[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

EP1228653A1 - System for electronic delivery of a personal identification code - Google Patents

System for electronic delivery of a personal identification code

Info

Publication number
EP1228653A1
EP1228653A1 EP00974345A EP00974345A EP1228653A1 EP 1228653 A1 EP1228653 A1 EP 1228653A1 EP 00974345 A EP00974345 A EP 00974345A EP 00974345 A EP00974345 A EP 00974345A EP 1228653 A1 EP1228653 A1 EP 1228653A1
Authority
EP
European Patent Office
Prior art keywords
sim card
electronic signature
code
reference code
terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP00974345A
Other languages
German (de)
French (fr)
Inventor
Christian Paul Résidence Le Clos Royal WARD
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Orange AS
Original Assignee
Orange AS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Orange AS filed Critical Orange AS
Publication of EP1228653A1 publication Critical patent/EP1228653A1/en
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/02Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/355Personalisation of cards for use
    • G06Q20/3558Preliminary personalisation for transfer to user
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/409Device specific authentication in transaction processing
    • G06Q20/4097Device specific authentication in transaction processing using mutual authentication between devices and transaction partners
    • G06Q20/40975Device specific authentication in transaction processing using mutual authentication between devices and transaction partners using encryption therefor
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1016Devices or methods for securing the PIN and other transaction-data, e.g. by encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/56Financial cryptography, e.g. electronic payment or e-cash
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/02Terminal devices

