WO2002030039A1 - Procede d'authentification de document electronique - Google Patents
Procede d'authentification de document electronique Download PDFInfo
- Publication number
- WO2002030039A1 WO2002030039A1 PCT/FR2001/003066 FR0103066W WO0230039A1 WO 2002030039 A1 WO2002030039 A1 WO 2002030039A1 FR 0103066 W FR0103066 W FR 0103066W WO 0230039 A1 WO0230039 A1 WO 0230039A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- electronic document
- authentication method
- document
- control device
- mobile telecommunication
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
Definitions
- the present invention relates generally to an electronic document authentication method. More particularly, the present invention relates to a method of authenticating an electronic document by means of a mobile telecommunication device and a control device. The present invention is applicable, inter alia, to access control by presentation of electronic document.
- Identifying people by entering and verifying a password, access code, fingerprint or other biometric feature is conventional. It is also known from the state of the art to use a mobile phone for transmitting or not identifying information securely. In addition, SAGEM has marketed a mobile phone equipped with a fingerprint sensor allowing the identification of its user. Recent developments in mobile telephony have made it possible to securely transmit data, particularly identification data. A secure data transmission protocol is promoted by WAP Forum, the WTLS (Wireless Transport Layer Security Specification), more specifically intended for mobile phones with few resources. At the same time, the Bluetooth communication protocol was the subject of a proposal to secure data transfer, a proposal described in a document entitled "Bluetooth Security Architecture vl.O- white paper) published on 15.7.1999.
- the SCHLUMBERGER company announced in November 1999 the release of a security module called WIM (Wap Identity Module) implemented in a SIM card and intended to secure transactions made from WAP mobile phones.
- WIM Wip Identity Module
- the BNP bank has been offering a home banking service since December 1999 with access from a NOKIA 71 10 mobile phone, the user being identified by their subscriber number and of his password.
- An object of the present invention is to provide a simple, automatic and universal method of authenticating electronic documents, in particular administrative documents in electronic form, which cannot be easily thwarted by falsifiers.
- a subsidiary object of the present invention is to propose an electronic document authentication method which makes it possible to verify in a secure manner if the bearer of the document is its legitimate owner.
- an electronic document having been established by a issuing authority and signed by means of a private key of said authority the method according to the invention comprises a step of transmitting the electronic document by means of a telecommunication device mobile to a control device followed by a step of verifying the authenticity of said document by the control device by means of a corresponding public key and a step of verifying the identity of the holder of the electronic document.
- said identity verification step comprises entering a biometric characteristic of the wearer and comparing it with a reference biometric characteristic.
- said identity verification step comprises a request for electronic signature of test information by said bearer, said test information varying with each request, as well as a step of verification of said signature. If the signature is obtained using a bearer's private key, signature verification is carried out using a corresponding public key.
- the test information can be time information or random information.
- said identification step is carried out by the mobile telecommunications device and the result, success or failure of the identity verification, is transmitted by the mobile telecommunications device to the control device.
- test information can be derived from a message transmitted beforehand by the control device to the mobile telecommunication device.
- signature verification step is carried out by the control device.
- the public key of the authority is transmitted with the electronic document by the mobile telecommunication device to the control device.
- the bearer's public key is certified by the authority and included in the electronic document.
- the public key of the authority can be supplied by the authority to the control device by means of a telecommunications network.
- the mobile telecommunication device is a mobile phone and the electronic document is stored in the SIM card of said phone.
- the mobile phone is provided with a smart card reader and the electronic document is then stored on a smart card.
- the invention is also defined by a method of controlling the access of a user of a mobile telecommunication device to a logical or physical resource comprising a step of authenticating an electronic document as described above.
- Fig. 1 schematically represents a method of authenticating an electronic document
- Fig. 2 schematically represents the authentication method of an electronic document, according to an embodiment of the invention
- Administrative documents can be of any type, the invention being in no way limited to a particular type of document.
- authentication can find application in controlling access to a physical resource (a local, an area, a country) or logical (information, for example) but also in outright control of administrative data (police control or administrative control when filling in an electronic form, for example).
- the administrative documents in question are signed by the issuing authority using a private key of a public key algorithm such as the RSA signature or the El Gamal signature.
- the signature can relate to the whole or part of the document or to the result of a hash of the document by a predefined hash function.
- the electronic document can be stored in the mobile telecommunication device itself, for example in the internal memory or the SIM card of a mobile phone or in an additional memory such as a smart card for example, the mobile telecommunication device integrating a card reader. Access to the administrative document may be protected by means of a password, an access code or a biometric characteristic.
- the document is advantageously downloaded from a server center managed by the authority empowered to deliver the document, either directly (by means of a radio or infrared link, for example) or indirectly through of a telecommunications operator, the operator then being responsible for identifying the bearer before transmitting the document to him.
- the administrative document authentication procedure implements a mobile telecommunication device and a control device, for example an access point.
- the document is presented at the request of the terminal or on the initiative of the bearer.
- the document is then transmitted from the mobile telecommunication device to the terminal and the latter verifies whether the document has been signed using the (or) private key of the authority using the (or a) corresponding public key.
