WO2002045446A1 - Method and device to transfer a software application written in high level language between the subscribers of a telecommunication network - Google Patents

Method and device to transfer a software application written in high level language between the subscribers of a telecommunication network Download PDF

Info

Publication number
WO2002045446A1
WO2002045446A1 PCT/IB2001/002266 IB0102266W WO0245446A1 WO 2002045446 A1 WO2002045446 A1 WO 2002045446A1 IB 0102266 W IB0102266 W IB 0102266W WO 0245446 A1 WO0245446 A1 WO 0245446A1
Authority
WO
WIPO (PCT)
Prior art keywords
software application
module
subscriber identification
receive
identification module
Prior art date
Application number
PCT/IB2001/002266
Other languages
French (fr)
Inventor
Pierre Fargues
Original Assignee
Schlumberger Systèmes
Schlumberger Malco, Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Schlumberger Systèmes, Schlumberger Malco, Inc filed Critical Schlumberger Systèmes
Publication of WO2002045446A1 publication Critical patent/WO2002045446A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/34Network arrangements or protocols for supporting network services or applications involving the movement of software or configuration parameters 
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/30Security of mobile devices; Security of mobile applications
    • H04W12/35Protecting application or service provisioning, e.g. securing SIM application provisioning
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/101Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measures for digital rights management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/30Definitions, standards or architectural aspects of layered protocol stacks
    • H04L69/32Architecture of open systems interconnection [OSI] 7-layer type protocol stacks, e.g. the interfaces between the data link level and the physical level
    • H04L69/322Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions
    • H04L69/329Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions in the application layer [OSI layer 7]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/10Connection setup
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W92/00Interfaces specially adapted for wireless communication networks
    • H04W92/16Interfaces between hierarchically similar devices
    • H04W92/18Interfaces between hierarchically similar devices between terminal devices

