[go: up one dir, main page]

HK1027694B - Method for digital signing of a message - Google Patents

Method for digital signing of a message Download PDF

Info

Publication number
HK1027694B
HK1027694B HK00106571.4A HK00106571A HK1027694B HK 1027694 B HK1027694 B HK 1027694B HK 00106571 A HK00106571 A HK 00106571A HK 1027694 B HK1027694 B HK 1027694B
Authority
HK
Hong Kong
Prior art keywords
message
signing
signed
mobile telephone
receiving device
Prior art date
Application number
HK00106571.4A
Other languages
German (de)
French (fr)
Chinese (zh)
Other versions
HK1027694A1 (en
Inventor
Rover Stefan
Groffmann Hans-Dieter
Original Assignee
FDGS Group, LLC.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from DE19747603A external-priority patent/DE19747603C2/en
Application filed by FDGS Group, LLC. filed Critical FDGS Group, LLC.
Priority claimed from PCT/EP1998/006769 external-priority patent/WO1999022486A1/en
Publication of HK1027694A1 publication Critical patent/HK1027694A1/en
Publication of HK1027694B publication Critical patent/HK1027694B/en

Links

Description

The present invention relates to a method for digitally signing a message and the devices required to perform this process.
Digital signatures, i.e. electronic signatures, are usually implemented using so-called public-key procedures. A key pair is assigned to a signer that includes a secret and a public key. The secret key is used to generate a signature by a mathematical process, while the associated public key can be used to verify this signature. The secret key is under the sole control of the signer, so that no one can sign on behalf of the signer. The public key, on the other hand, can be published, so that anyone can verify the signature.
Digital signatures can be generated in a computer, for example in a PC, with the help of software programs. Usually, the associated secret key is stored on a hard disk or floppy disk and loaded into the main memory to generate the signature. Most often, the secret key itself is stored in encrypted form and protected by a password that the owner must enter when signing through the software. This is to ensure that only the owner of the secret key can use it to sign.
Another alternative to generating digital signatures in a computer is hardware-based methods. These use specialized devices for signing, in which the display component and keyboard are paired with the signing component by hardware so that the connection cannot be influenced. These devices are usually connected to the computer via a galvanic connection, such as a cable to the serial interface. These devices have their own display component that displays the message to be signed and a separate keyboard, the so-called PIN-pad, which is used to encrypt the signature key that is entered into the key.
In contrast to software-based methods, hardware-based methods are considerably more secure, but their cost is higher. Accordingly, mixed methods are currently used. The secret keys are usually stored on a chip card and made available via a reader. The remaining tasks such as display, entering the password and generating the signature are performed entirely or partially in the computer.
Alternatively, the signature may be displayed and entered via the computer, whereby the signing device is used to generate the signature in addition to storing the secret key. Finally, there is the option that only the display is done in the computer. The signing device in this variant has its own keyboard or is directly connected to the computer keyboard bypassing the computer software. The signature is generated in the signing device. The more tasks are taken over by the computer software and the less the signing device has to perform, the cheaper the procedure.
WO 96/32700 reveals a procedure for digitally signing and forwarding a message generated on a mobile phone; EP 0 689 316 A2 reveals a procedure and device for identifying and verifying data on a communications network.
However, the problem with all these embodiments is that the data that the user wants to sign must be signed, so it is necessary to exclude that a virus, for example, changes the data during transmission from the display component to the signature component, for example the cryptoprocessor.
In addition, the relatively low prevalence of digital signatures limits the use of the digital signature capability to the fullest extent possible. In potential applications of digital signatures, such as Internet banking, a costly infrastructure for the distribution of the signatures would have to be created. The installation of signatures on the computer is also problematic. On the one hand, the devices must be physically connected to the computer, with the serial interfaces of a PC often already occupied. Alternative methods for connecting the user devices to computers are also problematic, as this requires at least the installation of driver signatures and additional software.
Another problem with traditional digital signature methods is that they are location-dependent. Certain areas of application for the use of digital signatures, such as Internet banking, are location-dependent due to universally accessible public Internet terminals. If these Internet banking applications were now combined with the known location-dependent digital signature methods, the location-dependence of these areas of application would be lost.
The technical problem underlying the present invention is therefore to provide a cost-effective, easy to implement and location-independent method for digitally signing messages and suitable devices for this purpose.
The present invention is based on the principle that the invention provides for a method of digitally signing a message to be transmitted to a receiving device by means of a signing device, whereby the message to be signed is transmitted from a transmitting device to a receiving device, this message is then transmitted from the receiving device via a telephone network, in particular a mobile telephone network, to a signing device associated with the transmitting device, this message is then signed in the signing device and transmitted back to the receiving device as a signed message.
