[go: up one dir, main page]

WO2000059244A1 - Method and system for the transmission of information - Google Patents

Method and system for the transmission of information Download PDF

Info

Publication number
WO2000059244A1
WO2000059244A1 PCT/FI2000/000224 FI0000224W WO0059244A1 WO 2000059244 A1 WO2000059244 A1 WO 2000059244A1 FI 0000224 W FI0000224 W FI 0000224W WO 0059244 A1 WO0059244 A1 WO 0059244A1
Authority
WO
WIPO (PCT)
Prior art keywords
mobile station
terminal
information
encryption
encrypted
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/FI2000/000224
Other languages
French (fr)
Inventor
Harri Vatanen
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sonera Smarttrust Oy
Original Assignee
Sonera Smarttrust Oy
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sonera Smarttrust Oy filed Critical Sonera Smarttrust Oy
Priority to AU34370/00A priority Critical patent/AU3437000A/en
Publication of WO2000059244A1 publication Critical patent/WO2000059244A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/02Terminal devices

Definitions

  • the present invention relates to transmission and encryption of information.
  • the information to be transmitted is encrypted using an encryption key stored in a mobile station.
  • the information is encrypted using the mobile station.
  • Encryption can be used to protect data transmitted in telecommunication networks.
  • numerous different data encryption methods are known. These include e.g. symmetric and asymmetric encryption algorithms, such as the DES (Data Encryption Standard) and RSA (Rivest, Shamir, Adleman) algorithms. The operation of these is known to the skilled person.
  • the personal and public keys used in asymmetric encryption are often included in the application which uses them.
  • the message to be transmitted is encrypted using the receiver's public key.
  • the receiver again decrypts the encrypted message using his own personal key, which can only be used by giving a pass- word that is only known to the receiver himself.
  • Encryption keys can also be used in digital signatures, in verification of the integrity of a transmission, in certification of a transmission or in authentication of the user of a terminal device. To make a digital signature, the user electronically
  • the problem is management and storage of the keys.
  • the personal and the public encryption keys are stored in the ter- minal or workstation in which they are used, which means that the encryption tends to become dependent on the terminal.
  • activation and deactivation of the keys, their delivery and other actions pertaining to their management are at present difficult to implement.
  • the keys are often used in conjunction with a given application or service.
  • the object of the present invention is to eliminate the drawbacks referred to above or at least to significantly alleviate them.
  • a specific object of the invention is to disclose a new type of method and system for the encryption of information in such manner that the information to be encrypted is defined outside the mobile station. The information is transferred into the mo- bile station and encrypted by means of the mobile station.
  • the telecommunication system comprises a terminal and a mobile station connected to the terminal.
  • the mobile station comprises a subscriber identity module or a corresponding module.
  • the mobile station may also be replaced with a security module having the required properties to allow it to be connected to the terminal.
  • the terminal used in an embodiment of the invention is a computer, a portable computer, a mobile station or a corresponding digital terminal device.
  • the data to be encrypted is defined by means of the termi- nal.
  • the data to be encrypted is transferred into a mobile station, in which it is encrypted using an encryption key.
  • the encryption key and the decryption key have been stored in the subscriber identity module or in a corresponding module connected to the mobile station.
  • the encrypted data is transferred to the terminal .
  • the method can also be used to decrypt the encrypted data.
  • the encrypted data is transferred from the terminal into the mobile station and decrypted in the mobile station using a decryption key.
  • the encryption key and the decryption key are stored in the subscriber identity module or an equivalent module connected to the mobile station.
  • asymmetric encryption is used, which means that the encryption key is the receiver's public key and the decryption key is the receiver's personal key.
  • the encryption key and the decryp- tion key are the receiver's secret key.
  • asymmetric encryption can be used, and the user's personal secret and public keys can be used for implementing a digital signature, for verification of the integrity of the transmission, authentication of the user of the terminal and/or protection of files.
  • asymmetric encryption it is also possible to use symmetric encryption and the user's secret key.
