Method and apparatus for executing secure data transfer in a wireless network

US 6,915,124 B1
Filed: 09/29/2000
Issued: 07/05/2005
Est. Priority Date: 10/01/1999
Status: Expired due to Term

First Claim

Patent Images

1. A method for executing secure data transfer between a communication device and an application server, wherein data are transferred over a network between the application server and the communication device, comprising:

sending an agreement proposal for a secure transaction of data from the server to a security adapter connected to the network, said security adapter residing on the network distinctly from the server and the communication device, creating and sending a message from the security adapter to the communication device in order to activate a signing application, the signing application signing the data to be sent, sending the signed data from the communication device to the security adapter, verifying the signature for the data, and sending the verified signed data to the server for execution of the transaction.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for executing secure data transfer between a communication device and an application server in a wireless network, in which a request requiring a secure transaction of data is sent from either the communication device or the server. An agreement proposal for the secure transaction is sent to the communication device, and if the agreement proposal is considered acceptable, the agreement proposal is sent to a security adapter. Details of the transaction are entered into a message and sent to a smart card in order to activate a signing application in the smart card. The details of the transaction are displayed on the communication device, and if the transaction is accepted, the signing application signs the data and sends it to the security adapter via messages, the signature is verified, and the data is sent to the server.

115 Citations

20 Claims

1. A method for executing secure data transfer between a communication device and an application server, wherein data are transferred over a network between the application server and the communication device, comprising:
- sending an agreement proposal for a secure transaction of data from the server to a security adapter connected to the network, said security adapter residing on the network distinctly from the server and the communication device, creating and sending a message from the security adapter to the communication device in order to activate a signing application, the signing application signing the data to be sent, sending the signed data from the communication device to the security adapter, verifying the signature for the data, and sending the verified signed data to the server for execution of the transaction.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. A method according to claim 1, wherein information browsing on the server is initiated from either the application server or the communication device, wherein data are transferred over the network between the application server and the communication device.
  - 3. A method according to claim 1, comprising before the step of sending an agreement proposal, the further step of:
    - sending a request requiring a secure transaction of data, either from the communication device to the application server, or from the application server to the communication device.
  - 4. A method according to claim 1, wherein the step of sending a message from the security adapter to the communication device in order to activate a signing application further comprises the steps of:
    - entering details of the transaction to be secured and a sign request into at least one message, sending the at least one message from the security adapter to a smart card in the communication device for activating the signing application, displaying the details of the transaction and a prompt for an accept on the communication device.
  - 5. A method according to claim 1, wherein the step of signing the data further comprises the step of:
    - accepting the transaction, the signing application signing the data to be sent with a secret/private key by using an algorithm.
  - 6. A method according to claim 1, wherein the step of sending an agreement proposal comprises the further step of:
    - sending the agreement proposal for the secure transaction from the server to the communication device for acceptance before the agreement proposal is sent to the security adapter.
  - 7. A method according to claim 4, wherein the smart card is a SIM card (subscriber identity module), the data transfer protocol is the WAP (Wireless Application Protocol), the signing application is a SAT (SIM Application Toolkit) application, the communication application is a WAP application, and the message is at least an SMS or USSD packet.
  - 8. A method according to claim 7, wherein the WAP application in the communication device is suspended or terminated when the SAT application is activated.

9. A system for executing secure data transfer between a communication device and an application server over a wireless network, comprising a security adapter connected to the network for monitoring the data transfer between the communication device and the application server, whereinsaid server is adapted to send an agreement proposal for a secure transaction of data to the security adapter, said security adapter residing on the network distinctly from the server and the communication device, said security adapter is adapted to receive said agreement proposal for a secure transaction from the server, and create and send a message to the communication device for activating a signing application, said communication device is adapted to sign the data, and send the signed data to the security adapter, said security adapter is adapted to receive, and send the signed data for verification and then send the verified signed data to the application server for execution of the transaction.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. A system according to claim 9, wherein said communication device comprises a secret/private key, an algorithm for signing of data, and a signing application for handling a signing dialogue and the signing of data.
  - 11. A system according to claim 10, wherein said secret/private key, said algorithm, and said signing application is stored on a smart card such as a SIM card (subscriber identity module), the data transfer protocol is the WAP (Wireless Application Protocol), the signing application is a SAT (SIM Application Toolkit) application, and the message is at least an SMS or USSD packet.
  - 12. A system according to claim 9, wherein said network comprises a mobile telephone network for connection to the communication device, the Internet for the connection to the application server, and a WAP gateway connecting the mobile telephone network to the Internet.
  - 13. A system according to claim 12, wherein said security adapter is connected to the WAP gateway.
  - 14. A system according to claim 9, wherein in said security adapter is connected to the application server.
  - 15. A system according to claim 9, wherein said communication device is a mobile phone or a portable computer having transmitting/receiving capability.
  - 16. A system according to claim 15, wherein the mobile phone comprises means for displaying a particular icon, character, font, or colour connected to certain applications or the operating system in the phone, wherein the user can be assured that he is really communicating directly with the security application.

17. A security adapter for connection to a wireless network for monitoring the data transfer between a communication device and an application server connected to the network, whereinmeans for receiving an agreement proposal for a secure transaction from the communication device, means for creating and sending a message to the communication device in order to activate a signing application, means for receiving signed data sent from the communication device, and means for sending the signed data for verification and then to the application server for execution of the transaction, wherein said security adapter resides on the network distinctly from the server and the communication device.

18. A computer program product directly loadable into the internal memory of a security adapter with digital computer capabilities, comprising software code portions for performing the steps of:
- receiving an agreement proposal for a secure transaction from a communication device, creating and sending a message to the communication device in order to activate a signing application, receiving signed data sent from the communication device, and sending the signed data for verification and then to an application server for execution of the transaction, wherein said security adapter resides on the network distinctly from the server and the communication device.

19. A computer program element comprising computer program code means to make a security adapter with digital computer capabilities execute the steps of:
- receiving an agreement proposal for a secure transaction from a communication device,creating and sending a message to the communication device in order to activate a signing application, receiving signed data sent from the communication device, and sending the signed data for verification and then to an application server for execution of the transaction, wherein said security adapter resides on the network distinctly from the server and the communication device.
- View Dependent Claims (20)
- - 20. A computer program element as claimed in claim 19 embodied on a computer readable medium.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Telefonaktiebolaget LM Ericsson
Original Assignee
Telefonaktiebolaget LM Ericsson
Inventors
Arwald, Jan, Kiessling, Johan
Primary Examiner(s)
Corsaro, Nick
Assistant Examiner(s)
SHARMA, SUJATHA R

Application Number

US09/676,186
Time in Patent Office

1,740 Days
Field of Search

455/410, 455/411, 455/466, 455/558, 380/247, 380/248, 380/249, 380/250
US Class Current

455/411
CPC Class Codes

H04L 2463/102 applying security measure f...

H04L 63/12 Applying verification of th...

Method and apparatus for executing secure data transfer in a wireless network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

115 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for executing secure data transfer in a wireless network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

115 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links