+

WO2018125005A1 - Système pour communication chiffrée bout à bout basée sur sim - Google Patents

Système pour communication chiffrée bout à bout basée sur sim Download PDF

Info

Publication number
WO2018125005A1
WO2018125005A1 PCT/TR2017/000159 TR2017000159W WO2018125005A1 WO 2018125005 A1 WO2018125005 A1 WO 2018125005A1 TR 2017000159 W TR2017000159 W TR 2017000159W WO 2018125005 A1 WO2018125005 A1 WO 2018125005A1
Authority
WO
WIPO (PCT)
Prior art keywords
sim card
mobile device
primary
sim
mobile
Prior art date
Application number
PCT/TR2017/000159
Other languages
English (en)
Inventor
Görkem TOKATLI
Original Assignee
Turkcell Teknoloji̇ Araştirma Ve Geli̇şti̇rme Anoni̇m Şi̇rketi̇
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Turkcell Teknoloji̇ Araştirma Ve Geli̇şti̇rme Anoni̇m Şi̇rketi̇ filed Critical Turkcell Teknoloji̇ Araştirma Ve Geli̇şti̇rme Anoni̇m Şi̇rketi̇
Publication of WO2018125005A1 publication Critical patent/WO2018125005A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/606Protecting data by securing the transmission between two devices or processes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • H04L9/0897Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage involving additional devices, e.g. trusted platform module [TPM], smartcard or USB

Definitions

  • the present invention relates to a system for realizing end-to-end encrypted communication as SIM (Subscriber Identity Module) based among mobile devices.
  • SIM Subscriber Identity Module
  • SIM cards which can take command by IP (Internet Protocol) infrastructure over Internet, in other words has improved OTA (Over-the-Air) feature, have been improved together with some studies done today. With this improvement, it was aimed to be able to change definitions inside SIM card with quick and high performance.
  • IP Internet Protocol
  • OTA Over-the-Air
  • the Chinese patent document no. CN104618898 discloses a system wherein SMS (Short Message Service) based IP (Internet Protocol) short messages can be encrypted or decrypted.
  • SMS Short Message Service
  • IP Internet Protocol
  • An objective of the present invention is to realize a system for realizing end-to- end encrypted communication as SIM (Subscriber Identity Module) based among mobile devices.
  • SIM Subscriber Identity Module
  • Figure 1 is a schematic view of the inventive system.
  • the inventive system (1) for realizing SIM based end-to-end encrypted communication comprises:
  • At least one primary SIM card (21.) which is inserted in the primary mobile device (2) and used by the primary mobile device (2) in order to access the services provided by the mobile communication network operator;
  • the primary mobile device (2) is a device wherein the primary SIM card (21) is inserted and which can establish communication with the secondary mobile device (3).
  • the primary mobile device (2) can be an electronic communication device wherein the primary SIM card (21) may be inserted such as smart phone, smart phone, tablet computer.
  • the primary SIM card (21) is a module which is inserted in the primary mobile device (2) and used by the primary mobile device (2) in order to access the services provided by the mobile communication network operator.
  • the primary SIM card (21) is a unit which has STK (SIM ToolK.it) functions.
  • the primary SIM card (21) has a secure zone which contains a key pair, namely one public key and one secret key, generated on itself.
  • the primary SIM card (21) is a unit which can communicate over IP (Internet Protocol), in other words has improved OTA feature.
  • the primary SIM card (21 ) is a unit which has the quality to run SIM applications on thereof.
  • the secondary mobile device (3) is a communication device with which the primary mobile device (2) establishes communication.
  • the secondary mobile device (3) can be an electronic communication device wherein the primary SIM card (21 ) may be inserted such as smart phone, smart phone, tablet computer.
  • the secondary SIM card (31) is a module which is inserted in the secondary mobile device (3) and used by the secondary mobile device (3) in order to access the services provided by the mobile communication network operator.
  • the secondary SIM card (31) is a unit which has STK (SIM ToolKil) functions.
  • the secondary SIM card (31 ) has a secure zone which contains a key pair, namely one public key and one secret key, generated on itself.
  • the secondary SIM card (31) is a unit which can communicate over IP (Internet Protocol), in other words has improved OTA feature.
  • the secondary SIM card (31 ) is a unit which has the quality to run SIM applications on thereof.
  • transaction of realizing end-to-end encrypted communication as SIM based among mobile devices is carried out. While carrying out the said transaction, secure communications is realized by means of public key infrastructure (PKI).
  • PKI public key infrastructure
  • the communication realized between a mobile application running on the primary mobile device (2) and a mobile application running on the secondary mobile device (3) is carried out securely.
  • the mobile application in the primary mobile device (2) when it is considered that a message will be sent from the mobile application running on the primary mobile device (2) to the mobile application running on the secondary mobile device (3), the mobile application in the primary mobile device (2) sends public key query to the mobile application in the secondary mobile device (3) at first.
  • the mobile application in the secondary mobile device (3) sends its own public key to the mobile application in the primary mobile device (2) and the mobile application in the primary mobile device (2) encrypts the message by means of this public key and sends it to the mobile application in the secondary mobile device G).
  • the mobile application in the secondary mobile device (3) decrypts the incoming encrypted message by means of the secret key included in the secondary SIM card (31 ) by using the STK functions of the secondary SIM card (31).
  • the mobile application in the secondary mobile device (3) cannot see the secret key kept in the secure zone of the secondary SIM card (31) and it. can access this secret key with the purpose of decryption only over the STK functions.
  • the communication occurring between the SIM applications running on the primary SIM card (21) and the secondary SIM card (31) is realized securely.
  • the SIM application on the primary SIM card (21 ) sends public key query to the SIM application running on the secondary SIM card (31) at first.
  • the SIM application running on the secondary SIM card (31 ) sends its own public key to the SIM application on the primary SIM card (21) and the SIM application on the primary SIM card (21 ) encrypts the message by means of this public key and sends it to the SIM application running on the secondary SIM card (31 ). Then, the SIM application running on the secondary SIM card (31 ) decrypts the incoming encrypted message by means of the secret key included in the secondary SIM card (31) by using the STK functions of the secondary SIM card (31). At this stage, the SIM application running on the secondary SIM card (31 ) cannot see the secret key kept in the secure zone of the secondary SIM card (31) and it can access tins secret key with the purpose of decryption only over the STK functions.
  • secure communication is provided over a secure medium where secret key information cannot be learnt even if malicious software are installed in the primary mobile device (2) and the secondary mobile device (3) without needing mobile application.
  • the communication between ihe SIM application running on the primary SIM card (21 ) and the SIM application running on the secondary SIM card (31 ) is realized by means of the communication skills of the primary mobile device (2) and the secondary mobile device (3).
  • the primary mobile device (2) needs to know the IP and port information being listened by the secondary SIM card (31 ) included in the secondary mobile device (3) in order that communication can be realized between the primary SIM card (21) and the secondary SIM card (31) having improved OTA feature.
  • up-to-date IP and port information being listened by the devices can be kept in a central structure (for example, within the mobile communication network operator).
  • the primary mobile device (2) learns the ⁇ and port information being listened by the secondary SIM card (31 ) by sending query to this central structure through the MSISDN (Mobile Station International Subscriber Directory Number) that is being used by means of the secondary SIM card (31 ) in the secondary mobile device (3), when transfer will be made from the SIM application located in the primary SIM card (21) to the SIM application located in ihe secondary SIM card (31 ) and thus its transfer can be realized.
  • MSISDN Mobile Station International Subscriber Directory Number
  • the primary mobile device (2) is a unit which can also receive public key information of the secondary SIM card (31) in addition to the IP and port information from such central structure.
  • the primary mobile device (2) and the secondary mobile device (3) are devices which are configured such that they can update the IP, port and public key information about themselves on this central structure. Carrying out message replay and denial of service attacks to the IP and ports being listened by the primary mobile device (2) and the secondary mobile device (3) is among possible situations thai may be experienced during use of the inventive system (I).
  • the secondary mobile device (3) is a device which has the quality to receive a message incoming from the primary mobile device (2) directly from the primary mobile device (2 ) and also over a central structure.
  • the primary mobile device (2) can be configured as a device which has to receive a token from a central structure before making transfer to the secondary mobile device (3).
  • the secondary mobile device (3) can avoid replay messages by making token control instead of decrypting each replay message in message replay attacks.
  • the SIM application located on the primary SIM card (21 ) and the SIM application located on the secondary SIM card (31 ) are units which are configured such that they can establish communication over a central structure that both parries trust.
  • the said central structure can store the public keys created on the primary SIM card (21) and the secondary SIM card (.31 ) in the form of a certificate with the user information.
  • the SIM application located on the primary SIM card (21) accesses this central structure at first when it will make transfer to the SIM application located on the secondary SIM card (31) and receives the public key of the secondary STM card (31 ) and a token information from this central structure.
  • the SJM application on the primary SIM card (21) receiving the public key of the secondary SIM card (31) and the token then sends the encrypti on message and this token to the SIM application on the secondary SIM card (31 ).
  • the SIM application on the secondary SIM card (31 ) accesses the said central structure and thus carries out an authentication about this token and learns the public key located on the primary SIM card (21).
  • the SIM application on the secondary SIM card (31) decrypts the encrypted message by the secret key located in the secondary SIM card (31).
  • SIM based end-to-end encrypted communication is realized among mobile devices.
  • the invention cannot be limited to examples disclosed herein and it is essentially according to claims.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephone Function (AREA)
  • Telephonic Communication Services (AREA)

Abstract

La présente invention concerne un système (1) pour mettre en oeuvre une communication chiffrée de bout en bout telle que basée sur SIM (Module d'identité d'abonné) parmi des dispositifs mobiles. Le système (1) selon l'invention comprend un dispositif mobile primaire (2), une carte SIM primaire (21), un dispositif mobile secondaire (3), une carte SIM secondaire (31).
PCT/TR2017/000159 2016-12-30 2017-12-28 Système pour communication chiffrée bout à bout basée sur sim WO2018125005A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
TR2016/20232A TR201620232A2 (tr) 2016-12-30 2016-12-30 Sim tabanli uçtan uca şi̇freli̇ haberleşme i̇çi̇n bi̇r si̇stem
TR2016/20232 2016-12-30

Publications (1)

Publication Number Publication Date
WO2018125005A1 true WO2018125005A1 (fr) 2018-07-05

Family

ID=62709734

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/TR2017/000159 WO2018125005A1 (fr) 2016-12-30 2017-12-28 Système pour communication chiffrée bout à bout basée sur sim

Country Status (2)

Country Link
TR (1) TR201620232A2 (fr)
WO (1) WO2018125005A1 (fr)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090305673A1 (en) * 2008-06-06 2009-12-10 Ebay, Inc. Secure short message service (sms) communications
WO2009154580A1 (fr) * 2008-06-20 2009-12-23 Dallab (S) Pte Ltd Service de messages courts sécurisé

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090305673A1 (en) * 2008-06-06 2009-12-10 Ebay, Inc. Secure short message service (sms) communications
WO2009154580A1 (fr) * 2008-06-20 2009-12-23 Dallab (S) Pte Ltd Service de messages courts sécurisé

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
RONGYU, HE ET AL.: "A PK-SIM card based end-to-end security framework for SMS", COMPUTER STANDARDS & INTERFACES, vol. 31, no. 4, June 2009 (2009-06-01), pages 629 - 641, XP026048814 *

Also Published As

Publication number Publication date
TR201620232A2 (tr) 2018-07-23

Similar Documents

Publication Publication Date Title
JP6641029B2 (ja) キー配信および認証方法およびシステム、ならびに装置
EP2950506B1 (fr) Procede permettant d'etablir un canal de communication securise
EP1025675B1 (fr) Securite de commutations de donnees
EP3493462B1 (fr) Procédé d'authentification, appareil d'authentification et système d'authentification
US5455863A (en) Method and apparatus for efficient real-time authentication and encryption in a communication system
CN101512537B (zh) 在自组无线网络中安全处理认证密钥资料的方法和系统
US8831224B2 (en) Method and apparatus for secure pairing of mobile devices with vehicles using telematics system
CN100589381C (zh) 一种通信系统中用户身份保密的方法
US20070239994A1 (en) Bio-metric encryption key generator
KR20080104180A (ko) Sim 기반 인증방법
CN101720071A (zh) 基于安全sim卡的短消息两阶段加密传输和安全存储方法
KR20040065466A (ko) 근거리 통신 장치를 구비한 복합 이동 통신 단말의 보안통신 시스템 및 방법
CN103152731A (zh) 一种3g接入的imsi隐私保护方法
US20220104013A1 (en) Ensuring secure attachment in size constrained authentication protocols
CN102264068B (zh) 共享密钥协商方法与系统、网络平台及终端
Khan et al. Authentication and secure communication in GSM, GPRS, and UMTS using asymmetric cryptography
Dwiputriane et al. Authentication for 5G Mobile Wireless Networks: Manuscript Received: 5 January 2022, Accepted: 8 February 2022, Published: 15 March 2022
WO2018125005A1 (fr) Système pour communication chiffrée bout à bout basée sur sim
EP3847836B1 (fr) Procédé pour mettre à jour une donnée secrète dans un conteneur
CN117479154B (zh) 基于统一多域标识认证的办公终端数据处理方法与系统
Neza et al. E-Money Security Dilemma: Advanced Cybersecurity Mechanisms and Legacy Mobile Payments in Sub-Saharan Africa
Khan et al. Retrofitting mutual authentication to GSM using RAND hijacking
US11171988B2 (en) Secure communication system and method for transmission of messages
Khan Privacy of User Identities in Cellular Networks
Elkamchouchi et al. An Improved Authentication Protocol for Mobile Communication based on Tripartite Signcryption

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17887680

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17887680

Country of ref document: EP

Kind code of ref document: A1

点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载