  • the terminal is connected to the mobile station via a fixed connection, an infrared link and/or a radio link.
  • a radio link may be based e.g. on Bluetooth technology or it may be a corresponding wireless local network connection. A more detailed description of Bluetooth technology will be found e.g. on WWW page www.bluetooth.com .
  • the method of the invention may also comprise a telecommunication server.
  • a telecommunication server can be used to transmit and receive information and to encrypt and decrypt information.
  • the terminal is connected to the telecommunication server via a TCP/IP connection, a mobile connection and/or a corresponding communication link.
  • the module connected to the mobile station is a security module comprising means for encrypting electronic data transfer of the security module, decrypting encrypted data and implementing a digital signature and means for connecting the security module to a mobile station or terminal to allow electronic data transfer.
  • the invention makes it possible to implement encryption in a manner independent of the terminal as the encryption keys are placed on the subscriber identity module of the mobile station.
  • Other advantages achieved are e.g. the possibility of updating the encryption keys and, if necessary, defining access rights regarding the encryption keys via an over-the- air (OTA) interface.
  • OTA over-the- air
  • Fig. 1 presents a system according to the invention
  • Fig. 2 presents a block diagram representing the operation of an embodiment of the invention. DETAILED DESCRIPTION OF THE INVENTION
  • a system as presented in Fig. 1 comprises a terminal 1 and a mobile station 2 comprising a subscriber identity module (SIM) or an equivalent module connected to the mobile station 2.
  • SIM subscriber identity module
  • the terminal 1 is connected to the mobile station 2.
  • the terminal 1 comprises means 5 for its connection to the mobile station 2.
  • the terminal 1 also comprises means (CPU) for data processing, and means (APP1) for transferring data to the mobile station 2.
  • the subscriber identity module (SIM) or corresponding module connected to the mobile station 2 comprises means (RAM) for storing an encryption key and a decryption key and means (RSA1) for the encryption of data and/or decryption of encrypted data. Encryption and decryption are implemented using the encryption key and/or decryption key stored in the subscriber identity module (SIM) .
  • the user defines via his terminal 1 the data to be encrypted and transfers the data to the mobile station 2.
  • the data is transferred to the mobile station 2 using data transfer software (APP1) comprised in the terminal 1.
  • APP1 data transfer software
  • the user encrypts the data using his mobile station 2.
  • the encryption of the data may be implemented using either asymmetric encryption, preferably the RSA algorithm or a corresponding algorithm, in which the encryption key is the receiver's public key and the decryption key is the receiver's personal key.
  • symmetric encryption preferably the DES algorithm or a corresponding algorithm in which the encryption key and the decryption key are the receiver's secret key.
  • the applications (RSA1) needed for encryption are located in the subscriber identity module (SIM) of the mobile station 2 or in a corresponding module connected to the mobile station 2. After the data has been encrypted, it is transferred to the terminal 1, from where it can be sent e.g. by electronic mail to the receiver.
  • the encrypted data may also be sent by means of the mobile station 2. This may be done using e.g. the short message service (SMS) or a corresponding service of the mobile communication system.
  • SMS short message service
  • the mobile station 2 may also be used to decrypt encrypted information.
  • the user transfers the encrypted data into the mobile station 2 using data transfer software (APP1) and decrypts the data using the mobile station 2.
  • APP1 data transfer software
  • the decryption is implemented using either a symmetric or an asymmetric decryption algorithm, depending on which method has been used for the encryption.
  • a telecommunication server 3 is included in the method and system of the invention as shown in Fig. 1. In the telecommunication server 3, data can be processed, transmitted, received and encrypted as well as decrypted.
  • the means (RSA2) needed for encryption and decryption and the software (APP2) enabling data transfer between the terminal 1 and the telecommunication server 3 are located in the telecommunication server 3.
  • the telecommunication server 3 also comprises means 7 for con- necting it to the terminal 1.
  • the terminal 1 comprises means 6 for connecting it to the telecommunication server 3.
  • symmetric or asymmetric encryption is used in the telecommunication server 3 as described above.
  • the decryption of information in the telecommunication server 3 is also implemented using a symmetric or asymmetric decryption algorithm.
