WO2013095168A1 - Method for transmitting a one-time code in an alphanumeric form - Google Patents

Method for transmitting a one-time code in an alphanumeric form Download PDF

Info

Publication number
WO2013095168A1
WO2013095168A1 PCT/PL2011/000142 PL2011000142W WO2013095168A1 WO 2013095168 A1 WO2013095168 A1 WO 2013095168A1 PL 2011000142 W PL2011000142 W PL 2011000142W WO 2013095168 A1 WO2013095168 A1 WO 2013095168A1
Authority
WO
WIPO (PCT)
Prior art keywords
subscriber
code
computer
time code
time
Prior art date
Application number
PCT/PL2011/000142
Other languages
French (fr)
Inventor
Marcin SZARY
Krzysztof TOKARCZYK
Anna FUK
Original Assignee
Dco4 Sp.Z.O.O.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Dco4 Sp.Z.O.O. filed Critical Dco4 Sp.Z.O.O.
Publication of WO2013095168A1 publication Critical patent/WO2013095168A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • H04L63/0838Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3215Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a plurality of channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3228One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M1/00Substation equipment, e.g. for use by subscribers
    • H04M1/57Arrangements for indicating or recording the number of the calling subscriber at the called subscriber's set
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/69Identity-dependent
    • H04W12/72Subscriber identity

