WO1998057510A2 - Telecommunication and/or remote control device with a chip card unit, same device with a coupled computer for internet or network applications - Google Patents

Telecommunication and/or remote control device with a chip card unit, same device with a coupled computer for internet or network applications Download PDF

Info

Publication number
WO1998057510A2
WO1998057510A2 PCT/DE1998/001516 DE9801516W WO9857510A2 WO 1998057510 A2 WO1998057510 A2 WO 1998057510A2 DE 9801516 W DE9801516 W DE 9801516W WO 9857510 A2 WO9857510 A2 WO 9857510A2
Authority
WO
WIPO (PCT)
Prior art keywords
computer
chip card
card
connection
data
Prior art date
Application number
PCT/DE1998/001516
Other languages
German (de)
French (fr)
Other versions
WO1998057510A3 (en
Inventor
Gerhard Wiehler
Original Assignee
Siemens Nixdorf Informationssysteme Ag
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Siemens Nixdorf Informationssysteme Ag filed Critical Siemens Nixdorf Informationssysteme Ag
Priority to EP98936094A priority Critical patent/EP1002437A2/en
Priority to CA002293554A priority patent/CA2293554A1/en
Publication of WO1998057510A2 publication Critical patent/WO1998057510A2/en
Publication of WO1998057510A3 publication Critical patent/WO1998057510A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/326Payment applications installed on the mobile devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • G06Q20/3226Use of secure elements separate from M-devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M17/00Prepayment of wireline communication systems, wireless communication systems or telephone systems
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/24Accounting or billing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/02Terminal devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M2215/00Metering arrangements; Time controlling arrangements; Time indicating arrangements
    • H04M2215/01Details of billing arrangements
    • H04M2215/0176Billing arrangements using internet
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M2215/00Metering arrangements; Time controlling arrangements; Time indicating arrangements
    • H04M2215/20Technology dependant metering
    • H04M2215/2026Wireless network, e.g. GSM, PCS, TACS
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M2215/00Metering arrangements; Time controlling arrangements; Time indicating arrangements
    • H04M2215/32Involving wireless systems

Definitions

  • the invention relates to arrangements and methods for the use of services offered on the Internet or in other networks which make high security requirements.
  • Devices with chip card units are e.g. B. mobile phones, which are used essentially for voice transmission in mobile networks.
  • the so-called SIM module or the integrated chip card integrated in the mobile radio telephone serves for the authentication of the mobile radio telephone as a device authorized for the mobile radio and contains keys for the encryption of the transmitted voice information or for the decryption of the received voice information.
  • Another type of device with a chip card unit is e.g. Remote controls for television sets in which the chip card serves as proof of authorization and possibly also as a means of payment for the reception of chargeable television programs.
  • Computers such as personal computers or laptops, which have a landline or mobile network connection, are able to use Internet applications, for example using the http protocol.
  • chip cards are used which control the respective transactions via a chip card reader connected to the computer.
  • the connection to a mobile radio network can also be established via a cellular telephone equipped with a data connection - see, for example, "PC Professionell", March 1994, pages 253-260 or "Cash Flow", 2/95, pages 140, 141.
  • Possible applications of a computer in connection with a chip card are e.g. Authentication, digital signature generation, credit / debit card applications, electronic wallet.
  • a particularly high level of security can be achieved by asymmetrical cryptographic methods, in which the private key is stored in a manner that cannot be read out in the chip card and corresponding cryptographic methods can not be manipulated in the chip card.
  • Chip card modules for such applications are available on the market today, e.g. the SLE 44CR80S block from Siemens AG.
  • the object of the invention is to extend the field of application of the devices with a chip card unit so that secure transactions are possible in connection with a computer.
  • the device is expanded in such a way that it can also be used as a card terminal for a computer.
  • protected services available on the computer can be used.
  • the use of such an extended device in accordance with claim 2 in connection with a coupled computer, which is connected in a known manner to a communication network enables personal or public network services, for example via the Internet, to be used which are high in security Make requirements without the computers having to have chip card readers.
  • the advantage for mobile radio telephone holders is that they can use the network services from any standard computer, regardless of their location.
  • Developments of the invention relate to methods for operating such a device combination. These include the ready operation of the device serving as a card terminal, which, in addition to the handling of network services in the usual way, also enables encryption or decryption in a manner known per se.
  • control words via an existing microphone as proof of authorization, which are then digitized and forwarded to a control entity in the communication network and compared with a reference pattern.
  • identity of a user can also be verified on the basis of a personal biometric feature, which meets increased security requirements.
  • data and / or control information can also be transmitted from the computer via the connection interface to the memory in the device and stored there. This makes it possible to change or save data on the chip card.
  • These data can be, for example, keys for encryption or decryption or an amount of money for a cash card.
  • the latter for example in connection with a mobile radio telephone as a device, opens up the possibility of a card telephone, in that incoming fee impulses result in the corresponding amount of money being debited when operating as a telephone.
  • FIG. 1 shows a schematic overview of a computer with network coupling and connected mobile radio telephone as a card terminal for the use of network services
  • FIG. 2 shows a schematic representation of a chip card for various applications.
  • a mobile radio telephone 10 is used as a device with a chip card unit via a standard interface 12, e.g. B. RS232, connected to a computer 30 in the form of a conventional PC.
  • the interface 12 is connected within the mobile radio telephone 10 to a control unit 11, to which a contacting unit 13 for the SIM module / chip card 14 / 14a, a display 15, a keyboard 16, a voice and radio module 17 and a Memory 18 is connected.
  • the voice and radio module 17 has access to the mobile radio network 20 in the usual way.
  • connection interface 31 for the mobile radio telephone 10 with the responsible driver 32 is shown, as well as a so-called browser 33 and computer applications 34 for the use of network services, for example on the Internet, indicated via the communication network 40 in connection with a corresponding provider 50, for example in the form of a so-called server.
  • the applications accessible by key are stored on the SIM module or the chip card 14 or 14a. Individual chip cards can be provided for the various applications. However, as shown in FIG. 2, the mobile radio applications for GSM / DCS 141 and the various Internet / network applications 142, 143, 14x can also be stored on a chip card with their different keys.
  • a corresponding chip card Before using one of the network services, a corresponding chip card must be selected and inserted into the contacting unit 13 of the mobile radio telephone 10 coupled to the computer 30.
  • the driver 32 controlling the mobile radio telephone 10 as a card terminal via the connection interface 31 is to be loaded with the corresponding driver software. This can be done from a floppy disk.
  • the driver software can then be automatically verified on the basis of a corresponding one and located on the chip card 14 / 14a in an application area, eg. B. 14x located public keys of the mobile network operator.
  • the driver software expediently works in accordance with an already established standard, such as, for. B. ISO 7816-3 and the ICC specification specified by the PC / SC workgroup together with Microsoft (http //: www.smartcardsys.com).
  • the network application can be started in the computer 30, for example by calling the browser 33 and entering a so-called “uniform resource locator” URL.
  • a connection to the service provider 50 is thus established via the network 40 and the desired services 51, 52,.
  • the connected mobile radio telephone 10 or the control unit 11 behaves like a conventional card terminal, depending on the services 51, 52, .., 5x provided by the service provider 50, chip card applications 142, 143, ... , 14x selectable and executable, e.g. for mutual client-server authentication, for the verification of access rights, for the digital signature of sensitive data, for the generation of keys for the encryption of data, for the proof of an order process, for payment from an electronic exchange.
  • the invention Compared to a conventional chip card reader, the invention enables additional functions that ensure considerably higher security:
  • computers connected to the Internet are exposed to viruses that are introduced from the Internet. So z.
  • an account transfer amount that is entered via the computer keyboard can be falsified by such a virus before the transaction with the Internet server is correctly completed.
  • this manipulation can be prevented by having the computer / server application cause sensitive data, such as, for. B. transfer amounts to enter the keyboard 16 of the device 10. This is communicated to the control unit 11 via a code, which means that the data entered can be perceived and checked on the display 15 unencrypted. On the other hand, this data is encrypted 14x by a chip card application or signed and transferred to the computer 30 or the responsible server for further processing.
  • sensitive data such as, for. B. transfer amounts to enter the keyboard 16 of the device 10.
  • This is communicated to the control unit 11 via a code, which means that the data entered can be perceived and checked on the display 15 unencrypted.
  • this data is encrypted 14x by a chip card application or signed and transferred to the computer 30 or the responsible server for further processing.
  • the PIN entered on the keyboard 16 can be encrypted in the chip card before it is forwarded to the computer / network application .
  • an application 5x asks the user to give a speech test, e.g. B. speak an agreed password three times in succession into the microphone 17 of the mobile phone 10.
  • the control unit 11 then, for example prompted by a control code transmitted by the application 5x or by the browser 33, forwards the digitized speech stream in the form of a bit string to the responsible application, e.g. 5x, further. This extracts the personal speech features from the received bit string and compares them with e.g. B. 6x stored on disk memories 60 to verify the identity of the user based on his speech samples.
  • the invention also includes that in the context of a computer application 34 from an Internet server in the computer 30 loaded data such.
  • a computer application 34 from an Internet server in the computer 30 loaded data such.
  • a further calculator application 34 on the mobile sparked ⁇ can lephone 10 keyed or einissuee digitized be transferred to the computer 30 and processed there or in a network server or called ⁇ NEN later or other personnel Since ⁇ th.
  • - initiated by a computer application 34 - 10 can be loaded into the memory 18 of the mobile radio telephone 10 via the connection interface 31/12, which programs can be executed in a time-decoupled manner in the control unit 11.
  • applications / keys - initiated by a computer application 34 - can also be changed, deleted or loaded on the chip card itself.
  • the transmission of data, programs or applications between the mobile radio telephone 10 or the chip card 14 / 14a and the computer 30 or the network server can take place in an integrity-protected or encrypted manner.
  • the necessary keys are either already stored on the chip card or are previously between computer / network server application and chip card z. B. exchanged according to the Diffie-Hellman method.
  • the mobile radio telephone 10 can be used very generally in an analogous manner for the encryption or decryption of data.
  • a further form of the invention is the shared use of a chip card application in GSM and fixed networks.
  • An example of this is the electronic wallet.
  • Such "prepaid" calls reduce graces the risk of fraud that mobile operators are often exposed to today.