  • a wireless local network is used between the terminal 1 and the mobile station 2.
  • a system of this type is the Bluetooth system, in which a short-range 2.4 GHz radio link is utilized.
  • the system detects the mobile station 2, carried by the user in his pocket or on his belt, and establishes a connection between the terminal 1 and the mobile station 2.
  • the user transfers the data from the terminal 1 to the mobile station 2.
  • the data transfer is accomplished using data transfer software (APP1) of the terminal. After this, the user encrypts the data or decrypts the encrypted data as described above.
  • APP1 data transfer software
  • the receiver is e.g. a telecommunication server 3 in a bank or store, provided with software constituting the payment transfer system of the bank or store.
  • the connection used between the terminal 1 and the telecommunication server 3 may be e.g. a TCP/IP connection, a modem con- nection, a mobile connection or a corresponding communication link.
  • the telecommunication server 3 comprises means (RSA2) for the encryption of information.
  • the encryption of information is implemented either as symmetric or as asymmetric encryption as described above.
  • the telecommunication server 3 transfers the encrypted information to the terminal 1.
  • the data transfer software (APP2) of the telecommunication server 3 and/or the data transfer software (APP1) of the terminal is used.
  • the user transfers the encrypted data to the mobile station 2 and decrypts it.
  • the decryption either a symmetric or an asymmetric decryption algorithm is used, depending on which method has been used for the encryption of the information.
  • the encrypted informa- tion may also be sent directly from the telecommunication server 3 to the mobile station 2. This is accomplished using e.g. a short message or equivalent. After the encrypted message has been transferred from the telecommunication server 3 to the mobile station 2, the user decrypts the information as above.
  • the information can also be signed digitally, and the integrity of the transmission and the sender of the data transferred can be verified.
  • the user can also be authenti- cated, or the user's files can be protected in different ways as described above.
  • the user can also receive encrypted information and decrypt it as described above .
  • a data transfer cable is used between the terminal 1 and the mobile station 2.
  • the terminal 1 is connected to the mobile station 2 e.g. via an RS232 data transfer link.
  • the terminal 1 in which provided with a suitable interface 5 for the connection of an RS232 cable and data transfer software (APP1) for the use of the RS232 protocol.
  • APP1 data transfer software
  • the mobile station 2 is provided with an adapter to adapt the voltage levels to the levels used by the mobile station 2.
  • an infrared link is used between the terminal 1 and the mobile station 2.
  • the terminal 1 is provided with a suitable interface 5 for the setup of an infrared connection and data transfer software (APP1) for the use of the data transfer protocol.
  • APP1 data transfer software
  • the encryption keys and the decryption keys can be updated on the subscriber identity module (SIM) of the mobile station 2, and the associated access rights can be changed via an over-the-air interface, preferably via a mobile communication network.
  • SIM subscriber identity module
  • the terminal 1 is a computer, a portable computer, a mobile station or a corresponding digital terminal device.
  • the encryption key and the decryption key are stored on a module 4 corresponding to a subscriber identity module (SIM) , connected to the mobile station 2.
  • SIM subscriber identity module
  • a mod- ule could be e.g. a security module as described in patent application FI981902.
  • the security module 4 comprises means (RSA3) for the encryption of electronic data transfer, for the decryption of encrypted information and for implementing an electronic signa- ture, as well as means (8) for connecting the security module 4 to a mobile station 2 for electronic data transfer.
  • a connection is established between the terminal 1 and the mobile station 2.
  • a connection is established from the terminal 1 to the telecommunication server 3 of a bank.
  • the user fetches bill data from the telecommunication server 3 into his terminal 1 by using data communications software (APP1) .
  • APP1 data communications software
  • the user defines the amount to be paid and other information as required, using his terminal 1.
  • the bill is transferred from the terminal 1 to the mobile station 2.
  • the bill is encrypted using the public key of the bank.
  • the user sends the encrypted bill by means of his mobile station 2 to the telecommunication server of the bank.
  • the link between the telecommunication server 3 and the terminal 1 is disconnected.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

