It finds a general application in telecommunications and more particularly in digital systems for communication with public mobiles operating in the 900 MHz and, also called "GLOBAL SYSTEM FOR MOBILE COMMUNICATION (GSM)". It also finds application in wire-based communication networks.
In a known manner, a telecommunication installation comprises:
at least one switched telephone network; PA1 an autonomous telephone subscriber access system comprising: PA1 at least one autonomous set comprising: PA1 an authorization center comprising: PA1 to certify the usage charges transmitted by the charge metering means to the prepayment means via the radio telephone interface; PA1 to verify that they have been correctly received and understood; and PA1 to verify that they have actually been deducted from the prepayment means. PA1 first generator means able to establish a generation function with the aid of the set base passkey; PA1 first remote loading means able to establish a remote loading function with the aid of a remote loading passkey which is the transform of a predetermined word under the generation function with the aid of the set base passkey; PA1 the access system furthermore comprises: PA1 the authorization center furthermore comprises: PA1 the installation furthermore comprises a remote loading mode in which in response to a remote loading request word for a predetermined number of value units emanating from the autonomous set, the first and second means of set authentication as well as the first and second means of system authentication carry out a respective active authentication of the autonomous set as well as of the access system, by respectively exchanging a set authentication word emanating from the autonomous set and the transform of this word under the set authentication function with the aid of the set base passkey as well as by exchanging a system authentication word emanating from the authorization center and the transform of this system authentication word under the system authentication function with the aid of the system base passkey; PA1 in the case of checked authenticity of the access system and of the autonomous set, the second generator means calculate at the level of the authorization center the remote loading passkey, which is the transform of the remote loading request word under the generation function with the aid of the set base passkey; PA1 the case of generation of the remote loading passkey at the level of the authorization center, the second enciphering/deciphering means transmit the enciphered loading passkey with the aid of the storage passkey to the first enciphering/deciphering means which decipher it with a view to storing it at the level of the access system; and PA1 in the case of storage of the remote loading passkey in the access system, the first and second remote loading means exchange the remote loading request word for the number of value units to be remotely loaded as well as the transform of said remote loading request word under the remote loading function with the aid of the remote loading passkey with a view to remotely loading, in a secure manner, the means for prepayment of the said number of value units.
at least one base station linked to the switched telephone network; PA2 handling means linked to the base station comprising charge metering means able to calculate the charges for using the paying services of the switched telephone network; PA2 first enciphering/deciphering means able to establish a cryptographic function with the aid of a storage passkey; PA2 means able to establish an intercommunication with the base station; PA2 prepayment means able to contain value units intended for paying the usage charges calculated and transmitted by the charge metering means; PA2 first means of set authentication able to establish a set authentication function with the aid of a predetermined set base passkey personal to each subscriber; PA2 second enciphering/deciphering means able to establish the enciphering/deciphering function with the aid of the storage passkey; PA2 second means of set authentication able to establish the set authentication function with the aid of the set base passkey. PA2 second remote loading means able to issue a predetermined number of value units in response to a predetermined remote loading order and to establish the remote loading function with the aid of the remote loading passkey; PA2 first means of system authentication able to establish a system authentication function with the aid of a predetermined system base passkey; PA2 second means of system authentication able to establish the system authentication function with the aid of the system base passkey; and PA2 second generator means able to establish the generation function with the aid of the set base passkey; and
For example, in the radio telephone application, the autonomous set accesses a paying service of the switched telephone network on completion of an operation to authenticate the identity of the subscriber to the autonomous set employing the first and second means of set authentication.
Preferably, the authentication of the identity of the subscriber to the autonomous set is an active authentication with the exchange between the autonomous set and the authorization center of a random number and of the transform of this random number under the set authentication function with the aid of the set base passkey personal to each subscriber.
Such authentication makes it possible only to ensure the authenticity of the subscriber and the authorization for this subscriber to access the paying services of the switched telephone network.
It does not make it possible to guarantee in respect of the installation, which converses with the subscriber thus identified and authorized to access, that the prepayment means which serve in paying the usage charges are integral throughout the duration of the communication.
The Patent Application No. 90 12510 filed on 10 Oct. 1990 in the name of the Applicant affords a solution to this problem by employing an active authentication of the usage charges throughout the duration of the communication with the aid of the first and second means of set authentication.
This active authentication of the usage charges makes it possible in particular:
Moreover, procedures are known for reloading a predetermined number of value units to the account of the prepayment means.
These procedures generally take place outside the communications proper, either locally, for example at the authorization center directly, or else at the autonomous set "off line", with no link with the authorization center, either remotely, for example through a specialized application such as remote loading by MINITEL (trade mark) server, but this latter procedure does not guarantee proper reception of the remotely loaded amounts, nor the non-repudiation of said remote loading by the autonomous set.
Furthermore, the remote loading of the prepayment means may be necessitated when the subscriber is checked by a third-party authorization center, different from that which issued or manages the prepayment means and to which the autonomous set is not commercially attached (this is the case for example when a subscriber uses his autonomous set in a zone covered by an operator other than the one responsible for its management, that is to say in the case of the so-called ROAMING service in the GSM application).
In this situation, the solution which consists in remotely loading the prepayment means on the initiative of the third-party authorization center is unsatisfactory at the security level.
Indeed, the confidentiality and integrity of the remote loading order and of its amount are not guaranteed, which may allow fraudulent reproductions.
The present invention affords a solution to this problem.