the area in which the terminal is located. This information can be advantageously completed by the information of the neighboring cells transmitted to the terminal by the cellular network.
L'information de localisation peut alors être avantageusement utilisée pour optimiser le service rendu. Notamment, on peut prévoir de mettre en œuvre une étape de détermination d'une liste de stations de base que le terminal 2 de communication mobile doit préférentiellement écouter parmi les stations de base pseudolites dudit ensemble, à partir de ladite information de localisation. La sélection des stations de base peut être très simplement fondée sur la suppression des stations de bases qui sont trop éloignées du mobile. En variante, on peut prévoir une analyse préalable des puissances théoriquement reçues par le récepteur GPS du terminal 2 en fonction de l'information de localisation, de façon à exclure de la liste toutes les stations de base pseudolites qui engendrerait des interférences au niveau du récepteur GPS. Quel que soit le critère de sélection choisi, la liste, une fois définie, est avantageusement transmise au terminal 2 par l'intermédiaire de la liaison 11 de transmission sans fil, par exemple simultanément à l'envoi de la clé de déchiffrement. The location information can then be advantageously used to optimize the service rendered. In particular, it may be provided to implement a step of determining a list of base stations that the mobile communication terminal 2 should preferentially listen among pseudolites base stations of said set, from said location information. The selection of base stations can be very simply based on the removal of base stations that are too far from the mobile. As a variant, it is possible to provide a preliminary analysis of the powers theoretically received by the GPS receiver of the terminal 2 as a function of the location information, so as to exclude from the list all the pseudolite base stations which would generate interference at the receiver. GPS. Whatever the selection criterion chosen, the list, once defined, is advantageously transmitted to the terminal 2 via the wireless transmission link 11, for example simultaneously with the sending of the decryption key.
L'information de localisation peut également être utilisée pour adapter le contenu du service. Ainsi, dans un aéroport par exemple, certaines informations sont plutôt dédiées aux utilisateurs potentiels des parkings, tandis que d'autres informations intéresseront plus particulièrement les passagers d'un avion empruntant une compagnie particulière. On peut ainsi prévoir que la clef de chiffrement qui est transmise à un terminal 2 de communication authentifié soit fonction de l'information de localisation.  Location information can also be used to adapt the content of the service. Thus, in an airport for example, some information is rather dedicated to the potential users of the car parks, while other information will be of particular interest to the passengers of a plane using a particular company. It can thus be provided that the encryption key that is transmitted to an authenticated communication terminal 2 is a function of the location information.
Bien que l'invention ait été décrite dans le cas où la fourniture du service de données concerne l'assistance à la localisation au moyen de stations de base pseudolites, on comprend que le principe de l'invention est applicable à la fourniture de tout service de données pour lequel les signaux relatifs au service sont diffusés sur un support de communication unidirectionnel, l'authentification du terminal mobile et la transmission de la clef de déchiffrement étant réalisées à partir d'une liaison de transmission distincte du support de communication fournissant le service.  Although the invention has been described in the case where the provision of the data service relates to assistance with locating by means of pseudolite base stations, it is understood that the principle of the invention is applicable to the provision of any service. for which the service signals are broadcast on a unidirectional communication medium, the mobile terminal authentication and the decryption key transmission being performed from a transmission link separate from the communication medium providing the service .