A method and a system for the encryption of information in a data transfer system comprising a terminal (1), a mobile station (2) connected to the terminal (1), said mobile station (2) comprising a subscriber identity module (SIM) or an equivalent module connected to the mobile station (2). In the method of the invention, the information to be encrypted is defined by means of the terminal (1), the information to be encrypted is transferred from the terminal (1) into the mobile station (2) and the information is encrypted and/or decrypted in the mobile station (2) using an encryption key. The encryption key and/or decryption key are/is stored in the mobile station (2), on the subscriber identity module (SIM) or a corresponding module (4) connected to the mobile station (2). In a preferred embodiment, a telecommunication server (3) for receiving, sending and encrypting information and decrypting encrypted information is connected to the method and system.

Description

METHOD AND SYSTEM FOR THE TRANSMISSION OF INFORMATION
FIELD OF THE INVENTION
The present invention relates to transmission and encryption of information. In the method and sys- tern of the invention, the information to be transmitted is encrypted using an encryption key stored in a mobile station. The information is encrypted using the mobile station.
BACKGROUND OF THE INVENTION
Encryption can be used to protect data transmitted in telecommunication networks. In prior art, numerous different data encryption methods are known. These include e.g. symmetric and asymmetric encryption algorithms, such as the DES (Data Encryption Standard) and RSA (Rivest, Shamir, Adleman) algorithms. The operation of these is known to the skilled person.
The personal and public keys used in asymmetric encryption are often included in the application which uses them. Thus, for instance, before electronic mail is sent, the message to be transmitted is encrypted using the receiver's public key. The receiver again decrypts the encrypted message using his own personal key, which can only be used by giving a pass- word that is only known to the receiver himself.
Encryption keys can also be used in digital signatures, in verification of the integrity of a transmission, in certification of a transmission or in authentication of the user of a terminal device. To make a digital signature, the user electronically
'signs' a text to be sent, using his personal signing key. To ensure that the information transmitted will not change during the transfer or that nobody else will be able to send the information in the user's name, the user can certify the transmission using his personal key. STATE OF THE ART
In the methods known at present, the problem is management and storage of the keys. The personal and the public encryption keys are stored in the ter- minal or workstation in which they are used, which means that the encryption tends to become dependent on the terminal. In addition, activation and deactivation of the keys, their delivery and other actions pertaining to their management are at present difficult to implement. Besides, the keys are often used in conjunction with a given application or service.
The object of the present invention is to eliminate the drawbacks referred to above or at least to significantly alleviate them. A specific object of the invention is to disclose a new type of method and system for the encryption of information in such manner that the information to be encrypted is defined outside the mobile station. The information is transferred into the mo- bile station and encrypted by means of the mobile station.
As for the features characteristic of the present invention, reference is made to the claims.
BRIEF DESCRIPTION OF THE INVENTION
In the method of the invention for the encryption of information in a telecommunication system, the telecommunication system comprises a terminal and a mobile station connected to the terminal. The mobile station comprises a subscriber identity module or a corresponding module. In some embodiments, the mobile station may also be replaced with a security module having the required properties to allow it to be connected to the terminal. Furthermore, the terminal used in an embodiment of the invention is a computer, a portable computer, a mobile station or a corresponding digital terminal device.
In a first step comprised in the method, the data to be encrypted is defined by means of the termi- nal. Next, the data to be encrypted is transferred into a mobile station, in which it is encrypted using an encryption key. The encryption key and the decryption key have been stored in the subscriber identity module or in a corresponding module connected to the mobile station. Finally, the encrypted data is transferred to the terminal .
The method can also be used to decrypt the encrypted data. The encrypted data is transferred from the terminal into the mobile station and decrypted in the mobile station using a decryption key. The encryption key and the decryption key are stored in the subscriber identity module or an equivalent module connected to the mobile station.
In a preferred embodiment of the invention, asymmetric encryption is used, which means that the encryption key is the receiver's public key and the decryption key is the receiver's personal key. Alternatively, it is also possible to use symmetric encryption, in which case the encryption key and the decryp- tion key are the receiver's secret key.
In another embodiment of the invention, asymmetric encryption can be used, and the user's personal secret and public keys can be used for implementing a digital signature, for verification of the integrity of the transmission, authentication of the user of the terminal and/or protection of files. Instead of asymmetric encryption, it is also possible to use symmetric encryption and the user's secret key.
