WO2015124317A1 - Procédé de gestion à distance d'un élément de données mémorisé sur un élément de sécurité - Google Patents

Procédé de gestion à distance d'un élément de données mémorisé sur un élément de sécurité Download PDF

Info

Publication number
WO2015124317A1
WO2015124317A1 PCT/EP2015/000402 EP2015000402W WO2015124317A1 WO 2015124317 A1 WO2015124317 A1 WO 2015124317A1 EP 2015000402 W EP2015000402 W EP 2015000402W WO 2015124317 A1 WO2015124317 A1 WO 2015124317A1
Authority
WO
WIPO (PCT)
Prior art keywords
security element
change request
memory access
data
partial
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/EP2015/000402
Other languages
German (de)
English (en)
Inventor
Bernhard Inderst
Tobias Beschnidt
Alexander SUMMERER
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Giesecke+Devrient GmbH
Original Assignee
Giesecke+Devrient GmbH
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Giesecke+Devrient GmbH filed Critical Giesecke+Devrient GmbH
Priority to EP15706679.6A priority Critical patent/EP3111679A1/fr
Publication of WO2015124317A1 publication Critical patent/WO2015124317A1/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/50Service provisioning or reconfiguring
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/30Security of mobile devices; Security of mobile applications
    • H04W12/35Protecting application or service provisioning, e.g. securing SIM application provisioning
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party

