WO2004055744A1 - Communication between an operator device, a seller module and a customer module - Google Patents

Communication between an operator device, a seller module and a customer module Download PDF

Info

Publication number
WO2004055744A1
WO2004055744A1 PCT/EP2003/014254 EP0314254W WO2004055744A1 WO 2004055744 A1 WO2004055744 A1 WO 2004055744A1 EP 0314254 W EP0314254 W EP 0314254W WO 2004055744 A1 WO2004055744 A1 WO 2004055744A1
Authority
WO
WIPO (PCT)
Prior art keywords
module
customer
provider
provider module
operating device
Prior art date
Application number
PCT/EP2003/014254
Other languages
German (de)
French (fr)
Inventor
Daniel Ciesinger
Original Assignee
Giesecke & Devrient Gmbh
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Family has litigation
First worldwide family litigation filed litigation Critical https://patents.darts-ip.com/?family=32336379&utm_source=google_patent&utm_medium=platform_link&utm_campaign=public_patent_search&patent=WO2004055744(A1) "Global patent litigation dataset” by Darts-ip is licensed under a Creative Commons Attribution 4.0 International License.
Application filed by Giesecke & Devrient Gmbh filed Critical Giesecke & Devrient Gmbh
Priority to AU2003296651A priority Critical patent/AU2003296651A1/en
Publication of WO2004055744A1 publication Critical patent/WO2004055744A1/en

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/0866Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means by active credit-cards adapted therefor
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/36Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes
    • G06Q20/363Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes with the personal data of a user
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/409Device specific authentication in transaction processing
    • G06Q20/4097Device specific authentication in transaction processing using mutual authentication between devices and transaction partners
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/12Card verification
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority

Definitions

  • the invention relates generally to the field of electronic communication and in particular to the field of secure handling of data in transactions between a provider and a customer.
  • the invention further relates to the use of at least one portable data carrier, e.g. a smart card in this context.
  • the object of the invention is to provide a technology for communication between an operating device, a provider module and a customer module which, on the one hand, offers great flexibility for a large number of possible applications and, on the other hand, offers good protection against unauthorized use.
  • the invention should also be able to be implemented inexpensively.
  • this object is achieved in whole or in part by a method having the features of claim 1, a provider module according to claim 8, a customer module according to claim 10 and a computer program product according to claim 11.
  • the dependent claims define preferred embodiments of the invention.
  • the invention is based on the basic idea of using the provider module on the one hand to mediate a data exchange between the operating device and the customer module and on the other hand for authentication to the customer module.
  • This measure creates a system in which the customer module can only check the authorization of the querying body before issuing confidential information.
  • the system structure according to the invention makes it possible to use customer and provider modules which are based on a client-server communication model with requests and responses. Such modules are available in a variety of configurations.
  • provider module and "customer module” denotes the role of the users of these modules in typical applications.
  • the provider module is assigned to a provider of goods, services or intangible services, for example a dealer, a pharmacist, a doctor, an issuing agency for bonus points and so on.
  • the customer module is owned by the customer.
  • these typical roles are only to be understood as examples and not as a restriction of the scope of protection. Rather, all modules that can request authentication should rather be regarded as customer modules in the sense of the present invention, and all modules that are able to authenticate themselves as provider modules.
  • the invention is particularly flexible because it separates the security-critical authentication method from the actual application - for example, the submission of prescriptions or the administration of bonus points.
  • the application can be developed with significantly less effort and with significantly greater freedom than with previously known systems.
  • the invention enables the interaction between the provider module, for example a dealer card, and the customer module to be implemented via a local or global network, for example the Internet, without media break.
  • the system according to the invention can in principle also be used as a system for cashless payment or as a wallet system - similar to the already mentioned Mondex system or the money card known in Germany.
  • the customer module is designed as a portable data carrier
  • the provider module can also be a portable data carrier in preferred embodiments.
  • portable data carriers are, in particular, chip cards with their own intelligence (smart cards) that are the size of credit cards or in compact designs, such as Mobile phone SIMs can be configured.
  • the portable data carrier can also be a non-card-shaped assembly, e.g. a USB dongle.
  • the provider module is a program executed on a secure server that simulates the function of a physical provider module and is therefore referred to as a "virtual provider module".
  • the communication between the operating device and the provider module and / or between the provider module and the customer module takes place via at least one Internet protocol.
  • Internet protocols are TCP / IP (Transmission Control Protocol / Internet Protocol), UDP / IP (User Datagram Protocol / Internet Protocol), IPSec (IP Security Protocol), TLS (Transport Layer Security), SSL (Secure Sockets Layer ), HTTP (Hypertext Transfer Protocol) and S-HTTP (Secure HTTP).
  • the provider module can be authenticated to the customer module by means of HTTP digest authentication or by means of SSL client authentication.
  • the protocols mentioned are well known per se and are described in detail in the corresponding RFC standards and other documents. The protocols as such are not the subject of the present invention.
  • an authentication of the customer module to the provider module is preferably also provided.
  • the data transmission takes place between the
  • Provider module and the customer module in a secure, e.g. encrypted, form can be used for a plurality of communication processes between the provider module and the customer module without repeated authentication.
  • authentication of one or both communication partners and / or encryption of the transmitted messages can also take place in the communication between the operating device and the provider module.
  • the computer program product according to the invention has program commands in order to implement or execute the method according to the invention in a data carrier.
  • a computer program product can be a physical medium for example a semiconductor memory or a floppy disk or a CD-ROM.
  • the computer program product can also be a non-physical medium, for example a signal transmitted over a computer network.
  • the computer pro computer program product can be a data carrier operating system or a part thereof or a program provided for execution by the data carrier.
  • the provider module, the customer module and the computer program product have features which correspond to the features mentioned above and / or to the features mentioned in the dependent method claims.
  • Fig. 1 is a block diagram with components of an embodiment of the invention.
  • FIG. 2 shows an exemplary flow chart of a communication process.
  • the operating device 10 is a personal computer (PC) with input means, such as a keyboard and a mouse, and output means, such as a screen.
  • the operating device 10 executes an Internet browser, such as the browser known by the Internet Explorer brand. In Fig. 1, this browser is symbolic by a on the screen of the operating device 10 shown browser window 18.
  • the operating device 10 can also be designed differently, for example as a compact device with a display and a keypad.
  • the provider module 12 and the customer module 14 are each designed as a portable data carrier.
  • each of these data carriers is a chip card which, in a manner known per se, has a semiconductor chip with a processor core, a plurality of memory fields designed in different technologies and an interface for wired or wireless communication.
  • the data carriers are each connected to the network 16 via an interface device 20, 22.
  • the interface devices 20, 22 are shown as external devices.
  • alternative embodiments provide for integrating the interface device 20 and / or the interface device 22 into the operating device 10.
  • the provider module 12 can be permanently or removably installed in the operating device 10, while the customer module 14 can generally be easily inserted into the interface device 22 and removed again.
  • both the provider module 12 and the customer module 14 are designed as an Internet smart card, that is to say as a chip card in which an Internet protocol stack is implemented.
  • the Internet protocol stack includes, for example, the Internet protocols TCP / IP for the transport and network layer and HTTP for the application layer, a security layer using SSL being placed on the transport layer.
  • TCP / IP Internet protocols
  • HTTP HyperText Transfer Protocol
  • SSL Secure Sockets Layer
  • other or additional protocols can also be used, in particular for security and authentication purposes.
  • the network 16 is a local TCP / IP network, which can either be separated from the outside world or can be connected to the Internet via suitable protective devices. In particular, in configurations in which one or both interface devices 20, 22 are or are integrated in the operating device 10, the network 16 can only make one or two point-to-point connections between the operating device 10 and the provider module 12 and / or between the provider module 12 and de customer module 14.
  • the browser can, for example, by entering the IP address in the
  • the provider module 12 Access the browser's address list directly to the provider module 12.
  • the provider module 12 then presents a website that allows the selection of various transactions and the entry of the network parameters of the customer module.
  • the network parameters of the customer module 14 are set, then a transaction is selected, whereupon the provider module 12 establishes a network connection to the customer module 14, authenticates itself and transmits the instructions and parameters required for the transaction into the customer module.
  • the customer module 14 then transmits the requested data to the provider module 12, which processes the data received and transmits a suitable success message to the browser.
  • the browser running on the operating device 10 is configured such that it uses the provider module 12 as a proxy for the communication with the customer module 14.
  • an address of the provider module 12 is entered in a configuration field of the browser provided for setting up proxies. Name conflicts cannot occur in a local network 16.
  • the browser then routes all actually directed to the customer module 14 Requirements for the provider module 12.
  • the provider module 12 is also configured such that it can access the customer module 14 via the local network 16 and works as a proxy for the customer module 14.
  • the address of the customer module 14 (e.g. http: // ambience.loca!) Is entered in the address bar of the browser running on the operating device 10.
  • the browser then sends a request to the provider module 12 serving as a proxy. If the request does not include access to specially protected data, the provider module 12 can easily forward it to the customer module 14.
  • the customer module 14 works as an Internet server and responds to the incoming HTTP request with a suitable HTTP response.
  • the response may include an HTML document that defines selection fields for several operations offered by customer module 14.
  • the answer is passed on to the operating device 10 via the provider module 12.
  • There the browser displays the HTML document from the customer module 14 on the screen.
  • a section of the HTML document is visible, which contains the operation "output recipe" offered by the customer module 14 as the only selection field.
  • FIG. 2 shows an example flow that is executed when this request concerns confidential data. This is for example wise in the operation "issue prescription" of a patient card, because the stored prescription should only be made accessible to authorized persons - eg pharmacists.
  • the request generated when the "Issue recipe" operation is selected is marked as security-critical, for example in that it does not specify "http:” but "https:” as the protocol.
  • Step 30 in FIG. 2 relates to the transmission of this request from the operating device 10 to the provider module 12.
  • the provider module 12 analyzes the incoming request and determines that authentication with the customer module 14 is required, because otherwise the customer module 14 would not answer the request. The provider module 12 then carries out the authentication. In the present exemplary embodiment, this is done in the communication steps 32 and 34, which are only shown schematically in FIG. 2, in that the provider module 12 establishes a secure SSL connection with the customer module 14. The provider module 12 forms the client and the customer module 14 forms the server.
  • the client In connection with the establishment of the SSL connection, in addition to authenticating the server with the client and agreeing on a session key for the further, encrypted communication, the client is also authenticated with the server, which is known as SSL Client Authentication.
  • SSL Client Authentication For example, a challenge-response method known per se can be used for this authentication.
  • the client receives data from the server - the so-called challenge - that the client processes in a cryptographic operation using a private key of the client.
  • the client sends the result to the server, which then uses the complementary, public the client's public key checks whether the client actually has the correct private key.
  • the keys of the provider modules 12 used in the SSL authentication are issued by trustworthy organizations - so-called trust centers.
  • the trust centers are also entered in the customer module 14 as trustworthy.
  • PKI Public Key Infrastructure
  • Such a key management known as Public Key Infrastructure (PKI) is particularly necessary if a group of dealers or service providers is to be given access to customer modules 14.
  • the provider module 12. Forwards the request to the customer module 14 in step 36.
  • the customer module 14 processes the request and generates the desired answer in step 38.
  • This can be, for example, an HTTP response with the recipe stored in the customer module 14 in the form of an HTML document.
  • the answer is sent in step 40 from the customer module 14 to the provider module 12 ; transmitted and forwarded in step 42 from the provider module 12 to the operating device 10.
  • There the HTML document contained in the answer is displayed in step 44 by the browser in the browser window 18. Further communication steps can now follow, each of which has a request directed from the operating device 10 via the provider module 12 to the customer module 14 and a response directed from the customer module 14 via the provider module 12 to the operating device 10.
  • a renewed authentication is generally not necessary, especially not if - as in the present exemplary embodiment - a secure data transmission path has been established between the provider module 12 and the customer module 14 in the course of the first authentication.
  • alternative embodiments are also provided in which the method shown in FIG. 2, including the authentication, is repeated for each request-response pair.
  • the provider module 12 is set up to monitor the requests arriving from the operating device 10 and to initiate the authentication in steps 32 and 34 before forwarding the first security-critical request.
  • the provider module 12 initially forwards all incoming requests to the customer module 14 and the authentication process only begins in response to an error message or another authentication request from the customer module 14.
  • design variants are conceivable in which the provider module 12 always authenticates itself with the customer module 14 - possibly in connection with the establishment of a secure data transmission channel - before it begins to act as a proxy for the transmission of messages between the operating device 10 and the customer module 14 ,
  • versions are particularly useful for online retailers in which the customer module 14 is accessed by means of a browser and this then initiates communication with the provider module 12.
  • the provider module 12 is designed as a virtual provider module.
  • the secure server over the network 16 - either locally or over a virtual private network (VPN) or via 'a secure data transmission channel in the Internet - to reach.
  • the virtual provider module which is provided by the secured server, then communicates with the operating device 10 and the customer module 14, just as in the sequence shown in FIG. 2, and carries out the required authentication with respect to the customer module 14.
  • the secured server provides a plurality of virtual provider modules - for a single provider or for several providers.

Abstract

The invention relates to a method for carrying out communication between an operator device (10), a seller module (12) and a customer module (14), which is designed as a portable data carrier, via a network (16). According to the invention: a request is transmitted (30) from the control unit (10) to the seller module (12); the seller module (12) authenticates (32, 34) itself to the customer module (14); the request is forwarded (36) from the seller module (12) to the customer module (14); a reply to the request is transmitted (40) from the customer module (14) to the seller module (12), and the reply is forwarded (42) from the seller module (12) to the operator device (10). A seller module (12), a customer module (14) and a computer program product have corresponding features. The invention provides a technique for carrying out communication between the operator device (10), the seller module (12) and the customer module (14) that offers a high degree of flexibility for a multitude of possible applications and a good level of protection against unauthorized use.

Description

Kommunikation zwischen einem Bediengerät, einem Anbietermodul und einem Kundenmodul Communication between an operator panel, a provider module and a customer module
Die Erfindung betrifft allgemein das Gebiet der elektronischen Kommunika- tion und insbesondere das Gebiet des gesicherten Umgangs mit Daten bei Transaktionen zwischen einem Anbieter und einem Kunden. Ferner betrifft die Erfindung den Einsatz mindestens eines tragbaren Datenträgers, z.B. einer Chipkarte (smart card), in diesem Zusammenhang.The invention relates generally to the field of electronic communication and in particular to the field of secure handling of data in transactions between a provider and a customer. The invention further relates to the use of at least one portable data carrier, e.g. a smart card in this context.
In der internationalen Offenlegungsschrift WO 97/02548 AI ist ein Bezahl- System offenbart, das auch unter der Marke Mondex bekanntgeworden ist. Bei diesem System kommunizieren ein Kundenmodul und ein in einem Bediengerät befindliches Anbietermodul über ein proprietäres Protokoll miteinander, um eine virtuelle Zahlung vom Kundenmodul zum Anbieter- modul zu übermitteln. Dieses System erfordert jedoch spezielle Hard- und Software und ist auf das Gebiet des bargeldlosen Zahlungsverkehrs beschränkt.In the international publication WO 97/02548 AI a payment system is disclosed, which has also become known under the Mondex brand. In this system, a customer module and a provider module located in an operating device communicate with one another via a proprietary protocol in order to transmit a virtual payment from the customer module to the provider module. However, this system requires special hardware and software and is limited to the field of cashless payments.
In dem Bericht "Webcard: A Java Card Web Server" von Jim Rees und Peter Honeyman, herausgegeben vom Center for Information TechnologyIn the report "Webcard: A Java Card Web Server" by Jim Rees and Peter Honeyman, published by the Center for Information Technology
Integration, University of Michigan, Ann Arbor, USA, CITI Technical Report 99-3, ist eine Chipkarte beschrieben, die als Webserver progrε-mmiert ist und die wesentliche Funktionen der Internet-Protokolle TCP/IP und HTTP auszuführen vermag. Eine konkrete Anwendung dieser Technik ist nicht offenbart.Integration, University of Michigan, Ann Arbor, USA, CITI Technical Report 99-3, describes a chip card that is programmed as a web server and can perform the essential functions of the Internet protocols TCP / IP and HTTP. A concrete application of this technique is not disclosed.
Der Artikel "Aus der Chipkarte wird eine Patientenakte mit allen relevanten Angaben" in der Zeitschrift Forum -Arzt in Nordbaden-, herausgegeben von der Kassenärztlichen Vereinigung Nordbaden, Ausgabe 1/2002, Seite 25, be- schreibt Pläne zur Einführung elektronischer Rezepte. Die Verordnungen des Arztes werden auf einer Chipkarte des Patienten gespeichert und in der Apotheke ausgelesen. Bei einer solchen Nutzung von Chipkarten ist es erforderlich, die persönlichen Daten des Patienten - insbesondere alle Informationen, die den Gesundheitszustand des Patienten betreffen - höchst vertraulich zu behandeln. So soll beispielsweise sichergestellt werden, daß die auf der Chipkarte gespeicherten Verordnungen nur von autorisierten Personen gelesen werden können.The article "From the chip card becomes a patient file with all relevant information" in the journal Forum -Arzt in Nordbaden-, published by the Kassenärztliche Vereinigung Nordbaden, edition 1/2002, page 25, describes plans for the introduction of electronic prescriptions. The prescriptions of the doctor are stored on a chip card of the patient and in the Read out pharmacy. When using smart cards in this way, it is necessary to treat the patient's personal data - in particular all information relating to the patient's state of health - with the utmost confidentiality. This is to ensure, for example, that the regulations stored on the chip card can only be read by authorized persons.
Die Erfindung hat die Aufgabe, eine Technik zur Kommunikation zwischen einem Bediengerät, einem Anbietermodul und einem Kundenmodul bereit- zustellen, die einerseits eine hohe Flexibilität für eine Vielzahl möglicher Anwendungen und andererseits eine gute Absicherung gegen unbefugte Benutzung bietet. In bevorzugten Ausgestaltungen soll die Erfindung ferner kostengünstig realisierbar sein.The object of the invention is to provide a technology for communication between an operating device, a provider module and a customer module which, on the one hand, offers great flexibility for a large number of possible applications and, on the other hand, offers good protection against unauthorized use. In preferred configurations, the invention should also be able to be implemented inexpensively.
Erfindungsgemäß wird diese Aufgabe ganz oder zum Teil gelöst durch ein Verfahren mit den Merkmalen von Anspruch 1, ein Anbietermodul gemäß Anspruch 8, ein Kundenmodul gemäß Anspruch 10 und ein Computerprogrammprodukt gemäß Anspruch 11. