[go: up one dir, main page]

WO2007036340A1 - Deblocage de cartes de telephonie mobile - Google Patents

Deblocage de cartes de telephonie mobile Download PDF

Info

Publication number
WO2007036340A1
WO2007036340A1 PCT/EP2006/009291 EP2006009291W WO2007036340A1 WO 2007036340 A1 WO2007036340 A1 WO 2007036340A1 EP 2006009291 W EP2006009291 W EP 2006009291W WO 2007036340 A1 WO2007036340 A1 WO 2007036340A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
access identifier
card
service device
mobile
Prior art date
Application number
PCT/EP2006/009291
Other languages
German (de)
English (en)
Inventor
Hermann Altschäfl
Wolfgang Rankl
Sandra Renner
Original Assignee
Giesecke & Devrient Gmbh
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Giesecke & Devrient Gmbh filed Critical Giesecke & Devrient Gmbh
Publication of WO2007036340A1 publication Critical patent/WO2007036340A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/068Authentication using credential vaults, e.g. password manager applications or one time password [OTP] applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/062Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying encryption of the keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/02Terminal devices

Definitions

  • the invention relates to methods in connection with the activation of a disconnectable mobile communication card and corresponding mobile radio cards and service facilities.
  • Mobile communication cards which are used in a corresponding mobile telecommunication terminal, provide the user with a mobile phone access to a mobile network.
  • mobile radio cards can be activated by means of a user-specific access code by entering the access code for registering the mobile radio card in the mobile radio network by the user in the telecommunications terminal.
  • the entered access code is compared with a reference access code stored on the mobile radio card.
  • PIN Personal Identification Number
  • PUK Personal Identification Number
  • the unlock key is handed out to the mobile card user by the card issuer mostly by mail when the mobile card is handed out together with the access code.
  • the user may not have access to the unlock key at his current location since he is kept in his home, for example, or the unlock key is sent thereto.
  • the invention is therefore based on the object to provide a simple way to unlock an unlockable mobile card for the case that the user of the mobile card, the access identifier is not present.
  • the principle according to the invention is based on the fact that a user deposits the access code of his mobile card in a depository procedure at a service facility. To unlock the unlockable Mobile card, he can request the stored access identifier in case of need again from the service facility.
  • the method for storing the access identifier of the mobile communication card at the service facility comprises three essential steps: First, a communication connection between a mobile telecommunication terminal, in which the user's mobile card is inserted, and a service facility is established. The access identifier of the mobile communication card is then transmitted via the communication link to the service device, where it finally stores the access identifier in a suitable memory or database.
  • the corresponding method for querying the stored access identifier likewise comprises three steps: First of all, the service device makes contact with the user of the mobile radio card. Thereafter, authentication of the user by the service device is checked to ensure that the user is also authorized to obtain the access code of the corresponding mobile communication card. Finally, the user is the stored access identifier - A -
  • the service device takes the access identifier from its memory and tells the user.
  • the storage method is preferably automatically initiated by a mobile communication card as soon as the user changes the access identifier of the mobile communication card, so that the service device always has the current access identifier of the mobile communication card.
  • a mobile radio communication connection is used, which provides a mobile telecommunication terminal into which the mobile communication card is inserted. In principle, this can be a conventional telephone connection. However, it is preferred to use non-voice mobile data communications links, such as short message transmission of the access identifier.
  • the access code can be transmitted in encrypted form and deposited with the service facility.
  • the mobile radio card comprises a cryptographic device which encrypts the access code with the aid of an encryption key.
  • the encryption key preferably corresponds to a response of the user to an agreed security question or is based at least on such a response.
  • Such a security question may be a question of information easily reproducible to the user but difficult to obtain for third parties, e.g. according to personal data of the user or the like.
  • the security question can be provided by the service facility - for example, by being selected from a list of possible security queries. is selected - and sent to the user for encrypting the access ID by the mobile phone card.
  • the user can select a security question which seems suitable to him and notify them via a keypad of the telecommunication terminal of the mobile radio card or simply remember the security question.
