Use of short message service (SMS) for secure transactions

US 20030123669A1
Filed: 12/28/2001
Published: 07/03/2003
Est. Priority Date: 12/28/2001
Status: Active Grant

First Claim

Patent Images

1. A method for establishing a secure conduit for SMS communication with a wireless terminal, comprising:

a) encrypting an authorization key in response to a first SMS message from the wireless terminal comprising a public key and a request for the authorization key;

b) sending to the wireless terminal a second SMS message comprising the encrypted authorization key;

c) decrypting a third SMS message from the wireless terminal comprising an authentication code and a request for a traffic key;

d) authenticating the third SMS message;

e) encrypting the traffic key; and

f) sending to the wireless terminal a fourth SMS message comprising the traffic key.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method is presented for establishing a secure conduit for SMS communication between a center and a wireless terminal. The center encrypts an authorization key in response to a wireless terminal'"'"'s SMS message containing a public key and a request for the authorization key, sends back to the wireless terminal an SMS message containing the encrypted authorization key, decrypts another SMS message received from the wireless terminal which contains an authentication code and a request for a traffic key, authenticates the SMS message, encrypts the traffic key, and sends to the wireless terminal another SMS message containing the traffic key.

55 Citations

View as Search Results

18 Claims

1. A method for establishing a secure conduit for SMS communication with a wireless terminal, comprising:
- a) encrypting an authorization key in response to a first SMS message from the wireless terminal comprising a public key and a request for the authorization key;
  
  b) sending to the wireless terminal a second SMS message comprising the encrypted authorization key;
  
  c) decrypting a third SMS message from the wireless terminal comprising an authentication code and a request for a traffic key;
  
  d) authenticating the third SMS message;
  
  e) encrypting the traffic key; and
  
  f) sending to the wireless terminal a fourth SMS message comprising the traffic key.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, further comprising:
    - generating at least three keys, comprising a key encryption key, an upstream message authentication key, and a downstream authentication key.
  - 3. The method of claim 1, wherein the wireless terminal is a wireless telephone.
  - 4. The method of claim 1, wherein the authentication code is a hash-based message authentication code digest.
  - 5. The method of claim 1, wherein the secure conduit is for conveying credit card transactions.
  - 6. The method of claim 1, wherein the secure conduit is for conveying medical information.

7. An apparatus for establishing a secure conduit for SMS communication with a wireless terminal, comprising:
- a) first cryptographic means for encrypting an authorization key in response to a first SMS message from the wireless terminal comprising a public key and a request for the authorization key;
  
  b) communication means for sending to the wireless terminal a second SMS message comprising the encrypted authorization key;
  
  c) second cryptographic means for decrypting a third SMS message from the wireless terminal comprising an authentication code and a request for a traffic key;
  
  d) upstream message authentication key means for authenticating the third SMS message; and
  
  e) third cryptographic means for encrypting the traffic key;
  
  wherein the communication means is also means for sending to the wireless terminal a fourth SMS message comprising the traffic key.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The apparatus of claim 7, further comprising:
    - fourth cryptographic means for generating at least three keys, comprising a key encryption key, an upstream message authentication key, and a downstream authentication key.
  - 9. The apparatus of claim 7, wherein the wireless terminal is a wireless telephone.
  - 10. The apparatus of claim 7, wherein the authentication code is a hash-based message authentication code digest.
  - 11. The apparatus of claim 7, wherein the secure conduit is for conveying credit card transactions.
  - 12. The apparatus of claim 7, wherein the secure conduit is for conveying medical information.

13. A computer-readable medium having stored thereon a plurality of instructions, the plurality of instructions including instructions which, when executed by a processor, cause the processor to establish a secure conduit for SMS communication with a wireless terminal, by:
- a) encrypting an authorization key in response to a first SMS message from the wireless terminal comprising a public key and a request for the authorization key;
  
  b) creating a second message comprising the encrypted authorization key;
  
  c) decrypting a third SMS message from the wireless terminal comprising an authentication code and a request for a traffic key;
  
  d) authenticating the third SMS message;
  
  e) encrypting the traffic key; and
  
  f) creating a fourth message comprising the traffic key.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The computer-readable medium of claim 13, wherein the plurality of instructions includes further instructions which, when executed by a processor, cause the processor to perform the additional step of:
    - generating at least three keys, comprising a key encryption key, an upstream message authentication key, and a downstream authentication key.
  - 15. The computer-readable medium of claim 13, wherein the wireless terminal is a wireless telephone.
  - 16. The computer-readable medium of claim 13, wherein the authentication code is a hash-based message authentication code digest.
  - 17. The computer-readable medium of claim 13, wherein the secure conduit is for conveying credit card transactions.
  - 18. The computer-readable medium of claim 13, wherein the secure conduit is for conveying medical information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nokia Siemens Networks GmbH & Company KG (Nokia Corporation)
Original Assignee
Siemens Communications Incorporated (Siemens AG)
Inventors
Stamatelos, George, Koukoulidis, Vassilios, Jezierny, Rick

Granted Patent

US 7,076,657 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/281
CPC Class Codes

G06Q 20/04   Payment circuits

G06Q 20/3227   using secure elements embed...

G06Q 20/3255   using mobile network messag...

G06Q 20/3823   combining multiple encrypti...

H04L 2463/062   applying encryption of the ...

H04L 63/062   for key distribution, e.g. ...

H04L 63/126   the source of the received ...

H04W 12/037   of the control plane, e.g. ...

H04W 12/04   Key management, e.g. using ...

H04W 12/06   Authentication

Use of short message service (SMS) for secure transactions

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

55 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Use of short message service (SMS) for secure transactions

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

55 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links