Definitions

  • the subject of the invention is the method of transmission of a one-time code in an alphanumeric form by the computer connected to the GSM or UMTS telecommunication network, after receiving from the computer a request for a one-time code, in order to authenticate the operations of the subscriber identified with the phone number of the electronic device.
  • the most frequent services in telecommunication networks include: electronic mail, WWW websites of computer networks, FTP and NFS protocols, RADIUS authentication services.
  • authentication is required in order to notify the system of one's identity.
  • the service is able to assign a specific authorisation level to a given subscriber.
  • Authentication is a process confirming that a person attempting to access the application or service is the one they claim to be.
  • a one-time code exists in a numerical form as a string of digits, alphabetical form as a string of letters, or alphanumeric form as a string of digits and letters. After informing the system of one's identity, the identity needs to be confirmed.
  • Authentication is required to access most of today's' telecommunication or computer systems. It can be done using one of the three methods described below.
  • the subscriber informs the system that they know "something", most frequently a password, PIN or cryptographic key.
  • the password can be either static or generated dynamically.
  • Static passwords are generated by the specifically assigned system or by the subscriber themselves and are memorised by the subscriber in order to re-enter them.
  • the subscriber who applies for an access to given resources or service is asked to provide their user ID and then, in order to get verified, they need to enter the password assigned to the user ID.
  • the system checks the ID-password pair. If the verification is positive, the subscriber gains access to the resurces. Otherwise, access is denied.
  • Static passwords can be periodically changed in order to increase the security of the protected system. If an unauthorised person learns the password, the security of the system gets compromised. If the subscriber forgets or loses their password, he or she loses access to the system.
  • One-time dynamic TAN (Transaction Authentication Number) password is generated for the needs of a specific log-in by the appropriate IT or telecommunication system.
  • the subscriber must have a data storage device enabling them to receive the password.
  • the simplest forms of one-time passwords are scratch cards still used by some banking and financial institutions.
  • the transaction gets temporarily suspended and the subscriber is asked to enter the one-time password of a given ID. After he/she enters the one-time password correctly, the transaction is transferred to get processed. Otherwise, a so-called rollback is done, in which the system returns to the state from before the action has been attempted.
  • One password is dedicated to one specific transaction and it is impossible to reuse it.
  • a more advanced method of providing one-time passwords is using a dedicated device called a token.
  • the subscriber can have it in the form of a key ring pendant with a display or a special calculator.
  • Each of these devices has their unique serial number and a set of suitably programmed procedures and functions, thanks to which it generates the one-time password appropriate for the specific subscriber and operation which he/she wants to perform in a given moment.
  • the created passwords are generated using an algorithm known to the system, appropriate for the specific token.
  • the password can be generated using a synchronous or asynchronous mode. In the synchronous mode, the token generates a random string of digits, which changes after some time period, most frequently several seconds, which is displayed on the device's display.
  • the random string of digits is generated by the pseudo-random generator synchronised with the parallel generator on the server.
  • the string of digits entered by the subscriber is compared with the string generated on the server. When the strings are identical, the transaction is accepted.
  • the token works on the request-response basis. Using the keyboard, which is a part of the token, the subscriber enters the code generated by the server. On its basis, the token determines the one-time password which is to be used to confirm the operation and displays it on the screen. The subscriber enters the generated password.
  • Smart Cards make it possible to access the data on the basis of the possession component, which is the card, usually made of plastic, with one or more integrated circuits built into it. It exists in two standard sizes: bigger, specified by the ID-1 ISO/IEC 7810 standard, and smaller, specified by the ID-000 ISO/IEC 7810 standard.
  • cards are divided into: processor ones, which have a processor managing the access to RAM, EPROM or EEPROM memory, and memory ones, which base only on EPROM or EEPROM memory.
  • Cards are divided also considering the kind of communication with the external device into contact-type smart cards, with which the communication takes place thanks to the metal circuits on the card's surface. In the same way the power is supplied to the integrated circuit.
  • the other type of cards are contacless smart cards, which base on the radio transmission via the antenna situated inside the card. In the latter, the communication with the reading device takes place via the radio waves and is possible within several-centimetre range.
  • Biometric methods use the "Something you are” methodology. They involve examining a sample of biometric features of the system's subscriber and then comparing it with the model stored by the system in its database. The most frequently compared are fingerprints, retina images, palm prints, thermal facial patterns, iris images or the tone of voice. These features are unique to every human being. This method eliminates the risk factor - forgetting the password or losing the device which generates (or stores) one-time passwords.
  • One-time passwords can be generated both on the server-side and then sent to the client, or simultaneously on the server-side and client-side using the same algorithm based on the string known to both sides. Transferring the one-time password between the server and the client takes place via the data transmission with the use of any medium. Taking into consideration today's technology advancement, the most popular method is sending short text messages SMS. A typical process of sending the one-time password via an SMS is described below.
  • Subscriber A submits its request to access the software or hardware resources of a given system, and as a result, the system, using a special algorithm, generates a string of alphanumeric characters which will be used to authenticate the transaction with a given ID.
  • the pair of the transaction's ID and the authenticating key are saved in the memory by the system in order to be verified later.
  • a text message with a string of characters is sent to the subscriber and the subscriber receives it on their mobile phone as a text message sent by the transaction system.
  • the subscriber enters the generated one-time SRES code into the system using the computer keyboard.
  • the system compares the transaction's ID with the one-time SRES code entered, and if the pair corresponds exactly to the one saved in its memory, the system allows the subscriber to access the resources. Otherwise (depending on implementation) the whole process is repeated and the subscriber is not granted access to the resources.
  • Sending the code via the information channel which is a text does not guarantee delivering the text at the same time and there is no control over the process of its transmission between the system and the subscriber.
  • the text is transferred by the system to the SMC (Short Message Centre) server in the GSM operator infrastructure.
  • This server deals with storing messages and their subsequent transmission to the recipient on the basis of the information included in the SMS header standardised by ETSI (European Telecommunications Standards Institute).
  • GSM 03.38 and 03.40 standards include guidelines about the SMS header, which defines the message delivery time, validity period, priority, the GSM network timestamp, marker of the dispatch protocol and also about a set of characters, SMS type and the storing method in the phone.
  • the short message service centre processes the message and makes a decision about where it should be delivered and what to do if the subscriber is absent from the network.
  • the system stores the message for some defined time until the subscriber logs into the network again, and then the message is transferred to them. Otherwise, if the subscriber's absence exceeds the determined period of time, the message is deleted.
  • the SMS GWMS gate receives text messages. It is the point in the mobile network responsible for contacting other networks. After receiving an SMS from the short message centre (SMC), the gateway mobile switching centre (GMSC), via SS7 signalling, questions their home location register (HLR) about the current location of the text's recipient.
  • the home location register (HLR) is the main database in the mobile network. It stores the information about the final subscriber's profile and information about routing for him, i.e. the area controlled by the mobile switching centre (MSC). On the basis of this information, the gateway mobile switching centre (GMSC) is able to transfer the message to the appropriate mobile switching centre (MSC), which is one of the main elements of the gateway mobile switching centre's backbone.
  • the visitor location register is assigned to the mobile switching centre (MSC) in order to gather information about the visitors terminals, visitors not assigned to the area permanently. It contains information about: sector's number, base station, Location Area Identity (LAI) number or Routing Area Identity (RAI) number.
  • the data is gathered from the home location register (HLR), to which the subscriber is assigned permanently.
  • the necessary condition for authentication in the "something you know” model is proving one's knowledge of the password.
  • Both the final subscriber wanting to access the resources and the verification system must know it. It is the most frequently used method in securing the electronic systems which store valuable data or granting access to services which cannot be made available to outsiders.
  • the examples of such solutions are: a PIN code used for debit card transactions, a static password used to log into the services such as email systems, network resources or administration panels, as well as passwords used in computer systems, on the basis of which the subscriber can confirm their identity and the system can grant him/her an appropriate authorisation.
  • one-time passwords are transmitted to the subscriber in one of the three methods: as one-time codes card, known as a "scratch card", delivering codes in the form of SMS messages to the subscriber's mobile phone or as a hardware token.
  • a swipe card delivering codes in the form of SMS messages to the subscriber's mobile phone or as a hardware token.
  • the necessary condition which makes authentication possible in the "something you have” model, is to prove the possession of a thing.
  • it is a mobile phone with the SIM card installed.
  • SIM card Subscriber Identity Module
  • SSN SIM Serial Number
  • IMSI International Mobile Subscriber Identity
  • International Mobile Subscriber Identity consists or three parts: a unique mobile country code (MCC) which unambiguously identifies the country in which the mobile networks is situated (for Poland it is 260), unique in the country mobile network code (MNC), which unambiguously identifies the mobile network, and the number unambiguously identifying the MSIN subscriber in a given network.
  • MCC unique mobile country code
  • MNC country mobile network code
  • the IMSI number consists of digits from 0 to 9 and their total number cannot exceed 14 characters.
  • Routing the voice calls in the GSM and UMTS networks follows a specific scenario.
  • subscriber A turns on the mobile phone and logs via the base station and related to it base station controller (BSC) used in the GSM network or radio network controllers (RNC) used in the UMTS network.
  • BSC base station controller
  • RNC radio network controllers
  • the BSC or the RNC sends information to the mobile switching centre controlling the given area adapted to working in mobile networks, which registers it in the connected visitor location register VLR (visitors who in a given moment are within the area serviced by the mobile switching centre).
  • VLR visitor location register
  • the HLR will register the address of the VLR and connected with it mobile switching centre, which in a given moment serves a given subscriber.
  • MSC1 Mobile Station International ISDN Number
  • MSISDN Mobile Subscriber ISDN
  • HLR home location register
  • GMSC gateway mobile switching centre
  • MSC mobile switching centre
  • IAM Initial Address Message
  • ACM allocating Address Complete Message
  • NAM Answer Message
  • the gateway mobile switching centre (GMSC) contacts the home location register (HLR), which is situated also in the home network of subscriber B.
