Mobile trusted module (MTM)-based short message service security system and method thereof
First Claim
1. A hardware security module of a terminal, comprising:
- an access control unit configured to verify an integrity of a short message service (SMS) application and a request for processing a security message, and verify whether the SMS application has a permission for performing the request;
a key management unit configured to store and manage a public key and a private key of the terminal, and an encryption key shared with a server, the server being configured for transmitting the security message to the terminal; and
a security message processing unit configured to convert the security message based on a preset security policy for managing the security message when the security message is received from the server, and return the converted message to the SMS application,wherein, when the security policy is set to manage the security message in an encrypted state, the security message processing unit decrypts the security message using the encryption key, re-encrypts the decrypted security message using a separate key, and returns the re-encrypted security message and a key ID of the separate key to the SMS application.
1 Assignment
0 Petitions
Accused Products
Abstract
An MTM-based short message service security system and a method thereof are provided. A hardware security module according to the present invention includes an access control unit configured to verify the integrity of a SMS application and a request from the SMS application, and verify whether the SMS application has a permission for the request; a key management unit configured to store and manage a public key and a private key of the terminal, and an encryption key shared with a server configured to transmit a security message between the server and the terminal; and a security message processing unit configured to convert the security message based on a preset security policy when the security message is received from the server, and return the converted message to the SMS application.
-
Citations
8 Claims
-
1. A hardware security module of a terminal, comprising:
-
an access control unit configured to verify an integrity of a short message service (SMS) application and a request for processing a security message, and verify whether the SMS application has a permission for performing the request; a key management unit configured to store and manage a public key and a private key of the terminal, and an encryption key shared with a server, the server being configured for transmitting the security message to the terminal; and a security message processing unit configured to convert the security message based on a preset security policy for managing the security message when the security message is received from the server, and return the converted message to the SMS application, wherein, when the security policy is set to manage the security message in an encrypted state, the security message processing unit decrypts the security message using the encryption key, re-encrypts the decrypted security message using a separate key, and returns the re-encrypted security message and a key ID of the separate key to the SMS application. - View Dependent Claims (2, 3)
-
-
4. A short message service security method of a terminal that includes a hardware security module and an SMS application, the method comprising:
-
receiving, from a server, a security message that has been encrypted using an encryption key, the terminal sharing the encryption key with the server; converting the security message based on a preset security policy for managing the security message; and transmitting a reception checking message to the server when reception of the security message is completed, wherein, when the security policy is set to manage the security message in an encrypted state, the converting includes; decrypting the security message using the encryption key; re-encrypting the decrypted security message using a separate key; and storing the re-encrypted security message and a key ID of the separate key. - View Dependent Claims (5, 6)
-
-
7. A short message service security method that is provided by a server, the method comprising:
-
generating a security message by encrypting a short message from a transmitting terminal using an encryption key when the short message matches a security policy that is set by a target terminal; delivering the security message to the target terminal and requesting a security message reception checking task from the target terminal; and verifying reception of the security message based on a reception checking message received from the target terminal, the reception checking message being generated when the reception of the security message is completed by the target terminal, wherein the reception checking message includes a hash value of a plain text of the security message, or includes hash values of plain texts of N security messages including the security message that the target terminal has received most recently, and wherein the verifying of the reception includes; checking whether a hash value of a plain text of the security message that the server has transmitted or hash values of plain texts of N security messages that the server has transmitted most recently to the target terminal match the hash value or the hash values included in the reception checking message, respectively; and generating a verification checking message when the hash values in the server match the hash values in the reception checking message, and generating an error message when the hash values do not match. - View Dependent Claims (8)
-
Specification