WO2007006815A2 - An encryption method and system for mobile telephones - Google Patents

An encryption method and system for mobile telephones Download PDF

Info

Publication number
WO2007006815A2
WO2007006815A2 PCT/EP2006/064297 EP2006064297W WO2007006815A2 WO 2007006815 A2 WO2007006815 A2 WO 2007006815A2 EP 2006064297 W EP2006064297 W EP 2006064297W WO 2007006815 A2 WO2007006815 A2 WO 2007006815A2
Authority
WO
WIPO (PCT)
Prior art keywords
secure
mobile telephone
message
messages
encryption algorithm
Prior art date
Application number
PCT/EP2006/064297
Other languages
French (fr)
Other versions
WO2007006815A3 (en
Inventor
Eamon Joseph Stafford
Original Assignee
Grapevine Mobile Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Grapevine Mobile Limited filed Critical Grapevine Mobile Limited
Publication of WO2007006815A2 publication Critical patent/WO2007006815A2/en
Publication of WO2007006815A3 publication Critical patent/WO2007006815A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/12Messaging; Mailboxes; Announcements
    • H04W4/14Short messaging services, e.g. short message services [SMS] or unstructured supplementary service data [USSD]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords

Definitions

  • This invention relates to an encryption method and system for mobile telephones. Furthermore, this invention relates to a system for the transfer of secure messages to and from a mobile telephone, the system comprising a mobile telephone, a remote third party device for sending and receiving secure messages to and from the mobile telephone, and a communication network connecting the mobile telephone and the third party device.
  • SMS Short Messaging Service
  • WAP Wireless Application Protocol
  • SMS messages and the like transmitted from a mobile telephone are typically transmitted via an SMS center (SMSC) where a copy of the SMS message is made prior to the onward transmission of the SMS message to the intended recipient. It is entirely conceivable that individuals could gain access to this information contained in the SMS message at the SMSC and use the information to their advantage.
  • SMSC SMS center
  • spam messages are more often than not unwanted by the recipient and are considered to be a nuisance.
  • the Series 60 telephones are still however inaccessible to many mobile telephone users due to the high cost and at present many mobile telephone users only have access to Series 30 or Series 40 telephones which have a limited memory of 30Kb and 84 Kb respectively.
  • One afternalive solution that has been proposed is to transmit the SMS messages through a dedicated Encryption Server prior to onward transmission to the intended recipient.
  • This has the advantage that the computational burden is removed from the mobile telephone onto the Encryption Server.
  • this method still suffers from the problem of the transmissions being sent in an unencrypted form from the mobile telephone to the Encryption Server as well as the messages being stored at the Encryption Server in an unencrypted format thereby leaving the communications vulnerable to interception at either of these times.
  • a system for the transfer of secure messages to and from a mobile telephone comprising:
  • a remote third party device for sending and receiving secure messages to and from the mobile telephone
  • both the mobile telephone and the third party device have a General Packet Radio Service (GPRS) transmitter for transmitting secure messages via GPRS over the communication network and a GPRS receiver for receiving secure messages via GPRS over the communication network;
  • GPRS General Packet Radio Service
  • both of the mobile telephone and the thind party device have a GPRS secure messaging application thereon, the GPRS secure messaging application comprising a word processor and an encryptor, the word processor being operable to allow a user of the mobile telephone or the remote third party device to compose a message for subsequent encryption and transmission and to read received decrypted messages, and the encryptor having means to encrypt messages for transmission and means to decrypt received secure messages using an optimised encryption algorithm and an appropriate password entered by the user.
  • the footprint of the program code may be greatly reduced thereby allowing a more secure encryption algorithm to be used in the system thereby providing more robust security to the users and therefore it will be possible to transmit highly sensitive information in a secure manner. It is no longer necessary to provide expensive dedicated encryption servers in order to allow robust encryption techniques to be used.
  • system in which the system further comprises a secure message server having a memory and in which secure messages are transmitted to the secure message server and stored in secure message server memory for subsequent collection by the intended recipient.
  • the recipients may determine where and when they collect the information from the secure message servar and they may effectively use the secure message server as an external memory to store their secure messages.
  • a system in which the system further comprises a remote short messaging service centre (SMSC) in communication with the secure message server, from which SMSC a notification is sent to the intended recipient on the secure message server receiving a secure message indicating that a secure message awaits their collection.
  • SMSC remote short messaging service centre
  • the remote third party device further comprises a web server.
  • the web server may be operated by a banking institution or the like that may now transmit information of a highly sensitive nature to their clients and customers.
  • the web server may be part of a subscription service and only those with current access codes to decrypt the message will be able to access the information contained in the message.
  • the web server may be aimed at an adult audience that sends their information out randomly to a number of mobile telephone numbers and only adults who have access to the correct password would be able to access the information.
  • the remote third party device further comprises a mobile telephone.
  • a mobile telephone This is seen as a particularly ⁇ seful implementation of the present invention. This means that mobile telephone users may send and receive encrypted messages to each other and ensure that the communications are kept private and confidential.
  • the mobile telephone is one of a Series 30 or Series 40 mobile telephone.
  • a system in which the encryptor's means to encrypt a message and means to decrypt a secure message using an optimized encryption algorithm further comprises an optimized encryption algorithm programmed in object oriented code, the optimized encryption algorithm having no packages or sub-packages in the code and in which all functionality is developed as classes in the code.
  • an optimized encryption algorithm programmed in object oriented code, the optimized encryption algorithm having no packages or sub-packages in the code and in which all functionality is developed as classes in the code.
  • the object oriented code is one of Java and C++.
  • the system further comprises a remote web server accessible by mobile telephones, the remote web server having the GPRS secure messaging application stored thereon for transmission to a mobile telephone via GPRS on request by the mobile telephone.
  • the means to encrypt and means to decrypt a secure message further comprises an AES encryption algorithm according to the Rijndael specification.
  • AES encryption algorithm according to the Rijndael specification.
  • the encryptor further comprises a plurality of static tables, at least one static table for use in the encryption of data and at least one static table for use in the decryption of data.
  • a system in which the means to encrypt and the means to decrypt a secure message further comprises one of a triple DES, Blowfish or RCA encryption algorithm.
  • Those are also useful encryption algorithms thai may be used without departing from the spirit of the invention.
  • a method of transferring secure messages to and from a mobile telephone in a system comprising a mobile telephone, a remote third party device and a communication network connecting the mobile telephone and the remote third party device, both the mobile telephone and the remote third party device have a General Packet Radio Service (GPRS) transmitter for transmitting secure messages via GPRS over the communication network and a GPRS receiver for receiving secure messages via GPRS over the communication network, both the mobile telephone and the remote third party device having a GPRS secure messaging application thereon, the GPRS secure messaging application having a word processor and an encryptor, the word processor being operable to allow the user of the mobile telephone or the remote third party device to compose a message for subsequent encryption and transmission and to read received, decrypted messages, and the encryptor having means to encrypt messages for transmission and means to decrypt received secure messages using an optimized encryption algorithm and an appropriate password entered by the user, the method comprising the steps of:
  • GPRS General Packet Radio Service
  • one of the user of the mobile telephone and the user of the remote third party device composing a message using the word processor of the GPRS secure messaging application and encrypting that message with the optimized encryption algorithm and a password using the encryptor of the GPRS secure messaging application;
  • a method of transferring secure messages to and from a mobile telephone in which the method further comprises the step of transmitting the secure encrypted message to a remote secure message server, the message being stored in a memory of the remote secure message server for subsequent collection by the intended recipient.
  • a method of transferring secure messages to and from a mobile telephone in which the method further comprises the step of transmitting a Short Message Service (SMS) message to the intended recipient indicating that a secure message has been sent to them and is currently stored in secure message server memory awaiting collection.
  • SMS Short Message Service
  • a method of transferring secure messages to and from a mobile telephone in which the step of encrypting the message further comprises encrypting the message using an optimized encryption algorithm programmed in an object oriented code, the optimized encryption algorithm having no packages or sub-packages in the code and in which all functionality is developed as classes in the code.
  • a method of transferring secure messages to and from a mobile telephone in which the step of encrypting the message using an optimized encryption algorithm further comprises encrypting the message using an optimized AES encryption algorithm according to the Rijndael specification,
  • a method of transferring secure messages to and from a mobile telephone in which the step of encrypting the message using an optimized encryption algorithm further comprises encrypting the message using one of an optimized Triple DES algorithm, optimized Blowfish algorithm and an optimized RCA algorithm.
  • a method of providing an encryption algorithm for a primitive mobile telephone comprising the steps of;
  • an encryption algorithm that is significantly smaller in size than other encryption algorithms will be provided.
  • This encryption algorithm may then be stored on Series 30 and Series 40 mobile telephones as they have sufficient storage capacity to hold the optimized code.
  • the encrypted messages are able to be generated on the mobile telephone itself and this does not require the user to send the message to an encryption server for encryption or decryption.
  • the step of selecting a suitable encryption algorithm comprises selecting one of AES according to the Rijndael specification, Blowfish, Triple DES or RCA. All of these algorithms may be optimized to a point where they have a relatively small footprint that will allow them to be stored on a mobile telephone, even a relatively primitive mobile telephone with little available memory.
  • the step of selecting a suitable encryption algorithm in an object oriented programming language further comprises choosing a suitable encryption algorithm in Java or C++. Both of these are seen as useful as they are commonly used in mobile telephony applications.
