DE19846452A1 - Access control method for access-restricted system e.g. for mobile radio and pay TV-system - Google Patents

Abstract

The method of monitoring access to a access-restricted system, such as a television (TV) receiver, involves deriving identification information from the user information which is stored on a user-specified smart-card (11) for a mobile telephone (3). The identification information of the mobile telephone is scanned and from the obtained identification information it is judged whether access authorisation for use of the system by the respective use is allowed or not. An independent claim is given for the access-restricted system.

Description

The present invention relates to a method for control le of access to a restricted system as well as a corresponding access restricted system, with certain Access restricted system functions by one user only if you have the appropriate access authorization can be used.

The problem of access or access control and / or User identification turns up for many applications, such as e.g. B. for data or information services. With the help of a Access or access control is the access to the respective service only allowed to those who are authorized to do so or where access is desired. The user ident Specification can be used for services, for example, which anyone can access, but the respective user must pay for the corresponding service. The access control and user identification is in particular special to design such that a legally verifiable documentation is created that provides information about access and the respective user.

Solutions for reliable access control are already in place known for the mobile and pay TV sector. To do this suggested using vendor-specific storage cards (Smart Card), the identification information of the contain the respective user, on the respective available service to be able to access, so that according to Iden tification of the user, for example, a corresponding one Mobile phone used or television broadcasts of a pay TV Provider can be considered.  

Propose this for different technical areas However, solutions for access control are not uncommon compatible with each other. Rather, usually everyone Service providers have their own access control and identification tion process offered, so that due to the increasing An number of different services or service providers the number of different access control and IDs certification process is increasing. However, this means that for different services or for different services providers who are also referred to as service providers, un Different memory cards, which can also be used as smart cards are drawn, are necessary so that one and the same user towards different services or Can identify service providers. For example the DVB standard control units adopted in 1998 in the form of so-called set-top boxes that have up to four slots Have (slots) for such memory cards, so on un different services from several service providers can be gripped.

It is obvious that the solution described above for the use of different services or service providers on the one hand results in very complex hardware requirements and on the other hand is not very user-friendly because and the same user to access different ones Services, for example, from one and the same service with the help of different memory cards, which the contain corresponding identification information, iden must certify. These memory cards are before use to procure separately, which is an increased effort and Delay in actual use for the user Consequence.

The present invention is therefore based on the object a method of controlling access to an access point restricted system and a corresponding access restriction propose system, with particular access to  different services or different services provider can be facilitated.

This task is accomplished by a process with the characteristics of Claim 1 or a system with the features of the claim 20 solved. The subclaims each describe preferred ones and advantageous embodiments of the present invention dung.

According to the present invention, a mobile phone is used Identification of a user against an access code restricted system used. The identification information about the mobile phone and the queried identification information assesses whether a Access authorization for the use of the restricted access system for the respective user. Is this the case, the access restricted system for the user zer unlocked so that the user can access it limited system implemented service or son any data, information or goods deliveries etc. can take up.

The present invention takes advantage of the fact that for the use of mobile phones anyway user information tions are required, which are usually based on so-called SIM cards (Subscriber Identity Module) are available. Want a Users use a cell phone and use the services of an ent speaking mobile network operator must take he first such a SIM card with his user Formations in a suitable on the mobile phone hene interface push so that through the mobile network operates the user particularly with regard to the fees recording can be identified in a legally verifiable manner can. This user information that is required for use nes mobile phone are available anyway, according to the existing ing invention now also for the identification of the respective user compared to the restricted system  used. In this way an open system can be created because the identity transmitted by the mobile phone access control information on difference services from different service providers can be.