Further, in an embodiment of the invention, the terminal is connected to the mobile station via a fixed connection, an infrared link and/or a radio link. A radio link may be based e.g. on Bluetooth technology or it may be a corresponding wireless local network connection. A more detailed description of Bluetooth technology will be found e.g. on WWW page www.bluetooth.com . The method of the invention may also comprise a telecommunication server. A telecommunication server can be used to transmit and receive information and to encrypt and decrypt information. The terminal is connected to the telecommunication server via a TCP/IP connection, a mobile connection and/or a corresponding communication link.
In another embodiment of the invention, the module connected to the mobile station is a security module comprising means for encrypting electronic data transfer of the security module, decrypting encrypted data and implementing a digital signature and means for connecting the security module to a mobile station or terminal to allow electronic data transfer.
The invention makes it possible to implement encryption in a manner independent of the terminal as the encryption keys are placed on the subscriber identity module of the mobile station. Other advantages achieved are e.g. the possibility of updating the encryption keys and, if necessary, defining access rights regarding the encryption keys via an over-the- air (OTA) interface.
BRIEF DESCRIPTION OF THE DRAWINGS
In the following, the invention will be de- scribed in detail by the aid of a few examples of its embodiments, wherein
Fig. 1 presents a system according to the invention, and
Fig. 2 presents a block diagram representing the operation of an embodiment of the invention. DETAILED DESCRIPTION OF THE INVENTION
A system as presented in Fig. 1 comprises a terminal 1 and a mobile station 2 comprising a subscriber identity module (SIM) or an equivalent module connected to the mobile station 2. The terminal 1 is connected to the mobile station 2.
The terminal 1 comprises means 5 for its connection to the mobile station 2. The terminal 1 also comprises means (CPU) for data processing, and means (APP1) for transferring data to the mobile station 2. The subscriber identity module (SIM) or corresponding module connected to the mobile station 2 comprises means (RAM) for storing an encryption key and a decryption key and means (RSA1) for the encryption of data and/or decryption of encrypted data. Encryption and decryption are implemented using the encryption key and/or decryption key stored in the subscriber identity module (SIM) .
In an embodiment as illustrated in Fig. 1, the user defines via his terminal 1 the data to be encrypted and transfers the data to the mobile station 2. The data is transferred to the mobile station 2 using data transfer software (APP1) comprised in the terminal 1. Next, the user encrypts the data using his mobile station 2. The encryption of the data may be implemented using either asymmetric encryption, preferably the RSA algorithm or a corresponding algorithm, in which the encryption key is the receiver's public key and the decryption key is the receiver's personal key. Alternatively, it is also possible to use symmetric encryption, preferably the DES algorithm or a corresponding algorithm in which the encryption key and the decryption key are the receiver's secret key. The applications (RSA1) needed for encryption are located in the subscriber identity module (SIM) of the mobile station 2 or in a corresponding module connected to the mobile station 2. After the data has been encrypted, it is transferred to the terminal 1, from where it can be sent e.g. by electronic mail to the receiver. The encrypted data may also be sent by means of the mobile station 2. This may be done using e.g. the short message service (SMS) or a corresponding service of the mobile communication system.
The mobile station 2 may also be used to decrypt encrypted information. In this case, the user transfers the encrypted data into the mobile station 2 using data transfer software (APP1) and decrypts the data using the mobile station 2. The decryption is implemented using either a symmetric or an asymmetric decryption algorithm, depending on which method has been used for the encryption.
Using the method of the invention, it is also possible to implement digital signature of data to be transferred, verify the integrity of a transmission, verify the sender of data transmitted, authenticate the user of the terminal 1 and/or protect files. These functions are implemented using either asymmetric encryption, in which case the encryption key is the receiver's public key, or symmetric encryption, in which case the sender's secret key is used. In a preferred embodiment, a telecommunication server 3 is included in the method and system of the invention as shown in Fig. 1. In the telecommunication server 3, data can be processed, transmitted, received and encrypted as well as decrypted. The means (RSA2) needed for encryption and decryption and the software (APP2) enabling data transfer between the terminal 1 and the telecommunication server 3 are located in the telecommunication server 3. The telecommunication server 3 also comprises means 7 for con- necting it to the terminal 1. The terminal 1 comprises means 6 for connecting it to the telecommunication server 3. For the encryption of information, symmetric or asymmetric encryption is used in the telecommunication server 3 as described above. The decryption of information in the telecommunication server 3 is also implemented using a symmetric or asymmetric decryption algorithm. By means of the telecommunication server 3, it is also possible to digitally sign information, verify the integrity of a transmission, verify the sender of information transferred, authenticate the user of the terminal 1 and/or protect files. These functions are accomplished using symmetric or asymmetric encryption as described above.
