Method for securing communications between a terminal and an additional user equipment

US 7,409,552 B2
Filed: 09/30/2002
Issued: 08/05/2008
Est. Priority Date: 04/28/2000
Status: Expired due to Term

First Claim

Patent Images

1. A method for securing a session over a short distance wireless link between a terminal and a user device, said terminal and said user device both comprising cryptographic computing means, said terminal and said user device further both comprising a display and input means, wherein said terminal and said user device can be connected through said short distance wireless link, said method comprising the steps of:

generating a secret in said terminal or said user device,displaying said secret or the hash value of said secret on the display of said terminal or said user device,while said user device and said terminal are kept separate from each other,manually entering said secret or the hash value of said secret on the input means of the other one of said terminal or user device, andusing said shared secret to guarantee the authenticity of at least a part of said session between said user device and said terminal over said short distance wireless link.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Method for securing a session over a radio or infrared wireless link (101) between a terminal (11) and a mobile equipment (10), said session being secured with a SIM card (100) in said mobile equipment (10). The terminal (11) and the mobile equipment (10) both comprise a display and a keyboard or keypad and can be mutually connected through said short distance wireless link (101). The method comprises the following steps:

- generating a secret in one of said terminals or said smart cards,
- displaying this secret on the display of said terminal (11) or said user equipment (10),
- entering said secret or the hash value of said secret on the input means of the other one of said terminals (11) or user equipments (10),
- using said shared secret for securing at least a part of said session over said short distance wireless link (101).

39 Citations

View as Search Results

34 Claims

1. A method for securing a session over a short distance wireless link between a terminal and a user device, said terminal and said user device both comprising cryptographic computing means, said terminal and said user device further both comprising a display and input means, wherein said terminal and said user device can be connected through said short distance wireless link, said method comprising the steps of:
- generating a secret in said terminal or said user device,displaying said secret or the hash value of said secret on the display of said terminal or said user device,while said user device and said terminal are kept separate from each other,manually entering said secret or the hash value of said secret on the input means of the other one of said terminal or user device, andusing said shared secret to guarantee the authenticity of at least a part of said session between said user device and said terminal over said short distance wireless link.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 2. The method of claim 1, wherein said cryptographic computing means in said user device use a smart card in said user equipment.
  - 3. The method of claim 1, wherein said cryptographic computing means in said terminal are part of a browser in said terminal.
  - 4. The method of claim 2, wherein said secret comprises a first random word generated in said smart card, said random word being displayed on said display of said user device and then entered by the user of said user device on said terminal, said method further comprising:
    - generating a challenge in said terminal,computing in said terminal a first message authentication code based on said first random word and on said first challenge,transmitting said first message authentication code over said wireless interface to said user device,generating a response to said challenge in said user device,computing in said user device a second message authentication code based on said first random word and on said response,transmitting said second message authentication code over said wireless interface to said terminal.
  - 5. The method of claim 1, further comprising:
    - encrypting in said terminal at least one first message comprising said secret with the public key of said user device, sending said first message over said wireless interface to said user device,decrypting said first message in said user device,verifying said secret in said user device.
  - 6. The method of claim 5, wherein said first message further comprises a second secret used for securing subsequent messages in said session.
  - 7. The method of claim 6, further comprising a preliminary step of transmitting a user certificate stored in a smart card in said user device to said terminal over said wireless interface, said user certificate comprising said public key of said user.
  - 8. The method of claim 7, wherein said first message is obtained by encrypting in said terminal said first secret and said second secret with the user public key obtained from said user certificate, said encrypted first and second secrets being decrypted in said user device, said second secret being used for securing at least a part of the subsequent messages in said session.
  - 9. The method of claim 8, further comprising a preliminary step of sending a user identifier to said terminal, wherein said user identifier can be used to select said user certificate from the set of received certificates.
  - 10. The method of claim 9, further comprising a step of comparing said first random word received in said message with the hash value of said random word that was entered before.
  - 11. The method of claim 4, wherein said first challenge is computed in said terminal from the following components:
    - a random word generated in said terminal,a random word generated in a server with which said terminal wants to establish a secure connection,a certificate of said server,a secret computed in said terminal from another random word generated in said terminal, from said random word generated in said terminal and from said random word generated in a server.
  - 12. The method of claim 11, wherein said response is computed from the following components:
    - the private key of the user stored in said smart card,a random word generated in said terminal,a random word generated in a server with which said terminals wants to establish a secure connection,a certificate of said server,a secret computed in said terminal from another random word generated in said terminal, from said random word generated in said terminal and from said random word generated in a server.
  - 13. The method of claim 1, wherein said secret is generated in said terminal, said method further comprising:
    - entering a user identifier in said terminal,generating a first secret in said terminal,displaying a hash value computed from said secret, on the display of said terminal,entering said hash value in said user device,transmitting a user certificate stored in said smart card to said terminal over said wireless interface, wherein said user identifier can be obtained from said user certificate,generating said secret in said terminal,encrypting in said terminal said first secret and said second secret with the user public key obtained from said user certificate,transmitting said encrypted secrets to said user device,decrypting said encrypted first and second random words in said user device,comparing in said user device the hash value of said first secret with said hash value, that was entered before,generating a first challenge in said terminal,computing in said terminal a first message authentication code based on said second secret and on said first challenge,transmitting said first message authentication code to said user device,generating a response in said user device comprising a smart card,computing in said user equipment a second message authentication code based on said second secret and on said response,transmitting said second message authentication code over said wireless interface to said terminal.
  - 14. The method of claim 13, wherein said first challenge is computed in said terminal from the following components:
    - a random word generated in said terminal,a random word generated in a server with which said terminal wants to establish a secure connection,a certificate of said server,a secret computed in said terminal from another random word generated in said terminal, from said random word generated in said terminal and from said random word generated in a server.
  - 15. The method of claim 14, wherein said response is computed from the following components:
    - the private key of the user stored in said smart card,a random word generated in said terminal,a random word generated in a server with which said terminals wants to establish a secure connection,a certificate of said server,a secret computed in said terminal from another random word generated in said terminal, from said random word generated in said terminal and from said random word generated in a server.
  - 16. The method of claim 1, wherein said user device is a digital mobile phone.
  - 17. The method of claim 16, wherein said wireless interface is a Bluetooth interface.
  - 18. The method of claim 16, wherein said wireless interface is a HomeRF interface.
  - 19. The method of claim 16, wherein said wireless interface is an IrdA interface.