In the context of the present invention, a digital signature of a message is understood to be an operation in which the will to deliver and the content of a message are confirmed electronically. This is done by partial or complete encryption of the message to be signed or by encrypting a cryptographic checksum of this message into a signed message using a secret key using a mathematical procedure. In the context of the present invention, a signed message is understood to mean either the signed message as a whole or the signature itself. The signature is used to enable a later authentication of the user.In the context of the present invention, a message is any type of information that can be reproduced in electronic form, such as numbers, letters, combinations of numbers, combinations of letters, graphics, tables, etc. In the context of the present invention, a signing device is a unit that can sign a message, i.e. a secret key, a mathematical encryption method, dialogue with the signer or user, interfaces, if necessary, and a transmitting and receiving device. This unit may be composed of various elements, for example a card reader and a reader or a chip card and a mobile phone.which has the secret key and/or the encryption method and/or an interface to both or one of the above components.
The particularly preferred use of the radiotelephone network for transmitting the messages to be signed to a signing device which is designed in an advantageous way as a mobile telephone makes it possible to transmit messages from a commercial computer connected to a corresponding message server, for example by e-mail, to the signing device without having to install or make any other changes to the computer itself.
In a particularly preferred embodiment, the invention provides for a procedure of the above type, whereby the message to be signed is transmitted from a transmitting device, also called a message source, such as a PC, to a receiving device, such as a message server, then this message is transmitted from the receiving device to a signing device associated with the transmitting device, in particular a mobile phone, then this message is signed on the mobile phone, and then it is transmitted back to the receiving device as a signature, i.e. as a signed message.
The invention therefore provides that an unsigned or to be signed message is transmitted from a message source to a receiving device, for example a message server. The receiving device then assigns the message to be signed to the signing device, in particular the mobile phone. This is done either by means of documentation stored in the receiving device or by information transmitted together with the message to be signed from the transmitting device to the receiving device. The assignment of the signing device, in particular the mobile phone, to which the message is transmitted needs to be a spatial assignment, not a purely authenticatory assignment. The assignment consists, therefore, in determining which receiving device and which receiving chip is to transmit the message in a significant way, thus informing the receiving user in advance of the intended direction. The message is then transmitted in a significant way and, if necessary, the message is placed in a significant way, and the recipient is able to receive the message in a significant way. The message is then transmitted in a significant way and, if necessary, the message is placed in a significant way, in the presence of a mobile device and, if necessary, in the presence of a significant user, in the network.
The invention also relates to a method described above, which provides for the advantage of using a public key method for signing, whereby the transmitting device has a secret key assigned to it and the receiving device has the corresponding public key assigned to the secret key.
In another advantageous embodiment, the invention relates to a method whereby the message to be signed or the message already signed, i.e. for example the signature between the receiving device and the signing device, in particular the mobile telephone, is transmitted by the short message service (SMS).
The invention also provides that the message to be signed is to be displayed by means of a display device provided for in a mobile telephone, which can be used on the display of a commercial mobile phone, so that simple texts such as bank transactions or even simple graphics can be easily displayed.
Following this representation, if any, the user shall give an appropriate instruction to trigger the signature in a dialog provided for this purpose. In a particularly preferred embodiment, the invention provides for a procedure of the above type whereby the secret key necessary for signing is deposited in a chip card of the mobile telephone and this key is released by means of a secret number (hereinafter referred to as PIN) entered by a keyboard of the mobile telephone.
A further alternative design of the above-mentioned invention procedure provides for the secret key necessary for signing to be entered via a keyboard of the mobile telephone.
Another preferred embodiment of the invention provides that in one of the above methods the secret key is not only stored on the chip card of the mobile telephone but also the signature of the message is carried out there, which can be advantageously ensured that the secret key does not leave the chip card under any circumstances and can thus be used by unauthorized persons.
A further advantageous design of the invention is that the mobile telephone is used not only to sign the message but also as a transmitter for transmitting the signed message to the receiving device.
The invention also relates to devices for performing the above procedures, in particular mobile telephones and chip cards.
