[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

EP1242981A1 - Distribution of certifiers - Google Patents

Distribution of certifiers

Info

Publication number
EP1242981A1
EP1242981A1 EP00967940A EP00967940A EP1242981A1 EP 1242981 A1 EP1242981 A1 EP 1242981A1 EP 00967940 A EP00967940 A EP 00967940A EP 00967940 A EP00967940 A EP 00967940A EP 1242981 A1 EP1242981 A1 EP 1242981A1
Authority
EP
European Patent Office
Prior art keywords
aforementioned
certificate
end user
certification
service
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP00967940A
Other languages
German (de)
French (fr)
Inventor
Antti HÄMÄLÄINEN
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
SmartTrust Systems Oy
Original Assignee
Sonera Smarttrust Oy
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sonera Smarttrust Oy filed Critical Sonera Smarttrust Oy
Publication of EP1242981A1 publication Critical patent/EP1242981A1/en
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/02Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • G06Q20/3229Use of the SIM of a M-device as secure element
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3821Electronic credentials
    • G06Q20/38215Use of certificates or encrypted proofs of transaction rights
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3234Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/56Financial cryptography, e.g. electronic payment or e-cash
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless

Definitions

  • a method for arranging the certificate of an end user for a service to be used on a terminal de- vice, which terminal device has been equipped with a subscriber identity module, in a certification system comprising a trusted database on which an initialisation file has been stored that contains information stored on the subscriber identity module when manufac- tured; a trust manager that controls the transmission of messages relating to the certificates in a certification system; a trust mapper that controls the information content of the certificates to be created; a certification authority who is responsible for the certificates; and a trusted database on which the assigned certificates are stored that verify the digital signature of the end user and ensure safe use of the service .
  • GSM Global System for Mobile communications
  • the additional services connected with the mobile networks have correspond- ingly increased at an accelerating tempo.
  • the application fields are most versatile.
  • the mobile telephone may be used as a means of payment for, e.g. petty purchases, such as soft drinks and car wash automates. Everyday activities, such as payment transactions, bank services, etc., have been added, and will be added also in the future, to the functionality of the present mobile phones.
  • the mobile stations of the next generation will be more advanced in respect of the service level and data transfer capacity as compared with the previous ones.
  • a digital GSM mobile station for commercial transactions, such as electronic payments of a bill or a fee.
  • the patent publication US 5,221,838 discloses a device that may be used for paying.
  • the publication describes an electronic payment system in which as the payment terminal, a terminal device capable of wireless and/or wired data transfer is used.
  • the terminal device as described in the publication comprises a card reader, a keyboard, and a bar code reader for feeding the information, and a display for displaying the payment related information.
  • the patent publication WO 94/11849 discloses a method for using telecommunication services and for effecting payment traffic by means of a mobile telephone system.
  • the publication describes a method which comprises a terminal device that is in connection via the telephone network with the mainframe of the service provider that comprises the payment system of the service provider.
  • a subscriber identity module may be inserted that comprises the subscriber details for identifying the subscriber and for encrypting the telephone traffic.
  • the details may be downloaded into the terminal device to be used in the mobile phones.
  • a GSM system is mentioned in which a subscriber identity module or a SIM card is used (Subscriber Identity Module, SIM) as the subscriber identification device.
  • SIM Subscriber Identity Module
  • the mobile station is in connection with the base station of the mobile communication network.
  • the connection in accordance with the publication is established from the base station to the payment system, and the sum liable to a charge as well as the data required for the subscriber identification is transmitted to the payment system.
  • the client inserts a service card of a bank that contains a SIM unit in the terminal device of a GSM network.
  • the terminal device may be a standard GSM mobile station.
  • the digital signature is derived by encrypting the hash total computed at the information to be sent with a sender's private key. As nobody, except the sender, knows the private key, the recipient may, when decoding the encryption with the sender's public key, make sure that the information is unmodified and generated by using the private key only known to the sender.
  • An example of an algorithm used in digital signing is the RSA ciphering algorithm, which is an encryption system of both the public key and the pri- vate key and which is also used for encrypting messages .
  • an electronic identity is needed as well as means for identifying and authenticating the identity.
  • This kind of electronic identity may also be a so-called network identity (Net-ID, Network Identity) .
  • An electronic identity is based on personal data stored on a subscriber identity module or equivalent and a pair of keys, a private key and a public key that have been stored on a certification database for a trusted third party. This kind of technique makes it possible to provide the authorities or other service providers with, for instance, the identification of parties, electronic signature, encryption and non- repudiation of transaction safely enough.
  • the identity is used to mean an individualising piece of information relating to a person that helps to identify the person.
  • the identity may be used to mean an indi- vidualising piece of information standing for an application or service that helps to identify the application or service.
