[go: up one dir, main page]

WO2003015343A1 - Method of secure data transmission through short message service (sms) - Google Patents

Method of secure data transmission through short message service (sms) Download PDF

Info

Publication number
WO2003015343A1
WO2003015343A1 PCT/IT2002/000508 IT0200508W WO03015343A1 WO 2003015343 A1 WO2003015343 A1 WO 2003015343A1 IT 0200508 W IT0200508 W IT 0200508W WO 03015343 A1 WO03015343 A1 WO 03015343A1
Authority
WO
WIPO (PCT)
Prior art keywords
message
function
secure
sms message
sms
Prior art date
Application number
PCT/IT2002/000508
Other languages
French (fr)
Inventor
Enrico Bertelletti
Andrea Vitaletti
Leonardo Ambrosini
Fabrizio Peroni
Original Assignee
Nexse S.R.L.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nexse S.R.L. filed Critical Nexse S.R.L.
Publication of WO2003015343A1 publication Critical patent/WO2003015343A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/12Messaging; Mailboxes; Announcements
    • H04W4/14Short messaging services, e.g. short message services [SMS] or unstructured supplementary service data [USSD]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • H04W12/033Protecting confidentiality, e.g. by encryption of the user plane, e.g. user's traffic
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/126Applying verification of the received information the source of the received data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/10Integrity