Definitions

  • the invention relates to a system for electronic delivery of a PIN (Personal Identification Number) code and comprising a server secured by means of a number of encryption keys and provided with a reference code for generating the PIN code, said system further comprising means for encrypting the reference code and the PIN code generated by means of the encryption keys and via connected communications means being adapted to transmit a SMS (Short Message Service) message containing an electronic signature based on the reference code to a SIM (Subscriber Identity Module) card connected to a terminal with input and display means.
  • SMS Short Message Service
  • SIM Subscriber Identity Module
  • PIN codes Personal identification numbers, so-called PIN codes, are presently used in many different situations, in particular in connection with economic transactions, in which a credit card or a similar means of payment is used together with a terminal.
  • the information stored on the credit card is verified by the card user during completion of the transaction by entering a PIN code on the terminal's keyboard, said code being agreed with the card issuer. It is thus ensured that the user of the card is identical to the owner of the card.
  • the PIN code is usually assigned to the credit card in connection with the issuance thereof and generally forwarded to the user under separate cover as ordinary mail. This method is neither completely secure nor very fast, as it may take several days for the letter to reach the card owner and thus before the owner can use his card.
  • the object of the invention is to provide a secure, fast and efficient system which is able to deliver PIN codes to the customers in a more advantageous manner.
  • the SIM card comprises means for receiving and storing the encrypted SMS message, means for comparing the stored electronic signature based on the reference code in the SMS message with a reference code entered by a user of the terminal, said reference code subsequently being used to generate an electronic signature by means of a corresponding encryption key in the SIM card, and means for allowing subsequent display of the PIN code associated with the signatures on the display means of the terminal, if the stored and the entered electronic signatures match. It is thus only possible to be advised of a given PIN code, if the user of a specific terminal enters the associated reference code.
  • the exchange of the PIN code and the reference code is made exclusively in form of encrypted data signals which can only be decrypted by using the two unique encryption keys. A high degree of security delivery of PIN codes is thus obtained.
  • the electronic signature in the secure server and the electronic signature in the SIM card may be generated by a data encryption algorithm (triple DES algorithm) having two keys, each key having a word length of at least 56 bit.
  • a data encryption algorithm triple DES algorithm
  • Such an encryption algorithm provides a high decree of security against unauthorised decryption attempts.
  • the communications means connected to the secure server may use a radio communications link for transmitting the SMS message to the SIM card connected to the terminal. It is thus possible to use a mobile handset to receive SMS messages.
  • the reference codes may comprise at least six alphanumeric digits, whereby the reference code may for instance be civil registration numbers, account numbers, names, key words and any other information only known to the user.
  • the electronic signature based on the reference code may be transmitted to the SIM card in encrypted form at the same time as the SIM card is provided with a unique identification number.
  • the system for electronic delivery of a PIN code shown in the drawing comprises a secure server 3 adapted to receive unique information 1 (illustrated as a chart for filling-in personal data) in form of reference codes 2, and encryption means 4 subsequently computing the electronic signature 5 based on the reference code 2 in the server 3.
  • the server 3 communicates with a so-called over-the-air platform 6 (OTA) communicating with a SMS service centre 8 adapted to receive encrypted information 7 from the platform 6.
  • OTA over-the-air platform 6
  • the SMS service centre 8 is connected to a SIM card 10 which communicates with a mobile GSM handset 12 comprising a keyboard 13 and a display means in form of a display 14, said service centre being able to transmit completed SMS messages to the SIM card 10.
  • the SIM card 10 comprises a storage 11 for storing encrypted SMS messages 9, encryption means 16 for encrypting data 15 entered by a user of the terminal 12 via the keyboard 13 and comparator means 17 connected to the storage 11 and the keyboard 13 for comparing the stored data with entered data.
  • the comparator means 17 are further connected to means 18 for displaying the PIN code on the display 14 of the terminal 12.
  • the user When using the system the user delivers unique information 1 in form of a reference code 2 to the secure server 3.
  • the reference code 2 is used as an input signal for generating an electronic signature 5 in the server 3 by means of the encryption means 4.
  • the electronic signature 5 is transmitted via the over-the-air platform 6 to the SMS service centre 8 for administration of the SIM card, said service centre 8 converting the electronic signature 5 to a SMS message 9 suitable for transmission thereof to the SIM card 10 in question connected to the mobile handset 12.
  • the SIM card 10 comprises a storage 11 adapted to receive and store the encrypted SMS message 9.
  • the comparator means 17 are used for comparing the electronic signature 5 in the encrypted SMS message 9 with the electronic signature 20 generated by the encryption means 16, said signature 20 being generated on the basis of data entered on the keyboard in the terminal 12. If the electronic signature 5 and the electronic signature 20 entered by the user match, the comparator means 17 transmits a signal to the guide means 18 that the PIN code 19 is to be displayed on the display 14 of the mobile handset 12, whereby the PIN code is delivered to the user.
  • the terminal 12 is a mobile handset such as a cellular telephone.
  • a SIM card Subscriber Identity Module
  • the SIM card which in use forms an integrated part of the electronics of the mobile handset, contains inter alia codes identifying the mobile handset in relation to the GSM network. This identification is necessary to enable the network to determine for instance the position of the mobile terminal for transmission of mobile telephony via the most advantageous transmission tower(s) in the network at the specific time.
  • the server 3 comprises software (not shown) for generating PIN codes, a triple DES (Data Encryption Standard) encryption algorithm (reference numeral 4), an encrypted database (not shown) containing encryption keys to all of the SIM cards registered in the system and information about the connection between the numbers of the mobile handsets and the numbers of the associated SIM cards.
  • a triple DES algorithm is a three-level encryption process which is considered particularly secure against unauthorised decryption.
  • the server 3 When the secure server 3 has received the reference code from a new user and verified that the user's SIM card number is valid in the system, the server 3 generates an electronic signature 5 preferably by means of the triple DES algorithm 4 combined with the two at least 56 bit keys belonging to the user's SIM card number.
  • the electronic signature 5 is transmitted to the user's SIM card 10 as uniquely formatted GSM 8 bit SMS (Short Message System) messages.
  • the coding of the SMS messages is adapted such that the electronic signature 5 of the reference code 2 is stored in the storage 11 of the SIM card 10 and the user is notified that the generated PIN code is ready for use when a SMS message 9 is received by the user's SIM card 10.
  • the user When the user subsequently runs the program in the SIM card 10 enabling delivery of the PIN code, the user is requested by the program via the display 14 of the terminal to enter the reference code 15 on the keyboard 13 of the terminal 12.
  • the reference code 15 is coded by the encryption means 16 in the SIM card 10 by means of the same encryption algorithm used by the encryption means 4 in the secure server 3 when the reference code 2 was supplied to the secure server 3.
  • the comparator means 17 in the SIM card 10 then compares the electronic signature 5 stored in the storage 11 and based on the reference code 2 with the electronic signature 20 generated by the encryption means 16. If the two signatures match, the comparator means 17 transmits a signal to the control means 18 indicating that the PIN code 19 is to be displayed on the display 14 of the terminal 12.
  • the user is advised on the display 14 that the reference code 15 has not been accepted and is asked to enter the reference code 15 once more. If the reference code 15 after two additional attempts still is incorrect, the program is terminated and the PIN code 19 is not delivered until the user has fetched a new reference code 2 from the secure server 3, said code being either identical to or different from the initial reference code 2.
  • the user may be offered to validate the delivered PIN code.
  • the validation process is performed by the user entering the PIN code shown on the display 14 by means of the keyboard, whereafter the user is advised whether the PIN code has been entered correctly. If not, the PIN code is shown once more on the display 14 and the validation process is repeated.
  • the PIN code may be provided in the SIM card, when supplying the card with a unique identity code, whereby the PIN code never need be transmitted. This is considered a more secure embodiment preventing unauthorised decryption of the PIN code during transmission thereof.