In a preferred embodiment, a wireless local network is used between the terminal 1 and the mobile station 2. A system of this type is the Bluetooth system, in which a short-range 2.4 GHz radio link is utilized.
When the user approaches the terminal 1, the system detects the mobile station 2, carried by the user in his pocket or on his belt, and establishes a connection between the terminal 1 and the mobile station 2. Next, the user transfers the data from the terminal 1 to the mobile station 2. The data transfer is accomplished using data transfer software (APP1) of the terminal. After this, the user encrypts the data or decrypts the encrypted data as described above.
Having encrypted the data, the user can send it to the receiver. The data to be transferred may consist of e.g. payment or order data. The receiver is e.g. a telecommunication server 3 in a bank or store, provided with software constituting the payment transfer system of the bank or store. The connection used between the terminal 1 and the telecommunication server 3 may be e.g. a TCP/IP connection, a modem con- nection, a mobile connection or a corresponding communication link. The telecommunication server 3 comprises means (RSA2) for the encryption of information. The encryption of information is implemented either as symmetric or as asymmetric encryption as described above. The telecommunication server 3 transfers the encrypted information to the terminal 1. For the data transfer, the data transfer software (APP2) of the telecommunication server 3 and/or the data transfer software (APP1) of the terminal is used. After this, the user transfers the encrypted data to the mobile station 2 and decrypts it. For the decryption, either a symmetric or an asymmetric decryption algorithm is used, depending on which method has been used for the encryption of the information. The encrypted informa- tion may also be sent directly from the telecommunication server 3 to the mobile station 2. This is accomplished using e.g. a short message or equivalent. After the encrypted message has been transferred from the telecommunication server 3 to the mobile station 2, the user decrypts the information as above.
In addition to being encrypted, the information can also be signed digitally, and the integrity of the transmission and the sender of the data transferred can be verified. The user can also be authenti- cated, or the user's files can be protected in different ways as described above. The user can also receive encrypted information and decrypt it as described above .
In another preferred embodiment, a data transfer cable is used between the terminal 1 and the mobile station 2. In this case, the terminal 1 is connected to the mobile station 2 e.g. via an RS232 data transfer link. The terminal 1 in which provided with a suitable interface 5 for the connection of an RS232 cable and data transfer software (APP1) for the use of the RS232 protocol. If necessary, the mobile station 2 is provided with an adapter to adapt the voltage levels to the levels used by the mobile station 2.
In another preferred embodiment, an infrared link is used between the terminal 1 and the mobile station 2. In this case, the terminal 1 is provided with a suitable interface 5 for the setup of an infrared connection and data transfer software (APP1) for the use of the data transfer protocol. If the mobile station 2 has not been equipped for an infrared con- nection, then the required equipment for such a connection is connected to it.
In an embodiment of the invention, the encryption keys and the decryption keys can be updated on the subscriber identity module (SIM) of the mobile station 2, and the associated access rights can be changed via an over-the-air interface, preferably via a mobile communication network.
In an embodiment of the invention, the terminal 1 is a computer, a portable computer, a mobile station or a corresponding digital terminal device.
In an embodiment of the invention, the encryption key and the decryption key are stored on a module 4 corresponding to a subscriber identity module (SIM) , connected to the mobile station 2. Such a mod- ule could be e.g. a security module as described in patent application FI981902. The security module 4 comprises means (RSA3) for the encryption of electronic data transfer, for the decryption of encrypted information and for implementing an electronic signa- ture, as well as means (8) for connecting the security module 4 to a mobile station 2 for electronic data transfer.
In Fig. 2, in step 21, a connection is established between the terminal 1 and the mobile station 2. In step 22, a connection is established from the terminal 1 to the telecommunication server 3 of a bank. In step 23, the user fetches bill data from the telecommunication server 3 into his terminal 1 by using data communications software (APP1) . In step 24, the user defines the amount to be paid and other information as required, using his terminal 1. In step 25, the bill is transferred from the terminal 1 to the mobile station 2. In step 26, the bill is encrypted using the public key of the bank. In step 27, the user sends the encrypted bill by means of his mobile station 2 to the telecommunication server of the bank. In step 28, the link between the telecommunication server 3 and the terminal 1 is disconnected.
The invention is not restricted to the examples of its embodiments described above; instead, many variations are possible within the scope of the inven- tive idea defined in the claims.