Definitions

  • This invention relates to a method for secure transmission of data by means of messages in the frame of the Short Message Service (SMS) of the radio mobile telephony system, preferably cellular telephony, 0 that allows to guarantee in simple, reliable and unexpensive manner the four security levels in SMS communications between a sender and an addressee (namely, authenticity, integrity, non-reject and confidentiality), thereby making the performance of commercial activities, such as payments and reservations, by use of said SMS service, technically 5 secure.
  • SMS Short Message Service
  • the invention also relates to the methods for generation and recognition of secure SMS messages, to the instruments needed for performing the methods as well as to the apparatus performing the methods.
  • a different form of electronic commerce occurs by means of the radio mobile telephony or so-called “via wireless”, preferably cellular telephony, also known as mobile commerce or m-commerce. 5
  • via wireless preferably cellular telephony
  • m-commerce mobile commerce
  • SMS Short Term Evolution
  • WAP Wireless Application Protocol
  • SMS technology already adopted by all telephonic companies having a high standardisation level and largely adopted by mobile users, in view of its simplicity of use and of its reduced costs.
  • SMS technology has some drawbacks mainly connected to the fact that the communication mechanism is intrinsically unsecure.
  • SMS Short Message Service
  • Another object of this invention is to minimise the number of SMS messages to be exchanged between two parties in order to finalise an economic transaction.
  • a further object of this invention is to furnish the instruments needed for performing the methods as well as to the apparatus performing the methods.
  • a method for generating secure messages of a Short Message Service or secure SMS messages in mobile telephony, preferably cellular telephony, comprising the step of furnishing a SMS message having m bits, the method being characterised in that it further comprises the following steps: - generating an authentication code having f bits, by means of an authentication protocol that utilises an authentication function generating a print string depending on at least said m-bit SMS message and on at least a low level authentication function, said authentication protocol performing a translation function that translates said print string into a second string of alphanumeric characters; and building-up a secure (m+f)-b ⁇ t message by juxtaposition of said f-bit authentication code to said m-bit SMS message.
  • said translation function can translate said print string by subdividing it into groups of k bits and by translating each group into an alphanumeric character.
  • said alphanumeric characters can belong to the standard SMS alphabet.
  • said authentication function as utilised by said authentication protocol can also depend on at least one key.
  • said authentication code has a number f of bits that is constant for each secure SMS message to be generated.
  • said authentication code can have a variable number f of bits.
  • said authentication function can comprise: at least one symmetric key cryptographic function; and/or at least one asymmetric key cryptographic function; and/or at least one Message Authentication Code (MAC) function; and/or at least one Hash function; and/or at least one signature function depending on a secret key as well as on one or more parameters.
  • MAC Message Authentication Code
  • the method can also comprise the following final step: - building-up a ciphered message having A? bits starting from said secure message by means of a ciphering function.
  • said ciphering function can depend on at least one key.
  • said ciphering function can performs a translation function that translates said ciphered message into a further string of alphanumeric characters.
  • said translation function can translate said ciphered message by subdividing it into groups of k bits and by translating each group into an alphanumeric character.
  • said alphanumeric characters belong to the standard SMS alphabet.
  • a method for recognition of secure SMS messages generated by the above described method for generation characterised in that it comprises the following steps: obtaining a first control string by means of a first control function depending on at least a first portion of a secure SMS message, obtaining a second control string by means of a second control function depending on at least a second portion of said secure SMS message, and checking the correspondence between said first control string and said second control string.
  • SMS message includes at least a first portion of said second string of alphanumeric characters and said first control function translates said at least a first portion of said second string of alphanumeric characters by means of a translation function inverse of the translation function performed by the authentication protocol of the above described method for generation.
  • said second portion of the secure SMS message includes at least a second portion of said second string of alphanumeric characters and said second control function translates said at least a second portion of said second string of alphanumeric characters by means of a translation function inverse of the translation function performed by the authentication protocol of the above described method for generation.
  • said secure SMS message can be a n-bit ciphered message, generated by the above described method for generation and the method for recognition can further comprise the following initial step: obtaining a m+ ⁇ -bit message starting from the ⁇ -bit ciphered message by means of a deciphering function inverse of the ciphering function by which the ciphered message was built-up.
  • said deciphering function can depend on at least one key.
  • said secure SMS message can be generated by the previously described method for generation which builds-up the ciphered message starting from said secure message by means of a ciphering function which performs a translation function and the method for recognition can further comprise the following step preliminary to the initial step: - translating said secure SMS message by means of a translation function inverse of the translation function performed by the above described method for generation.
  • a further specific subject matter of this invention is a method for acquiring/reserving products/services of a supplier by a user, comprising the following steps: requesting at least a product/service to be acquired/reserved by a user from a supplier by means of a SMS message by means of a radio telephone system, checking by the supplier the availability of the product/service requested by the user, perfecting by said supplier the transaction connected with the request from the user, characterised in that said request SMS messages are secure SMS messages generated by means of the above illustrated method for generation and in that said checking step includes the performance of the above described method for recognition of secure SMS messages.
  • the method can further comprise the following additional step: sending a secure SMS message by the supplier to the user radio telephone, by means of the previously described method for generation for confirming the completion of the acquiring/reserving operation.
  • the method can further comprise the following preliminary steps: requesting by the user an emitting agency for the activation of a payment service by means of secure emission of SMS messages, and - sending a secure SMS message from the emitting agency to a radio telephone of the user, by means of the above described method for generation, including a digital certificate identifying the user.
  • It is still further object matter of this invention a method of publicity or advertising for promotion by a product/service supplier to one or more clients, comprising the following step: sending a secure SMS message from said supplier to a radio telephone of at least one user, by means of the above described method for generation, including a digital promotional code identifying the user.
  • such method can further comprise the following final step: sending a SMS message including said digital promotional code identifying the user from said user to said supplier.
  • said SMS message sent from the user to the supplier is a secure SMS message.
  • a computer comprising a modem, or a mobile radio telephony apparatus, characterised in that it is adapted to perform the above illustrated method for generation.
  • a computer comprising a modem, or a mobile radio telephony apparatus, characterised in that it is adapted to perform the above illustrated method for recognition.
  • a signal for radio mobile telephony preferably cellular telephony, comprising a SMS message, characterised in that said SMS message is a secure SMS message realised by the above described method for generation.
  • a computer program characterised in that it comprises code means adapted to perform, when they operate on a computer, the previously described method for generation.
  • Figure 1 is a diagram schematically illustrating a first embodiment of the method for generation according to this invention and its related method for recognition
  • Figure 2 is a diagram schematically illustrating a second embodiment of the method for generation according to this invention and its related method for recognition;
  • Figure 3 is a diagram schematically illustrating a third embodiment of the method for generation according to this invention and its related method for recognition;
  • Figure 4 shows a flow chart schematically illustrating the translation function according to a preferred embodiment of the method for generation according to this invention
  • Figure 5 shows a flow chart schematically illustrating the translation function inverse of the translation function of Figure 4
  • Figure 6 is a diagram schematically illustrating a first embodiment of the method for purchase/reservation according to this invention
  • Figure 7 is a diagram schematically illustrating a first application example of the method for purchase/reservation according to this invention.
  • Figure 8 is a diagram schematically illustrating a second application example of the method for purchase/reservation according to this invention
  • Figure 9 is a diagram schematically illustrating a third application example of the method for purchase/reservation according to this invention.
  • Figure 10 is a diagram schematically illustrating a fourth application example of the method for purchase/reservation according to this invention.
  • the security mechanism adopted by the method according to this invention is based upon the public key cryptography model and upon the definition of specific Public Key Infrastructure or PKI, as utilised for identifying the parties involved in the communication schema and for the definition of the mechanism to be utilised for handling the keys (distributing and/or up-dating the public keys, distributing the session private keys).
  • a message obtained by means of the method for generation according to this invention will be designated in the following description and in the claims as "Secure- Short Message" or S-SM.
  • a S-SM message is a conventional SMS message (at present comprising a maximum number of 160 characters) whose text includes two distinct portions: a first portion comprising a message itself, as utilised for instance for identifying a purchased/reserved product, the identity of a person, a confidential information item or any message; and a second portion comprising a print or authentication code of the message, as generated by means of the method according to this invention aimed at imparting the desired security characteristics to the S- SM message.
  • the method for generation of S-SM messages according to this invention performs an authentication function that results into an authentication or a value which is utilised as an authenticity certificate of the message.
  • This authentication function is a high level function that implements the proper authentication protocol which enables the source to generate the authentication code and the receiver to check the authenticity of the message.
  • Said authentication function will utilise low level authentication primitives comprising: ciphering functions for the whole message obtained by means of conventional cryptography mechanisms (with symmetric key) or public key cryptography mechanisms (with asymmetric key); and/or
  • MAC Message Authentication Code
  • a S-SM message allows to guarantee the following four security levels in communications: authenticity, that is to say it guarantees before an addressee that the received message has been effectively written and sent by the specified sender and not by any other one; integrity, that is to say it guarantees before the sender and the addressee that nobody changed the contents of the message; non-rejection by the sender, namely it guarantees before the addressee that the sender cannot deny having transmitted the message; and confidentiality, namely it guarantees before the sender and the addressee that the contents of the message are not accessible to unauthorised third parties.
  • the S-SM message can also be partially or totally ciphered, for instance by ciphering only the message or both the message and the print.
  • a first embodiment of the method for secure transmission of data by SMS is based upon an authentication code of the messages which provides for adopting a secret key K A that is known to both ends of the communication.
  • the first block 1 represents the method for generation of S-SM messages and the second block 2 represents the method for check or recognition of S-SM messages.
  • Secret key K A is utilised to generate a first small data block N of fixed length. This first embodiment guarantees the authenticity and the integrity of the messages.
  • a second embodiment of the method for secure transmission of data by means of SMS messages provides for the digital signature N to be generated by means of a private key K SA of the generation block 1.
  • Block 3 performs a Hash function, that is to say a public function by which a message of any length is mapped into a hash string of fixed length.
  • Block 2 receives said S-SM message comprising a juxtaposition of the message to be authenticated and of the print N and automatically checks its authenticity and integrity by means of a block 3' performing a Hash function and a public key Kp A as furnished by the unit which emitted the abovesaid S-SM message by means of block 1.
  • This second embodiment guarantees the authenticity, integrity and non- rejection features of the messages.
  • a third embodiment of the method for secure transmission of data by means of SMS messages provides that, in generation block 1 , a hash code obtained by applying a block 3 to message M to be authenticated is passed as a parameter to a signature function 4 together with a random, purposely generated number 4.
  • the signature function also depends on a secret key KS A of the generation block 1 as well as on a parameter set, also designated as group public key K PG , known to the communication group by which this schema is utilised.
  • the outcome of this signature function 4 includes two components s and r , respectively.
  • Said block 2 generates the hash code of the received message M.
  • This latter function depends on the group public key K PGR and on the public key of the sender Kp A .
  • Said check function 5 generates a value that, when the signature is valid, is equal to the component r of the digital signature.
  • the recognition block 2 operates in such a manner that the check of the signature of the message only depends on the public key K PA of the sender and on the group public key K PGR .
  • Said random number K is not directly communicated to the addressee, but it is embedded in the transmitted S-SM message.
  • message M includes an identity indicator which emits the S-SM message and an accurate description of the product/service which it is related to.
  • said message M includes the indicator code of the bank institute which emitted the certificate itself as well as the identification of the person whom the certificate is related to.
  • MSISDN telephone number
  • the selection of the cryptographic schema to be utilised for generation and check of the S-SM messages as well as the selection of the conventional cryptography algorithms (DES, 3DES, and so on), the selection of the public key algorithms (RSA, DSA, and so on) and the selection of the authentication functions (Hash functions SHA, MD%, and so on) to be utilised therein, are strictly dependent on the application schema.
  • the most simple PKI that can be considered consists of the mere identity, public and private key pair, of the service supplier, for instance a trade institution or Merchant.
  • the private key is utilised by the supplier for generation of the S-SM messages, while the public key, as distributed by means of the X.509 certificate or similar standard, is utilised by the Merchant during the check step.
  • Mechanisms for checking, for updating and for revoking the keys can be provided.
  • the PKI design function will have to handle more simultaneously present signature generating identities. This entails that a file of the reliable identities (and the corresponding management logic) as well as a centralised management unit of an identity revocation list ought to be present at each product/service distribution centre.
  • the computer program or software for the S-SM message supplier, as performed by authentication block 1 , and the related check software, as performed by block 2 can be made operative in more or less complex processor apparatuses.
  • a PC with a telephone set or a hand-held GSM and/or a GPRS and/or a UMTS device connected to the serial port can be directly utilised to generate and inroute said S-SM messages or to receive and check said S-SM messages.
  • the S- SM message traffic is very crowded, it is possible to make recourse to higher performance hardware/software implementations, in which the adoption of SMS Gateway and of dedicated SMS or SMSC centres is provided.
  • the above mentioned processor apparatuses can be of mixed kinds, such as comprising a S-SM message supplier having a SMS Gateway and a dedicated SMSC, while a PC with a GSM and/or a GPRS and/or a UMTS unit connected to the serial port can be utilised for receiving and checking the S-SM messages.
  • a S-SM message supplier having a SMS Gateway and a dedicated SMSC
  • a PC with a GSM and/or a GPRS and/or a UMTS unit connected to the serial port can be utilised for receiving and checking the S-SM messages.
  • a software module which performs the generation and enroute function for the S-SM messages, henceforth designated as S-SM Engine, as well as a software module which performs the checking function for the received S-SM messages, henceforth designated as S-SM Verifier, are included in each implementation of the S-SM system.
