Telecommunication installation with secure remote loading of prepayment means and corresponding remote loading process

US 5,412,726 A
Filed: 09/21/1993
Issued: 05/02/1995
Est. Priority Date: 09/21/1992
Status: Expired due to Term

First Claim

Patent Images

1. A telecommunication installation comprising:

at least one switched telephone network (RTC);

an autonomous telephone subscriber access system (SAA) comprising;

at least one base station (BF) linked to the switched telephone network;

handling means linked to the base station comprising charge metering means (MG) able to calculate the charges for using the paying services of the switched telephone network (RTC);

first enciphering/deciphering means (MACSAA) able to establish a cryptographic function (AC or SA) with the aid of a storage passkey (KC or SA);

at least one autonomous set (PA) comprising;

means able to establish an intercommunication with the base station (BF);

prepayment means (MPAY) able to contain value units intended for paying the usage charges calculated and transmitted by the charge metering means;

first means of set authentication (AUPA) able to establish an authentication function (A) with the aid of a predetermined set base passkey (SB) personal to each subscriber;

an authorization center (CA) comprising;

second enciphering/deciphering means (MACCA) able to establish the enciphering/deciphering function (AC or FC) with the aid of the storage passkey (KC or FA);

second means of set authentication (AUPACA) able to establish the set authentication function (A) with the aid of the set base passkey (SB);

wherein the autonomous set (PA) furthermore comprises;

first generator means (AGPA) able to establish a generation function (AG) with the aid of the set base passkey (SB);

first remote loading means (ACHPA) able to establish a remote loading function (ACH or SCH) with the aid of a remote loading passkey (KCH or SCH) which is the transform of a predetermined word under the generation function (AG) with the aid of the set base passkey (SB);

wherein the access system (SAA) furthermore comprises;

first means of system authentication (AUSAA) able to establish a system authentication function (AO or FO) with the aid of a predetermined system base passkey (KO or SO);

second remote loading means (ACHSAA) able to issue a predetermined number of value units and to establish the remote loading function (ACH or FCH) with the aid of the remote loading passkey (KCH or PCH);

wherein the authorization center (CA) comprises;

second means of system authentication (AUSAACA) able to establish the system authentication function (AO or FO) with the aid of the system base passkey (KO or PO); and

second generator means (AGCA) able to establish the generation function (AG or FG) with the aid of the set base passkey (SB); and

wherein the installation furthermore comprises a remote loading mode in which in response to a remote loading request word (R) for a predetermined number of value units emanating from the autonomous set (PA), the first and second means of set authentication (AUPA and AUPACA) as well as the first and second means of system authentication (AUSAA and AUSAACA) carry out a respective active authentication of the autonomous set as well as of the access system, by respectively exchanging a set authentication word (R0) emanating from the access system and the transform (RES0) of this word under the set authentication function (A) with the aid of the set base passkey (SB) as well as by exchanging a system authentication word (R2) emanating from the authorization center (CA) and the transform (RES2) of this word under the system authentication function (AO or FO) with the aid of the system base passkey (KO or SO);

wherein in the case of checked authenticity of the access system and of the autonomous set, the second generator means (AGCA) calculate the remote loading passkey (KCH or (SCH, PCH)) at the level of the authorization center (CA), the remote loading passkey being the transform of the remote loading request word under the generation function (AG) with the aid of the set base passkey (SB);

wherein in the case of generation of the remote loading passkey at the level of the authorization center, the second enciphering/deciphering means (MACCA) transmit the enciphered loading passkey (EKCH or EPCH) with the aid of the storage passkey (KC or FA) to the first enciphering/deciphering means (MACSAA) which decipher it with a view to storing it at the level of the access system (SAA) and in the case of storage of the remote loading passkey in the access system (SAA), the first and second remote loading means (ACHSAA and ACHPA) exchange the remote loading request word (R) for the number of value units to be remotely loaded (n) as well as the transform (RES) of said remote loading request word under the remote loading function (ACH or FCH) with the aid of the remote loading passkey (KCH or (SCH, PCH)) with a view to remotely loading, in a secure manner, the means for prepayment of said number of value units (n).

