WO2008001322A3 - Message handling at a mobile device - Google Patents

Message handling at a mobile device Download PDF

Info

Publication number
WO2008001322A3
WO2008001322A3 PCT/IB2007/052511 IB2007052511W WO2008001322A3 WO 2008001322 A3 WO2008001322 A3 WO 2008001322A3 IB 2007052511 W IB2007052511 W IB 2007052511W WO 2008001322 A3 WO2008001322 A3 WO 2008001322A3
Authority
WO
WIPO (PCT)
Prior art keywords
mobile device
response
challenge
message
application
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/IB2007/052511
Other languages
French (fr)
Other versions
WO2008001322A2 (en
Inventor
Carl Binding
Francois Dolivo
Reto Hermann
Dirk Husemann
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
International Business Machines Corp
Original Assignee
International Business Machines Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by International Business Machines Corp filed Critical International Business Machines Corp
Priority to JP2009517559A priority Critical patent/JP5035810B2/en
Priority to CN2007800112240A priority patent/CN101410847B/en
Priority to EP07825859A priority patent/EP2044548A2/en
Priority to KR1020087031637A priority patent/KR101055712B1/en
Publication of WO2008001322A2 publication Critical patent/WO2008001322A2/en
Publication of WO2008001322A3 publication Critical patent/WO2008001322A3/en
Priority to US12/345,696 priority patent/US20100318798A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/10Integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/12Messaging; Mailboxes; Announcements
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/54Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by adding security routines or objects to programs
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/126Applying verification of the received information the source of the received data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • H04W12/033Protecting confidentiality, e.g. by encryption of the user plane, e.g. user's traffic
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2103Challenge-response
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2153Using hardware token as a secondary aspect

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)

Abstract

A method for sending a message from a mobile device via a first application running on the mobile device is proposed. The method comprises a challenge step for supplying the first application with a challenge, a response step for receiving a response to the challenge, an equality check step for determining whether the received response corresponds to an expected response, a signature step for providing a signature for the message, using a cryptographic key and the result of the equality check step, and a send step for sending the signed message via the first application from the mobile device to a backend system.
PCT/IB2007/052511 2006-06-30 2007-06-28 Message handling at a mobile device Ceased WO2008001322A2 (en)

Priority Applications (5)

Application Number Priority Date Filing Date Title
JP2009517559A JP5035810B2 (en) 2006-06-30 2007-06-28 Message processing on mobile devices
CN2007800112240A CN101410847B (en) 2006-06-30 2007-06-28 Message handling method at a mobile device, mobile device and smart card
EP07825859A EP2044548A2 (en) 2006-06-30 2007-06-28 Message handling at a mobile device
KR1020087031637A KR101055712B1 (en) 2006-06-30 2007-06-28 Message handling on mobile devices
US12/345,696 US20100318798A1 (en) 2006-06-30 2008-12-30 Message handling at a mobile device

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
EP06116410.9 2006-06-30
EP06116410 2006-06-30

Publications (2)

Publication Number Publication Date
WO2008001322A2 WO2008001322A2 (en) 2008-01-03
WO2008001322A3 true WO2008001322A3 (en) 2008-06-19

Family

ID=38846073

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2007/052511 Ceased WO2008001322A2 (en) 2006-06-30 2007-06-28 Message handling at a mobile device

Country Status (6)

Country Link
US (1) US20100318798A1 (en)
EP (1) EP2044548A2 (en)
JP (1) JP5035810B2 (en)
KR (1) KR101055712B1 (en)
CN (1) CN101410847B (en)
WO (1) WO2008001322A2 (en)