  • the mobile radio card can send the security question together with the encrypted access identifier of the service device for later use.
  • the mobile radio card for encrypting the access code requests the user by means of a request signal to the telecommunication terminal to provide the answer to the security question.
  • the security question is on the cellular phone card, it may be displayed to the user on a display of the telecommunications device to subsequently enter the answer via a keypad. The entered answer is finally forwarded via suitable interfaces to the mobile phone card used.
  • the response can be used directly as an encryption key by a cryptographic device of the cellular card to encrypt the access identifier. It is also possible that the answer represents only the basis for an encryption key and the encryption key is formed by an arithmetic unit of the mobile communication card by calculating a hash value of the response.
  • a user is assigned to the service device each time an access code is transmitted to the service device by means of a corresponding request.
  • Request signal from the mobile card prompted to provide a new security question and answer.
  • This new security question is then preferably transmitted to the service device together with the then encrypted access code.
  • the encryption method used by the cryptographic device of the cellular card is a symmetric or asymmetric method.
  • a symmetric method is used so that encryption keys and a decryption key used later for decrypting the encrypted access identifier are identical.
  • an authentication of the user is checked after establishing a communication connection to the service device.
  • the user of the service device with authentication data for example, the deposited at the conclusion of the mobile contract personal data or passwords, which are compared by the service facility with their existing reference data. If there is a match, the user is deemed to be authorized and the access ID requested by him is communicated to him.
  • the communication between the user / telecommunication terminal and the service facility is handled via a corresponding communication interface of the service facility.
  • a communication interface may be a conventional telephone interface.
  • the user calls the service facility and makes his authentication by telephone, with the access code also being called by telephone.
  • it is preferred at least with the Transmission of the access identifier from the service device to the mobile card in connection related communication by means of a non-voice, mobile radio data communication to perform, preferably by sending and / or receiving short messages.
  • the mobile card In order to allow the user to use his mobile telecommunication terminal, although the mobile card inserted therein is not enabled, the mobile card supports an identification request mode, which makes it possible to set up a communication connection to the service facility for the purpose of requesting the access identifier even if the mobile card is not unlocked. Since all other mobile radio connections (apart from emergency numbers) continue to be blocked in the identification request mode, this mode does not affect the security of a non-activated mobile communication card.
  • a control device of the mobile card switches immediately in the identification mode acquisition as soon as the wireless card is no longer enabled, that is, when the user books, for example, by switching off his telecommunications terminal from the mobile network.
  • the requested access identifier is encrypted at the service device, wherein the encryption was performed by a cryptographic device of the mobile communication card when depositing the access identifier by means of an encryption key.
  • the encryption key is formed as a hash value of a response of the user to the predetermined security question formed by an arithmetic unit of the mobile radio card. If a symmetric encryption method with identical encryption and is used by the service device encrypted sent to the mobile card access code using the answer to the security question can be decrypted.
  • the security question is transmitted from the service device together with the encrypted access identifier to the mobile communication card.
  • the mobile radio card After receiving the encrypted access code and the security question, the mobile radio card sends a request signal comprising the security question to the telecommunication terminal via a corresponding interface in order to request the user, for example via a display device of the telecommunication terminal, to enter an answer to the security question.
  • the access identifier received encrypted by the mobile communication card can then be decrypted by the user entering the answer to the security question and calculating therefrom a hash value which is used as a decryption key.
  • the encrypted access code on the service device is already decrypted by the service device and the mobile radio card is transmitted in decrypted form.
  • the service facility must obtain the answer to the security question from the user in order to perform the decryption. If the security question is present on the service device, this can be transmitted by means of a short message to the telecommunication terminal of the user. The user then sends the answer, also as a short message, back to the service facility. If the security question is not present on the service device, the user can already provide the answer in the context of the request signal to the service device send the service facility to provide the access code.