- the public key or public keys of the authority or of the various authorized authorities are stored in a database or in a file at the terminal. Alternatively, they are transmitted via a telecommunications network from a server center of the authorized authority or by a server listing the public keys of the various authorized authorities. This embodiment allows easy updating of the keys generated by the authorities.
- the public key is contained in the electronic document itself, which allows direct authentication by the control device.
- the public key (s) can be provided in a form certified by a certification authority.
- the control device then verifies the certificate and then uses the public key to authenticate the document.
- the authentication of an administrative document is advantageously accompanied by the verification of the identity of the bearer.
- various identification possibilities are envisaged.
- the invention may in particular apply to border controls or police controls.
- the identification can be done by entering and analyzing a biometric characteristic of the wearer, his fingerprint or his iris for example and the comparison between the biometric characteristic entered and a reference characteristic stored in the mobile telecommunication device (SIM card, internal memory) or in an additional memory (smart card), included or not in the electronic document.
- SIM card mobile telecommunication device
- additional memory smart card
- the mobile telecommunication device or the control will then include a fingerprint reader or a camera allowing the entry of the corresponding characteristic.
- the entry is carried out at the level of the mobile telecommunication device and the result of the identification is then transmitted in secure form to the control device.
- the control device can also be equipped with one or more of these systems.
- the identification will be done at the terminal itself.
- the reference characteristic will then be provided at the terminal, accompanied by a certificate issued by a recognized authority.
- the identification is carried out by means of the entry of a private key of the carrier and the verification is carried out, preferably by the control device, by means of the corresponding public key.
- the public key is stored in a file at the control terminal.
- the holder's public key is included in the document itself.
- the private key is used by the mobile telecommunication device to sign test information.
- the test information will preferably be variable over time or even random in order to avoid the repetition of the same identification procedure.
- the test information may be a predetermined function of the time of sending the electronic document or the result of a random draw.
- the control device If, as indicated, the control device is responsible for verifying the holder's signature, it will receive the signed test information from the mobile telecommunications device. In addition, he must know the said test information generation function or receive, attached to the electronic document, the plain text test information in addition to the signed version. The control terminal with the plain and signed version of the test information and the holder's public key can then determine whether the holder is actually the holder of the document.
- the test information is generated by the mobile telecommunication device. It is also conceivable that this information is generated by the control device and transmitted to the mobile telecommunication device for signature.
- Fig. 1 schematically shows an example of the progress of an electronic document authentication procedure without identifying the holder.
- the control terminal (CP) initiates the procedure by a request (10) for the presentation of a document or the carrier of the mobile telephone (MS) takes directly the initiative of the presentation.
- the document is transmitted (15) to the terminal, after having been read, for example, from a smart card.
- the control terminal extracts (17) then from the document the public key of the authority, after possibly having verified the certificate if it is certified, verifies (18) with it the authenticity of the document and possibly returns an acknowledgment information (19).
- Fig. 2 schematically shows an example of the progress of an electronic document authentication procedure with verification of the identity of the holder, as proposed by the invention.
- the control terminal (CP) initiates the procedure by a request (20) for document presentation and a request (21) for identification comprising test information.
- the procedure is initiated directly by the carrier of the mobile phone.
- the bearer's private key is generated (22) from a password entered using the keypad of the mobile phone or is sought in the memory of the mobile phone or the SIM card after verification of a password or control of a biometric characteristic.
- the private key is used to sign (23) the test information.
- the signed information is attached (24) to the electronic document comprising the public key of the authority, the public key of the holder and possibly certificates for these two keys.
- the assembly is then transmitted (25) to the control terminal.
- the terminal After having checked (26) the certificates, the terminal extracts (27) the public key of the authority and checks (28) with it the authenticity of the document.
- the terminal extracts the public key of the holder and verifies from the signed test information whether the holder has actually signed with the private key of the holder and possibly returns (30) an acknowledgment information .
- control device and the telecommunication device have been described respectively as a terminal and a mobile telephone, it is clear that both can be implemented in different ways.