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Accounting & Taxation (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Theoretical Computer Science (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Signal Processing (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Finance (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)
  • Telephone Function (AREA)

Abstract

A system is provided for electronic delivery of a PIN code in a secure, fast and efficient manner and compromising a server (3) provided with a reference code (2) for generating the PIN code. The server (3) is adapted to transmit a SMS message (9) containing an electronic signature (5) based on the reference code (2) to a SIM card (10) connected to a terminal (12). The SIM card (10) comprises means (11) for receiving and storing the SMS message (9), and means (17) for comparing the stored electronic signature (5) in the SMS message (9) with an electronic signature (20) generated from a reference code (15) entered by a user of the terminal (12). Encryption keys, generated by a triple DES data encryption algorithm having two keys, and encryption means are provided in the server (3) and in the SIM card (10).

Description

System for electronic delivery of a personal identification code.
Technical Field
The invention relates to a system for electronic delivery of a PIN (Personal Identification Number) code and comprising a server secured by means of a number of encryption keys and provided with a reference code for generating the PIN code, said system further comprising means for encrypting the reference code and the PIN code generated by means of the encryption keys and via connected communications means being adapted to transmit a SMS (Short Message Service) message containing an electronic signature based on the reference code to a SIM (Subscriber Identity Module) card connected to a terminal with input and display means.
Background Art
Personal identification numbers, so-called PIN codes, are presently used in many different situations, in particular in connection with economic transactions, in which a credit card or a similar means of payment is used together with a terminal. The information stored on the credit card is verified by the card user during completion of the transaction by entering a PIN code on the terminal's keyboard, said code being agreed with the card issuer. It is thus ensured that the user of the card is identical to the owner of the card.
The PIN code is usually assigned to the credit card in connection with the issuance thereof and generally forwarded to the user under separate cover as ordinary mail. This method is neither completely secure nor very fast, as it may take several days for the letter to reach the card owner and thus before the owner can use his card.
Brief Description of the Invention The object of the invention is to provide a secure, fast and efficient system which is able to deliver PIN codes to the customers in a more advantageous manner.
A system of the above type is according to the invention characterised in that the SIM card comprises means for receiving and storing the encrypted SMS message, means for comparing the stored electronic signature based on the reference code in the SMS message with a reference code entered by a user of the terminal, said reference code subsequently being used to generate an electronic signature by means of a corresponding encryption key in the SIM card, and means for allowing subsequent display of the PIN code associated with the signatures on the display means of the terminal, if the stored and the entered electronic signatures match. It is thus only possible to be advised of a given PIN code, if the user of a specific terminal enters the associated reference code. The exchange of the PIN code and the reference code is made exclusively in form of encrypted data signals which can only be decrypted by using the two unique encryption keys. A high degree of security delivery of PIN codes is thus obtained.
Furthermore according to the invention the electronic signature in the secure server and the electronic signature in the SIM card may be generated by a data encryption algorithm (triple DES algorithm) having two keys, each key having a word length of at least 56 bit. Such an encryption algorithm provides a high decree of security against unauthorised decryption attempts.
Moreover according to the invention the communications means connected to the secure server may use a radio communications link for transmitting the SMS message to the SIM card connected to the terminal. It is thus possible to use a mobile handset to receive SMS messages.
Furthermore according to the invention the reference codes may comprise at least six alphanumeric digits, whereby the reference code may for instance be civil registration numbers, account numbers, names, key words and any other information only known to the user.
Finally according to the invention the electronic signature based on the reference code may be transmitted to the SIM card in encrypted form at the same time as the SIM card is provided with a unique identification number. As a result, unauthorised decryption of PIN codes during transmission thereof are prevented and the security of the system is thus enhanced.
Brief Description of the Drawing
The invention is explained in greater detail below with reference to the accompanying drawing illustrating a flow chart of a preferred embodiment of the invention.
Best Mode for Carrying Out the Invention
