The present invention relates to a method and arrangement in a communications system in accordance with the preambles of the independent claims. More specifically it relates to digital signatures sent over bandwidth restricted connections.
To attain security in open networks, several security solutions have appeared. One example is Public key Infrastructure (PKI). PKI is a system to distribute and check keys that can be used to authenticate users, sign information and encrypt information. In a PKI system, two associated keys are used in connection with protecting information. One important feature of PKI systems is that it is computationally unfeasible to use knowledge of one of the keys to deduce the other key, such keys being called asymmetric keys. In a typical PKI system, a set of two such keys are assigned to an owner. One of the keys is maintained private while the other is freely published. When the keys are used for encryption of information, the information is encrypted with the public key and only the owner having the private key can decrypt it. As only the owner possesses the private key, the keys can be used for digital signatures when used in the opposite way. Thus, when the keys are used for signing, the information is encrypted with the private key by the owner and the signature can be verified by the public key.
A PKI distributes one or several public keys. A central element of a Public Key Infrastructure are public key certificates, which are needed to provide assurance of the validity of public keys. A trusted third party issues certificates and is called a certification authority (CA). The CA uses its good name to guarantee the correctness of a public key by signing a certificate including the public key and other information.
According to International Organization for Standardization (ISO) 7498-2, a digital signature is data appended to, or cryptographic transformation of a data unit that allows a recipient of the data unit to prove the source and integrity of the data unit and protect against forgery, e.g. by the recipient.
A recipient of a digitally signed message (relying party), in this document referred to as the receiver, is someone that wants to prove the source and integrity of the message and verify the sender of that particular message. With a trusted third party in a PKI the recipient may know that the public key provided to him/her is the right one and is corresponding to the senders identity. This is assured by the trusted third party through a Certificate.
Digital signatures made by means of said public key processes, are generated by means of the private key with a mathematical algorithm and the signature can be verified with the associated public key. The private key can be controlled only by the signer that owns the key so that nobody is able to sign in the name of the signer. The public key, on the other hand may be published so that anybody can verify the signature. The private key is usually protected through a Personal Identification Number (PIN) so that for making a signature, knowledge of the PIN and possession of the private key are required.
The digital signatures can be generated in a computer, e.g. in a PC, by means of computer programs consisting of such a mathematical algorithm. The private key is usually stored on a hard disk or a diskette and downloaded into the main memory for generating the signature. Mostly, the private key is stored encoded and protected via a PIN, which the owner has to enter when signing by means of the computer program. This will ensure that only the owner of the private key can use the private key for signing. Since no additional software is required, this process is advantageous in regard to costs.
Digital signatures are widely used in the fixed Internet world, which is a public open network. One way to use digital signing is to send a signing request from a signature recipient to a computer of a user. The user receives the request and signs it by using his private key, e.g. in a smart card within the computer, containing the necessary private key. The signature is sent back to the signature recipient in a message. Optionally the client may attach the user's certificate to the message sent back to the signature recipient
The use of digital signatures in the mobile Internet word or other public network is becoming more and more common. The European patent application EP 102784 shows a process for digital signing of a message and describes the use of a mobile radio telephone net for transmitting signed messages. However, this document is silent about attaching certificates to such a message.
A certificate comprises lots of information and requires a great deal of bandwidth when transferred and a lot of memory capacity for storing. As the storage capacity of mobile devices is limited and the bandwidth of the radio communication channel it uses for the transfer to the recipient is restricted there ate problems with storing the certificate and transferring the digital signature and added certificate over radio connection to the recipient when using a mobile device to perform the digital signing, adding the correspondent certificate to it and transfer it to the recipient that requested the digital signature.
The object of the present invention is to provide a way to enable a mobile Internet or other public network user to use his/her mobile device for performing digital signing of data suitable for being transferred over a bandwidth restricted radio link to a receiver such as a signature recipient application, e.g. a payment server or similar.
The problem is solved by a method having the features of claim 1 and a device having the features of claim 8.
The method, comprising the steps of transferring a digital signature over the radio access network to the gateway, retrieving a certificate associated to the specific mobile device by means of an agent associated to the gateway, attaching said certificate to the digital signature by means of said agent; and forwarding said digital signature and attached certificate over the Internet or other public network to the receiver, makes it possible to transfer the digital signature without the certificate over the bandwidth restricted radio link.