  • the user keeps the private key only to himself/herself , but the public key is available to all entities. It is not enough that the public key is stored as such, e.g. on an electronic mail directory because somebody might forge it and appear as the authentic holder of the key. Instead, a certification service and certificates are needed which serve as a proof given by the trusted party (certification authority) of the fact that the name, identification number and public key belong to the same person.
  • the certificate is usually a combination consisting of a public key, name and identifica- tion number etc. which the certification authority signs with his/her private key.
  • the recipient of a digitally signed message wishes to make sure of the authenticity of the message, at first he or she has to obtain the digital certificate which gives him or her the public key and the name. After that he or she has to authenticate the certificate. To be able to perform this, he or she may have to obtain some more additional certificates (a certification chain) , which have been used to authen- ticate the certificate in question.
  • a certification chain a certification chain
  • the recipient authenticates the message by using the public key received along with the certificate. If the signature passes the test, the sender is the person identified by the certificate. In certification, a special revocation list is used in which certificates are en- tered that have been taken out of use . Directory services are needed for both the certificates and the revocation list.
  • the objective of the present invention is to eliminate the drawbacks presented above or at least significantly to alleviate them.
  • One specific objective of the invention is to disclose a method that makes it possible to safely and dependably introduce the certificates required in the services.
  • Yet another objective of the invention is to disclose a method that enables one to ease the measures required of the client when introducing a new service and a certificate associated with it.
  • the method in accordance with the invention makes it possible to attach a certificate to a private key using the encryption method of the private and public key stored on a subscriber identity module.
  • the end user makes a service initialisation request which is transmitted to a trust manager operating in the network.
  • the manager verifies the identity of the user and authenticates the subscriber identity module used by the user, and based on it, sends a certification request further on to a certification authority.
  • a certificate is issued, it is transmitted to the database of a local service provider, or a public certification database in both of which it is further available, if the end user wishes to use it in a service.
  • the invention relates to a method for arranging the certificate of an end user to be used in a service on a terminal device .
  • the terminal device has been preferably equipped with a subscriber identity module.
  • the environment in which the certificate is arranged for the user is a so-called certification system which comprises at least a trusted database on which an initialisation file has been stored that com- prises the data stored on the subscriber identity module when manufactured.
  • the certification system comprises a trust manager that controls the transmission of messages associated with the certificates; a trust mapper that controls the information content of the certificates to be created; a certification authority who is responsible for the certificates; and a certification database on which the issued certifi- cates have been stored that authenticate the signature of the end user and ensure safe use of the service.
  • the certification database may be a public database available to all entities, or it may be a local data- base to which only the service provider has access.
  • the method comprises the following steps. At first a service initialisation request is made that comprises the details of the service provider and the time stamps associated with the aforementioned subscriber identity module.
  • the aforementioned service initialisation request is transmitted to the trust manager who checks the authenticity of the time stamps; it is checked that the subscriber identity module is authorised to use the services of the aforementioned service provider, and if the checking proves to be correct, a certificate is being applied for the end user by means of a certification request.
  • the certification request is sent, e.g. to a certification authority who checks the identity of the aforementioned end user, and if the checking proves to be correct, the end user is assigned a certificate.
  • the assigned certificate is attached to the pair of keys relating to the subscriber identity module of the aforementioned end user and is stored on the aforementioned certification database.
  • the certificate mentioned in this application is some kind of an instrument which enables the use of safe and dependable services .
  • the certificate might be compared, e.g. with a bank card or a credit card which are used in payment services.
  • the certificate is, however, not restricted to these examples.
  • the data relating to the aforementioned subscriber identity module is downloaded from an initialisation file stored on a trusted database.
  • the initialisation file may contain at least the following information: the public key of the issuing party, the public key of the end user for use in encrypting and decoding, the public key of the end user for use in digital signing, a predetermined fingerprint identifier along with a shared secret, a piece of shared encryption information for each card, a code corresponding to the personal identification number, a network identity and the number of the card.
  • the aforementioned service initialisation request is undersigned and encrypted with the private key of the end user stored on the subscriber identity module.
  • the encryption is decoded in the aforementioned trust manager and the authenticity of the signature is verified. If these are successful, the aforementioned steps are taken in order to apply for the certificate for the end user.
  • the assigned certificate is attached to the client data of the aforementioned service provider in the trust mapper. Further, the aforementioned trust mapper challenges the valid certificate of the end user from the certifica- tion database.
  • the certification request is sent from the trust manager to be signed and encrypted by the terminal device. After this, the undersigned and encrypted certification request is transmitted via the trust manager to the certification authority who decodes the encryption and authenticates the signature. This makes it possible to implement the identification of the end user to reach the certification authority as well .