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The installation comprises a remote loading mode in which in response to a remote loading request word (R) for a predetermined number of value units emanating from the autonomous set (PA), there is provided:

an active authentication of the autonomous set (PA) and of the access system (SAA);

a calculation of a remote loading passkey (KCH or (SCH, PCH)) at the level of the authorization center (CA);

a transmission of the enciphered remote loading passkey destined for the access system (SAA);

a secure remote loading of the prepayment means (MPAY) originating from the access system with the aid of the remote loading passkey thus transmitted.

Citations

15 Claims

1. A telecommunication installation comprising:
- at least one switched telephone network (RTC);
  
  an autonomous telephone subscriber access system (SAA) comprising;
  
  at least one base station (BF) linked to the switched telephone network;
  
  handling means linked to the base station comprising charge metering means (MG) able to calculate the charges for using the paying services of the switched telephone network (RTC);
  
  first enciphering/deciphering means (MACSAA) able to establish a cryptographic function (AC or SA) with the aid of a storage passkey (KC or SA);
  
  at least one autonomous set (PA) comprising;
  
  means able to establish an intercommunication with the base station (BF);
  
  prepayment means (MPAY) able to contain value units intended for paying the usage charges calculated and transmitted by the charge metering means;
  
  first means of set authentication (AUPA) able to establish an authentication function (A) with the aid of a predetermined set base passkey (SB) personal to each subscriber;
  
  an authorization center (CA) comprising;
  
  second enciphering/deciphering means (MACCA) able to establish the enciphering/deciphering function (AC or FC) with the aid of the storage passkey (KC or FA);
  
  second means of set authentication (AUPACA) able to establish the set authentication function (A) with the aid of the set base passkey (SB);
  
  wherein the autonomous set (PA) furthermore comprises;
  
  first generator means (AGPA) able to establish a generation function (AG) with the aid of the set base passkey (SB);
  
  first remote loading means (ACHPA) able to establish a remote loading function (ACH or SCH) with the aid of a remote loading passkey (KCH or SCH) which is the transform of a predetermined word under the generation function (AG) with the aid of the set base passkey (SB);
  
  wherein the access system (SAA) furthermore comprises;
  
  first means of system authentication (AUSAA) able to establish a system authentication function (AO or FO) with the aid of a predetermined system base passkey (KO or SO);
  
  second remote loading means (ACHSAA) able to issue a predetermined number of value units and to establish the remote loading function (ACH or FCH) with the aid of the remote loading passkey (KCH or PCH);
  
  wherein the authorization center (CA) comprises;
  
  second means of system authentication (AUSAACA) able to establish the system authentication function (AO or FO) with the aid of the system base passkey (KO or PO); and
  
  second generator means (AGCA) able to establish the generation function (AG or FG) with the aid of the set base passkey (SB); and
  
  wherein the installation furthermore comprises a remote loading mode in which in response to a remote loading request word (R) for a predetermined number of value units emanating from the autonomous set (PA), the first and second means of set authentication (AUPA and AUPACA) as well as the first and second means of system authentication (AUSAA and AUSAACA) carry out a respective active authentication of the autonomous set as well as of the access system, by respectively exchanging a set authentication word (R0) emanating from the access system and the transform (RES0) of this word under the set authentication function (A) with the aid of the set base passkey (SB) as well as by exchanging a system authentication word (R2) emanating from the authorization center (CA) and the transform (RES2) of this word under the system authentication function (AO or FO) with the aid of the system base passkey (KO or SO);
  
  wherein in the case of checked authenticity of the access system and of the autonomous set, the second generator means (AGCA) calculate the remote loading passkey (KCH or (SCH, PCH)) at the level of the authorization center (CA), the remote loading passkey being the transform of the remote loading request word under the generation function (AG) with the aid of the set base passkey (SB);
  