  • S-SM Engine receives the data upon which the message to be sent is formed, implements a specific schema for generation of S-SM messages and utilises a proper API interface for the particular reference hardware context in order to enroute them to the wireless network.
  • routing of S-SM messages is carried out by a API interface based upon AT commands, when said reference hardware context is based upon a telephone device, a hand-held GSM and/or GPRS and/or UMTS device, directly connected to the serial port, or by the API interface of the SMS Gateway, when SMSC is adopted.
  • S-SM Verifier is associated to a particular MSISDN, it is adapted to intercept any message coming from the network and implements a specific checking or verifying schema for the S-SM messages.
  • S-SM Engine also the S-SM Verifier utilises a proper API interface for the particular reference hardware context in order to receive the SMS messages from the network.
  • S-SM Engine comprises a further processor stage which carries out a translation in order to transform the byte array of the print into a string of alphanumeric characters where each individual character belongs to a sub-assembly of the standard alphabet of the SM messages.
  • an inverse translation processor stage should necessarily be present in order to re-translate the string of characters representing the print contained in the S-SM message into its byte array original format.
  • the print translation algorithm is parametric with respect to the output alphabet cardinality.
  • such algorithm is adapted to translate a byte array into character strings taken out from an alphabet having any number of bits, such as, for instance, 4 bits, 7 bits or 10 bits.
  • the output alphabets related to the various options are pre-defined within the algorithm and they are purposely selected for the desired function. For instance, the 7 bit alphabet coincides with the SM alphabet; the alphabets having a number of bits lower than 7 are sub-assemblies of the SM alphabet.
  • Figure 4 schematically illustrates the algorithm of the translation function.
  • the initialisation of the translation takes place by selecting the desired output alphabet, having 4 bits. Based upon the effected selection, the variable MASK that will be utilised for the extraction of the bits from the memory area utilised as work memory MEM is set up.
  • variable MASK when the 6 bit output alphabet is selected, said variable MASK will be initialised to hexadecimal value 0000003F. Such value is adapted to extract the 6 least significant bits of said memory MEM by means of a simple AND operation, bit by bit. Subsequently, this algorithm begins performing the translation of the input, by retrieving and processing n bytes at a time with the help of the memory section MEM. The translation operation will be completed by a number of steps depending on the size, equal to n bytes, of the memory section MEM as well as on the size of the input array.
  • Each step comprises: populating the memory section MEM such that the first byte is arranged in the least significant byte position of MEM and so on up to the n-th byte which will be arranged in the most significant byte position of MEM, extracting k-bit words from memory section MEM by utilising the above mentioned variable MASK, - translating each retrieved k-bit word into characters, based upon the index-character correspondences as defined for the selected alphabet.
  • Figure 5 schematically illustrates the algorithm of the inverse translation function that is symmetric to the translation algorithm shown in Figure 4.
  • the initialisation of the inverse translation takes place by selecting the input alphabet, which consists of the character string forming the print incorporated with the S-SM message. Obviously, the input alphabet to be selected in said inverse translation should be coincident with the output alphabet as utilised upstream to generate the S-SM message.
  • variable MASK that will be utilised for the insertion of the bits corresponding to each input character into the memory area utilised as work memory MEM is set up.
  • the algorithm begins performing the inverse translation of the input, by retrieving and processing n characters at a time with the help of the memory section MEM.
  • the inverse translation operation will be completed by a number of steps depending on the size of the memory section MEM as well as on the size of the input.
  • Each step comprises: translating each individual input character into k-bit words, based upon the index-character correspondences as defined for the selected alphabet, populating the memory section MEM with the k-bit words, where the k-bit word corresponding to the first character is arranged in the least significant bit positions of MEM, while the k-bit word corresponding to n-th character will be arranged in the most significant bit positions of MEM, and extracting the component bytes from memory section MEM by utilising a variable BYTE-MASK of 000000FF type.
  • the so obtained bytes form the print of the S-SM message.
  • the maximum length of portion M of said S-SM messages is 74 characters.
  • the S-SM architecture according to this invention is scaleable to other mobile technologies presently available on the market, such as WAP and GPRS, as well as to other next to be available technologies, such as UMTS.
  • WAP and GPRS mobile technologies presently available on the market
  • UMTS next to be available technologies
  • the extensions to SMS service that will be offered by new standards GPRS and UMTS will result into richer S-SM compositions both in terms of characters and, possibly, in terms of images and multimedial items. This scaleability is also assured in respect of cryptographic algorithms and of cryptographic architectures.
  • the GSM-, GPRS- or UMTS- compatible terminals (telephone and hand-held apparatuses) of next generation will be characterised by a sufficient computation capability to enable the implementation and the operation of conventional and public key cryptography algorithms directly on the terminal itself.
  • the S-SM approach has been designed and realised in such a manner as to be compatible with the generation and checking or verification functions of the S-SM devices directly on the mobile terminals, thereby extending even more the application ranges of the present S-SM approach.
  • the secure communication model can also be directly extended to client- client or to consumer-client communications and so it is not necessarily limited to consumer-merchant communications (B2C).
  • a Consumer can purchase products/services by directly interacting with a Merchant 6 by means of its mobile terminal 8 through a wireless network 9 or by interacting with the service centre 7 by means of a PC 10 through the Internet network 11.
  • the architecture of Figure 6 can be integrated in any payment model, such as cash, personalised pre-paid, credit cards, checks, IVR. In some application fields, it is necessary to have a network of
  • the payment service based upon S-SM messages can be extended to any type of commercial activity, also the not automatic ones, and it can be utilised in parallel to the conventional payment means (cash, checks, IVR, bancomat, pre-payment, disposable credit card).
  • each distributor or dispenser has telephone number associated thereto, while a code (publicised on the dispenser itself) is associated to the individual products.
  • a user wishing to effect a purchase sends his/her own digital identification certificate S-SM (preliminarily received from an issuing agency, such as, for instance, a bank operator, following a request for activation of the payment service by means of S-SM subscribed by the user himself/herself) to the indicated telephone number and specifies the code associated to the product and, if proper, the quantity.
  • S-SM digital identification certificate
  • the concerned dispenser dialogues with the interbank institute by means of S-SM messages or other channel (such as web or dedicated line) in order to verify the identity of the client and the available bank balance and, when the result is positive, it dispenses the requested product.
  • S-SM messages or other channel such as web or dedicated line
  • the transaction provides for one only S-SM message to be sent by the consumer.
  • the dialogue between the dispenser and the agency providing for the concerned payment requires one only SMS message to be sent from each party; the above transaction can alternatively take place by means of a different channel, such as web/SSL or dedicated telephone line.
  • the SMS transmitting process from the consumer is not particularly complex, in view of the fact that it is sufficient to add the product code as a header of the message received from the agency providing for the concerned payment.
  • the above illustrated process can be further simplified by letting the consumer directly digit the code of the product to be purchased on the dispenser.
  • the purchasing procedure will uniquely include sending the S-SM message to the dispenser, without any change to the original message.
  • the e-commerce model does not provide for a direct dispension of the purchased products, but a product/service supplier web site is directly involved in acquiring and delivering the goods.
  • Such model directly applies to pre-existing e-commerce sites.
  • the purchaser selects the articles he/she desires to purchase, by utilising the web interface furnished by the merchant. Upon submitting the order, he/she will be relayed to a page that, instead providing for a conventional transaction based upon a credit card in the SSL system, provides for an alternative and innovative purchasing methodology based upon S-SM messages.
  • the code associated to the purchase to be perfected (automatically generated by means of mechanisms adapted to guarantee authenticity) will be indicated together with the telephone number established by the merchant for reception of orders via the S-SM system.
  • the purchaser therefore, will have to compose a SM message by juxtaposing the order code to the head portion of his/her own digital certificate in S-SM format (virtual credit card) and will have to send such S-SM to the indicated telephone number.
  • S-SM format virtual credit card
  • the merchant dialogues with the interbank institute by means of S-SM or other channel (web, dedicated line, etc.) in order to check or verify the identity of the client and the available balance and, when the result is positive, it perfects the order and the delivery of the products.
  • the advantages for a merchant deriving by adoption of a S-SM based micro-payment system are as follows: extension of the sale channels, reduction of the personnel engaged in collecting and transferring the monetary incomes, less maintenance (failure rates in a S- SM system are lower than a money handling mechanical apparatus), reduction of the lock-picking risks, credits directly accounted without money handling, no need of telephone cables, possibility to directly monitor the residuals and any failures of the dispensers without additional costs.
  • the cellular device is utilised in similar way as it occurs in web electronic commerce, but without the need for the user to enter the credit card number or other secret code into his/her own cellular device.
  • the user has his/her own S-SM which uniquely identifies his/her credit card and enables secure purchases and reservations to be effected.
  • S-SM is issued from the service centre by means of the credit institute (bank), upon activation of the service, exactly as it occurs for the credit card system.
  • FIG. 8 it can be observed that another application example of the method according to this invention is a wager or betting system that the user can directly utilise by means of a radio telephone device, even near the same place where the event subject- matter of the wager is occurring, without the need to have cash money available and without the need to preliminarily go to the receiving stand and to enter a queue.
  • Each wager or bet has a code and a manager or bench telephone number associated thereto, as publicised in the entrance sheet or depliant or in a specialised magazine, on the web, etc.; the role of the bench is to guarantee the economic coverage of the various wagers. Preferably, it accepts a wager only when it is covered by other wagers.
  • a player desiring to submit a wager sends a S-SM message to the manager or administrator and specifies the relevant code.
  • the bench automatically credits the won sum (upon subtracting the intermediation percentage) on the player account, in the other case, it withdraws the corresponding amount.
  • a payment model based upon a pre-payment system can be adopted, in which the bench manages a virtual account that the wagerer provide for crediting or debiting depending on the concerned wager.
  • the advantages for a manager in adopting a S-SM based betting system are as follows: automatic management of the wagers, increase in the number of wagers, reduction of the receiving stations and of the related personnel, possibility to register user profiles and to make advertisement activities based upon the preferences of the players in order to actively propose wagers or other initiatives.
  • a further application example of the method according to this invention is in the field of purchasing or reserving tickets, or ticketing, which the user can directly carry out by means of a radio telephone apparatus, without preliminarily going to the ticket office, entering a queue for purchasing the desired tickets, taking the ticket with himself/herself to the showing, entering the queue for entrance and exhibiting the ticket for check. This occurs, for instance, in cinemas, theatres, museums, concerts, sport events, and so on.
  • Each showing has a code and a telephone number associated therewith (as published on the notice board, or on specialised magazines, newspapers, on web, and so on) and the user desiring to purchase/reserve a ticket sends a message to said number specifying the code and possibly the number of the seats he/she desires.
  • he/she receives a S-SM message including the result of the request and the digital signature of the manager/administrator: such message represents a real token for entrance.
  • the user goes to the entrance to the showing, sends the S-SM message with the ticket to the number of the manager/administrator which automatically recognises it and allows entrance, for instance by operating a carousel. Should a reservation be involved, the manager/administrator automatically debits the cost of the ticket.
  • the above described S-SM service can be integrated with the purchase and/or reservation service by web: for instance, in a context in which the subscriber desires to choose one or more seats based upon the presently existing availability, the web allows such research to be effected in the best conditions. Subsequently, after having located the desired seats, the concerned tickets can anyway be issued by the manager/administrator by means of S-SM messages to be sent to the same person who performed the reservation or to any other desired person.
  • the advantages for a manager in adopting a S-SM based ticketing system are as follows: automatic pre-sale of the tickets, reduction of the personnel at the ticket office, reduction of the personnel required for checking the tickets at the entrances to the showings, possibility to register user profiles and to make advertisement activities based upon the preferences of the users, issuing of free gift or discounted price tickets.
  • the validation of the electronic ticket can be effected locally at the same entrance gate, in view of the fact that it does not require any communication with a possible central file, thereby reducing the needs of cables and connections.
  • a central file capable to keep all already issued tickets is preferably adopted in order to prevent any fraudulent action.
  • a retailer can perform one-to-one marketing campaigns by sending promotional messages to the clients or to people passing near the sale point. This is the case, for instance, of supermarkets, shops, restaurants.
  • the concerned shop-keeper collects information about the preferences of his/her clients, for instance by means of paper forms to be filled-in or via web. Based on the so collected profiles, he/she can start promotional activities aimed at encouraging the clients to access the shop. For instance, he/she can send a S-SM message informing the client that a discount or a gift will be associated to a certain purchase or expenditure. At this point, the client can access the shop, send the received S-SM message and be enabled to enjoy the promotional offer.
  • the concerned shop-keeper can order his/her telephonic operator or his/her own ASP to send promotional messages to the subscriber passing near the sale point by exploiting the mobile location technology, in similar way as it occurs when usual leaflets are distributed.
  • the advantages for a retail salesman in adopting an advertising system based upon S-SM messages are connected with realising a one-to-one marketing (to directly encouraging the clients and to approach passer-by's), so as to achieve savings in terms of promotional mail, advertisement boards, distribution of leaflets.
  • a S-SM based mobile service is adapted to resist the following cryptographic attack typologies: - detection of the contents, with access to confidential information as included in the SMS message for people and/or processes foreign to the communication; analysis of the traffic, with identification of the message structure between the two parties of the concerned communication; - masking, with insertion of messages generated by any fraudulent sources into the communication; modification of the contents, with change of the text of the message, by insertion, deletion, substitution, transposition of characters; modification of the message sequence between the two involved parties; modification of the times, with delay or repetition of the messages; rejection by the sender, with denying the transmission of a message from a source.
  • a S-SM system In addition to the security and confidentiality of the communications and to the compatibility with all cellular and hand-held GSM/GPRS/UMTS radio telephone apparatuses, the following further advantages of a S-SM system according to this invention can be mentioned : - the simplicity of use, that does not require either any specific configuration of the apparatuses (such as the common radio telephone sets) or any technical background knowledge by the user, since it requires sending a single message or, in the worst situation and only in particular cases, two messages for performing a transaction; - the multiplicity of payment mechanisms, since the S-SM service can be integrated with any payment model (such as cash, personalised pre-payments, credit card, checks); low infrastructure costs, since access to S-SM based services does not require particular infrastructural investments by companies or institutes: in fact a conventional PC and a GSM/GPRS/UMTS modem (or any cellular radio telephone apparatus) are sufficient; - the independence on a telephonic operator, since the S-SM service in completely independent on any operator