  • the time stamp mentioned in one embodiment is generated for each card separately, and the details of the time stamp are stored on a trusted database. In addition, the aforementioned time stamp may be generated for a lot of cards separately and stored on the database.
  • the present invention provides the advantage that it makes it possi- ble to dependably and without any difficulty assign a certificate to the end user and to the subscriber identity module at the disposal of the end user. All the end user has to do is to fill in a form for a service initialisation request and to send it to a predetermined address.
  • the certifica- tion authority may count on the identity of the end user and the subscriber identity module used by him or her and issue the certificate and further to handily include the assigned certificate in the services provided by the service provider and to store it on a necessary certification database.
  • Fig. 1 schematically represents one certification system of the present invention
  • Fig. 2 represents one form using which the service initialisation request may be made; and Fig. 3 represents a schematic certification system which has a message communication as defined in the invention.
  • Fig. 1 schematically represents one advanta- geous certification system in accordance with the invention.
  • the certification system comprises a trusted database TDB that contains the initialisation file IF stored on it, which initialisation file IF comprises the data stored on the subscriber identity module SIM when manufactured.
  • the trusted database TDB communicates with the card factory CF that manufactured the subscriber identity module, i.e. the card, and further on with the trust manager TM who controls the transmission of messages relating to the certificates in the certification system.
  • the trust manager TM is equipped with the necessary software and equipment so that it is able to use the encryption and signature method of the private and public keys.
  • the certification system comprises a trust mapper TMA which controls the information content of the certificates to be created.
  • the trust manager TM and the trust mapper TMA may be included in the one and the same physical device, but logically, their functions are separated from each other.
  • the trust mapper is used to manage the attaching of passwords or other codes that may have been already assigned to the user by the service provider to the certificate to be assigned to the end user EU.
  • Fig. 1 includes also a certification authority described in it who is responsible for the certificates, assigns them and if necessary, takes out the certificates from the end user.
  • the certification authority communicates with the certification database LDB on which there are the issued certificates stored that authenticate the digital signature of the end user and ensure safe use of the service .
  • the database is further in connection with the system of the service provider, in which case the service provider may verify the certificate from the certification database while the end user EU is using a service.
  • the terminal device appears a mobile station MS which includes the subscriber identity module SIM inserted in it. It must be noticed that also other terminal devices may be used as the terminal device.
  • the certification environment also comprises a registering office which the end user EU may contact when ordering a certificate.
  • This function is implemented when the service provider wants the end user to be identified personally by a clerk. This may be the question, e.g. when introducing certain bank services.
  • the service initialisation request SIR comprises as an obligatory part at least the identifying details, name or equivalent of the service provider for whose serv- ice the certificate is applied for.
  • a user ID that is already valid for a service provider SP and an associated password may be attached to the service initialisation request SIR.
  • an address (chal- lenge-URL) may be attached from which the certificate may be challenged.
  • a shared secret is attached that is used in challenging. In practise, in challenging it is checked that the shared secret given in two different places is the same, i.e.
  • Fig. 3 schematically represents one advantageous operating pattern, when the end user EU introduces a new service using the distribution system of certificates of the present invention.
  • the end user EU creates the service initialisation request SIR on his or her terminal device that is sent to the trust manager TM.
  • the trust manager TM checks the authenticity of the details coming along with the service initialisation request, i.e. in practise the time stamps of the subscriber identity module, from the trusted database TDB.
  • the trust mapper TMA tries to fit the id with the already exist- ing ids of the service provider. If this proves successful, the service mapper TMA signs a certification request that is sent to the certification authority CA.
  • the certification authority CA Upon receiving the certification request, the certification authority CA checks whether the end user may be assigned a certificate for the service of the service provider in question. If the certificate may be assigned, then the certification authority informs thereof the trust manager who transmits the certifi- cate to the terminal device MS, or at least a notification informing that the private key of the terminal device and the subscriber identity module SIM have been included in the issued certificate. Further, the issued certificate and the notification thereof are stored on the certification database LDB from which the service provider SP may check whether the end user has got a valid certificate when using the services of the service provider.
  • the end user EU When the end user EU has received the cer- tificate for a service, he may apply for other certificates using the already existing certificate. In that case, the trust mapper TMA challenges the exist- ing certificate of the end user, and if it is informed of a valid certificate, the operation is carried on as described in the above-mentioned example. Instead of the existing certificate, the end user EU may also use a certificate verifying the electronic identity of a person (HST) instead of the existing user id and password of the service provider SP.
  • HAT electronic identity of a person