  • the home location register (HLR) has the address of the visitor location register (VLR) saved, the VLR associated with the mobile switching centre (MSC) serving in that moment subscriber B. It sends to that VLR associated with the mobile switching centre 2 (MSC 2) a query about the mobile station roaming number (MSRN) for subscriber B.
  • the VLR chooses one number from the available supply of the mobile station roaming numbers (MSRN), assigns it to the Mobile Subscriber ISDN which came with the query from the home location register (HLR), and returns the number to the HLR, which transfers it to the gateway mobile switching centre (GMSC).
  • the GMSC on the basis of the number analysis performed on the given mobile station roaming number (MSRN), transfers the call to the mobile switching centre 2 (MSC 2).
  • the MSC 2 questions the VLR about the MSISDN associated with the mobile station roaming number (MSRN) to which the request for the call routing came.
  • the VLR returns the information with a more detailed location of subscriber B and the MSRN will be transferred back to the supply of free numbers which can be used in routing subsequent calls.
  • the MSC2 will route the call with subscriber B via the base station controller (BSC) / radio network controller (RNC) and base stations.
  • BSC base station controller
  • RNC radio network controller
  • Subscriber A's number will be displayed correctly on subscriber B's telephone only if subscriber B has an active calling line identification presentation (CLIP) service.
  • CLIP active calling line identification presentation
  • This service enables caller identification. If subscriber A has an active calling line identification restriction (CLIR) service, subscriber B's number will not be displayed on his telephone.
  • CLIR active calling line identification restriction
  • the number of the caller can be found in the calling number field of the Initial Address Message (1AM).
  • subscriber A's centre sends a set of messages with the data concerning the connection. The calling number field allows the caller identification.
  • crypto algorithms A3, A5 and A8 are used to secure the system. Thanks to them, the authentication of the subscriber in the network and encoding the data transmission are possible.
  • the A3 algorithm is responsible for authentication and A5 and A8 algorithms for encoding the data.
  • a random number RAND
  • RAND random number
  • This random number (RAND) is sent between the network and the subscriber via the radio interface, to the personal elements of the subscriber, for example SIM card.
  • This random number (RAND) is encoded with the use of crypto algorithms to the SRES value by the identical K, key appearing there.
  • the SRES value determined in the SIM card is sent to the authentication centre and compared with the SRES value determined there. Only when these independently determined values are compatible can the positive authentication of the subscriber happen.
  • the AuC confirms authentication and is responsible for the client's authorisation. Additionally, it generates keys used for ciphering the data.
  • the ciphering K, key is saved both on the SIM card and in the AuC. It is a 128-bit implicit key which is assigned to every SIM card and in the AuC is assigned to the concrete IMSI. It is impossible to read or obtain the ciphering Ki key either from the SIM card or the AuC.
  • the ciphering K, key is used by the A3 and A8 algorithms, which authenticate the subscriber and generate the session key. This key is used by the A5 algorithm, which is responsible for ciphering.
  • the codes of the A3 and A8 algorithms are stored in AuC and on the SIM card.
  • the code of the A5 algorithm is implemented in two places. It is implemented on the subscriber-side, that is in his phone, whose ciphering takes place outside the SIM card, and generating the key takes place inside the SIM card.
  • On the network-side it is implemented in the base transceiver station (BTS).
  • BTS base transceiver station
  • the BTS receives from the VLR the session key to this algorithm thanks to the base station controller (BSC).
  • BSC base station controller
  • the IMSI is saved both on the SIM card of the subscriber and in the HLR and the VLR. Combining the IMSI with the ciphering K, key makes it possible to copy the SIM card. Thanks to appropriate network security and SIM cards security, copying them is practically impossible.
  • a call attempt in the GSM network generates return messages about the accurate progress and status of the connection, which allows a very precise analysis and reaction to undesirable actions. All these practices make the G
  • SIM cards used in mobile telecommunication GSM systems are described in general in the article of Grigorov, Theodor et al. entitled “SIM Cards”, from Telecommunication Journal of Australia, Bd.43, number 2, pages 33-38.
  • the method consists of managing services addressed by the HLR of a mobile radio network via any telephone connection. To do this the subscriber might authenticate as themselves against the HLR by entering their mobile phone number and PIN, which enables them to access the data in the HLR and services offered in the network.
  • the random number of the read authentication triplet is sent to the specific for the subscriber mobile element of the final radio device, the response parameter, determined from the random number of the element specific to the subscriber, is returned to the AuC, the response parameter is compared with the right value included in the authentication triplet and if the parameters correspond, the access is given to the mobile radio subscriber via the digital connection system subordinated to the AuC.
  • the element specific to the subscriber for the initiation gets connected to the right read-recording device of the AuC.
  • a wired or wireless data exchange between the element specific to the subscriber and the verifying instance happens.
  • a device which is used to authenticate the subscribers of a digital mobile communication system in relation to the AuC of the digital wireless telephone system in which the AuC is the permanent element of the digital wireless telephone system, in the verifying instance it is integrated with or connected to the read-recording device to read-record data contained in the element specific to the digital subscriber of the mobile communication system, in the AuC random a number generator is included, and in the AuC non-volatile memory is included, and the device contains links to connect with the final devices of the digital mobile communication system through the common radio interface.
  • the AuC is a permanent station of a digital wireless telephone system.
  • Digital mobile communication system is a mobile GSM communication network.
  • the element specific to the subscriber is the SIM card.
  • US 5191238 is presented a verified service of the access to communication services between subscribers of telecommunication networks and different service providers, for example banks, stockbrokers and so forth.
  • a data bank about the subscribers is created, in which subscribers have to authenticate as themselves in order to access the service providers' offers.
  • WO99/18746 presents a method of authentication the subscribers of the digital mobile radio network, in which the mobile radio network acts in the intelligent system network (INS) and includes Interactive Voice Response and Voice Message System, in which the subscriber chooses a special service offered in the mobile radio network by using the access code to the service, and then the access code is recognised by the mediating centre of the mobile radio network responsible for making the connection.
  • INS intelligent system network
  • INS Interactive Voice Response and Voice Message System
  • a logic unit serving the call After recognising the access code to the service, a logic unit serving the call is automatically activated and it automatically checks the presence of the MSISDN number of the caller in the 1AM, and in case of not having MSISDN of the subscriber available in the 1AM, with the help of a logic unit system an automatic connection of the calling subscriber with the suitable network function is done in order to auto-identify and authenticate, where the autoidentification and authentication procedures of the subscriber are realised by the cooperation of the INS with the IVR in such a way that the subscriber gets called by the INS to enter manually their MSISDN and PIN, while the entered MSISDN and PIN are transferred from the INS into the IVR.
  • a test connection is made with the VMS, the correctness of the MSISDN is checked in the VMS, basing on the saved subscriber's data and the number is authenticated based on PIN, and later the result of the authentication procedure is signalised through the IVR into the INS, and after successfully finishing the authentication procedure, through the INS those procedures are initiated which are inevitable for the use of the network functions required by the calling subscriber and the subscriber is automatically connected with the chosen service.
  • the logic units system is created in the INS of the mobile radio network.
  • the transmission is done through DTMF intra-band multi-frequency signalisation between the final phone of the calling subscriber and the IVR.
  • a reverse interruption of the established connection with the calling subscriber is realised.
  • the connection between the IVR and the INS is realised through the ISUP signalisation.
  • the IVR joins into the INS as a centralised intelligent periphery for the INS.
  • a subscription code of the called network subscriber is introduced.
  • the same access code is chosen, and after successful activation with this code one gets access to services connected with this PIN.
  • the procedure of the PIN activation for the given service code is activated when the subscriber chooses this access code to some service and the first time their MSISDN is not made available by the signalling protocol.
  • the PIN activation is realised in the VMS, and the calling subscriber connects to the IVR to follow the activation procedure.
  • MSISDN of the service is created in the service commutation point M-SSP in order to make the connection with the IVR.
  • MSISDN MSIS of the subscriber and MSISD of the service
  • the PIN has already been activated.
  • the PIN identical with or different from the PIN which enables access to the subscriber's personal voice mail is used.
  • the method of authenticating electronic bank operations is known; operations made through the bank websites, among others, the method described and used on Aliorbank S.A. websites.
  • the method consists of sending the one-time code to the electronic device in the form of mobile phone with the SIM number assigned in the computer's memory to the subscriber doing the transaction on the bank's websites.
  • the one-time code is included in the paid SMS text, generated and sent by the bank computer in response to the subscriber's authentication request of the bank operation.
  • the subscriber reads the message and enters the one-time code into the field specifically designed for that and confirms the operation.
  • the bank computer compares the entered one-time code with the one-time code saved in the computer's memory after generating the code and if they are consistent, the operation gets accepted.
  • Sending one-time codes in the form of a numerical, alphabetical and alphanumeric string is also known.
  • Subscriber A at turning on the mobile phone, via the base station and connected with its base station controller (BSC) used in the GSM network or radio network controller (RNC) used in the UMTS network, sends information to the mobile switching centre (MSC) controlling the given area, adjusted to working in mobile phone networks.
  • BSC base station controller
  • RNC radio network controller
  • MSC mobile switching centre
  • the MSC registers the subscriber in the connected visitor location register (VLR), which stores information about the subscribers who in a given moment are within the area served by the MSC.
  • the VLR sends information to the (home location registry) HLR, which stores information about the subscribers who belong to the given network.
  • the HLR saves the address of the VLR and associated with it mobile switching centre (MSC), which serve a given subscriber.
  • Subscriber A registered in the MSC1 , dials the MSISDN, colloquially known as telephone number, which is stored on the SIM or USIM card located in the phone, and in the HLR of subscriber B.
  • the MSC1 decides what home network of subscriber B is and directs the connection to the gateway mobile switching centre (GMSC), that is MSC with additional functionality, thanks to which it can contact the HLR and direct connections of the subscribers of its own network.
  • GMSC gateway mobile switching centre
  • a connection routing is made in such a way that IAM is realised, and it concerns among others transferring the number of the caller and the called number between the centres appropriate for subscriber A and subscriber B.
  • the moment subscriber B answers the phone, in his local centre ANM will be generated and it will be sent to the local centre serving subscriber A, who initiated the call, and from this moment the conversation between subscriber A and subscriber B can take place.
  • the GMSC contacts the HLR, also localised within the subscriber B's home network.