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

This invention relates to a method for secure transmission of data by means of messages in the frame of the Short Message Service (SMS) of the radio mobile telephony system, preferably cellular telephony, that allows to guarantee in simple, reliable and unexpensive manner the four security levels in SMS communications between a sender and an addressee (namely, authenticity, integrity, non-reject and confidentiality), thereby making the performance of commercial activities, such as payments and reservations, by use of said SMS service, technically secure. The invention also relates to the methods for generation and recognition of secure SMS messages, to the instruments needed for performing the methods as well as to the apparatus performing the methods.

Description

METHOD OF SECURE DATA TRANSMISSION THROUGH SHORT MESSAGE SERVICE (SMS)
This invention relates to a method for secure transmission of data by means of messages in the frame of the Short Message Service (SMS) of the radio mobile telephony system, preferably cellular telephony, 0 that allows to guarantee in simple, reliable and unexpensive manner the four security levels in SMS communications between a sender and an addressee (namely, authenticity, integrity, non-reject and confidentiality), thereby making the performance of commercial activities, such as payments and reservations, by use of said SMS service, technically 5 secure. The invention also relates to the methods for generation and recognition of secure SMS messages, to the instruments needed for performing the methods as well as to the apparatus performing the methods.
It is known that at present the electronic commerce, or e- 0 commerce, conventionally exploited on the Internet network, by means of Personal Computers or PC's and navigation graphic application centers or browsers is meeting with certain difficulties in its diffusion due to some technical and practical reasons.
In particular, the scarce technical diffusion due to which access 5 to Internet is limited to a low population percentage, in the first place in respect of adult age people, that anyway have a high expenditure possibility, noticeably restricts the e-commerce capability.
Furthermore, the technical problems connected with security and confidentiality in transmission of sensible data, such as the code 0 number of a credit card, raise a scarce reliability sensation in the users, since such data are amenable of possible fraudulent interception.
A different form of electronic commerce occurs by means of the radio mobile telephony or so-called "via wireless", preferably cellular telephony, also known as mobile commerce or m-commerce. 5 Even if it enjoys a more extended technologic diffusion, in view of the fact that the common cellular radio telephonic apparatuses and hand-held computers are extremely popular and simple to be used, also the diffusion of the m-commerce is meeting with noticeable obstacles raised by insufficient security and confidentiality of the concerned communications.
The most significant recently developed approaches for m- commerce are based upon SMS and WAP technologies. The SMS technology, as already adopted by all telephonic companies with high standardisation level and largely adopted by mobile users, in view of its simplicity of use and of its reduced costs, has some drawbacks mainly connected with the fact that the related communication mechanism is intrinsically unsecure. The WAP (Wireless Application Protocol) technology allows cellular enabled GSM devices to navigate in similar manner as it occurs in WEB, namely in the Internet network, even if it is adapted to handle extremely simple and short pages (a text of few lines). The drawbacks of the WAP that have limited its diffusion are its complexity, both in terms of apparatus and in terms of usability, the slowness of its connections, which take place at 9600 bits/sec, as well as the fact that it appears to be extremely expensive (the users pay for data connections at the same rate as for voice connections.
Other more complex and technologically advanced approaches for e-commerce based upon GPRS and UMTS technologies are presently being developed. Anyway, their very scarce (or even completely lacking diffusion, as for UMTS) prevents them from being significantly considered in e-commerce applications.
!n particular, aiming at encouraging the development of the e- commerce, in recent times researches have been addressed to SMS technology, already adopted by all telephonic companies having a high standardisation level and largely adopted by mobile users, in view of its simplicity of use and of its reduced costs.
Anyway, also said SMS technology has some drawbacks mainly connected to the fact that the communication mechanism is intrinsically unsecure.
It is an object of this invention to provide a method for secure transmission of data by means of messages in the frame of the Short Message Service (SMS) of the radio mobile telephony system, preferably cellular telephony, that utilises suitable methods for generation and for recognition of secure SMS messages and that allows to guarantee in simple, reliable and unexpensive manner authenticity, integrity, non-reject and confidentiality of the SMS communications, without requiring any technologic intervention on the user terminal (cellular or hand-held) apparatus, thereby allowing a high simplicity and practicality of use.
Another object of this invention is to minimise the number of SMS messages to be exchanged between two parties in order to finalise an economic transaction.
A further object of this invention is to furnish the instruments needed for performing the methods as well as to the apparatus performing the methods. It is specific subject-matter of this invention a method for generating secure messages of a Short Message Service or secure SMS messages, in mobile telephony, preferably cellular telephony, comprising the step of furnishing a SMS message having m bits, the method being characterised in that it further comprises the following steps: - generating an authentication code having f bits, by means of an authentication protocol that utilises an authentication function generating a print string depending on at least said m-bit SMS message and on at least a low level authentication function, said authentication protocol performing a translation function that translates said print string into a second string of alphanumeric characters; and building-up a secure (m+f)-b\t message by juxtaposition of said f-bit authentication code to said m-bit SMS message.
According to this invention, said translation function can translate said print string by subdividing it into groups of k bits and by translating each group into an alphanumeric character.
Again according to this invention, said alphanumeric characters can belong to the standard SMS alphabet.
Further according to this invention, said authentication function as utilised by said authentication protocol can also depend on at least one key.
Still according to this invention, said authentication code has a number f of bits that is constant for each secure SMS message to be generated.
Alternatively, according to this invention, said authentication code can have a variable number f of bits.
Again according to this invention, said authentication function can comprise: at least one symmetric key cryptographic function; and/or at least one asymmetric key cryptographic function; and/or at least one Message Authentication Code (MAC) function; and/or at least one Hash function; and/or at least one signature function depending on a secret key as well as on one or more parameters.
Further according to this invention, the method can also comprise the following final step: - building-up a ciphered message having A? bits starting from said secure message by means of a ciphering function.
Also according to this invention, said ciphering function can depend on at least one key.
Again according to this invention, said ciphering function can performs a translation function that translates said ciphered message into a further string of alphanumeric characters.
Further according to this invention, said translation function can translate said ciphered message by subdividing it into groups of k bits and by translating each group into an alphanumeric character. Again according to this invention, said alphanumeric characters belong to the standard SMS alphabet.
It is further subject matter of this invention a method for recognition of secure SMS messages generated by the above described method for generation characterised in that it comprises the following steps: obtaining a first control string by means of a first control function depending on at least a first portion of a secure SMS message, obtaining a second control string by means of a second control function depending on at least a second portion of said secure SMS message, and checking the correspondence between said first control string and said second control string.
Also according to this invention, said first portion of the secure
SMS message includes at least a first portion of said second string of alphanumeric characters and said first control function translates said at least a first portion of said second string of alphanumeric characters by means of a translation function inverse of the translation function performed by the authentication protocol of the above described method for generation.
Again according to this invention, said second portion of the secure SMS message includes at least a second portion of said second string of alphanumeric characters and said second control function translates said at least a second portion of said second string of alphanumeric characters by means of a translation function inverse of the translation function performed by the authentication protocol of the above described method for generation. Further according to this invention, said secure SMS message can be a n-bit ciphered message, generated by the above described method for generation and the method for recognition can further comprise the following initial step: obtaining a m+^-bit message starting from the π-bit ciphered message by means of a deciphering function inverse of the ciphering function by which the ciphered message was built-up.
Still according to this invention, said deciphering function can depend on at least one key.
Further according to this invention, said secure SMS message can be generated by the previously described method for generation which builds-up the ciphered message starting from said secure message by means of a ciphering function which performs a translation function and the method for recognition can further comprise the following step preliminary to the initial step: - translating said secure SMS message by means of a translation function inverse of the translation function performed by the above described method for generation.
A further specific subject matter of this invention is a method for acquiring/reserving products/services of a supplier by a user, comprising the following steps: requesting at least a product/service to be acquired/reserved by a user from a supplier by means of a SMS message by means of a radio telephone system, checking by the supplier the availability of the product/service requested by the user, perfecting by said supplier the transaction connected with the request from the user, characterised in that said request SMS messages are secure SMS messages generated by means of the above illustrated method for generation and in that said checking step includes the performance of the above described method for recognition of secure SMS messages. Still according to this invention, the method can further comprise the following additional step: sending a secure SMS message by the supplier to the user radio telephone, by means of the previously described method for generation for confirming the completion of the acquiring/reserving operation.
Again according to this invention, the method can further comprise the following preliminary steps: requesting by the user an emitting agency for the activation of a payment service by means of secure emission of SMS messages, and - sending a secure SMS message from the emitting agency to a radio telephone of the user, by means of the above described method for generation, including a digital certificate identifying the user.
It is still further object matter of this invention a method of publicity or advertising for promotion by a product/service supplier to one or more clients, comprising the following step: sending a secure SMS message from said supplier to a radio telephone of at least one user, by means of the above described method for generation, including a digital promotional code identifying the user.
Equally according to this invention, such method can further comprise the following final step: sending a SMS message including said digital promotional code identifying the user from said user to said supplier.
Still according to this invention, said SMS message sent from the user to the supplier is a secure SMS message. It is further subject matter of this invention a computer comprising a modem, or a mobile radio telephony apparatus, characterised in that it is adapted to perform the above illustrated method for generation.