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Computer Security & Cryptography (AREA)
  • Accounting & Taxation (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Theoretical Computer Science (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • Signal Processing (AREA)
  • Finance (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The method in accordance with the invention makes it possible to attach a certificate to a private key using the encryption method of the private and public key stored on a subscriber identity module. The end user makes a service initialisation request which is transmitted to a trust manager operating in the network. The manager verifies the identity of the user and authenticates the subscriber identity module used by the user, and based on it, sends a certification request further on to a certification authority. In case a certificate is issued, it is transmitted to the database of a local service provider, or a public certification database in both of which it is further available, if the end user wishes to use it in a service. In this way, all that the end user has to do is to make a service initialisation request, and after that, he or she has the certificate relating to the service at his or her disposal.

Description

DISTRIBUTION OF CERTIFIEFS
FIELD OF THE INVENTION
A method for arranging the certificate of an end user for a service to be used on a terminal de- vice, which terminal device has been equipped with a subscriber identity module, in a certification system comprising a trusted database on which an initialisation file has been stored that contains information stored on the subscriber identity module when manufac- tured; a trust manager that controls the transmission of messages relating to the certificates in a certification system; a trust mapper that controls the information content of the certificates to be created; a certification authority who is responsible for the certificates; and a trusted database on which the assigned certificates are stored that verify the digital signature of the end user and ensure safe use of the service .
BACKGROUND OF THE INVENTION
Digital mobile networks such as GSM networks (GSM, Global System for Mobile communications) have recently become very popular. The additional services connected with the mobile networks have correspond- ingly increased at an accelerating tempo. The application fields are most versatile. The mobile telephone may be used as a means of payment for, e.g. petty purchases, such as soft drinks and car wash automates. Everyday activities, such as payment transactions, bank services, etc., have been added, and will be added also in the future, to the functionality of the present mobile phones. The mobile stations of the next generation will be more advanced in respect of the service level and data transfer capacity as compared with the previous ones. Nowadays it is known to use a digital GSM mobile station for commercial transactions, such as electronic payments of a bill or a fee. The patent publication US 5,221,838 discloses a device that may be used for paying. The publication describes an electronic payment system in which as the payment terminal, a terminal device capable of wireless and/or wired data transfer is used. The terminal device as described in the publication comprises a card reader, a keyboard, and a bar code reader for feeding the information, and a display for displaying the payment related information.
The patent publication WO 94/11849 discloses a method for using telecommunication services and for effecting payment traffic by means of a mobile telephone system. The publication describes a method which comprises a terminal device that is in connection via the telephone network with the mainframe of the service provider that comprises the payment system of the service provider. In the terminal device of the mobile communication network, i.e. the mobile station, a subscriber identity module may be inserted that comprises the subscriber details for identifying the subscriber and for encrypting the telephone traffic. The details may be downloaded into the terminal device to be used in the mobile phones. As an example in the publication, a GSM system is mentioned in which a subscriber identity module or a SIM card is used (Subscriber Identity Module, SIM) as the subscriber identification device.
In the system as described in the publication WO 94/11849 the mobile station is in connection with the base station of the mobile communication network. The connection in accordance with the publication is established from the base station to the payment system, and the sum liable to a charge as well as the data required for the subscriber identification is transmitted to the payment system. In the bank service as described in the publication, the client inserts a service card of a bank that contains a SIM unit in the terminal device of a GSM network. In a telephone based bank service, the terminal device may be a standard GSM mobile station. By means of the method as described in the publication, a wireless telecommunication connection may be used for effecting payments and/or bills or implementing other related bank serv- ices or teller services.
By the aid of digital signing, which is required as a general requirement in electronic payment, it is possible to make sure of the coherency of the information to be sent and to identify the source ad- dress. The digital signature is derived by encrypting the hash total computed at the information to be sent with a sender's private key. As nobody, except the sender, knows the private key, the recipient may, when decoding the encryption with the sender's public key, make sure that the information is unmodified and generated by using the private key only known to the sender. An example of an algorithm used in digital signing is the RSA ciphering algorithm, which is an encryption system of both the public key and the pri- vate key and which is also used for encrypting messages .
In order to be able to use uniform procedures for a dependable identification of the parties of a transaction or other agreement via the telecommunica- tion network, an electronic identity is needed as well as means for identifying and authenticating the identity. This kind of electronic identity may also be a so-called network identity (Net-ID, Network Identity) . An electronic identity is based on personal data stored on a subscriber identity module or equivalent and a pair of keys, a private key and a public key that have been stored on a certification database for a trusted third party. This kind of technique makes it possible to provide the authorities or other service providers with, for instance, the identification of parties, electronic signature, encryption and non- repudiation of transaction safely enough.
In this application, the identity is used to mean an individualising piece of information relating to a person that helps to identify the person. In the same way, the identity may be used to mean an indi- vidualising piece of information standing for an application or service that helps to identify the application or service.
In the public key infrastructure, the user keeps the private key only to himself/herself , but the public key is available to all entities. It is not enough that the public key is stored as such, e.g. on an electronic mail directory because somebody might forge it and appear as the authentic holder of the key. Instead, a certification service and certificates are needed which serve as a proof given by the trusted party (certification authority) of the fact that the name, identification number and public key belong to the same person. The certificate is usually a combination consisting of a public key, name and identifica- tion number etc. which the certification authority signs with his/her private key.