  wherein in the case of generation of the remote loading passkey at the level of the authorization center, the second enciphering/deciphering means (MACCA) transmit the enciphered loading passkey (EKCH or EPCH) with the aid of the storage passkey (KC or FA) to the first enciphering/deciphering means (MACSAA) which decipher it with a view to storing it at the level of the access system (SAA) and in the case of storage of the remote loading passkey in the access system (SAA), the first and second remote loading means (ACHSAA and ACHPA) exchange the remote loading request word (R) for the number of value units to be remotely loaded (n) as well as the transform (RES) of said remote loading request word under the remote loading function (ACH or FCH) with the aid of the remote loading passkey (KCH or (SCH, PCH)) with a view to remotely loading, in a secure manner, the means for prepayment of said number of value units (n).
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The installation as claimed in claim 1, wherein before exchanging the remote loading request word (R) and its transform (RES), the first and second system authentication means (AUSAA and AUSAACA) exchange an authorization authentication word (R1) and its transform (RES1) under the system authentication function (AO or FO) with the aid of the system authentication passkey (KO or (PO, SO) with a view to authenticating the authorization of the remote loading order.
  - 3. The installation as claimed in claim 1, wherein simultaneously with the exchanging of the remote loading request word (R) and its transform (RES), the first and second remote loading means (ACHSAA and ACHPA) exchange a reception authentication word (R2) and its transform (RES2) under the remote loading function (ACH or FCH)) with the aid of the remote loading key (KCH or (PCH, SCH)) with a view to authenticating the reception of the remote loading order.
  - 4. The installation as claimed in claim 1 wherein the set authentication (A), system authentication (AO, FO), enciphering/deciphering (AC, FC), generation (AG) or remote loading (ACH or FCH) functions are cryptographic algorithms of the DES or RSA type.
  - 5. The installation as claimed in claim 1 wherein the procedure for remotely loading the prepayment means (MPAY) takes place in real time during the communication.
  - 6. The installation as claimed in claim 1 wherein the procedure for remotely loading the prepayment means (MPAY) takes place before call establishment, on request of the subscriber or on the initiative of the network.
  - 7. The installation as claimed in claim 1, wherein the prepayment means (MPAY), the first remote loading means (ACHPA), the first generation means (AGPA) and the first set authentication means (AUPA) are housed in a removable subscriber identity module (SIM) able to cooperate with the means (ME) for establishing radio intercommunication.
  - 8. The installation as claimed in claim 7 wherein the subscriber identity module SIM comprises a memory protected against untimely direct writing of the data via the outside world and able to contain value units and a processing unit able to pay the usage charges with the aid of said value units and to reload the memory with the aid of the remotely loaded value units.
  - 9. The installation as claimed in claim 7 wherein the subscriber identity module (SIM) is housed in a standard ISO type card and wherein the means for establishing radio intercommunications (ME) comprise a reader for reading said card.
  - 10. The installation as claimed in claim 7 wherein the subscriber identity module comprises a mechanical interface able to plug into the means of establishing radio intercommunications (ME).
  - 11. The installation as claimed in claim 1 wherein the intercommunication between the autonomous set and the base station is by radio or by wire.
  - 12. The installation as claimed in claim 1 wherein the autonomous set is mobile or fixed, personal or public.

13. A process for secure remote loading of prepayment means comprising the following steps:
- a) providing at least one switched telephone network (RTC);
  
  b) providing an autonomous telephone subscriber access system (SAA) comprising;
  
  b1) at least one base station (BF) linked to the switched telephone network;
  
  b2) handling means linked to the base station comprising charge metering means (MG) able to calculate the charges for using the paying services of the switched telephone network (RTC);
  
  c) providing at least one autonomous set (PA) comprising;
  
  c1) means able to establish an intercommunication with the base station (BF);
  
  c2) prepayment means (MPAY) able to contain value units intended for paying the usage charges calculated and transmitted by the charge metering means;
  
  c3) first means of set authentication (AUPA) able to establish an authentication function (A) with the aid of a predetermined set base passkey (SB) personal to each subscriber;
  
  d) providing an authorization center (CA) comprising;
  
  d1) second enciphering/deciphering means (MACCA) able to establish the enciphering/deciphering function (AC or FC) with the aid of the storage passkey (KC or FA);
  
  d2) second means of set authentication (AUPACA) able to establish the set authentication function (A) with the aid of the set base passkey (SB);
  
  wherein there is furthermore provision for equipping the autonomous set (PA) with;
  
  first generator means (AGPA) able to establish a generation function (AG) with the aid of the set base passkey (SB);
  
  first remote loading means (ACHPA) able to establish a remote loading function (ACH or FCH) with the aid of a remote loading passkey (KCH or SCH) which is the transform of a predetermined word under the generation function (AG) with the aid of the set base passkey (SB);
  
  wherein there is furthermore provision for equipping the access system (SAA) with;
  
  first means of system authentication (AUSAA) able to establish a system authentication function (AO or FO) with the aid of a predetermined system base passkey (KO or SO);
  