It is further subject matter of this invention a computer comprising a modem, or a mobile radio telephony apparatus, characterised in that it is adapted to perform the above illustrated method for recognition. It is still further subject matter of this invention a signal for radio mobile telephony, preferably cellular telephony, comprising a SMS message, characterised in that said SMS message is a secure SMS message realised by the above described method for generation. It is further subject matter of this invention a computer program characterised in that it comprises code means adapted to perform, when they operate on a computer, the previously described method for generation.
It is also subject matter of this invention a computer readable memory support having a program stored thereon, characterised in that said program is the above described computer program.
It is still further subject matter of this invention a computer program characterised in that it comprises code means adapted to perform, when they operate on a computer, the previously described method for recognition.
It is further subject matter of this invention a computer readable memory support having a program stored thereon, characterised in that said program is a computer program as above described.
This invention will be now described by way of illustration, not by way of limitation, according to its preferred embodiments, by particularly referring to the Figures of the annexed drawings, in which:
Figure 1 is a diagram schematically illustrating a first embodiment of the method for generation according to this invention and its related method for recognition; Figure 2 is a diagram schematically illustrating a second embodiment of the method for generation according to this invention and its related method for recognition;
Figure 3 is a diagram schematically illustrating a third embodiment of the method for generation according to this invention and its related method for recognition;
Figure 4 shows a flow chart schematically illustrating the translation function according to a preferred embodiment of the method for generation according to this invention;
Figure 5 shows a flow chart schematically illustrating the translation function inverse of the translation function of Figure 4; Figure 6 is a diagram schematically illustrating a first embodiment of the method for purchase/reservation according to this invention;
Figure 7 is a diagram schematically illustrating a first application example of the method for purchase/reservation according to this invention;
Figure 8 is a diagram schematically illustrating a second application example of the method for purchase/reservation according to this invention; Figure 9 is a diagram schematically illustrating a third application example of the method for purchase/reservation according to this invention; and
Figure 10 is a diagram schematically illustrating a fourth application example of the method for purchase/reservation according to this invention.
In the following description, similar reference numerals will be utilised to designate similar items in the various Figures.
The security mechanism adopted by the method according to this invention is based upon the public key cryptography model and upon the definition of specific Public Key Infrastructure or PKI, as utilised for identifying the parties involved in the communication schema and for the definition of the mechanism to be utilised for handling the keys (distributing and/or up-dating the public keys, distributing the session private keys). A message obtained by means of the method for generation according to this invention will be designated in the following description and in the claims as "Secure- Short Message" or S-SM.
A S-SM message is a conventional SMS message (at present comprising a maximum number of 160 characters) whose text includes two distinct portions: a first portion comprising a message itself, as utilised for instance for identifying a purchased/reserved product, the identity of a person, a confidential information item or any message; and a second portion comprising a print or authentication code of the message, as generated by means of the method according to this invention aimed at imparting the desired security characteristics to the S- SM message. The method for generation of S-SM messages according to this invention performs an authentication function that results into an authentication or a value which is utilised as an authenticity certificate of the message. This authentication function is a high level function that implements the proper authentication protocol which enables the source to generate the authentication code and the receiver to check the authenticity of the message. Said authentication function will utilise low level authentication primitives comprising: ciphering functions for the whole message obtained by means of conventional cryptography mechanisms (with symmetric key) or public key cryptography mechanisms (with asymmetric key); and/or
Message Authentication Code (MAC) functions consisting of public functions of the message and a secret key, which together produce a string of fixed length; and/or - Hash functions consisting of public functions that map a message of any length into a hash string of fixed length.
In particular, a S-SM message allows to guarantee the following four security levels in communications: authenticity, that is to say it guarantees before an addressee that the received message has been effectively written and sent by the specified sender and not by any other one; integrity, that is to say it guarantees before the sender and the addressee that nobody changed the contents of the message; non-rejection by the sender, namely it guarantees before the addressee that the sender cannot deny having transmitted the message; and confidentiality, namely it guarantees before the sender and the addressee that the contents of the message are not accessible to unauthorised third parties. Eventually, the S-SM message can also be partially or totally ciphered, for instance by ciphering only the message or both the message and the print.
By referring to Figure 1 , it can be observed that a first embodiment of the method for secure transmission of data by SMS according to this invention is based upon an authentication code of the messages which provides for adopting a secret key KA that is known to both ends of the communication. In particular, the first block 1 represents the method for generation of S-SM messages and the second block 2 represents the method for check or recognition of S-SM messages. A juxtaposition of message M to be authenticated and of print N, or authentication code or signature, forms the text of the S-SM message. Secret key KA is utilised to generate a first small data block N of fixed length. This first embodiment guarantees the authenticity and the integrity of the messages.
By referring to Figure 2, it can be observed that a second embodiment of the method for secure transmission of data by means of SMS messages according to this invention provides for the digital signature N to be generated by means of a private key KSA of the generation block 1. Block 3 performs a Hash function, that is to say a public function by which a message of any length is mapped into a hash string of fixed length. Block 2 receives said S-SM message comprising a juxtaposition of the message to be authenticated and of the print N and automatically checks its authenticity and integrity by means of a block 3' performing a Hash function and a public key KpA as furnished by the unit which emitted the abovesaid S-SM message by means of block 1. This second embodiment guarantees the authenticity, integrity and non- rejection features of the messages.
By referring to Figure 3, it can be observed that a third embodiment of the method for secure transmission of data by means of SMS messages according to this invention provides that, in generation block 1 , a hash code obtained by applying a block 3 to message M to be authenticated is passed as a parameter to a signature function 4 together with a random, purposely generated number 4. The signature function also depends on a secret key KSA of the generation block 1 as well as on a parameter set, also designated as group public key KPG , known to the communication group by which this schema is utilised. The outcome of this signature function 4 includes two components s and r , respectively. Said block 2 generates the hash code of the received message M. The so obtained hash code together with the digital signature furnished by said component pair s and rare then applied to the input of a check function 5. This latter function depends on the group public key KPGR and on the public key of the sender KpA. Said check function 5 generates a value that, when the signature is valid, is equal to the component r of the digital signature. The recognition block 2 operates in such a manner that the check of the signature of the message only depends on the public key KPA of the sender and on the group public key KPGR. Said random number K is not directly communicated to the addressee, but it is embedded in the transmitted S-SM message. A same document created by a same person can have two different signatures because, even if it is generated by means of the same Hash function and the same secret and group public keys, the encode step could utilise two different K's. The introduction of said parameter K , therefore, is useful for creating a higher randomness in order to make any attack to the system more difficult. In Figures 1-3, the information items of interest are embodied in message M whose construction is strictly dependent on the application context of the generation and check schema of said S-SM messages.
In most cases, message M includes an identity indicator which emits the S-SM message and an accurate description of the product/service which it is related to.
In the case of S-SM messages representing digital certificates, or a virtual credit card, said message M includes the indicator code of the bank institute which emitted the certificate itself as well as the identification of the person whom the certificate is related to. In some contexts it will be necessary to uniquely associate the message S-SM to the telephone number (MSISDN) of the mobile subscriber, in order to avoid fraudulent situations in which the S-SM message could be utilised by third unauthorised parties. In such cases, it will be necessary to make a simple modification in the generation and check schemas in order that the print N of the messages be generated not only in said message M, but also in the message formed by the combination of M and MSISDN. In this situation, number MSISDN, even if it is not visible in the message, is incorporated within said print N and any person substitution can be detected during the checking step performed by block 2. By way of exemplification, a context in which it appears to be necessary to associate message S-SM to number MSISDN to which it is addressed is the context of the digital certificates emitted by bank operators (virtual credit cards); due to SECURITY reasons, in fact, it is necessary to guarantee that the concerned certificate can only be utilised by the person who requested its activation by utilising the MSISDN service as indicated on requesting said activation. Lastly, in some application areas, it is necessary that a time validity be associated to messages S-SM. In these cases, also a generation time stamp should be incorporated with M and, during the checking step, a control relating to said time validity of S-SM messages should also be effected in addition to the authenticity and integrity controls.
The selection of the cryptographic schema to be utilised for generation and check of the S-SM messages as well as the selection of the conventional cryptography algorithms (DES, 3DES, and so on), the selection of the public key algorithms (RSA, DSA, and so on) and the selection of the authentication functions (Hash functions SHA, MD%, and so on) to be utilised therein, are strictly dependent on the application schema.
Similar considerations apply also to the definition of the PKI needed for operation of the cryptographic schema.
The most simple PKI that can be considered consists of the mere identity, public and private key pair, of the service supplier, for instance a trade institution or Merchant. The private key is utilised by the supplier for generation of the S-SM messages, while the public key, as distributed by means of the X.509 certificate or similar standard, is utilised by the Merchant during the check step. Mechanisms for checking, for updating and for revoking the keys can be provided.
In more complex scenarios in which more S-SM message supplier and/or checker subjects can be identified, the PKI design function will have to handle more simultaneously present signature generating identities. This entails that a file of the reliable identities (and the corresponding management logic) as well as a centralised management unit of an identity revocation list ought to be present at each product/service distribution centre. The computer program or software for the S-SM message supplier, as performed by authentication block 1 , and the related check software, as performed by block 2, can be made operative in more or less complex processor apparatuses.