When the recipient of a digitally signed message wishes to make sure of the authenticity of the message, at first he or she has to obtain the digital certificate which gives him or her the public key and the name. After that he or she has to authenticate the certificate. To be able to perform this, he or she may have to obtain some more additional certificates (a certification chain) , which have been used to authen- ticate the certificate in question.
In case the certificate is authentic, the recipient authenticates the message by using the public key received along with the certificate. If the signature passes the test, the sender is the person identified by the certificate. In certification, a special revocation list is used in which certificates are en- tered that have been taken out of use . Directory services are needed for both the certificates and the revocation list.
When on the subscriber identity module, different applications are stored that are used for elec- tronic payment, commerce, transacting banking business etc., at the same time are stored also the public keys used by the service providers using these applications, such as shops, banks and other organisations providing electronic services. Public keys may be stored also at a later time depending on the services used by the user of the subscriber identity module. In that case, the user of the subscriber identity module need not apply for a separate certificate each time, instead the certificate is ready on the subscriber identity module.
OBJECTIVE OF THE INVENTION
The objective of the present invention is to eliminate the drawbacks presented above or at least significantly to alleviate them. One specific objective of the invention is to disclose a method that makes it possible to safely and dependably introduce the certificates required in the services. Yet another objective of the invention is to disclose a method that enables one to ease the measures required of the client when introducing a new service and a certificate associated with it.
As for the features characteristic of the invention, reference is made to them in the claims. BRIEF DESCRIPTION OF THE INVENTION
The method in accordance with the invention makes it possible to attach a certificate to a private key using the encryption method of the private and public key stored on a subscriber identity module. The end user makes a service initialisation request which is transmitted to a trust manager operating in the network. The manager verifies the identity of the user and authenticates the subscriber identity module used by the user, and based on it, sends a certification request further on to a certification authority. In case a certificate is issued, it is transmitted to the database of a local service provider, or a public certification database in both of which it is further available, if the end user wishes to use it in a service. In this way, all that the end user has to do is to make a service initialisation request, and after that, he or she has the certificate relating to the service at his or her disposal. And besides the cer- tificate has been stored on a place where it is accessible to the service provider.
Further the invention relates to a method for arranging the certificate of an end user to be used in a service on a terminal device . The terminal device has been preferably equipped with a subscriber identity module. The environment in which the certificate is arranged for the user is a so-called certification system which comprises at least a trusted database on which an initialisation file has been stored that com- prises the data stored on the subscriber identity module when manufactured. Further the certification system comprises a trust manager that controls the transmission of messages associated with the certificates; a trust mapper that controls the information content of the certificates to be created; a certification authority who is responsible for the certificates; and a certification database on which the issued certifi- cates have been stored that authenticate the signature of the end user and ensure safe use of the service. The certification database may be a public database available to all entities, or it may be a local data- base to which only the service provider has access.
According to the invention, the method comprises the following steps. At first a service initialisation request is made that comprises the details of the service provider and the time stamps associated with the aforementioned subscriber identity module. The aforementioned service initialisation request is transmitted to the trust manager who checks the authenticity of the time stamps; it is checked that the subscriber identity module is authorised to use the services of the aforementioned service provider, and if the checking proves to be correct, a certificate is being applied for the end user by means of a certification request. The certification request is sent, e.g. to a certification authority who checks the identity of the aforementioned end user, and if the checking proves to be correct, the end user is assigned a certificate. The assigned certificate is attached to the pair of keys relating to the subscriber identity module of the aforementioned end user and is stored on the aforementioned certification database. In practise, the certificate mentioned in this application is some kind of an instrument which enables the use of safe and dependable services . The certificate might be compared, e.g. with a bank card or a credit card which are used in payment services. The certificate is, however, not restricted to these examples.
In one embodiment, the data relating to the aforementioned subscriber identity module is downloaded from an initialisation file stored on a trusted database. The initialisation file may contain at least the following information: the public key of the issuing party, the public key of the end user for use in encrypting and decoding, the public key of the end user for use in digital signing, a predetermined fingerprint identifier along with a shared secret, a piece of shared encryption information for each card, a code corresponding to the personal identification number, a network identity and the number of the card.
In another embodiment of the invention, the aforementioned service initialisation request is undersigned and encrypted with the private key of the end user stored on the subscriber identity module. In that case, the encryption is decoded in the aforementioned trust manager and the authenticity of the signature is verified. If these are successful, the aforementioned steps are taken in order to apply for the certificate for the end user. The assigned certificate is attached to the client data of the aforementioned service provider in the trust mapper. Further, the aforementioned trust mapper challenges the valid certificate of the end user from the certifica- tion database.
Yet in another embodiment, the certification request is sent from the trust manager to be signed and encrypted by the terminal device. After this, the undersigned and encrypted certification request is transmitted via the trust manager to the certification authority who decodes the encryption and authenticates the signature. This makes it possible to implement the identification of the end user to reach the certification authority as well . The time stamp mentioned in one embodiment is generated for each card separately, and the details of the time stamp are stored on a trusted database. In addition, the aforementioned time stamp may be generated for a lot of cards separately and stored on the database. In that case, it is possible, by means of a trust manager, to check the card-specific time stamp and to make sure of the fact that both the card de- tails and the details on the subscriber identity module are unchanged and further check the card-lot- specific time stamp and make sure of the fact that the card lot in which the card or the subscriber identity module is supposed to be included is a correct one and that the subscriber identity module is therefore dependable and authentic.