Thanks to that the agent, associated to the gateway, has access to a directory wherein certificates are stored and that the agent has means for retrieving a certificate associated to a specific mobile device and attach it to the digital signature when transferring it on to the receiver, associated certificates do not have to be transferred over the bandwidth restricted radio link.
Preferred embodiments are shown in the independent claims.
An advantage of the present invention is that certificates do not have to be stored on a signature client with limited storage capacity, nor transmitted over a communication channel with restricted bandwidth and receivers may still receive digital signatures with certificates attached in the same way as receiving digital signatures from fixed Internet or other public network clients with sufficient storage capacity and bandwidth.
The digital signature system 100 uses asymmetric cryptography, as being part of a PKI, for performing digital signatures. A pair of keys, consisting of a private key and a public key, is assigned to the user. The key pair is associated to a certificate, e.g. a X.509 certificate, through a certification process, whereby the public key is bound to an identity and thereby also the private key. X.509 is a standard by the International Telecommunications Union (ITU) specifying the contents of a digital certificate. The certificate issuing in a PKI is performed by a CA, Certificate Authority. Hence, the certificate is a trusted source for the RECEIVER to receive the signer identity or other certified information. A mobile user identity may be e.g. a name, birthday number, Mobile Station International ISDN Number (MSISDN) and/or Integrated Circuit Card Identification number (ICCID).
The Receiver
The receiver may for example be an internet bank application, a payment server or any application in the need of authentication (ensuring the identity of another party) or non-repudiation (preventing the denial of previous action). The receiver 102 is connectable to the Internet 106 and is able to communicate with the mobile device 102 of the end user. The receiver 102 is typically implemented as a software application, such as e.g. an internet web server application, running on a computer hardware. The receiver 102 has the ability to verify the digital signature.
The Mobile Device
The mobile device 104, depicted in
The Wireless Public Network Gateway and the Agent
Referring to
The mobile client 204 communicates with a server within the gateway 110. According to the present invention a so-called certificate agent 116 is associated to the gateway 110. This agent is adapted to assisting the mobile device 104, in its performance of the digital signature procedure, by handling certificates. The agent 116 is able to access a directory 114, e.g. via the Internet, which directory 114 contains certificates, each of them associated to a mobile user e.g. by means of the identity of the mobile device 104 or the identity of the smart card of the mobile device 104. More than one certificate may be associated to one mobile device. The certificate(s) are put into the directory by the Certificate Authority when issuing the certificate(s). This is however outside the scope of this document.
The directory 114 may be a X.500 directory accessed by means of a X.500 directory protocol (X.500 is a Directory Standard defined by ISO and the ITU) or a Lightweight Directory Access Protocol (LDAP) (defined in RFC 2251).
Upon receipt in the gateway 110 of a signed message on its way from the user to the receiver 102, the signed message is forwarded to the agent 116. The agent 116 then retrieves the specific mobile user certificate in the directory 114 by matching a user identity, such as the Mobile Station International ISDN Number (MSISDN) and/or Integrated Circuit Card Identification number (ICCID), as a search criteria. The agent 116 attaches the certificate(s) to the signed message, returns the message back to the gateway that forwards it to the receiver 102.
The Cryptographic Message
The digital signature as well as certificates may be contained within a cryptographic message structure such as e.g. PCKS#7, referred to in RFC 2315 as Cryptographic Message Syntax Version 1.5. (RFC is short for Request for Comments, a series of notes about the Internet.)
Signing Procedure
Referring to
The signing method according to the present invention will now be described more in detail referring to the signalling diagram in
Step 300
Step 301
Step 302
Step 303
Step 304
Step 305
Step 306
Step 307
The method is implemented by means of a computer program product comprising the software code means for performing the steps of the method. The computer program product is run on a computer placed in the gateway domain and implements a certificate handling entity within the digital signature system. The computer program is loaded directly or from a computer usable medium, such as a floppy disc, a CD, the Internet etc.
The present invention is not limited to the above-described preferred embodiments. Various alternatives, modifications and equivalents may be used. Therefore, the above embodiments should not be taken as limiting the scope of the invention, which is defined by the appending claims.
Number | Date | Country | Kind |
---|---|---|---|
0103485-9 | Oct 2001 | SE | national |
Filing Document | Filing Date | Country | Kind |
---|---|---|---|
PCT/SE02/01765 | 9/27/2002 | WO |