[go: up one dir, main page]

WO2020141561A1 - Method and system for transmission of secure information to a hand-held device - Google Patents

Method and system for transmission of secure information to a hand-held device Download PDF

Info

Publication number
WO2020141561A1
WO2020141561A1 PCT/IN2020/050013 IN2020050013W WO2020141561A1 WO 2020141561 A1 WO2020141561 A1 WO 2020141561A1 IN 2020050013 W IN2020050013 W IN 2020050013W WO 2020141561 A1 WO2020141561 A1 WO 2020141561A1
Authority
WO
WIPO (PCT)
Prior art keywords
information
subscriber
gateway
translated
mobile station
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/IN2020/050013
Other languages
French (fr)
Inventor
Ashiesh SHUKLA
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Publication of WO2020141561A1 publication Critical patent/WO2020141561A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • H04L67/565Conversion or adaptation of application format or content
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/08Protocols for interworking; Protocol conversion
    • H04L69/085Protocols for interworking; Protocol conversion specially adapted for interworking of IP-based networks with other networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]

Definitions

  • the present invention relates to a method for transmission, and more particularly, to a method of transmitting secure information to a hand held device.
  • a method for transmitting secure information to a hand held device comprises providing by a gateway a transfer protocol to an information provider for transmitting user information from the information provider to the gateway.
  • the method also provides for converting by the gateway subscriber information to a translated information using a pre-shared key.
  • the method further illustrates providing by the gateway the translated information to a mobile station.
  • the mobilisation thereafter identifies the subscriber identity module based on the translated information to which the information into be transmitted.
  • the mobile station then transmits the user information to the subscriber module.
  • the subscriber module then transmits the information to a client application.
  • the subscriber identity module transmits the translated user information to the client application based on a TAR (Toolkit Application Reference) value.
  • the converted information to a mobile station comprises providing the translated user information over a telecom service provider.
  • translating the information comprises, encrypting by the gateway the subscriber information using the pre-shared key, and adding a GSM (Global Sytem for Mobile Communication) header to the encrypted information.
  • GSM Global Sytem for Mobile Communication
  • Fig. l illustrates a block diagram depicting GSM architecture, according to an exemplary implementation of the present invention.
  • FIG. 2 illustrates a communication system for transmitting secure information to a hand held device, according to an exemplary implementation of the present invention.
  • FIG. 3 illustrates a flow chart of transmitting secure information to a hand held device.
  • Fig. l illustrates a block diagram depicting GSM architecture, according to an exemplary implementation of the present invention.
  • GSM Global System for Mobile communications
  • GSM Global System for Mobile communications
  • a GSM digitizes and reduces the data, then sends it down through a channel with two different streams of client data, each in its own particular time slot.
  • the digital system has the ability to carry data at different rates.
  • a GSM network consists of the following components, a hand held device, a mobile station, a base station subsystem and a network subsystem.
  • a hand held device The hand lead device consists of the transceiver, the display and the processor and is controlled by a SIM card and client applications operating over the network.
  • a mobile station (MS) (104) communicates across the air interface with a base station transceiver in the same cell in which the mobile subscriber unit is located.
  • the MS (104) communicates the information with the user on a hand held device, and modifies it as per the transmission protocols to communicate with a Base Station Subsystem (BSS).
  • BSS Base Station Subsystem
  • the user’s voice information is interfaced with the MS through a microphone and speaker for the speech, keypad, and display for short messaging, and the cable connection for other data terminals.
  • the hand held device refers to the physical device, which comprises of a transceiver, digital signal processors, and the antenna.
  • the hand held device consists of the GSM Subscriber Identity Module (SIM) (102).
  • SIM GSM Subscriber Identity Module
  • the GSM network consists of a Base Station Subsystem (BSS), the BSS acts as an interface between the mobile station and a network subsystem.
  • BSS Base Station Subsystem
  • BTS Base Transceiver Subsystem
  • BSC Base Station Controller
  • the interface that connects a BTS (106, 108) to a BSC (110, 112) is called the A-bis interface.
  • the interface between the BSC and the MSC is called the A interface, which is standardised within the GSM.
  • the (BTS) contains the radio transceivers and handles the protocols for communication with mobiles. It also consists of a Base Station Controller which controls the Base Transceiver Station and acts as an interface between the mobile station and mobile switching centre. Each Base Transceiver Station defines a single cell. A cell can have a radius of between 100m to 35km, depending on the environment the range can be enhanced to decreased.
  • the Base Station Controller may be connected with a BTS. It may control multiple BTS units and hence multiple cells.
  • the GSM architecture also describes a Network Subsystem (NSS) (113).
  • NSS Network Subsystem
  • the Network Subsystem provides the basic network connection to the mobile stations.
  • the basic part of the Network Subsystem is the Mobile Service Switching Centre which provides access to different networks like ISDN, PSTN etc. It also consists of the Home Location Register HLR (114) and the Visitor Location Register VLR (116) which provides the call routing and roaming capabilities of GSM. It also contains the Equipment Identity Register which maintains an account of all the mobile equipments wherein each mobile is identified by its own 1MEI number. IMEI stands for International Mobile Equipment Identity.
  • the NSS is responsible for the network operation.
  • the NSS (113) provides the link between the cellular network (also known as the gateway) and the Public switched telecommunicates Networks (PSTN or ISDN or Data Networks).
  • PSTN Public switched telecommunicates Networks
  • the NSS (113) controls handoffs between cells in different BSSs, authenticates user and validates their accounts, and includes functions for enabling worldwide roaming of mobile subscribers.
  • the switching subsystems formed within the mobile service switching centre consists of:
  • HLR Home Location register
  • VLR Visitor Location Register
  • the NSS has one hardware, Mobile switching center and four software database element, namely the Home location register (HLR) (114), the Visitor Location Register (VLR) (116), and the Authentications center (Auc) and the Equipment Identity Register (EIR) (120).