As compared with prior art, the present invention provides the advantage that it makes it possi- ble to dependably and without any difficulty assign a certificate to the end user and to the subscriber identity module at the disposal of the end user. All the end user has to do is to fill in a form for a service initialisation request and to send it to a predetermined address. In the invention, it is also made sure of the fact that the subscriber identity module to be used is an authentic one and a dependable one and that the information included in it has not been modified at any phase. Therefore, the certifica- tion authority may count on the identity of the end user and the subscriber identity module used by him or her and issue the certificate and further to handily include the assigned certificate in the services provided by the service provider and to store it on a necessary certification database.
BRIEF DESCRIPTION OF THE DRAWINGS
In the following section, the invention will be described by the aid of a few examples of its em- bodiments with reference to the attached drawing, in which
Fig. 1 schematically represents one certification system of the present invention;
Fig. 2 represents one form using which the service initialisation request may be made; and Fig. 3 represents a schematic certification system which has a message communication as defined in the invention.
Fig. 1 schematically represents one advanta- geous certification system in accordance with the invention. The certification system comprises a trusted database TDB that contains the initialisation file IF stored on it, which initialisation file IF comprises the data stored on the subscriber identity module SIM when manufactured. The trusted database TDB communicates with the card factory CF that manufactured the subscriber identity module, i.e. the card, and further on with the trust manager TM who controls the transmission of messages relating to the certificates in the certification system. The trust manager TM is equipped with the necessary software and equipment so that it is able to use the encryption and signature method of the private and public keys. These are not described in greater detail in this connection, in- stead a reference is made to the technique obvious to a man skilled in the art. Further, the certification system comprises a trust mapper TMA which controls the information content of the certificates to be created. In practise, the trust manager TM and the trust mapper TMA may be included in the one and the same physical device, but logically, their functions are separated from each other. The trust mapper is used to manage the attaching of passwords or other codes that may have been already assigned to the user by the service provider to the certificate to be assigned to the end user EU.
Fig. 1 includes also a certification authority described in it who is responsible for the certificates, assigns them and if necessary, takes out the certificates from the end user. The certification authority communicates with the certification database LDB on which there are the issued certificates stored that authenticate the digital signature of the end user and ensure safe use of the service . The database is further in connection with the system of the service provider, in which case the service provider may verify the certificate from the certification database while the end user EU is using a service. In this example in Fig. 2, as the terminal device appears a mobile station MS which includes the subscriber identity module SIM inserted in it. It must be noticed that also other terminal devices may be used as the terminal device.
In an embodiment as described in Fig. 1, the certification environment also comprises a registering office which the end user EU may contact when ordering a certificate. This function is implemented when the service provider wants the end user to be identified personally by a clerk. This may be the question, e.g. when introducing certain bank services.
The following section describes one form, by way of example, with reference to Fig. 2, that may be used for making the service initialisation request. The service initialisation request SIR comprises as an obligatory part at least the identifying details, name or equivalent of the service provider for whose serv- ice the certificate is applied for. In addition, a user ID that is already valid for a service provider SP and an associated password may be attached to the service initialisation request SIR. Further to the service initialisation request SIR, an address (chal- lenge-URL) may be attached from which the certificate may be challenged. To the address, also a shared secret is attached that is used in challenging. In practise, in challenging it is checked that the shared secret given in two different places is the same, i.e. the shared secret given in connection with this address is the same as the shared secret found in the address . Fig. 3 schematically represents one advantageous operating pattern, when the end user EU introduces a new service using the distribution system of certificates of the present invention. At first, the end user EU creates the service initialisation request SIR on his or her terminal device that is sent to the trust manager TM. The trust manager TM checks the authenticity of the details coming along with the service initialisation request, i.e. in practise the time stamps of the subscriber identity module, from the trusted database TDB. If the checking proves to be correct and if along with the service initialisation request, a valid user id was received, then the trust mapper TMA tries to fit the id with the already exist- ing ids of the service provider. If this proves successful, the service mapper TMA signs a certification request that is sent to the certification authority CA.
Upon receiving the certification request, the certification authority CA checks whether the end user may be assigned a certificate for the service of the service provider in question. If the certificate may be assigned, then the certification authority informs thereof the trust manager who transmits the certifi- cate to the terminal device MS, or at least a notification informing that the private key of the terminal device and the subscriber identity module SIM have been included in the issued certificate. Further, the issued certificate and the notification thereof are stored on the certification database LDB from which the service provider SP may check whether the end user has got a valid certificate when using the services of the service provider.
When the end user EU has received the cer- tificate for a service, he may apply for other certificates using the already existing certificate. In that case, the trust mapper TMA challenges the exist- ing certificate of the end user, and if it is informed of a valid certificate, the operation is carried on as described in the above-mentioned example. Instead of the existing certificate, the end user EU may also use a certificate verifying the electronic identity of a person (HST) instead of the existing user id and password of the service provider SP.
The present invention is not restricted to examples described herein, instead many variations are possible within the scope of the inventive idea defined by the claims.