Definitions

  • the invention relates to a method and a system for the remote management of a data element stored on a security element.
  • Security elements can be used for different purposes for the secure storage of data elements. Often, security elements have user identification data, such as e.g. a password or a PIN, deposited. A user can authorize functions of the security element by entering the password or the PIN, preferably via a device connected to the security element.
  • user identification data such as e.g. a password or a PIN
  • the prior art discloses methods for remotely managing data elements and in particular PINs on a security element.
  • the document WO 2007/036341 A1 describes a method for unlocking a mobile radio card locked by means of an access code of a user in which, after authentication of the user to a service device, an access for the user on the mobile radio card is established automatically. This can be done by informing the user of a valid or new access code or by prompting the user to enter a new access code.
  • the object of the invention is to provide a simple and secure method or system for the remote administration of a data element stored on a security element.
  • a change request for the data element to be changed which originates at least in part from a server, is transmitted to the security element, whereupon in the security element the data element stored therein is changed.
  • the change includes a first changing memory access and a second changing memory access to the security element.
  • the method according to the invention is characterized in that the first memory access and the second memory access occur in mutually decoupled substeps of the change of the data element.
  • a first sub-step comprises transmitting a first partial change request from the change request from the server to the security element and the first changing memory access
  • a second partial step comprises transmitting a second partial change request from the change request to the security element and the second memory access.
  • the second partial change request does not necessarily have to originate from the server.
  • the inventive method has the advantage that the security of the method is increased by the division of the memory accesses in mutually decoupled sub-steps and flexible different information of the data element can be changed independently.
  • the decoupling of the sub-steps just described can be realized in various ways in the method according to the invention.
  • the decoupling is achieved in that the first sub-step is carried out at a different time than the second sub-step.
  • the first sub-step may use a different connection type for transmitting the first partial change request than the second sub-step for transmitting the second partial change request.
  • the first sub-step can use another local application (ie a software application or a software agent) on a terminal communicating with the security element as the second sub-step.
  • the terminal is in particular a mobile terminal, such as a mobile phone.
  • the security element can be used for example in the terminal or be an integral part of the terminal.
  • the local application does not run directly on the security element, but on the end device. Nevertheless, in addition to processing the partial change requests, an application or an applet may also run on the security element.
  • the first substep may also output another feedback for confirming the first memory access than the second substep for confirming the second memory access.
  • only the first or second sub-step output a response to confirm the first or second memory access.
  • the first partial change request is transmitted directly from the server to the security element without the interposition of a local application on a terminal communicating with the security element.
  • the direct communication between the security element and the server does not preclude an application or an applet running on the security element for processing the partial change requests.
  • the second partial change request is also transmitted from the server to the security element.
  • the transmission of the second partial change request takes place with the interposition of a local application on a terminal communicating with the security element.
  • the transmission of the second partial change request can also be transmitted without involvement of the server from a local application on a terminal communicating with the security element.
  • the first partial change request comprises a change instruction and specifies the data content of the data element to be changed.
  • the second partial change request may include a change instruction and specify the data content of the data item to be changed.
  • the first partial change request has a larger or a smaller data volume than the second partial change request. In this way, an asymmetrical distribution of the data volume is effected. For example, a minimum data content may be included in the first or second partial change request, whereas a larger volume of data is communicated with the other partial change request.
  • the data element to be changed comprises both management data (in particular a header) and payload data, i. the actual data content.
  • the payload includes confidential information, and in particular user identification data, e.g. a password to be entered by the user for activating one or more functions of the security element.
  • user identification data e.g. a password to be entered by the user for activating one or more functions of the security element.
  • the term of the password is to be understood broadly and may include any string.
  • the term password also includes a PIN. The method according to the invention is thus also particularly suitable for managing passwords for protecting functions of the security element.
  • the first partial change request specifies a first memory access for invalidating the above-mentioned user identification data. This ensures that current user identification data can no longer be used and must be replaced by new user identification data within the scope of the administration according to the invention.
  • the management data specifies one or more specifications for the structure and / or use user identification data.
  • specifications may in particular include one or more of the following specifications:
  • misoperation counter indicating how often user input data may be entered incorrectly by a user
  • Encoded information about the structure of the user identification data e.g. whether the data must or may be alphanumeric and / or numeric and / or whether the data must include a certain number of special characters and / or uppercase letters and / or whether the data must be alphanumeric and / or numeric;
  • Data must include a minimum number of different characters and / or whether the data may only include a maximum number of equal characters in a row;
  • the first and / or second partial change request specifies a first or second memory access for changing at least part of the management data, wherein the change is preferably smaller than 1 byte.
  • the second partial change request specifies a second memory access for changing the user identification data and / or one or more specifications for the structure and / or use of the user identification data.
  • the inventive method can be used in combination with any security elements.
  • the security element may be a hardware security module which is reversible (SIM card) or fixed (em- bedded SIM, TP module) is inserted into a terminal, or a software security module (virtual SIM in TEE).
  • SIM card reversible
  • TP module fixed (em- bedded SIM, TP module) is inserted into a terminal
  • software security module virtual SIM in TEE
  • SIM SIM / Subscriber Identity Module
  • microSD microSD card
  • USB USB token
  • smart card an RFID module
  • RFID Radio Fre - Quency Identification
  • TPM Trusted Platform Module
  • NFC Near Field Communication
  • embedded SIM SIM
  • TEE Trusted Execution Environment in terms of the GlobalPlatform specification
  • the invention further relates to a system for the remote administration of a data element stored on a security element, the system being designed for carrying out the method according to the invention or one or more preferred variants of the method according to the invention.
  • the system comprises the server used in the method according to the invention as well as the corresponding security element.
  • the system may further include the local application described above on a communicating with the security element terminal, if the corresponding embodiment uses a local application.
  • FIG. 1 shows a schematic representation of the sequence of a variant of the method according to the invention.
  • SIM module is one Card inserted in a mobile device.
  • SIM module may also be a so-called.
  • Embedded SIM element which is an integral part of the mobile device.
  • the invention is not limited to SIM modules, but can also be used for any other security elements, examples of such security elements having been mentioned above.
  • the aim of the method described below is to manage the PIN stored in the security element via a remote server and thereby to change the PIN and corresponding specifications for the structure or use of the PIN by communication of the SIM module with the server.
  • the PIN is a code that is confidential and can be entered by the user of the mobile device when needed via an appropriate user interface on the device, for example, to enter.
  • several PINs for different cryptographic keys can also be stored in the SIM module, which are all managed via a remote server.
  • the reference numeral designates
  • the server S first receives a command CO, which instructs it to change a data element on the security element SE.
  • This data element is denoted D in FIG. 1 and comprises administration data in the form of a header H as well as payload data P relating to the actual data content.
  • user data represents a corresponding PIN for the SIM module.
  • the header H comprises the above-mentioned specifications for the structure or use of the PIN.
  • the command CO can be triggered, for example, by the user of the SIM module or the mobile device, preferably via a telephone app, a web portal or a call from the user to a call center.
  • a security query of the server is carried out at the user for authentication.
  • the server S can also initiate a change to the PIN if, for example, the rules for the structure of the PIN (eg five-digit PIN instead of four-digit PIN) have changed.
  • the PIN stored in the security element SE is reset and, on the other hand, the specification for a new PIN to be defined is modified such that the PIN must comprise five digits instead of four digits.
  • the server S After the generation of the command CO, the server S sends a first partial change request CR1 to the security element SE.
  • This first partial change request is used to specify the invalidity of the current PIN and is transmitted from the remote server via a so-called OTA channel
  • the first partial change request CR1 represents a binary SMS which, after being transmitted via the OTA channel to the security element SE, has a first memory access AC1 thereon.
  • security element which invalidates the current PIN by setting the header H of the data element D to a status indicating the invalidity of the PIN.
  • the functions secured by the PIN primarily cryptographic functions and / or an application, are then locked and no longer usable.
  • the security element SE sends an acknowledgment ("ok") to the server S.
  • a first sub-step for changing the data element D is concluded based on the first partial change request a separate sub-step, in which the default for the PIN is changed by means of a second sub-change request such that the PIN must comprise at least five digits
  • the second partial change request is preferably transmitted to the security element via an OTA channel other than the one described above
  • the transmission via a (secure) Internet connection or HTTP-based by the intermediate circuit de s local agents LA done, as indicated in Fig. 1.
  • the OTA channel described above may also be used to transmit the second partial change request. In this case, the decoupling of the first and second substep can be ensured only by performing the two substeps at different times.
  • the second change request CR2 is first transmitted together with a PUK to the local agent LA in the context of the second substep.
  • the known from the prior art PUK provides a confidential information of the security element SE, which is required to be able to initiate a change of a PIN.
  • the second partial change request CR2 contains an identifier that this is a PIN reset command, whereby depending on the embodiment the command can only relate to one key in the security element or also to the entire security element.
  • the second partial change request now contains the new specification for the structure or use of the PIN, ie it is stipulated that the PIN must have a length of at least five digits.
  • the second partial change request can also contain further specifications for the PIN and its use, which can also be changed if necessary compared with the original specifications for the PIN.
  • Corresponding specifications can specify, in addition to a minimum PIN length, also a maximum PIN length and a misoperation counter which indicates how often a PIN may be incorrectly entered by a user before the security element is blocked.
  • the specifications may also concern encoded information about the quality of the PIN. For example, it can be specified whether the PIN may or must include numeric and / or alphanumeric characters. Furthermore, the specifications can specify whether the PIN must include a certain number of special characters or uppercase letters or to what extent the PIN must contain a certain minimum number of different characters.
  • the change of the PIN is initiated in the context of the second partial step. This can be done immediately or at the next use of the security element or the corresponding PIN-protected key (for example, requesting a cryptographic operation).
  • the SIM toolkit of the SIM module or a similar software instance is triggered on the mobile device, whereupon the second partial change request CR2 (without PUK) is transmitted to the security element SE.
  • the header H of the data element D is changed by means of a second memory access AC2 to the security element SE in accordance with the new specifications from the second partial change request CR2.
  • a dialog is also triggered on the display of the mobile device, which is shown in FIG. 1 is designated DI.
  • the user is prompted to enter a new five-digit PIN for the SIM module.
  • NP is transmitted together with the PUK P 1 to the security element SE.
  • APDU Application Protocol Data Unit
  • the PUK is checked to see if it is assigned to the security element. Only in this case will the old PIN be replaced by the new PIN.
  • the storage of the new PIN can be regarded as a component of the second memory access AC2 for changing the payload data P of the data element D.
  • the PUK is transmitted securely, especially without the user seeing it.
  • the PIN is assigned by the user and not transmitted via the network.
  • the PUK is another on the security element stored data element, which is the PIN P, usually assigned via a header H contained reference and / or an access condition.
  • the embodiment of the method according to the invention described above has a number of advantages.
  • a remote administration of the PIN of a security element is achieved without the user having to visit a service facility.
  • the security of the remote administration is increased by carrying out the corresponding change of the PIN or of the administration data of the PIN in a two-step procedure.
  • in addition to the actual PIN and corresponding specifications for the PIN can be changed.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