  • a method of providing an encryption algorithm for a mobile telephone in which the method further comprises the steps of providing a static table for encryption of data and a static table for the decryption of data.
  • the encryption of the data can be significantly sped up and therefore the burden on the processor will be greatly reduced.
  • the tables themselves require a minimum amount of memory storage and are seen as useful.
  • the method further comprises the step of providing relate functions to compute the values of additional static tables from the given static tables. This will allow a single static table to be used for encryption and a single static table to be used for decryption. These tables can then be used Io help create further tables and this will help speed up the encryption and decryption process significantly with a minimum trade off for memory.
  • there is a method of providing an encryption algorithm for a mobile telephone in which there are provided four static tables for encryption and four static tables for decryption.
  • four static tables for encryption and four static tables for decryption By having tour static tables for encryption and four static tables for decryption, more memory is required for the storage of the optimized algorithm.
  • the encryption and the decryption procedures will be sped up and therefore there is a tradeoff between speed and memory requirements.
  • the static tables are 256 word tables.
  • the encryption provides a simple way of encrypting and decrypting the data with the minimum of processing power required and will allow a very small level of security to be achieved.
  • This type of algorithm is seen as particularly useful far communications between friends that they may not wish other third parties who gain access to their mobile telephone to be able to read. Various minor changes such as further operation steps could be made to this type algorithm to make it even more secure if required.
  • the decimal and hexadecimal numbering systems could be replaced by other substitution character sets but these are particularly simple to implement in a mobile telephone environment.
  • the step of performing a modulus operation on the decimal value comprises the step of carrying out a modulus 4 operation on the decimal value.
  • the modulus operation, performed can be determined by the number of digits in the password or PIN code of the user. If there were a total of three digits in the password, then a modulus three operation would be performed.
  • the step of building a padded hexadecimal representation of the string further comprises the additional step of utilizing PKCS#7 reversible padding.
  • the step of encrypting the data further comprises operating a Cipher block chained (CBC) mode.
  • CBC Cipher block chained
  • the method further comprises the step of providing digests for transaction tampering verification.
  • a secure messaging application product for a mobile telephone
  • the secure messaging application product comprising a word processor for writing, editing and reading messages, an encryptor for encrypting and decrypting secure messages and means for receiving a password specific to each message for use in the encryption or decryption of the message, the secure messaging application product encryptor having means to encrypt and means to decrypt the message using an optimized encryption algorithm and a password received from a user.
  • the encryptor will not operate on SMS messages but on individual secure messages in the dedicated word processor and this will allow a system that operates without the constraints of SMS messaging. It is envisaged that the messages may in fact be sent via GPRS rather than as SMS messages as this will provide a particularly flexible architecture in which the encryption and decryption of messages may be carried out. It is further envisaged that the encryptor wilI encrypt the message using an optimized AES or similar optimized algorithm and will be therefore able to operate on Series 30 or Series 40 telephones.
  • a secure messaging application product for a mobile telephone in which the optimized encryption algorithm further comprises an optimized encryption algorithm in object oriented code, the optimized encryption algorithm having no packages or sub-packages in the code and in which all functionality is developed as classes in the code.
  • a secure messaging application product in which the optimized encryption algorithm further comprises an Advanced Encryption Standard (AES) algorithm according to the Rijndael specification.
  • AES Advanced Encryption Standard
  • the encryptor further comprises at least two static tables, one for use in the encryption of messages and one for the decryption of messages.
  • a secure messaging application product in which the encryptor has means to perform a rotate operation on the static tables.
  • a secure messaging application product in program code form, stored on a carrier.
  • a mobile telephone having the secure messaging application product as claimed in any of daims 32 to 37 loaded thereon.
  • Figure 1 is a schematic representation of a typical system in which the mobile telephones having the encryption product according to the present invention operate;
  • Figure 2 is an alternative schematic representation of a typical system in which the mobile telephones operate
  • Figures 3a to 3e inclusive show a number of screenshots of mobile telephones operating the encryption product
  • Figure 4 is a schematic representation of a mobile telephone having the encryption product loaded thereon communicating with a banking institution
  • Fig ⁇ re 5 is a schematic representation of the mobile telephone of Figure 4 carrying out a communication with the banking institution;
  • Figure 6 is a block diagram of a method of encoding data according to the present invention.
  • Figure 7 is a representation of the S and S -1 blocks used in the encryption process according to the present invention.
  • the communications system comprises a Secure Message Server 3, a Short Messaging Service Centre (SMSC) 5 and a plurality of mobile telephones 7, only two of which are shown, having the secure messaging application according to the present Invention loaded thereon.
  • SMSC Short Messaging Service Centre
  • one of the mobile telephone users decides to transmit a secure message to the other mobile telephone user and operates their moblie telephone to create a message to be sent.
  • This message is then encrypted on their mobile telephone before being transmitted to the Secure Message Server 3.
  • the other mobile telephone user can then periodically check the Secure Message Server for any messages being held for them.
  • the second mobile telephone user downloads the message from the Secure Message Server 3 to their mobile telephone 7.
  • the second mobile telephone user then contacts the sender of the secure message to determine the PIN code to allow them to decrypt the message on their mobile telephone.
  • the mobile telephone users may have previously agreed a PIN code between them that is to be used for communications therebetween.
  • an SMS alert message in plain text format is sent to the second mobile telephone to alert the user to the fact that there is a message waiting for them on the server.
  • the second mobile telephone user may then operate their mobile telephone to retrieve the message from the server.
  • the SMS message may be automatically sent by the Secure Message Server 3 to the second mobile telephone 7 via the SMSC 5 once it receives a secure message from the first mobile telephone 7.
  • the SMS message does not contain any of the message text and may or may not indicate who the secure message is from.
  • the secure message server 3 may simply send the relevant information to the SMSC 5 so that the SMSC 5 can generate the SMS message and transmit the SMS message to the mobile telephone 7 itself.
  • FIG. 2 of the drawings there is shown an alternative schematic representation of a typical system in which the mobile telephones operate and in particular a system in which the mobile telephones can interact with various web servers 9.
  • the mobile telephone user may install the secure messaging application on their mobile telephone 7 by first of all contacting a selling agent 11 in the known manner by sending a text message or making a call to the selling agent 11 over a premium rate mobile number.
  • the selling agent On receipt of the communication from the mobile user, the selling agent will transmit an SMS message to the mobile telephone 7 with a web link embedded in the SMS message.
  • the telephone bill of the SMS user may be charged in the normal manner for this service.
  • the mobile telephone user then downloads the encryption algorithm and telephone interface from the web server and installs tham on their mobile telephone.
  • the mobile telephones can send and receive encrypted messages either directly to each other or via the web servers.
  • the mobile telephone user contacts the web server by sending a simple text message to a premium rate number.
  • the mobile telephony user's account is then updated once payment is cleared. Their account credit can then be updated.
  • Billing may be carried out to their mobile telephone bill or alternatively, the user of the mobile telephone will communicate their credit or debit card details to the web server operators so that they can be billed without any indication showing up on their mobile telephone bid.
  • the secure messaging application may in certain cases be preinstalled on the mobile telephone.
  • FIG. 3a to 3e of the drawings there are shown a number of screen shots of a mobile telephone operating the secure messaging application according to the present invention.
  • the main application screen 13 on the mobile telephone.
  • the mobile telephone may still be navigated in the normal manner.
  • the user is prompted to input which service they require.
  • there are five separate options available to them namely, New Secret 15, Read Secret(s) 17, Friends 19, Secret Archive 21 and Clear Archive 23. The function of each of these is self explanatory but for reasons of completeness a brief description will be given.
  • the new secret 15 if selected prompts the user to create a message to be sent encrypted to a third party (not shown)
  • read secret(s) 17 if selected allows the user to read any messages that have been sent to the mobile telephone by prompting them to decrypt the message that has bean received
  • the Friends 19 option stores a list of other individuals or third parties that also have the facility Io decrypt messages sent by the mobile telephone user
  • the Secret archive 21 stores all previous messages kept by the mobile telephone user, these messages may be in encrypted or decrypted form (although it is envisaged that they will preferably be kept in encrypted form to avoid any sensitive information being made available in case the mobile telephone is mislaid or stolen) and finally the clear archive allows for all messages stored in the archive to be deleted from memory.
  • FIGs 3b to 3e inclusive there Is shown a number of screen shots of a mobile telephone 7 in which the mobite telephone user carries out a message retrieval.
  • the mobite telephone user has already selected the Read Secret(s) option on thsir main application screen.
  • the mobile telephone polls the Secure Message Server (not shown) for any messages stored thereon for the mobile telephone user and retrieves the messages to the mobile telephone.
  • the encrypted messages are then stored on the mobile telephone.
  • the mobile telephone user is given a list of senders of secure messages to their mobile telephone. In this instance, the senders are identified by a telephone number to preserve their identity.
  • the name as found in the mobile users address book could be used or some other identifier to denote the sender of the secure message.
  • the mobile telephone user selects the desired number in the normal manner. Once the mobile telephone user has selected the desired message, the mobile telephone user is prompted to input the PIN code associated with the sender of the secure message in order to allow them to decrypt the secure message (Figure 3d).
  • the PIN code will preferably have been communicated to the mobile telephone user by an alternative cornmunication channel at an earlier time. If the incorrect PIN code fs inserted Into the mobile telephone then the message will not display in plain text unencrypted format but will remain in encrypted format. If the correct PIN code is entered into the mobile telephone the message from the sender of the encrypted message will be shown in decrypted format on the screen of the mobile telephone as shown in Figure 3e.