Abstract

A chip card unit (13) pertaining to a mobile radio telephone, for instance, is connected to an interface (12) for a computer via a control unit (11) enabling the mobile radio telephone (10) to operate as a card terminal when coupled to a computer (30). When the computer (30) is connected to a telecommunication network (40), occupation of network services by service providers (50) is also possible. Chip card applications include mutual client-server authentication, verification of access rights, digital signature for sensitive data, generation of keys to encrypt data, proof of ordering, payment from an electronic purse, etc.

Description

Beschreibungdescription
Gerat (10) der Telekommumkations- und/oder Fernsteuertechnik mit Chipkartenemheit sowie solche mit gekoppeltem Rechner für Internet- bzw. Netzanwendungen und Verfahren zum Betrei¬ ben einer solchen GeratekombinationGerat (10) of the Telekommumkations- and / or remote control technology with Chipkartenemheit and those ben with a coupled computer or network for Internet applications and methods for Operator Op ¬ such a random combination
Die Erfindung betrifft Anordnungen und Verfahren für die Nutzung von im Internet oder m anderen Netzen angebotenen Lei- stungen, die hohe Sicherheitsanforderungen stellen.The invention relates to arrangements and methods for the use of services offered on the Internet or in other networks which make high security requirements.
Gerate mit Chipkartenemheit sind z. B. Mobilfunktelefone, die im wesentlichen für die Sprachubertragung in Mobilfunknetzen benutzt werden. Das im Mobilfunktelefon integrierte sogenannte SIM-Modul bzw. die integrierte Chipkarte dient zur Authentisierung des Mobilfunktelefons als ein für den Mobilfunk berechtigtes Gerat und enthalt Schlüssel für die Verschlüsselung der ausgesandten Sprachinformation bzw. für die Entschl sselung der empfangenen Sprachinformation.Devices with chip card units are e.g. B. mobile phones, which are used essentially for voice transmission in mobile networks. The so-called SIM module or the integrated chip card integrated in the mobile radio telephone serves for the authentication of the mobile radio telephone as a device authorized for the mobile radio and contains keys for the encryption of the transmitted voice information or for the decryption of the received voice information.
Eine andere Art von Geraten mit Chipkartenemheit bilden z.B. Fernsteuerungen f r Fernsehgerate, bei denen zum Empfang von kostenpflichtigen Fernsehsendungen die Chipkarte als Berechtigungsnachweis und gegebenenfalls auch als Zahlungsmittel dient.Another type of device with a chip card unit is e.g. Remote controls for television sets in which the chip card serves as proof of authorization and possibly also as a means of payment for the reception of chargeable television programs.
Rechner, wie z.B. Personalcomputer oder Laptops, die einen Festnetz- oder Mobilnetzanschluß aufweisen, sind in der Lage, z.B. mittels http-Protokoll, Internetanwendungen zu nutzen. Bei besonders sicherheitsrelevanten Vorgangen, wie z.B. bei Bestellungen und Zahlungen, werden Chipkarten verwendet, die über einen am Rechner angeschlossenen Chipkartenieser die jeweiligen Transaktionen steuern. Die Verbindung mit einem Mobilfunknetz kann dabei auch über ein mit einem Datenanschluß- ausgerüsteten Mobilfunktelefon erfolgen - man siehe z.B. „PC Professionell", März 1994, Seiten 253-260 oder „Cash Flow", 2/95, Seiten 140,141. Weiterhin ist es durch DE 195 38 842 AI bereits bekannt, über den Datenanschluß zum Mobilfunktelefon Konfigurations- bzw. Gesprächsteilnehmerdaten an einen Speicher im Mobilfunktele- fon zu übertragen, wobei auch der Speicher auf dem Chip der Teilnehmerkarte verwendet werden kann. Ebenso können diese im Mobilfunktelefon abgespeicherten Daten an den so angeschlossenen Rechner gelesen und geändert werden.Computers, such as personal computers or laptops, which have a landline or mobile network connection, are able to use Internet applications, for example using the http protocol. In the case of particularly security-relevant processes, such as, for example, orders and payments, chip cards are used which control the respective transactions via a chip card reader connected to the computer. The connection to a mobile radio network can also be established via a cellular telephone equipped with a data connection - see, for example, "PC Professionell", March 1994, pages 253-260 or "Cash Flow", 2/95, pages 140, 141. Furthermore, it is already known from DE 195 38 842 AI to transmit configuration or call subscriber data to a memory in the mobile radio telephone via the data connection to the mobile radio telephone, it also being possible to use the memory on the chip of the subscriber card. These data stored in the mobile radio telephone can also be read and changed on the computer connected in this way.
Auch sind bereits Gerätekombinationen aus Fernseher und Rechner bekannt, bei denen der einzige Bildschirm vom Fernsehteil und vom Rechnerteil gemeinsam genutzt wird.Device combinations of television and computer are already known in which the single screen is shared between the television part and the computer part.
Mögliche Anwendungen eines Rechners in Verbindung mit einer Chipkarte sind z.B. Authentisierung, Erzeugung von digitalen Signaturen, Kredit-/Debitkartenanwendungen, elektronische Geldbörse.Possible applications of a computer in connection with a chip card are e.g. Authentication, digital signature generation, credit / debit card applications, electronic wallet.
Eine besonders hohe Sicherheit kann durch asymmetrische kryp- tographische Verfahren erreicht werden, bei denen der private Schlüssel in der Chipkarte nicht auslesbar gespeichert ist und entsprechende Krypto-Verfahren in der Chipkarte nicht manipulierbar durchgeführt werden. Chipkarten-Bausteine für derartige Anwendungen sind heute auf dem Markt verfügbar, z.B. der Baustein SLE 44CR80S der Siemens AG.A particularly high level of security can be achieved by asymmetrical cryptographic methods, in which the private key is stored in a manner that cannot be read out in the chip card and corresponding cryptographic methods can not be manipulated in the chip card. Chip card modules for such applications are available on the market today, e.g. the SLE 44CR80S block from Siemens AG.
Aufgabe der Erfindung ist es, den Anwendungsbereich der Geräte mit Chipkarteneinheit so zu erweitern, daß in Verbindung mit einem Rechner gesicherte Transaktionen möglich sind.The object of the invention is to extend the field of application of the devices with a chip card unit so that secure transactions are possible in connection with a computer.