Definitions

  • This invention concerns the transfer of a software application written in high level language between the subscribers of a telecommunication network.
  • "software application written in high level language” means any software, application or computer program written in advanced language as compared with a low level computer language such as object language as compared with machine code.
  • one such software application is an applet written in "JAVA” (registered trade mark) language by the company SUM MICROSYSTEMS.
  • This invention finds a general application in telecommunication, and more particularly in mobile telecommunication, in which the mobile terminals of the subscribers communicate according to
  • GSM Global System for Mobile communications
  • UMTS Universal Mobile Telecommunications
  • the communication networks require a subscriber identification module in each terminal .
  • the Subscriber Identification Module is an integrated circuit card of type smartcard which can autonomously perform data protection operations .
  • the Applicant therefore decided to study the problem of downloading simply, interactively, and with a certain degree of security, a software application written in high level language between mobile terminals each equipped with a subscriber identification module.
  • This invention provides a solution to this problem.
  • the method includes the following steps:
  • a first degree of transfer security results from the initial supply of the rights to transmit and receive in the subscriber identification modules .
  • the transfer of the application can therefore be made in unencrypted or encrypted form between the subscribers' mobile terminals .
  • step a) also includes the following steps:
  • step a) also includes the authentication of the first and second modules before the secured, or not, supply of the rights to transmit or receive.
  • step b) includes the following steps;
  • the first subscriber identification module equips the first subscriber identification module with a memory to store an interpreter and at least one applet, a processor which can use the interpreter to interpret the applet in order to execute it, and an input/output interface which can co-operate with the mobile terminal of the first subscriber; and
  • Step c) includes the following steps: - cl) equip the second subscriber identification module with a memory to store an interpreter and at least one applet, a processor which can use the interpreter to interpret the applet in order to execute it, and an input/output interface which can co-operate with the mobile terminal of the second subscriber; and
  • This invention also concerns a device to transfer a software application written in high level language between first and second subscribers each having a mobile terminal equipped with a subscriber identification module, the said subscriber terminals being connected to at least one telecommunication network managed by a telecommunication operator.
  • the telecommunication operator has the processing means to supply initially, to respectively the first and second subscriber identification modules, a right to transmit a software application written in high level language, and a right to receive a software application written in high level language, the first subscriber identification module also including the means to set up a communication with the second subscriber identification module and the means, if the initial right to transmit has been supplied, to send the said software application written in high level language, and the second subscriber module also including the means, if the initial right to receive has been supplied, to receive the software application so sent and the means to process the software application so received.
  • each subscriber identification module has a memory to store an interpreter and at least one software application written in high level language, a processor which can use the interpreter to interpret the application in order to execute it, and an input/output interface which can co-operate with the subscriber's mobile terminal.
  • This invention also concerns a computer program product to transfer an applet as mentioned above.
  • figure 1 is a diagrammatic representation of a mobile telecommunication terminal with its subscriber identification module
  • FIG. 2 is a diagrammatic representation of the component means of a subscriber identification module
  • FIG. 3 is a diagrammatic representation of the relations between the operator and the first and second subscriber identification modules according to the invention.
  • FIG. 4 is a diagrammatic representation of the main steps of the method according to the invention.
  • figure 5 is a diagrammatic representation of the steps concerning the initial supply of the rights to transmit and receive according to the invention.
  • FIG. 6 is a diagrammatic representation of the steps to transfer the software application according to the invention.
  • FIG. 7 is a diagrammatic representation of an example of implementing the method according to the invention.
  • Figure 1 represents a mobile telecommunication terminal TE1 for a subscriber AB1.
  • the terminal includes, generally, a screen 2, a keyboard 4, an input/output interface 6, of integrated circuit card reader type, processing means 8, audio means 11 and means
  • the terminal TE1 includes a subscriber identification module SIM1.
  • the subscriber identification module SIM1 includes an input/output interface 12, a central processing unit or CPU 14, a random access memory or RAM 16, a read only memory or ROM 18, and a non-volatile memory of type EEPROM (rewritable) or flash EPROM .
  • a bus 22 connects together the various parts of the identification module mentioned above.
  • the input/output interface 12 of the subscriber identification module SIM1 co-operates with the input/output interface 6 of the terminal TE1 for bi-directional data exchange .
  • the interface 6 of the terminal TE1 and the interface 12 of the module SIM1 may be of type contact, contactless, or mixed.
  • the processing unit 14 of the SIM module is known to be able to autonomously perform data protection operations with the memories 16 and 20. These operations can provide security services of type authentication, integrity, confidentiality, non repudiation or similar.
  • the identification module of figure 1 is built to supply an environment which can execute and program applets written in high level language, such as JAVA language by the company SUN MICROSYSTEMS.
  • the environment of a subscriber identification module SIM includes the following parts. Firstly, the environment includes a HARDWARE interface 24, containing parts 12, 14, 16, 18, 20 and 22 described in reference to figure 1.
  • This interface 24 is a so-called "hardware” layer.
  • the environment of the SIM module includes a layer 26, of type processor. This layer 26 is called the OS (Operating System) .
  • the identification module includes a layer 28 called JVM (JAVA Virtual Machine) , which executes the codes of the ' applets 30 written in JAVA language, the said code being called BYTECODE.
  • JVM Java Virtual Machine
  • this layer 28 may contain another machine than tihe JVM machine.
  • the tools or functions of the module are stored in layer 34, called the API (Application Programming Interface) layer.
  • API Application Programming Interface
  • the applets 30 are stored in the memory 20 and called individually here APPLET1, APPLET2 and APPLET3.
  • An interface 32 controls the SIM module and its communication between the applets and the codes of the environment external to the module according to the application protocol 36 APDU (Application Protocol Data Unit) .
  • This protocol 36 is used to exchange data between the outside and the SIM module.
  • APDU protocol In this application protocol, we identify the APDU commands which are sent from the outside to the module and the APDU responses which are sent from the module to the outside, in response to the commands.
  • the APDU protocol is defined in the document ISO 7816-4.
  • FIG. 3 shows two subscribers ABl and AB2 whose respective identification modules SIMl and SIM2 can communicate via a telecommunication network RS.
  • a communication operator OP manages the telecommunication network RS .
  • the operator OP can set up a dialogue with the module SIMl and the module SIM2 via two selected channels 40 and 50.
  • channel 40 is set up with a local point of sale including a computer and a SIM card reader and channel 50 is set up with another local point of sale.
  • the same local point of sale can be used to set up channel 40 and channel 50.