Claims

1. Method for the encryption of information in a data transfer system comprising a terminal (1) , a mobile station (2) connected to the terminal (1) , said mobile station (2) comprising a subscriber identity module (SIM) or an equivalent module connected to the mobile station (2), which method comprises the steps of: defining the information to be encrypted in the terminal (1) ; and transferring the information to be encrypted from the terminal (1) into the mobile station (2) charact eri zed in that the information received from the terminal (1) is directed into a specific part in the subscriber identity module (SIM) ; the keys needed for the encryption and/or signature of the information are retrieved from a predetermined part of the subscriber identity module (SIM) ; and the information is encrypted in the mobile station (2) .
2. Method for the processing of encrypted information in a data transfer system comprising a ter- minal (1) , a mobile station connected to the terminal
(1), said mobile station (2) comprising a subscriber identity module (SIM) or an equivalent module connected to the mobile station (2), which method comprises the steps of: receiving the encrypted information by means of the mobile station (2) ; or receiving the encrypted information by means of the terminal (1) ; and transferring the encrypted information into the mobile station (2) charac t e r i z ed in that the information received from the terminal (1) is directed into a specific part in the subscriber identity module (SIM) ; the keys needed for the decryption of the en- crypted information are retrieved from a predetermined part of the subscriber identity module (SIM) ; and the information is decrypted using the mobile station (2) .
3. Method as defined in claim 1 or 2, c h a r a c t e r i z e d in that the encryption of the information is implemented using asymmetric encryption.
4. Method as defined in claim 1 or 2, c h a r a c t e r i z e d in that the encryption of the information is implemented using symmetric encryption.
5. Method as defined in claim 1 or 2, c h a r a c t e r i z e d in that asymmetric encryption and the user's personal key are used for the definition and processing of a digital signature, verifica- tion of integrity of the transmission, certification of the transmission, authentication of the user of the terminal (1) and/or for the protection of files.
6. Method as defined in claim 1 or 2, c h a r a c t e r i z e d in that symmetric encryption and the user's secret key are used for implementing a digital signature, verifying the integrity of the transmission, certifying the transmission, authenticating the user of the terminal (1) and/or for the protection of files.
7. Method as defined in any one of the preceding claims 1 - 6, c h a r a c t e r i z e d in that the terminal (1) is connected to the mobile station (2) via a fixed data transfer link, an infrared link, a radio link and/or a corresponding data transfer link.
8. Method as defined in any one of the preceding claims 1 - 7, c h a r a c t e r i z e d in that a telecommunication server (3) is connected to the data transfer system, to be used for the processing, transmission, reception, encryption and decryption of the information.
9. Method as defined in any one of the preceding claims 1 - 8, c h a r a c t e r i z e d in that the terminal (1) is connected to the telecommunication server (3) via a TCP/IP connection, a modem connection, a mobile connection and/or a corresponding com- munication link.
10. Method as defined in any one of the preceding claims 1 - 9, c h a r a c t e r i z e d in that the terminal (1) is a computer, a portable computer, a mobile station and/or a corresponding digital terminal device.
11. Method as defined in any one of the preceding claims 1 - 10, c h a r a c t e r i z e d in that the subscriber identity module (SIM) connected to the mobile station (2) is a security module (4) .
12. System for the encryption of information in a data transfer system comprising a terminal (1) and a mobile station (2), said mobile station comprising a subscriber identity module (SIM) or an equivalent module connected to the mobile station (2) , said terminal (1) comprising means (CPU) for data processing; and means (APP1) for transferring the information to be encrypted to the mobile station (2), to the subscriber identity module (SIM) or an equivalent module connected to the mobile station (2), charac t eri zed in that the subscriber identity module (SIM) or equivalent module connected to the mobile station (2) comprises: means (RAM) for storing an encryption key and a decryption key; and means (RSA1) for encrypting electronic data transfer, decrypting encrypted information and for imple- menting an electronic signature using the encryption key and/or decryption key.
13. System as defined in claim 12, c ha r a c t e r i z e d in that the terminal (1) comprises: means (5) for connecting the mobile station (2) to the terminal (1) via a fixed link, an infrared link and/or a radio link; and means (6) for connecting the terminal (1) to a telecommunication server (3) .
14. System as defined in claim 12 or 13, characteri zed in that the telecommunication server (3) comprises: means (APP2) for sending and receiving information; means (RSA2) for encrypting information, decrypting encrypted information and implementing an electronic signature; and means (7) for connecting the telecommunication server (3) to the terminal (1) via a TCP/IP connec- tion, a mobile connection and/or a corresponding communication link.
15. System as defined in any one of the preceding claims 12 - 14, characteri zed in that the security module (4) comprises means (RSA3) for encrypting electronic data transfer of the security module, decrypting encrypted information and implementing an electronic signature; and means (8) for connecting the security module to the mobile station (2) for electronic data transfer.
PCT/FI2000/000224 1999-03-18 2000-03-17 Method and system for the transmission of information Ceased WO2000059244A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU34370/00A AU3437000A (en) 1999-03-18 2000-03-17 Method and system for the transmission of information

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
FI990616A FI990616A0 (en) 1999-03-18 1999-03-18 Data transmission method and systems
FI990616 1999-03-18

Publications (1)

Publication Number Publication Date
WO2000059244A1 true WO2000059244A1 (en) 2000-10-05

Family

ID=8554238

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/FI2000/000224 Ceased WO2000059244A1 (en) 1999-03-18 2000-03-17 Method and system for the transmission of information

Country Status (3)

Country Link
AU (1) AU3437000A (en)
FI (1) FI990616A0 (en)
WO (1) WO2000059244A1 (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001049054A1 (en) * 1999-12-28 2001-07-05 Smarttrust Systems Oy Digital signature
WO2001078432A1 (en) * 2000-03-24 2001-10-18 Smarttrust Systems Oy Handling of a message
WO2003049471A1 (en) * 2001-12-04 2003-06-12 Giesecke & Devrient Gmbh Storing and accessing data in a mobile device and a user module
WO2003088054A1 (en) 2002-04-12 2003-10-23 Vodafone Group Plc Method and system for distribution of encrypted data in a mobile network
WO2007112575A1 (en) * 2006-04-04 2007-10-11 Research In Motion Limited Method and apparatus for updating encryption keys on a mobile communication device
US7620822B2 (en) 2004-01-09 2009-11-17 Sony Corporation Information processing system for controlling integrated circuit cards at a command level
DE10262183B4 (en) * 2002-04-03 2011-06-09 Sagem Orga Gmbh Mobile telecommunication device and smart card system
EP2600270A1 (en) 2011-12-02 2013-06-05 Deutsche Telekom AG Identification element-based authentication and identification with decentralised service use