20. A smart card having thereon a computer program comprising instructions to be executed by processing means included in said smart card for causing the smart card to perform a process comprising the steps of:
- generating a secret,preparing an instruction for displaying said secret on the display of a device in which said smart card is adapted to be used, so that said displayed secret can be manually entered into a separate device for use in computing a broadcast message,waiting until the broadcast message arrives, andchecking if said secret has been used for computing said broadcast message so that a secured communication session can be established between said device and said separate device.
- View Dependent Claims (21, 22, 23, 24, 25)
- - 21. The smart card of claim 20, further comprising a random number generator, said secret being generated by said random number generator.
  - 22. The smart card of claim 20, said process further comprising the following steps:
    - if said secret has been used for computing said broadcast message, computing a response to said broadcast message,preparing an instruction for sending said response to the sender of said broadcast message.
  - 23. The smart card of claim 22, said secret being used for computing said response.
  - 24. The smart card of claim 22, further comprising a counter, the value in said counter being modified each time one of said broadcast message arrives, said response being sent only if the value in said counter has not reached a predetermined limit.
  - 25. The smart card of claim 20, further comprising a GSM-part.

26. A computer readable recording medium storing a computer program comprising computer executable instructions for causing a computer including a short distance wireless interface to execute a process comprising the steps of:
- getting a message to be sent over said wireless interface,getting a secret manually entered by a user on the input means of said computer,computing a message authentication code from said message using said secret,broadcasting said message authentication code,listening on said wireless interface until a message arrives, andverifying if the message has been computed with said secret.

27. A computer readable recording medium storing a computer program comprising computer executable instructions for causing a computer including a short distance wireless interface to execute a process comprising the following steps:
- generating a first secret,displaying said secret, or the hash value of said secret, on the display of said computer,listening on said wireless interface until a broadcast message arrives,extracting a public key from said broadcast message,generating a second secret,encrypting said first and said second secret with said public key,sending said encrypted first and second secret to the sender of said broadcast message,listening on said wireless interface until a second message arrives, andchecking if said second secret has been used for computing said second message.

28. A smart card having thereon a computer program comprising instructions to be executed by processing means in said smart card for causing the smart card to perform a process comprising at least the following steps:
- getting a first secret entered in said smart card via the keypad of a user equipment,broadcasting a user certificate stored in said smart card,waiting for a message,decrypting said message with the private key of the user,extracting a second secret from said message,verifying if the sender of said message knows said first secret, andcomputing a response with said second secret.
- View Dependent Claims (29, 30, 31)
- - 29. The smart card of claim 28, said process further comprising the following steps:
    - if said secret has been used for computing said broadcast message, computing a response to said broadcast message, preparing an instruction for sending said response to the sender of said broadcast message.
  - 30. The smart card of claim 29, said secret being used for computing said response.
  - 31. The smart card of claim 28, further comprising a GSM-part.

32. A method for securing a session over a wireless link between a terminal and a portable device used by a user, said terminal and said portable device both comprising cryptographic computing means, said portable device further comprising a display and said terminal further comprising an input means, wherein said terminal and said portable device can be connected together through said wireless link, said method comprising the steps of:
- generating a secret in said portable device,displaying said secret or the hash value of said secret on the display of said portable device,the user manually entering said secret or the hash value of said secret on the input means of the terminal, andusing said entered secret to guarantee the authenticity of at least a part of said session between said terminal and said portable device over said wireless link.
- View Dependent Claims (33, 34)
- - 33. The method of claim 32 supported by a smart card inserted in said portable device.
  - 34. A smartcard for inserting in said portable device for supporting the method of claim 32.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
ZAMA Innovations LLC
Original Assignee
Swisscom Mobile AG (Government of Switzerland)
Inventors
Lauper, Eric, Buttyan, Levente, Wiedmer, Edwin
Primary Examiner(s)
Smithers; Matthew
Assistant Examiner(s)
Callahan; Paul

Application Number

US10/260,590
Publication Number

US 20030041244A1
Time in Patent Office

2,136 Days
Field of Search

380/259, 380/282, 380/270, 705/66, 705/67, 713/172, 713/176, 713/159, 713/173, 726/9, 726/20
US Class Current

713/172
CPC Class Codes

G06Q 20/20   Point-of-sale [POS] network...

G06Q 20/327   Short range or proximity pa...

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/388   using mutual authentication...

G06Q 20/40975   using encryption therefor

G07F 7/1008   Active credit-cards provide...

H04K 1/00   Secret communication

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/80   Wireless network architectu...

H04L 63/0853   using an additional device,...

H04L 63/18   using different networks or...

H04L 9/3247   involving digital signatures

H04L 9/3263   involving certificates, e.g...

H04L 9/3273   for mutual authentication n...

H04W 12/06   Authentication

H04W 12/50   Secure pairing of devices

H04W 4/80   Services using short range ...

Method for securing communications between a terminal and an additional user equipment

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

39 Citations

34 Claims

Specification

Solutions

Use Cases

Quick Links

Method for securing communications between a terminal and an additional user equipment

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

39 Citations

34 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links