WO2020141561A1 - Procédé et système de transmission d'informations sécurisées à un dispositif portable - Google Patents

Procédé et système de transmission d'informations sécurisées à un dispositif portable Download PDF

Info

Publication number
WO2020141561A1
WO2020141561A1 PCT/IN2020/050013 IN2020050013W WO2020141561A1 WO 2020141561 A1 WO2020141561 A1 WO 2020141561A1 IN 2020050013 W IN2020050013 W IN 2020050013W WO 2020141561 A1 WO2020141561 A1 WO 2020141561A1
Authority
WO
WIPO (PCT)
Prior art keywords
information
subscriber
gateway
translated
mobile station
Prior art date
Application number
PCT/IN2020/050013
Other languages
English (en)
Inventor
Ashiesh SHUKLA
Original Assignee
Shukla Ashiesh
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shukla Ashiesh filed Critical Shukla Ashiesh
Publication of WO2020141561A1 publication Critical patent/WO2020141561A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • H04L67/565Conversion or adaptation of application format or content
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/08Protocols for interworking; Protocol conversion
    • H04L69/085Protocols for interworking; Protocol conversion specially adapted for interworking of IP-based networks with other networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]

Definitions

  • the present invention relates to a method for transmission, and more particularly, to a method of transmitting secure information to a hand held device.
  • a method for transmitting secure information to a hand held device comprises providing by a gateway a transfer protocol to an information provider for transmitting user information from the information provider to the gateway.
  • the method also provides for converting by the gateway subscriber information to a translated information using a pre-shared key.
  • the method further illustrates providing by the gateway the translated information to a mobile station.
  • the mobilisation thereafter identifies the subscriber identity module based on the translated information to which the information into be transmitted.
  • the mobile station then transmits the user information to the subscriber module.
  • the subscriber module then transmits the information to a client application.
  • the subscriber identity module transmits the translated user information to the client application based on a TAR (Toolkit Application Reference) value.
  • the converted information to a mobile station comprises providing the translated user information over a telecom service provider.
  • translating the information comprises, encrypting by the gateway the subscriber information using the pre-shared key, and adding a GSM (Global Sytem for Mobile Communication) header to the encrypted information.
  • GSM Global Sytem for Mobile Communication
  • Fig. l illustrates a block diagram depicting GSM architecture, according to an exemplary implementation of the present invention.
  • FIG. 2 illustrates a communication system for transmitting secure information to a hand held device, according to an exemplary implementation of the present invention.
  • FIG. 3 illustrates a flow chart of transmitting secure information to a hand held device.
  • Fig. l illustrates a block diagram depicting GSM architecture, according to an exemplary implementation of the present invention.
  • GSM Global System for Mobile communications
  • GSM Global System for Mobile communications
  • a GSM digitizes and reduces the data, then sends it down through a channel with two different streams of client data, each in its own particular time slot.
  • the digital system has the ability to carry data at different rates.
  • a GSM network consists of the following components, a hand held device, a mobile station, a base station subsystem and a network subsystem.
  • a hand held device The hand lead device consists of the transceiver, the display and the processor and is controlled by a SIM card and client applications operating over the network.
  • a mobile station (MS) (104) communicates across the air interface with a base station transceiver in the same cell in which the mobile subscriber unit is located.
  • the MS (104) communicates the information with the user on a hand held device, and modifies it as per the transmission protocols to communicate with a Base Station Subsystem (BSS).
  • BSS Base Station Subsystem
  • the user’s voice information is interfaced with the MS through a microphone and speaker for the speech, keypad, and display for short messaging, and the cable connection for other data terminals.
  • the hand held device refers to the physical device, which comprises of a transceiver, digital signal processors, and the antenna.
  • the hand held device consists of the GSM Subscriber Identity Module (SIM) (102).
  • SIM GSM Subscriber Identity Module
  • the GSM network consists of a Base Station Subsystem (BSS), the BSS acts as an interface between the mobile station and a network subsystem.
  • BSS Base Station Subsystem
  • BTS Base Transceiver Subsystem
  • BSC Base Station Controller
  • the interface that connects a BTS (106, 108) to a BSC (110, 112) is called the A-bis interface.
  • the interface between the BSC and the MSC is called the A interface, which is standardised within the GSM.
  • the (BTS) contains the radio transceivers and handles the protocols for communication with mobiles. It also consists of a Base Station Controller which controls the Base Transceiver Station and acts as an interface between the mobile station and mobile switching centre. Each Base Transceiver Station defines a single cell. A cell can have a radius of between 100m to 35km, depending on the environment the range can be enhanced to decreased.
