Note: Descriptions are shown in the official language in which they were submitted.
CA 02390835 2002-05-09
1
T~tle~ System for electronic delivery of a ver~onal identification code
Technical Field . _
The invention relates to a system for electronic delivery of a PIN (Personal
Identification Number) evde and comprising a server 'secured by ineana of a
ncuribcr
of encryption keys and provided with a reference code for generating the-PIN
code,
said system feirther comprising means for encrypting the reference cddr arid
the PIN
code generated by means of the encryption key's atid'via coinrriected
~co~nunicadons
means being adapted to transmit a SMS (Short Mcssage'5ervice) message
'containing
an electronic signature based on the reference code to ~ a SIM (Subscriber
Identity
1U Module) card connected to a terminal with input and display means.' ~' - '
Baokgrgund,~rt_ : . w.:';'. : : _. ._.
Personal identification numbers, so-called PIN codes; are gresentlyviised
in'noany
different situations, in particular in connection with economic
'transactioiLS;~in Which
a credit card or a similar means of payment is u5ed~ together with a
terrninai~. The
information stored on the credit card is verified by °the~card user
doling-coropletion~
of the transaction by eatering a PIN code on the cerminial's keyboard, said
code being
agreed with the card issuer. It is thus ensured that the user of the card is
identical to
the owner of the card.
The PIN code is usually assigned to the credit card in connection with the
issuance
thereof and generally forwarded to the user under separate cover as ordinary
mail.
This method is neither completely secure nor very fast, as it may take several
dgys
for the letter to reach the card ovvner and thus before the owner can use his
card.
WO 99139524 relates to teiecomrnuracation systems arid discloses a procedure
arid a
system for transmission of encrypted 5M5 messages to a mobile station. The
system
CA 02390835 2002-05-09
2
comprises a teleconununication network, a mobile station connected to it surd
a
subscriber identity module (SIM) connected to the mobile stab on, amessage
svvitehing
centre, and transmission software connected to the message switching cenlrc.
1be
transmission sotlware comprises applications attd parameters of the encryption
algorithm to be used. Hereby, SMS messages ruay be generated~tmd sent to the
mobile
station via the message switching centre. The S 1M card in the mobile station
is adapted
for receiving acrd storing an encrypted SMS message.
Brief Descripsion of ,~,nvernion
The object of the invention is to provide a secure, fast aiid efficient system
which is
able to deliver PIN codes to the customers in a~ more advantageous manner.
A system of the above type is according to the invcrytion characterised in
that
said server is adapted for receiving unique information in the ftirm'of a
reference code,
said encryption means is adapted for computing a furst-electronic signature
based on
the reference code, and the server being adapted for transmitting~the first
electronic
signature as encrypted electronic informaxion in said SMS message, and' ~ ' '
said SIM card comprises means For comparingthe ttrstelectfivnic signature in
the~SMS
message with a second electronic signature being generated' from a reference
code
entered by a user of the terminal arid by means of a corresponding encryption
key in
the SIM card, and means for allowing subsequent display of a PIN code
associated
with the signatures onthe display means afthe terminal, ifthe first electxvtuc
signature
and the second electronic signature march.
It is thus only possible to be advised of a PIN code, if the user ~f a
specific terminal
enters the associatod reference code. ?he exchange of the PIN code and the
reference
code is made exclusively in form of encrypted data signals which can only be
CA 02390835 2002-05-09
decrypted by using the two unique encryption keys. A high decree of security
delivery of PIN codes is thus obtained.
Furthermore according to the invention said S1M card is adapted for being
provided
with the PIN code when supplying the S!M card with a unique identity code.
Hereby, .
the PIN code never needs to be transmitted and therefore unauthorised
decr3.~tion of
the PIN coda can be prevented.