  • the MSC (118) performs the switching function of the system by controlling calls to and from other telephone and data systems.
  • the controlling function of the MSC includes functions such as network interfacing and common channel signalling.
  • the HLR as disclosed above is database software that handles the management of the mobile subscriber’s account namely the hand held device’s account. It stores the subscriber address, service type, current locations, forwarding address, authentication/ciphering keys, and billings information.
  • the SIM card is identified with an International Mobile Subscribes Identity (IMSI) number that is totally different from the ISDN telephone number.
  • IMSI International Mobile Subscribes Identity
  • the HLR is the reference database that permanently stores data related to subscribers, including subscriber’s service profile, location information, and activity status.
  • the VLR is a temporary database software similar to the HLR identifying the mobile subscribers visiting inside the coverage area of an MSC.
  • the VLR assigns a Temporary mobile subscriber Identity (TMSI) that is used to avoid using IMSI on the air.
  • TMSI Temporary mobile subscriber Identity
  • the visitor location register maintains information about mobile subscribers that is currently physically in the range covered by the switching center.
  • LA Local Area
  • the current location is automatically updated in the VLR.
  • the VLR connected to the MSC will request data about the mobile stations from the HLR.
  • the entry on the old VLR is deleted and an entry is created in the new VLR by copying the database from the HLR.
  • the AuC database holds different algorithms that are used for authentication and encryptions of the mobile subscribers that verify the mobile user’s identity and ensure the confidentiality of each call.
  • the AuC holds the authentication and encryption keys for all the subscribers in both the home and visitor location register.
  • the EIR (120) is another database that keeps the information about the identity of mobile equipment such as the International mobile Equipment Identity (IMEI) that reveals the details about the manufacturer, country of production, and device type. This information is used to prevent calls from being misused, to prevent unauthorized or defective mobile switching, to report stolen mobile phones or check if the mobile phone is operating according to the specification of its type.
  • IMEI International mobile Equipment Identity
  • SIM card technology is one of the most popular technology which is used in hand held devices and is used to activate the connection and to communicate and for making links with the server system and also used in various electrical and electronic projects. It is the Subscriber Identity Module that contains the integrated circuit to store the International Mobile Subscriber Identity or IMSI and the keys to identify and authenticate the subscribers on the communication system.
  • the SIM is embedded in a smart card that can be removed and transferred to different mobile phones.
  • SIM cards allow the storage of application data that communicate with the handset or server using the SIM application tool kit.
  • the SIM card stores network specific information to authenticate the identity of the subscriber in the network.
  • the SIM may contain other data like Short Message Service Centre number or SMSC, Service Provider Name or SPN, Service Dialing Number or SDN, Value Added Service or VAS, etc.
  • the SIM card performs the function of identifying the subscriber, the IMSI programmed on the SIM card, is the identity of a subscriber. Each IMSI is mapped to a mobile number and provisioned on the HLR to allow a subscriber to be identified.
  • the SIM card further performs the authentication of the subscriber. The authentication process uses the authentication engine on the SIM card, a unique response is provided by each subscriber based on IMSI (stored on SIM) and a Random Number RAND as provided by the network. By matching this response with values computed on the network a legal subscriber is logged on to the network and he or she can now make use the services of the mobile service provider. SIM card is becoming a feature of mobile work.
  • the SIM card also functions to store phone numbers and SMS.
  • the SIM card module is configured to provide for applications using the SIM card tool kit or GSM 11.14 standard or any other well known operating tool kit for creating of client applications.
  • Applications on the SIM provide basic information on demand and other Applications for m-commerce, chatting, cell broadcast, phonebook backup etc. provide added functionalities to the SIM card module.
  • the above disclosure generally illustrates the functioning of GSM communication with a hand held device and the SIM card.
  • the above disclosure nowhere limits a person skilled in the art to modify the communication to achieve the desired functionality.
  • the present disclosure is focused towards providing a mechanism which addresses the problems defined in the background of the present disclosure.
  • the invention is a method and a system to deliver critical information in a telecommunication network to user terminals, via SIM Card, especially for delivering information to mobile stations, using a super secure channel.
  • the method according to the invention is performed in a telecommunication network.
  • the method broadly comprises of an information provider such as banks etc. that deliver user information.
  • the method provides for means for converting the user information to a secure form namely the translated information.
  • the method provides for sending the translated information to a hand held device.
  • the hand held device to which the information is delivered is provided with a SIM Card Module which receives the translated information and passes the information to a client application, where the client application is incorporated in the SIM card.
  • the client application is incorporated on the SIM card and is configured to receive the information and display to user in an appropriate manner by authenticating user with a PIN and storing the information in a data store on SIM Card in a secure form.
  • the hand held device also known as the client terminal in such systems is usually a mobile phone, and the means for converting the information from one form to another secure form is a gateway.
  • FIG. 2 illustrates a communication system for transmitting secure information to a hand held device, according to an exemplary implementation of the present invention.
  • the information provider i.e. providers such as banks etc. send critical information to users on their hand held device for various types of transactions.
  • This critical information passes through various levels of nodes in the GSM communication system.
  • Various malware activities have nowadays comprised the security of such critical information. Accordingly, the present disclosure provides a secure way to transmit such information.
  • the critical information known as InformationOriginal is sent from the information provider (202) to a Gateway (204).
  • the gateway is provided with the service provider Channel between Information Provider and Gateway is secure with the mutually agreed security protocols.
  • the mutually agreed protocols are protocols which have been pre-shared between the gateway and information provider.
  • the gateway (204) converts the information (InformationOriginal) to another form i.e. InformationTravel in a way to ensure that the mobile station passes the information directly to SIM Card.
  • the SIM Card passes the information to the designated client application only. No application on client terminal would be able to read the content of the information and only client application would be able to read and interpret the information.
  • the client application has been formed based on the GSM tool kit.
  • the gateway (204) converts the information original into information travel to achieve this gateway encrypts the information using pre shared key and encryption engine.
  • the encrypted information is formed by converting the InformationOriginal into InformationENCR .
  • the InformationENCR formed by encrypting the InformationOriginal along with the key and the encryption engine.
  • the gateway is further configured to use specific set of values in the header for the data coding scheme (DCS), the Protocol Identifier (PID) and the TAR.
  • the specific set of values may vary based on the requirement of the communication. In an exemplary embodiment the following value may be used in the GSM header for DCS, PID and TAR:
  • DCS data coding scheme 246 Decimal (7F in HEX)
  • TAR TAR of the client application on the SIM Card
  • the Gateway sends the converted information InformationTravei to the mobile station over a communication channel, preferably a SMS channel via a TSP Telecom Service Provider network.
  • the mobile station is configured to pass the InformationTravei to a SIM Card module which has the designated TAR value.
  • the SIM thereafter passes the information to client application incorporated in the SIM (102).
  • Mobile station uses the GSM Header values in Information Travei for this purpose. With the DCS and PID value, which we set 246 and 127 respectfully, the mobile station identifies that the information (InformationTravei) is intended for the designated SIM Card. Mobile station fetches the values of DCS and PID. With the DCS and PID value, which we set 246 and 127 respectfully, mobile station identifies that the information is intended for SIM Card.
  • SIM Card passes the information (Information Travei ) to client application on card with the matching TAR value with TAR value coming in GSM header of the information.
  • Client application converts the information to original form and stores the information in data store in a secure format. To do this first client application removes GSM Header from and gets the encrypted information (InformationENCR). Subsequently, the client application decrypts the encrypted information (InformationENCR) and procures the original information. In a simple format,
  • InformationENCR Information navd - GSM Header
  • the client application again encrypts the Information with a key and encryption engine and stores the application in file system of the SIM Card.
  • Informationstore Encrypt(Informationoriginai, key2, Encryption Algorithm2) [0048] Client application reads the information(s) from the data store. When user intend to read the Informationoriginai, Client Application reads the Informations tore from the SIM Card file system and decrypt it to get the original information.
  • Client Application may give instruction to mobile station to take PIN as input from end user and Client Application validates the PIN and
  • Client Application instruct mobile station to display other options to access and process information; like read information, delete information from data store etc..
  • Fig. 3 illustrates a flow chart of transmitting secure information to a hand held device.
  • the method begins at step 302, wherein the gateway provides a mutually agreed protocol to an information provider for transmitting user information from the information provider to the gateway.
  • the mutually agreed protocols may be such protocols which provide a secure passage of subscriber information from the service provider to the gateway.
  • the information provider transmits critical information such as one time password etc. to the gateway over the transfer protocol.
  • step 304 converting by the gateway a subscriber information to a translated information using a pre-shared key.
  • the gateway is configured to convert the subscriber information according to the method disclosed in the disclosure.
  • the gateway treats the subscriber information as Informationoriginai .
  • the gateway performs the same steps as performed on Informationoriginai , recited above, to translate the subscriber information into a translated information.
  • the translated information can also be called as
  • the method recites providing by the gateway the converted subscriber information to a mobile station.
  • the Gateway sends the converted subscriber information i.e. Information Travei to the mobile station over a communication channel, preferably an SMS channel via a TSP Telecom Service Provider network.
  • the mobile station identifies a SIM card module based on the designated TAR value.
  • the Mobile station uses the GSM Header values in InformationTravei for this purpose.
  • the mobile station passes the subscriber information to the SIM card.
  • the mobile station is configured to pass the InformationTravei to a SIM Card module which has the designated TAR value.
  • the mobile station is configured to use the DCS and PID value disclosed above, which was set in the exemplary embodiment as 246 and 127 respectfully, the mobile station identifies that the information (InformationTravei) is intended for the designated SIM Card.
  • Mobile station fetches the values of DCS and PID. With the DCS and PID value, which we set 246 and 127 respectfully, the mobile station identifies that the information is intended for the particular SIM Card.
  • the SIM card module passes the information to a client application module which has been installed in the sim card.
  • the client application module have been installed as per the SIM card tool kit or GSM 11.14 standard or any other well known operating tool kit for creating client applications.
  • SIM Card receives the InformationTravei
  • SIM Card passes the information (Information Travei ) to client application on the card with the matching TAR value with TAR value coming in GSM header of the information.
  • the client application converts the information to the original form and stores the information in data store in a secure format. Accordingly, the user is provided with the information in a secure manner, wherein no breach can take place.
  • Embodiments of the present invention provide an inter-working of communication components in a GSM architecture.
  • the system requires substantially no modification of some of the existing standardized components of the GSM network and requires no changes to the communication format.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephone Function (AREA)

Abstract

A method and a system for transmitting secure information to a hand-held device through a gateway for transmitting user information from the information provider. Converting subscriber information using a pre-shared key. The converted information is transmitted to a subscriber identification module and therefrom transmitted to a client application.

Description

METHOD AND SYSTEM FOR TRANSMISSION OF SECURE INFORMATION TO A HAND-HELD DEVICE
TECHNICAL FIELD [0001] The present invention relates to a method for transmission, and more particularly, to a method of transmitting secure information to a hand held device.
BACKGROUND
[0002] In the growing digital world, lot of transactions are happening over the internet and phones are widely in use. This makes our life extremely easy and reduces our efforts significantly. On the other hand, this is also exposing us to a lot of security threats, especially in case of financial transactions and critical identity exposer/verifications from the government. In most of the digital transactions, root of trust is established via critical information sent from the source to the end user’s mobile station via the telecommunications network.
[0003] With the above background, situations where a terminal is not very advance and the user is not using a terminal-specific application, critical information is sent over a telecommunication channel which is vulnerable at many stages. Telecommunication nodes through which critical information is travelling or applications installed on our very own mobile stations are having access to the critical information, which can be misused for mischievous purposes.
SUMMARY OF THE INVENTION
[0004] In an embodiment of the invention a method is provided for transmitting secure information to a hand held device, the method comprises providing by a gateway a transfer protocol to an information provider for transmitting user information from the information provider to the gateway. The method also provides for converting by the gateway subscriber information to a translated information using a pre-shared key. The method further illustrates providing by the gateway the translated information to a mobile station. The mobilisation thereafter identifies the subscriber identity module based on the translated information to which the information into be transmitted. The mobile station then transmits the user information to the subscriber module. The subscriber module then transmits the information to a client application. In an embodiment, it is provided that the subscriber identity module transmits the translated user information to the client application based on a TAR (Toolkit Application Reference) value. In an embodiment, it is provided that the converted information to a mobile station comprises providing the translated user information over a telecom service provider. In an embodiment it is provided that translating the information comprises, encrypting by the gateway the subscriber information using the pre-shared key, and adding a GSM (Global Sytem for Mobile Communication) header to the encrypted information.
BRIEF DESCRIPTION OF ACCOMPANYING DRAWINGS
[0005] The detailed description is described with reference to the accompanying figures. In the figures, the left-most digit(s) of a reference number identifies the figure in which the reference number first appears. The same numbers are used throughout the drawings to reference like features and modules. [0006] Fig. l illustrates a block diagram depicting GSM architecture, according to an exemplary implementation of the present invention.
[0007] Fig. 2 illustrates a communication system for transmitting secure information to a hand held device, according to an exemplary implementation of the present invention.
[0008] Fig. 3 illustrates a flow chart of transmitting secure information to a hand held device.
DETAILED DESCRIPTION
[0009] In the following description, for purpose of explanation, specific details are set forth in order to provide an understanding of the present disclosure. It will be apparent, however, to one skilled in the art that the present disclosure may be practiced without these details. One skilled in the art will recognize that embodiments of the present disclosure, some of which are described below, may be incorporated into a number of systems.
[0010] However, the systems and methods are not limited to the specific embodiments described herein. Further, structures and devices shown in the figures are illustrative of exemplary embodiments of the present disclosure and are meant to avoid obscuring of the present disclosure.
[0011] Fig. l illustrates a block diagram depicting GSM architecture, according to an exemplary implementation of the present invention.
[0012] GSM is widely used for a mobile communication system in the world. GSM is an open and digital cellular technology, used for transmitting mobile voice and data services which may operate on at least one of 850MHz, 900MHz, 1800MHz and 1900MHz frequency bands among others. GSM system was developed as a digital system using time division multiple access (TDMA) technique for communication purpose. A GSM digitizes and reduces the data, then sends it down through a channel with two different streams of client data, each in its own particular time slot. The digital system has the ability to carry data at different rates. A GSM network consists of the following components, a hand held device, a mobile station, a base station subsystem and a network subsystem.
[0013] A hand held device: The hand lead device consists of the transceiver, the display and the processor and is controlled by a SIM card and client applications operating over the network.
[0014] A mobile station (MS) (104) communicates across the air interface with a base station transceiver in the same cell in which the mobile subscriber unit is located. The MS (104) communicates the information with the user on a hand held device, and modifies it as per the transmission protocols to communicate with a Base Station Subsystem (BSS). The user’s voice information is interfaced with the MS through a microphone and speaker for the speech, keypad, and display for short messaging, and the cable connection for other data terminals. The hand held device refers to the physical device, which comprises of a transceiver, digital signal processors, and the antenna. The hand held device consists of the GSM Subscriber Identity Module (SIM) (102).
