1. Patent Search
  2. Details

SYSTEM FOR SECURING EXCHANGES BETWEEN A COMMUNICATING THING AND A SERVICES PLATFORM

20170317992 · 2017-11-02

    Inventors

    Cpc classification

    International classification

    Abstract

    A security system makes secure exchanges between a services platform and a communicating thing, which includes a control device. The system further includes a server, referred to as a “mediation” server, which receives a message, referred to as a “first” message, from the services platform, encrypts the first message, and sends the encrypted first message to the communicating thing. The communicating thing is also fitted with an IC card that is distinct from the control device and that decrypts the encrypted first message and sends the decrypted first message to the control device. The encryption and decryption operations are performed by at least one secret key shared between the mediation server and the IC card.

    Claims

    1. A security system for making secure exchanges between a services platform and a communicating device, wherein the system comprises: the services platform; the communicating device, which comprises a control device; and a mediation server comprising a processor configured to receive a message, referred to as a “first” message, from said services platform, encrypt said first message, and send the encrypted first message to said communicating device, wherein the communicating device is fitted with an IC card that is distinct from said control device and that possesses a processor configured to decrypt said encrypted first message and send the decrypted first message to the control device, wherein encryption and decryption operations of the mediation server and the IC card are performed using at least one secret key shared between the mediation server and said IC card.

    2. The security system according to claim 1, wherein said processor of said IC card is further configured to perform acts comprising: receiving a message, referred to as a “second” message, from said control device, and encrypting said second message, and wherein said mediation server is further configured to receive the encrypted second message from said communicating device, decrypt said encrypted second message, and send the decrypted second message to said services platform, wherein encryption and decryption operations performed for the second message are performed using at least one secret key shared between said mediation server and the IC card.

    3. The security system according to claim 1, wherein said IC card incorporates an application in compliance with a USIM application toolkit (USAT) standard.

    4. The security system according to claim 3, wherein said USAT application is generic.

    5. The security system according to claim 3, wherein said USAT application is specific to a service supplied by the communicating device.

    6. The security system according to claim 1, further comprising a communications channel between the IC card and said control device, which implements the IP protocol.

    7. The security system according to claim 1, wherein said communicating device implements functions represented as well-identified resources, and said IC card controls said identified resources by using generic commands.

    8. A security method for securing exchanges between a services platform and a communicating device comprising a control device, the method comprising the following acts: said services platform sending a mediation server a first message; said mediation server encrypting said first message and sending the encrypted first message to said communicating device; an IC card distinct from said control device and fitted to the communicating device decrypting said encrypted first message; and said IC card transmitting the decrypted first message to said control device; the encrypting and decrypting acts being performed using at least one secret key shared between the mediation server and the IC card.

    9. The security method according to claim 8, wherein the method further comprises the following acts: said control device transmitting second message to said IC card; the IC card encrypting said second message; the communicating device sending the encrypted second message to said mediation server; and the mediation server decrypting the encrypted second message and sending the decrypted second message to said services platform; the encrypting and decrypting acts performed with respect to the second message being performed using at least one secret key shared by the mediation server and the IP card.

    10. At least one non-transitory computer-readable, non-removable, or partially or totally removable data storage medium comprising computer program code instructions for executing a security method for securing exchanges between a services platform and a communicating device comprising a control device, when the instructions are executed by at least one processor, the method comprising the following acts: said services platform sending a mediation server a first message; said mediation server encrypting said first message and sending the encrypted first message to said communicating device; an IC card distinct from said control device and fitted to the communicating device decrypting said encrypted first message; and said IC card transmitting the decrypted first message to said control device; the encrypting and decrypting acts being performed using at least one secret key shared between the mediation server and the IC card.

    11. (canceled)

    Description

    BRIEF DESCRIPTION OF THE DRAWINGS

    [0048] Other aspects and advantages of the invention appear on reading the following detailed description of particular embodiments, given as non-limiting examples. The description refers to the accompanying figures, in which:

    [0049] FIG. 1, described above, shows a system comprising a traffic light and a services platform connected via a prior art secure channel;

    [0050] FIG. 2 shows a system comprising a traffic light and a services platform connected via a secure channel in an embodiment of the invention;

    [0051] FIG. 3 shows a first variant of the embodiment shown in FIG. 2;

    [0052] FIG. 4 shows a second variant of the embodiment shown in FIG. 2;

    [0053] FIG. 5 shows a third variant of the embodiment shown in FIG. 2; and

    [0054] FIG. 6 shows a fourth variant of the embodiment shown in FIG. 2.

    DETAILED DESCRIPTION OF ILLUSTRATIVE EMBODIMENTS

    [0055] In the context of the present invention, consideration is given to a communicating thing 1 that is remotely controlled by a services platform 2.

    [0056] In the invention, the communicating thing 1 has an IC card 7 that is distinct from the control device 4. Control messages exchanged between the control device 4 and the services platform 2 pass via the IC card 7 and a mediation server 6. Furthermore, the channel connecting the IC card 7 to the mediation server 6 is made secure by encrypting said messages, the encryption and decryption operations being performed by means of one or more secret keys shared between the IC card 7 and the mediation server 6. The secret key(s) may be stored in the IC card 7 in conventional manner.