  • the Base Station Controller may be connected with a BTS. It may control multiple BTS units and hence multiple cells.
  • the GSM architecture also describes a Network Subsystem (NSS) (113).
  • NSS Network Subsystem
  • the Network Subsystem provides the basic network connection to the mobile stations.
  • the basic part of the Network Subsystem is the Mobile Service Switching Centre which provides access to different networks like ISDN, PSTN etc. It also consists of the Home Location Register HLR (114) and the Visitor Location Register VLR (116) which provides the call routing and roaming capabilities of GSM. It also contains the Equipment Identity Register which maintains an account of all the mobile equipments wherein each mobile is identified by its own 1MEI number. IMEI stands for International Mobile Equipment Identity.
  • the NSS is responsible for the network operation.
  • the NSS (113) provides the link between the cellular network (also known as the gateway) and the Public switched telecommunicates Networks (PSTN or ISDN or Data Networks).
  • PSTN Public switched telecommunicates Networks
  • the NSS (113) controls handoffs between cells in different BSSs, authenticates user and validates their accounts, and includes functions for enabling worldwide roaming of mobile subscribers.
  • the switching subsystems formed within the mobile service switching centre consists of:
  • HLR Home Location register
  • VLR Visitor Location Register
  • the NSS has one hardware, Mobile switching center and four software database element, namely the Home location register (HLR) (114), the Visitor Location Register (VLR) (116), and the Authentications center (Auc) and the Equipment Identity Register (EIR) (120).
  • the MSC (118) performs the switching function of the system by controlling calls to and from other telephone and data systems.
  • the controlling function of the MSC includes functions such as network interfacing and common channel signalling.
  • the HLR as disclosed above is database software that handles the management of the mobile subscriber’s account namely the hand held device’s account. It stores the subscriber address, service type, current locations, forwarding address, authentication/ciphering keys, and billings information.
  • the SIM card is identified with an International Mobile Subscribes Identity (IMSI) number that is totally different from the ISDN telephone number.
  • IMSI International Mobile Subscribes Identity
  • the HLR is the reference database that permanently stores data related to subscribers, including subscriber’s service profile, location information, and activity status.
  • the VLR is a temporary database software similar to the HLR identifying the mobile subscribers visiting inside the coverage area of an MSC.
  • the VLR assigns a Temporary mobile subscriber Identity (TMSI) that is used to avoid using IMSI on the air.
  • TMSI Temporary mobile subscriber Identity
  • the visitor location register maintains information about mobile subscribers that is currently physically in the range covered by the switching center.
  • LA Local Area
  • the current location is automatically updated in the VLR.
  • the VLR connected to the MSC will request data about the mobile stations from the HLR.
  • the entry on the old VLR is deleted and an entry is created in the new VLR by copying the database from the HLR.
  • the AuC database holds different algorithms that are used for authentication and encryptions of the mobile subscribers that verify the mobile user’s identity and ensure the confidentiality of each call.
  • the AuC holds the authentication and encryption keys for all the subscribers in both the home and visitor location register.
  • the EIR (120) is another database that keeps the information about the identity of mobile equipment such as the International mobile Equipment Identity (IMEI) that reveals the details about the manufacturer, country of production, and device type. This information is used to prevent calls from being misused, to prevent unauthorized or defective mobile switching, to report stolen mobile phones or check if the mobile phone is operating according to the specification of its type.
  • IMEI International mobile Equipment Identity
  • SIM card technology is one of the most popular technology which is used in hand held devices and is used to activate the connection and to communicate and for making links with the server system and also used in various electrical and electronic projects. It is the Subscriber Identity Module that contains the integrated circuit to store the International Mobile Subscriber Identity or IMSI and the keys to identify and authenticate the subscribers on the communication system.
  • the SIM is embedded in a smart card that can be removed and transferred to different mobile phones.
  • SIM cards allow the storage of application data that communicate with the handset or server using the SIM application tool kit.
  • the SIM card stores network specific information to authenticate the identity of the subscriber in the network.
  • the SIM may contain other data like Short Message Service Centre number or SMSC, Service Provider Name or SPN, Service Dialing Number or SDN, Value Added Service or VAS, etc.