Claims

REVENDICATIONS
1. Procédé d'assistance à la localisation d'un terminal (2) de communication mobile dans un environnement fermé à partir de signaux C/A d'un système de localisation par satellite, caractérisé en ce qu'il comporte les étapes suivantes :  1. A method for assisting the location of a terminal (2) for mobile communication in a closed environment from C / A signals of a satellite positioning system, characterized in that it comprises the following steps:
- Diffusion (SO) de signaux codés selon au moins une clef de chiffrement par un ensemble de stations (PS1-PS4) de base pseudolites installées dans ledit environnement fermé, sur un lien (10) de communication unidirectionnel radiofréquence permettant à un récepteur satellite équipant ledit terminal (2) de communication mobile de recevoir les signaux diffusés par chacune des stations de bases pseudolites dudit ensemble, la clef de chiffrement étant choisie pour que les signaux codés par les stations de base pseudolites correspondent auxdits signaux C/A sans altération décalés selon une loi de répartition temporelle ou de type à saut de fréquence;  - Broadcasting (SO) coded signals according to at least one encryption key by a set of stations (PS1-PS4) base pseudolites installed in said closed environment, on a link (10) of unidirectional radiofrequency communication allowing a satellite receiver equipping said mobile communication terminal (2) receiving the signals broadcast by each of the pseudolite base stations of said set, the encryption key being chosen so that the signals encoded by the pseudolite base stations correspond to said C / A signals without alteration staggered according to a temporal distribution law or frequency hopping type;
- Authentification (SI) dudit terminal (2) de communication mobile à partir de signaux d'identification transmis par ce dernier sur une liaison (11) de transmission sans fil distincte dudit lien (10) de communication unidirectionnel, ladite liaison (11) de transmission sans fil étant une liaison courte portée entre le terminal (2) de communication mobile et au moins une borne (WF1-WF3) installée à l'intérieur dudit environnement, ou une liaison de données d'un système radio cellulaire;  - Authentication (SI) of said mobile communication terminal (2) from identification signals transmitted by the latter on a wireless transmission link (11) separate from said unidirectional communication link (10), said link (11) of wireless transmission being a short-range link between the mobile communication terminal (2) and at least one terminal (WF1-WF3) installed within said environment, or a data link of a cellular radio system;
- En cas d'authentification positive (S2), transmission (S3) audit terminal (2) de communication mobile d'au moins une clef de déchiffrement sur ladite liaison (11) de transmission sans fil pour permettre audit terminal de déchiffrer (S4) les signaux codés qu'il reçoit.  - In case of positive authentication (S2), transmission (S3) to said mobile communication terminal (2) of at least one decryption key on said wireless transmission link (11) to enable said terminal to decrypt (S4) the coded signals it receives.
2. Procédé selon la revendication 1, caractérisé en ce que ladite liaison (11) de transmission sans fil est une liaison courte portée du type WiFi ou Bluetooth entre le terminal (2) de communication mobile et au moins une borne WiFi (WF1-WF3) ou Bluetooth installée à l'intérieur dudit environnement. 2. Method according to claim 1, characterized in that said wireless transmission link (11) is a short-range link of the WiFi or Bluetooth type between the mobile communication terminal (2) and at least one WiFi terminal (WF1-WF3). ) or Bluetooth installed inside said environment.
3. Procédé selon la revendication 1, caractérisé en ce que ladite liaison (11) de transmission sans fil est une liaison de données d'un système radio cellulaire de type GSM ou UMTS. 3. Method according to claim 1, characterized in that said wireless transmission link (11) is a data link of a cellular radio system of GSM or UMTS type.
4. Procédé selon l'une quelconque des revendications précédentes, caractérisé en ce qu'il comporte en outre une étape de détermination d'une information de localisation dudit terminal (2) de communication mobile à partir de signaux transmis sur ladite liaison (11) de transmission sans fil. 4. Method according to any one of the preceding claims, characterized in that it further comprises a step of determining a location information of said mobile communication terminal (2) from signals transmitted on said link (11). wireless transmission.