L'invention concerne un procédé de gestion à distance d'un élément de données (D) mémorisé sur un élément de sécurité (SE), dans lequel une demande de modification de l'élément de données (D), qui provient au moins en partie d'un serveur (S), est transmise à l'élément de sécurité (SE), puis l'élément de données (D) est modifié dans l'élément de sécurité (SE) dans lequel il est mémorisé, la modification comportant un premier accès mémoire de modification (AC1) et un second accès mémoire de modification (AC2) à l'élément de sécurité (SE). Le premier accès mémoire (AC1) et le second accès mémoire (AC2) sont effectués dans des sous-étapes, découplées l'une de l'autre, de la modification, une première sous-étape comportant la transmission d'une première demande de modification partielle (CR1) de la demande de modification du serveur (S) à l'élément de sécurité (SE) ainsi que le premier accès mémoire (AC1), et une seconde sous-étape comportant la transmission d'une seconde demande de modification partielle (CR2) de la demande de modification à l'élément de sécurité (SE), et le second accès mémoire (AC2).
PCT/EP2015/000402 2014-02-24 2015-02-20 Procédé de gestion à distance d'un élément de données mémorisé sur un élément de sécurité Ceased WO2015124317A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
EP15706679.6A EP3111679A1 (fr) 2014-02-24 2015-02-20 Procédé de gestion à distance d'un élément de données mémorisé sur un élément de sécurité

