Classifications

• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04W—WIRELESS COMMUNICATION NETWORKS
  • H04W8/00—Network data management
  • H04W8/18—Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
  • H04W8/20—Transfer of user or subscriber data
  • H04W8/205—Transfer to or from user equipment or user record carrier

Definitions

• the present invention relates to a method allowing a local access point to communicate with an application hosted by a security module of a mobile terminal.
• the invention applies more particularly to communication from a communicating entity, present near a mobile terminal, to a security module of said mobile terminal.
• Said communicating entity is for example a personal computer or
• PC Personal Computer
• communicating automaton a communicating terminal
• communicating cash register a communicating cash register
• mobile terminal etc. or any terminal including telecommunications means, data processing and storage means.
• the security module of the mobile terminal is currently a card
• SIM Subscriber Identity Module
• USIM UMTS Subscriber Identity Module
• WIM Wireless Fidelity Module
• any other subscriber identification card of a mobile terminal any other subscriber identification card of a mobile terminal.
• microprocessor card with storage means, coupled with said mobile terminal and allowing data exchange in accordance with the UICC standard (Universal Integrated Circuit).
• SIM or USIM or WIM card, etc. is the element that makes it possible to provide security to mobile telephone networks, such as the GSM network ("Global System for Mobile communications", a global system for communications with mobile) or the GPRS network ("General
• Packet Radio Service ", general radio service in packet mode).
• said card allows subscriber authentication on the mobile network, encryption of voice or data exchanges, as well as terminal personalization It also allows other value-added services, notably services implemented in the form of "JavaCard” applets using the standard.
• SIM Toolkit standard currently present on all SIM cards.
• Said applets are logical processes typically programmed in JAVA language and specific for smart cards, in particular a SIM card or a USIM card, etc.
• said cards communicate with a remote application server either by short message from SMS type ("Short Message Service”), either by transmission of USSD type ("Unstructured Supplementary Service Date", or by voice call.
• SMS Short Message Service
• USSD Unstructured Supplementary Service Date
• Said local link can for example be an IrDA type link ("Infrared Data Association", infrared wireless link), a “Bluetooth” type link (short distance radio link), an NFC type link ("Near Field Communication” , very short distance communication and contactless) or a wired link in serial mode.
• IrDA type link Infrared Data Association
• Bluetooth Bluetooth
• NFC Near Field Communication
• GSM 11.14 and ETSI 31.111 European Telecommunications Standards Institute
• the object of the invention which would make it possible to remedy the drawbacks of existing systems, is to allow a local access point, close to a mobile terminal, to exploit local links and this with the more general aim of developing secure proximity services with high added value, using the security provided by a security module of said mobile terminal.
• the object is achieved by a method of exchanging data between at least a first logical process hosted on a local entity and at least a second logical process hosted on a security module of a mobile terminal, characterized in that said method, using the use of at least one transit memory located on said security module, is capable of responding to said first logical process by said second logical process by means of at least one message in said transit memory for managing at least one software application implemented by said local entity.
• a local entity present near a mobile terminal, establishes communication with a security module of the mobile terminal.
• Said local entity hosts a first logical process, which is requested by a software application implemented by said local entity.
• Said first logical process of the local entity writes a message in a transit memory located on the security module of the mobile terminal.
• Said security module of the mobile terminal hosts a second logical process, which responds to said first logical process of the local entity using the transit memory.
• Said response is read by the first logical process which transmits it to said software application, which is the source of the request.
• Said transit memory located on the security module of the mobile terminal is used to remotely manage a software application implemented by said local entity.
• the resources of the security module allow for example the securing or the personalization of numerous services.
• said method includes a step of establishing a communication link between the two logical processes.
• the user of said mobile terminal must position it so as to establish communication with a local entity close to said mobile terminal.
• Said communication is established via a communication link with, for example, wired cable transmission in serial mode or infrared wireless communication IrDA or radio wireless communication of Bluetooth type or communication of NFC type. Then, after the establishment of the call, it continues without any intervention from the user of the mobile terminal.
• the exchange of data between the two logical processes is carried out by sending a request by said first logical process followed by at least one response from said second logical process.
• the first logical process is requested by the software application and launches a request to the second logical process of the mobile terminal.
• said second logical process accesses the request.
• said first logical process will read the response to the request from said second logical process.
• the exchange of request-response type between the two logical processes allows a simple implementation on the standard security module of a mobile terminal. The invention can therefore be implemented on current equipment without waiting for local communication standards.
• FIG. 1 represents an assembly composed of a mobile terminal, a security module and a local entity, in accordance with the invention.
• the local communicating device 10 or access point PA
• the local communicating device 10 is represented by a personal computer of PC type, but it can be of different nature, for example a public terminal for communication with a messaging service, a communicating distributor of drinks with an electronic payment application, etc.
• the invention is described with the names used in the terminology of GSM-type mobile telephone systems (mobile terminal, SIM card, etc.) .).
• the invention applies to all types of security modules of a mobile terminal, such as a SIM card (Subscriber Identity Module), a USIM card (UMTS SIM), a WIM card (WAP Identity Module) or any other microprocessor card, with storage means, in accordance with UICC standard (Universal Integrated Circuit Card).
• SIM Subscriber Identity Module
• USIM USIM
• WAP Identity Module WAP Identity Module
• UICC Universal Integrated Circuit Card
• the invention applies to networks and terminals connected to the UMTS mobile network (Universal Mobile Telecommunications System, or universal telecommunications system with mobiles), as well as to a USIM card (UMTS Subscriber Identity Module, or module UMTS subscriber identity).
• the invention also applies to all communication systems using identical techniques for sending a request, followed by a response, via a command script.
• the equipment concerned is at least one local communicating device 10 called access point or PA (Point Access) for example a PC, at least one mobile terminal 30 called MT (Mobile Terminal) equipped with a security module 20 (such as a SIM card) in said mobile terminal 30.
• PA Point Access
• MT Mobile Terminal
• Several local entities 10 can enter into communication with said mobile terminal MT 30 according to the applications desired by the user, for example a PC, a beverage dispenser, etc., and momentarily present near said mobile terminal 30.
• At least one first logical process 11, called SIM Trigger is hosted on said local entity 10 (or PA access point) in the form of an API (Application Program Interface).
• said first logical process 11 (or SIM Trigger) is requested by at least one software application 12, called AppSoftware.
• AppSoftware software application
• the SIM Tooikit standard in the form of "JavaCard" applets is implemented on said security module 20 (for example a SIM card) by at least one second logic process 21, called AppCardIet, and allows the implementation of a service.
• Said AppCardIet applet 21 is compatible with triggering by an external event, here to be triggered by said SIM Trigger 1 process 1.
• Several logical processes 21 can be hosted by the security module 20 of a mobile terminal MT 30 allowing the implementation of different applications, such as data signing, management of access rights to digital content, electronic payment using an electronic wallet, transaction authentication, etc.
• local communication link 1 is implemented via two communication interfaces 13, 23, located respectively on one side on the local entity 10 (or access point PA) and on the other side on said MT 30 mobile terminal.
• a link is called a local communication link 1, if it is established between two devices close to each other and, in particular, over a distance significantly shorter than that separating a telephone from its server. closer in a regular cellular network. Said local communication link 1 typically takes place over a distance varying from a few centimeters to a few meters, or even a few tens of meters for local radio type links.
• link signifies the existence of a time interval during which each of the two processes is in a particular configuration corresponding to the implementation of a data exchange with the other process.
• This link is established by the appearance of the logical configuration of exchange on both sides, and ends with the closure of the link, namely the disappearance of the configuration of exchange, on both sides.
• the two logical processes 1 1, 21 can both be located on the same mobile terminal MT 30, when said terminal is biprocessor, composed of an application processor and a modem processor, such as for example a communicating PDA terminal (Personal Digital Assistant) or a "Smartphone" type terminal.
• the access point PA 10 is located on the processor of applications which support the open operating system (or OS, Operating System) of the terminal 30, so as to allow access to applications such as securing or personalizing services accessible by said terminal 30.
• the communication between the two logical processes 11, 21 are carried out by means of a command script.
• the commands exchanged in the script must be known by the two logical processes 11, 21, ie said SIM Trigger process 11 in the access point PA 10 and said AppCardIet applets 21 on the security module 20 (ie a SIM card).
• the command script is exchanged via at least one transit memory 22, which is located on the security module 20.