The system for electronic delivery of a PIN code shown in the drawing comprises a secure server 3 adapted to receive unique information 1 (illustrated as a chart for filling-in personal data) in form of reference codes 2, and encryption means 4 subsequently computing the electronic signature 5 based on the reference code 2 in the server 3. The server 3 communicates with a so-called over-the-air platform 6 (OTA) communicating with a SMS service centre 8 adapted to receive encrypted information 7 from the platform 6. The SMS service centre 8 is connected to a SIM card 10 which communicates with a mobile GSM handset 12 comprising a keyboard 13 and a display means in form of a display 14, said service centre being able to transmit completed SMS messages to the SIM card 10. The SIM card 10 comprises a storage 11 for storing encrypted SMS messages 9, encryption means 16 for encrypting data 15 entered by a user of the terminal 12 via the keyboard 13 and comparator means 17 connected to the storage 11 and the keyboard 13 for comparing the stored data with entered data. The comparator means 17 are further connected to means 18 for displaying the PIN code on the display 14 of the terminal 12.
When using the system the user delivers unique information 1 in form of a reference code 2 to the secure server 3. The reference code 2 is used as an input signal for generating an electronic signature 5 in the server 3 by means of the encryption means 4. The electronic signature 5 is transmitted via the over-the-air platform 6 to the SMS service centre 8 for administration of the SIM card, said service centre 8 converting the electronic signature 5 to a SMS message 9 suitable for transmission thereof to the SIM card 10 in question connected to the mobile handset 12. The SIM card 10 comprises a storage 11 adapted to receive and store the encrypted SMS message 9. The comparator means 17 are used for comparing the electronic signature 5 in the encrypted SMS message 9 with the electronic signature 20 generated by the encryption means 16, said signature 20 being generated on the basis of data entered on the keyboard in the terminal 12. If the electronic signature 5 and the electronic signature 20 entered by the user match, the comparator means 17 transmits a signal to the guide means 18 that the PIN code 19 is to be displayed on the display 14 of the mobile handset 12, whereby the PIN code is delivered to the user.
In a preferred embodiment of the invention the terminal 12 is a mobile handset such as a cellular telephone. A SIM card (Subscriber Identity Module) is required for operating mobile handsets adapted for communication via an existing GSM network. The SIM card, which in use forms an integrated part of the electronics of the mobile handset, contains inter alia codes identifying the mobile handset in relation to the GSM network. This identification is necessary to enable the network to determine for instance the position of the mobile terminal for transmission of mobile telephony via the most advantageous transmission tower(s) in the network at the specific time.
The server 3 comprises software (not shown) for generating PIN codes, a triple DES (Data Encryption Standard) encryption algorithm (reference numeral 4), an encrypted database (not shown) containing encryption keys to all of the SIM cards registered in the system and information about the connection between the numbers of the mobile handsets and the numbers of the associated SIM cards. A triple DES algorithm is a three-level encryption process which is considered particularly secure against unauthorised decryption.
When the secure server 3 has received the reference code from a new user and verified that the user's SIM card number is valid in the system, the server 3 generates an electronic signature 5 preferably by means of the triple DES algorithm 4 combined with the two at least 56 bit keys belonging to the user's SIM card number. The electronic signature 5 is transmitted to the user's SIM card 10 as uniquely formatted GSM 8 bit SMS (Short Message System) messages. The coding of the SMS messages is adapted such that the electronic signature 5 of the reference code 2 is stored in the storage 11 of the SIM card 10 and the user is notified that the generated PIN code is ready for use when a SMS message 9 is received by the user's SIM card 10.
When the user subsequently runs the program in the SIM card 10 enabling delivery of the PIN code, the user is requested by the program via the display 14 of the terminal to enter the reference code 15 on the keyboard 13 of the terminal 12. For generating another electronic signature 20, the reference code 15 is coded by the encryption means 16 in the SIM card 10 by means of the same encryption algorithm used by the encryption means 4 in the secure server 3 when the reference code 2 was supplied to the secure server 3. The comparator means 17 in the SIM card 10 then compares the electronic signature 5 stored in the storage 11 and based on the reference code 2 with the electronic signature 20 generated by the encryption means 16. If the two signatures match, the comparator means 17 transmits a signal to the control means 18 indicating that the PIN code 19 is to be displayed on the display 14 of the terminal 12. If the two electronic signatures are not identical, the user is advised on the display 14 that the reference code 15 has not been accepted and is asked to enter the reference code 15 once more. If the reference code 15 after two additional attempts still is incorrect, the program is terminated and the PIN code 19 is not delivered until the user has fetched a new reference code 2 from the secure server 3, said code being either identical to or different from the initial reference code 2.
In order to ensure that the delivered PIN code is read correctly, the user may be offered to validate the delivered PIN code. The validation process is performed by the user entering the PIN code shown on the display 14 by means of the keyboard, whereafter the user is advised whether the PIN code has been entered correctly. If not, the PIN code is shown once more on the display 14 and the validation process is repeated.
In an alternative embodiment the PIN code may be provided in the SIM card, when supplying the card with a unique identity code, whereby the PIN code never need be transmitted. This is considered a more secure embodiment preventing unauthorised decryption of the PIN code during transmission thereof.
The invention is not restricted to the above preferred embodiment, but may be altered in many ways without thereby deviating from the scope of the invention.

