DE19809043A1 - Method and device for universal and secure access to telephone networks - Google Patents

Abstract

The invention relates to a method and device for universal protected access to networks, especially to telephone networks, using a calling card system, whereby subscribers must identify themselves to the system. If the identification is correct, the subscriber is granted access to the system. The subscriber receives the desired service which is charged to the identification. A mobile data carrier (1) is used as an identification and automatically sends the I.D., especially in the form of a biometric characteristic, using a specially equipped terminal (2,3) over a switched, mobile or fixed network to a central computer (6) or a unit that verifies identification (8). If the identification characteristics are stored in a mobile data carrier (1), profile evaluation is carried out first in the central computer (6) or identification verification unit (8) to improve security. A plausibility test is, for example, subsequently carried out. This involves checking whether it is possible for the identifier to be present at a specific terminal (2,3). If utilization occurred only a few hours earlier from a remote location, it is highly unlikely that the subscriber is authentic. Once verification of the subscriber's identification proves to be positive, the system automatically provides the subscriber with user facilities that are stored, for instance, in a data base (7) which is connected to the central computer (6).

Description

The invention relates to a method and a device for universal and secure access to telephone networks with mobile accessibility of the user, especially to Telephone networks according to the preamble of claim 1 for the method or claim 6 for the Contraption.

Mediation equipment by a user can be reached via toll-free numbers common knowledge today. After successful selection of the mediation equipment has the user towards the switching technology facility identify. This is usually done by input an identification number, for example using the keyboard on a telephone, using tone dialing or by voice input. The identification numbers can be specific Features or an existing credit in one certain currency or certain telephone units be assigned. The user can then Features or the credit after successful Get identification. An essential feature of this The procedure is that there is no special terminal is required (tone dialing / voice input is sufficient) and drop by dialing in on a toll free basis Call no cost. Because the identifier "paid" - or "still to be paid" character are either a certain fixed with the identification Credit or an open accounting process comparable that of a normal telephone connection can be linked. Furthermore, with each individual identification special individual performance features can be linked.  

These so-called calling card systems are usually based on a central control unit with appropriate Database or a central computer.

Under the name Virtual Calling Card (VCC) is in the A service has been introduced to USA to serve customers made possible by specifying an access code with a PIN (Personal Identification Number), from everyone to make calls from any telephone. The Fees are billed to the customer assigned account. This service is increasingly gaining in Europe is important, for example in "German Telekom AG vision "February 1995, pages 44 and 45, the T-Card with Connect Service from Deutsche Telekom described. This article also states that the Range of services from the phone card to Credit card stretches. For example, in paragraph 4.1.2.1, from page 61 of the book "Chip Cards as a Tool" by Beutelsberger, Kersten and Pfau described how Memory chip cards for authenticity through application known challenge-response procedures can be checked. With these chip cards with the help of a terminal or Card reader possible to identify the card and on Check plausibility. In a built in the terminal Authentication is carried out in the security module. For this purpose, the security module receives the chip data and calculates one in the on the basis of a system key Memory chip card located individual Card key. There is also a method for checking Memory chip cards known from DE 196 04 349 A1, the a two or multiple authentication with the help cryptographic functions and with the help of a terminal enables. The disadvantage of this method and described Systems is that they specify a Identification feature, for example a card number, by the user. For security reasons  this card number should be as many digits as possible. The information of the ID feature by the user can be compared to one Machine or an intermediate operator respectively. However, this procedure is due to the Versatility of the ID feature lengthy and in comparison complicated with the usual telephony. The awkward This keeps many potential users from handling intensive use of so-called calling card Systems.

The invention is therefore based on the object Method and device for universal and secure access to networks, especially the telephone network to create, with the participants facing each other Identify system and individual usage profile is checked and after correct identification of the Participant access to the system and thus to the receives the desired service, billing the Identification is assigned, the identification is mobile and / or biometric identifications to Come into play.

The solution for the method according to the invention is in Characteristic of claim 1 characterized.

The solution for the device according to the invention is in Characteristic of claim 6 characterized and described.

Further solutions or designs for the Methods according to the invention are in the characteristics of Claims 2 to 5 indicated and for the device specified in the characterizing part of claims 7 to 9.

Although biometric identifications for security systems of all types are generally known  this identification above all has the advantage that biometric features can be saved on chip cards can and after entering the identification first also a profile evaluation made in the central computer can be. For example, it is checked whether it is plausible is that the participant on the respective input device can stop at all. If only a few hours beforehand usage took place from a remote location, then is most likely not the participant authentic. Furthermore, the inventive Method and device under the Identification check against a usage profile checked how often, when, from which location, with what sales and what usage characteristics become Example used. With that, the Calling card systems are easier and easier to use safer. The response times to recognized Security problems are compared to the previous one Procedure much shorter and the assignment of Features for identification can now be found in central computer or in a central control unit of the mediation equipment are made.

Further advantages, features and possible applications of the present invention, both for the network operator and the network operations as well as for the user arise from the following description in connection with the in the drawing shown embodiments.

The invention is described below with reference to the drawing illustrated embodiments described in more detail. In the description, in the claims, the Summary and in the drawing are those in the list of reference numerals given below Terms and associated reference numerals used.  

In the drawing:

Fig. 1 is a schematic diagram for explaining the method according to the invention;

Figure 2 is another schematic diagram for explaining the method according to the invention.

Fig. 3a shows a basic diagram for a user behavior pattern or profile of a subscriber;

Fig. 3b is a diagram showing the presence of a participant in places depending on the time and

FIG. 3c is a diagram for withdrawn by customers in claim services.

In Fig. 1, two terminals 2 and 3 are shown, which have a reading device for the identification of a subscriber. These terminals 2 and 3 are each used by a mobile data carrier 1 for identification with the system, in particular the calling card system. Alternatively, the biometric identifications shown in principle below, for example, can also be carried out, for example using iris recognition, using fingerprint recognition or using special speech features. In the present example, terminal 2 is connected to the calling card system via a dial-up network 4 . In the present example, this consists of a central computer 6 which is connected to a database 7 and a unit for identification 8 . In the calling card system, the identification is checked and the performance features are assigned for identification. After the participant has been correctly identified, they receive access to the system and then the desired service. This can be, for example, a transfer to a desired subscriber, the billing being assigned to the identification. As already stated, a mobile data carrier 1 is used in this method as identification, which automatically sends the identification to a specially equipped terminal 2 or 3 . For example, a biometric feature or two biometric features or more are transmitted as identification for the purpose of greater security. After checking the identification in the unit for identification check 8 , the performance features are assigned to the respective identification. Identification can be increased in the security standard, for example, by additional secret information, for example a personal identification number. Above all, it is also interesting to combine the biometric identification features, for example the iris, the fingerprint and / or the language features for subscriber identification. This significantly increases the security standard without complicating the test procedures. The biometric identification in the form of iris, fingerprint and / or language features can above all be stored in addition to the existing security identifications, such as a personal identification number. As a result, it is also possible to subject the participant to a check in advance of the biometric features stored on the chip card, for example, using the iris 10 , a fingerprint 11 or language features 12 of a subscriber.

In Fig. 2 is a schematic representation, in turn, is shown a system for carrying out the method. It again consists of a dial-up network 4 or a direct connection 5 which are connected on one side to an identifier 9 and on the other side to the central computer 6 , which in turn is connected to a database 7 . The identifier 9 can again identify itself with the help of a mobile data carrier by means of biometric identification features. Type testing of the identification of the biometric features can be done by storing the properties on the chip card. After entering the identification, for example using a chip card, biometric properties, entering numbers, etc., a profile evaluation is first carried out in the central computer 6 . A check is carried out, for example, to determine whether it is plausible for the subscriber to be at the terminal at all. For this purpose, a user profile is stored in the unit for the identification check 8, for example, which indicates the location and the day on which a particular subscriber or the identifier 9 was or is located. Such a diagram is shown in Fig. 3b. For example, if an identification or use has already taken place at a distant location a few hours before the current identification, then the participant is very likely not authentic. In Fig. 3a, the use behavior of a Identifikanten 9 is shown as an example in which, for example, the transactions effected are shown in a day or over several days. This profile is then also saved in the unit for the identification check and is updated again and again. Furthermore, as part of the identification check, a check is carried out against a usage profile shown in FIG. 3c, ie it is checked how often, when, from which location, with which turnover which usage properties are used in each case. For this purpose, the customers C1 to C3 are shown in the diagram on the vertical and the services DLa to DLd used on the horizontal.

Reference list

1

mobile disk

2nd

,

3rd

Terminals

4th

Dialup network

5

Direct connection

6

Central computer

7

Database

8th

Identification verification unit

9

Identical

10th

Eye (iris)

11

fingerprint

12th

Language or language characteristics
U sales
O place
T day
C customer
DL service

Claims (9)

1. Method for universal and secure access to networks, in particular telephone networks with a calling card system, in which subscribers identify themselves and after correct identification the subscriber is granted access to the system that he then receives the desired service, the billing being assigned to the identification is characterized by
that a mobile data carrier ( 1 ) is used as identification means via terminals ( 2 and / or 3 ) equipped with reading devices for identification and
that the identification as a biometric feature ( 10 to 12 ) is automatically sent via the terminals ( 2 and / or 3 ), via networks ( 4 and / or 5 ) to an identification verification unit ( 8 ) of the calling card system for the purpose of identity verification. 2. The method according to claim 1, characterized featured, that identification in encrypted form, in particular a biometric feature becomes. 3. The method according to any one of claims 1 or 2, characterized in that individual features are assigned to the subscriber and stored centrally, which are retrieved by the central computer ( 6 ) from a database ( 7 ). 4. The method according to any one of claims 1 to 3, characterized, that the participant has individual features that stored in the system. 5. The method according to any one of claims 1 to 4, characterized in that in addition to identification as a biometric feature ( 10 to 12 ) secret information, in particular a personal identification number (PIN) via the terminals ( 2 or 3 ) from the mobile data carrier ( 1 ) can be entered. 6. Device for performing the method according to a or more of claims 1 to 5, characterized featured, that a chip card with memory and Processor units the properties for testing the Identification of biometric features in one contains certain memory area. 7. A device for performing the method according to one or more of claims 1 to 5, characterized in that the terminals ( 2 and / or 3 ) are equipped with a reading device for identification and furthermore devices for receiving the biometric features ( 10 to 12 ) of an identifier ( 9 ). 8. A method of operating the device according to claims 6 or 7, characterized in that after the identification has been entered, for example by means of a chip card, biometric properties or features, special number entry, etc., a profile evaluation is first carried out in the central computer ( 6 ), which records and stores certain profile features of the participants and can automatically call them up for a plausibility check with regard to the identifier ( 9 ). 9. The method according to claim 8, characterized in that the profile features of the identifier ( 9 ) in the mobile data carrier ( 1 ) and / or in the terminal ( 2 , 3 ) and optionally in the unit for identification verification ( 8 ) are stored and automatically always on kept up to date.