  • the channel is set up via the operator's switching network (for example by microwave in the case of the GSM network) .
  • Another solution may consist of using the Internet.
  • the telecommunication operator OP supplies to the first subscriber identification module SIMl a right to transmit a software application written in high level language. This supply takes place via channel 40. It may be secured, if the operator and/or the user so wish, or not .
  • the telecommunication operator supplies (transmission secured or not) to the second subscriber identification module SIM2 a right to receive a software application written in high level language. This supply takes place via channel 50.
  • step b) of the method according to the invention if the initial right to transmit has been supplied, the identification module SIMl sets up a communication via the communication network RS and sends to the second subscriber AB2 a software application written in high level language.
  • step c) of the method according to the invention concerning the second subscriber AB2, if the initial right to receive has been supplied, the identification module SIM2 receives the software application so sent in order to process it
  • the initial supply of the rights to send and receive can be secured preferably by using cryptographic functions.
  • the terminal of the first subscriber - ABl is equipped with a subscriber identification module SIMl with a first cryptographic function.
  • the terminal of the second subscriber AB2 is equipped with a subscriber identification module SIM2 with a second cryptographic function.
  • step a3) ' the right to send is transmitted to the said first subscriber in a secured manner according to the first cryptographic function.
  • step a4) the right to receive is transmitted to the said second subscriber in a secured manner according to the second cryptographic function.
  • the first and second modules SIMl and SIM2 are also authenticated before the supply, secured or not, of the rights to transmit and receive. This authentication may be implemented classically by the operator.
  • the cryptographic functions use to advantage the security components inherent to the integrated circuit card of the SIM module.
  • the cryptographic functions may use a secret key or public key, or possibly another cryptography algorithm.
  • the cryptographic functions used may be triple DES (Data Encryption System) type.
  • the right to transmit may correspond to a secret key and the right to receive may correspond to the said secret key.
  • the right to transmit may correspond to a public key whereas the right to receive may correspond to the associated private key.
  • the transfer function according to the invention does not use cryptographic functions.
  • the right to transmit may correspond to a secret and/or public key accompanied by the transfer application as such.
  • - cl equip the module SIM2 of the second subscriber AB2 with a memory to store an interpreter 28 and an applet 30, a processor 14, 26 using the interpreter to interpret the applet 30 in order to execute it and an input/output interface 32 co-operating with the outside of the module SIM2 of the second subscriber AB2; and - c2) if the initial right to receive has been supplied, receive the applet 30 to be transferred via the communication network RS and store it in the memory of the module SIM2 of the second subscriber AB2 in order to process it .
  • Figure 7 shows a mode of implementation of the method according to the invention with two mobile telecommunication terminals working according to the GSM 11.11 or GSM 11.14 standards.
  • EFs Electronic File
  • Such elementary files are used to separate the data of the various applets 30.
  • Each applet 30 is known by its own EF.
  • the right to transmit may correspond to a function which can build messages in SMS format using APDU commands contained in an elementary file EF1 and which can download an applet, and send SMS messages to a chosen recipient. If necessary, the transmission function is secured using a suitable cryptographic key.
  • the right to receive may correspond to a function which can execute APDU commands capable of downloading an applet and which are contained in SMS messages sent by the originator. If necessary, the reception function is secured using a suitable cryptographic key.
  • the APDU commands used to download an applet include the INSTALL LOAD, LOAD LOAD/n times and INSTALL INSTALL commands.
  • the download applet 100 may also be an elementary file.
  • three applets 30 could be downloaded, APPLET1, APPLET2 and APPLET3.
  • a menu 102 displayed on terminal TE1 the user can choose applet 30 to be downloaded. Then, using command 104 "GET INPUT", the user enters (directly or indirectly) the number of the receiving subscriber AB2, thereby setting up a communication 106 with the said receiving terminal TE2.
  • the "DISPLAY TEXT" command displays the "connection" message on the transmitting terminal TE1.
  • the download function according to the invention for example the download applet 100, then sends an invitation message 108 to accept the download to the receiving terminal module TE2.
  • the message 108 is an SMS (Short Message Service) type message, for example in OTAC (Over The Air Customization) format according to the ETSI standard 0348.
  • SMS Short Message Service
  • OTAC Over The Air Customization
  • the receiving terminal module TE2 On reception of the invitation message 108, the receiving terminal module TE2 receives the message 110 "Do you want to receive the applet X from telephone number 06 09 10 99 111 Yes, No".
  • the receiving terminal module TE2 sends a download acceptance message, whereas ,in case of refusal it sends a download refusal message.
  • the DISPLAY TEXT command displays message 114 "Connection OK" in case of acceptance, whereas in case of refusal by the receiving terminal TE2, the DISPLAY TEXT command displays the message "Download refused” .
  • the transmitting terminal module TE1 sends a SMS message 116 to the receiving terminal module TE2 with the APDU command "INSTALL LOAD with response".
  • the SMS message includes the recipient number , built according to the GSM standard "0340", the key built according to the GSM standard "0348” if necessary, and the APDU command "INSTALL LOAD", if necessary with response.
  • the transfer procedure 121 is set up with a SMS message containing an APDU command of type "LOAD LOAD" .
  • This procedure 121 is reiterated as many times as there are "LOAD LOAD" commands in the SMS message 121. Then, the SMS message is routed from the transmitting terminal module TE1 to the receiving terminal module TE2 with the message 122 containing the "INSTALL INSTALL" command.
  • the terminal module TE2 executes the command and sends a status 124. If the status equals 9000, the response is given that the transfer is successful 126, whereas in the absence of a status equal to 9000, it is indicated that the transfer has failed.
  • the transmitting terminal module TE1 In the presence of a successful transfer message 126, the transmitting terminal module TE1 sends a message 128 whose purpose is to indicate that the transfer is finished successfully and this message is displayed on the receiving terminal TE2.
  • the transfer of the applet may be synchronised or not .
  • the SMS message is sent without status response. However, if there is synchronisation, the SMS message containing the "LOAD LOAD" command is sent with a response requested and each status returned is checked. The choice between these two possibilities depends on the desired performance. The second possibility (i.e. with synchronisation) is safer and is used to synchronise the last SMS message containing the "INSTALL INSTALL” command. Is the status received is not 9000, then it is planned to display on the module the message "Transfer failed" .
  • the "INSTALL LOAD” command precedes the "LOAD LOAD” command and the transfer applet ends with the "INSTALL INSTALL” command.
  • subscriber AB2 who has received the applet from subscriber ABl, also wants to transfer the applet to another subscriber, he sets up the method described above, on condition that he has a right to transmit and on condition that his recipient also has a right to receive.
  • the right to transmit also includes the APDU command "CREATE FILE EF1" concerning the creation of the file EF1 in the module SIMl, and the APDU command "LOAD RECORD EF1" concerning the saving of file EF1.
  • the module SIM2 executes the commands "CREATE FILE EF1" and "LOAD RECORD EF1" in order to create the file EF1 in the module SIM2, and in order to save the file EF1. Through these two commands, the module SIM2 can then in turn play the role of transmitter of applet to another module.

Abstract

By the telecommunication operator (OP), supply, initially, and to respectively the first and second subscribers (AB1 and AB2), a right to transmit a software application (30) written in high level language, and a right to receive a software application (30) written in high level language. Concerning the first subscriber identification module (SIM1), if the initial right to transmit has been supplied, set up a communication with the second subscriber (AB2) and send the said software application written in high level language via the communication network (RS).Concerning the second subscriber identification module (SIM2), if the initial right to receive has been supplied, receive the software application so sent and process it.

Description

METHOD AND DEVICE TO TRANSFER A SOFTWARE APPLICATION WRITTEN IN HIGH LEVEL LANGUAGE BETWEEN THE SUBSCRIBERS OF A TELECOMMUNICATION NETWORK
This invention concerns the transfer of a software application written in high level language between the subscribers of a telecommunication network.
In this case "software application written in high level language" means any software, application or computer program written in advanced language as compared with a low level computer language such as object language as compared with machine code. For example, one such software application is an applet written in "JAVA" (registered trade mark) language by the company SUM MICROSYSTEMS.
This invention finds a general application in telecommunication, and more particularly in mobile telecommunication, in which the mobile terminals of the subscribers communicate according to
GSM, UMTS standards or similar, and in which the communication networks require a subscriber identification module in each terminal .
Generally, the Subscriber Identification Module, or SIM, is an integrated circuit card of type smartcard which can autonomously perform data protection operations .
The Applicant therefore decided to study the problem of downloading simply, interactively, and with a certain degree of security, a software application written in high level language between mobile terminals each equipped with a subscriber identification module.
This invention provides a solution to this problem.
Firstly, it concerns a method to transfer a software application written in high level language between first and second mobile terminals connected to a telecommunication network managed by a telecommunication operator, and each equipped with a subscriber identification module.
According to a general definition of the invention, the method includes the following steps:
- a) by the telecommunication operator, supply, initially, to respectively the first and second subscriber identification modules, a right to transmit a software application written in high level language, and a right to receive a software application written in high level language;
- b) concerning the first subscriber identification module, if the initial right to transmit has been supplied, set up a communication with the mobile terminal of the second subscriber via the communication network and send the said software application written in high level language; and
- c) concerning the second subscriber identification module, if the initial right to receive has been supplied, receive the said application so sent in order to be able to process it.
In such a method according to the invention, a first degree of transfer security results from the initial supply of the rights to transmit and receive in the subscriber identification modules .
The transfer of the application can therefore be made in unencrypted or encrypted form between the subscribers' mobile terminals .
It is simple and easy to implement such a method.
In addition, other degrees of security may result from the use of subscriber identification modules ' which can autonomously perform data protection operations. Preferably, step a) also includes the following steps:
- al) equip the first subscriber identification module with a first cryptographic function;
- a2) equip the second subscriber identification module with a second cryptographic function;
- a3) transmit the right to transmit to the first subscriber identification module in a secured way according to the first cryptographic function; and
- a4) transmit the right to receive to the second subscriber identification module in a secured way according to the second cryptographic function.
Consequently, according to the invention the supply of the rights to transmit and receive is secured.
In practice, step a) also includes the authentication of the first and second modules before the secured, or not, supply of the rights to transmit or receive.
Preferably, step b) includes the following steps;
- bl) equip the first subscriber identification module with a memory to store an interpreter and at least one applet, a processor which can use the interpreter to interpret the applet in order to execute it, and an input/output interface which can co-operate with the mobile terminal of the first subscriber; and
- b2) if the initial right to transmit has been supplied, look for the applet to be transferred in the memory of the first subscriber identification module and send it to the second subscriber via the communication network.
Step c) includes the following steps: - cl) equip the second subscriber identification module with a memory to store an interpreter and at least one applet, a processor which can use the interpreter to interpret the applet in order to execute it, and an input/output interface which can co-operate with the mobile terminal of the second subscriber; and
- c2) if the initial right to receive has been supplied, permit the reception of the applet so transferred via the communication network and store it in the memory of the second subscriber identification module in order to process it.
This invention also concerns a device to transfer a software application written in high level language between first and second subscribers each having a mobile terminal equipped with a subscriber identification module, the said subscriber terminals being connected to at least one telecommunication network managed by a telecommunication operator.
According to a important characteristic of the invention, the telecommunication operator has the processing means to supply initially, to respectively the first and second subscriber identification modules, a right to transmit a software application written in high level language, and a right to receive a software application written in high level language, the first subscriber identification module also including the means to set up a communication with the second subscriber identification module and the means, if the initial right to transmit has been supplied, to send the said software application written in high level language, and the second subscriber module also including the means, if the initial right to receive has been supplied, to receive the software application so sent and the means to process the software application so received.
In practice, each subscriber identification module has a memory to store an interpreter and at least one software application written in high level language, a processor which can use the interpreter to interpret the application in order to execute it, and an input/output interface which can co-operate with the subscriber's mobile terminal.
This invention also concerns a computer program product to transfer an applet as mentioned above.
Other features and advantages of the invention will appear on reading the detailed description below and the drawings in which:
figure 1 is a diagrammatic representation of a mobile telecommunication terminal with its subscriber identification module;
- figure 2 is a diagrammatic representation of the component means of a subscriber identification module;
- figure 3 is a diagrammatic representation of the relations between the operator and the first and second subscriber identification modules according to the invention;
- figure 4 is a diagrammatic representation of the main steps of the method according to the invention;
figure 5 is a diagrammatic representation of the steps concerning the initial supply of the rights to transmit and receive according to the invention;
- figure 6 is a diagrammatic representation of the steps to transfer the software application according to the invention; and
- figure 7 is a diagrammatic representation of an example of implementing the method according to the invention.
Figure 1 represents a mobile telecommunication terminal TE1 for a subscriber AB1. The terminal includes, generally, a screen 2, a keyboard 4, an input/output interface 6, of integrated circuit card reader type, processing means 8, audio means 11 and means
10 for radio communication with at least one telecommunication network RS .
The terminal TE1 includes a subscriber identification module SIM1.
The subscriber identification module SIM1 includes an input/output interface 12, a central processing unit or CPU 14, a random access memory or RAM 16, a read only memory or ROM 18, and a non-volatile memory of type EEPROM (rewritable) or flash EPROM .
A bus 22 connects together the various parts of the identification module mentioned above.
Generally, the input/output interface 12 of the subscriber identification module SIM1 co-operates with the input/output interface 6 of the terminal TE1 for bi-directional data exchange .
The interface 6 of the terminal TE1 and the interface 12 of the module SIM1 may be of type contact, contactless, or mixed.
The processing unit 14 of the SIM module is known to be able to autonomously perform data protection operations with the memories 16 and 20. These operations can provide security services of type authentication, integrity, confidentiality, non repudiation or similar.
The identification module of figure 1 is built to supply an environment which can execute and program applets written in high level language, such as JAVA language by the company SUN MICROSYSTEMS.
In reference to figure 2, the environment of a subscriber identification module SIM includes the following parts. Firstly, the environment includes a HARDWARE interface 24, containing parts 12, 14, 16, 18, 20 and 22 described in reference to figure 1.
This interface 24 is a so-called "hardware" layer.
The environment of the SIM module includes a layer 26, of type processor. This layer 26 is called the OS (Operating System) .
For example, the identification module includes a layer 28 called JVM (JAVA Virtual Machine) , which executes the codes of the' applets 30 written in JAVA language, the said code being called BYTECODE. Of course, this layer 28 may contain another machine than tihe JVM machine.
The tools or functions of the module are stored in layer 34, called the API (Application Programming Interface) layer.
The applets 30 are stored in the memory 20 and called individually here APPLET1, APPLET2 and APPLET3. An interface 32 controls the SIM module and its communication between the applets and the codes of the environment external to the module according to the application protocol 36 APDU (Application Protocol Data Unit) . This protocol 36 is used to exchange data between the outside and the SIM module.
In this application protocol, we identify the APDU commands which are sent from the outside to the module and the APDU responses which are sent from the module to the outside, in response to the commands. The APDU protocol is defined in the document ISO 7816-4.
The Applicant therefore decided to study the problem of downloading simply, interactively, and with a certain degree of security, a software application written in high level language between terminals each equipped with a subscriber identification module . Figure 3 shows two subscribers ABl and AB2 whose respective identification modules SIMl and SIM2 can communicate via a telecommunication network RS. A communication operator OP manages the telecommunication network RS . The operator OP can set up a dialogue with the module SIMl and the module SIM2 via two selected channels 40 and 50.
These two channels 40 and 50 can be realised according to the same means or according to different means.
For example, channel 40 is set up with a local point of sale including a computer and a SIM card reader and channel 50 is set up with another local point of sale. Obviously the same local point of sale can be used to set up channel 40 and channel 50.
As a variant, the channel is set up via the operator's switching network (for example by microwave in the case of the GSM network) .
Another solution may consist of using the Internet.
In reference to figure 4, according to step a) of the method according to the invention, the telecommunication operator OP supplies to the first subscriber identification module SIMl a right to transmit a software application written in high level language. This supply takes place via channel 40. It may be secured, if the operator and/or the user so wish, or not .
The telecommunication operator supplies (transmission secured or not) to the second subscriber identification module SIM2 a right to receive a software application written in high level language. This supply takes place via channel 50.
According to step b) of the method according to the invention, if the initial right to transmit has been supplied, the identification module SIMl sets up a communication via the communication network RS and sends to the second subscriber AB2 a software application written in high level language.
According to step c) of the method according to the invention, concerning the second subscriber AB2, if the initial right to receive has been supplied, the identification module SIM2 receives the software application so sent in order to process it
(store, install or use) .
In reference to figure 5, the initial supply of the rights to send and receive can be secured preferably by using cryptographic functions.
In this secured context, according to step al) , the terminal of the first subscriber - ABl is equipped with a subscriber identification module SIMl with a first cryptographic function.
According to step a2) , the terminal of the second subscriber AB2 is equipped with a subscriber identification module SIM2 with a second cryptographic function.
According to step a3) ', the right to send is transmitted to the said first subscriber in a secured manner according to the first cryptographic function.
According to step a4) , the right to receive is transmitted to the said second subscriber in a secured manner according to the second cryptographic function.
In practice, the first and second modules SIMl and SIM2 are also authenticated before the supply, secured or not, of the rights to transmit and receive. This authentication may be implemented classically by the operator.
The cryptographic functions use to advantage the security components inherent to the integrated circuit card of the SIM module. The cryptographic functions may use a secret key or public key, or possibly another cryptography algorithm. For example, the cryptographic functions used may be triple DES (Data Encryption System) type. In this case, the right to transmit may correspond to a secret key and the right to receive may correspond to the said secret key.
In an example of cryptography with private/public key, for example RSA type, the right to transmit may correspond to a public key whereas the right to receive may correspond to the associated private key.
In another non secured example, the transfer function according to the invention does not use cryptographic functions.
In a further example of realisation, the right to transmit may correspond to a secret and/or public key accompanied by the transfer application as such.
In reference to figure 6, the transfer of an applet includes the following steps:
- bl) equip the module SIMl of the first subscriber ABl with a memory 16, 18, 20 to store an interpreter 28 (virtual machine) and an applet 30, a processor 26 using the interpreter 28 to interpret the applet 30, in order to execute it, and an input/output interface 32 co-operating with the outside of the module SIMl of the first subscriber ABl;
- b2) if the initial right to transmit has been supplied, look for the applet 30 to be transferred in the memory of the module and send it to the second subscriber AB2 via the telecommunication network RS;
- cl) equip the module SIM2 of the second subscriber AB2 with a memory to store an interpreter 28 and an applet 30, a processor 14, 26 using the interpreter to interpret the applet 30 in order to execute it and an input/output interface 32 co-operating with the outside of the module SIM2 of the second subscriber AB2; and - c2) if the initial right to receive has been supplied, receive the applet 30 to be transferred via the communication network RS and store it in the memory of the module SIM2 of the second subscriber AB2 in order to process it .
Figure 7 shows a mode of implementation of the method according to the invention with two mobile telecommunication terminals working according to the GSM 11.11 or GSM 11.14 standards.
Preferably, in the SIM modules, it is planned to save the applets in the form of EFs (Elementary File) . Such elementary files are used to separate the data of the various applets 30. Each applet 30 is known by its own EF.
In practice, the right to transmit may correspond to a function which can build messages in SMS format using APDU commands contained in an elementary file EF1 and which can download an applet, and send SMS messages to a chosen recipient. If necessary, the transmission function is secured using a suitable cryptographic key.
The right to receive may correspond to a function which can execute APDU commands capable of downloading an applet and which are contained in SMS messages sent by the originator. If necessary, the reception function is secured using a suitable cryptographic key.
As will be seen in greater detail below, the APDU commands used to download an applet include the INSTALL LOAD, LOAD LOAD/n times and INSTALL INSTALL commands.
The download applet 100 may also be an elementary file.
For example, three applets 30 could be downloaded, APPLET1, APPLET2 and APPLET3.
In a menu 102 displayed on terminal TE1, the user can choose applet 30 to be downloaded. Then, using command 104 "GET INPUT", the user enters (directly or indirectly) the number of the receiving subscriber AB2, thereby setting up a communication 106 with the said receiving terminal TE2.
After connection 106, the "DISPLAY TEXT" command displays the "connection" message on the transmitting terminal TE1. The download function according to the invention, for example the download applet 100, then sends an invitation message 108 to accept the download to the receiving terminal module TE2.
The message 108 is an SMS (Short Message Service) type message, for example in OTAC (Over The Air Customization) format according to the ETSI standard 0348.
On reception of the invitation message 108, the receiving terminal module TE2 receives the message 110 "Do you want to receive the applet X from telephone number 06 09 10 99 111 Yes, No".
In case of acceptance 112 the receiving terminal module TE2 sends a download acceptance message, whereas ,in case of refusal it sends a download refusal message.
On the transmitting terminal TE1, the DISPLAY TEXT command displays message 114 "Connection OK" in case of acceptance, whereas in case of refusal by the receiving terminal TE2, the DISPLAY TEXT command displays the message "Download refused" .
If a connection is accepted, the transmitting terminal module TE1 sends a SMS message 116 to the receiving terminal module TE2 with the APDU command "INSTALL LOAD with response".
In this example, the SMS message includes the recipient number , built according to the GSM standard "0340", the key built according to the GSM standard "0348" if necessary, and the APDU command "INSTALL LOAD", if necessary with response. On reception of the SMS message 116 containing the APDU command "INSTALL LOAD with response", the status of the said message is checked. If the check results in the message Status = 9000, then it is indicated that the transfer is in progress 120, whereas if the status is not 9000, it is indicated in response that the transfer has failed.
Then, the transfer procedure 121 is set up with a SMS message containing an APDU command of type "LOAD LOAD" .
This procedure 121 is reiterated as many times as there are "LOAD LOAD" commands in the SMS message 121. Then, the SMS message is routed from the transmitting terminal module TE1 to the receiving terminal module TE2 with the message 122 containing the "INSTALL INSTALL" command.
In response to this SMS message 122 for which the APDU command is "INSTALL INSTALL", the terminal module TE2 executes the command and sends a status 124. If the status equals 9000, the response is given that the transfer is successful 126, whereas in the absence of a status equal to 9000, it is indicated that the transfer has failed.
In the presence of a successful transfer message 126, the transmitting terminal module TE1 sends a message 128 whose purpose is to indicate that the transfer is finished successfully and this message is displayed on the receiving terminal TE2.
The transfer of the applet may be synchronised or not .
If there is no synchronisation, the SMS message is sent without status response. However, if there is synchronisation, the SMS message containing the "LOAD LOAD" command is sent with a response requested and each status returned is checked. The choice between these two possibilities depends on the desired performance. The second possibility (i.e. with synchronisation) is safer and is used to synchronise the last SMS message containing the "INSTALL INSTALL" command. Is the status received is not 9000, then it is planned to display on the module the message "Transfer failed" .
Preferably, to avoid any synchronisation problem, the "INSTALL LOAD" command precedes the "LOAD LOAD" command and the transfer applet ends with the "INSTALL INSTALL" command.
Obviously, when subscriber AB2 who has received the applet from subscriber ABl, also wants to transfer the applet to another subscriber, he sets up the method described above, on condition that he has a right to transmit and on condition that his recipient also has a right to receive.
In this case, the right to transmit also includes the APDU command "CREATE FILE EF1" concerning the creation of the file EF1 in the module SIMl, and the APDU command "LOAD RECORD EF1" concerning the saving of file EF1.
These two APDU commands are therefore transferred, after the INSTALL INSTALL command described above, from the module SIMl to the module SIM2.
The module SIM2 executes the commands "CREATE FILE EF1" and "LOAD RECORD EF1" in order to create the file EF1 in the module SIM2, and in order to save the file EF1. Through these two commands, the module SIM2 can then in turn play the role of transmitter of applet to another module.