    [0057] It should be observed that in the invention the control device 4 only accepts control messages that come from the IC card 7.

    [0058] There follows a description of two implementations of the security method of the invention.

    [0059] In a first implementation, the services platform 2 actuates the communicating thing 1 remotely, e.g. in order to cause it to change the color of a light if the communicating thing 1 comprises traffic lights. This first implementation comprises the following steps.

    [0060] In a step S1, the services platform 2 sends a message M containing an actuation command to the mediation server 6.

    [0061] In a step S2, the mediation server 6 encrypts said message M.

    [0062] In a step S3, the mediation server 6 sends the encrypted message to the communicating thing 1.

    [0063] In a step S4, the encrypted message is decrypted by the IC card 7 fitted to the communicating thing 1.

    [0064] Finally, in a step S5, the IC card 7 sends the decrypted message to the control device 4, which then actuates (or at least attempts to actuate) the communicating thing (in conventional manner).

    [0065] Optionally, the communicating thing also sends a message in accordance with the invention to the services platform confirming that the actuation command has indeed been executed by the communicating thing (or notifying a failure of execution).

    [0066] In a second implementation of the security method, the services platform 2 commands the communicating thing 1 to supply it with data that it has collected, e.g. a temperature measurement if the communicating thing 1 is a thermometer. This second implementation comprises the following steps.

    [0067] In a step S′1, after the services platform has sent instructions in accordance with the invention, the control device 4 collects data (in known manner), and transmits a message M′ containing that data to the IC card 7 fitted to the communicating thing 1.

    [0068] In a step S′2, said message M′ is encrypted by the IC card 7.

    [0069] In a step S′3, the encrypted message is sent by the communicating thing 1 to the mediation server 6.

    [0070] In a step S′4, the mediation server 6 decrypts the encrypted message.

    [0071] Finally, in a step S′S, the mediation server 6 sends the decrypted message to the services platform 2.

    [0072] With reference to FIG. 2, there follows a description of an embodiment of the security system of the invention.

    [0073] In this embodiment, the IC card 7 incorporates (and implements) an application in compliance with the USIM application toolkit (USAT) standard.

    [0074] In this respect, it should be recalled that the 3GPP specification TS.31.111 and the European Telecommunications Standards Institute (ETSI) standard TS 102 223 define options for controlling a terminal by means of an IC card hosted therein: this set of options constitutes the USAT standard. The options made available by this standard include in particular: [0075] controlling interaction between the terminal and its user via the screen of the terminal and/or via audible tones; [0076] sending and receiving messages using the short message service (SMS), multimedia messaging service (MMS), and unstructured supplementary service data (USSD); [0077] controlling incoming and outgoing calls; [0078] executing “AT” commands (these are commands for controlling the management of the terminal accessing the mobile network and also the management of certain procedures of conversational services); [0079] displaying a web page by a browser present in the terminal; [0080] controlling the execution of an application hosted in the terminal, e.g. launching/stopping the application; and [0081] setting up an IP communications channel; the communications channel may be a local channel set up between the USAT application and an application in the terminal, or it may be a channel set up between the USAT application and a remote application in the network.

    [0082] These procedures are controlled by commands referred to as “USAT commands”. An application using these commands is referred to as a “USAT application”.

    [0083] In the present embodiment of the security system of the invention, the IC card 7 is thus provided with a USAT application. In addition, an IP channel is preferably set up between the IC card 7 and the mediation server 6; this may conveniently be done using the USAT command known as “Open Channel”, that enables the IC card 7 to request the communicating thing 1 to set up this IP channel.

    [0084] Several variants of this embodiment are described below.

    [0085] In a first variant, shown in FIG. 3: [0086] an IP channel is set up between the IC card 7 and the control device 4, e.g. using the above-mentioned USAT command “Open Channel”; and [0087] the USAT application is generic.

    [0088] This first variant presents in particular the advantage that the USAT application incorporated in the IC card 7 can operate with any type of communicating thing 1, since it does no more than relay the control messages.

    [0089] In a second variant, shown in FIG. 4, an IP channel is set up between the IC card 7 and the control device 4, as in the first variant.

    [0090] However, in this second variant, instead of being generic, the USAT application is specific to the service supplied by the communicating thing 1 and is suitable for implementing suitable service software; the USAT application is thus not restricted to relaying messages between the services platform and the control device 4.

    [0091] Since the USAT application is specific to the service and to the type of communicating thing 1, it cannot be incorporated by construction in all IC cards that are for performing the invention. The USAT application for a given service may be pre-provisioned in the IC card for that service, or it may be downloaded and installed in the IC card after the communicating thing 1 has been put into operation, e.g. by means of the over-the-air (OTA) mechanism.

    [0092] An advantage of this second variant is that it makes it possible to transfer the execution of a portion of the service logic (intelligence) to the IC card; this makes it possible to benefit from the execution capabilities of the IC card and to offload the services platform 2.