[0015] Further, the GSM network consists of a Base Station Subsystem (BSS), the BSS acts as an interface between the mobile station and a network subsystem. There are two main architectural elements in the BSS - the Base Transceiver Subsystem (BTS) and the Base Station Controller (BSC). The interface that connects a BTS (106, 108) to a BSC (110, 112) is called the A-bis interface. The interface between the BSC and the MSC is called the A interface, which is standardised within the GSM.
[0016] The (BTS) contains the radio transceivers and handles the protocols for communication with mobiles. It also consists of a Base Station Controller which controls the Base Transceiver Station and acts as an interface between the mobile station and mobile switching centre. Each Base Transceiver Station defines a single cell. A cell can have a radius of between 100m to 35km, depending on the environment the range can be enhanced to decreased. The Base Station Controller may be connected with a BTS. It may control multiple BTS units and hence multiple cells.
[0017] The GSM architecture also describes a Network Subsystem (NSS) (113). The Network Subsystem provides the basic network connection to the mobile stations. The basic part of the Network Subsystem is the Mobile Service Switching Centre which provides access to different networks like ISDN, PSTN etc. It also consists of the Home Location Register HLR (114) and the Visitor Location Register VLR (116) which provides the call routing and roaming capabilities of GSM. It also contains the Equipment Identity Register which maintains an account of all the mobile equipments wherein each mobile is identified by its own 1MEI number. IMEI stands for International Mobile Equipment Identity.
[0018] As disclosed above the NSS is responsible for the network operation. The NSS (113) provides the link between the cellular network (also known as the gateway) and the Public switched telecommunicates Networks (PSTN or ISDN or Data Networks). The NSS (113) controls handoffs between cells in different BSSs, authenticates user and validates their accounts, and includes functions for enabling worldwide roaming of mobile subscribers. In particular, the switching subsystems formed within the mobile service switching centre consists of:
[0019] Home Location register (HLR)
[0020] Visitor Location Register (VLR)
[0021] Authentications center (Auc)
[0022] Equipment Identity Register (EIR)
[0023] Interworking Functions (IWF)
[0024] The NSS (113) has one hardware, Mobile switching center and four software database element, namely the Home location register (HLR) (114), the Visitor Location Register (VLR) (116), and the Authentications center (Auc) and the Equipment Identity Register (EIR) (120). The MSC (118) performs the switching function of the system by controlling calls to and from other telephone and data systems. The controlling function of the MSC includes functions such as network interfacing and common channel signalling.
[0025] The HLR as disclosed above is database software that handles the management of the mobile subscriber’s account namely the hand held device’s account. It stores the subscriber address, service type, current locations, forwarding address, authentication/ciphering keys, and billings information. In addition to the ISDN telephone number for the hand held device, the SIM card is identified with an International Mobile Subscribes Identity (IMSI) number that is totally different from the ISDN telephone number.
[0026] The HLR is the reference database that permanently stores data related to subscribers, including subscriber’s service profile, location information, and activity status. The VLR is a temporary database software similar to the HLR identifying the mobile subscribers visiting inside the coverage area of an MSC. The VLR assigns a Temporary mobile subscriber Identity (TMSI) that is used to avoid using IMSI on the air.
[0027] The visitor location register maintains information about mobile subscribers that is currently physically in the range covered by the switching center. When a mobile subscriber roams from one LA (Local Area) to another, the current location is automatically updated in the VLR. When a mobile station roams into a new MSC area, if the old and new LA’ s are under the control of two different VLRs, the VLR connected to the MSC will request data about the mobile stations from the HLR.
[0028] The entry on the old VLR is deleted and an entry is created in the new VLR by copying the database from the HLR. The AuC database holds different algorithms that are used for authentication and encryptions of the mobile subscribers that verify the mobile user’s identity and ensure the confidentiality of each call. The AuC holds the authentication and encryption keys for all the subscribers in both the home and visitor location register.
[0029] The EIR (120) is another database that keeps the information about the identity of mobile equipment such as the International mobile Equipment Identity (IMEI) that reveals the details about the manufacturer, country of production, and device type. This information is used to prevent calls from being misused, to prevent unauthorized or defective mobile switching, to report stolen mobile phones or check if the mobile phone is operating according to the specification of its type.
[0030] The hand held device is provided with a subscriber identity module (SIM) card slot. SIM card technology is one of the most popular technology which is used in hand held devices and is used to activate the connection and to communicate and for making links with the server system and also used in various electrical and electronic projects. It is the Subscriber Identity Module that contains the integrated circuit to store the International Mobile Subscriber Identity or IMSI and the keys to identify and authenticate the subscribers on the communication system.
[0031] The SIM is embedded in a smart card that can be removed and transferred to different mobile phones. SIM cards allow the storage of application data that communicate with the handset or server using the SIM application tool kit. The SIM card stores network specific information to authenticate the identity of the subscriber in the network. The SIM may contain other data like Short Message Service Centre number or SMSC, Service Provider Name or SPN, Service Dialing Number or SDN, Value Added Service or VAS, etc.
[0032] The SIM card performs the function of identifying the subscriber, the IMSI programmed on the SIM card, is the identity of a subscriber. Each IMSI is mapped to a mobile number and provisioned on the HLR to allow a subscriber to be identified. The SIM card further performs the authentication of the subscriber. The authentication process uses the authentication engine on the SIM card, a unique response is provided by each subscriber based on IMSI (stored on SIM) and a Random Number RAND as provided by the network. By matching this response with values computed on the network a legal subscriber is logged on to the network and he or she can now make use the services of the mobile service provider. SIM card is becoming a feature of mobile work. The SIM card also functions to store phone numbers and SMS. The SIM card module is configured to provide for applications using the SIM card tool kit or GSM 11.14 standard or any other well known operating tool kit for creating of client applications. Applications on the SIM provide basic information on demand and other Applications for m-commerce, chatting, cell broadcast, phonebook backup etc. provide added functionalities to the SIM card module.
[0033] The above disclosure generally illustrates the functioning of GSM communication with a hand held device and the SIM card. The above disclosure nowhere limits a person skilled in the art to modify the communication to achieve the desired functionality.
[0034] The present disclosure is focused towards providing a mechanism which addresses the problems defined in the background of the present disclosure. The invention is a method and a system to deliver critical information in a telecommunication network to user terminals, via SIM Card, especially for delivering information to mobile stations, using a super secure channel. [0035] The method according to the invention is performed in a telecommunication network. The method broadly comprises of an information provider such as banks etc. that deliver user information. The method provides for means for converting the user information to a secure form namely the translated information. The method provides for sending the translated information to a hand held device. The hand held device to which the information is delivered, is provided with a SIM Card Module which receives the translated information and passes the information to a client application, where the client application is incorporated in the SIM card.
[0036] The client application is incorporated on the SIM card and is configured to receive the information and display to user in an appropriate manner by authenticating user with a PIN and storing the information in a data store on SIM Card in a secure form. The hand held device also known as the client terminal in such systems is usually a mobile phone, and the means for converting the information from one form to another secure form is a gateway.
[0037] Fig. 2 illustrates a communication system for transmitting secure information to a hand held device, according to an exemplary implementation of the present invention.
[0038] The information provider i.e. providers such as banks etc. send critical information to users on their hand held device for various types of transactions. This critical information passes through various levels of nodes in the GSM communication system. Various malware activities have nowadays comprised the security of such critical information. Accordingly, the present disclosure provides a secure way to transmit such information.
[0039] The critical information known as InformationOriginal is sent from the information provider (202) to a Gateway (204). The gateway is provided with the service provider Channel between Information Provider and Gateway is secure with the mutually agreed security protocols. The mutually agreed protocols are protocols which have been pre-shared between the gateway and information provider.
[0040] The gateway (204) converts the information (InformationOriginal) to another form i.e. InformationTravel in a way to ensure that the mobile station passes the information directly to SIM Card. The SIM Card passes the information to the designated client application only. No application on client terminal would be able to read the content of the information and only client application would be able to read and interpret the information. The client application has been formed based on the GSM tool kit.
[0041] The gateway (204) converts the information original into information travel to achieve this gateway encrypts the information using pre shared key and encryption engine. The encrypted information is formed by converting the InformationOriginal into InformationENCR. The InformationENCR formed by encrypting the InformationOriginal along with the key and the encryption engine. The gateway is further configured to add a GSM header to the InformationENCR. By doing so the gateway formulates the InformationTravel. Accordingly, InformationTravel = GSM
Header + InformationENCR. [0042] The gateway is further configured to use specific set of values in the header for the data coding scheme (DCS), the Protocol Identifier (PID) and the TAR. The specific set of values may vary based on the requirement of the communication. In an exemplary embodiment the following value may be used in the GSM header for DCS, PID and TAR:
i. DCS data coding scheme = 246 Decimal (7F in HEX)
ii. PID protocol identifier = 127 Decimal
iii. TAR = TAR of the client application on the SIM Card
[0043] The Gateway sends the converted information InformationTravei to the mobile station over a communication channel, preferably a SMS channel via a TSP Telecom Service Provider network. The mobile station is configured to pass the InformationTravei to a SIM Card module which has the designated TAR value. The SIM thereafter passes the information to client application incorporated in the SIM (102).
[0044] Mobile station uses the GSM Header values in InformationTravei for this purpose. With the DCS and PID value, which we set 246 and 127 respectfully, the mobile station identifies that the information (InformationTravei) is intended for the designated SIM Card. Mobile station fetches the values of DCS and PID. With the DCS and PID value, which we set 246 and 127 respectfully, mobile station identifies that the information is intended for SIM Card.
[0045] Once SIM Card receives the InformationTravei, SIM Card passes the information (InformationTravei) to client application on card with the matching TAR value with TAR value coming in GSM header of the information. [0046] Client application converts the information to original form and stores the information in data store in a secure format. To do this first client application removes GSM Header from and gets the encrypted information (InformationENCR). Subsequently, the client application decrypts the encrypted information (InformationENCR) and procures the original information. In a simple format,
• InformationENCR = Information navd - GSM Header
• Information = Decrypt(InformationENCR, key, Encryption Algorithm)
[0047] Once the original information (Informationoriginai) is available, if in the use case it is required to store the information, before using it, then the client application again encrypts the Information with a key and encryption engine and stores the application in file system of the SIM Card.
• Informationstore = Encrypt(Informationoriginai, key2, Encryption Algorithm2) [0048] Client application reads the information(s) from the data store. When user intend to read the Informationoriginai, Client Application reads the Informationstore from the SIM Card file system and decrypt it to get the original information.
• Informationoriginai = Decrypt(Informationstore, key2, Encryption Algorithm2) [0049] Client Application instructs Mobile station to display the information on the mobile phone screen using STK (SIM Tool Kit) commands.
[0050] If use case demands then before displaying Information, Client Application may give instruction to mobile station to take PIN as input from end user and Client Application validates the PIN and
[0051] If PIN validation is successful then Client Application instruct mobile station to display other options to access and process information; like read information, delete information from data store etc..
[0052] Fig. 3 illustrates a flow chart of transmitting secure information to a hand held device.
[0053] The method begins at step 302, wherein the gateway provides a mutually agreed protocol to an information provider for transmitting user information from the information provider to the gateway. The mutually agreed protocols may be such protocols which provide a secure passage of subscriber information from the service provider to the gateway. The information provider transmits critical information such as one time password etc. to the gateway over the transfer protocol.
[0054] Thereafter, at step 304, converting by the gateway a subscriber information to a translated information using a pre-shared key. The gateway is configured to convert the subscriber information according to the method disclosed in the disclosure. The gateway treats the subscriber information as Informationoriginai. The gateway performs the same steps as performed on Informationoriginai, recited above, to translate the subscriber information into a translated information. The translated information can also be called as
InformationTravei.
[0055] Thereafter, at step 306, the method recites providing by the gateway the converted subscriber information to a mobile station. The Gateway sends the converted subscriber information i.e. InformationTravei to the mobile station over a communication channel, preferably an SMS channel via a TSP Telecom Service Provider network. At step 304 the mobile station identifies a SIM card module based on the designated TAR value. The Mobile station uses the GSM Header values in InformationTravei for this purpose.
[0056] At step 308, the mobile station passes the subscriber information to the SIM card. The mobile station is configured to pass the InformationTravei to a SIM Card module which has the designated TAR value. The mobile station is configured to use the DCS and PID value disclosed above, which was set in the exemplary embodiment as 246 and 127 respectfully, the mobile station identifies that the information (InformationTravei) is intended for the designated SIM Card. Mobile station fetches the values of DCS and PID. With the DCS and PID value, which we set 246 and 127 respectfully, the mobile station identifies that the information is intended for the particular SIM Card.
[0057] At step 310, the SIM card module passes the information to a client application module which has been installed in the sim card. The client application module have been installed as per the SIM card tool kit or GSM 11.14 standard or any other well known operating tool kit for creating client applications. Once SIM Card receives the InformationTravei, SIM Card passes the information (InformationTravei) to client application on the card with the matching TAR value with TAR value coming in GSM header of the information. The client application converts the information to the original form and stores the information in data store in a secure format. Accordingly, the user is provided with the information in a secure manner, wherein no breach can take place.
[0058] Embodiments of the present invention provide an inter-working of communication components in a GSM architecture. The system requires substantially no modification of some of the existing standardized components of the GSM network and requires no changes to the communication format.
[0059] Various further aspects and features of the present invention are defined in the appended claims. Various modifications can be made to the embodiments herein described without departing from the scope of the present invention.

Claims

We claim:
1. A method for transmitting secure information to a hand held device, the
method comprising:
providing by a gateway a transfer protocol to an information provider for transmitting a user information from the information provider to the gateway;
converting by the gateway a subscriber information to a translated information using a pre shared key;
providing by the gateway the translated information to a mobile station;
identifying by a mobile station the subscriber identity module based on the translated information;
transmitting by the mobile station the translated user information to the subscriber identification module;
passing the translated information from the subscriber identity module to a client application.
2. The method as claimed in claim 1, wherein the subscriber identity module transmits the translated user information to the client application based on a
TAR value.
3. The method as claimed in claim 1, wherein providing the converted information to a mobile station comprises:
providing the translated user information over a telecom service provider.
4. The method as claimed in claim 1, wherein transmitting by the mobile station includes receiving translation data from the gateway to identify the subscriber identity module.
5. The method as claimed in claim 1, further comprising:
decrypting by the client application, the translated information to recover the subscriber information.
6. The method of claim 1, wherein translating the information comprises:
encrypting by the gateway the subscriber information using the pre shared key; and
adding a GSM header to the encrypted information.
7. A communication system for transmitting secure information to a hand held device, the system comprising:
a gateway configured to:
provide by a service provider a mutually agreed protocol to a gateway for transmitting a user information;
convert by the gateway a subscriber information to a translated information using a pre shared key;
provide the converted information to a mobile station; a mobile station configured to: identify the subscriber identity module based on the translated information;
transmitting by the mobile station the translated user information to the subscriber identification module;
a subscriber configured to:
passing the translated information from the subscriber identity module to a client application.
8. The system as claimed in claim 7, wherein the subscriber identity module is configured to transmit the translated user information to the client application based on a TAR value.
9. The system as claimed in claim 7, wherein the subscriber identity module is further configured to:
decrypt by the client application, the translated information to recover the subscriber information.
10. The method as claimed in claim 7, wherein translating the information
comprises:
encrypting by the gateway the subscriber information using the pre shared key; and
adding a GSM header to the encrypted information.
PCT/IN2020/050013 2019-01-04 2020-01-04 Method and system for transmission of secure information to a hand-held device Ceased WO2020141561A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
IN201911000383 2019-01-04
IN201911000383 2019-01-04

Publications (1)

Publication Number Publication Date
WO2020141561A1 true WO2020141561A1 (en) 2020-07-09

Family

ID=71407314

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IN2020/050013 Ceased WO2020141561A1 (en) 2019-01-04 2020-01-04 Method and system for transmission of secure information to a hand-held device

Country Status (1)

Country Link
WO (1) WO2020141561A1 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6334056B1 (en) * 1999-05-28 2001-12-25 Qwest Communications Int'l., Inc. Secure gateway processing for handheld device markup language (HDML)
US6775298B1 (en) * 1999-08-12 2004-08-10 International Business Machines Corporation Data transfer mechanism for handheld devices over a wireless communication link
US20150067820A1 (en) * 2011-07-20 2015-03-05 Horatio Nelson Huxham Security gateway communication
WO2016042519A2 (en) * 2014-09-17 2016-03-24 Simless, Inc. Apparatuses, methods and systems for implementing a trusted subscription management platform

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6334056B1 (en) * 1999-05-28 2001-12-25 Qwest Communications Int'l., Inc. Secure gateway processing for handheld device markup language (HDML)
US6775298B1 (en) * 1999-08-12 2004-08-10 International Business Machines Corporation Data transfer mechanism for handheld devices over a wireless communication link
US20150067820A1 (en) * 2011-07-20 2015-03-05 Horatio Nelson Huxham Security gateway communication
WO2016042519A2 (en) * 2014-09-17 2016-03-24 Simless, Inc. Apparatuses, methods and systems for implementing a trusted subscription management platform

Similar Documents

Publication Publication Date Title
US5943425A (en) Re-authentication procedure for over-the-air activation
EP0856233B1 (en) Subscriber authentication in a mobile communications system
EP0841770B1 (en) Method for sending a secure message in a telecommunications system
EP1878285B1 (en) Fast user plane establishment in a telecommunications network
EP1782650B1 (en) Method and system for improving robustness of secure messaging in a mobile communications network
JP3742772B2 (en) Integrity check in communication systems
KR102448747B1 (en) A method for transmitting an encrypted subscription identifier stored in a secure element to a physical or virtual element of a telecommunications network, a corresponding secure element, a physical or virtual element and a terminal cooperating with the secure element
KR100363300B1 (en) Method, mobile station and radiocommunication system for controlling safety related functions in communication handling
EP3253092A1 (en) Self provisioning of wireless terminals in wireless networks
US20050096014A1 (en) Using shared secret data (SSD) to authenticate between a CDMA network and a GSM network
KR19990088046A (en) Method and apparatus for performing authentication in communication systems
KR100837583B1 (en) Authentication vector generation device, subscriber identity module, mobile communication system, authentication vector generation method, calculation method, and subscriber authentication method
US7024557B1 (en) System and method for secure provisioning of a mobile station from a provisioning server using encryption
JPH08500950A (en) Method and apparatus for efficient real-time authentication and encryption in a communication system
EP2549778B1 (en) Method and system for encrypting short message
KR102425273B1 (en) Methods and apparatuses for ensuring secure connection in size constrained authentication protocols
EP2627030A1 (en) Ciphering between a CDMA network and a GSM network
EP1705941A1 (en) Secure communication of password information in a network
EP1189471A1 (en) Method for distributing encryption keys for an overlay data network
WO2020141561A1 (en) Method and system for transmission of secure information to a hand-held device
Khozooyi et al. Security in mobile governmental transactions
US20090235072A1 (en) System, terminal, method, and software for communicating messages
Kaur et al. A Review of Security issues and mitigation Measures in GSM
WO2003046745A1 (en) Method and system for passing information between a mobile terminal and predetermined network entities in a hybrid network

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20735913

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20735913

Country of ref document: EP

Kind code of ref document: A1