In the simplest case, a PC with a telephone set or a hand-held GSM and/or a GPRS and/or a UMTS device connected to the serial port can be directly utilised to generate and inroute said S-SM messages or to receive and check said S-SM messages. In all those cases in which the S- SM message traffic is very crowded, it is possible to make recourse to higher performance hardware/software implementations, in which the adoption of SMS Gateway and of dedicated SMS or SMSC centres is provided. Advantageously, the above mentioned processor apparatuses can be of mixed kinds, such as comprising a S-SM message supplier having a SMS Gateway and a dedicated SMSC, while a PC with a GSM and/or a GPRS and/or a UMTS unit connected to the serial port can be utilised for receiving and checking the S-SM messages. An approach of this kind enables good performances to be achieved in enrouting the S- SM messages to the wireless network and a decisive reduction of the hardware costs on the S-SM message receiving/checking side.
A software module which performs the generation and enroute function for the S-SM messages, henceforth designated as S-SM Engine, as well as a software module which performs the checking function for the received S-SM messages, henceforth designated as S-SM Verifier, are included in each implementation of the S-SM system.
S-SM Engine receives the data upon which the message to be sent is formed, implements a specific schema for generation of S-SM messages and utilises a proper API interface for the particular reference hardware context in order to enroute them to the wireless network. In particular, routing of S-SM messages is carried out by a API interface based upon AT commands, when said reference hardware context is based upon a telephone device, a hand-held GSM and/or GPRS and/or UMTS device, directly connected to the serial port, or by the API interface of the SMS Gateway, when SMSC is adopted.
S-SM Verifier is associated to a particular MSISDN, it is adapted to intercept any message coming from the network and implements a specific checking or verifying schema for the S-SM messages. In similar way as the S-SM Engine, also the S-SM Verifier utilises a proper API interface for the particular reference hardware context in order to receive the SMS messages from the network.
The print or digital signature generated by S-SM Engine, comprising a byte assembly or array, cannot be embedded in a SM message as generated. S-SM Engine comprises a further processor stage which carries out a translation in order to transform the byte array of the print into a string of alphanumeric characters where each individual character belongs to a sub-assembly of the standard alphabet of the SM messages. In similar way, in receive mode, an inverse translation processor stage should necessarily be present in order to re-translate the string of characters representing the print contained in the S-SM message into its byte array original format.
The above described process should take place without loss of information: the bits forming the original print should be found again in reception at the end of the inverse translation operation.
The print translation algorithm is parametric with respect to the output alphabet cardinality. In other words, such algorithm is adapted to translate a byte array into character strings taken out from an alphabet having any number of bits, such as, for instance, 4 bits, 7 bits or 10 bits. The output alphabets related to the various options are pre-defined within the algorithm and they are purposely selected for the desired function. For instance, the 7 bit alphabet coincides with the SM alphabet; the alphabets having a number of bits lower than 7 are sub-assemblies of the SM alphabet. Obviously, with inputs of equal length, the higher is the cardinality of the output alphabet utilised by the algorithm, the less is the length of the obtained character string. Figure 4 schematically illustrates the algorithm of the translation function.
The initialisation of the translation takes place by selecting the desired output alphabet, having 4 bits. Based upon the effected selection, the variable MASK that will be utilised for the extraction of the bits from the memory area utilised as work memory MEM is set up.
For instance, when the 6 bit output alphabet is selected, said variable MASK will be initialised to hexadecimal value 0000003F. Such value is adapted to extract the 6 least significant bits of said memory MEM by means of a simple AND operation, bit by bit. Subsequently, this algorithm begins performing the translation of the input, by retrieving and processing n bytes at a time with the help of the memory section MEM. The translation operation will be completed by a number of steps depending on the size, equal to n bytes, of the memory section MEM as well as on the size of the input array. Each step comprises: populating the memory section MEM such that the first byte is arranged in the least significant byte position of MEM and so on up to the n-th byte which will be arranged in the most significant byte position of MEM, extracting k-bit words from memory section MEM by utilising the above mentioned variable MASK, - translating each retrieved k-bit word into characters, based upon the index-character correspondences as defined for the selected alphabet.
The characters as obtained from the described algorithm form the translation of the print. Figure 5 schematically illustrates the algorithm of the inverse translation function that is symmetric to the translation algorithm shown in Figure 4.
The initialisation of the inverse translation takes place by selecting the input alphabet, which consists of the character string forming the print incorporated with the S-SM message. Obviously, the input alphabet to be selected in said inverse translation should be coincident with the output alphabet as utilised upstream to generate the S-SM message.
Based upon the effected selection, the variable MASK that will be utilised for the insertion of the bits corresponding to each input character into the memory area utilised as work memory MEM is set up.
At this point, the algorithm begins performing the inverse translation of the input, by retrieving and processing n characters at a time with the help of the memory section MEM. The inverse translation operation will be completed by a number of steps depending on the size of the memory section MEM as well as on the size of the input.
Each step comprises: translating each individual input character into k-bit words, based upon the index-character correspondences as defined for the selected alphabet, populating the memory section MEM with the k-bit words, where the k-bit word corresponding to the first character is arranged in the least significant bit positions of MEM, while the k-bit word corresponding to n-th character will be arranged in the most significant bit positions of MEM, and extracting the component bytes from memory section MEM by utilising a variable BYTE-MASK of 000000FF type. The so obtained bytes form the print of the S-SM message. By way of exemplification, at present, in the frame of the SMS platform available on GSM, in which each message comprises a maximum number of 160 characters, the maximum length of portion M of said S-SM messages is 74 characters.
It is important to note that any possible future extensions of the cardinality of the SMS alphabet can be exploited not only in order to reduce the dimensions of the print in S-SM, by letting the translation and inverse translation algorithms operate on alphabets having a number of bits higher than 7, but consequently also in order to increase the number of characters available to said portion M (the effective message), also with equal maximum length of the message.
The S-SM architecture according to this invention is scaleable to other mobile technologies presently available on the market, such as WAP and GPRS, as well as to other next to be available technologies, such as UMTS. The extensions to SMS service that will be offered by new standards GPRS and UMTS will result into richer S-SM compositions both in terms of characters and, possibly, in terms of images and multimedial items. This scaleability is also assured in respect of cryptographic algorithms and of cryptographic architectures.
Furthermore, the GSM-, GPRS- or UMTS- compatible terminals (telephone and hand-held apparatuses) of next generation will be characterised by a sufficient computation capability to enable the implementation and the operation of conventional and public key cryptography algorithms directly on the terminal itself. The S-SM approach has been designed and realised in such a manner as to be compatible with the generation and checking or verification functions of the S-SM devices directly on the mobile terminals, thereby extending even more the application ranges of the present S-SM approach. For instance, the secure communication model can also be directly extended to client- client or to consumer-client communications and so it is not necessarily limited to consumer-merchant communications (B2C). In this scenario, two radio mobile telephony users can exchange messages having SECURITY properties that can be offered by the S-SM approach according to this invention. In order to better understand the method for secure data transmission by means of SMS messages according to this invention, some application examples of its preferred embodiments will be described hereinbelow. By referring to Figure 6, the reference general architecture for a
S-SM based m-commerce process can be observed, in which a company
6 providing services to its clients operates with the help of a service centre 7.
A Consumer can purchase products/services by directly interacting with a Merchant 6 by means of its mobile terminal 8 through a wireless network 9 or by interacting with the service centre 7 by means of a PC 10 through the Internet network 11.
Merchant 6, who anyway interacts with said service centre 7 in order to activate the transaction, if necessary, interacts with said service centre 7 also to check or verify the correctness of the messages, should he be not capable to autonomously verify the authenticity of the concerned S-SM messages.
Lastly, the service centre 7 interacts with the Application
Service Provider or ASP of the credit institute (bank or credit card manager) in order to perfect the bank transactions relating to the order emitted by the Consumer, or it directly effects the transaction, such as in the case of pre-paid purse.
The architecture of Figure 6 can be integrated in any payment model, such as cash, personalised pre-paid, credit cards, checks, IVR. In some application fields, it is necessary to have a network of
S-SM providers as well as a network of product/service suppliers available. This applies to the case of all those organisations with very diffused distribution on the territory and wishing to maintain a not centralised S-SM service utilisable from all pre-existing sale points. In these contexts, the S-SM technology is applied with particular efficiency, in view of the fact that its SECURITY characteristics and the absence of infrastructural requirements make it particularly convenient. In effect, the sole infrastructural requirements are the availability of electric power and the coverage of a radio mobile telephony. In the specific context of purchases effected by means of mobile apparatuses, there are some product and utility typologies in respect of which the m-commerce appears to be particularly suitable: low deterioration, large consumption, low price band, large diffusion and automatic dispension. Reference can be made, for instance, to beverage dispensers, ticket dispensers for public transport means, gasoline dispensers, telephonic card dispensers, automatic cash for road tolls, ticket dispensers for car parking, as well as photocopier machines, jukeboxes, car washing plants, automatic photographic cameras for identification cards and so on. Purchases having such characteristics are included in the category of the so-called micro-payments.
The payment service based upon S-SM messages can be extended to any type of commercial activity, also the not automatic ones, and it can be utilised in parallel to the conventional payment means (cash, checks, IVR, bancomat, pre-payment, disposable credit card).
By referring to Figure 7, an application of the method for secure transmission of data by means of SMS messages according to this invention to micro-payments can be observed in the case of automatic distribution or dispension. Each distributor or dispenser has telephone number associated thereto, while a code (publicised on the dispenser itself) is associated to the individual products. A user wishing to effect a purchase sends his/her own digital identification certificate S-SM (preliminarily received from an issuing agency, such as, for instance, a bank operator, following a request for activation of the payment service by means of S-SM subscribed by the user himself/herself) to the indicated telephone number and specifies the code associated to the product and, if proper, the quantity. At this point, the concerned dispenser dialogues with the interbank institute, by means of S-SM messages or other channel (such as web or dedicated line) in order to verify the identity of the client and the available bank balance and, when the result is positive, it dispenses the requested product.