• Said transit memory 22, called SIM Buffer is used by said second logic process 21, or AppCardIet, of the security module 20 (such as a SIM card) for localized communication.
• This allows the storage of data (or arguments) sent to said AppCardIet 21 applet and the storage of the result produced by said AppCardIet 21 applet.
• said access point PA 10 enters into communication with said AppCardIet 21 applet hosted on the security module 20 of said mobile terminal MT 30.
• the request-response type communication between the two processes SIM Trigger 11 and AppCardIet 21 is that listed below.
• the procedure for using said SIM Buffer memory 22 by said first SIM Trigger process 11, hosted on said access point PA 10, is as follows.
• the AppSoftware 12 software application implemented by said access point PA 10, calls the first SIM Trigger 11 process.
• Said AppSoftware 12 software application sends a message in the form TriggerApplet (AppCardlet.ld, Arg, LINK_IRDA, CardletResponse) , with the identifier of the AppCardIet applet 21 as parameters to be triggered on the security module 20 (SIM card) of said MT mobile terminal 30, ie "AppCardlet.ld", as well as data (or arguments) "Arg” and the type of communication link 1 to be used for sending said data (IrDA infrared communication).
• TriggerApplet AppCardlet.ld, Arg, LINK_IRDA, CardletResponse
• the variable "CardletResponse” will contain the data of response of the AppCardIet 21 applet after the execution of said "TriggerApplet” function.
• the SIM Trigger 11 process constitutes a first short message "m1" of SMS (Short Message Service) type, represented by a character string of 140 bytes in general, containing a header byte (0x01) followed by the identifier of the 'AppCardIet 21 applet to be triggered, as well as "Arg" data (or arguments), accompanied if necessary by padding bytes (OxFF).
• SMS Short Message Service
• the exchange of data between the two logical processes 11, 21 is carried out by the sending of a request by said SIM Trigger process 11, said short message "m1", followed by a response from said AppCardIet applet 21.
• the user must position said mobile terminal MT 30 so as to establish communication with the access point PA 10, using the local communication link 1 (infrared communication IrDA).
• the establishment of said local communication link 1 allows the exchange between the two logical processes
• the SIM Buffer memory 22 can be at least constituted by an EFSMS file from the security module 20 (the SIM card) , as specified in the ETSI GSM 11.11 standard. Said EFSMS file is also dedicated to the storage of messaging texts, for example of SMS messages type
• SIM Buffer 22 memory (Short Message Service).
• the use of the SIM Buffer 22 memory by the SIM Trigger 11 process is preferably, but not exclusively, carried out by AT commands, the implementation of which is very widespread and which are specified in the ETSI GSM standards 07.05 and 07.07.
• the SIM Trigger process 11 searches for a free location "IdSIot" in said EFSMS file of the security module 20 (SIM card) of the mobile terminal MT 30. It writes said first short SMS message "m1" in said file
• AT + CMGW gives access to the message file
• SMS from a SIM card via an IrDA, Bluetooth or serial port of a mobile terminal for example by a PC to use said terminal as a gateway with the mobile phone network.
• the advantage of this command is that it works on all mobile terminals to write an SMS message to the EFSMS file on the SIM card or the USIM card.
• other commands such as the AT + CRSM command can also be used to perform an update (or UpdateRecord) of the EFSMS file.
• the SIM Trigger 11 process can read an SMS message written in said EFSMS file at record 0, then save it so as to rewrite it at the end of the procedure.
• the SIM Trigger 11 process performs a periodic reading of the IdSIot record of the EFSMS file, checking whether the value of the first header byte is modified.
• Said SIM Trigger process 11 is provided for repeatedly re-reading said SIM Buffer memory 22 in order to read a data item entered by said second logic process 21 or AppCardIet between two consecutive readings. Consequently, said first logical process 11 (ie the SIM Trigger process) of the local entity 10 writes and reads into said transit memory 22 (or the SIM Buffer transit memory) of the security module 20 of the mobile terminal 30 via the local communication link.
• Said local communicating device 10 hosts said first logic process 11 programmed to use said transit memory 22 of said security module 20 of the mobile terminal 30.
• Said SIM trigger process 11 (ie the first logic process) is provided for monitoring the appearance on said SIM Buffer 22 transit memory of at least one item of data written by the AppCardIet applet 21 (ie the second logical process).
• the SIM Trigger 11 process periodically scans, for example every second, the content of the EFSMS file awaiting the response of the AppCardIet 21 applet. This reading is done by the command AT + CMGR sent by said SIM Trigger 11 process.
• GSM 03.19 standards provide that JavaCard applets on the SIM card can detect and be triggered by external events, in particular by the event "EVENT_UNFORMATED_SMS_PP_UPD", which corresponds to the updating of the EFSMS file by a third-party application.
