+

WO2003015343A1 - Procede securise de transmission de donnees par service de messages courts (sms) - Google Patents

Procede securise de transmission de donnees par service de messages courts (sms) Download PDF

Info

Publication number
WO2003015343A1
WO2003015343A1 PCT/IT2002/000508 IT0200508W WO03015343A1 WO 2003015343 A1 WO2003015343 A1 WO 2003015343A1 IT 0200508 W IT0200508 W IT 0200508W WO 03015343 A1 WO03015343 A1 WO 03015343A1
Authority
WO
WIPO (PCT)
Prior art keywords
message
function
secure
sms message
sms
Prior art date
Application number
PCT/IT2002/000508
Other languages
English (en)
Inventor
Enrico Bertelletti
Andrea Vitaletti
Leonardo Ambrosini
Fabrizio Peroni
Original Assignee
Nexse S.R.L.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nexse S.R.L. filed Critical Nexse S.R.L.
Publication of WO2003015343A1 publication Critical patent/WO2003015343A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/12Messaging; Mailboxes; Announcements
    • H04W4/14Short messaging services, e.g. short message services [SMS] or unstructured supplementary service data [USSD]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • H04W12/033Protecting confidentiality, e.g. by encryption of the user plane, e.g. user's traffic
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/126Applying verification of the received information the source of the received data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/10Integrity

Definitions

  • This invention relates to a method for secure transmission of data by means of messages in the frame of the Short Message Service (SMS) of the radio mobile telephony system, preferably cellular telephony, 0 that allows to guarantee in simple, reliable and unexpensive manner the four security levels in SMS communications between a sender and an addressee (namely, authenticity, integrity, non-reject and confidentiality), thereby making the performance of commercial activities, such as payments and reservations, by use of said SMS service, technically 5 secure.
  • SMS Short Message Service
  • the invention also relates to the methods for generation and recognition of secure SMS messages, to the instruments needed for performing the methods as well as to the apparatus performing the methods.
  • a different form of electronic commerce occurs by means of the radio mobile telephony or so-called “via wireless”, preferably cellular telephony, also known as mobile commerce or m-commerce. 5
  • via wireless preferably cellular telephony
  • m-commerce mobile commerce
  • SMS Short Term Evolution
  • WAP Wireless Application Protocol
  • SMS technology already adopted by all telephonic companies having a high standardisation level and largely adopted by mobile users, in view of its simplicity of use and of its reduced costs.
  • SMS technology has some drawbacks mainly connected to the fact that the communication mechanism is intrinsically unsecure.
  • SMS Short Message Service
  • Another object of this invention is to minimise the number of SMS messages to be exchanged between two parties in order to finalise an economic transaction.
  • a further object of this invention is to furnish the instruments needed for performing the methods as well as to the apparatus performing the methods.
  • a method for generating secure messages of a Short Message Service or secure SMS messages in mobile telephony, preferably cellular telephony, comprising the step of furnishing a SMS message having m bits, the method being characterised in that it further comprises the following steps: - generating an authentication code having f bits, by means of an authentication protocol that utilises an authentication function generating a print string depending on at least said m-bit SMS message and on at least a low level authentication function, said authentication protocol performing a translation function that translates said print string into a second string of alphanumeric characters; and building-up a secure (m+f)-b ⁇ t message by juxtaposition of said f-bit authentication code to said m-bit SMS message.
  • said translation function can translate said print string by subdividing it into groups of k bits and by translating each group into an alphanumeric character.
  • said alphanumeric characters can belong to the standard SMS alphabet.
  • said authentication function as utilised by said authentication protocol can also depend on at least one key.
  • said authentication code has a number f of bits that is constant for each secure SMS message to be generated.
  • said authentication code can have a variable number f of bits.
  • said authentication function can comprise: at least one symmetric key cryptographic function; and/or at least one asymmetric key cryptographic function; and/or at least one Message Authentication Code (MAC) function; and/or at least one Hash function; and/or at least one signature function depending on a secret key as well as on one or more parameters.
  • MAC Message Authentication Code
  • the method can also comprise the following final step: - building-up a ciphered message having A? bits starting from said secure message by means of a ciphering function.
  • said ciphering function can depend on at least one key.
  • said ciphering function can performs a translation function that translates said ciphered message into a further string of alphanumeric characters.
  • said translation function can translate said ciphered message by subdividing it into groups of k bits and by translating each group into an alphanumeric character.
  • said alphanumeric characters belong to the standard SMS alphabet.
  • a method for recognition of secure SMS messages generated by the above described method for generation characterised in that it comprises the following steps: obtaining a first control string by means of a first control function depending on at least a first portion of a secure SMS message, obtaining a second control string by means of a second control function depending on at least a second portion of said secure SMS message, and checking the correspondence between said first control string and said second control string.
  • SMS message includes at least a first portion of said second string of alphanumeric characters and said first control function translates said at least a first portion of said second string of alphanumeric characters by means of a translation function inverse of the translation function performed by the authentication protocol of the above described method for generation.
  • said second portion of the secure SMS message includes at least a second portion of said second string of alphanumeric characters and said second control function translates said at least a second portion of said second string of alphanumeric characters by means of a translation function inverse of the translation function performed by the authentication protocol of the above described method for generation.
  • said secure SMS message can be a n-bit ciphered message, generated by the above described method for generation and the method for recognition can further comprise the following initial step: obtaining a m+ ⁇ -bit message starting from the ⁇ -bit ciphered message by means of a deciphering function inverse of the ciphering function by which the ciphered message was built-up.
  • said deciphering function can depend on at least one key.
  • said secure SMS message can be generated by the previously described method for generation which builds-up the ciphered message starting from said secure message by means of a ciphering function which performs a translation function and the method for recognition can further comprise the following step preliminary to the initial step: - translating said secure SMS message by means of a translation function inverse of the translation function performed by the above described method for generation.
  • a further specific subject matter of this invention is a method for acquiring/reserving products/services of a supplier by a user, comprising the following steps: requesting at least a product/service to be acquired/reserved by a user from a supplier by means of a SMS message by means of a radio telephone system, checking by the supplier the availability of the product/service requested by the user, perfecting by said supplier the transaction connected with the request from the user, characterised in that said request SMS messages are secure SMS messages generated by means of the above illustrated method for generation and in that said checking step includes the performance of the above described method for recognition of secure SMS messages.
  • the method can further comprise the following additional step: sending a secure SMS message by the supplier to the user radio telephone, by means of the previously described method for generation for confirming the completion of the acquiring/reserving operation.
  • the method can further comprise the following preliminary steps: requesting by the user an emitting agency for the activation of a payment service by means of secure emission of SMS messages, and - sending a secure SMS message from the emitting agency to a radio telephone of the user, by means of the above described method for generation, including a digital certificate identifying the user.
  • It is still further object matter of this invention a method of publicity or advertising for promotion by a product/service supplier to one or more clients, comprising the following step: sending a secure SMS message from said supplier to a radio telephone of at least one user, by means of the above described method for generation, including a digital promotional code identifying the user.
  • such method can further comprise the following final step: sending a SMS message including said digital promotional code identifying the user from said user to said supplier.
  • said SMS message sent from the user to the supplier is a secure SMS message.
  • a computer comprising a modem, or a mobile radio telephony apparatus, characterised in that it is adapted to perform the above illustrated method for generation.
  • a computer comprising a modem, or a mobile radio telephony apparatus, characterised in that it is adapted to perform the above illustrated method for recognition.
  • a signal for radio mobile telephony preferably cellular telephony, comprising a SMS message, characterised in that said SMS message is a secure SMS message realised by the above described method for generation.
  • a computer program characterised in that it comprises code means adapted to perform, when they operate on a computer, the previously described method for generation.
  • Figure 1 is a diagram schematically illustrating a first embodiment of the method for generation according to this invention and its related method for recognition
  • Figure 2 is a diagram schematically illustrating a second embodiment of the method for generation according to this invention and its related method for recognition;
  • Figure 3 is a diagram schematically illustrating a third embodiment of the method for generation according to this invention and its related method for recognition;
  • Figure 4 shows a flow chart schematically illustrating the translation function according to a preferred embodiment of the method for generation according to this invention
  • Figure 5 shows a flow chart schematically illustrating the translation function inverse of the translation function of Figure 4
  • Figure 6 is a diagram schematically illustrating a first embodiment of the method for purchase/reservation according to this invention
  • Figure 7 is a diagram schematically illustrating a first application example of the method for purchase/reservation according to this invention.
  • Figure 8 is a diagram schematically illustrating a second application example of the method for purchase/reservation according to this invention
  • Figure 9 is a diagram schematically illustrating a third application example of the method for purchase/reservation according to this invention.
  • Figure 10 is a diagram schematically illustrating a fourth application example of the method for purchase/reservation according to this invention.
  • the security mechanism adopted by the method according to this invention is based upon the public key cryptography model and upon the definition of specific Public Key Infrastructure or PKI, as utilised for identifying the parties involved in the communication schema and for the definition of the mechanism to be utilised for handling the keys (distributing and/or up-dating the public keys, distributing the session private keys).
  • a message obtained by means of the method for generation according to this invention will be designated in the following description and in the claims as "Secure- Short Message" or S-SM.
  • a S-SM message is a conventional SMS message (at present comprising a maximum number of 160 characters) whose text includes two distinct portions: a first portion comprising a message itself, as utilised for instance for identifying a purchased/reserved product, the identity of a person, a confidential information item or any message; and a second portion comprising a print or authentication code of the message, as generated by means of the method according to this invention aimed at imparting the desired security characteristics to the S- SM message.
  • the method for generation of S-SM messages according to this invention performs an authentication function that results into an authentication or a value which is utilised as an authenticity certificate of the message.
  • This authentication function is a high level function that implements the proper authentication protocol which enables the source to generate the authentication code and the receiver to check the authenticity of the message.
  • Said authentication function will utilise low level authentication primitives comprising: ciphering functions for the whole message obtained by means of conventional cryptography mechanisms (with symmetric key) or public key cryptography mechanisms (with asymmetric key); and/or
  • MAC Message Authentication Code
  • a S-SM message allows to guarantee the following four security levels in communications: authenticity, that is to say it guarantees before an addressee that the received message has been effectively written and sent by the specified sender and not by any other one; integrity, that is to say it guarantees before the sender and the addressee that nobody changed the contents of the message; non-rejection by the sender, namely it guarantees before the addressee that the sender cannot deny having transmitted the message; and confidentiality, namely it guarantees before the sender and the addressee that the contents of the message are not accessible to unauthorised third parties.
  • the S-SM message can also be partially or totally ciphered, for instance by ciphering only the message or both the message and the print.
  • a first embodiment of the method for secure transmission of data by SMS is based upon an authentication code of the messages which provides for adopting a secret key K A that is known to both ends of the communication.
  • the first block 1 represents the method for generation of S-SM messages and the second block 2 represents the method for check or recognition of S-SM messages.
  • Secret key K A is utilised to generate a first small data block N of fixed length. This first embodiment guarantees the authenticity and the integrity of the messages.
  • a second embodiment of the method for secure transmission of data by means of SMS messages provides for the digital signature N to be generated by means of a private key K SA of the generation block 1.
  • Block 3 performs a Hash function, that is to say a public function by which a message of any length is mapped into a hash string of fixed length.
  • Block 2 receives said S-SM message comprising a juxtaposition of the message to be authenticated and of the print N and automatically checks its authenticity and integrity by means of a block 3' performing a Hash function and a public key Kp A as furnished by the unit which emitted the abovesaid S-SM message by means of block 1.
  • This second embodiment guarantees the authenticity, integrity and non- rejection features of the messages.
  • a third embodiment of the method for secure transmission of data by means of SMS messages provides that, in generation block 1 , a hash code obtained by applying a block 3 to message M to be authenticated is passed as a parameter to a signature function 4 together with a random, purposely generated number 4.
  • the signature function also depends on a secret key KS A of the generation block 1 as well as on a parameter set, also designated as group public key K PG , known to the communication group by which this schema is utilised.
  • the outcome of this signature function 4 includes two components s and r , respectively.
  • Said block 2 generates the hash code of the received message M.
  • This latter function depends on the group public key K PGR and on the public key of the sender Kp A .
  • Said check function 5 generates a value that, when the signature is valid, is equal to the component r of the digital signature.
  • the recognition block 2 operates in such a manner that the check of the signature of the message only depends on the public key K PA of the sender and on the group public key K PGR .
  • Said random number K is not directly communicated to the addressee, but it is embedded in the transmitted S-SM message.
  • message M includes an identity indicator which emits the S-SM message and an accurate description of the product/service which it is related to.
  • said message M includes the indicator code of the bank institute which emitted the certificate itself as well as the identification of the person whom the certificate is related to.
  • MSISDN telephone number
  • the selection of the cryptographic schema to be utilised for generation and check of the S-SM messages as well as the selection of the conventional cryptography algorithms (DES, 3DES, and so on), the selection of the public key algorithms (RSA, DSA, and so on) and the selection of the authentication functions (Hash functions SHA, MD%, and so on) to be utilised therein, are strictly dependent on the application schema.
  • the most simple PKI that can be considered consists of the mere identity, public and private key pair, of the service supplier, for instance a trade institution or Merchant.
  • the private key is utilised by the supplier for generation of the S-SM messages, while the public key, as distributed by means of the X.509 certificate or similar standard, is utilised by the Merchant during the check step.
  • Mechanisms for checking, for updating and for revoking the keys can be provided.
  • the PKI design function will have to handle more simultaneously present signature generating identities. This entails that a file of the reliable identities (and the corresponding management logic) as well as a centralised management unit of an identity revocation list ought to be present at each product/service distribution centre.
  • the computer program or software for the S-SM message supplier, as performed by authentication block 1 , and the related check software, as performed by block 2 can be made operative in more or less complex processor apparatuses.
  • a PC with a telephone set or a hand-held GSM and/or a GPRS and/or a UMTS device connected to the serial port can be directly utilised to generate and inroute said S-SM messages or to receive and check said S-SM messages.
  • the S- SM message traffic is very crowded, it is possible to make recourse to higher performance hardware/software implementations, in which the adoption of SMS Gateway and of dedicated SMS or SMSC centres is provided.
  • the above mentioned processor apparatuses can be of mixed kinds, such as comprising a S-SM message supplier having a SMS Gateway and a dedicated SMSC, while a PC with a GSM and/or a GPRS and/or a UMTS unit connected to the serial port can be utilised for receiving and checking the S-SM messages.
  • a S-SM message supplier having a SMS Gateway and a dedicated SMSC
  • a PC with a GSM and/or a GPRS and/or a UMTS unit connected to the serial port can be utilised for receiving and checking the S-SM messages.
  • a software module which performs the generation and enroute function for the S-SM messages, henceforth designated as S-SM Engine, as well as a software module which performs the checking function for the received S-SM messages, henceforth designated as S-SM Verifier, are included in each implementation of the S-SM system.
  • S-SM Engine receives the data upon which the message to be sent is formed, implements a specific schema for generation of S-SM messages and utilises a proper API interface for the particular reference hardware context in order to enroute them to the wireless network.
  • routing of S-SM messages is carried out by a API interface based upon AT commands, when said reference hardware context is based upon a telephone device, a hand-held GSM and/or GPRS and/or UMTS device, directly connected to the serial port, or by the API interface of the SMS Gateway, when SMSC is adopted.
  • S-SM Verifier is associated to a particular MSISDN, it is adapted to intercept any message coming from the network and implements a specific checking or verifying schema for the S-SM messages.
  • S-SM Engine also the S-SM Verifier utilises a proper API interface for the particular reference hardware context in order to receive the SMS messages from the network.
  • S-SM Engine comprises a further processor stage which carries out a translation in order to transform the byte array of the print into a string of alphanumeric characters where each individual character belongs to a sub-assembly of the standard alphabet of the SM messages.
  • an inverse translation processor stage should necessarily be present in order to re-translate the string of characters representing the print contained in the S-SM message into its byte array original format.
  • the print translation algorithm is parametric with respect to the output alphabet cardinality.
  • such algorithm is adapted to translate a byte array into character strings taken out from an alphabet having any number of bits, such as, for instance, 4 bits, 7 bits or 10 bits.
  • the output alphabets related to the various options are pre-defined within the algorithm and they are purposely selected for the desired function. For instance, the 7 bit alphabet coincides with the SM alphabet; the alphabets having a number of bits lower than 7 are sub-assemblies of the SM alphabet.
  • Figure 4 schematically illustrates the algorithm of the translation function.
  • the initialisation of the translation takes place by selecting the desired output alphabet, having 4 bits. Based upon the effected selection, the variable MASK that will be utilised for the extraction of the bits from the memory area utilised as work memory MEM is set up.
  • variable MASK when the 6 bit output alphabet is selected, said variable MASK will be initialised to hexadecimal value 0000003F. Such value is adapted to extract the 6 least significant bits of said memory MEM by means of a simple AND operation, bit by bit. Subsequently, this algorithm begins performing the translation of the input, by retrieving and processing n bytes at a time with the help of the memory section MEM. The translation operation will be completed by a number of steps depending on the size, equal to n bytes, of the memory section MEM as well as on the size of the input array.
  • Each step comprises: populating the memory section MEM such that the first byte is arranged in the least significant byte position of MEM and so on up to the n-th byte which will be arranged in the most significant byte position of MEM, extracting k-bit words from memory section MEM by utilising the above mentioned variable MASK, - translating each retrieved k-bit word into characters, based upon the index-character correspondences as defined for the selected alphabet.
  • Figure 5 schematically illustrates the algorithm of the inverse translation function that is symmetric to the translation algorithm shown in Figure 4.
  • the initialisation of the inverse translation takes place by selecting the input alphabet, which consists of the character string forming the print incorporated with the S-SM message. Obviously, the input alphabet to be selected in said inverse translation should be coincident with the output alphabet as utilised upstream to generate the S-SM message.
  • variable MASK that will be utilised for the insertion of the bits corresponding to each input character into the memory area utilised as work memory MEM is set up.
  • the algorithm begins performing the inverse translation of the input, by retrieving and processing n characters at a time with the help of the memory section MEM.
  • the inverse translation operation will be completed by a number of steps depending on the size of the memory section MEM as well as on the size of the input.
  • Each step comprises: translating each individual input character into k-bit words, based upon the index-character correspondences as defined for the selected alphabet, populating the memory section MEM with the k-bit words, where the k-bit word corresponding to the first character is arranged in the least significant bit positions of MEM, while the k-bit word corresponding to n-th character will be arranged in the most significant bit positions of MEM, and extracting the component bytes from memory section MEM by utilising a variable BYTE-MASK of 000000FF type.
  • the so obtained bytes form the print of the S-SM message.
  • the maximum length of portion M of said S-SM messages is 74 characters.
  • the S-SM architecture according to this invention is scaleable to other mobile technologies presently available on the market, such as WAP and GPRS, as well as to other next to be available technologies, such as UMTS.
  • WAP and GPRS mobile technologies presently available on the market
  • UMTS next to be available technologies
  • the extensions to SMS service that will be offered by new standards GPRS and UMTS will result into richer S-SM compositions both in terms of characters and, possibly, in terms of images and multimedial items. This scaleability is also assured in respect of cryptographic algorithms and of cryptographic architectures.
  • the GSM-, GPRS- or UMTS- compatible terminals (telephone and hand-held apparatuses) of next generation will be characterised by a sufficient computation capability to enable the implementation and the operation of conventional and public key cryptography algorithms directly on the terminal itself.
  • the S-SM approach has been designed and realised in such a manner as to be compatible with the generation and checking or verification functions of the S-SM devices directly on the mobile terminals, thereby extending even more the application ranges of the present S-SM approach.
  • the secure communication model can also be directly extended to client- client or to consumer-client communications and so it is not necessarily limited to consumer-merchant communications (B2C).
  • a Consumer can purchase products/services by directly interacting with a Merchant 6 by means of its mobile terminal 8 through a wireless network 9 or by interacting with the service centre 7 by means of a PC 10 through the Internet network 11.
  • the architecture of Figure 6 can be integrated in any payment model, such as cash, personalised pre-paid, credit cards, checks, IVR. In some application fields, it is necessary to have a network of
  • the payment service based upon S-SM messages can be extended to any type of commercial activity, also the not automatic ones, and it can be utilised in parallel to the conventional payment means (cash, checks, IVR, bancomat, pre-payment, disposable credit card).
  • each distributor or dispenser has telephone number associated thereto, while a code (publicised on the dispenser itself) is associated to the individual products.
  • a user wishing to effect a purchase sends his/her own digital identification certificate S-SM (preliminarily received from an issuing agency, such as, for instance, a bank operator, following a request for activation of the payment service by means of S-SM subscribed by the user himself/herself) to the indicated telephone number and specifies the code associated to the product and, if proper, the quantity.
  • S-SM digital identification certificate
  • the concerned dispenser dialogues with the interbank institute by means of S-SM messages or other channel (such as web or dedicated line) in order to verify the identity of the client and the available bank balance and, when the result is positive, it dispenses the requested product.
  • S-SM messages or other channel such as web or dedicated line
  • the transaction provides for one only S-SM message to be sent by the consumer.
  • the dialogue between the dispenser and the agency providing for the concerned payment requires one only SMS message to be sent from each party; the above transaction can alternatively take place by means of a different channel, such as web/SSL or dedicated telephone line.
  • the SMS transmitting process from the consumer is not particularly complex, in view of the fact that it is sufficient to add the product code as a header of the message received from the agency providing for the concerned payment.
  • the above illustrated process can be further simplified by letting the consumer directly digit the code of the product to be purchased on the dispenser.
  • the purchasing procedure will uniquely include sending the S-SM message to the dispenser, without any change to the original message.
  • the e-commerce model does not provide for a direct dispension of the purchased products, but a product/service supplier web site is directly involved in acquiring and delivering the goods.
  • Such model directly applies to pre-existing e-commerce sites.
  • the purchaser selects the articles he/she desires to purchase, by utilising the web interface furnished by the merchant. Upon submitting the order, he/she will be relayed to a page that, instead providing for a conventional transaction based upon a credit card in the SSL system, provides for an alternative and innovative purchasing methodology based upon S-SM messages.
  • the code associated to the purchase to be perfected (automatically generated by means of mechanisms adapted to guarantee authenticity) will be indicated together with the telephone number established by the merchant for reception of orders via the S-SM system.
  • the purchaser therefore, will have to compose a SM message by juxtaposing the order code to the head portion of his/her own digital certificate in S-SM format (virtual credit card) and will have to send such S-SM to the indicated telephone number.
  • S-SM format virtual credit card
  • the merchant dialogues with the interbank institute by means of S-SM or other channel (web, dedicated line, etc.) in order to check or verify the identity of the client and the available balance and, when the result is positive, it perfects the order and the delivery of the products.
  • the advantages for a merchant deriving by adoption of a S-SM based micro-payment system are as follows: extension of the sale channels, reduction of the personnel engaged in collecting and transferring the monetary incomes, less maintenance (failure rates in a S- SM system are lower than a money handling mechanical apparatus), reduction of the lock-picking risks, credits directly accounted without money handling, no need of telephone cables, possibility to directly monitor the residuals and any failures of the dispensers without additional costs.
  • the cellular device is utilised in similar way as it occurs in web electronic commerce, but without the need for the user to enter the credit card number or other secret code into his/her own cellular device.
  • the user has his/her own S-SM which uniquely identifies his/her credit card and enables secure purchases and reservations to be effected.
  • S-SM is issued from the service centre by means of the credit institute (bank), upon activation of the service, exactly as it occurs for the credit card system.
  • FIG. 8 it can be observed that another application example of the method according to this invention is a wager or betting system that the user can directly utilise by means of a radio telephone device, even near the same place where the event subject- matter of the wager is occurring, without the need to have cash money available and without the need to preliminarily go to the receiving stand and to enter a queue.
  • Each wager or bet has a code and a manager or bench telephone number associated thereto, as publicised in the entrance sheet or depliant or in a specialised magazine, on the web, etc.; the role of the bench is to guarantee the economic coverage of the various wagers. Preferably, it accepts a wager only when it is covered by other wagers.
  • a player desiring to submit a wager sends a S-SM message to the manager or administrator and specifies the relevant code.
  • the bench automatically credits the won sum (upon subtracting the intermediation percentage) on the player account, in the other case, it withdraws the corresponding amount.
  • a payment model based upon a pre-payment system can be adopted, in which the bench manages a virtual account that the wagerer provide for crediting or debiting depending on the concerned wager.
  • the advantages for a manager in adopting a S-SM based betting system are as follows: automatic management of the wagers, increase in the number of wagers, reduction of the receiving stations and of the related personnel, possibility to register user profiles and to make advertisement activities based upon the preferences of the players in order to actively propose wagers or other initiatives.
  • a further application example of the method according to this invention is in the field of purchasing or reserving tickets, or ticketing, which the user can directly carry out by means of a radio telephone apparatus, without preliminarily going to the ticket office, entering a queue for purchasing the desired tickets, taking the ticket with himself/herself to the showing, entering the queue for entrance and exhibiting the ticket for check. This occurs, for instance, in cinemas, theatres, museums, concerts, sport events, and so on.
  • Each showing has a code and a telephone number associated therewith (as published on the notice board, or on specialised magazines, newspapers, on web, and so on) and the user desiring to purchase/reserve a ticket sends a message to said number specifying the code and possibly the number of the seats he/she desires.
  • he/she receives a S-SM message including the result of the request and the digital signature of the manager/administrator: such message represents a real token for entrance.
  • the user goes to the entrance to the showing, sends the S-SM message with the ticket to the number of the manager/administrator which automatically recognises it and allows entrance, for instance by operating a carousel. Should a reservation be involved, the manager/administrator automatically debits the cost of the ticket.
  • the above described S-SM service can be integrated with the purchase and/or reservation service by web: for instance, in a context in which the subscriber desires to choose one or more seats based upon the presently existing availability, the web allows such research to be effected in the best conditions. Subsequently, after having located the desired seats, the concerned tickets can anyway be issued by the manager/administrator by means of S-SM messages to be sent to the same person who performed the reservation or to any other desired person.
  • the advantages for a manager in adopting a S-SM based ticketing system are as follows: automatic pre-sale of the tickets, reduction of the personnel at the ticket office, reduction of the personnel required for checking the tickets at the entrances to the showings, possibility to register user profiles and to make advertisement activities based upon the preferences of the users, issuing of free gift or discounted price tickets.
  • the validation of the electronic ticket can be effected locally at the same entrance gate, in view of the fact that it does not require any communication with a possible central file, thereby reducing the needs of cables and connections.
  • a central file capable to keep all already issued tickets is preferably adopted in order to prevent any fraudulent action.
  • a retailer can perform one-to-one marketing campaigns by sending promotional messages to the clients or to people passing near the sale point. This is the case, for instance, of supermarkets, shops, restaurants.
  • the concerned shop-keeper collects information about the preferences of his/her clients, for instance by means of paper forms to be filled-in or via web. Based on the so collected profiles, he/she can start promotional activities aimed at encouraging the clients to access the shop. For instance, he/she can send a S-SM message informing the client that a discount or a gift will be associated to a certain purchase or expenditure. At this point, the client can access the shop, send the received S-SM message and be enabled to enjoy the promotional offer.
  • the concerned shop-keeper can order his/her telephonic operator or his/her own ASP to send promotional messages to the subscriber passing near the sale point by exploiting the mobile location technology, in similar way as it occurs when usual leaflets are distributed.
  • the advantages for a retail salesman in adopting an advertising system based upon S-SM messages are connected with realising a one-to-one marketing (to directly encouraging the clients and to approach passer-by's), so as to achieve savings in terms of promotional mail, advertisement boards, distribution of leaflets.
  • a S-SM based mobile service is adapted to resist the following cryptographic attack typologies: - detection of the contents, with access to confidential information as included in the SMS message for people and/or processes foreign to the communication; analysis of the traffic, with identification of the message structure between the two parties of the concerned communication; - masking, with insertion of messages generated by any fraudulent sources into the communication; modification of the contents, with change of the text of the message, by insertion, deletion, substitution, transposition of characters; modification of the message sequence between the two involved parties; modification of the times, with delay or repetition of the messages; rejection by the sender, with denying the transmission of a message from a source.
  • a S-SM system In addition to the security and confidentiality of the communications and to the compatibility with all cellular and hand-held GSM/GPRS/UMTS radio telephone apparatuses, the following further advantages of a S-SM system according to this invention can be mentioned : - the simplicity of use, that does not require either any specific configuration of the apparatuses (such as the common radio telephone sets) or any technical background knowledge by the user, since it requires sending a single message or, in the worst situation and only in particular cases, two messages for performing a transaction; - the multiplicity of payment mechanisms, since the S-SM service can be integrated with any payment model (such as cash, personalised pre-payments, credit card, checks); low infrastructure costs, since access to S-SM based services does not require particular infrastructural investments by companies or institutes: in fact a conventional PC and a GSM/GPRS/UMTS modem (or any cellular radio telephone apparatus) are sufficient; - the independence on a telephonic operator, since the S-SM service in completely independent on any operator

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

L'invention concerne un procédé sécurisé de transmission de données par des messages utilisés dans le cadre du service de messages courts (SMS) d'un système de téléphonie mobile, de préférence d'un système de téléphonie cellulaire. Ce procédé de transmission permet de garantir, de façon simple, fiable et économique, les quatre niveaux de sécurité pour les communications par SMS entre un expéditeur et un destinataire (à savoir son authenticité, son intégrité, son acceptations et sa confidentialité) et, par conséquent, de rendre techniquement sûres les opérations commerciales, telles que les paiements et les réservations, par le service des SMS. L'invention concerne également des procédés sécurisés de création et de reconnaissance de messages SMS, des instruments nécessaires à la mise en oeuvre de ces procédés ainsi qu'un dispositif destiné à mise en oeuvre de ces procédés.
PCT/IT2002/000508 2001-08-08 2002-07-30 Procede securise de transmission de donnees par service de messages courts (sms) WO2003015343A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
ITRM2001A000492 2001-08-08
IT2001RM000492A ITRM20010492A1 (it) 2001-08-08 2001-08-08 Metodo per la trasmissione sicura di dati tramite messaggi del servizio messaggi brevi, o sms (short message service), di telefonia radiomob

Publications (1)

Publication Number Publication Date
WO2003015343A1 true WO2003015343A1 (fr) 2003-02-20

Family

ID=11455727

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IT2002/000508 WO2003015343A1 (fr) 2001-08-08 2002-07-30 Procede securise de transmission de donnees par service de messages courts (sms)

Country Status (2)

Country Link
IT (1) ITRM20010492A1 (fr)
WO (1) WO2003015343A1 (fr)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2003096615A1 (fr) * 2002-05-07 2003-11-20 Wireless Applicatoins Pty Ltd Procede d'autentification et de verification de communications par sms
EP1475755A1 (fr) * 2003-05-05 2004-11-10 Openlot Systems B.V. Système de lotterie à accès mobile
WO2009136848A1 (fr) * 2008-05-05 2009-11-12 Paysystem Sweden Ab Paiements électroniques dans un système de communication mobile
US9083680B2 (en) 2008-01-18 2015-07-14 Tekelec, Inc. Systems, methods, and computer readable media for application-level authentication of messages in a telecommunications network
US11144668B2 (en) * 2019-08-15 2021-10-12 International Business Machines Corporation Cognitively hiding sensitive content on a computing device

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1998003026A1 (fr) * 1996-07-11 1998-01-22 Gemplus S.C.A. Message court ameliore et procede de synchronisation et de securisation d'un echange de messages courts ameliores dans un systeme de radiocommunication cellulaire
EP0898397A2 (fr) * 1997-08-22 1999-02-24 Nokia Mobile Phones Ltd. Procédé de communication sécurisée dans un système de télécommunication
WO2000049766A1 (fr) * 1999-02-16 2000-08-24 Sonera Smarttrust Oy Procede prevoyant la disposition d'une securite des donnees

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1998003026A1 (fr) * 1996-07-11 1998-01-22 Gemplus S.C.A. Message court ameliore et procede de synchronisation et de securisation d'un echange de messages courts ameliores dans un systeme de radiocommunication cellulaire
EP0898397A2 (fr) * 1997-08-22 1999-02-24 Nokia Mobile Phones Ltd. Procédé de communication sécurisée dans un système de télécommunication
WO2000049766A1 (fr) * 1999-02-16 2000-08-24 Sonera Smarttrust Oy Procede prevoyant la disposition d'une securite des donnees

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2003096615A1 (fr) * 2002-05-07 2003-11-20 Wireless Applicatoins Pty Ltd Procede d'autentification et de verification de communications par sms
AU2003225327B2 (en) * 2002-05-07 2007-07-19 Wireless Applications Pty Ltd Method for authenticating and verifying SMS communications
AU2003225327B8 (en) * 2002-05-07 2009-06-18 Wireless Applications Pty Ltd Method for authenticating and verifying SMS communications
EP1475755A1 (fr) * 2003-05-05 2004-11-10 Openlot Systems B.V. Système de lotterie à accès mobile
US9083680B2 (en) 2008-01-18 2015-07-14 Tekelec, Inc. Systems, methods, and computer readable media for application-level authentication of messages in a telecommunications network
WO2009136848A1 (fr) * 2008-05-05 2009-11-12 Paysystem Sweden Ab Paiements électroniques dans un système de communication mobile
US11144668B2 (en) * 2019-08-15 2021-10-12 International Business Machines Corporation Cognitively hiding sensitive content on a computing device

Also Published As

Publication number Publication date
ITRM20010492A1 (it) 2003-02-10
ITRM20010492A0 (it) 2001-08-08

Similar Documents

Publication Publication Date Title
US20030014315A1 (en) Method and a system for obtaining services using a cellular telecommunication system
US7716129B1 (en) Electronic payment methods
US10325254B2 (en) Communication terminal and communication method using plural wireless communication schemes
US20030069792A1 (en) System and method for effecting secure online payment using a client payment card
WO2002039342A1 (fr) Systeme de banque de valeurs electroniques privees
CN101276498A (zh) 多媒体自助终端
CN101339639A (zh) 虚拟会员卡系统和提供方法,以及虚拟会员卡的读取方法
US7630927B2 (en) Anonymous and secure internet payment method and mobile devices
JP2009123013A (ja) 情報通信システム、通信装置、二次元バーコードおよび電子クーポン発行管理方法
EP1104973A1 (fr) Methode et système pour obtinir des sérvices en utilisant un système de telecommunication cellulaire
WO2002021767A1 (fr) Carte de paiement virtuelle
US7814018B1 (en) Charge number issuing and transaction system and method
US7017804B2 (en) Method for providing identification data of a banking card to a user
NZ517692A (en) Initializing/activating accounts utilizable for purchasing/provisioning items/services over data communications networks
CN110969465A (zh) 一种基于区块链通证的促销方法及系统
WO2003015343A1 (fr) Procede securise de transmission de donnees par service de messages courts (sms)
WO2001067365A1 (fr) Services internet pour guichets automatiques bancaires
WO2002025603A1 (fr) Procede de remboursement/transfert d'un produit, d'un service, d'un paiement et/ou analogue
JP2001188856A (ja) インターネット携帯電話機を用いた商品役務情報伝送方法及びシステム並びにそのためのサーバ及びクライアント及びインターネット携帯電話機を用いた電子商取引方法
IES20040572A2 (en) A system and method for validation of electronic vouchers
CN2921973Y (zh) 自助交付终端
US20080120179A1 (en) Method Of Commerce
CN110956454A (zh) 一种区块链红包投放方法及系统
WO2005081148A1 (fr) Systeme et procede de validation de bons electroniques
KR102347369B1 (ko) 전자우편 기반 폐쇄형 티켓팅 시스템 및 이를 이용한 방법

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BY BZ CA CH CN CO CR CU CZ DE DM DZ EC EE ES FI GB GD GE GH HR HU ID IL IN IS JP KE KG KP KR LC LK LR LS LT LU LV MA MD MG MN MW MX MZ NO NZ OM PH PL PT RU SD SE SG SI SK SL TJ TM TN TR TZ UA UG US UZ VN YU ZA ZM

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SD SE SG SI SK SL TJ TM TN TR TT TZ UA UG US UZ VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ UG ZM ZW AM AZ BY KG KZ RU TJ TM AT BE BG CH CY CZ DK EE ES FI FR GB GR IE IT LU MC PT SE SK TR BF BJ CF CG CI GA GN GQ GW ML MR NE SN TD TG

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR IE IT LU MC NL PT SE SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP

WWW Wipo information: withdrawn in national office

Country of ref document: JP

点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载