  • the HLR has the address of the VLR saved, associated with the MSC serving at that moment subscriber B. It sends to the VLR associated with the MSC2 a query about the temporary address of the MSRN for subscriber B.
  • the VLR chooses one address from the available supply of MSRN addresses, assigns it to the MSISDN which came with the query from the HLR and later returns this number to the HLR, which gives it to the GMSC.
  • the GMSC on the basis of the analysis of the number conducted on the given temporary address of the MSRN, transfers the call to the MSC2.
  • the MSC2 questions the VLR about the MSISDN associated with the temporary address of the MSRN to which the request for the call routing came.
  • the VLR returns the information with a more detailed location of subscriber B, and the temporary address of the MSRN will be transferred back to the supply of the free numbers which can be used to route connections.
  • the MSC2 via the BSC/RNC and base stations will route the connection with subscriber B.
  • the aim of the invention is to prepare a safer method of one-time code transmission to the subscriber identifiable with the phone number of the device, with simultaneous reduction of the costs of the data transmission via the telecommunication network.
  • the essence of the one-time code transmission according to the invention is that in the CID fields in the 1AM operation, the computer places and sends to the electronic device a one-time code in the hexadecimal system, displayed by the display system of the electronic device of the subscriber while calling them.
  • the computer places and sends with the one-time code masking characters other than alphanumeric.
  • the one-time code in an alphanumeric form placed by the computer in the CID fields contains at least one masking alphanumeric character.
  • the use of the method according to the invention makes the application more secure and more convenient because of sending the message in the form of a one-time SRESi code during the established permanent session with the subscriber, as in the case of a phone conversation, but only in order or send the one-time SRESi code, without the rated connection and without the cost associated with it.
  • the costs of transferring codes as alphanumeric passwords compared to transferring codes through the SMS are reduced, because in this method the aim is not to take the call and using the invention is not associated with any additional costs for subscribers resulting from the costs of calls within the telephone network, because transferring the code is done via the attempt to call and not via the voice connection or a text message.
  • the subscriber it is easier to read and use the one-time SRESi code than to be sent the code via the SMS.
  • mobile phones save the content of the text message in their memory, only notifying the subscriber that an SMS has been received, but the access to the message content is possible only by doing additional navigational activities within the phone menu: display the message.
  • Transferring the one-time SRESi code using the invention is done via happening in every case and independent from the personal preferences of the phone menu displaying the in-coming number. Reading the one-time SRESi code is possible both during the number presentation and at a later time while recalling it from the phone's memory of the subscriber A as the number of the unanswered call.
  • the method or the one-time code transmission in the alphanumeric form makes the transmission more secure because "intercepting" the one-time SRESi code by the person other than the one having the phone to whose number the one-time code is transferred, is quite difficult and a person who requests the one-time code needs to have their mobile phone on them.
  • Using the GSM technology to transfer one-time codes makes it more secure to transfer them by using the ciphering algorithms during the call initiation. Unlike transferring short messages, the computer system has a full control over the connection route, can read in what condition the connection currently is and react appropriately to undesirable activities.
  • fig. 1 presents the scheme of the authentication procedure
  • fig. 2 the course of the authentication method.
  • the method of transmitting the one-time code in an alphanumeric form is that while dialling the MSISDN by the bank computer the connection routing is done and the IAM operation is made which consists of transmitting, instead of the subscriber's number in the CID fields, the one-time SRESi code in the hexadecimal system generated by the computer and saved in the computer's memory. The moment the electronic device of the subscriber starts signalising the beginning of the call, through the display system the one-time SRESi code is displayed instead of the caller's number.
  • the computer places and sends with the one-time SRESi code masking characters other than alphanumeric.
  • the one-time SRES01 code in an alphanumeric form placed by the computer in the CID fields contains at least one masking alphanumeric character, which differs it from the SRESi code used by the subscriber during the authentication.
  • the subscriber's request for a one-time code is processed via electromagnetic impulses exchange in such a way that IMS number of the mobile phone previously assigned to the subscriber gets identified.
  • the electronic device in the form of computer connected to the telecommunication network, randomly generates or downloads the code form the code list.
  • the generated code is saved on the basis of electromagnetic impulses as assigned to the subscriber's application or service and the activity of the subscriber whose needs the code is supposed to authenticate while he undertakes a given activity.
  • the electronic device in the form of computer connected to the telecommunication network automatically tries to connect the phone number assigned to the given subscriber.
  • CID Calling Number Identification
  • CLID Calling Line Identification
  • CLIP Calling Line Presentation
  • the displayed number has a form of a string of characters consisting of the "+" character at the beginning and maximum of 14 digits. If the code is to have fewer than 14 alphanumeric characters, the fields not taken as the caller number presentation by the characters of the code are masked by the characters which are neither digits nor letters, for example a blank, "#" character, " * " character et etcetera and it is not important what kinds of characters will be used.
  • the subscriber does not answer the call because transferring the code is done through the in-coming call number presentation and its possible saving in the subscriber's phone as the number of the unanswered call, which can be deleted at any time and if the subscriber wishes, recalled, saved or deleted from the list.
  • the subscriber gives their subscriber name and the password from the level made available by the application or the service.
  • the application or the service via transformations of the electromagnetic impulses in the electronic devices identifies the subscriber on the basis of the name and finds in the database the mobile telephone number assigned to the subscriber.
  • the electronic device type computer via transformations of the electromagnetic impulses generates a one-time code required for the given activity of the subscriber.
  • the one-time code via transformations of the electromagnetic impulses, is saved in the alphanumeric format in the hexadecimal form.
  • the electronic device type computer via transformations of the electromagnetic impulses, immediately after saving the one-time code initiates the automatic connection with the mobile phone number assigned to the given subscriber.
  • the number of the in-coming call is displayed in the form of the one-time code and possible masking characters if the code consists of fewer characters than the presented number.
  • the subscriber during the number presentation or by reading the number from the "unanswered calls" folder enters the onetime code into the log-in screen.
  • the correct entry of the one-time code authenticates the subscriber and gives them the possibility to do subsequent activities within the application or services.
  • the subscriber To authenticate the subscriber establishing the safe VPN channel at the central identity management system, the subscriber gives their user name in the remote control application, which connects with the remote server in the identity management system.
  • the system checks the subscriber and on this basis directs them to the system connected to the telecommunication system.
  • the system checks in the directory service if it has information about the subscriber's powers and about the phone number assigned to them. If the subscriber does not exist, the connections gets severed.
  • the system identifies the subscriber, it generates a one-time SRES password and the phone connection is routed with the subscriber, where in the 1AM operation the field of the caller id is filled with the one-time SRES code indispensable for achieving authorisation.
  • the telephone of the subscriber applying for the access to the resources signalises the call and on its display a generated one-time code is displayed.
  • the subscriber enters the code into the correct field of its application.
  • the application sends the code into the system with which it wants to get connected.
  • the system compares the received password with the sent generated password. If the passwords are compatible, the safe channel of the virtual network VPN between the subscriber and the remote server is established thanks to which the subscriber gets access to the resources requested.
  • the subscriber gives their user name in the remote control application, which connects with the remote server in the INS identity management system.
  • the INS identity management system checks the subscriber and on this basis directs them to the system connected to the telecommunication system.
  • the system checks in the directory service if it has information about the subscriber's powers and about the phone number assigned to them.
  • the system When the system identifies the subscriber, it generates a one-time SRESi password and the phone connection is routed with the subscriber, where in the IAM operation the field of the caller id is filled with the one-time SRES01 code (with two subscriber's personal characters masked with two substitute characters) indispensable for achieving authorisation.
  • the two masked personal characters of the one-time SRES01 code are known to the identity management system and taken into consideration while generating the one-time SRES1 code in the authentication centre (AuC) with the use of crypto algorithms, and are also known to the subscriber who entered these personal characters into the identity management system the moment he/she bought the subscription.
  • the subscriber with the identity management system assigned the position of the substitute characters in the one-time SRES1 code.
  • the one-time SRES1 code sent to the digital switching centre and further to the subscriber's phone does not display in an explicit way the one-time SRES 1 code which enables the authentication to the subscriber and does not show the position of the substitute characters.
  • the phone of the subscriber requesting access to the resources signals starting the call and on its display a generated one-time SRES01 code is displayed.
  • the subscriber enters the received one-time SRES01 code into the suitable fields of their application, substituting the substitute characters for the personal characters, thus entering the one-time SRES1 code.
  • the application sends the entered SRES1 code into the INS identity management system with which it wants to get connected and the safe channel of the virtual network VPN between the subscriber and the remote server is established, thanks to which the subscriber gets access to the resources requested.
  • the method can be also used to verify if the person declaring having the IMSI number on the internet services really has it.
  • the computer of the internet service sends a request to the identity management system, in which the computer generates and saves in the memory the one-time SRES password, and later initiates the phone connection with the given IMSI number, and in the CID fields in the 1AM operation, the computer places and sends to the mobile phone a one-time SRES code in the hexadecimal system.
  • the compatibility of the code entered into the service's form displayed on the mobile's display with the generated code saved in the computer's memory confirms in the internet service that the subscriber actually possesses the mobile phone with the IMSI declared.
  • the method can be used in many cases to authenticate the subscribers and information technology systems.
  • the transmission method can be used with any phone model available on the world market thanks to the fact that it uses specifications to which the phone is destined, that is displaying the caller's number.
  • the method allows also to check if the person trying to get access to some data is abroad and react to it appropriately, and, additionally, it allows to block numbers outside of a given area.
  • Smart Card - ..intelligent card with integrated circuits e.g. SIM
  • SMSC Short Message Service Centre
  • VLR Visitor Location Register
  • VPN Virtual Private Network