Families Citing this family (27)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101731200B1 (en) 2008-01-18 2017-05-11 인터디지탈 패튼 홀딩스, 인크 Method and apparatus for enabling machine to machine communication
DE102008025489A1 (en) * 2008-05-28 2009-12-24 Siemens Aktiengesellschaft Method and system for monitoring a safety-related system
TWI580285B (en) 2009-03-05 2017-04-21 內數位專利控股公司 Method and apparatus for h(e)nb integrity verification and validation
WO2010102259A2 (en) 2009-03-06 2010-09-10 Interdigital Patent Holdings, Inc. Platform validation and management of wireless devices
US9032058B2 (en) 2009-03-13 2015-05-12 Assa Abloy Ab Use of SNMP for management of small footprint devices
US20100235900A1 (en) * 2009-03-13 2010-09-16 Assa Abloy Ab Efficient two-factor authentication
SG184853A1 (en) * 2010-04-12 2012-11-29 Interdigital Patent Holdings Staged control release in boot process
JP5593850B2 (en) 2010-05-31 2014-09-24 ソニー株式会社 Authentication device, authentication method, program, and signature generation device
JP5594034B2 (en) * 2010-07-30 2014-09-24 ソニー株式会社 Authentication device, authentication method, and program
WO2012023050A2 (en) 2010-08-20 2012-02-23 Overtis Group Limited Secure cloud computing system and method
EP2635991B1 (en) 2010-11-05 2015-09-16 InterDigital Patent Holdings, Inc. Device validation, distress indication, and remediation
CN102137105B (en) * 2011-03-11 2012-11-07 华为技术有限公司 Privacy protection method and system for machine communication, machine communication business management entity and related equipment
KR20140043484A (en) 2011-08-01 2014-04-09 인텔 코포레이션 Method and system for network access control
US9609000B2 (en) 2012-06-06 2017-03-28 Nec Corporation Method and system for executing a secure application on an untrusted user equipment
DE102012217743B4 (en) * 2012-09-28 2018-10-31 Siemens Ag Checking an integrity of property data of a device by a tester
US10270748B2 (en) 2013-03-22 2019-04-23 Nok Nok Labs, Inc. Advanced authentication techniques and applications
US8904195B1 (en) * 2013-08-21 2014-12-02 Citibank, N.A. Methods and systems for secure communications between client applications and secure elements in mobile devices
US9749131B2 (en) * 2014-07-31 2017-08-29 Nok Nok Labs, Inc. System and method for implementing a one-time-password using asymmetric cryptography
US10657262B1 (en) * 2014-09-28 2020-05-19 Red Balloon Security, Inc. Method and apparatus for securing embedded device firmware
JP6659220B2 (en) * 2015-01-27 2020-03-04 ルネサスエレクトロニクス株式会社 Communication device, semiconductor device, program and communication system
JP2016171530A (en) * 2015-03-13 2016-09-23 株式会社東芝 Communication apparatus, communication method, program and communication system
CN105471877B (en) 2015-12-03 2019-09-17 北京小米支付技术有限公司 Proof data acquisition methods and device
US11868995B2 (en) 2017-11-27 2024-01-09 Nok Nok Labs, Inc. Extending a secure key storage for transaction confirmation and cryptocurrency
US11831409B2 (en) 2018-01-12 2023-11-28 Nok Nok Labs, Inc. System and method for binding verifiable claims
US12041039B2 (en) 2019-02-28 2024-07-16 Nok Nok Labs, Inc. System and method for endorsing a new authenticator
US11792024B2 (en) 2019-03-29 2023-10-17 Nok Nok Labs, Inc. System and method for efficient challenge-response authentication
US11211140B1 (en) * 2019-09-24 2021-12-28 Facebook Technologies, Llc Device authentication based on inconsistent responses

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2000058830A1 (en) * 1999-03-26 2000-10-05 Ericsson Inc. System for secure controlled electronic memory updates via networks
EP1055990A1 (en) * 1999-05-28 2000-11-29 Hewlett-Packard Company Event logging in a computing platform
WO2002006930A2 (en) * 2000-07-14 2002-01-24 America Online, Inc. Identifying unauthorized communication systems based on their memory contents
WO2002017048A2 (en) * 2000-08-18 2002-02-28 Hewlett-Packard Company Trusted device
EP1349033A1 (en) * 2002-03-26 2003-10-01 Soteres GmbH A method of protecting the integrity of a computer program
US6804778B1 (en) * 1999-04-15 2004-10-12 Gilian Technologies, Ltd. Data quality assurance
GB2416956A (en) * 2004-07-29 2006-02-08 Nec Technologies Method of testing integrity of a mobile radio communications device and related apparatus