Claims

CLAIMS l.A method for arranging the certificate of an end user for a service to be used on a terminal device (MS) , which terminal device is equipped with a subscriber identity module (SIM) , in a certification system comprising a trusted database (TDB) on which an initialisation file (IF) has been stored that comprises information stored on the subscriber identity module when manufactured, a trust manager (TM) that controls the transmission of messages associated with the certificates in a certification system; a trust mapper (TMA) that controls the infor- mation content of the certificates to be created; a certification authority (CA) who is responsible for the certificates, and a certification database (LDB) on which there are the assigned certificates stored that authenticate the digital signature of the end user and ensure safe use of the service , c h a r a c t e r i s e d in that the method further comprises the steps of: creating the service initialisation request (SIR) which comprises the data of the service provider (SP) and the time stamps associated with the subscriber identity module (SIM) , transmitting the aforementioned service initialisation request (SIR) to the trust manager (TM) , authenticating the aforementioned time stamps, checking that the aforementioned subscriber identity module is authorised to use the services of the service provider, and if the checking proves to be correct , a certificate is applied for the aforementioned end user with a certification request, verifying the identity of the aforementioned end user, and if the checking proves to be correct, the end user is issued a certificate, including the aforementioned certificate in the pair of keys associated with the subscriber identity module (SIM) , and storing the issued certificate on the aforementioned certification database (LDB) .
2. A method as defined in claim 1, c h a r - a c t e r i s e d in that the data associated with the subscriber identity module is downloaded from the initialisation file (IF) stored on a trusted database (TDB) .
3. A method as defined in claim 1 or 2 , c h a r a c t e r i s e d in that the aforementioned service initialisation request (SIR) is undersigned with the private key of the end user.
4. A method as defined in claim 1, 2, 3, or 4, c h a r a c t e r i s e d in that the aforementioned service initialisation request (SIR) is encrypted with the private key of the end user.
5. A method as defined in claim 4, c h a r a c t e r i s e d in that the method further comprises the steps of : decoding the encryption in a trust manager
(TM) , and authenticating the aforementioned signature in the aforementioned trust manager.
6. A method as defined in claim 1, c h a r - a c t e r i s e d in that the issued certificate is included in the personal data of the client of the aforementioned service provider in the trust mapper.
7. A method as defined in claim 1, c h a r a c t e r i s e d in that the aforementioned trust map- per (TMA) challenges the valid certificate of the end user from the certification database (PDB) .
8. A method as defined in claim 1, c h a r a c t e r i s e d in that the method further comprises the steps of : creating the aforementioned time stamp for each card separately, and storing the data included in the time stamp on a trusted database (TDB) .
9. A method as defined in claim 1, c h a r a c t e r i s e d in that the method further comprises the steps of : creating the aforementioned time stamp for each card separately, and storing the data included in the time stamp on a trusted database (TDB) .
10. A method as defined in claim 1, c h a r a c t e r i s e d in that the method further comprises the steps of : sending the certificate request to the aforementioned terminal device, undersigning the aforementioned certificate request on the terminal device, encrypting the aforementioned certification request on the terminal device, sending the undersigned and encrypted cer- tificate request to the certification authority, decoding the encryption, authenticating the signature by the certification authority, and if the signature is accepted, the end user is issued a certificate.
EP00967940A 1999-10-12 2000-10-11 Distribution of certifiers Withdrawn EP1242981A1 (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
FI992197 1999-10-12
FI992197A FI19992197A (en) 1999-10-12 1999-10-12 Assignment of certification tasks
PCT/FI2000/000874 WO2001027886A1 (en) 1999-10-12 2000-10-11 Distribution of certifiers

Publications (1)

Publication Number Publication Date
EP1242981A1 true EP1242981A1 (en) 2002-09-25

Family

ID=8555437

Family Applications (1)

Application Number Title Priority Date Filing Date
EP00967940A Withdrawn EP1242981A1 (en) 1999-10-12 2000-10-11 Distribution of certifiers

Country Status (5)

Country Link
EP (1) EP1242981A1 (en)
CN (1) CN1139902C (en)
AU (1) AU7792900A (en)
FI (1) FI19992197A (en)
WO (1) WO2001027886A1 (en)