Abstract

The subject of the invention is the method of transmission of a one-time code in an alphanumeric form by the computer connected to the telecommunication GSM or UMTS network after receiving by the computer the request for a one-time code, generating the one-time code and saving it into the computer's memory for the subscriber identifiable with the telephone number of the electronic display-equipped device, with which the computer routes and starts the connection via the telecommunication network; later in the CID fields of the IAM operation the computer places and sends to the electronic device the one-time code in the hexadecimal system. The code is displayed by the display system of the subscriber's electronic device when it is called. Preferably, in the CID fields not taken by the one-time code in an alphanumeric form the computer places and sends with the one¬ time code masking characters other than alphanumeric. Optionally, the one-time code in an alphanumeric form placed by the computer in the CID fields contains at least on masking alphanumeric character. The method can be used in many cases, serving the authentication of subscribers and telecommunication systems.

Description

METHOD FOR TRANSMITTING A ONE-TIME CODE IN AN ALPHANUMERIC FORM
The subject of the invention is the method of transmission of a one-time code in an alphanumeric form by the computer connected to the GSM or UMTS telecommunication network, after receiving from the computer a request for a one-time code, in order to authenticate the operations of the subscriber identified with the phone number of the electronic device.
The most frequent services in telecommunication networks include: electronic mail, WWW websites of computer networks, FTP and NFS protocols, RADIUS authentication services. To be given access to most services, authentication is required in order to notify the system of one's identity. On the basis of the authentication, the service is able to assign a specific authorisation level to a given subscriber. Authentication is a process confirming that a person attempting to access the application or service is the one they claim to be. Currently, a one-time code exists in a numerical form as a string of digits, alphabetical form as a string of letters, or alphanumeric form as a string of digits and letters. After informing the system of one's identity, the identity needs to be confirmed. Authentication is required to access most of today's' telecommunication or computer systems. It can be done using one of the three methods described below.
In the "Something you know" method, the subscriber informs the system that they know "something", most frequently a password, PIN or cryptographic key. In this method, the password can be either static or generated dynamically.
In the "Something you have" method, the subscriber "shows" to the system that they possess "something"; most frequently electronic cards which have appropriate integrated circuits.
In the "Something you are" method, the subscriber allows the system to examine some measurement of the biometric features.
The most frequently used methods of subscriber verification in IT systems are static or dynamic passwords.
Static passwords (conventional passwords) are generated by the specifically assigned system or by the subscriber themselves and are memorised by the subscriber in order to re-enter them. The subscriber who applies for an access to given resources or service is asked to provide their user ID and then, in order to get verified, they need to enter the password assigned to the user ID. The system then checks the ID-password pair. If the verification is positive, the subscriber gains access to the resurces. Otherwise, access is denied. Static passwords can be periodically changed in order to increase the security of the protected system. If an unauthorised person learns the password, the security of the system gets compromised. If the subscriber forgets or loses their password, he or she loses access to the system. The most frequent practice in such cases is generating a new password by the system administrator (or an authorised person). Another frequently used method is using the procedure involving answering a series of questions, answers to which are theoretically known only to the appropriate person. This procedure is most frequently used to authenticate a customer in the customer-customer service contacts.
One-time dynamic TAN (Transaction Authentication Number) password is generated for the needs of a specific log-in by the appropriate IT or telecommunication system. The subscriber must have a data storage device enabling them to receive the password. The simplest forms of one-time passwords are scratch cards still used by some banking and financial institutions. During an attempt to access the system or to perform a specific high-risk action, the transaction gets temporarily suspended and the subscriber is asked to enter the one-time password of a given ID. After he/she enters the one-time password correctly, the transaction is transferred to get processed. Otherwise, a so-called rollback is done, in which the system returns to the state from before the action has been attempted. One password is dedicated to one specific transaction and it is impossible to reuse it.
A more advanced method of providing one-time passwords is using a dedicated device called a token. The subscriber can have it in the form of a key ring pendant with a display or a special calculator. Each of these devices has their unique serial number and a set of suitably programmed procedures and functions, thanks to which it generates the one-time password appropriate for the specific subscriber and operation which he/she wants to perform in a given moment. The created passwords are generated using an algorithm known to the system, appropriate for the specific token. The password can be generated using a synchronous or asynchronous mode. In the synchronous mode, the token generates a random string of digits, which changes after some time period, most frequently several seconds, which is displayed on the device's display. The random string of digits is generated by the pseudo-random generator synchronised with the parallel generator on the server. The string of digits entered by the subscriber is compared with the string generated on the server. When the strings are identical, the transaction is accepted. In the asynchronous mode, the token works on the request-response basis. Using the keyboard, which is a part of the token, the subscriber enters the code generated by the server. On its basis, the token determines the one-time password which is to be used to confirm the operation and displays it on the screen. The subscriber enters the generated password.
It is known how to use the token thanks to the banking operations manual, which concerns operations performed via computer networks on the internet portal of Kredyt Bank SA. The bank client who is logged into the banking system and has the token wants the prepared operation of the money transfer to be done and in answer to his request he gets a numerical one-time SRES code displayed. The client enters their own PIN code into the token and then enters the one-time SRES code generated by the banking system. In response, the token displays a new numerical one-time SRESi code with which the client authorises the operation in the banking system, in addition entering the picture code received simultaneously with the SRESi code.
Smart Cards make it possible to access the data on the basis of the possession component, which is the card, usually made of plastic, with one or more integrated circuits built into it. It exists in two standard sizes: bigger, specified by the ID-1 ISO/IEC 7810 standard, and smaller, specified by the ID-000 ISO/IEC 7810 standard. As far as the type of an integrated circuit is concerned, cards are divided into: processor ones, which have a processor managing the access to RAM, EPROM or EEPROM memory, and memory ones, which base only on EPROM or EEPROM memory. Cards are divided also considering the kind of communication with the external device into contact-type smart cards, with which the communication takes place thanks to the metal circuits on the card's surface. In the same way the power is supplied to the integrated circuit. The other type of cards are contacless smart cards, which base on the radio transmission via the antenna situated inside the card. In the latter, the communication with the reading device takes place via the radio waves and is possible within several-centimetre range.
Biometric methods use the "Something you are" methodology. They involve examining a sample of biometric features of the system's subscriber and then comparing it with the model stored by the system in its database. The most frequently compared are fingerprints, retina images, palm prints, thermal facial patterns, iris images or the tone of voice. These features are unique to every human being. This method eliminates the risk factor - forgetting the password or losing the device which generates (or stores) one-time passwords.
One-time passwords can be generated both on the server-side and then sent to the client, or simultaneously on the server-side and client-side using the same algorithm based on the string known to both sides. Transferring the one-time password between the server and the client takes place via the data transmission with the use of any medium. Taking into consideration today's technology advancement, the most popular method is sending short text messages SMS. A typical process of sending the one-time password via an SMS is described below.
Subscriber A submits its request to access the software or hardware resources of a given system, and as a result, the system, using a special algorithm, generates a string of alphanumeric characters which will be used to authenticate the transaction with a given ID. The pair of the transaction's ID and the authenticating key are saved in the memory by the system in order to be verified later. A text message with a string of characters is sent to the subscriber and the subscriber receives it on their mobile phone as a text message sent by the transaction system. The subscriber enters the generated one-time SRES code into the system using the computer keyboard. The system compares the transaction's ID with the one-time SRES code entered, and if the pair corresponds exactly to the one saved in its memory, the system allows the subscriber to access the resources. Otherwise (depending on implementation) the whole process is repeated and the subscriber is not granted access to the resources. Sending the code via the information channel which is a text does not guarantee delivering the text at the same time and there is no control over the process of its transmission between the system and the subscriber.
The text is transferred by the system to the SMC (Short Message Centre) server in the GSM operator infrastructure. This server deals with storing messages and their subsequent transmission to the recipient on the basis of the information included in the SMS header standardised by ETSI (European Telecommunications Standards Institute). GSM 03.38 and 03.40 standards include guidelines about the SMS header, which defines the message delivery time, validity period, priority, the GSM network timestamp, marker of the dispatch protocol and also about a set of characters, SMS type and the storing method in the phone. On the basis of this information, the short message service centre (SMSC) processes the message and makes a decision about where it should be delivered and what to do if the subscriber is absent from the network. As far as the validity period of the message is concerned, the system stores the message for some defined time until the subscriber logs into the network again, and then the message is transferred to them. Otherwise, if the subscriber's absence exceeds the determined period of time, the message is deleted.
The SMS GWMS gate (SMS MSC gate) receives text messages. It is the point in the mobile network responsible for contacting other networks. After receiving an SMS from the short message centre (SMC), the gateway mobile switching centre (GMSC), via SS7 signalling, questions their home location register (HLR) about the current location of the text's recipient. The home location register (HLR) is the main database in the mobile network. It stores the information about the final subscriber's profile and information about routing for him, i.e. the area controlled by the mobile switching centre (MSC). On the basis of this information, the gateway mobile switching centre (GMSC) is able to transfer the message to the appropriate mobile switching centre (MSC), which is one of the main elements of the gateway mobile switching centre's backbone. It is responsible for routing the connections between the mobile elements of the network and between the stationary telephony and mobile telephony. The visitor location register (VLR) is assigned to the mobile switching centre (MSC) in order to gather information about the visitors terminals, visitors not assigned to the area permanently. It contains information about: sector's number, base station, Location Area Identity (LAI) number or Routing Area Identity (RAI) number. The data is gathered from the home location register (HLR), to which the subscriber is assigned permanently.
This state of things does not allow the system to unambiguously determine if the attempt to deliver the SMS to the recipient will be successful and after what time the recipient will read the message. That is caused by the fact that the whole system works on the basis of the "store-transfer" rule. There is no permanent session with the subscriber, as it happens in the regular phone conversation. The message sender transmits it further and has no real influence over what will happen to it.
The necessary condition for authentication in the "something you know" model is proving one's knowledge of the password. Both the final subscriber wanting to access the resources and the verification system must know it. It is the most frequently used method in securing the electronic systems which store valuable data or granting access to services which cannot be made available to outsiders. The examples of such solutions are: a PIN code used for debit card transactions, a static password used to log into the services such as email systems, network resources or administration panels, as well as passwords used in computer systems, on the basis of which the subscriber can confirm their identity and the system can grant him/her an appropriate authorisation.
In today's state of technology, one-time passwords are transmitted to the subscriber in one of the three methods: as one-time codes card, known as a "scratch card", delivering codes in the form of SMS messages to the subscriber's mobile phone or as a hardware token.
The necessary condition, which makes authentication possible in the "something you have" model, is to prove the possession of a thing. In the case of transferring one-time codes as alphanumeric passwords, it is a mobile phone with the SIM card installed.
A SIM card (Subscriber Identity Module) is a card made of plastic, available in three sizes: 85x54mm, 25x15mm or 15x12mm. It has got a built-in memory and microprocessor. A SIM card is used to unambiguously identify the subscriber in the mobile network. Every card has got its unique SIM Serial Number (SSN) written on its surface. A card needs to have their own unique International Mobile Subscriber Identity (IMSI). Thanks to that, the connection revealing the code as an alphanumeric password will be made. Thanks to this number, it is possible to unambiguously identify a given card. International Mobile Subscriber Identity consists or three parts: a unique mobile country code (MCC) which unambiguously identifies the country in which the mobile networks is situated (for Poland it is 260), unique in the country mobile network code (MNC), which unambiguously identifies the mobile network, and the number unambiguously identifying the MSIN subscriber in a given network. The IMSI number consists of digits from 0 to 9 and their total number cannot exceed 14 characters.
International standards of the numbering plans for the PSTN network are defined by the International Telecommunication Union (ITU) in the form of the presently binding E164 standard. Within the confines of the Polish law they are defined by the central (governmental) administration through PNK-TF (National Numbering Plan for the Public Phone Networks) in force now because of the decree of the Minister of Infrastructure from 28th February 2008 (Dz.U. 52/2008 item 307).
Routing the voice calls in the GSM and UMTS networks follows a specific scenario. To log a device in the system, subscriber A turns on the mobile phone and logs via the base station and related to it base station controller (BSC) used in the GSM network or radio network controllers (RNC) used in the UMTS network. The BSC or the RNC sends information to the mobile switching centre controlling the given area adapted to working in mobile networks, which registers it in the connected visitor location register VLR (visitors who in a given moment are within the area serviced by the mobile switching centre). From the VLR the information is sent to the home location register (HLR), where the information about the subscribers belonging to a given network is stored. The HLR will register the address of the VLR and connected with it mobile switching centre, which in a given moment serves a given subscriber.
In order to make a call, subscriber A, registered in the mobile switching centre 1 (MSC1), chooses a Mobile Station International ISDN Number MSISDN (Mobile Subscriber ISDN), which is stored on the SIM or USIM card in the phone and in the home location register (HLR) of the subscriber B's network. On the basis of the number analysis performed on the subscriber B's MSISDN, the MSC 1 determines what the home network for the subscriber B is and transfers the connection to the gateway mobile switching centre (GMSC) and mobile switching centre (MSC) with additional functionality, thanks to which it can contact the home location register (HLR) and direct calls to the subscribers of its own network.
While dialling the Mobile Subscriber ISDN the call routing happens in this way: the Initial Address Message (IAM) operation is realised, consisting of transferring, among others, the number of the caller and the chosen number between the centres appropriate to subscriber A and subscriber B. The moment subscriber B's phone starts ringing, the local centre operating it will send in the opposite direction the information about allocating Address Complete Message (ACM), informing that the call can be started because the links and suitable centre's resources operating this call have been allocated. The moment subscriber B answers the phone, in his local centre the Answer Message (ANM) will be generated, which will be sent to the local centre operating subscriber A, who initiated the call, and from this moment the call between subscriber A and subscriber B can take place. The gateway mobile switching centre (GMSC) contacts the home location register (HLR), which is situated also in the home network of subscriber B. The home location register (HLR) has the address of the visitor location register (VLR) saved, the VLR associated with the mobile switching centre (MSC) serving in that moment subscriber B. It sends to that VLR associated with the mobile switching centre 2 (MSC 2) a query about the mobile station roaming number (MSRN) for subscriber B. For the time of the call, the VLR chooses one number from the available supply of the mobile station roaming numbers (MSRN), assigns it to the Mobile Subscriber ISDN which came with the query from the home location register (HLR), and returns the number to the HLR, which transfers it to the gateway mobile switching centre (GMSC). The GMSC, on the basis of the number analysis performed on the given mobile station roaming number (MSRN), transfers the call to the mobile switching centre 2 (MSC 2). The MSC 2 questions the VLR about the MSISDN associated with the mobile station roaming number (MSRN) to which the request for the call routing came. The VLR returns the information with a more detailed location of subscriber B and the MSRN will be transferred back to the supply of free numbers which can be used in routing subsequent calls. The MSC2 will route the call with subscriber B via the base station controller (BSC) / radio network controller (RNC) and base stations.
Subscriber A's number will be displayed correctly on subscriber B's telephone only if subscriber B has an active calling line identification presentation (CLIP) service. This service enables caller identification. If subscriber A has an active calling line identification restriction (CLIR) service, subscriber B's number will not be displayed on his telephone. The number of the caller can be found in the calling number field of the Initial Address Message (1AM). During the call initiation, subscriber A's centre sends a set of messages with the data concerning the connection. The calling number field allows the caller identification.
In the known mobile GSM connection systems, crypto algorithms A3, A5 and A8 are used to secure the system. Thanks to them, the authentication of the subscriber in the network and encoding the data transmission are possible.
The A3 algorithm is responsible for authentication and A5 and A8 algorithms for encoding the data. To this end, while making every connection with the authentication centre, a random number (RAND) is sent between the network and the subscriber via the radio interface, to the personal elements of the subscriber, for example SIM card. This random number (RAND), both in the SIM card and in the authentication centre, is encoded with the use of crypto algorithms to the SRES value by the identical K, key appearing there. The SRES value determined in the SIM card is sent to the authentication centre and compared with the SRES value determined there. Only when these independently determined values are compatible can the positive authentication of the subscriber happen.
The most important element of the network security is the Authentication Centre and subscriber's SIM card. The AuC confirms authentication and is responsible for the client's authorisation. Additionally, it generates keys used for ciphering the data. The ciphering K, key is saved both on the SIM card and in the AuC. It is a 128-bit implicit key which is assigned to every SIM card and in the AuC is assigned to the concrete IMSI. It is impossible to read or obtain the ciphering Ki key either from the SIM card or the AuC. The ciphering K, key is used by the A3 and A8 algorithms, which authenticate the subscriber and generate the session key. This key is used by the A5 algorithm, which is responsible for ciphering. The codes of the A3 and A8 algorithms are stored in AuC and on the SIM card. The code of the A5 algorithm is implemented in two places. It is implemented on the subscriber-side, that is in his phone, whose ciphering takes place outside the SIM card, and generating the key takes place inside the SIM card. On the network-side, it is implemented in the base transceiver station (BTS). The BTS receives from the VLR the session key to this algorithm thanks to the base station controller (BSC). The IMSI is saved both on the SIM card of the subscriber and in the HLR and the VLR. Combining the IMSI with the ciphering K, key makes it possible to copy the SIM card. Thanks to appropriate network security and SIM cards security, copying them is practically impossible. A call attempt in the GSM network generates return messages about the accurate progress and status of the connection, which allows a very precise analysis and reaction to undesirable actions. All these practices make the GSM channel an extremely safe and well controlled method of exchanging information between subscribers.
The known construction and mode of action of SIM cards used in mobile telecommunication GSM systems are described in general in the article of Grigorov, Theodor et al. entitled "SIM Cards", from Telecommunication Journal of Australia, Bd.43, number 2, pages 33-38.
From the international WO-A-95/21509 application it is known that there exists a method and structure used to serve and control additional services destined for a mobile station. The method consists of managing services addressed by the HLR of a mobile radio network via any telephone connection. To do this the subscriber might authenticate as themselves against the HLR by entering their mobile phone number and PIN, which enables them to access the data in the HLR and services offered in the network.
From the international W098/51112 application it is known that there exists a method of authenticating subscribers of the digital mobile communication system against the instance of the verifying digital wireless telephone system, in which the subscriber gets initialised one time in the AuC of the digital wireless telephone system. It is done by generating a random number by the AuC of the wireless telephone system, and then the number is transferred to a subscriber-specific element of the final mobile communication device of the subscriber, the response data is returned, determined from the random number of the element specific to the subscriber to the AuC, the random number is saved with the assigned response data in the form of an authentication triplet in the non-volatile memory of the AuC of the wireless telephone system; the above described process of the random number generation, the random number transmission, data return and saving the number is repeated several times, thanks to which the mobile radio subscriber gets regularly authenticated against the AuC of the wireless telephone system via the common radio interface, with the help of the authentication triplet saved during the verifying instance initiation. With regular authentication it is possible to read the authentication triplet from the memory of the AuC, the random number of the read authentication triplet is sent to the specific for the subscriber mobile element of the final radio device, the response parameter, determined from the random number of the element specific to the subscriber, is returned to the AuC, the response parameter is compared with the right value included in the authentication triplet and if the parameters correspond, the access is given to the mobile radio subscriber via the digital connection system subordinated to the AuC.
With one-time or multiple inconsistency between the response parameter value and appropriate value from the authentication triplet, access is denied to the mobile radio subscriber. Preferably, the element specific to the subscriber for the initiation gets connected to the right read-recording device of the AuC. At the initiation, a wired or wireless data exchange between the element specific to the subscriber and the verifying instance happens. When the authentication triplets saved in the AuC are used, a new initiating procedure is started. By the means of the AuC, a bigger amount of data and authentication specific to the subscriber is managed.
For this method a device has been described, which is used to authenticate the subscribers of a digital mobile communication system in relation to the AuC of the digital wireless telephone system in which the AuC is the permanent element of the digital wireless telephone system, in the verifying instance it is integrated with or connected to the read-recording device to read-record data contained in the element specific to the digital subscriber of the mobile communication system, in the AuC random a number generator is included, and in the AuC non-volatile memory is included, and the device contains links to connect with the final devices of the digital mobile communication system through the common radio interface. The AuC is a permanent station of a digital wireless telephone system. Digital mobile communication system is a mobile GSM communication network. The element specific to the subscriber is the SIM card.
In the patent description US 5191238 is presented a verified service of the access to communication services between subscribers of telecommunication networks and different service providers, for example banks, stockbrokers and so forth. A data bank about the subscribers is created, in which subscribers have to authenticate as themselves in order to access the service providers' offers.
WO99/18746 presents a method of authentication the subscribers of the digital mobile radio network, in which the mobile radio network acts in the intelligent system network (INS) and includes Interactive Voice Response and Voice Message System, in which the subscriber chooses a special service offered in the mobile radio network by using the access code to the service, and then the access code is recognised by the mediating centre of the mobile radio network responsible for making the connection. After recognising the access code to the service, a logic unit serving the call is automatically activated and it automatically checks the presence of the MSISDN number of the caller in the 1AM, and in case of not having MSISDN of the subscriber available in the 1AM, with the help of a logic unit system an automatic connection of the calling subscriber with the suitable network function is done in order to auto-identify and authenticate, where the autoidentification and authentication procedures of the subscriber are realised by the cooperation of the INS with the IVR in such a way that the subscriber gets called by the INS to enter manually their MSISDN and PIN, while the entered MSISDN and PIN are transferred from the INS into the IVR. Then, after receiving the entered MSISDN and PIN, with the help of the IVR, a test connection is made with the VMS, the correctness of the MSISDN is checked in the VMS, basing on the saved subscriber's data and the number is authenticated based on PIN, and later the result of the authentication procedure is signalised through the IVR into the INS, and after successfully finishing the authentication procedure, through the INS those procedures are initiated which are inevitable for the use of the network functions required by the calling subscriber and the subscriber is automatically connected with the chosen service. The logic units system is created in the INS of the mobile radio network.
The transmission is done through DTMF intra-band multi-frequency signalisation between the final phone of the calling subscriber and the IVR. For a failed authentication of the subscriber, a reverse interruption of the established connection with the calling subscriber is realised. The connection between the IVR and the INS is realised through the ISUP signalisation. The IVR joins into the INS as a centralised intelligent periphery for the INS. In place of the dialled access code to the service, a subscription code of the called network subscriber is introduced. For the PIN authentication the same access code is chosen, and after successful activation with this code one gets access to services connected with this PIN. Preferably, the procedure of the PIN activation for the given service code is activated when the subscriber chooses this access code to some service and the first time their MSISDN is not made available by the signalling protocol. The PIN activation is realised in the VMS, and the calling subscriber connects to the IVR to follow the activation procedure. For every access code to the service, for which a separate PIN activation is required, MSISDN of the service is created in the service commutation point M-SSP in order to make the connection with the IVR. After the caller enters MSISDN (MSIS of the subscriber and MSISD of the service), the PIN has already been activated. To authenticate the manually entered MSISDN, the PIN identical with or different from the PIN which enables access to the subscriber's personal voice mail is used.
The method of authenticating electronic bank operations is known; operations made through the bank websites, among others, the method described and used on Aliorbank S.A. websites. The method consists of sending the one-time code to the electronic device in the form of mobile phone with the SIM number assigned in the computer's memory to the subscriber doing the transaction on the bank's websites. The one-time code is included in the paid SMS text, generated and sent by the bank computer in response to the subscriber's authentication request of the bank operation. The subscriber reads the message and enters the one-time code into the field specifically designed for that and confirms the operation. The bank computer compares the entered one-time code with the one-time code saved in the computer's memory after generating the code and if they are consistent, the operation gets accepted.
Sending one-time codes in the form of a numerical, alphabetical and alphanumeric string is also known.
International standards of data saving to route telephone connections are defined by the International Telecommunication Union (ITU) in the form of the currently valid E.164 standard and within the Polish legal area by the central administration through Plan Numeracji Krajowej dla Publicznych Sieci Telefonicznych (PNK-TF). Presently binding decree of the Minister of Infrastructure from 28th February 2008 is published in Dz.U. NR 52 from 2008 item. 307. The maximum number of digits within the subscriber's number is 15, preferably with the prefix "+".