  • the SIM card performs the function of identifying the subscriber, the IMSI programmed on the SIM card, is the identity of a subscriber. Each IMSI is mapped to a mobile number and provisioned on the HLR to allow a subscriber to be identified.
  • the SIM card further performs the authentication of the subscriber. The authentication process uses the authentication engine on the SIM card, a unique response is provided by each subscriber based on IMSI (stored on SIM) and a Random Number RAND as provided by the network. By matching this response with values computed on the network a legal subscriber is logged on to the network and he or she can now make use the services of the mobile service provider. SIM card is becoming a feature of mobile work.
  • the SIM card also functions to store phone numbers and SMS.
  • the SIM card module is configured to provide for applications using the SIM card tool kit or GSM 11.14 standard or any other well known operating tool kit for creating of client applications.
  • Applications on the SIM provide basic information on demand and other Applications for m-commerce, chatting, cell broadcast, phonebook backup etc. provide added functionalities to the SIM card module.
  • the above disclosure generally illustrates the functioning of GSM communication with a hand held device and the SIM card.
  • the above disclosure nowhere limits a person skilled in the art to modify the communication to achieve the desired functionality.
  • the present disclosure is focused towards providing a mechanism which addresses the problems defined in the background of the present disclosure.
  • the invention is a method and a system to deliver critical information in a telecommunication network to user terminals, via SIM Card, especially for delivering information to mobile stations, using a super secure channel.
  • the method according to the invention is performed in a telecommunication network.
  • the method broadly comprises of an information provider such as banks etc. that deliver user information.
  • the method provides for means for converting the user information to a secure form namely the translated information.
  • the method provides for sending the translated information to a hand held device.
  • the hand held device to which the information is delivered is provided with a SIM Card Module which receives the translated information and passes the information to a client application, where the client application is incorporated in the SIM card.
  • the client application is incorporated on the SIM card and is configured to receive the information and display to user in an appropriate manner by authenticating user with a PIN and storing the information in a data store on SIM Card in a secure form.
  • the hand held device also known as the client terminal in such systems is usually a mobile phone, and the means for converting the information from one form to another secure form is a gateway.
  • FIG. 2 illustrates a communication system for transmitting secure information to a hand held device, according to an exemplary implementation of the present invention.
  • the information provider i.e. providers such as banks etc. send critical information to users on their hand held device for various types of transactions.
  • This critical information passes through various levels of nodes in the GSM communication system.
  • Various malware activities have nowadays comprised the security of such critical information. Accordingly, the present disclosure provides a secure way to transmit such information.
  • the critical information known as InformationOriginal is sent from the information provider (202) to a Gateway (204).
  • the gateway is provided with the service provider Channel between Information Provider and Gateway is secure with the mutually agreed security protocols.
  • the mutually agreed protocols are protocols which have been pre-shared between the gateway and information provider.
  • the gateway (204) converts the information (InformationOriginal) to another form i.e. InformationTravel in a way to ensure that the mobile station passes the information directly to SIM Card.
  • the SIM Card passes the information to the designated client application only. No application on client terminal would be able to read the content of the information and only client application would be able to read and interpret the information.
  • the client application has been formed based on the GSM tool kit.
  • the gateway (204) converts the information original into information travel to achieve this gateway encrypts the information using pre shared key and encryption engine.
  • the encrypted information is formed by converting the InformationOriginal into InformationENCR .
  • the InformationENCR formed by encrypting the InformationOriginal along with the key and the encryption engine.
  • the gateway is further configured to use specific set of values in the header for the data coding scheme (DCS), the Protocol Identifier (PID) and the TAR.
  • the specific set of values may vary based on the requirement of the communication. In an exemplary embodiment the following value may be used in the GSM header for DCS, PID and TAR:
  • DCS data coding scheme 246 Decimal (7F in HEX)
  • TAR TAR of the client application on the SIM Card
  • the Gateway sends the converted information InformationTravei to the mobile station over a communication channel, preferably a SMS channel via a TSP Telecom Service Provider network.