A particularly preferred embodiment of the invention is a mobile telephone incorporating a keyboard, display device and a chip card device for reading and/or writing a chip card which can be inserted into the mobile phone, and a signing device, for example, for communicating with a chip card of the invention and/or for generating a signed message from a night to be signed.
In a particularly advantageous design of the aforementioned mobile telephone, the signing device is a software component modified from the conventional software component of a mobile telephone. This modified software component is suitable in a preferred design of the invention to perform the signing of the message after dialogue with the user. In another embodiment, the modified software component of the signing device, as envisaged by the invention, is advantageously able to communicate with the chip card according to the invention to perform the signing according to the invention. In a particularly advantageous design of the invention, it is envisaged that the signing device can also perform the signing of the signal algorithm, which enables the signing of the signal in the field of mobile communications.
The present invention therefore provides a system which is particularly advantageous in that it merely requires modifications of software components as compared with conventional software components.
In a further development of the invention, the invention also concerns chip cards for mobile telephones, in particular for the aforementioned mobile telephones, whereby the chip card includes a signing device capable of storing the user's secret key. In addition, the signing device of the chip card is advantageously capable of converting a message received from the mobile phone, i.e. a message to be signed, into a signed message. In the context of the present invention, the signing device of a chip card according to the invention is therefore a device which stores the user's key and, in a more advanced design, also operates the signing device. However, the execution of the signing may not be carried out directly on the chip card, but by means of hardware/software and in the mobile phone.
The subclaims provide further advantages of the invention.
The figures and the accompanying illustration explain the invention in more detail.
The figures show: Figure 1 shows the process of the invention,Figure 2 shows the schematic design of a mobile telephone of the invention andFigure 3 shows a schematic representation of a chip card of the invention.
Figure 1 shows the transmitting device 1, which may be a PC with a text editor or a home banking program, a message to be signed 3, a receiving device 5, which is a message server, a mobile phone 7, a signed message 9 and a recipient 11.
A home banking program contained in the transmitter 1 sends a message to be signed 3, for example by e-mail, to the receiver 5. The receiver 5 converts the received message 3 to be signed into a message that can be sent to the mobile phone 7, in particular via a mobile network, in a favourable format by means of SMS. The receiver 5 assigns the message 3 to be signed to the mobile phone 7, for example by means of information stored in the receiver 5. It may also be provided that the assignment is made by means of a radio transmitted by the transmitter 1 in conjunction with the message 3 to be signed. This information is generally the mobile phone number.
In the mobile phone 7 the received message 3 is displayed in a display device 13. The exact procedure is explained in detail in the description in Figure 2. After displaying the message 3 to be signed in the display device 13, the message 3 to be signed is signed at the user's request and the signed message 9 is forwarded to the receiving device 5 or to another recipient. The transmission of the signed message 9 from the mobile phone 7 to the receiving device 5 is also by SMS. The receiving device 5 can compare the signed message 9 with the original message 3 to be signed and then forward it to an addressee 11. The transfer to the address 11 can be made by any means.
Figure 2 shows a mobile telephone 7 The mobile phone 7 includes a display device 13, a transmitting and receiving device 15, a chip card device 17, a keyboard device 19 and a signing device 21.
The message 3 to be signed, transmitted from the receiving device 5, is received by the transmitting and receiving device 15 of the mobile telephone 7 and, if necessary, processed and forwarded to the signing device 21. The signing device 21 provides the internal management of the signature process. The signing device 21 contains software components to control the display device 13 so that the message 3 to be signed can be visualized. The signing message 3 is also signed within the signing device 21. In order to carry out the signing operation, the signing device 21 must communicate with the chip-card device 17. Furthermore, it is necessary that the signing device 21 receives either the secret key or the PIN directly from the keyboard 19 to the signing device.If the user enters the PIN, which is usually shorter than the secret key, via the keyboard device 19, the PIN can be used by an operating system of a chip card 25 to virtually release the unwieldy secret key for the signature process. The signature device 21 can communicate with the chip card 25 via a bidirectional connection line 23. The chip card device 27 ensures that the commands or commands of the signature device 21 are executed and the signed message 9 is passed on from the signature device 21 to the transmitting and receiving device 15. This means that the signature card device 27 is an interface between the chip device 21 and the chip card 25.
Figure 3 shows a chip card 25 of the invention in a very simplified schematic representation. It consists essentially of a contact pad 31 and a memory unit 27 and a cryptography module 29. In memory unit 27 the secret keys necessary for the creation of the signed message 9 are stored. The cryptography module 29 is used to encrypt the message 3 to be signed, for example by means of an RSA procedure. The contact pad 31 allows the memory unit 27 or the cryptography module 29 to be connected to the chip-based device 27 for communication purposes.