Families Citing this family (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1267516B1 (en) * 2001-06-11 2009-02-25 Daniel Büttiker Method for securing data relating to users of a public-key infrastructure
US7925878B2 (en) * 2001-10-03 2011-04-12 Gemalto Sa System and method for creating a trusted network capable of facilitating secure open network transactions using batch credentials
EP1554862B1 (en) 2002-08-14 2013-11-13 Thomson Licensing Session key management for public wireless lan supporting multiple virtual operators
EG23422A (en) * 2002-11-24 2005-07-10 Ashraf Kamal Salem Mashhour Scheme for spreading and easy use of electronic services and remote payments.
US7233671B2 (en) * 2003-02-13 2007-06-19 Innovative Sonic Limited Method for storing a security start value in a wireless communications system
EP1492061A1 (en) * 2003-06-25 2004-12-29 Nagracard S.A. A method for allocation of secure resources in a security module
US20050278253A1 (en) * 2004-06-15 2005-12-15 Microsoft Corporation Verifying human interaction to a computer entity by way of a trusted component on a computing device or the like
CN100466516C (en) * 2004-09-09 2009-03-04 杭州中正生物认证技术有限公司 Biological identifying device and method for proofing replay attach
EP1672831A1 (en) * 2004-12-16 2006-06-21 Nagravision S.A. Method for transmission of digital data in a local network
EP1732263A1 (en) * 2005-06-07 2006-12-13 Sony Ericsson Mobile Communications AB Method and apparatus for certificate roll-over
CN101212295B (en) * 2006-12-26 2010-11-03 财团法人资讯工业策进会 System, device, and method for applying for electronic evidence and transmitting key for mobile electronic device
CN101267307B (en) * 2008-02-29 2011-07-06 北京中电华大电子设计有限责任公司 Method for realizing remote management of mobile phone digital certificate using OTA system
CN103854180B (en) * 2012-12-05 2017-04-19 中国银联股份有限公司 Credit voucher generating method and system, and application authorization method and system

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0942568A2 (en) * 1998-02-17 1999-09-15 Unwired Planet, Inc. Centralized cerificate management system for two-way interactive communication devices in data networks

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5668876A (en) * 1994-06-24 1997-09-16 Telefonaktiebolaget Lm Ericsson User authentication method and apparatus
US5761309A (en) * 1994-08-30 1998-06-02 Kokusai Denshin Denwa Co., Ltd. Authentication system
FI100137B (en) * 1994-10-28 1997-09-30 Vazvan Simin Real-time wireless telecom payment system
FI102235B (en) * 1996-01-24 1998-10-30 Nokia Telecommunications Oy Management of authentication keys in a mobile communication system
DE19702049C1 (en) * 1997-01-22 1998-05-14 Ibm Chipcard cryptographic key certification method
FI973788A (en) * 1997-09-25 1999-03-26 Nokia Telecommunications Oy Electronic payment system
EP1042885A1 (en) * 1998-01-09 2000-10-11 Cybersafe Corporation Client side public key authentication method and apparatus with short-lived certificates
FI980427A (en) * 1998-02-25 1999-08-26 Ericsson Telefon Ab L M Procedure, arrangement and device for verification

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0942568A2 (en) * 1998-02-17 1999-09-15 Unwired Planet, Inc. Centralized cerificate management system for two-way interactive communication devices in data networks

Also Published As

Publication number Publication date
AU7792900A (en) 2001-04-23
CN1379893A (en) 2002-11-13
FI19992197A (en) 2001-04-30
CN1139902C (en) 2004-02-25
WO2001027886A1 (en) 2001-04-19

Similar Documents

Publication Publication Date Title
US7362869B2 (en) Method of distributing a public key
US8165965B2 (en) Transaction method with a mobile apparatus
US6959381B2 (en) Central key authority (CKA) database for user accounts in ABDS system
US7552333B2 (en) Trusted authentication digital signature (tads) system
FI108813B (en) Method and system in the communication system
US20030069792A1 (en) System and method for effecting secure online payment using a client payment card
KR100968662B1 (en) Method for registering and enabling pki functionalities
US20020165830A1 (en) Process and device for electronic payment
US20110047082A1 (en) Remote Electronic Payment System
EP0722596A1 (en) Method and system for secure, decentralised personalisation of smart cards
EP1142194B1 (en) Method and system for implementing a digital signature
US20020138729A1 (en) Management of an identity module
WO2001027886A1 (en) Distribution of certifiers
JP4104171B2 (en) Security system and method for services provided by telecommunications operators
TWI578253B (en) System and method for applying financial certificate using a mobile telecommunication device
EP2461297B1 (en) Personal identification number distribution device and method
EP1171849A1 (en) Communication system and method for efficiently implementing electronic transactions in mobile communication networks
Xiao et al. A purchase protocol with multichannel authentication
AU2918392A (en) Method and system for secure, decentralised personalisation of smart cards

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20020424

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE CH CY DE DK ES FI LI

AX Request for extension of the european patent

Free format text: AL;LT;LV;MK;RO;SI

RBV Designated contracting states (corrected)

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE

RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: SMARTTRUST SYSTEMS OY

17Q First examination report despatched

Effective date: 20070410

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20070821