Method For Managing The Security Of Applications With A Security Module

US 20070274524A1
Filed: 11/03/2004
Published: 11/29/2007
Est. Priority Date: 11/04/2003
Status: Active Grant

First Claim

Patent Images

1-20. -20. (canceled)

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The aim of this invention is to propose a method to manage the security of the set composed by an equipment, a security module and applications in order to limit the risk related to the fact that a security module could be fraudulently used by applications executed on a type of equipment and/or of software version that does not entirely fulfill the established security criteria. This aim is reached by a method for managing the security of applications with a security module functioning in an equipment connected to a network, said network being managed by a control server of an operator, said applications using resources as data or functions stored in a security module locally connected to said equipment, comprising the following preliminary steps: reception of data comprising at least the type and software version of the equipment and the identity of the security module, via the network, by the control server, analysis and verification by the control server of said data, generation of a cryptogram from the result of the verification of said data, and transmission of said cryptogram, via the network and the equipment, to the security module, said method further comprises steps wherein the security module analyses the received cryptogram and activates, respectively deactivates the resources as data or functions used by at least one application installed in the equipment, said cryptogram comprising the instructions conditioning the functioning of the application according to criteria established by the supplier of said application and/or the operator and/or the user of the equipment.

55 Citations

View as Search Results

40 Claims

1-20. -20. (canceled)

21. Method for managing the security of applications with a security module functioning in an equipment connected to a network, said network being managed by a control server of an operator, said applications using resources as data or functions stored in a security module locally connected to said equipment, comprising the following preliminary steps:
- reception of data comprising at least the type and software version of the equipment and the identity of the security module, via the network, by the control server, analysis and verification by the control server of said data, generation of a cryptogram from the result of the verification of said data, and transmission of said cryptogram, via the network and the equipment, to the security module, said method further comprises steps wherein the security module analyses the received cryptogram and activates, respectively deactivates the resources as data or functions used by at least one application installed in the equipment, said cryptogram comprising the instructions conditioning the functioning of the application according to criteria established by the supplier of said application and/or the operator and/or the user of the equipment.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38)
- - 22. Method according to claim 21, wherein the equipment is a mobile equipment of mobile telephony.
  - 23. Method according to claim 21, wherein the network is a mobile network of the GSM, GPRS or UMTS type.
  - 24. Method according to claim 21, wherein the security module is a subscriber module of a SIM card type inserted into the mobile equipment of mobile telephony.
  - 25. Method according to claim 24, wherein the identification of the set mobile equipment/subscriber module is carried out from the identifier of the mobile equipment and from the identification number of the subscriber module pertaining to a subscriber to the mobile network.
  - 26. Method according to claim 21, wherein the criteria defines the usage limits of an application according to the risk associated to said application and to the type and the software version of the mobile equipment that the operator and/or the application supplier and/or the user of the mobile equipment want to take in account.
  - 27. Method according to claim 22 carried out after each connection of the mobile equipment to the network.
  - 28. Method according to claim 22 carried out after each of updating the software version of the mobile equipment.
  - 29. Method according to claim 22, carried out after each activation or deactivation of an application on the mobile equipment
  - 30. Method according to claim 24 carried out after each updating of the software version of the subscriber module.
  - 31. Method according to claim 24 carried out after each updating of the resources on the subscriber module.
  - 32. Method according to claim 21 carried out periodically at a rate given by the control server.
  - 33. Method according to claim 22 carried out after each initialization of an application on the mobile equipment.
  - 34. Method according to claim 24 wherein the subscriber module, prior to the execution of the instructions given by the cryptogram, compares the identifier of the mobile equipment with that previously received and only initiates the verification operation if the identifier has changed.
  - 35. Method according to claim 25, wherein the control server, prior to the transmission of the cryptogram, compares the identifier of the mobile equipment with that previously received and only initiates the verification operation if the identifier has changed.
  - 36. Method according to claim 24, wherein the cryptogram is made up of a message encrypted by the control server with the aid of an asymmetrical or symmetrical encryption key from a data set containing, among other data, the identifier of the mobile equipment, the identification number of the subscriber module, the resource references of the subscriber module and a predictable variable.
  - 37. Method according to claim 24, wherein the subscriber module transmits to the control server, via the mobile equipment and the mobile network, a confirmation message when the subscriber module has received the cryptogram, said message confirming the correct reception and the adequate processing of the cryptogram by the subscriber module.
  - 38. Method according to claim 21, wherein the equipment is a Pay-TV decoder or a computer to which the security module is connected.

39. Security module comprising resources intended to be locally accessed by at least one application installed in an equipment connected to a network, said equipment comprising reading and data transmission means comprising at least the identifier of the equipment and the identifier of the security module, said module further comprises means for reception, analysis and execution of instructions contained in a cryptogram, said instructions conditioning the functioning of the application according to criteria predetermined by the supplier of said application and/or the operator and/or the user of the equipment.
- View Dependent Claims (40)
- - 40. Security module according to claim 39, constituting a subscriber module of the “
    - SIM card”
      
      type connected to a mobile equipment.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nagravision SA (Kudelski SA)
Original Assignee
Swisscom Mobile AG (Government of Switzerland), Nagracrad S.A. (Kudelski SA)
Inventors
Cantini, Renato, Ksontini, Rached

Granted Patent

US 8,001,615 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/270
CPC Class Codes

H04W 12/126   Anti-theft arrangements, e....

H04W 12/48   using secure binding, e.g. ...

H04W 8/183   Processing at user equipmen...

Method For Managing The Security Of Applications With A Security Module

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

55 Citations

40 Claims

Specification

Solutions

Use Cases

Quick Links

Method For Managing The Security Of Applications With A Security Module

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

55 Citations

40 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links