  • the mobile station is configured to pass the InformationTravei to a SIM Card module which has the designated TAR value.
  • the SIM thereafter passes the information to client application incorporated in the SIM (102).
  • Mobile station uses the GSM Header values in Information Travei for this purpose. With the DCS and PID value, which we set 246 and 127 respectfully, the mobile station identifies that the information (InformationTravei) is intended for the designated SIM Card. Mobile station fetches the values of DCS and PID. With the DCS and PID value, which we set 246 and 127 respectfully, mobile station identifies that the information is intended for SIM Card.
  • SIM Card passes the information (Information Travei ) to client application on card with the matching TAR value with TAR value coming in GSM header of the information.
  • Client application converts the information to original form and stores the information in data store in a secure format. To do this first client application removes GSM Header from and gets the encrypted information (InformationENCR). Subsequently, the client application decrypts the encrypted information (InformationENCR) and procures the original information. In a simple format,
  • InformationENCR Information navd - GSM Header
  • the client application again encrypts the Information with a key and encryption engine and stores the application in file system of the SIM Card.
  • Informationstore Encrypt(Informationoriginai, key2, Encryption Algorithm2) [0048] Client application reads the information(s) from the data store. When user intend to read the Informationoriginai, Client Application reads the Informations tore from the SIM Card file system and decrypt it to get the original information.
  • Client Application may give instruction to mobile station to take PIN as input from end user and Client Application validates the PIN and
  • Client Application instruct mobile station to display other options to access and process information; like read information, delete information from data store etc..
  • Fig. 3 illustrates a flow chart of transmitting secure information to a hand held device.
  • the method begins at step 302, wherein the gateway provides a mutually agreed protocol to an information provider for transmitting user information from the information provider to the gateway.
  • the mutually agreed protocols may be such protocols which provide a secure passage of subscriber information from the service provider to the gateway.
  • the information provider transmits critical information such as one time password etc. to the gateway over the transfer protocol.
  • step 304 converting by the gateway a subscriber information to a translated information using a pre-shared key.
  • the gateway is configured to convert the subscriber information according to the method disclosed in the disclosure.
  • the gateway treats the subscriber information as Informationoriginai .
  • the gateway performs the same steps as performed on Informationoriginai , recited above, to translate the subscriber information into a translated information.
  • the translated information can also be called as
  • the method recites providing by the gateway the converted subscriber information to a mobile station.
  • the Gateway sends the converted subscriber information i.e. Information Travei to the mobile station over a communication channel, preferably an SMS channel via a TSP Telecom Service Provider network.
  • the mobile station identifies a SIM card module based on the designated TAR value.
  • the Mobile station uses the GSM Header values in InformationTravei for this purpose.
  • the mobile station passes the subscriber information to the SIM card.
  • the mobile station is configured to pass the InformationTravei to a SIM Card module which has the designated TAR value.
  • the mobile station is configured to use the DCS and PID value disclosed above, which was set in the exemplary embodiment as 246 and 127 respectfully, the mobile station identifies that the information (InformationTravei) is intended for the designated SIM Card.
  • Mobile station fetches the values of DCS and PID. With the DCS and PID value, which we set 246 and 127 respectfully, the mobile station identifies that the information is intended for the particular SIM Card.
  • the SIM card module passes the information to a client application module which has been installed in the sim card.
  • the client application module have been installed as per the SIM card tool kit or GSM 11.14 standard or any other well known operating tool kit for creating client applications.
  • SIM Card receives the InformationTravei
  • SIM Card passes the information (Information Travei ) to client application on the card with the matching TAR value with TAR value coming in GSM header of the information.
  • the client application converts the information to the original form and stores the information in data store in a secure format. Accordingly, the user is provided with the information in a secure manner, wherein no breach can take place.
  • Embodiments of the present invention provide an inter-working of communication components in a GSM architecture.
  • the system requires substantially no modification of some of the existing standardized components of the GSM network and requires no changes to the communication format.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Telephone Function (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