  • the Bank indicated generally by the reference numeral 27, comprises a web service 20 and means to encrypt and decrypt messages provided by Encryption/Decryption API 31,
  • Encryption/Decryption API 31 When the bank wishes to transmit a message to the user of the mobile telephone 7 it encrypts a message and stores the message in message database 33.
  • a controller 35 identifies that a message has been stored in the message database 33 and automatically creates a separate SMS message which it sends to the mobile telephone 7 via the SMSC 5.
  • the SMS message sent to the mobile telephone notifies its operator that there is an encrypted message stored for them at their bank. Conceivably, this could be a notification that they are overdrawn, that their direct debits have failed to process, what their account balance is, what their credit limit is or any other piece of confidential information that they may wish to transfer to the mobife telephone user. In this instance, it could be suggested that the bank is operating as a secure message server storing the encrypted message for the customer.
  • the mobile telephone user On receiving the SMS message the mobile telephone user opens the encrypted banking application on their mobile telephone in the known manner similar to any other application. On opening the application the user is prompted on the main application screen 39 with a number of different functions Including but not limited to Balance, Mini
  • the banking application is similar in many ways to the standard encryption/secure messaging application simply with dedicated banking options provided to the user of the mobile telephone.
  • the user of the mobile telephone could also conceivably use the standard secure messaging application to correspond with the bank.
  • FIG. 5 of the drawings where like parts have been given the same reference numerals as before, there is shown a schematic representation of the mobile telephone user sending an encrypted message Io their bank.
  • screenshot 51 the mobile telephone user has opened their banking application on their mobile telephone.
  • screenshot 53 the user is prompted with the various options open to them. The user may scroll up and down the list until they reach the desired service, in this case, the user wishes to know what their balance is.
  • the user selects Balance from the list of options and they are shown the screenshot 55 where they are prompted to input the last four digits of their account number. This is particularly useful if the user has a number of accounts at the bank e.g. credit card account, current account and a savings account, so that the correct account balance may be transmitted to them.
  • the bank e.g. credit card account, current account and a savings account
  • this may act as an obstacle to an unscrupulous individual who gains access to the telephone from retrieving account details of the mobile telephone owner.
  • a list of availabfe accounts could be displayed for the user to select one from the list.
  • the security would be provided by the encryption of the messages. Only the user of the mobile telephone should know their PIN code that was previously agreed with the bank.
  • the mobile telephone operator is prompted to enter their Balance PIN number.
  • this is a code that has already been agreed by the bank and the mobile user and this encrypts the balance enquiry request.
  • the balance enquiry is encrypted by the mobile telephones encryption/decription API 59 and then sent to the bank web service 43 via the World Wide Web 41.
  • the bank decrypts the request using its own Encryption/Decryption API 31 and on determining that the request is a valid one, looks up its database 61 containing customer account information and retrieves the relevant information. Once the relevant information has been retrieved, the bank encrypts the information using the Encryption/Decryption API 31 and transmits a secure message back to the mobile telephone.
  • the mobile telephone user on receiving the response, decrypts the message using the secret PIN code in the manner previously described and views the message as shown in screenshot 63.
  • step 71 the Encryption/Decryption API retrieves a message from the mobile telephone user.
  • step 73 the message is separated out into a number of separate individual characters.
  • step 75 each character in the string of characters that makes up the message is substituted by its decimal representation that corresponds to that individual character.
  • step 77 a modulus operation is performed on the character number ⁇ positron ⁇ in the string of characters. It is envisaged that the modules operation will correspond to the number of digits in the users PIN code. Therefore, if there are 4 digits in the users PIN code, a modulus 4 operation will be carried out.
  • step 79 once the modulus operation has been carried out for each number in the string, the remainder value that is calculated by the modulus operation is used to select one of the digits from the PIN number.
  • the remainder of the modulus operation on that character number corresponds to the chosen digits position in the PIN number.
  • That chosen digit value is then added to the decimal number in step 81 and in step 83 the decimal number that is formed by adding the decimal representation of the character to the relevant PIN digit value in step 81 is transformed into a Hexidecimal value.
  • a padding operation is performed on the Hexidecimal representation. The message is then ready to be sent. It will be readily understood that the above operations could be reversed by the receiver as they know what type of padding has been used and furthermore they know the PIN number that will be required to decode the message. This provides a simple encryption/decryption algorithm specifically for mobile telephones that is computationally efficient.
  • the third character in the string will have a modulus of three (three divided by four goes zero times with three remaining) and the sixth character in the string will have a modulus of two (six divided by four goes once with two remaining).
  • Using the same example given above and performing a modulus four operation on each of the characters in the string we achieve a modulus representation for the string of "1 ,2,3,0,1 ,2,3,0,1 ,2,3,0,1 ,2". These values are then used to take a number from the PIN and a PIN calculation for the string is obtained as shown "5,6,7,4,5,6,7,4,5,6,7,4,5,6". These values are then added to the decimal representation of the characters in the string i.e.
  • the recipient can then, with knowledge of the type of padding that has been used and the PIN number extrapolate the original message by reversing the above steps.
  • This is one simple encryption algorithm that could be used to provide a minimum amount of security to the transmissions between the two mobile telephones, it will be understood that other simple operations could be performed such as multiplication and addition/subtraction operations as long as the receiving party is aware of the method of encryption used.
  • Rijndael comprises a very flexible encryption process.
  • a preliminary Add Round Key step is performed which consists of XORing a subkey with the block, then a number of regular rounds are performed followed by a final round which consists of a regular round with a single step from the regular round omitted.
  • Each regular round of the Rijndael specification comprises four main steps, a first Byte Sub step where each byte of the block of data is replaced by it's substitute in an S-box, a second Shift Row step where the rows of the block are each shifted by a predetermined number of shift operations, a third Mix Column step whereby each column is multiplied by a matrix and finally an Add Round Key step is performed which comprises XORing in the subkey of the current round.
  • the final round discussed above omits the Mix Column step.
  • static tables could be used which would help speed up the process of encryption and decryption.
  • These static tables are generally 256 words in size.
  • three different versions of the encryption could be used, for example a fast version having 8Kb of static tables, four tables for encryption and four tables for decryption.
  • a Medium speed version having 2 Kb of tables, one table for encryption and one table for decryption.
  • the medium speed version would then perform twelve rotate operations per round in order to compute the values of the other tables from the original table.
  • a slow version would not benefit from the use of any static tables at all and would compute the values in each round of the encryption.
  • messages have been described as being sent to and from the mobile telephones via a web server or a secure messaging server. It will be understood however that messages could be sent directly from one mobile telephone to another mobile telephone as long as the recipient is aware of the type of encryption used and the PIN code and their telephone is loaded with the appropriate software they will be able to decipher the message sent to them.
  • messages needn't be sent through a web service but could be sent directly to a receiver in a Bank for example and the enquiries could be dealt with by customer service personnel in a normal manner of handling enquiries. The customer service personnel could then transmit the messages back to the mobile telephone in an encrypted format. This will be understood by the skilled addressee.
  • the messages that are being sent in an encrypted form between two parties are by and large transmitted using GPRS and not using SMS messaging.
  • SMS messaging it may be possible to use the algorithms provided for the encryption and decryption of SMS messages, by avoiding the use of SMS messaging the system is not restricted by any of the limitations associated with SMS messaging. This is significant as the GPRS messaging can be implemented on the older Series 30 and Series 40 mobile telephones and no modifications to the existing telephones SMS functionality will be required.
  • the GPRS messaging is also a particularly quick and efficient way of transmitting the messages and is seen as particularly useful for the delivery and retrieval of encrypted messages.
  • the secure message server and the short messaging service centre have been shown as separate entities but it will be understood that in practice these pieces of equipment may be housed together in the same location and even may be implemented on a single machine if need be. For simplicity though they have been shown apart.
  • items of equipment and apparatus have been described as being “remotely located” or simply as being “remote”. It will be understood that these are to mean separate and it is envisaged that remote may indeed mean in a different jurisdiction to the other pieces of apparatus. Indeed it is envisaged that it may be desirable to have a secure message server located in a jurisdiction remote from the mobile telephone and similarly, secure messages may be sent from abroad when the owner of the mobile telephone is away from their normal place of residence.
  • the program code may be source code, object code or a form intermediate source code and object code, furthermore the program may be stored on or in a carrier, such as a memory storage device including but not limited to a CD ROM, a ROM, an EPROM, a DVD, a PROM, or a carrier such as a carrier signal transmitted on a cabte, fibre optic or other cable, or modulated signal transmitted over a communication channel, in which case the cable and the channel respectively are deemed to constitute the carrier.
  • a carrier such as a memory storage device including but not limited to a CD ROM, a ROM, an EPROM, a DVD, a PROM, or a carrier such as a carrier signal transmitted on a cabte, fibre optic or other cable, or modulated signal transmitted over a communication channel, in which case the cable and the channel respectively are deemed to constitute the carrier.
  • one party may not require a GPRS transmitter or a GPRS receiver.
  • the computer or server may not use GPRS communications.
  • they may use other communication methods with between themselves and an encrypted web server and the encrypted web server will thereafter use GPRS communications with the mobile telephone.

Abstract

This invention relates to a method and system for transfer of secure messages to and from a mobile telephone. More specifically, this invention relates to a method of providing encrypted messaging on primitive mobile telephones, such as Series 30 and Series 40 mobile telephones, that may be independent of SMS messaging and that does not require significant amounts of memory on the mobile telephone to operate. This is achieved in part by carefully selecting a suitable encryption algorithm and thereafter optimizing the suitable encryption algorithm code. All encryption and decryption functions may be earned out on the mobile telephone thereby providing enhanced security without requiring external encryption servers. There is further provided a method of providing a suitable encryption algorithm for a mobile telephone.

Description

"An Encryption method and system for mobile telephones"
This invention relates to an encryption method and system for mobile telephones. Furthermore, this invention relates to a system for the transfer of secure messages to and from a mobile telephone, the system comprising a mobile telephone, a remote third party device for sending and receiving secure messages to and from the mobile telephone, and a communication network connecting the mobile telephone and the third party device.
Mobile telephones are fast becoming the most popular means of communication for business users and private users alike. So popular has the introduction of mobile telephony been over the last few years that many users have abandoned more traditional communication methods, such as land line telephony, almost entirely in favour of the use of their mobile telephone. As a result of the widespread use of these mobile telephones, the demands being placed on the mobile telephones are increasing. The users of the mobile telephones are constantly looking for new ways in which they can use their mobile telephones to their advantage. Numerous different services are being introduced specifically with the mobile telephone user in mind. Mobile telephone users can now use their mobile telephones to send and receive Short Messaging Service (SMS) text messages, send and receive email and carry out numerous other functions such as keep an appointment book on their mobile telephone. Other mobile telephones have been Introduced that are so-called Wireless Application Protocol (WAP) enabled that allows the user to review a limited amount of material on their mobile telephone such as the television listings, sports results and lottery numbers. More recently, mobile telephones claiming practically full access to the Internet and the World Wide Web have been introduced that allow their users to browse through web pages for material that is of interest to them.
There are however various problems and limitations associated with these mobile telephones and the services that may be offered to the user of the mobile tefephones. One of the main problems associated with mobile telephones in general is that the mobile telephone is not in fact a very secure device. It is relatively easy for unscrupulous characters to intercept communications involving a mobile telephone and use the information gained therefrom to their personal advantage. For example, SMS messages and the like transmitted from a mobile telephone are typically transmitted via an SMS center (SMSC) where a copy of the SMS message is made prior to the onward transmission of the SMS message to the intended recipient. It is entirely conceivable that individuals could gain access to this information contained in the SMS message at the SMSC and use the information to their advantage. Furthermore, mobile telephones are frequently being stolen and once in the possession of a third party the information contained on the mobile telephone can usuaily be accessed without difficulty, The third party can often use this information to their advantage or may generally cause a nuisance to the original owner of the mobile telephone. It is therefore often undesirable to have personal information contained on the mobile telephone as it woutd be harmful if the information were accessed in the event of the mobile phone being tost or stolen.
One of the main problems related to the general lack of security of mobile telephones is that it places a limitation on the information that may be stored on and transmitted over the mobile telephone. It is generally accepted that sensitive information such as bank account details should not be sent to or from a mobile telephone due the danger of the information being intercepted at some point by a third party. This reduces the effectiveness and usefulness of the mobile telephone.
Furthermore, due to the increasing popularity of mobile telephones, advertisers are beginning to send what is commonly referred to as spam messages to the mobile telephones as a way of advertising their goods or services to the mobile telephone users. These spam messages are more often than not unwanted by the recipient and are considered to be a nuisance. Furthermore, it has been known for entirely unsuitable spam messages of an adult content to be sent to minors and other unsuitable recipients, it would be preferable to provide a method by which these messages from unknown sources could be filtered in a simple manner.
Heretofore, various solutions to the above problems have been proposed. One such solution has been the implementation of encryption of the SMS messages transmitted and received by the Mobile telephone. An example of one such system is described in PCT publication number WO01/95558, in the name of Matsushita Mobile Communication Development Corporation of the USA. This describes a method of scrambling an SMS message prior to transmission of the SMS message. The scrambling appears to be a relatively simple encryption method and this method appears to be restricted to SMS messaging. One difficulty with SMS based systems is that the use of SMS messaging is not a universally available service and this limits the ability of the user to operate the SMS based encryption messaging in certain jurisdictions.
More importantly, the main problem with the known methods of encryption is that in order to be sufficiently robust and resilient to attack so that they may he used to transmit sensitive information such as banking details, intricate encryption algorithms must be used. These intricate algorithms are computationally expensive and require a significant amount of memory to store the encryption program. Many of the encryption algorithms that could provide an adequate level of security for the transfer of bank details, for example the Advanced Encryption Standard (AES) specification according to Rijndael, typically require in the region of 864Kb of memory in order to operate. Mobile communication devices typically have a very restricted amount of memory available to them and only the most up to date mobile telephones, the so-called Series 60 mobile telephones, are able to avail of these services. The Series 60 telephones are still however inaccessible to many mobile telephone users due to the high cost and at present many mobile telephone users only have access to Series 30 or Series 40 telephones which have a limited memory of 30Kb and 84 Kb respectively. Heretofore, it has not been possible to provide a robust form of encryption on these mobile telephones.
One afternalive solution that has been proposed is to transmit the SMS messages through a dedicated Encryption Server prior to onward transmission to the intended recipient. This has the advantage that the computational burden is removed from the mobile telephone onto the Encryption Server. Although allowing a degree of security to be introduced, this method still suffers from the problem of the transmissions being sent in an unencrypted form from the mobile telephone to the Encryption Server as well as the messages being stored at the Encryption Server in an unencrypted format thereby leaving the communications vulnerable to interception at either of these times.
Furthermore, dedicated encryption servers are expensive to provide.
It is an object therefore of the present invention to provide a system and method for the transfer of secure messages to and from a mobile telephone that overcomes at least some of the difficulties with the known methods and systems that is both secure and simple to operate. It is a further object of the present invention to provide an encryption method and system that operates on Series 30 and Series 40 mobile telephones and that does not require an external Encryption Server.
Statements of Invention
According to the invention, there is provided a system for the transfer of secure messages to and from a mobile telephone, the system comprising:
a mobile telephone;
a remote third party device for sending and receiving secure messages to and from the mobile telephone; and
a communication network connecting the mobile telephone and the third party device; characterised in that
both the mobile telephone and the third party device have a General Packet Radio Service (GPRS) transmitter for transmitting secure messages via GPRS over the communication network and a GPRS receiver for receiving secure messages via GPRS over the communication network;
both of the mobile telephone and the thind party device have a GPRS secure messaging application thereon, the GPRS secure messaging application comprising a word processor and an encryptor, the word processor being operable to allow a user of the mobile telephone or the remote third party device to compose a message for subsequent encryption and transmission and to read received decrypted messages, and the encryptor having means to encrypt messages for transmission and means to decrypt received secure messages using an optimised encryption algorithm and an appropriate password entered by the user. By having such a system, it will be possible to transmit and receive secure messages to and from a mobile telephone. The system is not reliant on SMS messaging and the secure encrypted messages are transmitted using GPRS which is available to the existing mobile telephones. Furthermore, by using GPRS in conjunction with an optimized encryption algorithm, the footprint of the program code may be greatly reduced thereby allowing a more secure encryption algorithm to be used in the system thereby providing more robust security to the users and therefore it will be possible to transmit highly sensitive information in a secure manner. It is no longer necessary to provide expensive dedicated encryption servers in order to allow robust encryption techniques to be used.
In one embodiment of the invention there is provided a system in which the system further comprises a secure message server having a memory and in which secure messages are transmitted to the secure message server and stored in secure message server memory for subsequent collection by the intended recipient. In this way, the recipients may determine where and when they collect the information from the secure message servar and they may effectively use the secure message server as an external memory to store their secure messages.
In another embodiment of the invention there is provided a system in which the system further comprises a remote short messaging service centre (SMSC) in communication with the secure message server, from which SMSC a notification is sent to the intended recipient on the secure message server receiving a secure message indicating that a secure message awaits their collection. This is seen as a simple way to alert the recipient that they have a secure message waiting for their collection. It is important to clearly state that the secure message itself is not sent via SMS and it is only a message saying that a secure message has been posted that is sent by SMS. The system is not reliant on SMS for the transmission of secure messages.
In a further embodiment of the invention there is provided a system in which the remote third party device further comprises a web server. It is envisaged that the web server may be operated by a banking institution or the like that may now transmit information of a highly sensitive nature to their clients and customers. Similarly, the web server may be part of a subscription service and only those with current access codes to decrypt the message will be able to access the information contained in the message. Alternatively, the web server may be aimed at an adult audience that sends their information out randomly to a number of mobile telephone numbers and only adults who have access to the correct password would be able to access the information.
In one embodiment of the invention there is provided a system in which the remote third party device further comprises a mobile telephone. This is seen as a particularly υseful implementation of the present invention. This means that mobile telephone users may send and receive encrypted messages to each other and ensure that the communications are kept private and confidential.
In another embodiment of the invention there is provided a system in which the mobile telephone is one of a Series 30 or Series 40 mobile telephone.
In a further embodiment of the invention there is provided a system in which the encryptor's means to encrypt a message and means to decrypt a secure message using an optimized encryption algorithm further comprises an optimized encryption algorithm programmed in object oriented code, the optimized encryption algorithm having no packages or sub-packages in the code and in which all functionality is developed as classes in the code. This is seen as particularly useful. By having an optimized encryption algorithm in this format, it is possible to reduce the size of the encryption algorithm to less than 20Kb which means that it may be used on primitive mobile telephones that do not have substantial amounts of free memory to spare for encryption purposes. The encryption algorithm may be installed on a users mobile telephone or on another third party device in a very simple and quick manner.
In one embodiment of the invention there is provided a system in which the optimized encryption algorithm has all additional API .jar files removed from the code. This will further help to reduce the footprint of the program.
In another embodiment of the invention there is provided a system in which the object oriented code is one of Java and C++. In a further embodiment of the invention there is provided a system in which the system further comprises a remote web server accessible by mobile telephones, the remote web server having the GPRS secure messaging application stored thereon for transmission to a mobile telephone via GPRS on request by the mobile telephone.