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE102014002603.5A DE102014002603A1 (de) 2014-02-24 2014-02-24 Verfahren zum entfernten Verwalten eines auf einem Sicherheitselement gespeicherten Datenelements
DE102014002603.5 2014-02-24

Publications (1)

Publication Number Publication Date
WO2015124317A1 true WO2015124317A1 (fr) 2015-08-27

Family

ID=52595261

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2015/000402 Ceased WO2015124317A1 (fr) 2014-02-24 2015-02-20 Procédé de gestion à distance d'un élément de données mémorisé sur un élément de sécurité

Country Status (3)

Country Link
EP (1) EP3111679A1 (fr)
DE (1) DE102014002603A1 (fr)
WO (1) WO2015124317A1 (fr)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102018009365A1 (de) 2018-11-29 2020-06-04 Giesecke+Devrient Mobile Security Gmbh Sicheres Element als aktualisierbares Trusted Platform Module

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009091588A2 (fr) * 2008-01-15 2009-07-23 E-Mice Group Holdings Limited Dispositif et procédé pour charger, gérer et utiliser des jetons d'authentification de cartes à puce et des certificats numériques en commerce électronique
EP2590383A1 (fr) * 2011-11-02 2013-05-08 Research In Motion Limited Dispositif de communication mobile fournissant des caractéristiques de gestion de données d'élément sécurisé et procédés associés
US20130303122A1 (en) * 2012-05-11 2013-11-14 Li Li Provisioning an Embedded Subscriber Identity Module

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102005045887A1 (de) 2005-09-26 2007-04-12 Giesecke & Devrient Gmbh Entsperren von Mobilfunkkarten

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009091588A2 (fr) * 2008-01-15 2009-07-23 E-Mice Group Holdings Limited Dispositif et procédé pour charger, gérer et utiliser des jetons d'authentification de cartes à puce et des certificats numériques en commerce électronique
EP2590383A1 (fr) * 2011-11-02 2013-05-08 Research In Motion Limited Dispositif de communication mobile fournissant des caractéristiques de gestion de données d'élément sécurisé et procédés associés
US20130303122A1 (en) * 2012-05-11 2013-11-14 Li Li Provisioning an Embedded Subscriber Identity Module