Claims

Claims
1. A system for electronic delivery of a PIN (Personal Identification Number) code and comprising a server (3) secured by means of a number of encryption keys and provided with a reference code (2) for generating the PIN code, said system further comprising means (4) for encrypting the reference code and the PIN code generated by means of the encryption keys and via connected communications means (6,8) being adapted to transmit a SMS message (9) containing an electronic signature (5) based on the reference code (2) to a SIM card (10) connected to a terminal (12) with input means (13) and display means (14), c h a r a c t e r i s e d in that the SIM card (10) comprises means (11) for receiving and storing the encrypted SMS message (9), means (17) for comparing the stored electronic signature (5) based on the reference code (2) in the SMS message (9) with a reference code (15) entered by a user of the terminal (12), said reference code (15) subsequently being used to generate an electronic signature (20) by means of a corresponding encryption key (16) in the SIM card (10), and means (18) for allowing subsequent display of the PIN code associated with the signatures (5,20) on the display means (14) of the terminal (12), if the stored signature (5) and the entered electronic signature (20) match.
2. System according to claim 1, c h a r a c t e r i s e d in that the electronic signature (5) in the secure server (3) and the electronic signature (20) in the SIM card
(10) both are generated by a data encryption algorithm (triple DES algorithm) having two keys, each key having a word length of at least 56 bit.
3. System according to claim 1 or 2, c h a r a c t e r i s e d in that the communications means (6, 8) connected to the secure server (3) uses a radio communications link for transmitting the SMS message (9) to the SIM card (10) communicating with the terminal (12).
4. System according to one or more of the preceding claims, cha ra c te ri s ed in that reference codes (2, 15) comprise at least six alphanumeric digits.
5. System according to one or more of the preceding claims, characterised in that the electronic signature (5) based on the reference code (2) is transmitted to the SIM card (10) in encrypted form at the same time as the SIM card (10) is allocated an unique identification number.
EP00974345A 1999-11-09 2000-11-09 System for electronic delivery of a personal identification code Withdrawn EP1228653A1 (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
DK160899 1999-11-09
DK199901608A DK174672B1 (en) 1999-11-09 1999-11-09 Electronic identification code delivery system
PCT/DK2000/000620 WO2001035685A1 (en) 1999-11-09 2000-11-09 System for electronic delivery of a personal identification code

Publications (1)

Publication Number Publication Date
EP1228653A1 true EP1228653A1 (en) 2002-08-07

Family

ID=8106504

Family Applications (1)

Application Number Title Priority Date Filing Date
EP00974345A Withdrawn EP1228653A1 (en) 1999-11-09 2000-11-09 System for electronic delivery of a personal identification code