    [0093] Nevertheless, it should be observed that in the first and second variants, the use of a local channel implementing the IP protocol implies operation that is somewhat complex, and that results in particular in IP addresses being allocated, the IP channel being maintained, and commands being encapsulated in IP packets.

    [0094] That is why, in a third variant, as shown in FIG. 5, the functions of the communicating thing 1 are represented as being well-identified resources; for example, if the communicating thing 1 is an oven, it is possible to identify a “thermostat” resource (capable of taking a series of values corresponding to a range of accessible temperatures), and a “heating mode” resource (capable of taking one value for a “normal” mode and another value for a “convection” mode).

    [0095] The services platform 2 knows the identities of the resources corresponding to the functions of the communicating thing 1, and can use messages in a standard format (i.e. of standardized syntax and semantics), e.g. the hypertext transfer protocol (HTTP) format, in order to manipulate the values of these resources.

    [0096] Generic commands are then defined for enabling the USAT application to control these resources; by way of example, these generic commands may comprise a “READ” command for reading the current value of a resource, and an “UPDATE” command for modifying the value of a resource. Specifically, the ETSI standard TS 102 690 (“Machine-to-machine communications (M2M); functional architecture”) and TS 102 921 (“Machine-to-machine communications (M2M); mla, dla and mld interfaces”) define syntax for representing the functions of a terminal as resources that can be controlled with representational state transfer (REST) technology; this third variant thus combines REST technology with USAT technology.

    [0097] Furthermore, in this third variant, the USAT application is generic as it is in the first variant (described above with reference to FIG. 3).

    [0098] This third variant presents in particular the following advantages: [0099] most communicating things have a small number of functions; the functions are thus easily identifiable; and [0100] the use of generic USAT commands makes it possible to avoid setting up an IP channel between the IC card 7 and the control device 4, thereby reducing operating complexity; the USAT application thus requires fewer execution resources, which is particularly advantageous, specifically since the resources of an IC card are relatively limited.

    [0101] A fourth variant, shown in FIG. 6, is analogous to the second variant (described above with reference to FIG. 4) in that the USAT application is not generic: it is specific to the service and suitable for implementing a certain service logic; the USAT application is not restricted to relaying messages between the services platform and the control device 4.

    [0102] An advantage of this fourth variant is thus that it enables execution of a portion of the service logic (generic) to be transferred to the IC card; this makes it possible to benefit from the execution capacities of the IC card, and to offload these services platform 2.

    [0103] Since the USAT application is specific to the service and to the type of communicating thing 1, it cannot be incorporated by construction in all IC cards that are to implement the invention. The USAT application for a given service may be pre-provisioned in IC cards for that service, or downloaded and installed in the IC card after the communicating thing 1 has been put into operation, e.g. by means of the OTA mechanism.

    [0104] Finally, unlike the second variant, the functions of the communicating thing 1 are represented in this example as resources that are well identified, and the USAT application controls these identified resources by means of generic commands that are analogous to the generic commands used in the third variant (described above with reference to FIG. 5), with the advantages that stem therefrom.

    [0105] Variants other than the four above-described variants are naturally possible within the ambit of the invention.

    [0106] Finally, it should be observed that the invention may be implemented within a communicating thing, or within a mediation server, by means of software and/or hardware components.

    [0107] The software components may be incorporated in a conventional computer program for managing a network node. That is why, as mentioned above, the present invention also provides a computer system. In conventional manner, the computer system comprises a central processor unit using signals that control a memory, an input unit, and an output unit. Furthermore, the computer system may be used to execute a computer program including instructions for performing any of the methods of the invention.

    [0108] Specifically, the invention also provides a computer program downloadable from a communications network and including instructions for executing steps of a method of the invention when it is executed on a computer. The computer program may be stored on a computer-readable medium and may be executable by a microprocessor.

    [0109] The program may use any programming language, and may be in the form of source code, object code, or code intermediate between source code and object code, such as in a partially compiled form, or in any other desirable form.

    [0110] The invention also provides a data medium that may be non-removable, or partially or totally removable, that is readable by a computer, and that comprises instructions of a computer program as mentioned above.

    [0111] The data medium may be any entity or device capable of storing the program. For example, the medium may comprise storage means such as a read only memory (ROM), e.g. a compact disk (CD) ROM or a microelectronic circuit ROM, or magnetic recording means such as a hard disk, or indeed a universal serial bus (USB) flash drive.

    [0112] Furthermore, the data medium may be a transmissible medium such as an electrical or optical signal, suitable for being conveyed via an electrical or optical cable, by radio, or by other means. The computer program of the invention may in particular be downloaded from an Internet type network.

    [0113] In a variant, the data medium may be an integrated circuit in which the program is incorporated, the circuit being adapted to execute or to be used in the execution of any one of the methods of the invention.

    [0114] Although the present disclosure has been described with reference to one or more examples, workers skilled in the art will recognize that changes may be made in form and detail without departing from the scope of the disclosure and/or the appended claims.