Dieses wird einerseits gemäß Anspruch 1 dadurch erreicht, daß das Gerät in der Weise erweitert wird, daß es zusätzlich als Kartenterminal für einen Rechner verwendbar ist. Dadurch können auf dem Rechner vorhandene geschützte Dienste in Anspruch genommen werden. Weiterhin ermöglicht die Verwendung eines solchen erweiterten Gerätes gemäß Anspruch 2 in Verbindung mit einem angekoppelten Rechner, der in bekannter Weise an ein Kommunikationsnetzwerk angeschlossen ist, daß persönliche oder öffentliche Netzdienste, z.B. über das Internet, in Anspruch genommen werden können, die an die Sicherheit hohe Anforderungen stellen, ohne daß die Rechner über Chipkarten-Leseeinrichtungen verfügen müssen. Für Mobilfunktelefon-Inhaber ergibt sich dabei der große Vorteil, daß sie ortsunabhängig von jedem be- liebigen Standard-Rechner aus die Netzdienste in Anspruch nehmen können.This is achieved on the one hand according to claim 1 in that the device is expanded in such a way that it can also be used as a card terminal for a computer. This means that protected services available on the computer can be used. Furthermore, the use of such an extended device in accordance with claim 2 in connection with a coupled computer, which is connected in a known manner to a communication network, enables personal or public network services, for example via the Internet, to be used which are high in security Make requirements without the computers having to have chip card readers. The advantage for mobile radio telephone holders is that they can use the network services from any standard computer, regardless of their location.
Weiterbildungen der Erfindung beziehen sich auf Verfahren zum Betreiben einer derartigen Gerätekombination. Diese betreffen u.a. das Betriebsbereitschalten des als Kartenterminal dienenden Gerätes, das neben der Abwicklung von Netzdiensten in der üblichen Weise auch Verschlüsselungen bzw. Entschüsselun- gen in an sich bekannter Weise ermöglicht.Developments of the invention relate to methods for operating such a device combination. These include the ready operation of the device serving as a card terminal, which, in addition to the handling of network services in the usual way, also enables encryption or decryption in a manner known per se.
Besondere Vorteile ergeben sich daraus, daß hochsensible Daten, wie z.B. die persönliche Geheimzahl PIN oder Geldbeträge am Gerät mit der Tastatur eingegeben und bei vorhandener Anzeige unverschlüsselt angezeigt werden können, bevor sie verschlüsselt an den Rechner weitergeleitet werden. Damit werden Eingaben über die Rechnertastatur vermieden, so daß Viren im Rechner die Eingaben nicht verfälschen können.Particular advantages result from the fact that highly sensitive data, e.g. the personal PIN number or amounts of money can be entered on the device using the keyboard and, if available, can be displayed unencrypted before they are forwarded encrypted to the computer. This avoids entries on the computer keyboard, so that viruses in the computer cannot falsify the entries.
Auch besteht in vorteilhafter Weise die Möglichkeit, Kontrollwörter über ein vorhandenes Mikrofon als Berechtigungs- nachweis einzugeben, die dann digitalisiert an eine Kontrollinstanz im Kommunikationsnetz weitergeleitet und mit einem Referenzmuster verglichen werden. Auf diese Weise kann die Identität eines Benutzers zusätzlich anhand eines persönlichen biometrischen Merkmales verifiziert werden, was erhöh- ten Sicherungsanforderungen gerecht wird. Weiterhin können auch Daten und/oder Steuerinformationen vom Rechner über die Anschlußschnittstelle an den Speicher im Gerät übertragen und dort abgespeichert werden. Damit ist es möglich, Daten auf der Chipkarte zu ändern oder zu speichern. Bei diesen Daten kann es sich z.B. um Schlüssel für die Verschlüsselung bzw. Entschlüsselung oder um einen Geldbetrag für eine Geldkarte handeln. Letztere eröffnet z.B. in Verbindung mit einem Mobilfunktelefon als Gerät die Möglichkeit eines Kartentelefons, indem beim Betrieb als Telefon ankommende Gebührenimpulse eine Abbuchung des jeweils entsprechenden Geldbetrages bewirken.There is also the advantageous possibility of entering control words via an existing microphone as proof of authorization, which are then digitized and forwarded to a control entity in the communication network and compared with a reference pattern. In this way, the identity of a user can also be verified on the basis of a personal biometric feature, which meets increased security requirements. Furthermore, data and / or control information can also be transmitted from the computer via the connection interface to the memory in the device and stored there. This makes it possible to change or save data on the chip card. These data can be, for example, keys for encryption or decryption or an amount of money for a cash card. The latter, for example in connection with a mobile radio telephone as a device, opens up the possibility of a card telephone, in that incoming fee impulses result in the corresponding amount of money being debited when operating as a telephone.
Einzelheiten der Erfindung seien nachfolgend anhand eines in der Zeichnung dargestellten Ausführungsbeispieles, bei dem als Gerät mit Chipkarteneinheit ein Mobilfunktelefon vorgesehen ist, näher erläutert. Im einzelnen zeigenDetails of the invention will be explained in more detail below with reference to an exemplary embodiment shown in the drawing, in which a mobile radio telephone is provided as the device with a chip card unit. Show in detail
FIG 1 eine schematische Übersicht eines Rechners mit Netzkopplung und angeschlossenem Mobilfunktelefon als Kartenterminal für die Inanspruchnahme von Netzdiensten und1 shows a schematic overview of a computer with network coupling and connected mobile radio telephone as a card terminal for the use of network services and
FIG 2 eine schematische Darstellung einer Chipkarte für verschiedene Anwendungen.2 shows a schematic representation of a chip card for various applications.
Bei der Darstellung von FIG 1 ist ein Mobilfunktelefon 10 als Gerät mit Chipkarteneinheit über eine Standardschnittstelle 12, z. B. RS232, an einen Rechner 30 in Form eines üblichen PC angeschlossen. Die Schnittstelle 12 ist innerhalb des Mo- bilfunktelefons 10 mit einer Steuereinheit 11 verbunden, an die außerdem eine Kontaktiereinheit 13 für das SIM-Modul/die Chipkarte 14/14a, eine Anzeige 15, eine Tastatur 16, ein Sprach- und Funkmodul 17 sowie ein Speicher 18 angeschlossen ist. Das Sprach-und Funkmodul 17 hat dabei in üblicher Weise Zugang zum Mobilfunknetz 20. Vom Rechner 30 sind lediglich die Anschlußschnittstelle 31 für das Mobilfunktelefon 10 mit dem zuständigen Treiber 32 gezeigt sowie ein sogenannter Browser 33 und Rechneranwendun¬ gen 34 für die Inanspruchnahme von Netzdiensten, beispiels- weise im Internet, angedeutet, die über das Kommunikationsnetz 40 in Verbindung mit einem entsprechenden Anbieter 50, z.B. in Form eines sogenannten Servers, ausgeführt werden können.1, a mobile radio telephone 10 is used as a device with a chip card unit via a standard interface 12, e.g. B. RS232, connected to a computer 30 in the form of a conventional PC. The interface 12 is connected within the mobile radio telephone 10 to a control unit 11, to which a contacting unit 13 for the SIM module / chip card 14 / 14a, a display 15, a keyboard 16, a voice and radio module 17 and a Memory 18 is connected. The voice and radio module 17 has access to the mobile radio network 20 in the usual way. From the computer 30, only the connection interface 31 for the mobile radio telephone 10 with the responsible driver 32 is shown, as well as a so-called browser 33 and computer applications 34 for the use of network services, for example on the Internet, indicated via the communication network 40 in connection with a corresponding provider 50, for example in the form of a so-called server.