5. Procédé selon la revendication 4, caractérisé en ce qu'il comporte en outre une étape de détermination d'une liste de stations de base préférentielles que le terminal (2) de communication mobile doit écouter parmi les stations de base (PS1-PS4) dudit ensemble, à partir de ladite information de localisation, et en ce que ladite liste est transmise audit terminal par l'intermédiaire de ladite liaison (11) de transmission sans fil . 5. Method according to claim 4, characterized in that it further comprises a step of determining a list of preferential base stations that the mobile communication terminal (2) must listen among the base stations (PS1-PS4). ) of said set, from said location information, and in that said list is transmitted to said terminal via said wireless transmission link (11).
6. Procédé selon l'une quelconque des revendications 4 ou 5, caractérisé en ce que la clef de chiffrement qui est transmise audit terminal (2) de communication est fonction de ladite information de localisation. 6. Method according to any one of claims 4 or 5, characterized in that the encryption key which is transmitted to said terminal (2) of communication is a function of said location information.
7. Procédé selon l'une quelconque des revendications 1 à 3, caractérisé en ce que la clef de chiffrement qui est transmise au dit terminal (2) de communication est fonction du niveau de service autorisé au terminal identifié. 7. Method according to any one of claims 1 to 3, characterized in that the encryption key which is transmitted to said communication terminal (2) is a function of the level of service authorized terminal identified.
8. Procédé selon l'une quelconque des revendications précédentes, caractérisé en ce que le système de localisation par satellite est de type GPS ou Galileo ou Glonass ou Compass ou QZSS. 8. Method according to any one of the preceding claims, characterized in that the satellite positioning system is GPS or Galileo type or Glonass or Compass or QZSS.
9. Système d'assistance à la localisation d'un terminal (2) de communication mobile dans un environnement fermé à partir de signaux C/A d'un système de localisation par satellite, caractérisé en ce qu'il comporte : - un ensemble de stations (PS1-PS4) de base pseudolites installées dans ledit environnement fermé, aptes à diffuser des signaux codés selon au moins une clef de chiffrement sur un lien (10) de communication unidirectionnel radiofréquence, permettant à un récepteur satellite équipant ledit terminal (2) de communication mobile de recevoir les signaux diffusés par chacune des stations de bases pseudolites dudit ensemble, la clef de chiffrement étant choisie pour que les signaux codés par les stations de base pseudolites correspondent auxdits signaux C/A sans altération décalés selon une loi de répartition temporelle ou de type à saut de fréquence; 9. System for assisting the location of a terminal (2) for mobile communication in a closed environment from C / A signals of a satellite positioning system, characterized in that it comprises: a set of basic pseudolite stations (PS1-PS4) installed in said closed environment, able to broadcast coded signals according to at least one encryption key on a radiofrequency unidirectional communication link (10), enabling a satellite receiver equipping said mobile communication terminal (2) to receive the signals broadcast by each of the pseudolite base stations of said set, the encryption key being chosen so that the signals encoded by the pseudolite base stations correspond to said C / A signals without alteration shifted according to a temporal distribution or frequency hopping type;
-des moyens (WF1-WF3, 12) d'identification aptes à authentifier (SI) ledit terminal (2) de communication mobile à partir des signaux d'identification transmis par ce dernier sur une liaison (11) de transmission sans fil distincte dudit lien (10) de communication unidirectionnel, ladite liaison (11) de transmission sans fil étant une liaison courte portée entre le terminal (2) de communication mobile et au moins une borne (WF1-WF3) installée à l'intérieur dudit environnement, ou une liaison de données d'un système radio cellulaire, lesdits moyens (WF1-WF3, 12) d'identification étant aptes en outre à transmettre audit terminal (2) de communication mobile, en cas d'authentification positive, au moins une clef de déchiffrement sur ladite liaison (11) de transmission sans fil pour permettre audit terminal de déchiffrer les signaux codés qu'il reçoit. identification means (WF1-WF3, 12) capable of authenticating (SI) said mobile communication terminal (2) from the identification signals transmitted by the latter on a separate wireless transmission link (11) of said unidirectional communication link (10), said wireless transmission link (11) being a short-range link between the mobile communication terminal (2) and at least one terminal (WF1-WF3) installed within said environment, or a data link of a cellular radio system, said identification means (WF1-WF3, 12) being further able to transmit to said mobile communication terminal (2), in case of positive authentication, at least one key of decryption on said wireless transmission link (11) to enable said terminal to decrypt the coded signals it receives.
10. Système selon la revendication 9, caractérisé en ce que lesdits moyens (WF1-WF3, 12) d'identification comportent au moins une borne (WF1-WF3) apte à recevoir lesdits signaux d'identification transmis par ledit terminal (2) de communication mobile sur ladite liaison (11) de transmission sans fil et un serveur (12) auquel ladite borne (WF1-WF3) est reliée. 10. System according to claim 9, characterized in that said identification means (WF1-WF3, 12) comprise at least one terminal (WF1-WF3) adapted to receive said identification signals transmitted by said terminal (2). mobile communication on said wireless transmission link (11) and a server (12) to which said terminal (WF1-WF3) is connected.
11. Système selon la revendication 10, caractérisé en ce que ledit serveur (12) est également relié à l'ensemble des stations de base pseudolites (PS1-PS4). 11. System according to claim 10, characterized in that said server (12) is also connected to all the pseudolite base stations (PS1-PS4).
12. Système selon l'une quelconque des revendications 9 à 11, caractérisé en ce que les moyens (WF1-WF3, 12) d'identification sont aptes à déterminer une information de localisation dudit terminal (2) de communication mobile à partir de signaux transmis sur ladite liaison (11) de transmission sans fil, à déduire de ladite information de localisation une liste de stations de base préférentielles que le terminal (2) de communication mobile doit écouter parmi les stations de base (PS1-PS4) dudit ensemble, et à transmettre ladite liste audit terminal par l'intermédiaire de ladite liaison (11) de transmission sans fil.  12. System according to any one of claims 9 to 11, characterized in that the identification means (WF1-WF3, 12) are able to determine a location information of said mobile communication terminal (2) from signals transmitted on said wireless transmission link (11), to deduce from said location information a list of preferential base stations that the mobile communication terminal (2) must listen among the base stations (PS1-PS4) of said set, and transmitting said list to said terminal via said wireless transmission link (11).
13. Terminal (2) de communication mobile pour la mise en œuvre du procédé d'assistance à la localisation selon les revendications 1 à 8, caractérisé en ce qu'il est apte à :  13. Terminal (2) for mobile communication for the implementation of the location assistance method according to claims 1 to 8, characterized in that it is able to:
- Recevoir, par l'intermédiaire dudit lien (10) de communication unidirectionnel, les signaux codés selon ladite clef de chiffrement par ledit ensemble de stations (PS1-PS4) de base pseudolites;  - Receiving, via said link (10) unidirectional communication, the signals encoded according to said encryption key by said set of stations (PS1-PS4) basic pseudolites;
- Recevoir, par l'intermédiaire de ladite liaison (11) de transmission sans fil ladite clef de déchiffrement ;  Receiving, via said wireless transmission link (11), said decryption key;
- déchiffrer les signaux codés reçus au moyen de la clef de déchiffrement.  - decrypt the coded signals received by means of the decryption key.
PCT/FR2010/052266 2009-10-26 2010-10-22 Method for authenticating a mobile communication terminal for providing data service, and related service-providing system and terminal WO2011051605A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
EP10787835A EP2494764A1 (en) 2009-10-26 2010-10-22 Method for authenticating a mobile communication terminal for providing data service, and related service-providing system and terminal