L'invention concerne un procédé et un système permettant de transmettre des informations sécurisées à un dispositif portable au moyen d'une passerelle permettant de transmettre des informations d'utilisateur à partir du fournisseur d'informations. Les informations d'abonné sont converties à l'aide d'une clé pré-partagée. Les informations converties sont transmises à un module d'identification d'abonné puis transmises à une application client.
PCT/IN2020/050013 2019-01-04 2020-01-04 Procédé et système de transmission d'informations sécurisées à un dispositif portable WO2020141561A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
IN201911000383 2019-01-04
IN201911000383 2019-01-04

Publications (1)

Publication Number Publication Date
WO2020141561A1 true WO2020141561A1 (fr) 2020-07-09

Family

ID=71407314

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IN2020/050013 WO2020141561A1 (fr) 2019-01-04 2020-01-04 Procédé et système de transmission d'informations sécurisées à un dispositif portable

Country Status (1)

Country Link
WO (1) WO2020141561A1 (fr)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6334056B1 (en) * 1999-05-28 2001-12-25 Qwest Communications Int'l., Inc. Secure gateway processing for handheld device markup language (HDML)
US6775298B1 (en) * 1999-08-12 2004-08-10 International Business Machines Corporation Data transfer mechanism for handheld devices over a wireless communication link
US20150067820A1 (en) * 2011-07-20 2015-03-05 Horatio Nelson Huxham Security gateway communication
WO2016042519A2 (fr) * 2014-09-17 2016-03-24 Simless, Inc. Appareils, procédés et systèmes de mise en œuvre d'une plate-forme de gestion d'abonnements de confiance

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6334056B1 (en) * 1999-05-28 2001-12-25 Qwest Communications Int'l., Inc. Secure gateway processing for handheld device markup language (HDML)
US6775298B1 (en) * 1999-08-12 2004-08-10 International Business Machines Corporation Data transfer mechanism for handheld devices over a wireless communication link
US20150067820A1 (en) * 2011-07-20 2015-03-05 Horatio Nelson Huxham Security gateway communication
WO2016042519A2 (fr) * 2014-09-17 2016-03-24 Simless, Inc. Appareils, procédés et systèmes de mise en œuvre d'une plate-forme de gestion d'abonnements de confiance

Similar Documents

Publication Publication Date Title
US5943425A (en) Re-authentication procedure for over-the-air activation
EP0856233B1 (fr) Authentification d'abonne dans un systeme mobile de communications
EP0841770B1 (fr) Procédé d'émission d'un message sécurisé dans un système de télécommunications
EP1878285B1 (fr) Établissement rapide d'un plan d'utilisateur dans un réseau de télécommunication
EP1782650B1 (fr) Procede et systeme pouvant ameliorer la robustesse d'une messagerie protegee dans un reseau de communications mobiles
JP3742772B2 (ja) 通信システムにおける完全性のチェック
KR100837583B1 (ko) 인증 벡터 생성 장치, 가입자 인증 모듈, 이동 통신시스템, 인증 벡터 생성 방법, 연산 방법 및 가입자 인증방법
US8064880B2 (en) Using shared secret data (SSD) to authenticate between a CDMA network and a GSM network
US11528604B2 (en) Method for transmitting to a physical or virtual element of a telecommunications network an encrypted subscription identifier stored in a security element, corresponding security element, physical or virtual element and terminal cooperating with this security element
EP3253092A1 (fr) Approvisionnement automatique de terminaux sans fil dans des réseaux sans fil
KR100363300B1 (ko) 통신 핸들링에서 보안 관련 기능을 제어하는 방법, 이동국및 무선 통신 시스템
KR19990088046A (ko) 통신시스템에서의인증연동펑션및방법
EP2549778B1 (fr) Procédé et système pour chiffrement de message court
EP2627030A1 (fr) Chiffrement entre un réseau CDMA et un réseau GSM
KR102425273B1 (ko) 크기 제약된 인증 프로토콜들에서의 보안 연결을 보장하기 위한 방법 및 장치들
EP1705941A1 (fr) Communication sécurisée d'informations de mots de passe dans un réseau
EP1189471A1 (fr) Procédé pour la distribution de clefs de cryptage pour un réseau de données superposé
CN111989942A (zh) 用于无线通信中信息安全的装置和方法
WO2020141561A1 (fr) Procédé et système de transmission d'informations sécurisées à un dispositif portable
Khozooyi et al. Security in mobile governmental transactions
US20090235072A1 (en) System, terminal, method, and software for communicating messages
CN117728880B (zh) 一种接入验证方法、卫星、信关站及存储介质
KR20010004463A (ko) 디지털 이동통신 시스템에서의 사용자 신원 모듈을 이용한 사용자 인증방법
Suri et al. SECURITY ASPECTS IN GSM AND ITS FLAWS
WO2003046745A1 (fr) Procede et systeme d'acheminement de l'information entre un terminal mobile et des entites de reseaux predeterminees dans un reseau hybride

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20735913

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20735913

Country of ref document: EP

Kind code of ref document: A1