Moreover, according to a preferred embodiment of the inventioir, said SIM card
is
adapted to receive the PIhT code in the form of an encrypted data signal,
'The invention also relates to a mobile telephone comprising a terminal with
input
meaz~.s and display means, and a STM card including means adapted for
ieceiving and
storing an encrypted SMS message, characterised in that the
SIM~card~comprisas:
comparator means adapted For comparing a first electronic signature in the
encrypted
SMS message with a second electronic signature being geaei~ted.frorr~ a
reference code
entered by a user of t(ze tcrmiaal and by means of a corresponding encryption
key in
the SIM card, and
means for allowing subsequent display of a P1N code e~sssociated with the
signatures on
the display rne~ns of the terminal, if the fu-st electronic signature and the
second
electronic si (nature snatch.
Preferred embodiment of the mobil a phone according to the invention is
claimed in the
dependent claims 5 and 6.
Finally, the invention relates to a SIM card including storage means adapted
for
receiving and storing an encrypted 5MS message, characterised in that said
SI'M card
comprises:
CA 02390835 2002-05-09
encryption means adapted for generatinget second electronic signature from a
reference
cede entered by a usEr of the terminal and by means of a corresponding encz-
yption key
in the SIM card, and
camparator means adapted for comparing a frst electronic signature in~the
encrypted
SNlS message urith said second electrotuc signature and aanstnitting a signal
to a
control means indicating that a PIN code is to be delivered to a user.
(referred embodiment of a 5IM card according to the invention are claimed in
the
dependent claims 8 and 9.
Brief Description of the Drawing ~ ... .. .. . _ ._ . . . .
1 o The invention is explained in greater devil below with reference to the
accompanying
drawing illustrating a flow chart of a preferred embodiment of the invention.
Best Mode fir ,Carrvir~a hut the tnventivn --~ -
The system for electronic delivery of a P1N code shown in the drawing
comprises a
secured server 3 adapted to receive unique information 1 (illustrated as ~a
chart for
I5 filiing-in personal data) in form of reference codas 2, and encryption
means 4
subsequently catnputing the electronic signature 5 based on the reference code
2 in
the server 3. The server 3 communicates with a so-called ever-the-air platform
6
(OTA) communicating with a SMS service centre 8 adapted to receive encrypted
information 7 from the platform 6. The SMS ser~~ice centre 8 is connected to a
SIM
20 card 10 which communicates~with a mobile handset 12 of the GSM cope
comprising
a keyboard 13 and a display means in form of a display 14, said sen~ice centre
being
able to transmit completed SM5 messages to the SIM card 10. The SIM card 10
comprises a su~ragc 11. for storing encrypted SMS messages 9, encryption means
I6
for encrypting data 15 catered by a user of the terminal !2 v is the keyboard
13 and
CA 02390835 2002-05-09
comparison means 17 connected to the storage I 1 and the keyboard 13 for
comparing
the stored data with entered data. The comparison means l 7 are further
connected
to means 18 fir displaying the PIN code on the display 14 of the terminal 12.
When using the system the user delivers unique information 1 in form of a
reference
code 2 to the secured server 3. The reference code 2 is used as an input
signal for
generating an electronic signature 5 in the server 3 by means of the
encryption means
4. The electronic signature 5 is transmitted via the over-the=air platfvrtn 6
to the SMS
service centre 8 for administration of the SIM card, said serYice centre 8
converting
the electronic signature 5 to a 5MS message 9 suitable for transmission
thereof to the
SIM card 10 in question connected to the mobile handset 12. The SIM card 10
comprises a storage 11 adapted to receive and store the encrypted SMS message
9.
The comparison means 17 are used for comparing the electronic signature 5 in
the
cnczyptcd SMS message 9 with the. electronic signature 20 ' generated by the
encryption mesas 16, said signature 20 being generated on the basis of data
entered
on the keyboard in the teirninal 12. If the electronic signature 5 and the
electronic
signature 20 entered by the user match, the comparison means 17 transmits a
signal
to the guide means 18 that the PIN code 19 is to be displayed on the display
14 of
the mobile handset 12, whereby the PIN cede is delivered to the user.