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
FR0957497 2009-10-26
FR0957497A FR2951833B1 (en) 2009-10-26 2009-10-26 METHOD OF AUTHENTICATING A MOBILE COMMUNICATION TERMINAL FOR PROVIDING A DATA SERVICE, SERVICE PROVIDING SYSTEM AND TERMINAL THEREFOR

Publications (1)

Publication Number Publication Date
WO2011051605A1 true WO2011051605A1 (en) 2011-05-05

Family

ID=42340351

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/FR2010/052266 WO2011051605A1 (en) 2009-10-26 2010-10-22 Method for authenticating a mobile communication terminal for providing data service, and related service-providing system and terminal

Country Status (3)

Country Link
EP (1) EP2494764A1 (en)
FR (1) FR2951833B1 (en)
WO (1) WO2011051605A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112042241A (en) * 2018-02-15 2020-12-04 诺基亚技术有限公司 Ranking and grouping positioning assistance data for broadcast

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7106863B2 (en) * 2000-05-12 2006-09-12 Agence Spatiale Europeenne Method for positioning by satellites
US7158885B1 (en) * 2003-12-23 2007-01-02 Trimble Navigation Limited Remote subscription unit for GPS information

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7106863B2 (en) * 2000-05-12 2006-09-12 Agence Spatiale Europeenne Method for positioning by satellites
US7158885B1 (en) * 2003-12-23 2007-01-02 Trimble Navigation Limited Remote subscription unit for GPS information

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112042241A (en) * 2018-02-15 2020-12-04 诺基亚技术有限公司 Ranking and grouping positioning assistance data for broadcast

Also Published As

Publication number Publication date
EP2494764A1 (en) 2012-09-05
FR2951833B1 (en) 2012-06-29
FR2951833A1 (en) 2011-04-29

Similar Documents

Publication Publication Date Title
EP3044966A1 (en) Method for controlling access to broadcast content
EP2235691A1 (en) Method of producing a proof of presence or of operation of an entity in an identified zone for a duration greater than a given threshold, and monitoring system.
EP1722564A1 (en) Local conditional access method for mobile receivers
FR3009159A1 (en) METHOD FOR PROCESSING GEOLOCATION DATA
EP2335376A2 (en) Secure methods of transmitting and receiving data between terminals comprising means of near-field communication, and corresponding terminals
FR3097664A1 (en) Vehicle sharing system and vehicle access method of such a system
EP2822285A1 (en) Pairing devices through distinct networks
FR2932936A1 (en) METHOD FOR SECURING EXCHANGES BETWEEN A REQUESTOR NODE AND A RECEIVING NODE, SAID NODES BELONGING TO A COMMUNICATION NETWORK.
WO2011051605A1 (en) Method for authenticating a mobile communication terminal for providing data service, and related service-providing system and terminal
EP2369780A1 (en) Method and system for validating a transaction, and corresponding transactional terminal and programme
WO2002063910A1 (en) System and method for locating a mobile terminal and obtaining data related to said location
FR2808944A1 (en) Satellite geolocation system has user authentication system including a user transmitter, satellites and control/master stations
EP3479487A1 (en) Detection and communication system for mobile devices.
WO2023237725A1 (en) Satellite communication device for communicating with vehicles
EP1502382B8 (en) Network access control method
WO2023046443A1 (en) Method for estimating a number of vehicles in communication with a satellite
WO2009156311A1 (en) Method of locating a radiocommunication device, corresponding computer program product, storage means and radiocommunication module
EP4158924A1 (en) Grouping of trajectories in the encrypted domain
FR3143159A1 (en) Musical frequency cyber security remote control
BE1020800A3 (en) METHOD OF TRIGGERING A NETWORK SELECTION OPERATION BY A COMMUNICATION TERMINAL.
WO2011023904A1 (en) Method for the geolocated broadcasting of content in a telecommunication network
CA3240055A1 (en) Method for controlling access to an area to be secured, and associated initialisation method
EP1782653A1 (en) Method for access control between a control module and an autonomous locating module
WO2020174137A1 (en) Symmetric cryptography method and device for vehicle processor
FR3068501A1 (en) SYSTEM AND METHOD FOR WIRELESS DOWNLOAD IN ONBOARD CALCULATORS

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 10787835

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

WWE Wipo information: entry into national phase

Ref document number: 2010787835

Country of ref document: EP