  • An erroneous service counter of the mobile communication card which counts the number of incorrectly entered access identifiers, is initialized upon provision of an access code by the service device.
  • the maximum number of possible false access identification entries before the mobile communication card is disabled is greater than three, so that a user remembers at the latest at the third incorrect entry of an access identifier that the access identifier is deposited with the service facility.
  • a mobile radio card comprises, in addition to a control device, a communication interface for data communication with a telecommunications terminal and a memory for holding the access identifier deposit means which is preferably automatically activated by the control device as soon as the user changes the access identifier of his mobile card.
  • the deposit device then handles all communication steps and initiates all further calculation steps, for example the cryptography device or the arithmetic unit, in order to deposit the access code as transparently as possible for the user at the service device by means of a short message.
  • a service device may be a fully automatic device operated by a card issuer and / or mobile radio network operator and contactable via remote communication means, or may be staffed by a service person.
  • the authentication required when retrieving a stored access identifier is preferably carried out by telephone by remote-activating the user's authentication data. be compared and compared with stored in the memory reference data. Under certain circumstances, the authentication step can also be automated in that the authentication data are received by a voice computer of the service device, converted into alphanumeric characters and compared with present reference data.
  • the service device additionally comprises a data communication interface which is set up to receive short messages from a mobile communication card and to further process their contents, for example a decryption key, a security question and / or their answer or an access identifier.
  • the service device furthermore also comprises a cryptography device and an arithmetic unit, at least in the event that a decryption key is generated for decrypting an encrypted present access identifier. If the user of the service device for decryption only provides the answer to a security question, the arithmetic unit is used to form a hash value of the answer as a decryption key.
  • the various data available to the service facility - reference data, access code and possibly security question - are stored in a memory or a specialized database of the service facility linked such that based on the reference data directly the current encrypted or unencrypted access identifier and / or that security question can be determined whose reply was used to encrypt the stored access code.
  • the invention is not limited to certain telecommunications terminals, specifications of mobile radio cards or certain mobile radio networks. However, it is particularly suitable for use in conjunction with SIM or USIM mobile communication cards, the access identifier being a PIN.
  • FIG. 1a shows the basic procedure of depositing an access code of a mobile communication card on a service device
  • FIG. 1 b shows the basic method sequence of requesting an access code by a mobile communication card
  • FIG. 2 shows a mobile radio card configured according to the invention
  • FIG. 3 shows a service device configured according to the invention
  • FIGS. 4a and 4b show two alternative embodiments for storing an access identifier on a service device
  • FIGS. 5a and 5b show two alternative embodiments for requesting a
  • a mobile phone card may be inaccessible to a user in two different ways: on the one hand, the mobile phone card may be disabled, for example, because an erroneous operation counter has already reached a predetermined maximum number of faulty access identification inputs, so that the user can no longer unlock the mobile card with the access code.
  • the access code may indeed be valid, but the user has not existed or forgotten, so that the mobile phone card can not be easily unlocked in this case.
  • the following methods and devices relate primarily to the latter forgotten access scenario scenario by providing ways to request a forgotten access identifier at a service facility and to re-enable the cellular card with it.
  • the technical teaching explained below also has an effect on the former scenario of the blocked access code / mobile communication card, since this need no longer occur with consistent application of the present invention. Because a user usually has always the opportunity to request a forgotten access identifier early and so escape the blocking of the mobile card by incorrect entry of the access code.
  • the maximum number of possible erroneous identifier inputs above which an access identifier becomes invalid and the card is disabled may be set to a value greater than three, thereby reducing the likelihood of invalid access identifiers.