Claims (12)

  1. Method for digitally signing, by means of a signing apparatus, a message to be transmitted to a receiving device, characterised in that the message (3) to be signed is transmitted from a transmitting device (1) to a receiving device (5), this message is then transmitted from the receiving device (5) via a telephone network to a signing apparatus associated with the transmitting device (1), this message is then signed in the signing apparatus and transmitted back to the receiving device (5) as a signed message (9).
  2. Method according to claim 1, wherein the signing apparatus is a mobile telephone (7).
  3. Method according to claim 2, wherein the telephone network is a mobile telephone network.
  4. Method according to one of the preceding claims, wherein a public key method is used for signing, especially a public key method in which the signing apparatus has a private key allocated to it and the receiving device (5) has the corresponding public key associated with the private key.
  5. Method according to one of the preceding claims, wherein the messages between the receiving device (5) and the mobile telephone (7) are transmitted by means of the short message service (SMS).
  6. Method according to one of the preceding claims, wherein the message (3) is represented before signing by means of a display device (13) provided in the mobile telephone (7).
  7. Method according to one of the preceding claims, wherein the private key necessary for the signing is input via a keypad device of the mobile telephone (7).
  8. Method according to one of the preceding claims, wherein the private key necessary for the signing is deposited in a chip card of the mobile telephone (7), and this key is enabled by means of a private number (PIN) which can be input via a keypad device of the mobile telephone (7).
  9. Method according to one of the preceding claims, wherein the chip card carries out the production of the signed message (9).
  10. Method according to one of the preceding claims, wherein the mobile telephone (7) carries out the production of the signed message (9) and wherein the private key is read from the chip card (25).
  11. Method according to one of the preceding claims, wherein the mobile telephone (7) serves in addition as a transmitter to transmit the signed message (9) to the receiving device (5).
  12. Chip card for a mobile telephone, wherein the chip card (25) incorporates a signing device (21) which has a memory unit (27) for storing the private key necessary for producing the signed message (9), characterised in that the signing device (21) produces a signed message (9) from a message (3) to be signed which is received by the mobile telephone (7) via the telephone network.
HK00106571.4A 1997-10-28 1998-10-24 Method for digital signing of a message HK1027694B (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
DE19747603.1 1997-10-28
DE19747603A DE19747603C2 (en) 1997-10-28 1997-10-28 Method for digitally signing a message
PCT/EP1998/006769 WO1999022486A1 (en) 1997-10-28 1998-10-24 Method for digital signing of a message

Publications (2)

Publication Number Publication Date
HK1027694A1 HK1027694A1 (en) 2001-01-19
HK1027694B true HK1027694B (en) 2002-08-02

Family

ID=

Similar Documents

Publication Publication Date Title
US7774609B2 (en) Process for digital signing of a message
CN109150499B (en) Method and device for dynamically encrypting data, computer equipment and storage medium
CN100539581C (en) Provide a user device with a set of access codes
US7366916B2 (en) Method and apparatus for an encrypting keyboard
US8099769B2 (en) System and method for trusted communication
US8959582B2 (en) System and method for manipulating and managing computer archive files
CN102202307B (en) Mobile terminal identity authentication system and method based on digital certificate
US20060093149A1 (en) Certified deployment of applications on terminals
US20060173848A1 (en) System and method for manipulating and managing computer archive files
US20030008637A1 (en) System and method for implementing secure mobile-based transactions in a telecommunication system
WO2022078367A1 (en) Payment secret key encryption and decryption method, payment authentication method, and terminal device
CA2355928C (en) Method and system for implementing a digital signature
CN104917807A (en) Resource transfer method, apparatus and system
CN202696901U (en) Mobile terminal identity authentication system based on digital certificate
CN101587458A (en) Operation method and device for intelligent storing card
US7386727B1 (en) Method for digital signing of a message
CN112784237A (en) Authentication processing method, authentication authorization method and related equipment of electronic document
EP1681648B1 (en) Communication device and digital signature generation method
HK1027694B (en) Method for digital signing of a message
JP5135331B2 (en) PC external signature apparatus having wireless communication capability
US20060143199A1 (en) System and method for manipulating and managing computer archive files
JP2003309552A (en) Electronic certificate management system by mobile terminal
CN1997141A (en) A method and system for control of the video captured figure in the instant communication
US20060143237A1 (en) System and method for manipulating and managing computer archive files
US20060155731A1 (en) System and method for manipulating and managing computer archive files