In a preferred embodiment of the iavention the cermitsal 12 is a mobile
handset such
as a cellular telephone. A S1M card (subscriber Identity Module) is required
for
operating mobile handsets adapted for communication via an existing GSM
network.
The SIM card, which in use forms an integrated part of the elec4ronics of the
mobile
handset, contains inrer ells codes identifying the mobile handset in relation
to the
GSM network. This identification is necessary to enable the network to
determine far
instance the position of the mobile terminal for transmission of mobile
telephony via
the most advantageous transmission tower(s) in the network at the specific
time.
The sem~er 3 comprises software (not shown) for generating PIN codes, a triple
DES
CA 02390835 2002-05-09
b
(Data Encryption Standard) encryption algorithm (reference numeral 4), an
encrypted
datrabase (not shown) containing encryption b;eys tv all of the SIM cards
registered
in the system and information .about the connection between the numbers ~ of
the
mobile handsets and the numbers of the associated ~ SIM cards. A triple DES
algorithm is an encryption process ~ in three levels which is considered
particular 1y
secure against unauthorised decryption. ' - ~ ' v
When the secured server 3 has received the reference-~code from ~a~ new user
and
verified that the user's SIM card number is valid in the system, the server 3
generates
an electronic sigslauue 5 preferably by means of the triple -AE5 algorithm 4
combined with the two keys of at least 55 bit belonging ~io the user's SIM
card
number. ThE electronic signature 5 is transmitted to the user's SIM card ~ 10
~as as
uniquely formatted G5M S bit SM5 (Short Messager~'Sysiem) message The coiling
'
of the SMS messages is adapted such that the electronic signat<ire ~5 ~of the
rice
code 2 is stored in the storage 11 of the SIM card !0 sad die-usei is notiFied
that the
generated PIN cede is ready for use when a SMS message 9 is received by the
user's
SIM card 10. '
When the user subsequently runs the program in the SIM card 10 enabling
delivery
of the PIN code, the user is requested by the program wia the displajr -14' of
the
terminal to enter the referents code 15 on the keyboard 1~3 cif the terminal
12. For
gcneraeing another electronic signature 20, the reference node 15 is i;odcd by
the
encryption means 16 in the SIM card a0 bytncans of the same encryption
algorithm
used by the encryption means 4 in the secured server 3 when the reference node
2
was supplied to the secured server 3. The comparison means 17 in the SIM card
10
then compares the electronic signature 5 stored in the storage 11 and based on
the
~referra~ce code Z with the electronic signature 20 generated by the
encryption means
16. If the two signatures match, the comparison means 17 transmits a signal to
the
,guide means 18 indicating that the PIN code 19 is to be displayed on the
display 14
of the terminal 12. If the two electronic signatures arc not identical, the
user is
CA 02390835 2002-05-09
7
advised on the display 14 that the reference code 15 has not baen accepted
arid is
asked to enter the reference code 15 once more. If the reference code 1S after
tvvo
additional attempts still is incorrect, the program is interrupted and the PIN
code 19
is not delivered until the user has fetched a new reference code 2 from the
secured
server 3, said code being eithez~ identical to or different from the initial
reference
code 2.
In order to ensure that the delivered PIN code is read correctly, the user may
be
offered validation of the delivered PIN code, The validation process is
pcrforrned by
the user entering the PIN code shown on the display 14 by means of the
keyboard,
whereafter the user is advised whether the PIN code has been entered
correctly. If
not, the PIN code is shown once mere on the display 14 and the validation
process
can be repeated. =
In an alternative embodiment the PIN code nay be provided in the SIM card,
when
the card is supplied with a unique identity code, vV$ereby the PIN code never
need
be transmitted. This is considered a more secure embodiment, unauchvrised
decryption of the PIN code duri~c~g transmission therieof thus being
prevented.
The invention is not restricted to the above preferred embodiment, but may be
altered
in many ways without thereby deviating from the scope of the invention.