  • the inventive mobile radio card 1 shown in FIG. 2 can deposit an access identifier 12 of the mobile radio card 1 on the service device 20 by interacting with the service device 20 according to the invention shown in FIG. 3 by means of the deposit method sketched in FIG.
  • the stored access identifier can then be using the Requirement method outlined in Figure Ib are requested again by the user.
  • the teaching according to the invention is subdivided into a deposit method (FIG. 1 a) and a request method (FIG. 1 b).
  • the depositing procedure after a contact (CONTACT) has been established in step S10, the access identifier 12 of the mobile communication card 1 is transmitted to the service device 20 between the user or a mobile telephone and the service device 20 used by him / her in step S20 and deposited there in step S30 (STORE PIN).
  • the service device 20 stores the received access identifier 26 in a dedicated memory 21 or a specialized database so that it can be easily found when requested by the user.
  • the corresponding request method in FIG. 1b likewise comprises three basic steps.
  • step S40 a communication connection between the user or a mobile phone into which the mobile communication card 1 is inserted and the service device 20 is established (CONTACT), whereupon the user authenticates (AUTHENTIFICATION) in step S50 in order to assert his entitlement to the service device 20 prove to be allowed to accept the stored access identifier 26 of the mobile communication card 1.
  • step S60 the access identifier is transmitted from the service device 20 to the mobile communication card 1 and received by the user (OBTAIN PIN).
  • a mobile communication card 1 comprises a processor 2 (CPU), a memory arrangement 4, 5, 6 and a communication interface 3, which carries out a data exchange with a mobile telephone in which the mobile communication card 1 is inserted.
  • the memory arrangement of a conventional chen mobile phone card 1 usually comprises three different types of memory, a permanent ROM memory 4, a rewritable EEPROM memory 5 and a volatile RAM memory 6.
  • ROM memory 4 of the mobile communication card 1 are important for the operation of the mobile communication card 1 filed by the processor 2 executable programs and the system software, since these components do not change during the lifetime of a mobile communication card 1.
  • a control device 7 (CNTL), a deposit device 8 (DEPOSIT), a cryptography device 10 (CRYPT) and an arithmetic unit 11 (ALU) are stored in the ROM 4, the control device 7 having an identification request mode 9 (MODE) supported.
  • MODE identification request mode 9
  • EEPROM memory 5 it is also possible to deposit the depositing device 8, the cryptography unit 10 or the arithmetic unit 11 in the EEPROM memory 5 as applications, for example to enable a card issuer to replace these software modules with updated algorithms.
  • EEPROM memory 5 are in addition to the application programs for the operation of the mobile communication card 1 important data. These are in the context of the present invention, in particular the access identifier 12 (PIN), the misoperation counter 14 (ERR.CNTR) and optionally a security question 13 (QUEST).
  • the service device 20 according to the invention outlined in FIG. 3 comprises a memory 21 for storing user-specific data 25, 26, 27, a communication interface 28 for communication with a mobile telephone, as well as functional devices 22, 23, 24.
  • the functional devices are preferably designed as program modules which from a processor 29 (CPU) of the service facility 20 can.
  • the service device 20 is a computer or server or at least includes important components of a computer.
  • the functional devices of the service device 20 include in particular a control device 22 (CNTL), a cryptography device 23 (CRYPT) and an arithmetic unit 24 (ALU).
  • the memory 21 may be a specialized database holding various user-specific data linked together.
  • reference data 25 REF. DATA
  • access identifiers 26 PIN
  • security questions 27 QUEST
  • Such data may be collected by an operator of the service device 20, for example, in the context of the signing of a mobile phone contract by the user.
  • FIG. 4 and 5 show alternative embodiments of the deposit and request procedure.
  • the main steps illustrated in FIG. 1 are taken up and supplemented by further steps, in particular the encryption and decryption of the access identifier.
  • the step numbers in the individual figures are not continuous.
  • FIGS. 4a and 4b show two alternative embodiments of the basic deposit method sketched in FIG. 1a.
  • An access code 12 of the mobile communication card 1 is thereby by means of a mobile phone 30, in which the mobile communication card 1 is used, encrypted transmitted to the service device 20, wherein the encryption of the access identifier 12 is performed by the Kryptogfaphie Sk 10 of the mobile communication card 1 using an encryption key.
  • the encryption key is generated at the behest of the controller 7 extra for the encryption of the access identifier 12 by presenting the user with a previously agreed or determined security question 13/27 whose response serves as the basis for the generation of an encryption key.
  • Such a security question 13/27 is preferably an easy-to-note question whose answer, if possible, has a personal relationship with the user and which possibly only the user knows.
  • the security question 13 may concern a favorite color of the user, the maiden name of the mother, or the like.
  • step S1 The storage method (steps S1, S6, S7, S8, S9, S10 / S20, S30) outlined in FIG. 4a is automatically initiated in step S1 by the control device 7 of the mobile communication card 1 as soon as the user changes the access identifier 12 of the mobile communication card 1.
  • the deposit device 8 activated by the control device then causes the access code 12 to be encrypted by the cryptographic device 10 in step S6.
  • the user's response to the security question 13 in the EEPROM memory 5 of the mobile communication card 1 is obtained in step S7.
  • a security question 13 comprehensive request signal is sent via the communication interface 3 of the mobile card 1 to the mobile phone 30, which displays the security question on a display 31 of the mobile phone 30, such as an LCD display, and the receives corresponding input from the user via a keypad 32 of the mobile phone 30 and forwards it to the control device 7.
  • the answer is usually a sequence of variable-length alphanumeric characters. From this string, the arithmetic unit 11 calculates a hash value in step S8, which the cryptographic device 10 uses in step S9 as an encryption key for encrypting the access identifier 12.
  • step S10 / S20 the encrypted access identifier is finally transmitted by the mobile communication card 1 via the mobile telephone 30 and a data communication interface 28 of the service device 20 by short message (SMS, MMS).
  • SMS short message
  • MMS short message
  • the control device 22 of the service device 20 receives the encrypted access identifier and deposits it in the memory 21 as a stored access identifier 26 in step S30.
  • the hash value generated in step S8 is generated by a so-called one-way function which uniquely and reproducibly maps an input string, for example the answer to security question 13, to a fixed-length hash string.
  • the input string is not derivable from the hash string, so that the response is protected from decoding, even if the corresponding hash value is transmitted using insecure communication means.
  • the security question 13 is sent to the service device 20 and likewise stored there in the memory 21. This has the meaning that when retrieving the stored access identifier 26 the user can be presented with a stored security question 27 for determining a decryption key from the answer to the security question 27.
  • step S10 a user then contacts the service device 20 by telephone and then, possibly after an identification dialog, calls the access code in step S20.
  • step S30 the encrypted access identifier 12 received by the service device 20 is stored in the memory 21 as a stored access identifier 26.
  • the access identifier 26 linked to further user-specific data of the user, for example reference data 25 of the user, which serve for its authentication when retrieving the stored access identifier 26, or other individual data, such as the mobile telephone number and a Mobile radio serial number.
  • FIG. 4b illustrates an alternative embodiment of the deposit method according to the invention (steps S1, S2, S3, S6, S7, S8, S9, S10 / S20, S30) in which the security question 27 required for encryption does not exist on the mobile telephone 30, but only on the service device 20 is known.
  • the security question 27 may have been selected by the user, but on the other hand, it may also be provided by the service device 20 by selecting, for example, a security question from a predetermined list with sufficiently individual security questions.
  • a change signal (SIG) from the mobile communication card 1 via the mobile phone in step S2 30 and the communication interface 28 is transmitted to the service device 20, with which the service facility 20 is informed that a changed access identifier 12 is to be stored in the memory 21.
  • the service facility 20 transmits the security question 27 present to it to the mobile communications card 1 in step S3, where in steps S6, S7, S8 and S9 it fetches a response to the received security question 27 analogously to FIG. 4a and to encrypt the access identifier 12 used.
  • step S10 / S20 the encrypted access identifier 12 is sent to the service device 20, where it is stored by the control device 22 in the memory 21 together with the security question 27.
  • This variant is particularly useful if, for security reasons, it is provided that a new, individual security question 27 is used to encrypt a changed access identifier 12. The user is then prompted to always provide new encryption keys due to changing answers to new security questions.
  • a symmetric cryptography method is used to encrypt and decrypt the access identifier 12, 26, for example the known DES or 3DES method or the IDE A algorithm.
  • encryption and decryption keys are identical, so that in the present invention an encrypted access identifier 26 can be decrypted again when the security question 13, 27 is answered by the user already used to encrypt the access identifier 12.
  • FIGS. 5 a and 5 b outline two alternative embodiments of a corresponding request method according to FIG. 1 b, in which a user stores an encrypted access stored on a service device 20.
  • gang identifier 26 of the mobile communication card 1 via a (voice or data) communication connection with a mobile phone 30 requests, in which the mobile card 1 is inserted.
  • the first-described steps S40, S48, S49, S50 are the same in both methods.
  • a user determines that he has forgotten the access identifier 12 for enabling the mobile card 1 or for logging into a mobile network, he can initiate a method for requesting the encrypted stored on the service device 20 access identifier 26 with his mobile phone 30, although the mobile card is not unlocked.
  • This is made possible by an identification request mode 9 supported by the control device 7 of the mobile communication card 1, which is always activated by the control device 7 when the mobile communication card 1 is not activated, ie is not logged in a mobile radio network.
  • this identification request mode 9 a non-activated mobile communication card 1 is blocked for all mobile services, except for contact with the service device 20 for the purpose of requesting the stored access code 26.
  • a request signal (SIG1) is then generated by the control device 7 of the mobile communication card 1, and transmitted to the service device 20 via a mobile radio connection.
  • This request signal may, for example, also simply be the dialing of the telephone number of the service device 20, so that the user can present his request by telephone there.
  • the requesting process is not limited to any particular form of communication.
  • any other suitable communication can be provided. be used cation form, in particular a Konieren with another (eg public) telephone or E-Mail.
  • step S48 the user is requested by the control device 22 of the service device 20 to provide authentication data (AUTH) by means of a request signal (SIG2). These are transmitted to the service device 20 in step S49, and compared in step S50 with the reference data 25 present in the memory 21 of the service device 20. If the provided authentication data and the stored reference data 25 match, the user has verified his authorization and the stored encrypted access identifier 26 is subsequently output to him.
  • AUTH authentication data
  • SIG2 request signal
  • the process of authenticating over a telephone connection can be carried out by telephone, in which the user communicates his authentication data to the service device 20 by telephone
  • the actual transmission of the access identifier 26 after step S50 is preferably carried out via an analog or digital data communication connection.
  • the data communication steps required to transmit the access identifier 26 are carried out by means of short messages, which can be automatically evaluated and processed.
  • FIGS. 5a and 5b differ in that, in alternative 5a, the encrypted access identifier 26 is located on the Service device 20 decrypted and unencrypted to the mobile communication card 1 is transmitted (further steps S55, S56, S57, S58, S59, S60, S64), while in the alternative of Figure 5b, the encryptedcontentken- tion 26 only after the transfer to the mobile communication card is decrypted by this (further steps S60, S61, S62, S63, S64).
  • the answer to the security question 27 present for the service device 20 is obtained by the security question 27 first being transmitted to the mobile communication card 1 in step S 55 and being directed there by the control device 7 of the mobile communication card 1 to the user in step S 56, for example, by displaying the security question 26 on the display 31 of the mobile phone 30.
  • the response (AW) of the user is accepted by the controller 7 and finally sent to the service device 20 in step S57.
  • a hash value of the received response is formed by an arithmetic unit 24 which is used as a decryption key by a cryptographic device 23 of the service device 20 to decrypt the encrypted access identifier 26 in step S59.
  • the mobile radio card 1 can also form a hash value of the user's answer by means of its arithmetic unit 24 and transmit the hash value as decryption key to the service device 20. It is also possible that in step S55 the user does not receive a security question 27 which is present to the service device 20, but instead is only prompted by means of a corresponding signal to answer a security question 13 known to him.
  • the decrypted access identifier is transmitted in step S60 to the mobile communication card 1 and activated there by the controller 7 in step S64 and communicated to the user for further use. This message can be prompted by a notification signal comprising the access identifier to the mobile telephone 30, whereby either the access identifier 26 is displayed on a display device 31 of the mobile telephone 30, or an automatic voice prompt is generated, which the user can listen to.
  • the encrypted access code 26 is transmitted in encrypted form to the mobile communications card 1 in step S60, possibly together with the security question 27 stored in the memory 21.
  • step 61 the user is asked to answer the security question 13, 27, wherein it is possible that the security question is stored neither on the service device 20 nor in the mobile phone card 1, so that the user must be able to remember which security question was used when depositing the access identifier 26.
  • step 62 the arithmetic unit 11 of the mobile communication card 1 forms a hash value of the answer to the security question 13, which is used as decryption key for decrypting the encrypted access identifier 26 in step S63.
  • step S64 the access identifier 26 is activated by the controller 7 and communicated to the user.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)
  • Telephone Function (AREA)

Abstract

Selon la présente invention, un utilisateur d'une carte de téléphonie mobile (1) pouvant être débloquée au moyen d'un code d'accès (12; 26) est autorisé à débloquer sa carte de téléphonie mobile (1) en cas d'oubli ou de non-existence du code d'accès (12) en demandant ce code d'accès (12) auprès d'un système de service (20). A cette fin, le code d'accès (12) est d'abord enregistré par l'utilisateur auprès du système de service (20), puis l'utilisateur peut demander le code d'accès enregistré (26) auprès du système de service (20) dans la mesure où il s'authentifie correctement auprès du système de service. Il est possible de chiffrer la transmission du code d'accès (12; 26) effectuée à partir d'un terminal de télécommunication (30) de l'utilisateur jusqu'au système de service (20) lors de l'enregistrement, mais également à partir du système de service (20) jusqu'à la carte de téléphonie mobile (1) lors d'une demande. Un procédé de cryptographie symétrique est de préférence alors mis en oeuvre et la clé de chiffrement et de déchiffrement est constituée d'une valeur de hachage d'une réponse de l'utilisateur à une question de sécurité convenue (13; 27).
PCT/EP2006/009291 2005-09-26 2006-09-25 Deblocage de cartes de telephonie mobile WO2007036340A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE102005045886.6 2005-09-26
DE102005045886A DE102005045886A1 (de) 2005-09-26 2005-09-26 Entsperren von Mobilfunkkarten

Publications (1)

Publication Number Publication Date
WO2007036340A1 true WO2007036340A1 (fr) 2007-04-05

Family

ID=37633619

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2006/009291 WO2007036340A1 (fr) 2005-09-26 2006-09-25 Deblocage de cartes de telephonie mobile

Country Status (2)

Country Link
DE (1) DE102005045886A1 (fr)
WO (1) WO2007036340A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2833598A1 (fr) 2013-07-31 2015-02-04 Giesecke & Devrient GmbH Transmission d'un code d'accès

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2584514A1 (fr) * 1985-07-05 1987-01-09 Casio Computer Co Ltd Systeme d'identification personnelle utilisant une carte a circuit integre
WO1997011443A1 (fr) * 1995-09-18 1997-03-27 Telefonaktiebolaget Lm Ericsson (Publ) Procede et dispositif pour l'authentification d'utilisateur
DE20100604U1 (de) * 2001-01-15 2001-08-23 Blumenfeld, Nikolai, 54439 Saarburg Schutzeinrichtung des Mobilverbindungsapparates
EP1429229A1 (fr) * 2002-11-27 2004-06-16 Activcard Ireland Limited Debloquage authentifie à distance d'un numero d'identification personnel

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2584514A1 (fr) * 1985-07-05 1987-01-09 Casio Computer Co Ltd Systeme d'identification personnelle utilisant une carte a circuit integre
WO1997011443A1 (fr) * 1995-09-18 1997-03-27 Telefonaktiebolaget Lm Ericsson (Publ) Procede et dispositif pour l'authentification d'utilisateur
DE20100604U1 (de) * 2001-01-15 2001-08-23 Blumenfeld, Nikolai, 54439 Saarburg Schutzeinrichtung des Mobilverbindungsapparates
EP1429229A1 (fr) * 2002-11-27 2004-06-16 Activcard Ireland Limited Debloquage authentifie à distance d'un numero d'identification personnel

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2833598A1 (fr) 2013-07-31 2015-02-04 Giesecke & Devrient GmbH Transmission d'un code d'accès
DE102013012791A1 (de) 2013-07-31 2015-02-05 Giesecke & Devrient Gmbh Übermittlung einer Zugangskennung

Also Published As

Publication number Publication date
DE102005045886A1 (de) 2007-04-12

Similar Documents

Publication Publication Date Title
EP3416140B1 (fr) Procédé et dispositif d'authentification d'un utilisateur sur un véhicule
DE60114986T2 (de) Verfahren zur herausgabe einer elektronischen identität
DE60027701T2 (de) Ein verfahren für sichere weiterreichung
DE602004000695T2 (de) Erzeugung von asymmetrischen Schlüsseln in einem Telekommunicationssystem
DE60017292T2 (de) Authentifizierungsverfahren zwischen einem Teilnehmer und einem Dienstleister, der durch einen Netzbetreiber erreichbar ist, mittels Bereitstellung eines gesicherten Kanals
DE102013215303A1 (de) Mobiles elektronisches Gerät
EP2289016A2 (fr) Utilisation d'un appareil de télécommunication mobile comme carte de santé électronique
DE19812215A1 (de) Verfahren, Mobilstation und Funk-Kommunikationssystem zur Steuerung von sicherheitsbezogenen Funktionen bei der Verbindungsbehandlung
WO1998039875A2 (fr) Procede permettant d'introduire une cle de service dans un terminal et dispositifs correspondants
EP1285549B1 (fr) Procédé pour établir une liaison entre un terminal et un réseau téléphonique mobile de desserte, et réseau téléphonique mobile et terminal pour la mise en oeuvre de ce procédé
DE102011075257B4 (de) Beantwortung von Anfragen mittels des Kommunikationsendgeräts eines Nutzers
EP2677791B1 (fr) Procédé et dispositif de détermination d'une demande de contrôle à un module d'identification
WO2021228537A1 (fr) Procédé de couplage d'un moyen d'authentification à un véhicule
WO2007036340A1 (fr) Deblocage de cartes de telephonie mobile
EP1935202B1 (fr) Deblocage de cartes de telephonie mobile
WO2014117939A1 (fr) Procédé d'accès à un service d'un serveur par l'intermédiaire d'une application d'un terminal
DE102021109253B4 (de) Verfahren zum login eines autorisierten nutzers auf ein gerät, insbesondere auf ein gerät für eine energieerzeugungsanlage, und energieerzeugungsanlage mit gerät
EP2481183A1 (fr) Procédé pour établir un canal de communication sécurisé
EP2933769B1 (fr) Procédé de transaction
DE102005003208B4 (de) Authentisierung eines Benutzers
DE102004063393B3 (de) Verfahren zur Überprüfung der Identität einer ersten Entität gegenüber einer anderen Entität in einem System sowie System zum Durchführen des Verfahrens
DE102019200925A1 (de) Verfahren und Vorrichtung zur Erzeugung und Überprüfung eines Einmal-Kennworts
DE102005033228B4 (de) Verfahren und Sicherungssystem zur Sicherung einer Datenübertragung in einem Kommunikationssystem
DE10218943A1 (de) Verfahren und Vorrichtung zur Implementierung eines Sicherheitssystems durch Verteilung von Authentifikationsinformationen über wenigstens ein Mobilfunknetz
DE4335161A1 (de) Verfahren und Anlage zur Authentisierung von über ein Telefonnetz herstellbaren Verbindungen

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 06805850

Country of ref document: EP

Kind code of ref document: A1