In this protocol, routing voice calls in the GSM and UMTS networks works like this: Subscriber A, at turning on the mobile phone, via the base station and connected with its base station controller (BSC) used in the GSM network or radio network controller (RNC) used in the UMTS network, sends information to the mobile switching centre (MSC) controlling the given area, adjusted to working in mobile phone networks. The MSC registers the subscriber in the connected visitor location register (VLR), which stores information about the subscribers who in a given moment are within the area served by the MSC. The VLR sends information to the (home location registry) HLR, which stores information about the subscribers who belong to the given network. The HLR saves the address of the VLR and associated with it mobile switching centre (MSC), which serve a given subscriber. Subscriber A, registered in the MSC1 , dials the MSISDN, colloquially known as telephone number, which is stored on the SIM or USIM card located in the phone, and in the HLR of subscriber B. On the basis of the number analysis done on MSISDN number of the subscriber B, the MSC1 decides what home network of subscriber B is and directs the connection to the gateway mobile switching centre (GMSC), that is MSC with additional functionality, thanks to which it can contact the HLR and direct connections of the subscribers of its own network. While dialling the MSISDN, a connection routing is made in such a way that IAM is realised, and it concerns among others transferring the number of the caller and the called number between the centres appropriate for subscriber A and subscriber B. The moment that subscriber B's phone starts ringing, a local centre serving it will send the Address Complete Message in the opposite direction informing that the conversation can be begun because the links and suitable resources of the centres have been allocated. The moment subscriber B answers the phone, in his local centre ANM will be generated and it will be sent to the local centre serving subscriber A, who initiated the call, and from this moment the conversation between subscriber A and subscriber B can take place. The GMSC contacts the HLR, also localised within the subscriber B's home network. The HLR has the address of the VLR saved, associated with the MSC serving at that moment subscriber B. It sends to the VLR associated with the MSC2 a query about the temporary address of the MSRN for subscriber B. For the time of the call, the VLR chooses one address from the available supply of MSRN addresses, assigns it to the MSISDN which came with the query from the HLR and later returns this number to the HLR, which gives it to the GMSC. The GMSC, on the basis of the analysis of the number conducted on the given temporary address of the MSRN, transfers the call to the MSC2. The MSC2 questions the VLR about the MSISDN associated with the temporary address of the MSRN to which the request for the call routing came. The VLR returns the information with a more detailed location of subscriber B, and the temporary address of the MSRN will be transferred back to the supply of the free numbers which can be used to route connections. The MSC2 via the BSC/RNC and base stations will route the connection with subscriber B.
The aim of the invention is to prepare a safer method of one-time code transmission to the subscriber identifiable with the phone number of the device, with simultaneous reduction of the costs of the data transmission via the telecommunication network.
The essence of the one-time code transmission according to the invention is that in the CID fields in the 1AM operation, the computer places and sends to the electronic device a one-time code in the hexadecimal system, displayed by the display system of the electronic device of the subscriber while calling them. Preferably in the CID fields not taken by the code in the alphanumeric form, the computer places and sends with the one-time code masking characters other than alphanumeric. Preferably the one-time code in an alphanumeric form placed by the computer in the CID fields contains at least one masking alphanumeric character.
The use of the method according to the invention makes the application more secure and more convenient because of sending the message in the form of a one-time SRESi code during the established permanent session with the subscriber, as in the case of a phone conversation, but only in order or send the one-time SRESi code, without the rated connection and without the cost associated with it. The costs of transferring codes as alphanumeric passwords compared to transferring codes through the SMS are reduced, because in this method the aim is not to take the call and using the invention is not associated with any additional costs for subscribers resulting from the costs of calls within the telephone network, because transferring the code is done via the attempt to call and not via the voice connection or a text message. For the subscriber it is easier to read and use the one-time SRESi code than to be sent the code via the SMS. In the majority of cases, mobile phones save the content of the text message in their memory, only notifying the subscriber that an SMS has been received, but the access to the message content is possible only by doing additional navigational activities within the phone menu: display the message. Transferring the one-time SRESi code using the invention is done via happening in every case and independent from the personal preferences of the phone menu displaying the in-coming number. Reading the one-time SRESi code is possible both during the number presentation and at a later time while recalling it from the phone's memory of the subscriber A as the number of the unanswered call. Using the method or the one-time code transmission in the alphanumeric form makes the transmission more secure because "intercepting" the one-time SRESi code by the person other than the one having the phone to whose number the one-time code is transferred, is quite difficult and a person who requests the one-time code needs to have their mobile phone on them. Using the GSM technology to transfer one-time codes makes it more secure to transfer them by using the ciphering algorithms during the call initiation. Unlike transferring short messages, the computer system has a full control over the connection route, can read in what condition the connection currently is and react appropriately to undesirable activities. Thanks to the GSM technology specifications it is possible to discover that the connection is transferred by one of the network elements to other than the final with initiating the call and in this situation the computer system cannot agree to transfer the code further and can also invalidate the one-time code on the system-side, and if an undesirable person tries to enter it, it will be invalid.
The invention is presented in the pictures, in which fig. 1 presents the scheme of the authentication procedure and fig. 2 the course of the authentication method.
According to the invention, the method of transmitting the one-time code in an alphanumeric form is that while dialling the MSISDN by the bank computer the connection routing is done and the IAM operation is made which consists of transmitting, instead of the subscriber's number in the CID fields, the one-time SRESi code in the hexadecimal system generated by the computer and saved in the computer's memory. The moment the electronic device of the subscriber starts signalising the beginning of the call, through the display system the one-time SRESi code is displayed instead of the caller's number. In the CID fields not taken by the one-time SRESi code in an alphanumeric form, the computer places and sends with the one-time SRESi code masking characters other than alphanumeric. Optionally, the one-time SRES01 code in an alphanumeric form placed by the computer in the CID fields contains at least one masking alphanumeric character, which differs it from the SRESi code used by the subscriber during the authentication.
The subscriber's request for a one-time code is processed via electromagnetic impulses exchange in such a way that IMS number of the mobile phone previously assigned to the subscriber gets identified. The electronic device in the form of computer, connected to the telecommunication network, randomly generates or downloads the code form the code list. The generated code is saved on the basis of electromagnetic impulses as assigned to the subscriber's application or service and the activity of the subscriber whose needs the code is supposed to authenticate while he undertakes a given activity. After generating and saving the one-time code, the electronic device in the form of computer connected to the telecommunication network automatically tries to connect the phone number assigned to the given subscriber. Every code is saved in an alphanumeric form in the hexadecimal system compatible with the CID field format in the 1AM operation, which is used to transfer, among others, the number of the caller in such a way that the content of the code is displayed as the caller number presentation. CID is sometimes also called Calling Number Identification (CNID) as well as Calling Line Identification (CLID) or Calling Line Presentation (CLIP).
According to the current standards compatible with the E.164 directive, the displayed number has a form of a string of characters consisting of the "+" character at the beginning and maximum of 14 digits. If the code is to have fewer than 14 alphanumeric characters, the fields not taken as the caller number presentation by the characters of the code are masked by the characters which are neither digits nor letters, for example a blank, "#" character, "*" character et etcetera and it is not important what kinds of characters will be used. The subscriber does not answer the call because transferring the code is done through the in-coming call number presentation and its possible saving in the subscriber's phone as the number of the unanswered call, which can be deleted at any time and if the subscriber wishes, recalled, saved or deleted from the list.
Example I
To authenticate the subscriber of the application or the service integrated with saving in the memory and transmitting one-time codes as alphanumeric passwords, the subscriber gives their subscriber name and the password from the level made available by the application or the service. The application or the service via transformations of the electromagnetic impulses in the electronic devices identifies the subscriber on the basis of the name and finds in the database the mobile telephone number assigned to the subscriber. The electronic device type computer via transformations of the electromagnetic impulses generates a one-time code required for the given activity of the subscriber. The one-time code, via transformations of the electromagnetic impulses, is saved in the alphanumeric format in the hexadecimal form. The electronic device type computer via transformations of the electromagnetic impulses, immediately after saving the one-time code initiates the automatic connection with the mobile phone number assigned to the given subscriber. On the phone's display of the subscriber the number of the in-coming call is displayed in the form of the one-time code and possible masking characters if the code consists of fewer characters than the presented number. The subscriber during the number presentation or by reading the number from the "unanswered calls" folder, enters the onetime code into the log-in screen. The correct entry of the one-time code authenticates the subscriber and gives them the possibility to do subsequent activities within the application or services.
Example II
To authenticate the subscriber establishing the safe VPN channel at the central identity management system, the subscriber gives their user name in the remote control application, which connects with the remote server in the identity management system. The system checks the subscriber and on this basis directs them to the system connected to the telecommunication system. The system checks in the directory service if it has information about the subscriber's powers and about the phone number assigned to them. If the subscriber does not exist, the connections gets severed. When the system identifies the subscriber, it generates a one-time SRES password and the phone connection is routed with the subscriber, where in the 1AM operation the field of the caller id is filled with the one-time SRES code indispensable for achieving authorisation. The telephone of the subscriber applying for the access to the resources signalises the call and on its display a generated one-time code is displayed. The subscriber enters the code into the correct field of its application. The application sends the code into the system with which it wants to get connected. The system compares the received password with the sent generated password. If the passwords are compatible, the safe channel of the virtual network VPN between the subscriber and the remote server is established thanks to which the subscriber gets access to the resources requested. Example III
With the increased security level, to authenticate the subscriber establishing the safe VPN channel at the INS central identity management system, the subscriber gives their user name in the remote control application, which connects with the remote server in the INS identity management system. The INS identity management system checks the subscriber and on this basis directs them to the system connected to the telecommunication system. The system checks in the directory service if it has information about the subscriber's powers and about the phone number assigned to them. When the system identifies the subscriber, it generates a one-time SRESi password and the phone connection is routed with the subscriber, where in the IAM operation the field of the caller id is filled with the one-time SRES01 code (with two subscriber's personal characters masked with two substitute characters) indispensable for achieving authorisation. The two masked personal characters of the one-time SRES01 code are known to the identity management system and taken into consideration while generating the one-time SRES1 code in the authentication centre (AuC) with the use of crypto algorithms, and are also known to the subscriber who entered these personal characters into the identity management system the moment he/she bought the subscription. Then, the subscriber with the identity management system assigned the position of the substitute characters in the one-time SRES1 code. Thus, the one-time SRES1 code sent to the digital switching centre and further to the subscriber's phone, does not display in an explicit way the one-time SRES1 code which enables the authentication to the subscriber and does not show the position of the substitute characters. The phone of the subscriber requesting access to the resources signals starting the call and on its display a generated one-time SRES01 code is displayed. The subscriber enters the received one-time SRES01 code into the suitable fields of their application, substituting the substitute characters for the personal characters, thus entering the one-time SRES1 code. The application sends the entered SRES1 code into the INS identity management system with which it wants to get connected and the safe channel of the virtual network VPN between the subscriber and the remote server is established, thanks to which the subscriber gets access to the resources requested.
In this example of the realisation of the invention, apart from having the device with the SIM card registered in the system in the moment of the authentication, one also needs to know a short, one- or two-character code of personal characters.
The method can be also used to verify if the person declaring having the IMSI number on the internet services really has it. The computer of the internet service sends a request to the identity management system, in which the computer generates and saves in the memory the one-time SRES password, and later initiates the phone connection with the given IMSI number, and in the CID fields in the 1AM operation, the computer places and sends to the mobile phone a one-time SRES code in the hexadecimal system. The compatibility of the code entered into the service's form displayed on the mobile's display with the generated code saved in the computer's memory, confirms in the internet service that the subscriber actually possesses the mobile phone with the IMSI declared.
The method can be used in many cases to authenticate the subscribers and information technology systems. The transmission method can be used with any phone model available on the world market thanks to the fact that it uses specifications to which the phone is destined, that is displaying the caller's number. The method allows also to check if the person trying to get access to some data is abroad and react to it appropriately, and, additionally, it allows to block numbers outside of a given area.
Abbreviations:
ACM - Address Complete Message
ANM - Answer Message
AuC - Authentication Centre
BSC - Base Station Controller
BTS - Base Transceiver Station
CA - Authentication Code
CID - Caller Identification
CLIP - Calling Line Identification Presentation
CLIR - Calling Line Identification Restriction
CPN - Calling Party Number
ETSI - European Telecommunications Standards Institute
FTP - File Transfer Protocol
GMSC - Gateway Mobile Switching Centre
HLR - Home Location Register
1AM - Initial Address Message
IMSI - International Mobile Subscriber Identity, MCC+MNC+MSIN
INS - Intelligent System Network
ISDN - Integrated Services Digital Network
ISUP - ISDN User Part
IM - Instant Messaging
ITU - International Telecommunication Union
IVR - Interactive Voice Response
Ki - ciphering key LAI - Location Area Identity
MCC - Mobile Country Code
MNC - Mobile Network Code
MSC - Mobile Switching Centre
MSISDN - Mobile Subscriber ISDN
MSRN - Mobile Station Roaming Number
M-SSP - Managed Security Service Provider
NFS - Network File System
PIN - Personal Identification Number
RADIUS - Remote Authentication Dial In User Service
RAI - Routing Area Identity
RAM - Random-Access Memory
RAND - Random Number
RNC - Radio Network Controller
SIM - Subscriber Identity Module
Smart Card - ..intelligent card", with integrated circuits e.g. SIM
SMC - Short Message Centre
SMSC - Short Message Service Centre
SNN - SIM Serial Number
SRES - Signed Response
TAN - Transaction Authentication Number
VMS - Voice Mail System
VLR - Visitor Location Register
VPN - Virtual Private Network