Auf dem SIM-Modul oder der Chipkarte 14 bzw 14a sind die mit Schlüssel zugänglichen Anwendungen gespeichert. Für die verschiedenen Anwendungen können individuelle Chipkarten vorgesehen werden. Es können aber auch, wie FIG 2 zeigt, die Mobilfunk-Anwendungen für GSM/DCS 141 sowie die verschiedenen Internet-/Netzanwendungen 142, 143, 14x mit ihren unter- schiedlichen Schlüsseln auf einer Chipkarte gespeichert sein.The applications accessible by key are stored on the SIM module or the chip card 14 or 14a. Individual chip cards can be provided for the various applications. However, as shown in FIG. 2, the mobile radio applications for GSM / DCS 141 and the various Internet / network applications 142, 143, 14x can also be stored on a chip card with their different keys.
Vor Nutzung eines der Netzdienste ist eine entsprechende Chipkarte auszuwählen und in die Kontaktiereinheit 13 des mit dem Rechner 30 gekoppelten Mobilfunktelefons 10 einzusetzen. Au- ßerdem ist der das Mobilfunktelefon 10 als Kartenterminal über die Anschlußschnittstelle 31 steuernde Treiber 32 mit der entsprechenden Treibersoftware zu laden. Dies kann von einer Diskette aus erfolgen. Um jedoch Manipulationen am Treiber 32 auszuschließen, ist es zweckmäßig, daß die z.B. mit einem pri- vaten Schlüssel des Mobilfunknetz-Betreibers signierte Treibersoftware von einem entsprechenden Server auf Anforderung vom Rechner 30 aus über das Kommunikationsnetz 40 in den Treiber 32 geladen wird. Danach kann dann automatisch eine Verifikation der Treibersoftware anhand eines entsprechenden und sich auf der Chipkarte 14/14a in einem Anwendungsbereich, z. B. 14x, befindlichen öffentlichen Schlüssel des Mobilfunknetz- Betreibers durchgeführt werden.Before using one of the network services, a corresponding chip card must be selected and inserted into the contacting unit 13 of the mobile radio telephone 10 coupled to the computer 30. In addition, the driver 32 controlling the mobile radio telephone 10 as a card terminal via the connection interface 31 is to be loaded with the corresponding driver software. This can be done from a floppy disk. However, in order to prevent manipulation of the driver 32, it is expedient that the e.g. driver software signed with a private key of the mobile radio network operator is loaded into the driver 32 from a corresponding server on request from the computer 30 via the communication network 40. Thereafter, the driver software can then be automatically verified on the basis of a corresponding one and located on the chip card 14 / 14a in an application area, eg. B. 14x located public keys of the mobile network operator.
Die Treibersoftware arbeitet zweckmäßig entsprechend einem bereits festgelegten Standard, wie z. B. ISO 7816-3 und der von der PC/SC-Workgroup gemeinsam mit Microsoft festgelegten ICC Spezifikation (http// : www. smartcardsys . com) . Die Netzanwendung kann im Rechner 30, beispielsweise durch Aufrufen des Browsers 33 und Eingabe eines sogenannten „uniform resource locator" URL gestartet werden. Damit wird über das Netz 40 eine Verbindung zum Dienstanbieter 50 aufgebaut, und es können die gewünschten Dienste 51, 52, .., 5x in Anspruch genommen werden. Das angeschlossene Mobilfunktelefon 10 bzw. die Steuereinheit 11 verhält sich dabei wie ein übliches Kartenterminal. Abhängig von den vom Dienstanbieter 50 bereitgestellten Diensten 51, 52, .., 5x sind Chipkartenanwendungen 142, 143, ...,14x auswählbar und ausführbar, z. B. für die gegenseitige Client-Server-Authentisierung, für die Verifikation von Zugriffsrechten, für die digitale Signatur sensibler Daten, für die Erzeugung von Schlüsseln zur Verschlüsse- lung von Daten, für den Beweis eines Bestellvorganges, für die Bezahlung aus einer elektronischen Börse.The driver software expediently works in accordance with an already established standard, such as, for. B. ISO 7816-3 and the ICC specification specified by the PC / SC workgroup together with Microsoft (http //: www.smartcardsys.com). The network application can be started in the computer 30, for example by calling the browser 33 and entering a so-called “uniform resource locator” URL. A connection to the service provider 50 is thus established via the network 40 and the desired services 51, 52,. The connected mobile radio telephone 10 or the control unit 11 behaves like a conventional card terminal, depending on the services 51, 52, .., 5x provided by the service provider 50, chip card applications 142, 143, ... , 14x selectable and executable, e.g. for mutual client-server authentication, for the verification of access rights, for the digital signature of sensitive data, for the generation of keys for the encryption of data, for the proof of an order process, for payment from an electronic exchange.
Gegenüber einem herkömmlichen Chipkartenleser ermöglicht die Erfindung zusätzliche Funktionen, die eine erheblich höhere Sicherheit gewährleisten:Compared to a conventional chip card reader, the invention enables additional functions that ensure considerably higher security:
Am Internet angeschlossene Rechner sind prinzipiell aus dem Internet eingeschleusten Viren ausgesetzt. So kann z. B. ein Kontoüberweisungsbetrag, der über die Rechnertastatur einge- geben wird, durch einen solchen Virus verfälscht werden, bevor die Transaktion mit dem Internetserver korrekt abgeschlossen ist.In principle, computers connected to the Internet are exposed to viruses that are introduced from the Internet. So z. For example, an account transfer amount that is entered via the computer keyboard can be falsified by such a virus before the transaction with the Internet server is correctly completed.
Mit einem Mobilfunktelefon oder einem anderen Gerät als Kartenterminal kann diese Manipulation dadurch verhindert werden, daß von der Rechner-/Server-Anwendung veranlaßt wird, sensible Daten, wie z. B. Überweisungsbeträge, über die Tastatur 16 des Gerätes 10 einzugeben. Der Steuereinheit 11 wird dies über einen Code mitgeteilt, wodurch die eingegebe- nen Daten einerseits an der Anzeige 15 unverschlüsselt wahrgenommen und überprüft werden können. Andererseits werden diese Daten durch eine Chipkartenanwendung 14x verschlüsselt oder signiert und an den Rechner 30 bzw. den zuständigen Ser¬ ver zur weiteren Verarbeitung übergeben.With a mobile phone or another device as a card terminal, this manipulation can be prevented by having the computer / server application cause sensitive data, such as, for. B. transfer amounts to enter the keyboard 16 of the device 10. This is communicated to the control unit 11 via a code, which means that the data entered can be perceived and checked on the display 15 unencrypted. On the other hand, this data is encrypted 14x by a chip card application or signed and transferred to the computer 30 or the responsible server for further processing.
In gleicher Weise kann bei Eingabe einer persönlichen Geheim- zahl PIN, welche durch eine Rechner-/Netz-Anwendung angefordert wurde, die an der Tastatur 16 eingegebene PIN in der Chipkarte verschlüsselt werden, bevor sie an die Rechner- /Netz-Anwendung weitergeleitet wird.In the same way, when entering a personal PIN, which has been requested by a computer / network application, the PIN entered on the keyboard 16 can be encrypted in the chip card before it is forwarded to the computer / network application .
Anwendungen mit höchsten Sicherheitsanforderungen erfordern oftmals eine Authentisierung auf Basis biometrischer Merkmale. Mit der hier dargestellten Erfindung läßt sich dies folgendermaßen realisieren:Applications with the highest security requirements often require authentication based on biometric features. With the invention shown here, this can be achieved as follows:
Eine Anwendung 5x fordert nach erfolgreicher gegenseitiger Client-Server-Authentisierung auf Basis asymmetrischer Kryp- to-Verfahren den Benutzer als sogenannten Client auf, eine Sprechprobe abzugeben, z. B. ein vereinbartes Kennwort dreimal hintereinander in das Mikrofon 17 des Mobilfunktelefons 10 zu sprechen. Die Steuereinheit 11 leitet dann, beispielsweise veranlaßt durch einen von der Anwendung 5x bzw. vom Browser 33 übertragenen Steuercode, den digitalisierten Sprachstrom in Form eines Bitstrings an die zuständige Anwendung, z.B. 5x, weiter. Diese extrahiert aus dem empfangenen Bitstring die persönlichen Sprachmerkmale und vergleicht diese mit z. B. auf Plattenspeichern 60 abgelegten Referenzmustern 6x, um die Identität des Benutzers anhand seiner Sprechproben zu verifizieren.After successful mutual client-server authentication based on asymmetrical cryptographic processes, an application 5x asks the user to give a speech test, e.g. B. speak an agreed password three times in succession into the microphone 17 of the mobile phone 10. The control unit 11 then, for example prompted by a control code transmitted by the application 5x or by the browser 33, forwards the digitized speech stream in the form of a bit string to the responsible application, e.g. 5x, further. This extracts the personal speech features from the received bit string and compares them with e.g. B. 6x stored on disk memories 60 to verify the identity of the user based on his speech samples.
Die Erfindung schließt auch ein, daß im Rahmen einer Rechnernwendung 34 von einem Internet-Server in den Rechner 30 geladene Daten, wie z. B. Telefonlisten, Adressenlisten, Umsatzdaten, Preislisten, in den Speicher 18 des Mobilfunktelefons 10 geladen und auf der Anzeige 15 dargestellt werden können, wobei durch die Tastatur 16 eine Auswahl möglich ist. Bei einer weiteren Rechneranwendung 34 können am Mobilfunkte¬ lefon 10 eingetastete oder eingesprochene, digitalisierte Da¬ ten in den Rechner 30 übertragen und dort oder in einem Netz¬ server weiterverarbeitet bzw. später oder von anderen Perso- nen abgerufen werden.The invention also includes that in the context of a computer application 34 from an Internet server in the computer 30 loaded data such. B. phone lists, address lists, sales data, price lists, loaded into the memory 18 of the mobile phone 10 and can be shown on the display 15, with the keyboard 16 making a selection possible. In a further calculator application 34 on the mobile sparked ¬ can lephone 10 keyed or eingesprochene digitized be transferred to the computer 30 and processed there or in a network server or called ¬ NEN later or other personnel Since ¬ th.
Weiterhin ist es möglich, daß - angestoßen durch eine Rechneranwendung 34 - über die Anschlußschnittstelle 31/12 in den Speicher 18 des Mobilfunktelefons 10 Programme geladen werden können, die in der Steuereinheit 11 zeitlich entkoppelt zum Ablauf gebracht werden können.Furthermore, it is possible that - initiated by a computer application 34 - 10 can be loaded into the memory 18 of the mobile radio telephone 10 via the connection interface 31/12, which programs can be executed in a time-decoupled manner in the control unit 11.
Schließlich können auch Anwendungen/Schlüssel - angestoßen durch eine Rechneranwendung 34 - auf der Chipkarte selbst ge- ändert, gelöscht oder geladen werden.Finally, applications / keys - initiated by a computer application 34 - can also be changed, deleted or loaded on the chip card itself.
In allen Fällen kann die Übertragung von Daten, Programmen oder Anwendungen zwischen dem Mobilfunktelefon 10 bzw. der Chipkarte 14/14a und dem Rechner 30 bzw. dem Netzserver inte- gritätsgesichert oder verschlüsselt erfolgen. Die hierfür notwendigen Schlüssel sind entweder auf der Chipkarte bereits gespeichert oder werden vorher zwischen Rechner-/Netzserver- Anwendung und Chipkarte z. B. nach dem Diffie-Hellman-Verfah- ren ausgetauscht. Darüberhinaus kann das Mobilfunktelefon 10 ganz allgemein in analoger Weise für die Verschlüsselung bzw. Entschlüsselung von Daten verwendet werden.In all cases, the transmission of data, programs or applications between the mobile radio telephone 10 or the chip card 14 / 14a and the computer 30 or the network server can take place in an integrity-protected or encrypted manner. The necessary keys are either already stored on the chip card or are previously between computer / network server application and chip card z. B. exchanged according to the Diffie-Hellman method. In addition, the mobile radio telephone 10 can be used very generally in an analogous manner for the encryption or decryption of data.
Eine weitere Ausprägung der Erfindung besteht in der gemeinsamen Nutzung einer Chipkartenanwendung in GSM - und Festnet- zen. Ein Beispiel hierfür ist die elektronische Geldbörse.A further form of the invention is the shared use of a chip card application in GSM and fixed networks. An example of this is the electronic wallet.
Sie kann z. B. als Anwendung 14x auf der im Mobilfunktelefon 10 eingelegten Chipkarte 14/14a über eine Rechner-/Netz- Anwendung 33/34/5x aufgeladen werden und später während eines GSM-Telefongespräches, z. B. durch einen von der Funkvermitt- lungszentrale gesendeten Impuls in regelmäßigen Zeitabständen - entsprechend den entfernungsabhängigen Tarifen - dekremen- tiert werden. Derartiges „vorausbezahltes" Telefonieren redu- ziert das Betrugsrisiko, dem Mobilfunkbetreiber heute vielfach ausgesetzt sind, erheblich.You can e.g. B. as application 14x on the inserted in the mobile phone 10 chip card 14 / 14a via a computer / network application 33/34 / 5x and later during a GSM phone call, eg. B. can be decremented by a pulse sent by the radio switching center at regular time intervals - according to the distance-dependent tariffs. Such "prepaid" calls reduce graces the risk of fraud that mobile operators are often exposed to today.
Analoges gilt für vergleichbar ausgestattete andere Geräte mit Chipkarteneinheit, wie z.B. Fernsteuerungen im Bezahlfernsehen. The same applies to similarly equipped other devices with a chip card unit, such as Remote controls on pay TV.

Claims

Patentansprüche claims
1. Gerät (10) der Telekommunikations- und/oder Fernsteuer¬ technik mit Chipkarteneinheit (13) für eine Chipkarte (14,14a) als Berechtigungsnachweis des Benutzers und Einrichtungen (12) zur Kopplung mit einem Rechner (30), dadurch gekennzeichnet, daß das Gerät (10) bei Verwendung entsprechender Chipkarten (14a) als Kartenterminal für den Rechner (30) zum Authenti- sierungs- und Berechtigungsnachweis bei der Inanspruchnahme von auf dem Rechner verfügbaren Diensten verwendbar ist.1. Apparatus (10) for coupling to a computer (30), characterized in the telecommunications and / or remote control ¬ technology with smart card unit (13) for a chip card (14,14a) as a credential of the user, and means (12), in that the device (10) can be used when using corresponding chip cards (14a) as a card terminal for the computer (30) for authentication and authorization verification when using services available on the computer.
2. Gerät (10) nach Anspruch 1 mit angekoppeltem Rechner (30), dadurch gekennzeichnet, daß der Rechner (30) unabhängig vom Gerät (10) an ein Kommu- nikationsnetz (40) angeschlossen ist und daß das Gerät (10) als angeschlossenes Kartenterminal arbeitend für die Inanspruchnahme von Netzdiensten in dem Kommunikationsnetz (40) verwendbar ist.2. Device (10) according to claim 1 with a coupled computer (30), characterized in that the computer (30) is connected to a communication network (40) independently of the device (10) and that the device (10) as connected Card terminal working for the use of network services in the communication network (40) can be used.
3 . Gerät nach Anspruch 1 oder 2 , d a d u r c h g e k e n n z e i c h n e t , daß alle für die Nutzung des Gerätes vorhandenen Bauteile mit einer Steuereinheit (11) verbunden sind, so daß Eingaben über eine Tastatur (16) oder ein Mikrofon speicherbar und über die Schnittstelle (12) weiterleitbar sind bzw. über die Schnittstelle (12) ankommende Daten speicherbar und/oder auf einer Anzeige (15) anzeigbar sind, wobei die anzuzeigenden Daten durch die Tastatur (16) auswählbar sind.3rd Device according to claim 1 or 2, characterized in that all components available for the use of the device are connected to a control unit (11), so that inputs can be stored via a keyboard (16) or a microphone and can be forwarded via the interface (12) or Data arriving via the interface (12) can be stored and / or displayed on a display (15), the data to be displayed being selectable using the keyboard (16).
4. Verfahren zum Betreiben einer aus Gerät (10) mit gekoppeltem Rechner (30) bestehenden Gerätekombination nach Anspruch 2 oder 3, dadurch gekennzeichnet, daß vor Inanspruchnahme von ein Kartenterminal erfordernden Netzdiensten zunächst der die Rechnerschnittstelle (31) für das Gerät (10) steuernde Treiber (32) mit der benötigten Treibersoftware geladen wird.4. A method of operating a device combination (10) with a coupled computer (30) consisting of a device combination according to claim 2 or 3, characterized in that before using network services requiring a card terminal, first of all the computer interface (31) for the driver (32) controlling the device (10) is loaded with the required driver software.
5. Verfahren nach Anspruch 4, dadurch gekennzeichnet, daß die Bereitstellung der Treibersoftware durch eine von einer Anwendung (z.B. 14x) auf der Chipkarte (14,14a) signierte Anforderung erfolgt.5. The method according to claim 4, characterized in that the driver software is provided by a request signed by an application (e.g. 14x) on the chip card (14, 14a).
6. Verfahren nach Anspruch 4 oder 5 in Verbindung mit einem Mobilfunktelefon als Gerät, dadurch gekennzeichnet, daß die Treibersoftware über das Kommunikationsnetz (40) von einem Server des Mobilfunknetz-Betreibers auf Anforderung in den Treiber (32) des Rechners (30) geladen wird und daß anhand der Signierung der Treibersoftware mit einem privaten Schlüssel in Verbindung mit dem zugehörigen öffentlichen Schlüssel auf der Chipkarte (14/14a) das Vorliegen der au- thentischen Treibersoftware automatisch überprüft wird.6. The method according to claim 4 or 5 in connection with a mobile radio telephone as a device, characterized in that the driver software is loaded over the communication network (40) from a server of the mobile network operator on request in the driver (32) of the computer (30) and that the presence of the authentic driver software is automatically checked on the basis of the signing of the driver software with a private key in conjunction with the associated public key on the chip card (14 / 14a).
7. Verfahren nach einem der Ansprüche 4 bis 6, dadurch gekennzeichnet, daß nach Aufbau einer Verbindung vom Rechner (30) aus über das Kommunikationsnetz (40) zu einem Dienstanbieter (50) in Verbindung mit dem Gerät (10) als Kartenterminal Chipkartenanwendungen auswählbar und ausführbar sind.7. The method according to any one of claims 4 to 6, characterized in that after establishing a connection from the computer (30) via the communication network (40) to a service provider (50) in connection with the device (10) as a card terminal chip card applications and selectable are executable.
8. Verfahren nach Anspruch 7, dadurch gekennzeichnet, daß das Gerät (10) als Kartenterminal des Rechners (30) zur Verschlüsselung von sensiblen Daten verwendet wird.8. The method according to claim 7, characterized in that the device (10) is used as a card terminal of the computer (30) for encrypting sensitive data.
9. Verfahren nach Anspruch 7 oder 8, dadurch gekennzeichnet, daß im Rahmen einer laufenden Anwendung benötigte hochsensible Daten wie persönliche Geheimzahl (PIN) oder Geldbeträge über die Tastatur (16) des Gerätes (10) eingegeben und von der Steuereinheit (11) in Verbindung mit der Chipkarte (14,14a) verschlüsselt weitergeleitet werden.9. The method according to claim 7 or 8, characterized in that required in the context of an ongoing application highly sensitive data such as personal PIN (PIN) or amounts of money Entered via the keyboard (16) of the device (10) and forwarded encrypted by the control unit (11) in connection with the chip card (14, 14a).
10. Verfahren nach Anspruch 7 oder 8, dadurch gekennzeichnet, daß als Berechtigungsnachweis oder zur Kontrolle auch über ein Mikrofon eingegebene Kontrollwörter an die Kontrollinstanz der eröffneten Anwendung weitergeleitet werden, so daß in Verbindung mit hinterlegten Referenzmustern eine Verifizierung des Benutzers durchführbar ist.10. The method according to claim 7 or 8, characterized in that as proof of authorization or for control control words entered via a microphone are forwarded to the control instance of the opened application, so that a verification of the user can be carried out in connection with stored reference patterns.
11. Verfahren nach einem der Ansprüche 7 bis 10, dadurch gekennzeichnet, daß im Rahmen einer Anwendung vom Rechner (30) übernommene Daten an den Speicher (18) des Gerätes (10) weitergeleitet werden.11. The method according to any one of claims 7 to 10, characterized in that in the context of an application data received from the computer (30) are forwarded to the memory (18) of the device (10).
12. Verfahren nach Anspruch 11, dadurch gekennzeichnet, daß die vom Rechner (30) übertragenen Daten zur Änderung der Daten in einem Chip der Chipkarte (14,14a) dienen.12. The method according to claim 11, characterized in that the data transmitted by the computer (30) serve to change the data in a chip of the chip card (14, 14a).
13. Verfahren nach Anspruch 12 in Verbindung mit einem Funk- telefon als Gerät, dadurch gekennzeichnet, daß bei einer als Geldkarte dienenden Chipkarte (14,14a) die während einer Funkverbindung des Mobilfunktelefons (10) eintreffenden Gebührenimpulse eine Abbuchung des entsprechenden Geldbetrages bewirken. 13. The method according to claim 12 in connection with a radio telephone as a device, characterized in that in the case of a chip card serving as a cash card (14, 14a), the charge impulses arriving during a radio connection of the mobile radio telephone (10) cause the corresponding amount of money to be debited.
PCT/DE1998/001516 1997-06-12 1998-06-03 Telecommunication and/or remote control device with a chip card unit, same device with a coupled computer for internet or network applications WO1998057510A2 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
EP98936094A EP1002437A2 (en) 1997-06-12 1998-06-03 Telecommunication and/or remote control device with a chip card unit, same device with a coupled computer for internet or network applications and method for operating such a combination of devices
CA002293554A CA2293554A1 (en) 1997-06-12 1998-06-03 Telecommunication and/or remote control device with a chip card unit, same device with a coupled computer for internet or network applications

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE19724901.9 1997-06-12
DE19724901A DE19724901A1 (en) 1997-06-12 1997-06-12 Mobile radio telephone and those with a coupled computer for Internet or network applications and method for operating such a combination of devices

Publications (2)

Publication Number Publication Date
WO1998057510A2 true WO1998057510A2 (en) 1998-12-17
WO1998057510A3 WO1998057510A3 (en) 1999-04-22

Family

ID=7832301

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/DE1998/001516 WO1998057510A2 (en) 1997-06-12 1998-06-03 Telecommunication and/or remote control device with a chip card unit, same device with a coupled computer for internet or network applications

Country Status (4)

Country Link
EP (1) EP1002437A2 (en)
CA (1) CA2293554A1 (en)
DE (1) DE19724901A1 (en)
WO (1) WO1998057510A2 (en)

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE10007083A1 (en) * 2000-02-16 2001-08-23 Turhan Guenaydin Card reader for electronic goods ordering system, has read heads that communicate with processor through optocouplers
WO2001095218A1 (en) * 2000-06-05 2001-12-13 Wirca, Inc. A method and apparatus for executing tasks remotely
EP1278143A1 (en) * 2000-04-24 2003-01-22 Neotechkno Corporation External device and authentication system
US6882729B2 (en) 2002-12-12 2005-04-19 Universal Electronics Inc. System and method for limiting access to data
US7043456B2 (en) * 2000-06-05 2006-05-09 Telefonaktiebolaget Lm Ericsson (Publ) Mobile electronic transaction personal proxy
US7180876B1 (en) 2001-05-14 2007-02-20 At&T Corp. Mobile device having network interface selection
CN100342356C (en) * 2004-09-14 2007-10-10 乐金电子(中国)研究开发中心有限公司 Mobile communication terminal and its control method having on-line banking function
US7907935B2 (en) 2003-12-22 2011-03-15 Activcard Ireland, Limited Intelligent remote device
US8209753B2 (en) 2001-06-15 2012-06-26 Activcard, Inc. Universal secure messaging for remote security tokens
US10417849B2 (en) 2003-12-22 2019-09-17 Assa Abloy Ab Entry control system
US10554393B2 (en) 2003-04-29 2020-02-04 Assa Abloy Ab Universal secure messaging for cryptographic modules

Families Citing this family (26)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE59803145D1 (en) 1997-10-28 2002-03-28 Brokat Infosystems Ag METHOD FOR DIGITALLY SIGNING A MESSAGE
DE19747603C2 (en) * 1997-10-28 2001-07-05 Brokat Informationssysteme Gmb Method for digitally signing a message
US7386727B1 (en) 1998-10-24 2008-06-10 Encorus Holdings Limited Method for digital signing of a message
FI111760B (en) 1999-04-16 2003-09-15 Metso Automation Oy Wireless control of a field device in an industrial process
FR2795264B1 (en) * 1999-06-16 2004-04-02 Olivier Lenoir SYSTEM AND METHODS FOR SECURE ACCESS TO A COMPUTER SERVER USING THE SAME
US7050993B1 (en) * 2000-04-27 2006-05-23 Nokia Corporation Advanced service redirector for personal computer
JP3456528B2 (en) * 2000-05-10 2003-10-14 日本電気株式会社 Mobile phone and data concealment method
DE10044139A1 (en) * 2000-09-06 2002-04-18 Giesecke & Devrient Gmbh Process for securing digital goods when sold over a computer network
US7363486B2 (en) 2001-04-30 2008-04-22 Activcard Method and system for authentication through a communications pipe
US7316030B2 (en) 2001-04-30 2008-01-01 Activcard Ireland, Limited Method and system for authenticating a personal security device vis-à-vis at least one remote computer system
US20020162021A1 (en) 2001-04-30 2002-10-31 Audebert Yves Louis Gabriel Method and system for establishing a remote connection to a personal security device
WO2002091316A1 (en) 2001-04-30 2002-11-14 Activcard Ireland, Limited Method and system for remote activation and management of personal security devices
US20020194499A1 (en) * 2001-06-15 2002-12-19 Audebert Yves Louis Gabriel Method, system and apparatus for a portable transaction device
DE10135527A1 (en) * 2001-07-20 2003-02-13 Infineon Technologies Ag Mobile station for mobile communications system with individual protection code checked before access to requested service or data is allowed
US7162631B2 (en) 2001-11-02 2007-01-09 Activcard Method and system for scripting commands and data for use by a personal security device
JP3902453B2 (en) * 2001-11-19 2007-04-04 富士通株式会社 Electronic money processing method, program, and recording medium
FR2832576A1 (en) * 2001-11-20 2003-05-23 Schlumberger Systems & Service Mobile user supplier identification process uses authentication function
DE10159398A1 (en) 2001-12-04 2003-06-12 Giesecke & Devrient Gmbh Store and access data in a mobile device and a user module
US20030167399A1 (en) * 2002-03-01 2003-09-04 Yves Audebert Method and system for performing post issuance configuration and data changes to a personal security device using a communications pipe
DE10350647A1 (en) * 2003-10-29 2005-06-09 Francotyp-Postalia Ag & Co. Kg Mobile data transmission involves transmitting data via at least one mobile first transmitter, whereby transmitted data contain first data that are authenticated using cryptographic arrangement
EP1646976A4 (en) 2003-06-04 2008-02-27 Mastercard International Inc Customer authentication in e-commerce transactions
US7595130B2 (en) * 2003-11-06 2009-09-29 Ube Industries, Ltd. Battery separator and lithium secondary battery
US7299567B2 (en) 2004-06-17 2007-11-27 Nike, Inc. Article of footwear with sole plate
DE102004051403B4 (en) * 2004-10-21 2007-03-08 Siemens Ag Mobile communication terminal with authentication device, network device containing such device and authentication method
US7831520B2 (en) 2005-06-28 2010-11-09 Ebay Inc. Mobile device communication system
EP2600270A1 (en) 2011-12-02 2013-06-05 Deutsche Telekom AG Identification element-based authentication and identification with decentralised service use

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1996025828A1 (en) * 1995-02-15 1996-08-22 Nokia Mobile Phones Ltd. A method for using applications in a mobile station, a mobile station, and a system for effecting payments
WO1996032700A1 (en) * 1995-04-11 1996-10-17 Au-System Improvements in or relating to electronic wallets
DE19538842A1 (en) * 1995-10-19 1997-04-24 Walter Dipl Ing Siepmann Mobile telephone with connection to data processing system

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4455226A (en) * 1980-12-22 1984-06-19 Solmat Systems, Ltd. Method and apparatus for treating the surface of a body of liquid
FI107101B (en) * 1993-02-01 2001-05-31 Nokia Mobile Phones Ltd Connecting a Computer to a Radiotelephone
TW249877B (en) * 1993-11-23 1995-06-21 Bellsouth Int Inc
DE9415302U1 (en) * 1994-09-20 1995-01-26 Koehler Juergen Mobile phone with reading and application unit for multifunction cards
DE29520925U1 (en) * 1995-04-25 1996-10-17 Philips Patentverwaltung Mobile device with a card reader

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1996025828A1 (en) * 1995-02-15 1996-08-22 Nokia Mobile Phones Ltd. A method for using applications in a mobile station, a mobile station, and a system for effecting payments
WO1996032700A1 (en) * 1995-04-11 1996-10-17 Au-System Improvements in or relating to electronic wallets
DE19538842A1 (en) * 1995-10-19 1997-04-24 Walter Dipl Ing Siepmann Mobile telephone with connection to data processing system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
COMBANIERE C: "NOUVELLES POSSIBILIT S DE PAIEMENT" REE: REVUE GENERALE DE L ELECTRICITE ET DE L ELECTRONIQUE, Nr. 4, 1. Oktober 1995, Seiten 57-65, XP000533330 *

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE10007083A1 (en) * 2000-02-16 2001-08-23 Turhan Guenaydin Card reader for electronic goods ordering system, has read heads that communicate with processor through optocouplers
EP1278143A1 (en) * 2000-04-24 2003-01-22 Neotechkno Corporation External device and authentication system
EP1278143A4 (en) * 2000-04-24 2006-09-06 Neotechkno Corp External device and authentication system
WO2001095218A1 (en) * 2000-06-05 2001-12-13 Wirca, Inc. A method and apparatus for executing tasks remotely
US7043456B2 (en) * 2000-06-05 2006-05-09 Telefonaktiebolaget Lm Ericsson (Publ) Mobile electronic transaction personal proxy
US7180876B1 (en) 2001-05-14 2007-02-20 At&T Corp. Mobile device having network interface selection
US8209753B2 (en) 2001-06-15 2012-06-26 Activcard, Inc. Universal secure messaging for remote security tokens
US6882729B2 (en) 2002-12-12 2005-04-19 Universal Electronics Inc. System and method for limiting access to data
US8254576B2 (en) 2002-12-12 2012-08-28 Universal Electronics, Inc. System and method for limiting access to data
US10554393B2 (en) 2003-04-29 2020-02-04 Assa Abloy Ab Universal secure messaging for cryptographic modules
US7907935B2 (en) 2003-12-22 2011-03-15 Activcard Ireland, Limited Intelligent remote device
US10417849B2 (en) 2003-12-22 2019-09-17 Assa Abloy Ab Entry control system
CN100342356C (en) * 2004-09-14 2007-10-10 乐金电子(中国)研究开发中心有限公司 Mobile communication terminal and its control method having on-line banking function

Also Published As

Publication number Publication date
EP1002437A2 (en) 2000-05-24
DE19724901A1 (en) 1998-12-17
CA2293554A1 (en) 1998-12-17
WO1998057510A3 (en) 1999-04-22

Similar Documents

Publication Publication Date Title
WO1998057510A2 (en) Telecommunication and/or remote control device with a chip card unit, same device with a coupled computer for internet or network applications
EP1240631B1 (en) Payment transaction method and payment transaction system
WO2000017833A1 (en) Method and system for paying for goods or services
EP1145200A1 (en) Method and system for transacting payments
US20020169874A1 (en) Tailorable access privileges for services based on session access characteristics
EP1231578A2 (en) Method and system for implementing cashless payment transactions
CA2512882A1 (en) Architecture of simplified hardware requirements for bank card payment transactions in a large group of clients, transaction terminal unit, extended function sim card, and methods for individualisation and performing transaction
US20030026396A1 (en) Method of executing transactions of electronic money amounts between subscriber terminals of a communication network, and communication network, transaction server and program module for it
US20040029570A1 (en) Method and apparatus for electronic payment through mobile communication devices
CN105956839A (en) Payment method and payment device applied to smart home platform
DE19609232C2 (en) Method and device for universal and secure access to offered multimedia services via the telephone network
DE60122912T2 (en) METHOD FOR DELIVERING IDENTIFICATION DATA OF A PAYMENT CARD TO A USER
DE10262183B4 (en) Mobile telecommunication device and smart card system
EP1081919A1 (en) Method to give authorization for payments of goods and/or services bought over the Internet in data transmission systems
EP1437668B1 (en) Method for conducting a cashless payment of goods or services using a mobile radio terminal
DE10136414A1 (en) Method for purchasing a service offered via a data network in return for a payment transaction lets a user apply an end user system to order a service from a service provider and link the whole process via a secure user-defined identifier.
KR100451714B1 (en) method for credit exchange and electronic payment using radio terminal
KR100963923B1 (en) System and Method for Processing Settlement of Both Direction Communication Expense and Program Recording Medium
EP1102150A2 (en) Method for internet user identification
WO2004057547A1 (en) Method and system for transmission of data
DE19929251A1 (en) Method and device for establishing communication between a user device and a network
DE10031220C2 (en) Method and device for processing a transaction in an electronic communication network
KR100976521B1 (en) System and Method for Processing Gift Request of Communication Expense and Program Recording Medium
DE202004010932U1 (en) Terminal, in particular for a payment system for carrying out an electronic payment process
EP1455316A1 (en) Electronic token based transaction method and system

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): CA JP US

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE

DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
121 Ep: the epo has been informed by wipo that ep was designated in this application
AK Designated states

Kind code of ref document: A3

Designated state(s): CA JP US

AL Designated countries for regional patents

Kind code of ref document: A3

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE

WWE Wipo information: entry into national phase

Ref document number: 1998936094

Country of ref document: EP

ENP Entry into the national phase

Ref document number: 2293554

Country of ref document: CA

Ref country code: CA

Ref document number: 2293554

Kind code of ref document: A

Format of ref document f/p: F

WWE Wipo information: entry into national phase

Ref document number: 09445692

Country of ref document: US

NENP Non-entry into the national phase

Ref country code: JP

Ref document number: 1999501297

Format of ref document f/p: F

WWP Wipo information: published in national office

Ref document number: 1998936094

Country of ref document: EP

WWW Wipo information: withdrawn in national office

Ref document number: 1998936094

Country of ref document: EP