Country Status (9)

Country Link
EP (1) EP1228653A1 (en)
JP (1) JP2003514469A (en)
CN (1) CN1167298C (en)
AU (1) AU1269001A (en)
BR (1) BR0015445A (en)
CA (1) CA2390835A1 (en)
DK (1) DK174672B1 (en)
HK (1) HK1048720A1 (en)
WO (1) WO2001035685A1 (en)

Families Citing this family (32)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW498245B (en) * 2000-09-13 2002-08-11 First Cube Pte Ltd A method and system using SMS notification for facilitating delivery of goods
US7668315B2 (en) * 2001-01-05 2010-02-23 Qualcomm Incorporated Local authentication of mobile subscribers outside their home systems
NO313810B1 (en) * 2001-04-25 2002-12-02 Ericsson Telefon Ab L M Cryptographic signing in small units
DE60141905D1 (en) * 2001-11-05 2010-06-02 Nokia Corp Delivery to network of mobile stations Functional and self-test results in response to an encrypted request
SE0200061L (en) * 2002-01-10 2003-01-07 Telia Ab Method of access control in mobile communications
DE10218191B4 (en) * 2002-01-24 2007-06-21 Vodafone Holding Gmbh Adjustable mobile terminal
CN100343829C (en) * 2002-04-15 2007-10-17 无敌科技股份有限公司 Remote data preserving back-up restoring method
GB2391669A (en) * 2002-08-09 2004-02-11 Optisign Ltd Portable device for verifying a document's authenticity
US7702910B2 (en) * 2002-10-24 2010-04-20 Telefonaktiebolaget L M Ericsson (Publ) Message authentication
JP4067985B2 (en) * 2003-02-28 2008-03-26 松下電器産業株式会社 Application authentication system and device
AU2003281970A1 (en) * 2003-03-18 2004-10-11 Eta-Max Method to increase security of secure systems
FR2853785B1 (en) * 2003-04-09 2006-02-17 Oberthur Card Syst Sa SECURE ELECTRONIC ENTITY WITH MODIFIABLE COUNTER FOR USING SECRET DATA
EP1661338A1 (en) 2003-08-12 2006-05-31 Research In Motion Limited System and method of secure message processing
JP4696449B2 (en) * 2004-01-09 2011-06-08 ソニー株式会社 Encryption apparatus and method
CN100344195C (en) * 2004-09-24 2007-10-17 华为技术有限公司 Mobile terminal used for protecting user input information and its method
AT500833B1 (en) * 2004-10-08 2007-06-15 Pribitzer Wolfgang Ing METHOD, TERMINAL AND SYSTEM FOR APPROVAL CONTROL OF A DEVICE
US20060217116A1 (en) * 2005-03-18 2006-09-28 Cassett Tia M Apparatus and methods for providing performance statistics on a wireless communication device
CN100450208C (en) * 2005-11-03 2009-01-07 华为技术有限公司 Short message encryption protection realizing method and system
CN100369074C (en) * 2006-03-02 2008-02-13 西安西电捷通无线网络通信有限公司 Method for realizing encryption/decryption processing in SMS4 cipher algorithm
US9237148B2 (en) 2007-08-20 2016-01-12 Blackberry Limited System and method for displaying a security encoding indicator associated with a message attachment
WO2009123395A1 (en) 2008-04-04 2009-10-08 Lg Electronics Inc. Terminal and method for selecting secure device
EA016997B1 (en) * 2008-05-14 2012-09-28 Шин, Елена Ильинична Process of remote user authentication in computer networks to perform the cellphone-assisted secure transactions
SI2187363T1 (en) * 2008-11-12 2012-09-28 Oberthur Technologies Denmark As Personal identification number distribution device and method
GR1006978B (en) * 2009-10-02 2010-09-17 Ιντεαλ Ηλεκτρονικη Αβεε, Disclosure of a pin number through a combining sending and use of a card carrier and a text message (sms)
CN101815267A (en) * 2010-03-05 2010-08-25 惠州Tcl移动通信有限公司 Method for encrypting short message of mobile communication terminal
JP5337125B2 (en) * 2010-09-24 2013-11-06 株式会社エヌ・ティ・ティ・ドコモ Terminal apparatus, communication system, telephone number determination method and program
CN101982989A (en) * 2010-10-29 2011-03-02 蒋晴琴 Encryption system based on coating anti-counterfeit technology
TR201103175A2 (en) * 2011-04-01 2012-10-22 Turkcell �Let���M H�Zmetler� Anon�M ��Rket� A system and method for secure message transmission
KR101080511B1 (en) 2011-08-03 2011-11-04 (주) 아이씨티케이 Integrated circuit chip prevneting leak of identification key and method for certification of the integrated circuit chip
US9037865B1 (en) 2013-03-04 2015-05-19 Ca, Inc. Method and system to securely send secrets to users
US9853926B2 (en) 2014-06-19 2017-12-26 Kevin Alan Tussy Methods and systems for exchanging private messages
CN108875505B (en) * 2017-11-14 2022-01-21 北京旷视科技有限公司 Pedestrian re-identification method and device based on neural network

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
SE508844C2 (en) * 1997-02-19 1998-11-09 Postgirot Bank Ab Procedure for access control with SIM card
EP1000511B1 (en) * 1997-08-01 2001-11-14 Scientific-Atlanta, Inc. Conditional access system
FI980085A0 (en) * 1998-01-16 1998-01-16 Finland Telecom Oy Encryption in card form and annulling in encryption
US6151677A (en) * 1998-10-06 2000-11-21 L-3 Communications Corporation Programmable telecommunications security module for key encryption adaptable for tokenless use
FI107860B (en) * 1999-02-09 2001-10-15 Sonera Smarttrust Oy Procedure and systems for a telecommunications system and a subscriber identity module

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO0135685A1 *

Also Published As

Publication number Publication date
AU1269001A (en) 2001-06-06
DK174672B1 (en) 2003-08-25
CN1167298C (en) 2004-09-15
DK199901608A (en) 2001-05-10
HK1048720A1 (en) 2003-04-11
JP2003514469A (en) 2003-04-15
CA2390835A1 (en) 2001-05-17
BR0015445A (en) 2002-11-05
CN1408187A (en) 2003-04-02
WO2001035685A1 (en) 2001-05-17

Similar Documents

Publication Publication Date Title
EP1228653A1 (en) System for electronic delivery of a personal identification code
US9826405B2 (en) Method and apparatus for unlocking a mobile telephone type wireless communication terminal
US7231372B1 (en) Method and system for paying for goods or services
US5534857A (en) Method and system for secure, decentralized personalization of smart cards
US20110047082A1 (en) Remote Electronic Payment System
US20030008637A1 (en) System and method for implementing secure mobile-based transactions in a telecommunication system
CN1711738A (en) Providing a user device with a set of access codes
JP2001513274A (en) Authorization confirmation method
KR100968662B1 (en) Method for registering and enabling pki functionalities
EP1142194B1 (en) Method and system for implementing a digital signature
WO1998028877A1 (en) Method for identification of a data transmission device
KR20010085115A (en) The payment system by using the wireless terminal
EP1242981A1 (en) Distribution of certifiers
US6523011B1 (en) Communication system for transmitting accounting instructions
AU2715501A (en) A system for recharging a prepaid value in respect of a telephone connection
US7181429B1 (en) Apparatus and method for storing electronic money
US6832718B2 (en) Smart card payment terminal
WO2001049054A1 (en) Digital signature
US20170323302A1 (en) Security systems and methods
KR100336094B1 (en) Method and apparatus for changing class of electronic card
KR20040087663A (en) System and the Method for electronic settlement of accounts by using fingerprint recognition of mobile phone
KR970071336A (en) How to make reservation service using Telebanking
RU2001117628A (en) A method of conducting a transaction in a mobile communication network through an electronic digital payment document and a system for its implementation (options)
AU2918392A (en) Method and system for secure, decentralised personalisation of smart cards

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20020502

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE TR

AX Request for extension of the european patent

Free format text: AL PAYMENT 20020502;LT PAYMENT 20020502;LV PAYMENT 20020502;MK PAYMENT 20020502;RO PAYMENT 20020502;SI PAYMENT 20020502

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20080531

REG Reference to a national code

Ref country code: HK

Ref legal event code: WD

Ref document number: 1048720

Country of ref document: HK