The transaction provides for one only S-SM message to be sent by the consumer. In similar way, the dialogue between the dispenser and the agency providing for the concerned payment requires one only SMS message to be sent from each party; the above transaction can alternatively take place by means of a different channel, such as web/SSL or dedicated telephone line. The SMS transmitting process from the consumer is not particularly complex, in view of the fact that it is sufficient to add the product code as a header of the message received from the agency providing for the concerned payment.
The above illustrated process can be further simplified by letting the consumer directly digit the code of the product to be purchased on the dispenser. In this way, the purchasing procedure will uniquely include sending the S-SM message to the dispenser, without any change to the original message.
The e-commerce model, by a different procedure with respect to the above described micro-payment model, does not provide for a direct dispension of the purchased products, but a product/service supplier web site is directly involved in acquiring and delivering the goods. Such model directly applies to pre-existing e-commerce sites. The purchaser selects the articles he/she desires to purchase, by utilising the web interface furnished by the merchant. Upon submitting the order, he/she will be relayed to a page that, instead providing for a conventional transaction based upon a credit card in the SSL system, provides for an alternative and innovative purchasing methodology based upon S-SM messages.
In the web interface for submission of orders, the code associated to the purchase to be perfected (automatically generated by means of mechanisms adapted to guarantee authenticity) will be indicated together with the telephone number established by the merchant for reception of orders via the S-SM system. The purchaser, therefore, will have to compose a SM message by juxtaposing the order code to the head portion of his/her own digital certificate in S-SM format (virtual credit card) and will have to send such S-SM to the indicated telephone number.
At this point, the merchant dialogues with the interbank institute by means of S-SM or other channel (web, dedicated line, etc.) in order to check or verify the identity of the client and the available balance and, when the result is positive, it perfects the order and the delivery of the products.
The advantages for a merchant deriving by adoption of a S-SM based micro-payment system are as follows: extension of the sale channels, reduction of the personnel engaged in collecting and transferring the monetary incomes, less maintenance (failure rates in a S- SM system are lower than a money handling mechanical apparatus), reduction of the lock-picking risks, credits directly accounted without money handling, no need of telephone cables, possibility to directly monitor the residuals and any failures of the dispensers without additional costs.
In particular, the cellular device is utilised in similar way as it occurs in web electronic commerce, but without the need for the user to enter the credit card number or other secret code into his/her own cellular device. In this scenario, the user has his/her own S-SM which uniquely identifies his/her credit card and enables secure purchases and reservations to be effected. Such S-SM is issued from the service centre by means of the credit institute (bank), upon activation of the service, exactly as it occurs for the credit card system.
By referring to Figure 8, it can be observed that another application example of the method according to this invention is a wager or betting system that the user can directly utilise by means of a radio telephone device, even near the same place where the event subject- matter of the wager is occurring, without the need to have cash money available and without the need to preliminarily go to the receiving stand and to enter a queue.
Each wager or bet has a code and a manager or bench telephone number associated thereto, as publicised in the entrance sheet or depliant or in a specialised magazine, on the web, etc.; the role of the bench is to guarantee the economic coverage of the various wagers. Preferably, it accepts a wager only when it is covered by other wagers.
In this case, a player desiring to submit a wager sends a S-SM message to the manager or administrator and specifies the relevant code.
As soon as his/her wager is covered, he/she receives a return confirmation S-SM message with a digital signature of the manager, to be utilised in any case as a receipt acknowledgement, in case of any claim.
In the case in which the wager is won, the bench automatically credits the won sum (upon subtracting the intermediation percentage) on the player account, in the other case, it withdraws the corresponding amount.
Also a payment model based upon a pre-payment system can be adopted, in which the bench manages a virtual account that the wagerer provide for crediting or debiting depending on the concerned wager. The advantages for a manager in adopting a S-SM based betting system are as follows: automatic management of the wagers, increase in the number of wagers, reduction of the receiving stations and of the related personnel, possibility to register user profiles and to make advertisement activities based upon the preferences of the players in order to actively propose wagers or other initiatives.
By referring to Figure 9, it can be observed that a further application example of the method according to this invention is in the field of purchasing or reserving tickets, or ticketing, which the user can directly carry out by means of a radio telephone apparatus, without preliminarily going to the ticket office, entering a queue for purchasing the desired tickets, taking the ticket with himself/herself to the showing, entering the queue for entrance and exhibiting the ticket for check. This occurs, for instance, in cinemas, theatres, museums, concerts, sport events, and so on.
Each showing has a code and a telephone number associated therewith (as published on the notice board, or on specialised magazines, newspapers, on web, and so on) and the user desiring to purchase/reserve a ticket sends a message to said number specifying the code and possibly the number of the seats he/she desires. As a reply, he/she receives a S-SM message including the result of the request and the digital signature of the manager/administrator: such message represents a real token for entrance. The user, then, goes to the entrance to the showing, sends the S-SM message with the ticket to the number of the manager/administrator which automatically recognises it and allows entrance, for instance by operating a carousel. Should a reservation be involved, the manager/administrator automatically debits the cost of the ticket.
In the case of a subscriber (for instance foot-ball championship or a concert session), the user ought only to perform the reservation and the debit amount will automatically subtracted from the pre-paid purse or carnet.
The above described S-SM service can be integrated with the purchase and/or reservation service by web: for instance, in a context in which the subscriber desires to choose one or more seats based upon the presently existing availability, the web allows such research to be effected in the best conditions. Subsequently, after having located the desired seats, the concerned tickets can anyway be issued by the manager/administrator by means of S-SM messages to be sent to the same person who performed the reservation or to any other desired person. The advantages for a manager in adopting a S-SM based ticketing system are as follows: automatic pre-sale of the tickets, reduction of the personnel at the ticket office, reduction of the personnel required for checking the tickets at the entrances to the showings, possibility to register user profiles and to make advertisement activities based upon the preferences of the users, issuing of free gift or discounted price tickets.
Furthermore, when a single carousel is enabled, the validation of the electronic ticket can be effected locally at the same entrance gate, in view of the fact that it does not require any communication with a possible central file, thereby reducing the needs of cables and connections. When a number of carousels are available, a central file capable to keep all already issued tickets is preferably adopted in order to prevent any fraudulent action.
By referring to Figure 10, a still further application example of the method according to this invention can be observed in the field of publicity or advertising. A retailer can perform one-to-one marketing campaigns by sending promotional messages to the clients or to people passing near the sale point. This is the case, for instance, of supermarkets, shops, restaurants. The concerned shop-keeper collects information about the preferences of his/her clients, for instance by means of paper forms to be filled-in or via web. Based on the so collected profiles, he/she can start promotional activities aimed at encouraging the clients to access the shop. For instance, he/she can send a S-SM message informing the client that a discount or a gift will be associated to a certain purchase or expenditure. At this point, the client can access the shop, send the received S-SM message and be enabled to enjoy the promotional offer.
Alternatively, the concerned shop-keeper can order his/her telephonic operator or his/her own ASP to send promotional messages to the subscriber passing near the sale point by exploiting the mobile location technology, in similar way as it occurs when usual leaflets are distributed. The advantages for a retail salesman in adopting an advertising system based upon S-SM messages are connected with realising a one-to-one marketing (to directly encouraging the clients and to approach passer-by's), so as to achieve savings in terms of promotional mail, advertisement boards, distribution of leaflets.
The security levels offered by said S-SM solution impart to conventional SMS based communications some protection characteristics that were not available as yet. In particular, a S-SM based mobile service is adapted to resist the following cryptographic attack typologies: - detection of the contents, with access to confidential information as included in the SMS message for people and/or processes foreign to the communication; analysis of the traffic, with identification of the message structure between the two parties of the concerned communication; - masking, with insertion of messages generated by any fraudulent sources into the communication; modification of the contents, with change of the text of the message, by insertion, deletion, substitution, transposition of characters; modification of the message sequence between the two involved parties; modification of the times, with delay or repetition of the messages; rejection by the sender, with denying the transmission of a message from a source. In addition to the security and confidentiality of the communications and to the compatibility with all cellular and hand-held GSM/GPRS/UMTS radio telephone apparatuses, the following further advantages of a S-SM system according to this invention can be mentioned : - the simplicity of use, that does not require either any specific configuration of the apparatuses (such as the common radio telephone sets) or any technical background knowledge by the user, since it requires sending a single message or, in the worst situation and only in particular cases, two messages for performing a transaction; - the multiplicity of payment mechanisms, since the S-SM service can be integrated with any payment model (such as cash, personalised pre-payments, credit card, checks); low infrastructure costs, since access to S-SM based services does not require particular infrastructural investments by companies or institutes: in fact a conventional PC and a GSM/GPRS/UMTS modem (or any cellular radio telephone apparatus) are sufficient; - the independence on a telephonic operator, since the S-SM service in completely independent on any operator both as regards the user of the radio mobile telephony system and in respect of the salesman/manager providing this service; in particular contexts, it is anyway possible to restrict use of this service to a specific telephonic operator; a service centre will be able to furnish access to the network, possibly with exclusion of voice traffic, by means of suitable exclusive agreements with one or more telephonic operators; the integration of the S-SM payment mechanism with the conventional web-based e-commerce systems, thereby enhancing the diffusion of the e-commerce system itself; the scaleability to WAP/GPRS/UMTS, since the adopted S-SM security mechanism can be favourably integrated so as to enable secure transactions independently from the WTLS (Wireless Transport Layer Security) security standard adopted by the WAP terminal; - the autoconsistency of the S-SM messages, that include all necessary information for the transaction to be performed, since the apparatus designed for the checking function can consequently operate in off-line mode, namely without being connected to a central file or to Internet; and - the possibility to carry out purchases/reservations on behalf of third parties, such as, for instance, to make a gift.
The preferred embodiments of this invention have been described and a number of variations have been suggested hereinbefore, but it should expressly be understood that those skilled in the art can make other variations and changes, without so departing from the scope thereof, as defined by the following claims.