In one embodiment of the invention there is provided a system in which the means to encrypt and means to decrypt a secure message further comprises an AES encryption algorithm according to the Rijndael specification. This is seen as a particularly robust form of encryption to use that is commonly used by security and banking institutions for their communications over the computer networks. By implementing such a robust form of encryption, the communications will be safe from attack and virtually impenetrable which will encourage the uptake of the encryption service.
In another embodiment of the invention there is provided a system in which the encryptor further comprises a plurality of static tables, at least one static table for use in the encryption of data and at least one static table for use in the decryption of data. By having a static table, the speed of encryption using AES according to Rijndael will be sped up. The static tables do not take up a considerable amount of space and are seen as useful due to their benefits of enhancing the computation speed while not adversely affecting the storage capacity of the mobile telephone significantly.
In a further embodiment of the invention there is provided a system in which the means to encrypt and the means to decrypt a secure message further comprises one of a triple DES, Blowfish or RCA encryption algorithm. Those are also useful encryption algorithms thai may be used without departing from the spirit of the invention.
In one embodiment of the invention there is provided a method of transferring secure messages to and from a mobile telephone in a system comprising a mobile telephone, a remote third party device and a communication network connecting the mobile telephone and the remote third party device, both the mobile telephone and the remote third party device have a General Packet Radio Service (GPRS) transmitter for transmitting secure messages via GPRS over the communication network and a GPRS receiver for receiving secure messages via GPRS over the communication network, both the mobile telephone and the remote third party device having a GPRS secure messaging application thereon, the GPRS secure messaging application having a word processor and an encryptor, the word processor being operable to allow the user of the mobile telephone or the remote third party device to compose a message for subsequent encryption and transmission and to read received, decrypted messages, and the encryptor having means to encrypt messages for transmission and means to decrypt received secure messages using an optimized encryption algorithm and an appropriate password entered by the user, the method comprising the steps of:
one of the user of the mobile telephone and the user of the remote third party device composing a message using the word processor of the GPRS secure messaging application and encrypting that message with the optimized encryption algorithm and a password using the encryptor of the GPRS secure messaging application;
transmitting the encrypted secure message via GPRS using the communication network to the other of the mobite telephone and the remote third party device; and
providing the other of the mobile telephone user and the remote third party device user with the password for subsequent decryption of the encrypted secure message by the other user.
This is a particularly simple method of transmitting confidential information between a mobile telephone and another device in a safe and secure manner. It is envisaged that in the majority of cases, the secure messages wilt only be temporarily decrypted on the mobile telephone and that if the secure message is opened, viewed and then closed again, it will require the user of the mobile telephone to reenter the password In order to decrypt the secure message. This will ensure that the information can remain confidential even if the mobile telephone is lost or stolen and a third party gains access to the mobile telephone.
In another embodiment of the invention there is provided a method of transferring secure messages to and from a mobile telephone in which the method further comprises the step of transmitting the secure encrypted message to a remote secure message server, the message being stored in a memory of the remote secure message server for subsequent collection by the intended recipient.
In a further embodiment of the invention there is provided a method of transferring secure messages to and from a mobile telephone in which the method further comprises the step of transmitting a Short Message Service (SMS) message to the intended recipient indicating that a secure message has been sent to them and is currently stored in secure message server memory awaiting collection.
In one embodiment of lhe invention there is provided a method of transferring secure messages to and from a mobile telephone in which the step of encrypting the message further comprises encrypting the message using an optimized encryption algorithm programmed in an object oriented code, the optimized encryption algorithm having no packages or sub-packages in the code and in which all functionality is developed as classes in the code.
In another embodiment of the invention there is provided a method of transferring secure messages to and from a mobile telephone in which the step of encrypting the message using an optimized encryption algorithm further comprises encrypting the message using an optimized AES encryption algorithm according to the Rijndael specification,
In a further embodiment of the invention there is provided a method of transferring secure messages to and from a mobile telephone in which the step of encrypting the message using an optimized encryption algorithm further comprises encrypting the message using one of an optimized Triple DES algorithm, optimized Blowfish algorithm and an optimized RCA algorithm.
In one embodiment of the invention there is provided a method of providing an encryption algorithm for a primitive mobile telephone comprising the steps of;
selecting a suitable encryption algorithm in code form in an object oriented programming language; compressing and optimizing the code of the selected encryption algorithm, the step of optimizing lhe code of the encryption algorithm further comprising reducing the code space by discarding any packages and sub packages present in the main code and removing all additional API .jar files from the code; and
developing all functionality as classes within the encryption algorithm code.
By having such a method, an encryption algorithm that is significantly smaller in size than other encryption algorithms will be provided. This encryption algorithm may then be stored on Series 30 and Series 40 mobile telephones as they have sufficient storage capacity to hold the optimized code. The encrypted messages are able to be generated on the mobile telephone itself and this does not require the user to send the message to an encryption server for encryption or decryption.
In one embodiment of the present invention there is provided a method in which the step of selecting a suitable encryption algorithm comprises selecting one of AES according to the Rijndael specification, Blowfish, Triple DES or RCA. All of these algorithms may be optimized to a point where they have a relatively small footprint that will allow them to be stored on a mobile telephone, even a relatively primitive mobile telephone with little available memory.
In another embodiment of the invention there is provided a method in which the step of selecting a suitable encryption algorithm in an object oriented programming language further comprises choosing a suitable encryption algorithm in Java or C++. Both of these are seen as useful as they are commonly used in mobile telephony applications.
In a further embodiment of the invention there is a method of providing an encryption algorithm for a mobile telephone in which the method further comprises the steps of providing a static table for encryption of data and a static table for the decryption of data. By having static tables, the encryption of the data can be significantly sped up and therefore the burden on the processor will be greatly reduced. The tables themselves require a minimum amount of memory storage and are seen as useful. In a further embodiment of the present invention there is provided a method in which the method further comprises the step of providing relate functions to compute the values of additional static tables from the given static tables. This will allow a single static table to be used for encryption and a single static table to be used for decryption. These tables can then be used Io help create further tables and this will help speed up the encryption and decryption process significantly with a minimum trade off for memory.
In one embodiment of the present invention there is a method of providing an encryption algorithm for a mobile telephone in which there are provided four static tables for encryption and four static tables for decryption. By having tour static tables for encryption and four static tables for decryption, more memory is required for the storage of the optimized algorithm. However, the encryption and the decryption procedures will be sped up and therefore there is a tradeoff between speed and memory requirements. Typically, the amount of information being encrypted does not warrant extremely fast encryption but the choice is given to the mobile telephone user. In another embodiment of the present invention there is provided a method in which the static tables are 256 word tables.
In one embodiment of the present invention there is provided a method of encrypting a message to be sent from a primitive mobile telephone comprising the steps of:
separating the message into a string containing a plurality of separate individual characters;
substituting a decimal value that corresponds to that character for each of the individual characters of the message string;
and for each of the individual characters in the message string, performing a modulus operation on the position of the character in the string, using the modulus remainder result to select a number from a predetermined users password code and adding that number selected from the users password code to the decimal value; translating the new decimal value associated with each character in the string into hexadecimal format; and
building a padded hexadecimal representation of the string for subsequent transmission.
This is seen as a particularly useful encryption method that will require practically no alteration to the telephones existing functionality. The encryption provides a simple way of encrypting and decrypting the data with the minimum of processing power required and will allow a very small level of security to be achieved. This type of algorithm is seen as particularly useful far communications between friends that they may not wish other third parties who gain access to their mobile telephone to be able to read. Various minor changes such as further operation steps could be made to this type algorithm to make it even more secure if required. Furthermore, the decimal and hexadecimal numbering systems could be replaced by other substitution character sets but these are particularly simple to implement in a mobile telephone environment.
In another embodiment of the present invention there is provided a method in which the step of performing a modulus operation on the decimal value comprises the step of carrying out a modulus 4 operation on the decimal value. This is seen as useful particularly when a four digit password or PIN code is used. Essentially therefore, the modulus operation, performed can be determined by the number of digits in the password or PIN code of the user. If there were a total of three digits in the password, then a modulus three operation would be performed.
In a further embodiment of the present invention there is provided a method in which the step of building a padded hexadecimal representation of the string further comprises the additional step of utilizing PKCS#7 reversible padding.
In one embodiment of the present invention there is provided a method in which the step of encrypting the data further comprises operating a Cipher block chained (CBC) mode. In another embodiment of the present invention there is provided a method in which the method further comprises the step of providing digests for transaction tampering verification.
In a further embodiment of the present invention there is provided a secure messaging application product for a mobile telephone, the secure messaging application product comprising a word processor for writing, editing and reading messages, an encryptor for encrypting and decrypting secure messages and means for receiving a password specific to each message for use in the encryption or decryption of the message, the secure messaging application product encryptor having means to encrypt and means to decrypt the message using an optimized encryption algorithm and a password received from a user.
In this way, all the encryption and the decryption may be carried out on the telephone itself and no further external processors will be required. It is envisaged that the encryptor will not operate on SMS messages but on individual secure messages in the dedicated word processor and this will allow a system that operates without the constraints of SMS messaging. It is envisaged that the messages may in fact be sent via GPRS rather than as SMS messages as this will provide a particularly flexible architecture in which the encryption and decryption of messages may be carried out. It is further envisaged that the encryptor wilI encrypt the message using an optimized AES or similar optimized algorithm and will be therefore able to operate on Series 30 or Series 40 telephones.
In one embodiment of the present invention there is provided a secure messaging application product for a mobile telephone in which the optimized encryption algorithm further comprises an optimized encryption algorithm in object oriented code, the optimized encryption algorithm having no packages or sub-packages in the code and in which all functionality is developed as classes in the code.
In another embodiment of the present invention there is provided a secure messaging application product in which the optimized encryption algorithm further comprises an Advanced Encryption Standard (AES) algorithm according to the Rijndael specification. In a further embodiment of the present invention there is provided a secure messaging application product in which the encryptor further comprises at least two static tables, one for use in the encryption of messages and one for the decryption of messages.