Claims

Patent Claims We claim:
1. The method of the transmission of a one-time code in an alphanumeric form by the computer connected to the telecommunication GSM or UMTS network after receiving by the computer the request for a one-time code, generating the one-time code and saving it into the computer's memory for the subscriber identifiable with the telephone number of the display-equipped electronic device, with which the computer routes and starts the connection via the telecommunication network, characterised in that the (Caller Identification) CID fields of the (Initial Address Message) IAM operation the computer places and sends to the electronic device the one-time code in the hexadecimal system, which is displayed by the display system of the subscriber's electronic device when it is called.
2. The method of the transmission according to claim 1 , characterised in that in the
(Caller Identification) CID fields not taken by the one-time code in the alphanumeric form the computer places and sends with the one-time code masking characters other than alphanumeric.
3. The method of the transmission according to claim 1 or 2, characterised in that the code in an alphanumeric form placed by the computer in the CID fields contains at least one masking alphanumeric character.
PCT/PL2011/000142 2011-12-22 2011-12-27 Method for transmitting a one-time code in an alphanumeric form WO2013095168A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
PLP-397500 2011-12-22
PL397500A PL397500A1 (en) 2011-12-22 2011-12-22 Method for transmitting one-time code alphanumerically

Publications (1)

Publication Number Publication Date
WO2013095168A1 true WO2013095168A1 (en) 2013-06-27

Family

ID=45607809

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/PL2011/000142 WO2013095168A1 (en) 2011-12-22 2011-12-27 Method for transmitting a one-time code in an alphanumeric form

Country Status (2)

Country Link
PL (1) PL397500A1 (en)
WO (1) WO2013095168A1 (en)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5191238A (en) 1990-11-30 1993-03-02 Grumman Aerospace Corporation Dual FET circuits having floating voltage bias
WO1995021509A1 (en) 1994-02-01 1995-08-10 Telefonaktiebolaget Lm Ericsson A method and an arrangement of handling and inspecting supplementary services intended for a mobile telephone unit
WO1998051112A2 (en) 1997-05-05 1998-11-12 Detemobil Deutsche Telekom Mobilnet Gmbh Method and device to authenticate subscribers in a mobile radiotelephone systems
WO1999018746A1 (en) 1997-10-01 1999-04-15 Detemobil Deutsche Telekom Mobilnet Gmbh Method for authenticating subscribers to a digital mobile radio network
US20030128821A1 (en) * 2002-01-04 2003-07-10 Luneau David J. Telephone network messaging
US20030204726A1 (en) * 2002-04-25 2003-10-30 Kefford Mark Gregory Methods and systems for secure transmission of information using a mobile device
US20060069916A1 (en) * 2004-09-30 2006-03-30 Alcatel Mobile authentication for network access
WO2007056838A1 (en) * 2005-11-21 2007-05-24 Bce Inc. Method, system and apparatus for announcing caller information over a television link

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5191238A (en) 1990-11-30 1993-03-02 Grumman Aerospace Corporation Dual FET circuits having floating voltage bias
WO1995021509A1 (en) 1994-02-01 1995-08-10 Telefonaktiebolaget Lm Ericsson A method and an arrangement of handling and inspecting supplementary services intended for a mobile telephone unit
WO1998051112A2 (en) 1997-05-05 1998-11-12 Detemobil Deutsche Telekom Mobilnet Gmbh Method and device to authenticate subscribers in a mobile radiotelephone systems
WO1999018746A1 (en) 1997-10-01 1999-04-15 Detemobil Deutsche Telekom Mobilnet Gmbh Method for authenticating subscribers to a digital mobile radio network
US20030128821A1 (en) * 2002-01-04 2003-07-10 Luneau David J. Telephone network messaging
US20030204726A1 (en) * 2002-04-25 2003-10-30 Kefford Mark Gregory Methods and systems for secure transmission of information using a mobile device
US20060069916A1 (en) * 2004-09-30 2006-03-30 Alcatel Mobile authentication for network access
WO2007056838A1 (en) * 2005-11-21 2007-05-24 Bce Inc. Method, system and apparatus for announcing caller information over a television link

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
GRIGOROV, THEODOR ET AL.: "SIM Cards", TELECOMMUNICATION JOURNAL OF AUSTRALIA, vol. 43, no. 2, pages 33 - 38

Also Published As

Publication number Publication date
PL397500A1 (en) 2013-06-24

Similar Documents

Publication Publication Date Title
EP0976278B1 (en) Preventing misuse of a copied subscriber identity in a mobile communication system
US8874081B2 (en) Method and system for enabling usage of mobile telephone services on a donor device
US6925560B1 (en) Pre-control of a program in an additional chip card of a terminal
EP1615097B1 (en) Dual-path-pre-approval authentication method
US20070293192A9 (en) Identification of a terminal to a server
JP2009515403A (en) Remote activation of user accounts in telecommunications networks
CN104735027B (en) A kind of safety certifying method and authentication server
US7865719B2 (en) Method for establishing the authenticity of the identity of a service user and device for carrying out the method
WO2013135898A1 (en) Mobile phone takeover protection system and method
GB2492312A (en) Authorising a transaction
JP4323089B2 (en) Procedure for accessing service in data communication system and data communication system
RU2261535C2 (en) Method and device for access to telecommunication network and for paying for telecommunication services
US10897711B2 (en) Method and a server for authenticating a user with a mobile device
US20030017822A1 (en) Method and network arrangement for accessing protected resources using a mobile radio terminal
EP1680940B1 (en) Method of user authentication
JP4897864B2 (en) Protection against CLI spoofing of services in mobile networks
US7027807B2 (en) Method for the user-initiated automatic subscription
EP1844417B1 (en) Method and system for restricted service access
US8583081B2 (en) Method for calculating a first identifier of a secure element of a mobile terminal according to a second identifier of said secure element
US20050102519A1 (en) Method for authentication of a user for a service offered via a communication system
WO2007114710A2 (en) A method and device for sim based authentification in ip networks
US20020042820A1 (en) Method of establishing access from a terminal to a server
US11762972B1 (en) System and methods for a multi-factor remote user authentication
KR101327261B1 (en) The method for providing smart-typed public phone service by using virtual universal subscribe identity module
WO2013095168A1 (en) Method for transmitting a one-time code in an alphanumeric form

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11818932

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC DATED 16.09.14

122 Ep: pct application non-entry in european phase

Ref document number: 11818932

Country of ref document: EP

Kind code of ref document: A1