The combination of a mobile phone is particularly advantageous with a control unit that provides the identification information tions received by the mobile phone, and a television. In this case, the control device on the one hand has a transmission and receiving part for sending and receiving information according to a mobile corresponding to the respective mobile phone radio standard. Furthermore, the control unit has an emp catcher for digital and / or analog television signals. The control unit evaluates the requested identification information mations of the mobile phone and assesses whether a Zu grip authorization for the through the identification information tion specified user is available. Is that the case, the television signals received by the control unit, if necessary in decrypted form, the television or a television-capable screen, so that the User the function of the restricted TV in Can claim. This restricted system can particularly advantageous for the use of pay-per- Use services, in the present case for pay-TV services be det, with a corresponding service provider after Determination of an access authorization for the identified ten user to the control unit a key online Ver provision, with the help of which data of the service provider, in the present case analog and / or digital television signals le, are decrypted and output by the control unit can (in the present case via a television-capable picture umbrella).

In addition, the present invention can also be used for Access control to a personal computer with internet access be applied, for example, to collect the fees  to facilitate or restricted certain inter net content, such as content particularly harmful to young people, unlock.

The present invention can also be used, for example, for elec tronic purchase transactions, contracts, etc. applied be, by combining the mobile phone with egg ner ad unit, e.g. B. a television-capable screen, generally ordered or corresponds to goods or services appropriate contracts can be concluded.

Also, by using the present invention any home devices, such as B. doors or household appliances, after determination of an access authorization by the user control via mobile phone, according to the present control device proposed with the invention with a house network, e.g. B. a so-called EIB bus network, can be combined. To For this purpose, the control device has a corresponding one Interface to the devices connected to the network to be able to control. The interface can depend on that network system used, in particular an EIB bus Interface or a PLC interface (Power Line Carri he is. The combination with the mobile phone can do that Control device then restricted access to the entire household, such as B. washing machines, kitchen appliances, heaters, lighting equipment etc., control.

The according to the present invention for detecting egg Access authorization check to be carried out (Verification) of the user or identification information that exist through the use of the mobile phone, can be done in three different places. This identification information can (for example by starting a corresponding verification procedure from the control unit) autonomously in the mobile phone itself, in the control unit (after querying the identification information tion from the mobile phone) or an appropriate one  Service or verification provider, in particular with the Mobile network operators can be identical, are checked.

The present invention is hereinafter referred to to the attached drawing based on a preferred embodiment example explained in more detail.

Fig. 1 shows a simplified representation of the basic structure of an access-restricted system of the invention, and

Fig. 2 shows a block diagram of a preferred embodiment of an access-restricted exporting approximately system of the invention.

The example shown in FIG. 1 of a system with limited grip according to the invention comprises, as essential components, a control unit 2 and a mobile telephone 3 In the example shown in Fig. 1, the control unit 2 is connected to an ISDN fixed telephone line 4 and a TV-capable screen 1 or a corresponding television set. The control unit 2 is designed in particular in the form of a so-called set-top box and has a transmitting and receiving part (not shown in FIG. 1) for a mobile radio connection with the mobile telephone 3 . In addition, the control unit 2 has, for example, a receiver part (not shown in FIG. 1) in order to be able to receive digital or analog television signals from a corresponding television station or a corresponding TV service provider.

The basic functioning of the system shown in FIG. 1 will be explained below.

To use the mobile phone 3 , a user must identify himself ge compared to the corresponding mobile network operator. For this purpose, a so-called SIM card (Subscriber Identity Module) is usually used, which is pushed into the mobile phone 3 before it is put into operation and contains user-specific information that is used to establish the access authorization when establishing a cellular connection from the base station of the cellular network operator be queried.

According to the present invention, this user information is transmitted from the mobile phone 3 to the control unit 2 or queried from the mobile phone and thus also used to identify the user with respect to the access-restricted system shown in FIG. 1. The control unit 2 evaluates the user information received from it and switches, for example, the analog / digital television signals received with the corresponding reception part after determining an access authorization to the television set 1 after they have been decrypted, if necessary. Furthermore, it is possible in the system shown in FIG. 1 to conduct a conventional telephone call via the ISDN landline after determining an access authorization via the mobile telephone 3 and the ISDN telephone connection 4 .

The present invention thus generally enables a user to be identified with the help of the user data which is present when using a mobile telephone 3 in order to be able to activate any data or information services in a system with restricted access in a controlled manner. The present invention is therefore particularly suitable for so-called pay-per-use services such. B. for Pay TV, the control unit 2 shown in FIG. 1 with the corresponding service provider, for. B. a TV station, is connected, and depending on the evaluation of the identification information of the handset 3, the data provided by the service provider provides the user of the handset 3 and outputs it via an output device 1 . In particular, it is possible, for example, via a browser (Electronic Program Guide, EPG) which runs in the control unit or the set-top box 2 to have a specific pay-per-use service, such as, for. B. a pay-TV service to select, after selecting a service the service provider ter can download software to the control unit 2 and, if necessary, from there to the cell phone 3 , which correspond to the aforementioned SIM card of the cell phone 3 or one de evaluates input and / or ensures tap-proof transmission of data between the service provider and the control unit 2 . With the help of this software z. B. started a certain algorithm that requires the entry of a SIM card of the mobile phone 3 matching PIN number on the keyboard of the mobile phone 3 . The input result is from the mobile phone 3 back to the control unit 2 and from there z. B. by phone, ie online, transmitted to the corresponding service or verification provider. If the verification provider, the mobile phone or the control device determines that the user identified by the SIM card and the PIN number has access authorization, the service provider or verification provider then sends the code or key suitable for the data it offers online, so that the data can be transmitted through the Control unit 2 can be decoded or decrypted. The control unit 2 then decrypts the data provided by the service provider for the pay-per-use service and outputs it via the display device 1 shown in FIG. 1. Of course, output via speakers or the like is also possible.

From the above description it can be seen that the prior invention is not only applicable to the preferred application area explained with reference to FIG. 1, in particular digital television sets. Rather, the present invention can preferably be used wherever access-restricted data, services, goods or information from corresponding data, service, goods or information service providers are made available. This means that the invention can in principle be used for all electronic commercial applications.

Hereinafter, a detailed embodiment of the present invention with reference to Fig. 2 will be explained.

The access-restricted system shown in FIG. 2 initially includes the display or output device 1 already shown in FIG. 1 for outputting offers from the data, service, goods or information providers and / or by means of the same, which is also already shown in FIG. 1 explained control device 2 unlocked data or information from a corresponding service provider. The output device 1 comprises a display unit 19 , for example in the form of a TV-compatible screen already explained above, and a speaker 18 assigned to this display unit 19 , so that information can be output optically and acoustically. In addition, the output device 1 has a (not shown) digital or analog data interface for receiving data from the control unit 2 .

The control unit 2 is, as has already been explained, for example in the form of a set-top box and comprises one (or more) transmitting and receiving part (s) 12 for mobile radio signals, the transmitting and receiving part 12 in particular re is designed such that DECT, GSM, UMTS and / or Bluetooth signals can be sent and received. Furthermore, the control device 2 has one or more interfaces for communication by means of signals distributed via satellite, cable or terrestrial. These interfaces can be constructed bidirectionally. In the simplest case, it is a receiving part 14 in the form of a TV tuner and TV demodulator in order to be able to receive digital and / or analog television signals from a corresponding television station 23 . Additionally or alternatively, the control device 2 can also have a playback or playback device for video signals recorded on an optical disc or a DVD, which are also to be reproduced with restricted access. The control unit 2 also has an optional telephone interface 17 for a fixed telephone network, in particular an ISDN fixed telephone network. Central component of the control unit 2 is also a data processing part 13 in the form of a processor with a corresponding memory, which is coupled to the transmitting or receiving parts 12 and 14 and the telephone interface 17 such that a data exchange is possible. The transmitting and receiving part 12 can, as shown in Fig. 2, are in the housing of the Steuerge device 2 or else be provided separately. In addition, the transmitting and receiving part 12 forms with the other elements of the control unit 2 a functional unit which covers the function of a DECT, GSM, UMTS or Bluetooth home base station. The control unit 2 also has a decryption unit 15 which is controlled by the data processing unit 13 and which decrypts the data received from the control unit 2 in accordance with a specific key and thus performs the function of a discriminator and / or decriptor. The data decrypted in this way by the control unit 2 after an access authorization has been supplied to the output device 1 via an output interface 16 , which functions as a decoder and a graphics interface, to be output there via the display unit 19 or the loudspeakers 18 will.

The access-restricted system shown in FIG. 2 also includes a mobile part or cell phone 3 already explained with reference to FIG. 1 with a keyboard 5 or a unit with a similar function (e.g. a touch screen or a speech recognition module) with a Power supply (not shown), an optional display unit 7 , an optional loudspeaker and an optional microphone 6 , a data processing unit 8 in the form of a processor with a memory, a transmitting and receiving part for DECT, GSM, UMTS and / or Bluetooth -Mobile radio and a SIM card interface 10 for receiving a SIM card 11 . Furthermore, the mobile part 3 can optionally have a biosensor (BS) 25 . The handset 3 can fulfill the functionality of a cell phone by itself if it includes the above-described speaker and the microphone 6 .

While the components of a handset 3 are housed in a separate housing from the control unit 2 , the output device 1 and the control unit 2 can be housed in one and the same housing.

The use of the system shown in Figure 2 is as follows:
First of all, the user can receive 3 signals from the control unit 2 with the help of the mobile part, which signals are transmitted via a cellular connection established between the transmitting and receiving parts 12 and 9 . These mobile radio signals can contain data, for example audio information (such as a television sound, announcements, etc.), alarm messages (e.g. clinchers), information to be displayed on the display 7 of the handset 3 , in the data processing unit 8 of the mobile part 3 algorithms to be executed, operating status information or information to be stored in the handset for later use. Conversely, the handset 3 can send data to the control device 2 via the mobile radio connection, the results of the algorithms executed, audio signals recorded via the microphone of the handset 3 , keyboard inputs, switch positions, memory contents, operating status data or data of the aforementioned biosensor 25 can include.

In particular, the data sent from the handset 3 to the control device 2 include the user data read from the SIM card interface 10 of the SIM card 11 , which are used in mobile radio systems, such as, for. B. GSM and UMTS systems can be used to identify the user. This user data is thus transmitted and evaluated by the transmitting and receiving unit 9 of the mobile part 3 as identification information to the transmitting and receiving part 12 of the control unit 2 . Based on the evaluation of the information from the SIM card, the control device can now determine whether the handset 3 or its user is authorized to access or not. It is therefore impossible to influence the restricted system from the outside.

If the control unit 2 has determined that the user of the handset 3 has access authorization, decryption of the television signals received via the reception part 14 is made possible, and the decrypted data are output on the TV-capable screen 19 of the display device 1 . The user can, for example, with the help of the mobile part 3 control the television 1 by transmitting appropriate control signals, so that the handset 3 works like a remote control.

Furthermore, it is possible for the user of the handset 3 , after recognizing an access authorization by the control device 2 via the telephone interface 17 with the aid of his handset or mobile telephone 3 , to conduct a conventional telephone conversation via the fixed network connected to the telephone interface 17 .

The embodiment shown in FIG. 2 of an access restricted system according to the invention is generally suitable for all applications in which certain data, services, goods or information have restricted access, ie are made available depending on an access authorization of a user. In the present description, reference is only made to the use of digital / analog television signals as data provided as an example.

The present invention can be used particularly advantageously in connection with pay-per-use services, such as, for. B. for pay TV services apply. In such pay-per-use services, it can be provided, for example, that the control unit 2 after determining an access authorization of the user of the mobile part 3 via a telephone connection, ie via the telephone interface 17 and a corresponding communication network 20 , at the provider 21 of the respective Service requests a key for decrypting the data provided by the service provider 21 . The service provider 21 also transmits the key over the previously specified telephone connection, so that the control unit 2 is then able, after receiving the key, to decode the analog or digital television signals of the corresponding service provider, for example received from a television station 22 , and on the display 19 of the output device 1 .

Alternatively or additionally, it can also be provided that the control device 2 establishes a connection after determining an access authorization of the user of the mobile part 3 via the transmitting and receiving part 12 to a telephone network operator, ideally to a mobile radio base station 23 of a corresponding mobile radio network, and the service-specific data transmitted to it. The procedure corresponds essentially to the procedure described above, but with the difference that the mobile network operator takes over the accounting for the service provided as a service for the service provider 21 . The verification of the access authorization can be carried out by a corresponding verification provider 24 , which is connected to the control device via any communication network 20 (fixed network or cellular network). The verification provider advantageously speaks to the mobile radio network operator, ie the mobile network operator can, as a verification provider 24, alternatively to the control device 2, for example by starting a so-called remote process on the handset 3, query and evaluate the user information of the SIM card 11 and thus determine an access authorization. After establishing an access authorization, the mobile radio network operator then transmits the key, for example the one previously stored by the service provider 21 , to the control unit 2 , so that the control unit 2 can then activate the service provided by the service provider 21 . This procedure is particularly advantageous because, in this case, the mobile network operator can include the charges for the use of the service provided by the service provider 21 in the telephone bill and thus the fee for the use of the service as a service for the Service provider 21 can move from the user. Alternatively, the mobile network operator can also use the user data online, such as. B. the duration of use of the service to the service provider 21 transmit.

Instead of a TV set 1 shown in FIG. 2, a personal computer with Internet access can also be used as an access-restricted device, for example. In this case, the control device 2 can, after determining access authorization by evaluating the user information of the SIM card 11 , activate certain internet content via the installed internet browser or the user data of the SIM card 11 for the fee calculation as a form of the access data transmit to the internet provider online. Furthermore, the present invention can be used in the car or at ATMs. Furthermore, access and access controls could be carried out using the method according to the invention in daily life, such as B. for age control in bars, locking systems or the like, take place. The user is identified in each case by evaluating the user data which is in any case necessary for the use of the handset 3 and which is present in particular on the SIM card 11 already described above. Since the identification algorithms in mobile telephones will continue to improve, for example by fingerprint checking, greater reliability can be achieved in the future than by checking an identity card or the like.

The use of the so-called Bluetooth technology for data transmission between the control unit 2 and the handset 3 is particularly advantageous. This is a possible new standard for high-rate data transmission for short ranges, which offers expanded options, since the relevant end devices can automatically connect to one another and exchange the required information with one another. In addition, other data transmission methods, such as. B. an infrared data transmission between the control unit 2 and the handset 3 conceivable.

According to the present invention, it is proposed as Zu handle control for an access restricted system without towards the use of a handset or mobile phone existing user data as identification information evaluate and depending on the access authorization of the Judge user. By using this procedure can significantly simplify access control be achieved since it is now in contrast to the beginning written state of the art is no longer required, a separate memory card with IDs for each service provider to use certification information. Particularly advantageous is related to the application of the present invention with pay-per-use services, whereby when coupling the present Invention with a display unit, for example a TV capable screen, for example also spontaneous contract conclusions with the respective service provider are possible.  

Reference list

1

TV

2nd

Control unit

3rd

Mobile phone

4th

ISDN telephone connection

5

Mobile phone keypad

6

Speaker and microphone unit of the mobile phone

7

Mobile phone display

8th

Data processing unit of the mobile phone

9

Transmitting and receiving part of the mobile phone

10th

Card interface of the mobile phone

11

SIM card

12th

Transmitting and receiving part of the control unit

13

Data processing unit of the control unit

14

TV receiver part of the control unit

15

Decryption unit of the control unit

16

Control unit output interface

17th

Telephone interface of the control unit

18th

TV speakers

19th

TV screen

20th

Communication network

21

Service provider

22

Television station

23

Cellular network

24th

Verification provider

25th

Biosensor

Claims (31)

1. procedure for controlling access to an access-restricted system,
the access-restricted system can only be used by a user if there is access authorization, comprising the steps

• a) that are transmitted from a handset used by the user (3) retrieving identification information of a Benut decomp and are derived from user information which is already available to permit use of the mobile part (3) by the user;
• b) evaluating the identification information queried in step a) to determine whether the user has access authorization for the restricted system, and
• c) enabling use of the access-restricted system by the user identifying himself via the identification information of the handset ( 3 ) if the result of the check carried out in step b) is positive.

2. The method according to claim 1, characterized in that the identification information is derived from user information, which are stored on a provided for use of the handset designed as a mobile phone ( 3 ) be user-specific memory card ( 11 ). 3. The method according to claim 1 or 2, characterized in that data is transmitted from the restricted system to the mobile part ( 3 ), which are processed there and via a loudspeaker ( 6 ) audio data to be played back, via a display ( 7 ) text data to be displayed include in the mobile part (3) to be stored usage data in the mobile part (3) control data to be executed and / or operating condition data. 4. The method according to any one of the preceding claims, characterized in that from the handset ( 3 ) in addition to the identification information in addition via a microphone ( 6 ) of the handset ( 3 ) recorded audio data, a user input corresponding input data, stored in the handset ( 3 ) Data, operating status data, data from a biosensor and / or control data obtained as a result of an algorithm running on the handset ( 3 ) are transmitted to the restricted system and processed there. 5. The method according to any one of the preceding claims, characterized in that after determining an access authorization of the user for the access-restricted system via the handset ( 3 ), the access-restricted system is remotely controlled by transmission of corresponding control data. 6. The method according to any one of the preceding claims, characterized in that the user can selectively order goods offered or services offered via the access-restricted system after determining the user's access authorization by the user se from a provider ( 21 ). 7. The method according to claim 6, characterized in that money transactions with the provider ( 21 ) can be carried out via the access-limited system after determining egg ner access authorization of the user by the user. 8. The method according to claim 6, characterized in that from the access-restricted system after determining ei ner access authorization of the user, the data provided by a service provider ( 21 , 22 ) or information provided selectively for the user. 9. The method according to claim 8, characterized in that the restricted system comprises a television device ( 1 ), wherein the use of the television device is released depending on the presence of an access authorization of the user. 10. The method according to claim 9, characterized in that in the presence of an access authorization of the user, the television signals made available by a television program provider ( 21 , 22 ) with the aid of a key provided by the television program provider decodes and via the television device ( 1 ) be made available to the user selectively. 11. The method according to any one of the preceding claims, characterized in that the user information of the user from a verification provider ( 24 ) is queried and checked in order to determine the access authorization of the user. 12. The method according to claim 10 and 11, characterized in that the user information of the user is queried and checked by a telephone network operator ( 23 , 24 ) and when an access authorization is determined, the use of the television program provider ( 21 , 22 ) is provided Service by the user for the calculation of charges by the telephone network operator ( 23 , 24 ) is detected. 13. The method according to any one of claims 1-10, characterized in that the user information of the user from the Steuerge advises ( 2 ) and checked in order to determine the user's access authorization. 14. The method according to any one of claims 1-10, characterized in that the user information of the user from the mobile phone ( 1 ) itself is checked in order to determine the user's access authorization. 15. The method according to any one of the preceding claims, characterized in that the access-restricted system has a landline telephone connection ( 4 , 17 ), wherein after determining a user's access authorization, the making of a telephone call via a corresponding landline telephone network is designed using a mobile telephone Handset ( 3 ) it is possible. 16. The method according to any one of the preceding claims, characterized in that the access-restricted system has a computer with Internet access, depending on the presence of an access authorization for the user through the identification information of the handset ( 3 ) identifying certain Internet content be selectively released for use by the user. 17. The method according to any one of claims 1-5, characterized in that the access-restricted system is used in a motor vehicle, certain functions of the motor vehicle being released for the user when an access authorization is ascertained for the user of the handset ( 3 ). 18. The method according to any one of claims 1-5,  characterized, that the restricted system turns an ATM around summarizes, if there is access authorization for the User the use of the ATM for the user is released. 19. The method according to any one of the preceding claims, characterized in that the data transmission between the handset ( 3 ) and the restricted system according to the Bluetooth technology, it follows. 20. Access restricted system,
with an access-restricted device ( 1 ), of which we can at least use a certain function only by an access-authorized user, and
with a control device ( 2 ) which, depending on the identification information of the user, judges whether the user is authorized to use the restricted device ( 1 ) and only in this case enables the user to use the restricted device, characterized in that
that the restricted system comprises a handset ( 3 ), and
that the control device (2) comprises transmitting and receiving means (12) to (3) Identification Informa of the handset functions to query, which are derived from user information, which (3) by the user is already available to permit use of the handset. 21. System according to claim 20, characterized in that the handset ( 3 ) has a memory card ( 11 ) on which the user information is stored. 22. System according to claim 20 or 21, characterized in that the mobile part ( 3 ) and the transmitting and receiving means ( 12 ) of the control device ( 2 ) are designed such that an information transmission between the control device ( 2 ) and the mobile part ( 3rd ) takes place according to the Bluetooth technology. 23. The system of restricted access device (1) controls according to any one of claims 20-22, characterized in that the control device (2) wetting by detecting a to handle authorization of the user and enabling the Benut by the Be user-access-limited apparatus in accordance with control data which are transmitted from the handset ( 3 ) to the control unit ( 2 ). 24. System according to any one of claims 20-23, characterized in that
that the restricted device ( 1 ) has output means ( 18 , 19 ), and
that the control device ( 2 ) has receiving means ( 14 ) for receiving data from a service provider ( 21 , 22 ), the control device ( 2 ) being designed in such a way that after determining an access authorization for the person identified via the handset ( 3 ) User outputs the data provided by the service provider ( 21 , 22 ) via the output means ( 18 , 19 ) and thus makes it available to the user. 25. System according to claim 24, characterized in
that the receiving means ( 14 ) of the control device ( 2 ) are designed such that they can receive television signals, and
that the output means of the access-restricted device ( 1 ) comprise a television-capable screen ( 19 ), the control device ( 2 ) after determining an access authorization of the user who identifies himself via the handset ( 3 ), the television signals received by the receiving means ( 14 ) Provides users on the television screen ( 19 ). 26. System according to claim 25, characterized in that the control device ( 2 ) with the designed as a television set access restricted device ( 1 ) is housed in one and the same housing. 27. System according to claim 25 or 26, characterized in that
that the receiving means ( 14 ) of the control device ( 2 ) receive encrypted television signals from a television program provider ( 21 , 22 ), and
that the control device ( 2 ) after determining access to the user identifi cation on the handset ( 3 ) decoding the received television signals with the aid of a suitable key and on the television-capable screen ( 19 ). 28. System according to one of claims 20-27, characterized in that the control device ( 2 ) has a telephone interface ( 17 ), the control device ( 2 ) after determining an access authorization for the user identifying himself via the handset ( 3 ) the telephone interface (17) is released, so that the user with the aid of as Mo biltelefon configured handset (3) via a fonschnittstelle to the Tele (17) connected fixed telephone network (20) can make a phone call. 29. System according to one of claims 20-23, characterized in that the access-restricted device ( 1 ) has a computer with an Internet connection, the control device ( 2 ) being designed such that it depends on the assessment of the access authorization of the user via the mobile part ( 3 ) identifying user selectively controls the playback of certain Internet content on the computer. 30. System according to any one of claims 20-23, characterized in that the access-restricted device ( 1 ) is an automated teller machine, the control device ( 2 ) using the automated teller machine only after determining the access authorization of the person using the handset ( 3 ) User shares with the user. 31. System according to any one of claims 20-30, characterized in that the mobile part ( 3 ) comprises a biosensor ( 25 ) in order to transmit data acquired by the biosensor ( 25 ) to the control device ( 2 ).