In one embodiment of the present invention there is provided a secure messaging application product in which the encryptor has means to perform a rotate operation on the static tables.
In another embodiment of the invention there is provided a secure messaging application product in program code form, stored on a carrier.
In a further embodiment of the invention there is provided a mobile telephone having the secure messaging application product as claimed in any of daims 32 to 37 loaded thereon.
Detailed Description of the Invention
The invention will now be more clearly understood from the following description of some embodiments thereof given by way of example only with reference to the accompanying drawings in which:-
Figure 1 is a schematic representation of a typical system in which the mobile telephones having the encryption product according to the present invention operate;
Figure 2 is an alternative schematic representation of a typical system in which the mobile telephones operate;
Figures 3a to 3e inclusive show a number of screenshots of mobile telephones operating the encryption product;
Figure 4 is a schematic representation of a mobile telephone having the encryption product loaded thereon communicating with a banking institution; Figυre 5 is a schematic representation of the mobile telephone of Figure 4 carrying out a communication with the banking institution;
Figure 6 is a block diagram of a method of encoding data according to the present invention; and
Figure 7 is a representation of the S and S-1 blocks used in the encryption process according to the present invention.
Referring to the drawings and initially to Figure 1 thereof there is shown a schematic representation of a typical communications system in which a mobile telephone having the secure messaging application according is the invention operates. The communications system, indicated generally by the reference numeral 1 , comprises a Secure Message Server 3, a Short Messaging Service Centre (SMSC) 5 and a plurality of mobile telephones 7, only two of which are shown, having the secure messaging application according to the present Invention loaded thereon. In use, one of the mobile telephone users decides to transmit a secure message to the other mobile telephone user and operates their moblie telephone to create a message to be sent. This message is then encrypted on their mobile telephone before being transmitted to the Secure Message Server 3. The other mobile telephone user can then periodically check the Secure Message Server for any messages being held for them. On seeing that there is a secure message for them on the intermediate Secure Message Server 3, the second mobile telephone user downloads the message from the Secure Message Server 3 to their mobile telephone 7. The second mobile telephone user then contacts the sender of the secure message to determine the PIN code to allow them to decrypt the message on their mobile telephone. Alternatively, the mobile telephone users may have previously agreed a PIN code between them that is to be used for communications therebetween.
In one alternative embodiment, an SMS alert message in plain text format, i.e. not encrypted is sent to the second mobile telephone to alert the user to the fact that there is a message waiting for them on the server. The second mobile telephone user may then operate their mobile telephone to retrieve the message from the server. The SMS message may be automatically sent by the Secure Message Server 3 to the second mobile telephone 7 via the SMSC 5 once it receives a secure message from the first mobile telephone 7. The SMS message does not contain any of the message text and may or may not indicate who the secure message is from. Alternatively, rather than the Secure Message Server sending an SMS message to fhe SMSC 5 for onward transmission to the mobile telephone, the secure message server 3 may simply send the relevant information to the SMSC 5 so that the SMSC 5 can generate the SMS message and transmit the SMS message to the mobile telephone 7 itself.
Referring now to Figure 2 of the drawings there is shown an alternative schematic representation of a typical system in which the mobile telephones operate and in particular a system in which the mobile telephones can interact with various web servers 9. The mobile telephone user may install the secure messaging application on their mobile telephone 7 by first of all contacting a selling agent 11 in the known manner by sending a text message or making a call to the selling agent 11 over a premium rate mobile number. On receipt of the communication from the mobile user, the selling agent will transmit an SMS message to the mobile telephone 7 with a web link embedded in the SMS message. The telephone bill of the SMS user may be charged in the normal manner for this service. Once the mobile telephone user has the web link they can then contact the web servers 9 upon which the encryption algorithms are stored. The mobile telephone user then downloads the encryption algorithm and telephone interface from the web server and installs tham on their mobile telephone. The mobile telephones can send and receive encrypted messages either directly to each other or via the web servers. In order to purchase further credit, the mobile telephone user contacts the web server by sending a simple text message to a premium rate number. The mobile telephony user's account is then updated once payment is cleared. Their account credit can then be updated. Billing may be carried out to their mobile telephone bill or alternatively, the user of the mobile telephone will communicate their credit or debit card details to the web server operators so that they can be billed without any indication showing up on their mobile telephone bid. As an alternative to the mobile telephone users having to download the secure messaging application, the secure messaging application may in certain cases be preinstalled on the mobile telephone.
Referring to Figure 3a to 3e of the drawings there are shown a number of screen shots of a mobile telephone operating the secure messaging application according to the present invention. In Figure 3a, there is shown the main application screen 13 on the mobile telephone. The mobile telephone may still be navigated in the normal manner. In the main application screen, the user is prompted to input which service they require. In the embodiment shown there are five separate options available to them, namely, New Secret 15, Read Secret(s) 17, Friends 19, Secret Archive 21 and Clear Archive 23. The function of each of these is self explanatory but for reasons of completeness a brief description will be given. The new secret 15 if selected prompts the user to create a message to be sent encrypted to a third party (not shown), read secret(s) 17 if selected allows the user to read any messages that have been sent to the mobile telephone by prompting them to decrypt the message that has bean received, the Friends 19 option stores a list of other individuals or third parties that also have the facility Io decrypt messages sent by the mobile telephone user, the Secret archive 21 stores all previous messages kept by the mobile telephone user, these messages may be in encrypted or decrypted form (although it is envisaged that they will preferably be kept in encrypted form to avoid any sensitive information being made available in case the mobile telephone is mislaid or stolen) and finally the clear archive allows for all messages stored in the archive to be deleted from memory.
Referring specifically to Figures 3b to 3e inclusive there Is shown a number of screen shots of a mobile telephone 7 in which the mobite telephone user carries out a message retrieval. In Figure 3b the mobite telephone user has already selected the Read Secret(s) option on thsir main application screen. The mobile telephone polls the Secure Message Server (not shown) for any messages stored thereon for the mobile telephone user and retrieves the messages to the mobile telephone. The encrypted messages are then stored on the mobile telephone. In Figure 3c the mobile telephone user is given a list of senders of secure messages to their mobile telephone. In this instance, the senders are identified by a telephone number to preserve their identity. Alternatively, the name as found in the mobile users address book could be used or some other identifier to denote the sender of the secure message. The mobile telephone user selects the desired number in the normal manner. Once the mobile telephone user has selected the desired message, the mobile telephone user is prompted to input the PIN code associated with the sender of the secure message in order to allow them to decrypt the secure message (Figure 3d). The PIN code will preferably have been communicated to the mobile telephone user by an alternative cornmunication channel at an earlier time. If the incorrect PIN code fs inserted Into the mobile telephone then the message will not display in plain text unencrypted format but will remain in encrypted format. If the correct PIN code is entered into the mobile telephone the message from the sender of the encrypted message will be shown in decrypted format on the screen of the mobile telephone as shown in Figure 3e.
Referring now to Figure 4 of the drawings there is shown a schematic representation of the mobile telephone having the encryption application loaded thereon using their device to obtain confidential Information relating to their account from a bank, where like parts have been given the same reference numerals as before. The Bank, indicated generally by the reference numeral 27, comprises a web service 20 and means to encrypt and decrypt messages provided by Encryption/Decryption API 31, When the bank wishes to transmit a message to the user of the mobile telephone 7 it encrypts a message and stores the message in message database 33. A controller 35 identifies that a message has been stored in the message database 33 and automatically creates a separate SMS message which it sends to the mobile telephone 7 via the SMSC 5. The SMS message sent to the mobile telephone notifies its operator that there is an encrypted message stored for them at their bank. Conceivably, this could be a notification that they are overdrawn, that their direct debits have failed to process, what their account balance is, what their credit limit is or any other piece of confidential information that they may wish to transfer to the mobife telephone user. In this instance, it could be suggested that the bank is operating as a secure message server storing the encrypted message for the customer.
On receiving the SMS message the mobile telephone user opens the encrypted banking application on their mobile telephone in the known manner similar to any other application. On opening the application the user is prompted on the main application screen 39 with a number of different functions Including but not limited to Balance, Mini
Statement, Top-up, Cheque book request and messages. The user, desiring to retrieve a message sent by the bank selects the message option and retrieves the encrypted message from the Message database 33 of the bank via the World Wide Web 41 and the banks web service 43. The message is retrieved in encrypted formal and stored on the mobile telephone 7. The mobile telephone user sees the screenshol shown in mobile telephone screenshot 45 where a message is waiting from the bank. In screenshot 47, the mobile telephone user is prompted to enter the decryption password/PIN code for the Banks message. Again this password/PIN code will have been agreed at an earlier time by the two parties and may for example be a number of digits used to form part of a bank account number belonging to the mobile telephone user. Once the correct password/PIN has been entered, the message from the bank is displayed as in screenshot 40. The banking application is similar in many ways to the standard encryption/secure messaging application simply with dedicated banking options provided to the user of the mobile telephone. The user of the mobile telephone could also conceivably use the standard secure messaging application to correspond with the bank.
Referring to Figure 5 of the drawings, where like parts have been given the same reference numerals as before, there is shown a schematic representation of the mobile telephone user sending an encrypted message Io their bank. In screenshot 51 the mobile telephone user has opened their banking application on their mobile telephone. In screenshot 53 the user is prompted with the various options open to them. The user may scroll up and down the list until they reach the desired service, in this case, the user wishes to know what their balance is. The user selects Balance from the list of options and they are shown the screenshot 55 where they are prompted to input the last four digits of their account number. This is particularly useful if the user has a number of accounts at the bank e.g. credit card account, current account and a savings account, so that the correct account balance may be transmitted to them. Furthermore, this may act as an obstacle to an unscrupulous individual who gains access to the telephone from retrieving account details of the mobile telephone owner. Alternatively, a list of availabfe accounts could be displayed for the user to select one from the list. The security would be provided by the encryption of the messages. Only the user of the mobile telephone should know their PIN code that was previously agreed with the bank.
In screenshot 57, the mobile telephone operator is prompted to enter their Balance PIN number. Preferably, this is a code that has already been agreed by the bank and the mobile user and this encrypts the balance enquiry request. The balance enquiry is encrypted by the mobile telephones encryption/decription API 59 and then sent to the bank web service 43 via the World Wide Web 41. Once received by the bank, the bank decrypts the request using its own Encryption/Decryption API 31 and on determining that the request is a valid one, looks up its database 61 containing customer account information and retrieves the relevant information. Once the relevant information has been retrieved, the bank encrypts the information using the Encryption/Decryption API 31 and transmits a secure message back to the mobile telephone. The mobile telephone user, on receiving the response, decrypts the message using the secret PIN code in the manner previously described and views the message as shown in screenshot 63.
Referring to Figure 6 there is shown a block diagram of a method of encoding data according to the present invention. In step 71 the Encryption/Decryption API retrieves a message from the mobile telephone user. In step 73 the message is separated out into a number of separate individual characters. In step 75, each character in the string of characters that makes up the message is substituted by its decimal representation that corresponds to that individual character. In step 77, a modulus operation is performed on the character number {positron} in the string of characters. It is envisaged that the modules operation will correspond to the number of digits in the users PIN code. Therefore, if there are 4 digits in the users PIN code, a modulus 4 operation will be carried out. In step 79, once the modulus operation has been carried out for each number in the string, the remainder value that is calculated by the modulus operation is used to select one of the digits from the PIN number. The remainder of the modulus operation on that character number corresponds to the chosen digits position in the PIN number.
That chosen digit value is then added to the decimal number in step 81 and in step 83 the decimal number that is formed by adding the decimal representation of the character to the relevant PIN digit value in step 81 is transformed into a Hexidecimal value. In step 85 a padding operation is performed on the Hexidecimal representation. The message is then ready to be sent. It will be readily understood that the above operations could be reversed by the receiver as they know what type of padding has been used and furthermore they know the PIN number that will be required to decode the message. This provides a simple encryption/decryption algorithm specifically for mobile telephones that is computationally efficient.
For example, if the user wished to send the message "Hello Stafford" to a friend the encryption algorithm would first of all separate the message into the individual characters like so, "H-e-l-l-o-SPACE-S-t-a-f-f-o-r-d". Each of these characters would be given its recognised decimal value according to normal conversion convenlion, namely "72-101- 108-108-111-32-83-116-97-102-102-111-114-100". We now have a decimal representation of the message. A modulus operation is then performed on each character in the string based on its position in the string. If for example the PlN number is a four digit number say, 4567, a modulus four operation is carried out on all the character positions in the string. The third character in the string will have a modulus of three (three divided by four goes zero times with three remaining) and the sixth character in the string will have a modulus of two (six divided by four goes once with two remaining). Using the same example given above and performing a modulus four operation on each of the characters in the string we achieve a modulus representation for the string of "1 ,2,3,0,1 ,2,3,0,1 ,2,3,0,1 ,2". These values are then used to take a number from the PIN and a PIN calculation for the string is obtained as shown "5,6,7,4,5,6,7,4,5,6,7,4,5,6". These values are then added to the decimal representation of the characters in the string i.e. "72-101-108-108-111-32-83-116-97-102-102-111-114- 100" + "5,8,7,4,5,6,7,4,5,6,7,4,5,6" to give the decimal string of "77-107-115-112-116- 38-90-120-102-108-109-115-119-106". This decimal string is then transformed into its Hexidecimal representation to give "4D-6B-73-7U-74-26-5A-78-66-SC-6D-73-77-6A". Once the hexidecimal representation has been determined the hexidecimal representation may then be padded using whatever form of padding that is suitable before the message is sent off to the intended recipient. The recipient can then, with knowledge of the type of padding that has been used and the PIN number extrapolate the original message by reversing the above steps. This is one simple encryption algorithm that could be used to provide a minimum amount of security to the transmissions between the two mobile telephones, it will be understood that other simple operations could be performed such as multiplication and addition/subtraction operations as long as the receiving party is aware of the method of encryption used.
Various other types of encryption have been described for use with the present invention such as AES according to the Rijndael specification. This is seen as a particularly efficient cipher to use. Rijndael, as it will now be referred to, comprises a very flexible encryption process. Typically, in order to encrypt a block of data using Rijndael, a preliminary Add Round Key step is performed which consists of XORing a subkey with the block, then a number of regular rounds are performed followed by a final round which consists of a regular round with a single step from the regular round omitted. Each regular round of the Rijndael specification comprises four main steps, a first Byte Sub step where each byte of the block of data is replaced by it's substitute in an S-box, a second Shift Row step where the rows of the block are each shifted by a predetermined number of shift operations, a third Mix Column step whereby each column is multiplied by a matrix and finally an Add Round Key step is performed which comprises XORing in the subkey of the current round. The final round discussed above omits the Mix Column step.
One of the main benefits of this method of encryption is that although the sequence is not symmetrical, the order of some of the steps in Rijndael could be changed without affecting the cipher. For example the Byte Sub step could be carried out after the Shift Row step. AIl that is important is that the sequence of steps be known for the decryption to be carried out successfully. Furthermore, due to the fact that the cipher begins and ends with an Add Round Key step, there is no wasted unkeyed step at the beginning or the end. The decryption process for Rijndael is also relatively straightforward and requires the reverse sequence of the encryption process with the steps reversed. For example, the inverse of the XORing operations (which is in itself a XORing operation), the Inverse of the Mix Column step matrix and the Inverse of the S-box. An example of the S -Box and the inverse of the S- box are shown in Figure 7 of the drawings. The above is given merely for Illustrative purpose only and It is in no way attempting to be a comprehensive explanation of Rijndael encryption as this is not considered to be absolutely necessary for the purposes of this specification. Those familiar in the art of encryption would be readily aware of the steps and operations performed in order to perform AES encryption according to Rijndael. A more comprehensive explanation in particular of the operation of AES Rijndael may be found in the document Federal information Processing Standards Publication 107 (Fips-197) published November 26th, 2001 and issued by the National Institute of Standards and Technology (NIST) and also published online at http://csrc.nist.gov/publications/fips197/fips-197.pdf the entire disclosure of which in relation to the implementation of AES according to Rijndael and the algorithms and static blocks and operations performed using AES according to Rijndael are incorporated herein by way of reference.
Other types of encryption that could be used in the implementation of the invention include Triple DES, Blowfish and RCA to name but a few. It will be understood that for more sensitive communications any of these methods or Rijndael will be used, for example in the transmission of banking details to or from a mobile telephone. In particular, AES according to the Rijndael specification is seen as a particularly preferred way of transferring the messages to and from the mobile telephone. This is a very secure code that would be extremely difficult, almost impossibfe for a third party to crack. The AES according to Rijndael is modified to allow its implementation on the Mobile telephone by optimizing the program code of the algorithm. This is achieved by first of all reducing the algorithm code footprint by removing any packages and sub packages from the code. All libraries and API .Jar files are also removed from the code and finally all of lhe functionality is developed as classes within the application. In this way the entire code for the AES encryption may be achieved in less than 20 Kb which is sufficient to allow the application to run on any of lhe existing Series 30 and Series 40 mobile telephone with their restricted memory. Preferably, the code will run on Java but it is envisaged that other code such as C++ could be used to implement the program using the same minimization techniques.
In addition to this, in order to perform the encryption using AES according to the Rijndael specification, various static tables could be used which would help speed up the process of encryption and decryption. These static tables are generally 256 words in size. It is envisaged that three different versions of the encryption could be used, for example a fast version having 8Kb of static tables, four tables for encryption and four tables for decryption. A Medium speed version having 2 Kb of tables, one table for encryption and one table for decryption. The medium speed version would then perform twelve rotate operations per round in order to compute the values of the other tables from the original table. A slow version would not benefit from the use of any static tables at all and would compute the values in each round of the encryption. Although called a "slow" version it will be understood that this is used merely as a relative term with respect to the other versions and in fact this version wilt still operate at a sufficiently high speed so that the telephone processing power is not overly burdened by the encryption and decryption processes.
In many circumstances in this specification, messages have been described as being sent to and from the mobile telephones via a web server or a secure messaging server. It will be understood however that messages could be sent directly from one mobile telephone to another mobile telephone as long as the recipient is aware of the type of encryption used and the PIN code and their telephone is loaded with the appropriate software they will be able to decipher the message sent to them. Similarly, messages needn't be sent through a web service but could be sent directly to a receiver in a Bank for example and the enquiries could be dealt with by customer service personnel in a normal manner of handling enquiries. The customer service personnel could then transmit the messages back to the mobile telephone in an encrypted format. This will be understood by the skilled addressee.
It is most important Io understand that the messages that are being sent in an encrypted form between two parties are by and large transmitted using GPRS and not using SMS messaging. Although it may be possible to use the algorithms provided for the encryption and decryption of SMS messages, by avoiding the use of SMS messaging the system is not restricted by any of the limitations associated with SMS messaging. This is significant as the GPRS messaging can be implemented on the older Series 30 and Series 40 mobile telephones and no modifications to the existing telephones SMS functionality will be required. The GPRS messaging is also a particularly quick and efficient way of transmitting the messages and is seen as particularly useful for the delivery and retrieval of encrypted messages.
Furthermore, in the majority of the examples shown, the secure message server and the short messaging service centre (SMSC) have been shown as separate entities but it will be understood that in practice these pieces of equipment may be housed together in the same location and even may be implemented on a single machine if need be. For simplicity though they have been shown apart. Furthermore, in many instances, items of equipment and apparatus have been described as being "remotely located" or simply as being "remote". It will be understood that these are to mean separate and it is envisaged that remote may indeed mean in a different jurisdiction to the other pieces of apparatus. Indeed it is envisaged that it may be desirable to have a secure message server located in a jurisdiction remote from the mobile telephone and similarly, secure messages may be sent from abroad when the owner of the mobile telephone is away from their normal place of residence. Furthermore, in the example of the banking institution, they may have customers in a number of countries yet they may provide their information from a single third party device which may be a server in another jurisdiction. These are intended to be covered under a reasonable interpretation of the claims. Many of the features of the present invention relate to computers and more specifically software programs that may run on computers and other computation devices, such as a mobile telephones processor. These programs may be loaded onto a device such as a mobile telephone memory and be used to implement the present invention. The program code may be source code, object code or a form intermediate source code and object code, furthermore the program may be stored on or in a carrier, such as a memory storage device including but not limited to a CD ROM, a ROM, an EPROM, a DVD, a PROM, or a carrier such as a carrier signal transmitted on a cabte, fibre optic or other cable, or modulated signal transmitted over a communication channel, in which case the cable and the channel respectively are deemed to constitute the carrier.
In certain embodiments, il is envisaged that one party may not require a GPRS transmitter or a GPRS receiver. For example, it is envisaged thai in the example of the banking institution and other embodiments where a computer or server is communicating with the mobile telephone using encrypted messaging, the computer or server may not use GPRS communications. Alternatively, they may use other communication methods with between themselves and an encrypted web server and the encrypted web server will thereafter use GPRS communications with the mobile telephone.
Throughout this specification the terms "comprise, comprises, comprised and comprising" and the terms Include, includes, included and including" have been used interchangeably and are to be afforded the widest possible interpretation.
This invention is in no way limited to the embodiment hereinbefore described but may be varied in both construction and detail within the scope of the claims.

Claims

Claims
1) A system for the transfer of secure messages to and from a mobile telephone, the system comprising:
a mobile telephone;
a remote third party device for sending and receiving secure messages to and from the mobile telephone; and
a communication network connecting the mobile telephone and the third party device; characterised in that
both the mobile telephone and the third party device have a General Packet Radio Service (GPRS) transmitter for transmitting secure messages via GPRS over the communication network and a GPRS receiver for receiving secure messages via GPRS over the communication network;
both of the mobile tefephone and the third party device have a GPRS secure massaging application thereon, the GPRS secure messaging application comprising a word processor and an encryptor, the word processor being operable to allow a user of the mobile telephone or the remote third party device to compose a message for subsequent encryption and transmission and to read received decrypted messages, and the encryptor having means to encrypt messages for transmission and means to decrypt received secure messages using an optimised encryption algorithm and an appropriate password entered by the user.
2) A system as claimed in claim 1 in which the system further comprises a secure message server having a memory and in which secure messages are transmitted to the secure message server and stored in secure message server memory for subsequent collection by the intended recipient. 3) A system as claimed in claim 2 in which the system further comprises a remote short messaging service centre (SMSC) in communication with the secure message server, from which SMSC a notification is sent to the intended recipient on the secure message server receiving a secure message indicating that a secure message awaits their collection.
4) A system as claimed in any preceding claim in which the remote third party device further comprises a web server.
5) A system as claimed in any of claims 1 to 3 in which the remote third party device further comprises a mobile telephone.
6) A system as claimed in any preceding claim in which the mobile telephone is one of a Series 30 or Series 40 mobile telephone.
7) A system as claimed in any preceding claim in which the encryptor's means to encrypt a message and means to decrypt a secure message using an optimized encryption algorithm further comprises an optimized encryption algorithm programmed in object oriented code, the optimized encryption algorithm having no packages or sub-packages in the code and in which alf functionality is developed as classes in the code.
8) A system as claimed in claim 8 in which the optimized encryption algoriltm has all additional API .jar files removed from the code.
9) A system as claimed in claim 7 or 8 in which the object oriented code is one of Java and C++.
10) A system as claimed in any preceding claim in which the system further comprises a remote web server accessible by mobile telephones, the remote web server having the GPRS secure messaging application stored thereon for transmission to a mobile telephone via GPRS on request by the mobile telephone. 11) A system as claimed in any preceding claim in which the means to encrypt and means to decrypt a secure message further comprises an AES encryption algorithm according to the Rijndael specification.
12) A system as claimed in claim 11 in which the encryptor further comprises a plurality of static tables, at feast one static table for use in the encryption of data and at least one static table for use in the decryption of data.
13) A system as claimed in any of claims 1 to 10 in which the means to encrypt and the means to decrypt a secure message further comprises one of a tripfe DES,
Blowfish or RCA encryption algorithm.
14) A method of transferring secure messages to and from a mobile telephone in a system comprising a mobile telephone, a remote third party device and a communication network connecting the mobile telephone and the remote third party device, both the mobile telephone and the remote third party device have a General Packet Radio Service (GPRS) transmitter for transmitting secure messages via GPRS over the communication network and a GPRS receiver for receiving secure massages via GPRS over the communication network, both the mobile telephone and the remote third party device having a GPRS secure messaging application thereon, the GPRS secure messaging application having a word processor and an encryptor, the word processor being operable to allow the user of the mobile telephone or the remote third party device to compose a message for subsequent encryption and transmission and to read received, decrypted messages, and the encryplor having means to encrypt messages for transmission and means to decrypt received secure messages using an optimized encryption algorithm and an appropriate password entered by the user, the method comprising the steps of:
one of the user of the mobile telephone and the user of the remote third party device composing a message using the word processor of the GPRS secure messaging application and encrypting that message with the optimized encryption algorithm and a password using the encryptor of the GPRS secure messaging application; transmitting the encrypted secure message via GPRS using the communication network to the other of the mobile telephone and the remote third party device; and
providing the other of the mobile telephone user and the remote third party device user with the password for subsequent decryption of the encrypted secure message by the other user.
15) A method of transferring secure messages to and from a mobile telephone as claimed in claim 14 in which the method further comprises the step of transmitting the secure encrypted message to a remote secure message server, the message being stored In a memory of the remote secure message server for subsequent collection by the intended recipient.
16) A method of transferring secure messages to and from a mobile telephone as claimed in claim 15 In which the method further comprises the step of transmitting a Short Message Service (SMS) message to the intended recipient indicating that a secure message has been sent to them and is currently stored in secure message server memory awaiting collection.
17) A method of transferring secure messages to and from a mobile telephone as claimed in any of claims 14 to 16 in which the step of encrypting the message further comprises encrypting the message using an optimized encryption algorithm programmed in an object oriented code, the optimized encryption algorithm having no packages or sub-packages in the code and in which all functionality is developed as classes in the code.
18) A method of transferring secure messages to and from a mobile telephone as claimed in claim 17 in which the step of encrypting the message using an optimized encryption algorithm further comprises encrypting the message using an optimized AES encryption algorithm according to the Rijndael specification. 19) A method of transferring secure messages to and from a mobile telephone as claimed in claim 17 in which the step of encrypting the message using an optimized encryption algorithm further comprises encrypting the message using one of an optimized Triple DES algorithm, optimized Blowfϊsh algorithm and an optimized RCA algorithm.
20) A method of providing an encryption algorithm for a primitive mobile telephone comprising the steps of:
selecting a suitable encryption algorithm in code form in an object oriented programming language;
compressing and optimizing the code of the selected encryption algorithm, the step of optimizing the code of the encryption algorithm further comprising reducing the code space by discarding any packages and sub packages present in the main code and removing all additional API .jar files from the code; and
developing all functionality as classes within the encryption algorithm code.
21) A method as claimed In claim 20 in which the step of selecting a suitable encryption algorithm comprises selecting one of AES according to the Rijndael specification, Blowfϊsh, Triple DES or RCA.
22) A method as claimed in claim 20 or 21 in which the step of selecting a suitable encryption algorithm in an object oriented programming language further comprises choosing a suitable encryption algorithm in Java or C++.
23) A method as claimed in any of claims 20 to 22 in which the method further comprises the steps of providing a static table for encryption of data and a static table for the decryption of data.
24) A method as claimed in any of claims 23 in which the method further comprises the step of providing rotate functions to compute the values of additional static tables from the given static tables. 25) A method as claimed in claim 23 in which the method comprises the steps of providing four static tables for encryption of data and four static tables for decryption of data.
26) A method as claimed in any of claims 23 to 25 in which the static tables are 256 word tables.
27) A method of encrypting a message to be sent from a primitive mobile telephone comprising the steps of:
separating the message into a string containing a plurality of separate individual characters;
substituting a decimal value that corresponds to that character for each of the individual characters of the message string;
and for each of the individual characters in the message string, performing a modulus operation on the position of the character in the string, using the modulus remainder result to select a number from a predetermined users password code and adding that number selected from the users password code to the decimal value:
translating the new decimal value associated with each character in the string into hexadecimal format; and
building a padded hexadecimal representation of the string for subsequent transmission.
28) A method as claimed in claim 27 in which the step of performing a modulus operation on the decimal value comprises the step of carrying out a modulus 4 operation on the decimal value. 29) A method as claimed in claim 27 or 28 in which the step of building a padded hexadecimal representation of the string further comprises the additional step of utilizing PKCS#7 reversible padding,
30) A method as claimed in any of claims 27 to 29 in which the step of encrypting the data further comprises operating a Cipher block chained (CBC) mode,
31) A method as claimed in any of claims 27 to 30 in which the method further comprises the step of providing digests for transaction tampering verification,
32) A secure messaging application product for a mobile tefephone, the secure messaging application product comprising a word processor for writing, editing and reading messages, an encryptor for encrypting and decrypting secure messages and means for receiving a password specific to each message for use in the encryption or decryption of the message, the secure messaging application product encryptor having means to encrypt and means to decrypt the message using an optimized encryption algorithm and a password received from a user.
33) A secure messaging application product for a mobile telephone as claimed in claim 32 in which the optimized encryption algorithm further comprises an optimized encryption algorithm in object oriented code, the optimized encryption algorithm having no packages or sub-packages in the code and in which ati functionality is developed as dasses in the code.
34) A secure messaging application product as claimed in claim 32 or 33 in which the optimized encryption algorithm further comprises an Advanced Encryption Standard (AES) algorithm according to the Rijndael specification.
35) A secure messaging application product as claimed in any of cfaims 33 to 34 inclusive in which the encryptor further comprises at toast two static tables, one for use in the encryption of messages and one for the decryption of messages.
36) A secure messaging application product as claimed in claim 35 in which the encryptor has means to perform a rotate operation on the static tables. 37) A secure messaging application product as claimed in any of claims 32 to 37 in program code form, stored on a carrier.
38) A mobile telephone having the secure messaging application product as claimed in any of claims 32 to 37 loaded thereon.
PCT/EP2006/064297 2005-07-14 2006-07-14 An encryption method and system for mobile telephones WO2007006815A2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
IES2005/0474 2005-07-14
IE20050474 2005-07-14

Publications (2)

Publication Number Publication Date
WO2007006815A2 true WO2007006815A2 (en) 2007-01-18
WO2007006815A3 WO2007006815A3 (en) 2007-03-29

Family

ID=37074598

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2006/064297 WO2007006815A2 (en) 2005-07-14 2006-07-14 An encryption method and system for mobile telephones

Country Status (1)

Country Link
WO (1) WO2007006815A2 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009154580A1 (en) * 2008-06-20 2009-12-23 Dallab (S) Pte Ltd Secure short message service
ES2341695A1 (en) * 2008-12-23 2010-06-24 Fernando Troyano Tiburcio System of message sending safely. (Machine-translation by Google Translate, not legally binding)
WO2010072863A1 (en) * 2008-12-23 2010-07-01 Fernando Troyano Tiburcio Secure communication system
WO2019034454A1 (en) * 2017-08-16 2019-02-21 Bundesdruckerei Gmbh Secure mobile message transfer

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001095558A1 (en) * 2000-06-05 2001-12-13 Matsushita Mobile Communication Development Corporation Of U.S.A. Protocol for short mail message encryption
US20040030906A1 (en) * 2002-06-20 2004-02-12 International Business Machines Corporation System and method for SMS authentication
WO2004021665A2 (en) * 2002-08-30 2004-03-11 Sap Aktiengesellschaft Enterprise secure messaging architecture

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001095558A1 (en) * 2000-06-05 2001-12-13 Matsushita Mobile Communication Development Corporation Of U.S.A. Protocol for short mail message encryption
US20040030906A1 (en) * 2002-06-20 2004-02-12 International Business Machines Corporation System and method for SMS authentication
WO2004021665A2 (en) * 2002-08-30 2004-03-11 Sap Aktiengesellschaft Enterprise secure messaging architecture

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
DEZLER: "IM+ REVIEW"[Online] 1 January 2003 (2003-01-01), XP002403048 Retrieved from the Internet: URL:http://www.allaboutsymbian.com/softwar e/reviews/9210/details/imreview.php> [retrieved on 2006-10-13] *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009154580A1 (en) * 2008-06-20 2009-12-23 Dallab (S) Pte Ltd Secure short message service
ES2341695A1 (en) * 2008-12-23 2010-06-24 Fernando Troyano Tiburcio System of message sending safely. (Machine-translation by Google Translate, not legally binding)
WO2010072863A1 (en) * 2008-12-23 2010-07-01 Fernando Troyano Tiburcio Secure communication system
ES2356010A1 (en) * 2008-12-23 2011-04-04 Fernando Troyano Tiburcio Secure communications system. (Machine-translation by Google Translate, not legally binding)
WO2019034454A1 (en) * 2017-08-16 2019-02-21 Bundesdruckerei Gmbh Secure mobile message transfer

Also Published As

Publication number Publication date
IE20060519A1 (en) 2007-02-21
WO2007006815A3 (en) 2007-03-29

Similar Documents

Publication Publication Date Title
US7751565B2 (en) Secure encryption system, device and method
CN100539747C (en) Authentication and check SMS method for communicating
EP0847649B1 (en) Method and apparatus for operating a transactional server in a proprietary database environment
US8499156B2 (en) Method for implementing encryption and transmission of information and system thereof
CN100539581C (en) Provide a set of access codes to subscriber equipment
JPH0823330A (en) Safe data communication
US20020138759A1 (en) System and method for secure delivery of a parcel or document
GB2366165A (en) Method and apparatus for e-commerce by using optional fields for virtual bar codes
CN108650275B (en) Encryption method, device, computer equipment and storage medium
JP2013514556A (en) Method and system for securely processing transactions
US20140079219A1 (en) System and a method enabling secure transmission of sms
JP2008299396A (en) Introduction support device, program for introduction support device and introduction support method
CN1321537C (en) Electronic paymenting service system and realizing method based on fixed telephone net short message
WO2007006815A2 (en) An encryption method and system for mobile telephones
CN1475002A (en) Method for securing digital goods on sale thereof over computer network
CN105323735A (en) Short message display method, short message display system, intelligent short message platform and short message assistant client side
CN101262340A (en) MMS encryption method and mobile terminal for transmitting and receiving encrypted MMS
Shirali-Shahreza Improving mobile banking security using steganography
CA2360623A1 (en) System computer product and method for secure electronic mail communication
CN107889102B (en) Method and device for encrypting and decrypting information in short message
CN111541603B (en) Independent intelligent safety mail terminal and encryption method
KR100763756B1 (en) System and method for providing short message service
CN108055271A (en) Encryption and decryption approaches, storage medium and the electronic equipment of Email
IE85905B1 (en) An encryption method and system for mobile telephones
Singh et al. Peer to peer secure communication in mobile environment: A novel approach

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

WWW Wipo information: withdrawn in national office

Country of ref document: DE

122 Ep: pct application non-entry in european phase

Ref document number: 06777801

Country of ref document: EP

Kind code of ref document: A2