• the AppCardIet 21 applet reacts to the event "EVENT_UNFORMATED_SMS_PP_UPD” and reads the first short SMS message "m1" written in said SIM Buffer 22 memory by the SIM Trigger 11 process. Said AppCardIet 21 applet reads the data (or arguments ) stored in the first short SMS message "m1". If the applet identifier corresponds to its own identifier, the AppCardIet 21 applet continues processing. Otherwise, the applet ends the processing and the operating system of the security module 20 (SIM card) sends the event to the other logical processes 21 (or applets) hosted by said security module 20 (SIM card).
• SIM card operating system of the security module 20
• the AppCardIet applet 21 performs the function, for which it is intended, on the Arg data read in the first short SMS message "m1", for example a data signature function, ie Signature (Arg, certificate).
• the AppCardIet 21 applet writes to the EFSMS file the result of said function executed.
• the AppCardIet 21 applet writes the signature on at least 8 bytes, generally 16 bytes, preceded by a header byte (0x01), in the form of a second message short SMS "m2" at the IdSIot location.
• the SIM Trigger process 11 which was waiting for a response, reads said data entered by said second logical process 21 or AppCardIet.
• Said SIM Trigger 11 process reads said response from the AppCardIet applet 21 and sends said response to the software application AppSoftware 12.
• the software application for which it is intended, on the Arg data read in the first short SMS message "m1"
• the software application for example a data signature function
• AppSoftware 12 requested the SIM Trigger 11 process to obtain the said certificate from the AppCardIet 21 applet. The response from the applet
• AppCardIet 21 allows the management of the software application 12 implemented by said access point PA 10. It is also possible to define a more elaborate data transport protocol, based on the use of several SMS messages. In this case, a header, indicating the number and the number of SMS messages used, will be introduced by the SIM Trigger 11 process.
• the equipment concerned is a personal computer (or PC) as access point PA 10, hosting a software application 12 such as a MailApp messaging service, a terminal mobile MT 30 and a security module 20 (SIM card) hosting a data signing applet, ie SigCardlet 21.
• Said MT mobile terminal 30 and said personal computer (or access point PA) 10 are suitably paired at a local communication link 1 of the Bluetooth short distance radio type.
• said MT 30 mobile terminal is equipped with a Bluetooth port of the "Serial Port Profile" type.
• the MailApp 12 software application calls the first SIM Trigger 11 process.
• Said MailApp 12 software application sends a message in the form TriggerApplet (SigCardlet.ld, s, LINK_BluetoothSerialPort, CardletResponse), with parameters the identifier of the SigCardlet applet 21 to be triggered on the SIM card 20 of said MT mobile terminal 30, ie "SigCardIet.ld", as well as data "s" to be signed and the type of communication link 1 to be used for the 'sending of said data (BluetoothSerialPort communication).
• the data "s” can be a summary of the electronic message (or mail) to be signed.
• the "CardletResponse" variable will contain the response of the SigCardlet 21 applet, ie the signature produced, after execution of said "TriggerApplet” function.
• the procedure, of request-response type continues as described above using the SIM Buffer 22 memory.
• the exchange of data between the two logical processes (11, 21) is carried out by sending the request by the SIM process Trigger 11 followed by the response of said SigCardlet applet 21. Said procedure continues until the response from the SigCardlet 21 applet is read by the SIM Trigger 11 process and the sending of said response to the software application MailApp 12.
• the MailApp software application 12 requested the SIM Trigger 11 process to obtain said signature of the data coming from the SigCardlet applet 21.
• the response of the SigCardlet applet 21 allows the management of the MailApp 12 software application implemented by said access point PA 10.
• the invention allows a logical process 21, hosted on a standard security module 20 of a mobile terminal without the need to add specific functions , to dialogue with an external access point PA 10 by means of a simplified request-response type data exchange, using a local communication link 1.
• the implementation of the method is done via a SIM Buffer memory 22 located on said security module 20 (ie a SIM card).
• the dialogue between the logical processes 11, 21 of the security module 20 and of the access point PA 10 is preferably, but not exclusively, carried out by a command script which is written and read in said SIM Buffer memory 22.
• the second logical process 21 responds to the first logical process 11 to manage a software application 12 implemented by said access point PA 10.
• the services that can be applied to this process are very numerous and allow authentication, control as well access, ticket issuance, data security, personalization of messages, etc.

Landscapes

• Engineering & Computer Science (AREA)
• Databases & Information Systems (AREA)
• Computer Networks & Wireless Communication (AREA)
• Signal Processing (AREA)
• Telephonic Communication Services (AREA)
• Telephone Function (AREA)
• Mobile Radio Communication Systems (AREA)

Applications Claiming Priority (2)

Publications (1)

Family

ID=33522826

Family Applications (1)

Country Status (3)

Families Citing this family (1)

Family Cites Families (4)

• 2003
  • 2003-07-04 FR FR0308290A patent/FR2857207B1/fr not_active Expired - Fee Related
• 2004
  • 2004-06-22 WO PCT/FR2004/001559 patent/WO2005015930A1/fr active Application Filing
  • 2004-06-22 EP EP04767415A patent/EP1649713A1/de not_active Ceased

Non-Patent Citations (2)

Also Published As

Similar Documents

Legal Events