  second remote loading means (ACHSAA) able to issue a predetermined number of value units and to establish the remote loading function (ACH or SCH) with the aid of the remote loading passkey (KCH or PCH);
  
  wherein there is furthermore provision for equipping the authorization center (CA) with;
  
  second means of system authentication (AUSAACA) able to establish the system authentication function (AO or FO) with the aid of the system base passkey (KO or PO); and
  
  second generator means (AGCA) able to establish the generation function (AG) with the aid of the set base passkey (SB); and
  
  wherein the process furthermore comprises a remote loading step in which in response to a remote loading request word (R) for a predetermined number of value units emanating from the autonomous set (PA), the first and second means of set authentication (AUPA and AUPACA) as well as the first and second means of system authentication (AUSAA and AUSAACA) carry out a respective active authentication of the autonomous set as well as of the access system, by respectively exchanging a set authentication word (R0) emanating from the access system and the transform (RES0) of this word under the set authentication function (A) with the aid of the set base passkey (SB) as well as by exchanging a system authentication word (R2) emanating from the authorization center (CA) and the transform (RES2) of this word under the system authentication function (AO or FO) with the aid of the system base passkey (KO or SO);
  
  wherein in the case of checked authenticity of the access system and of the autonomous set, the second generator means (AGCA) calculate the remote loading passkey (KCH, or (SCH, PCH)) at the level of the authorization center (CA), the remote loading passkey being the transform of the remote loading request word under the generation function (AG) with the aid of the set base passkey (SB);
  
  wherein in the case of generation of the remote loading passkey at the level of the authorization center, the second enciphering/deciphering means (MACCA) transmit the enciphered loading passkey (EKCH or EPCH) with the aid of the storage passkey (KC or FA) to the first enciphering/deciphering means (MACSAA) which decipher it with a view to storing it at the level of the access system (SAA) and in the case of storage of the remote loading passkey in the access system (SAA), the first and second remote loading means (ACHSAA and ACHPA) exchange the remote loading request word (R) for the number of value units to be remotely loaded (n) as well as the transform (RES) of said remote loading request word under the remote loading function (ACH or (FCH)) with the aid of the remote loading passkey (KCH or (PCH, SCH)) with a view to remotely loading, in a secure manner, the means for prepayment of said number of value units (n).
- View Dependent Claims (14, 15)
- - 14. The process as claimed in claim 13, wherein before exchanging the remote loading request word (R) and its transform (RES), the first and second system authentication means (AUSAA and AUSAACA) exchange an authorization authentication word (R1) and its transform (RES1) under the system authentication function (AO or FO) with the aid of the system authentication passkey (KO or (SO, PO) with a view to authenticating the authorization of the remote loading order.
  - 15. The process as claimed in claim 13 wherein simultaneously with the exchanging of the remote loading request word (R) and its transform (RES), the first and second remote loading means (ACHSAA) and ACHPA) exchange a reception authentication word (R2) and its transform (RES2) under the remote loading function (ACH or FCH)) with the aid of the remote loading key (KCH or (PCH, SCH)) with a view to authenticating the reception of the remote loading order.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
La Poste Etablissement Autonome de Droit Public, France Telecom SA (Orange S.A.)
Original Assignee
Telecom Etablissement Autonome de Droit Public and La Poste-Etablissement Autonome de Droit Public
Inventors
Hiolle, Philippe, Nevoux, Rola
Primary Examiner(s)
Swann, Tod R.

Application Number

US08/124,196
Time in Patent Office

588 Days
Field of Search

380/21, 380/23, 380/24, 380/43, 380/49, 455/54.1, 455/56.1, 340/825.34, 379/91, 379/12, 379/58
US Class Current

380/249
CPC Class Codes

G06Q 20/363   with the personal data of a...

G07F 7/0866   by active credit-cards adap...

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/80   Wireless

H04L 9/3226   using a predetermined code,...

H04L 9/3234   involving additional secure...

H04L 9/3273   for mutual authentication n...

H04M 17/00   Prepayment of wireline comm...

H04M 17/20   with provision for rechargi...

H04M 2215/2026   Wireless network, e.g. GSM,...

H04M 2215/32   Involving wireless systems

H04W 12/06   Authentication

H04W 4/24   Accounting or billing

Telecommunication installation with secure remote loading of prepayment means and corresponding remote loading process

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Telecommunication installation with secure remote loading of prepayment means and corresponding remote loading process

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links