Also Published As

Publication number Publication date
EP3111679A1 (fr) 2017-01-04
DE102014002603A1 (de) 2015-08-27

Similar Documents

Publication Publication Date Title
EP2898714B1 (fr) Module d'identite pour l'authentification d'un utilisateur dans un reseau de communication
DE102011118367B4 (de) Verfahren zur Authentisierung eines Telekommunikationsendgeräts umfassend ein Identitätsmodul an einer Servereinrichtung eines Telekommunikationsnetzes, Verwendung eines Identitätsmoduls, Identitätsmodul und Computerprogramm
EP4158516B1 (fr) Personnalisation d'un élément sécurisé
EP3198903B1 (fr) Procédé et dispositifs de mise à disposition d'un profil d'abonnement sur un terminal mobile
EP2235978A1 (fr) Procédé pour gérer l'autorisation d'accès relative à des téléphones mobiles sans carte sim
EP2575385B1 (fr) Procédé d'initialisation et/ou d'activation d'au moins un compte d'utilisateur, de réalisation d'une transaction, ainsi que terminal
DE102011075257A1 (de) Beantwortung von Anfragen mittels des Kommunikationsendgeräts eines Nutzers
EP2697989B1 (fr) Procédé et système pour la transmission de données à un module d'identification d'un téléphone mobile
EP2929665B1 (fr) Procédé, ensemble de traitement d'informations dans un appareil ménager ainsi qu'appareil ménager
EP3585084A1 (fr) Établissement d'une autorisation d'accès à un réseau partiel d'un réseau de téléphonie mobile
WO2015124317A1 (fr) Procédé de gestion à distance d'un élément de données mémorisé sur un élément de sécurité
WO2014117939A1 (fr) Procédé d'accès à un service d'un serveur par l'intermédiaire d'une application d'un terminal
EP3304957A1 (fr) Procédé permettant de transmettre des paramètres entre un réseau de télécommunication et un terminal de télécommunication et permettant d'activer et/ou de modifier et/ou de désactiver un profil de communication défini ou désigné par des paramètres sur le terminal de télécommunication, système permettant de transmettre des paramètres, terminal permettant de transmettre des paramètres, programme informatique et produit-programme informatique
EP3609211B1 (fr) Procédé mis en oeuvre sur ordinateur et serveur d'accès au réseau permettant de connecter un composant réseau à un réseau, en particulier à un réseau radio mobile, à l'aide des indicateurs d'accès au réseau avancés
DE102024108995B3 (de) Verfahren zum einrichten eines benutzergerätes sowie selbiges nebst computerprogramm, computerlesbarem datenträger und einrichtungsanordnung dafür
DE102016107673B4 (de) Verfahren zur Nutzung eines Proxy-Servers für den Datenaustausch
EP3360355B1 (fr) Limitation du nombre de téléchargements d'un profil d'abonné pour une carte euicc
EP4115584B1 (fr) Accès sécure et documenté d'une application à une clé
DE102022113263A1 (de) Remote-Zugriff auf Netzwerkressourcen aus Fremdnetz im Festnetz
DE102024120757A1 (de) Verfahren zum Einrichten eines Benutzergerätes, Einrichtungsprogramm, computerlesbarer Datenträger, Benutzergerät und Einrichtungsanordnung dafür
EP2723113A1 (fr) Procédé destiné au fonctionnement d'un module de sécurité
DE102016000324A1 (de) Verfahren zur Verwaltung von Identifikationsdaten mehrerer Anwendungen
EP3823235A1 (fr) Transfert de données vérifié de manière spécifique à la connexion à l'aide d'une connexion réseau authentifiée de manière cryptographique
WO2020011393A1 (fr) Sécurisation d'une transmission de données
EP3131033A1 (fr) Procede et systeme de communication pour la communication securisee et automatisee

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15706679

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

REEP Request for entry into the european phase

Ref document number: 2015706679

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 2015706679

Country of ref document: EP