Claims

Claims
1. Method to transfer a software application written in high level language between first and second mobile terminals (TE1, TE2) connected to at least one telecommunication network (RS) managed by a telecommunication operator, and each equipped with a subscriber identification module (SIMl and SIM2) ,
the said method being characterised by the following steps:
- a) by the telecommunication operator (OP) , supply, initially, and to respectively the first and second subscribers (ABl and AB2) , a right to transmit a software application (30) written in high level language, and a right to receive a software application (30) written in high level language,
- b) concerning the first subscriber identification module (SIMl) , if the initial right to transmit has been supplied, set up a communication with the second subscriber (AB2) and send the said software application written in high level language via the communication network (RS) , and
c) concerning the second subscriber identification module (SIM2) , if the initial right to receive has been supplied, receive the software application so sent and process it.
2. Method according to claim 1, characterised in that step a) also includes the following steps :
- al) equip the first subscriber identification module (SIMl) with a first cryptographic function,
- a2) equip the second subscriber identification module (SIM2) with a second cryptographic function,
- a3) transmit the right to transmit to the first subscriber in a secured way according to the first cryptographic function; and - a4) transmit the right to receive to the second subscriber in a secured way according to the second cryptographic function.1
3. Method according to claim 1 or claim 2 , characterised in that step 'a) also includes the authentication of the first module (SIMl) and the second module (SIM2) before the supply, secured or not, of rights to transmit and receive.
4. Method according to claim 1, characterised in that step b) includes the following steps:
- bl) equip the first subscriber identification module with a memory to store an interpreter (28) and at least one software application (30) written in high level language, a processor (26) which can use the interpreter to interpret the application in order to execute it, and an input/output interface (32) which can co-operate with the outside of the first subscriber's module, and
- b2) if the initial right to transmit has been supplied, look for the software application (30) to be transferred in the memory of the first subscriber identification module (SIMl) and send it to the second subscriber (AB2) via the communication network (RS) .
5. Method according to claims 1 and 4, characterised in that step c) includes the following steps:
- cl) equip the second subscriber identification module (SIM2) with a memory to store an interpreter (28) and at least one software application (30) written in high level language, a processor (26) which can use the interpreter (28) to interpret the application in order to execute it, and an input/output interface (32) which can co-operate with the outside of the module, and
- c2) if the initial right to receive has been supplied, receive the software application (30) so transferred via the communication network and store it in the memory of the second subscriber identification module (SIM2) .
6. Method according to one of the above claims, characterised in that it also includes the following steps:
i) set up a first channel (40) between the operator (OP) and the first subscriber identification module (SIMl) and supply initially the right to transmit via the said first channel (40) , and
ii) set up a second channel (50) between the operator (OP) and the second subscriber identification module (SIM2) and supply initially the right to receive via the said second channel (50) .
7. Method according to claim 6, characterised in that the initial supply of the rights to transmit and receive via the channels (40 and 50) is secured.
8. Method to transfer a software application written in high level language between first and second mobile terminals connected to at least one telecommunication network (RS) managed by a telecommunication operator (OP) and each equipped with a subscriber identification module (SIMl, SIM2) , characterised in that it includes:
- concerning the telecommunication operator (OP) , processing means to supply, to respectively the first and second subscriber identification modules (SIMl and SIM2) , a right to transmit a software application written in high level language, and a right to receive a software application written in high level language,
- concerning the first subscriber identification module (SIMl) , means to set up a communication with the second subscriber (AB2) and means to send the said software application written in high level language, and - concerning the second subscriber identification module (SIM2) , means to receive the software application so sent and processing means to process it .
9. Method according to claim 8, characterised in that it includes a first channel (40) between the telecommunication operator (OP) and the first subscriber identification module (SIMl) , via which the right to transmit is sent to the first subscriber (ABl), using a secured transmission or not.
10. Method according to claim 8, characterised in that it includes a second channel (50) between the telecommunication operator and the second subscriber identification module (SIM2) , via which the right to receive is sent to the second subscriber, using a secured transmission or not.
11. Method according to claim 8, characterised in that each subscriber identification module (SIMl or SIM2) includes a memory to store an interpreter (28) and at least one software application (30) written in high level language, a processor (26) which can use the interpreter to interpret the application in order to execute it, and an input/output interface (32) which can co-operate with the outside of the module.
12. Subscriber identification module intended to co-operate with a mobile communication terminal which can communicate via a communication network managed by a communication operator,
characterised in that the module (SIM) includes security means which can set up a channel (40 or 50) with the telecommunication operator (OP) through which the module can receive from the operator a right to transmit and/or receive a software application written in high level language, and in that the said module thereby initially having a right to transmit and/or receive, can send and/or receive a software application written in high level language to and/or from another module.
13. Module according to claim 12, characterised in that the module (SIM) includes a memory to store an interpreter (28) and at least one software application (30) written in high level language, a processor (26) which can use the interpreter to interpret the application in order to execute it, and an input/output interface (32) which can co-operate with the terminal .
14. Module according to claim 12 or claim 13, characterised in that the said module is an integrated circuit card which can autonomously perform data protection operations.
15. Computer program including instruction codes saved on a medium or- distributed via a communication system, the said instruction codes being executable in a computer to perform the steps of the method according to any of the claims 1 to 7.
PCT/IB2001/002266 2000-11-30 2001-11-29 Method and device to transfer a software application written in high level language between the subscribers of a telecommunication network WO2002045446A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
FR0015514 2000-11-30
FR0015514A FR2817430B1 (en) 2000-11-30 2000-11-30 METHOD AND DEVICE FOR TRANSFERRING A HIGH-LEVEL LANGUAGE WRITTEN SOFTWARE APPLICATION BETWEEN SUBSCRIBERS OF A TELECOMMUNICATION NETWORK, AND CORRESPONDING SUBSCRIBER IDENTIFICATION MODULE

Publications (1)

Publication Number Publication Date
WO2002045446A1 true WO2002045446A1 (en) 2002-06-06

Family

ID=8857083

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2001/002266 WO2002045446A1 (en) 2000-11-30 2001-11-29 Method and device to transfer a software application written in high level language between the subscribers of a telecommunication network

Country Status (2)

Country Link
FR (1) FR2817430B1 (en)
WO (1) WO2002045446A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2866456A1 (en) * 2004-02-17 2005-08-19 Eastman Kodak Co Supply method of multimedia application to e.g. cell phone, involves sending digital data medium containing programming agent, from applications server to terminal based on digital data of message initially sent from terminal to server

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0767426A1 (en) * 1995-10-05 1997-04-09 Siemens Aktiengesellschaft Method for programming an apparatus
FR2785133A1 (en) * 1998-10-22 2000-04-28 Sfr Sa Application sending mobile telephone technique having subscriber identification module central server liaising and opening/handing over mobile telephone applications area.
US6138009A (en) * 1997-06-17 2000-10-24 Telefonaktiebolaget Lm Ericsson System and method for customizing wireless communication units

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0767426A1 (en) * 1995-10-05 1997-04-09 Siemens Aktiengesellschaft Method for programming an apparatus
US6138009A (en) * 1997-06-17 2000-10-24 Telefonaktiebolaget Lm Ericsson System and method for customizing wireless communication units
FR2785133A1 (en) * 1998-10-22 2000-04-28 Sfr Sa Application sending mobile telephone technique having subscriber identification module central server liaising and opening/handing over mobile telephone applications area.

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2866456A1 (en) * 2004-02-17 2005-08-19 Eastman Kodak Co Supply method of multimedia application to e.g. cell phone, involves sending digital data medium containing programming agent, from applications server to terminal based on digital data of message initially sent from terminal to server
WO2005078577A1 (en) * 2004-02-17 2005-08-25 Eastman Kodak Company Process and system to supply a multimedia application on a terminal using a programming agent

Also Published As

Publication number Publication date
FR2817430A1 (en) 2002-05-31
FR2817430B1 (en) 2003-02-07

Similar Documents

Publication Publication Date Title
US9817993B2 (en) UICCs embedded in terminals or removable therefrom
EP2388968B1 (en) System and method for downloading application
CA2336479C (en) Secure session set up based on the wireless application protocol
CN100362786C (en) Method and apparatus for executing secure data transfer in wireless network
US7380125B2 (en) Smart card data transaction system and methods for providing high levels of storage and transmission security
KR101554571B1 (en) Method of access and of transferring data related to an application installed on a security module associated with a mobile terminal, associated security module, management server and system
RU2411670C2 (en) Method to create and verify authenticity of electronic signature
US9325668B2 (en) System for supporting over-the-air service and method thereof
US20020056044A1 (en) Security system
US6976171B1 (en) Identification card and identification procedure
EP1151625B1 (en) Method for the utilisation of applications stored on a subscriber identity module (sim) and for the secure treatment of information associated with them
US9055605B2 (en) Method for establishing a secure logical connection between an integrated circuit card and a memory card through a terminal equipment
EP1331752B1 (en) Module for personalizing content according to instruction contained in a voucher for mobile devices.
EP1673958B1 (en) Method and system for controlling resources via a mobile terminal, related network and computer program product therefor
US8346215B2 (en) Retrospective implementation of SIM capabilities in a security module
EP2209080A1 (en) Method of loading data in an electronic device
CN100362877C (en) Applet download in a communication system
WO2002045446A1 (en) Method and device to transfer a software application written in high level language between the subscribers of a telecommunication network
WO2007132056A1 (en) Method and system for loading value to a smartcard
JP7287079B2 (en) CONVERSION PROGRAM, CONVERSION APPARATUS AND CONVERSION METHOD

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): CN JP US

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP

WWW Wipo information: withdrawn in national office

Country of ref document: JP