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5473692A (en) * 1994-09-07 1995-12-05 Intel Corporation Roving software license for a hardware agent
US5995624A (en) * 1997-03-10 1999-11-30 The Pacid Group Bilateral authentication and information encryption token system and method
US6772336B1 (en) * 1998-10-16 2004-08-03 Alfred R. Dixon, Jr. Computer access authentication method

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2000058830A1 (en) * 1999-03-26 2000-10-05 Ericsson Inc. System for secure controlled electronic memory updates via networks
US6804778B1 (en) * 1999-04-15 2004-10-12 Gilian Technologies, Ltd. Data quality assurance
EP1055990A1 (en) * 1999-05-28 2000-11-29 Hewlett-Packard Company Event logging in a computing platform
WO2002006930A2 (en) * 2000-07-14 2002-01-24 America Online, Inc. Identifying unauthorized communication systems based on their memory contents
WO2002017048A2 (en) * 2000-08-18 2002-02-28 Hewlett-Packard Company Trusted device
EP1349033A1 (en) * 2002-03-26 2003-10-01 Soteres GmbH A method of protecting the integrity of a computer program
GB2416956A (en) * 2004-07-29 2006-02-08 Nec Technologies Method of testing integrity of a mobile radio communications device and related apparatus

Also Published As

Publication number Publication date
WO2008001322A2 (en) 2008-01-03
JP5035810B2 (en) 2012-09-26
EP2044548A2 (en) 2009-04-08
JP2009543414A (en) 2009-12-03
KR101055712B1 (en) 2011-08-11
CN101410847B (en) 2011-11-09
KR20090028728A (en) 2009-03-19
CN101410847A (en) 2009-04-15
US20100318798A1 (en) 2010-12-16

Similar Documents

Publication Publication Date Title
WO2008001322A3 (en) Message handling at a mobile device
WO2007149775A3 (en) Consumer authentication system and method
WO2009098550A9 (en) Intelligent interaction between a wireless portable device and media devices in a local network
WO2005114970A3 (en) Location-based social software for mobile devices
WO2007013958A3 (en) Overloaded communication session
TW200604800A (en) Communication system, communication device, and communication method
WO2010068779A3 (en) Trust establishment from forward link only to non-forward link only devices
WO2009127930A3 (en) Mobility related control signalling authentication in mobile communications system
WO2012005930A3 (en) Method and devices for a light-weight security solution for host -based mobility and multihoming protocols
WO2009120501A3 (en) System and method for receiving requests for tasks from unregistered devices
WO2009082728A3 (en) Methods, systems and apparatus for integrated wireless device location determination
WO2006101760A8 (en) Delivery of value identifiers using short message service (sms)
WO2007103612A3 (en) Encryption and verification using partial public key
EP2047639A4 (en) MANAGING ASSIGNMENTS IN AD HOC NETWORKS
WO2010080330A3 (en) Cost effective updating of mobile computing devices and communicating with mobile computing devices
MX2010009998A (en) Mobile communication system, base station device, mobile station device, and mobile communication method.
WO2010044937A3 (en) System and method for electronic data security
WO2008143163A1 (en) Mobile communication system, base station device, and mobile station device
WO2009134601A3 (en) Method of selecting a communication system for operating with a communication device in an idle mode, and communication device
EP2348451A3 (en) Methods and apparatus for restoration of an anti-theft platform
WO2007080557A3 (en) Activating an application
WO2010021510A3 (en) Method and apparatus for transmitting reference signal in wireless communication system
TW200638738A (en) Method of accepting a phone call based on motion properties of the phone and related device
PH12012500505A1 (en) Standard mobile communication device distraction prevention and safety protocols
WO2009100362A3 (en) Method and apparatus for provisioning dual mode wireless client devices in a telecommunications system

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 200780011224.0

Country of ref document: CN

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07825859

Country of ref document: EP

Kind code of ref document: A2

WWE Wipo information: entry into national phase

Ref document number: 2009517559

Country of ref document: JP

WWE Wipo information: entry into national phase

Ref document number: 1020087031637

Country of ref document: KR

NENP Non-entry into the national phase

Ref country code: DE

NENP Non-entry into the national phase

Ref country code: RU

WWE Wipo information: entry into national phase

Ref document number: 2007825859

Country of ref document: EP