Claims

1.- A method for generating secure messages of a Short
Message Service or secure SMS messages, in mobile telephony, preferably cellular telephony, comprising the step of furnishing a SMS message having m bits, the method being characterised in that it further comprises the following steps: generating an authentication code having f bits, by means of an authentication protocol that utilises an authentication function generating a print string depending on at least said m-bit SMS message and on at least a low level authentication function, said authentication protocol performing a translation function that translates said print string into a second string of alphanumeric characters; and building-up a secure (m+f)-b\t message by juxtaposition of said f-bit authentication code to said m-bit SMS message.
2.- A method according to claim 1 , characterised in that said translation function translates said print string by subdividing it into groups of k bits and by translating each group into an alphanumeric character.
3.- A method according to claim 1 or 2, characterised in that said alphanumeric characters belong to the standard SMS alphabet.
4.- A method according to any one of the preceding claims, characterised in that said authentication function as utilised by said authentication protocol further depends on at least one key.
5.- A method according to any one of the preceding claims, characterised in that said authentication code has a number f of bits that is constant for each secure SMS message to be generated.
6.- A method according to any one of claims 1 to 4, characterised in that said authentication code has a variable number f of bits.
7.- A method according to any one of the preceding claims, characterised in that said authentication function comprises: at least one symmetric key cryptographic function; and/or at least one asymmetric key cryptographic function; and/or at least one Message Authentication Code (MAC) function; and/or at least one Hash function; and/or at least one signature function depending on a secret key as well as on one or more parameters.
8.- A method according to any one of the preceding claims, characterised in that it further comprises the following final step: - building-up a ciphered message having n bits starting from said secure message by means of a ciphering function.
9.- A method according to claim 8, characterised in that said ciphering function depends on at least one key.
10.- A method according to claim 8 or 9, characterised in that said ciphering function performs a translation function that translates said ciphered message into a further string of alphanumerica characters.
11.- A method according to claim 10, characterised in that said translation function translates said ciphered message by subdividing it into groups of k bits and by translating each group into an alphanumeric character.
12.- A method according to claim 10 or 11 , characterised in that said alphanumeric characters belong to the standard SMS alphabet.
13.- A method for recognition of secure SMS messages generated by the method for generation according to any one of the preceding claims 1 to 12, characterised in that it comprises the following steps: obtaining a first control string by means of a first control function depending on at least a first portion of a secure SMS message, obtaining a second control string by means of a second control function depending on at least a second portion of said secure SMS message, and checking the correspondence between said first control string and said second control string.
14.- A method according to claim 13, characterised in that said first portion of the secure SMS message includes at least a first portion of said second string of alphanumeric characters and in that said first control function translates said at least a first portion of said second string of alphanumeric characters by means of a translation function inverse of the translation function performed by the authentication protocol of the method for generation according to any one of the preceding claims 1 to 12.
15.- A method according to claim 13 or 14, characterised in that said second portion of the secure SMS message includes at least a second portion of said second string of alphanumeric characters and in that said second control function translates said at least a second portion of said second string of alphanumeric characters by means of a translation function inverse of the translation function performed by the authentication protocol of the method for generation according to any one of the preceding claims 1 to 12.
16.- A method according to any one of claims 13 to 15, characterised in that said secure SMS message is a n-bit ciphered message, generated by the method for generation according to any one of the preceding claims 1 to 12 and in that the method for recognition further comprises the following initial step: obtaining a (m+f)-bit message starting from the /7-bit ciphered message by means of a deciphering function inverse of the ciphering function by which the ciphered message was built-up.
17.- A method according to claim 16, characterised in that said deciphering function depends on at least one key.
18.- A method according to claim 16 or 17, characterised in that said secure SMS message is generated by the method for generation according to any one of the preceding claims 10 to 12 and in that the method for recognition further comprises the following step preliminary to the initial step: translating said secure SMS message by means of a translation function inverse of the translation function performed by the method for generation according to any one of claims 10 to 12.
19.- A method for acquiring/reserving products/services of a supplier by a user, comprising the following steps: requesting at least a product/service to be acquired/reserved by a user from a supplier by means of a SMS message by means of a radio telephone system, checking by the supplier the availability of the product/service requested by the user, perfecting by said supplier the transaction connected with the request from the user, characterised in that said request SMS messages are secure SMS messages generated by means of the method for generation according to any one of the preceding claims 1 to 12 and in that said checking step includes the performance of the method for recognition of secure SMS messages according to claims 13 to 18.
20.- A method according to claim 19, characterised in that it comprises the following additional step: sending a secure SMS message by the supplier to the user radio telephone, by means of the method for generation according to any one of the preceding claims 1 to 12, for conferming the completion of the acquiring/reserving operation.
21.- A method according to claim 19 or 20, characterised in that it further comprises the following preliminary steps: requesting by the user an emitting agency for the activation of a payment service by means of secure emission of SMS messages, and sending a secure SMS message from the emitting agency to a radio telephone of the user, by means of the method for generation according to any one of the preceding claims 1 to 12, including a digital certificate identifying the user.
22.- A method of publicity or advertising for promotion by a product/service supplier to one or more clients, comprising the following step: sending a secure SMS message from said supplier to a radio telephone of at least one user, by means of the method for generation according to any one of the preceding claims 1 to 12, including a digital promotional code identifying the user.
23.- A method according to claim 22, characterised in that it further comprises the following final step: sending a SMS message including said digital promotional code identifying the user from said user to said supplier.
24.- A method according to claim 23, characterised in that said SMS message sent from the user to the supplier is a secure SMS message.
25.- A computer comprising a modem, characterised in that it is adapted to perform the method for generation according to any one of the preceding claims 1 to 12.
26.- A mobile telephony apparatus, characterised in that it is adapted to perform the method for generation according to any one of the preceding claims 1 to 12.
27.- A computer comprising a modem, characterised in that it is adapted to perform the method for recognition according to claims 13 to 18.
28.- A mobile telephony apparatus, characterised in that it is adapted to perform the method for recognition according to claims 13 to 18.
29.- A signal for radio mobile telephony, preferably cellular telephony, comprising a SMS message, characterised in that said SMS message is a secure SMS message realised by a method for generation according to any one of the preceding claims 1 to 12.
30.- A computer program characterised in that it comprises code means adapted to perform, when they operate on a computer or a mobile telephony apparatus, the method for generation according to any one of the preceding claims 1 to 12.
31.- A computer or mobile telephony apparatus readable memory support having a program stored thereon, characterised in that said program is a computer program according to claim 30.
32.- A computer program characterised in that it comprises code means adapted to perform, when they operate on a computer or a mobile telephony apparatus, the method for recognition according to claims 13 to 18.
33.- A computer or mobile telephony apparatus readable memory support having a program stored thereon, characterised in that said program is a computer program according to claim 32.
PCT/IT2002/000508 2001-08-08 2002-07-30 Method of secure data transmission through short message service (sms) WO2003015343A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
IT2001RM000492A ITRM20010492A1 (en) 2001-08-08 2001-08-08 METHOD FOR THE SAFE TRANSMISSION OF DATA THROUGH MESSAGES OF THE SERVICE SHORT MESSAGES, OR SMS (SHORT MESSAGE SERVICE), OF RADIOMOB TELEPHONE
ITRM2001A000492 2001-08-08

Publications (1)

Publication Number Publication Date
WO2003015343A1 true WO2003015343A1 (en) 2003-02-20

Family

ID=11455727

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IT2002/000508 WO2003015343A1 (en) 2001-08-08 2002-07-30 Method of secure data transmission through short message service (sms)

Country Status (2)

Country Link
IT (1) ITRM20010492A1 (en)
WO (1) WO2003015343A1 (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2003096615A1 (en) * 2002-05-07 2003-11-20 Wireless Applicatoins Pty Ltd Method for authenticating and verifying sms communications
EP1475755A1 (en) * 2003-05-05 2004-11-10 Openlot Systems B.V. Lottery system with mobile access
WO2009136848A1 (en) * 2008-05-05 2009-11-12 Paysystem Sweden Ab Electronic payments in a mobile communication system
US9083680B2 (en) 2008-01-18 2015-07-14 Tekelec, Inc. Systems, methods, and computer readable media for application-level authentication of messages in a telecommunications network
US11144668B2 (en) * 2019-08-15 2021-10-12 International Business Machines Corporation Cognitively hiding sensitive content on a computing device

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1998003026A1 (en) * 1996-07-11 1998-01-22 Gemplus S.C.A. Enhanced short message and method for synchronising and ensuring security of enhanced short messages exchanged in a cellular radio communication system
EP0898397A2 (en) * 1997-08-22 1999-02-24 Nokia Mobile Phones Ltd. Method for sending a secure communication in a telecommunications system
WO2000049766A1 (en) * 1999-02-16 2000-08-24 Sonera Smarttrust Oy Method for the provision of data security

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1998003026A1 (en) * 1996-07-11 1998-01-22 Gemplus S.C.A. Enhanced short message and method for synchronising and ensuring security of enhanced short messages exchanged in a cellular radio communication system
EP0898397A2 (en) * 1997-08-22 1999-02-24 Nokia Mobile Phones Ltd. Method for sending a secure communication in a telecommunications system
WO2000049766A1 (en) * 1999-02-16 2000-08-24 Sonera Smarttrust Oy Method for the provision of data security

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2003096615A1 (en) * 2002-05-07 2003-11-20 Wireless Applicatoins Pty Ltd Method for authenticating and verifying sms communications
AU2003225327B2 (en) * 2002-05-07 2007-07-19 Wireless Applications Pty Ltd Method for authenticating and verifying SMS communications
AU2003225327B8 (en) * 2002-05-07 2009-06-18 Wireless Applications Pty Ltd Method for authenticating and verifying SMS communications
EP1475755A1 (en) * 2003-05-05 2004-11-10 Openlot Systems B.V. Lottery system with mobile access
US9083680B2 (en) 2008-01-18 2015-07-14 Tekelec, Inc. Systems, methods, and computer readable media for application-level authentication of messages in a telecommunications network
WO2009136848A1 (en) * 2008-05-05 2009-11-12 Paysystem Sweden Ab Electronic payments in a mobile communication system
US11144668B2 (en) * 2019-08-15 2021-10-12 International Business Machines Corporation Cognitively hiding sensitive content on a computing device

Also Published As

Publication number Publication date
ITRM20010492A1 (en) 2003-02-10
ITRM20010492A0 (en) 2001-08-08

Similar Documents

Publication Publication Date Title
US20030014315A1 (en) Method and a system for obtaining services using a cellular telecommunication system
US7716129B1 (en) Electronic payment methods
US10325254B2 (en) Communication terminal and communication method using plural wireless communication schemes
US20030069792A1 (en) System and method for effecting secure online payment using a client payment card
WO2002039342A1 (en) Private electronic value bank system
CN101276498A (en) Multimedia self-help terminal
US7630927B2 (en) Anonymous and secure internet payment method and mobile devices
CN106886908A (en) Moving marketing system based on lottery ticket red packet and reward voucher red packet
JP2009123013A (en) Information communication system, communication apparatus, two-dimensional barcode, and method for managing issue of electronic coupon
JP2001167332A (en) Method and system for promotion
EP1104973A1 (en) A method and a system for obtaining services using a cellular telecommunication system
WO2002021767A1 (en) Virtual payment card
US7814018B1 (en) Charge number issuing and transaction system and method
US7017804B2 (en) Method for providing identification data of a banking card to a user
NZ517692A (en) Initializing/activating accounts utilizable for purchasing/provisioning items/services over data communications networks
CN110969465A (en) Sales promotion method and system based on block link certificate
WO2003015343A1 (en) Method of secure data transmission through short message service (sms)
WO2002025603A1 (en) Method for the redemption/transfer of a product, service, payment and/or the like
CN106372937B (en) A voucher issuing system and method
KR102347369B1 (en) E-mail based on enclosed ticketing system and method using the same
JP2004265296A (en) Electronic ticket system
CN2921973Y (en) Self-service payment terminal
US20080120179A1 (en) Method Of Commerce
CN110956454A (en) Block chain red packet delivery method and system
WO2005081148A1 (en) A system and method for the validation of electronic vouchers

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BY BZ CA CH CN CO CR CU CZ DE DM DZ EC EE ES FI GB GD GE GH HR HU ID IL IN IS JP KE KG KP KR LC LK LR LS LT LU LV MA MD MG MN MW MX MZ NO NZ OM PH PL PT RU SD SE SG SI SK SL TJ TM TN TR TZ UA UG US UZ VN YU ZA ZM

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SD SE SG SI SK SL TJ TM TN TR TT TZ UA UG US UZ VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ UG ZM ZW AM AZ BY KG KZ RU TJ TM AT BE BG CH CY CZ DK EE ES FI FR GB GR IE IT LU MC PT SE SK TR BF BJ CF CG CI GA GN GQ GW ML MR NE SN TD TG

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR IE IT LU MC NL PT SE SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP

WWW Wipo information: withdrawn in national office

Country of ref document: JP