- control device can be a base station, a mobile telephone, a simple transmission / reception device.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Telephone Function (AREA)
- Mobile Radio Communication Systems (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
Description
Claims
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP20010976363 EP1323260A1 (fr) | 2000-10-05 | 2001-10-05 | Procede d'authentification de document electronique |
AU2001295661A AU2001295661A1 (en) | 2000-10-05 | 2001-10-05 | Method for authenticating an electronic document |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FR0012852A FR2815205B1 (fr) | 2000-10-05 | 2000-10-05 | Procede d'authentification de document electronique |
FR00/12852 | 2000-10-05 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2002030039A1 true WO2002030039A1 (fr) | 2002-04-11 |
Family
ID=8855117
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/FR2001/003066 WO2002030039A1 (fr) | 2000-10-05 | 2001-10-05 | Procede d'authentification de document electronique |
Country Status (4)
Country | Link |
---|---|
EP (1) | EP1323260A1 (fr) |
AU (1) | AU2001295661A1 (fr) |
FR (1) | FR2815205B1 (fr) |
WO (1) | WO2002030039A1 (fr) |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5878138A (en) * | 1996-02-12 | 1999-03-02 | Microsoft Corporation | System and method for detecting fraudulent expenditure of electronic assets |
US6026166A (en) * | 1997-10-20 | 2000-02-15 | Cryptoworx Corporation | Digitally certifying a user identity and a computer system in combination |
WO2000042794A1 (fr) * | 1999-01-18 | 2000-07-20 | Keith Benson | Appareil et procede de commande d'autorisation |
-
2000
- 2000-10-05 FR FR0012852A patent/FR2815205B1/fr not_active Expired - Fee Related
-
2001
- 2001-10-05 WO PCT/FR2001/003066 patent/WO2002030039A1/fr active Application Filing
- 2001-10-05 AU AU2001295661A patent/AU2001295661A1/en not_active Abandoned
- 2001-10-05 EP EP20010976363 patent/EP1323260A1/fr not_active Withdrawn
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5878138A (en) * | 1996-02-12 | 1999-03-02 | Microsoft Corporation | System and method for detecting fraudulent expenditure of electronic assets |
US6026166A (en) * | 1997-10-20 | 2000-02-15 | Cryptoworx Corporation | Digitally certifying a user identity and a computer system in combination |
WO2000042794A1 (fr) * | 1999-01-18 | 2000-07-20 | Keith Benson | Appareil et procede de commande d'autorisation |
Also Published As
Publication number | Publication date |
---|---|
AU2001295661A1 (en) | 2002-04-15 |
FR2815205A1 (fr) | 2002-04-12 |
EP1323260A1 (fr) | 2003-07-02 |
FR2815205B1 (fr) | 2003-08-08 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP2008483B1 (fr) | Procédé de sécurisation de l'accès à un module de communication de proximité dans un terminal mobile | |
EP2820795B1 (fr) | Procede de verification d'identite d'un utilisateur d'un terminal communiquant et systeme associe | |
EP1549011A1 (fr) | Procédé et système de communication entre un terminal et au moins un équipment communicant | |
WO2013140079A1 (fr) | Procede de generation d'identite publique pour l'authentification d'un individu porteur d'un objet d'identification | |
EP0973318A1 (fr) | Procédé pour payer à distance, au moyen d'un radiotéléphone mobile, l'acquisition d'un bien et/ou d'un service, et système et radiotéléphone mobile correspondants | |
FR2738438A1 (fr) | Systeme d'identification a cle | |
EP1393527A1 (fr) | Procede d'authentification entre un objet de telecommunication portable et une borne d'acces public | |
FR2989799A1 (fr) | Procede de transfert d'un dispositif a un autre de droits d'acces a un service | |
WO2005101726A1 (fr) | Procede d'authentification anonyme | |
EP1336287B1 (fr) | Appel depuis un terminal radiotelephonique | |
EP0950307B1 (fr) | Procede et systeme pour securiser les prestations de service d'operateurs de telecommunication | |
EP2119293B1 (fr) | Procédé et dispositif pour contrôler l'exécution d'au moins une fonction dans un module de communication sans fil de courte portée d'un appareil mobile | |
EP3963823A1 (fr) | Procédé de connexion sécurisée à un service web embarqué et dispositif correspondant | |
WO2002030039A1 (fr) | Procede d'authentification de document electronique | |
EP2084679A1 (fr) | Entite electronique portable et procede de blocage, a distance, d'une fonctionnalite d'une telle entite electronique portable | |
WO2007048969A1 (fr) | Serveur, systeme et procede pour le chiffrement de donnees numeriques, en particulier pour la signature electronique de donnees numeriques au nom d'un groupe d'utilisateurs | |
EP1992104B1 (fr) | Authentification d'un dispositif informatique au niveau utilisateur | |
EP1280368A1 (fr) | Procédé de sécurisation d'échanges entre un terminal informatique et un équipement distant | |
FR2832576A1 (fr) | Procede et dispositif d'authentification d'un utilisateur aupres d'un fournisseur de service a l'aide d'un dispositif de communication | |
EP2747041A1 (fr) | Procédé de sécurisation d'un dispositif apte à communiquer avec un lecteur selon deux protocoles d'authentification | |
WO1998021880A1 (fr) | Procede et systeme pour securiser la transmission des telecopies au moyen d'une carte d'identification | |
FR3007929A1 (fr) | Procede d'authentification d'un utilisateur d'un terminal mobile | |
WO2013140078A1 (fr) | Procede de generation et de verification d'identite portant l'unicite d'un couple porteur-objet | |
FR2779895A1 (fr) | Procede et systeme pour payer a distance au moyen d'un radiotelephone mobile l'acquisition d'un bien et/ou d'un service | |
WO2014154961A1 (fr) | Procédé de délivrance de billets électroniques |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
WWE | Wipo information: entry into national phase |
Ref document number: 2001976363 Country of ref document: EP |
|
WWP | Wipo information: published in national office |
Ref document number: 2001976363 Country of ref document: EP |
|
REG | Reference to national code |
Ref country code: DE Ref legal event code: 8642 |
|
NENP | Non-entry into the national phase |
Ref country code: JP |