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2313989A (en) * 1996-06-06 1997-12-10 Nokia Mobile Phones Ltd Encrypted packets have frame synchronisation.
EP0851628A1 (en) * 1996-12-23 1998-07-01 ICO Services Ltd. Key distribution for mobile network
WO1998028877A1 (en) * 1996-12-20 1998-07-02 Nokia Mobile Phones Limited Method for identification of a data transmission device
WO1998037661A1 (en) * 1997-02-19 1998-08-27 U.S. Robotics Mobile Communications Corp. Apparatus and method for authentification and encryption of a remote terminal over a wireless link

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2313989A (en) * 1996-06-06 1997-12-10 Nokia Mobile Phones Ltd Encrypted packets have frame synchronisation.
WO1998028877A1 (en) * 1996-12-20 1998-07-02 Nokia Mobile Phones Limited Method for identification of a data transmission device
EP0851628A1 (en) * 1996-12-23 1998-07-01 ICO Services Ltd. Key distribution for mobile network
WO1998037661A1 (en) * 1997-02-19 1998-08-27 U.S. Robotics Mobile Communications Corp. Apparatus and method for authentification and encryption of a remote terminal over a wireless link

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001049054A1 (en) * 1999-12-28 2001-07-05 Smarttrust Systems Oy Digital signature
WO2001078432A1 (en) * 2000-03-24 2001-10-18 Smarttrust Systems Oy Handling of a message
WO2003049471A1 (en) * 2001-12-04 2003-06-12 Giesecke & Devrient Gmbh Storing and accessing data in a mobile device and a user module
RU2326509C2 (en) * 2001-12-04 2008-06-10 ГИЗЕКЕ ЭНД ДЕВРИЕНТ ГмбХ Method of storage of and access to data in mobile device, and user module
US7962762B2 (en) 2001-12-04 2011-06-14 Giesecke & Devrient Gmbh Storing and accessing data in a mobile device and a user module
DE10262183B4 (en) * 2002-04-03 2011-06-09 Sagem Orga Gmbh Mobile telecommunication device and smart card system
WO2003088054A1 (en) 2002-04-12 2003-10-23 Vodafone Group Plc Method and system for distribution of encrypted data in a mobile network
US7620822B2 (en) 2004-01-09 2009-11-17 Sony Corporation Information processing system for controlling integrated circuit cards at a command level
WO2007112575A1 (en) * 2006-04-04 2007-10-11 Research In Motion Limited Method and apparatus for updating encryption keys on a mobile communication device
EP2600270A1 (en) 2011-12-02 2013-06-05 Deutsche Telekom AG Identification element-based authentication and identification with decentralised service use

Also Published As

Publication number Publication date
FI990616A0 (en) 1999-03-18
AU3437000A (en) 2000-10-16

Similar Documents

Publication Publication Date Title
EP1025675B1 (en) Security of data connections
EP0689316A2 (en) Method and apparatus for user identification and verification of data packets in a wireless communications network
CN1926802B (en) secure data transmission
AU777383B2 (en) Authentication enforcement using decryption and authentication in a single transaction in a secure microprocessor
US8499156B2 (en) Method for implementing encryption and transmission of information and system thereof
EP1095492B1 (en) Secure session connection set up based on the Wireless Application Protocol
CA2303048C (en) Security method for transmissions in telecommunication networks
US7076657B2 (en) Use of short message service (SMS) for secure transactions
EP1048181B1 (en) Procedure and system for the processing of messages in a telecommunication system
CN1977559B (en) Method and system for protecting information exchanged during communication between users
KR20030019356A (en) Secure dynamic link allocation system for mobile data communication
WO2002033879A2 (en) Security system
WO2007117914A2 (en) Bio-metric encryption key generator
EP1142194B1 (en) Method and system for implementing a digital signature
KR20060104061A (en) Content Delivery Protection Device
CN110691359A (en) Safety protection method for power marketing professional Bluetooth communication
EP1376924B1 (en) End-to-end encryption key management in a mobile communications system
JP2011118789A (en) Communication device and processing system
WO2000059244A1 (en) Method and system for the transmission of information
US7571257B2 (en) Communications network with smart card
EP1437024B1 (en) Method and arrangement in a communications network
JPH09130376A (en) User password authentication method
KR20030008453A (en) Method of inter-authentication and security service using user-password in SMS for CDMA network
EP1320958B1 (en) Method for transmitting, storing and accessing a secret
CN111222150A (en) Data transmission cloud encryption mode based on identity authentication

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase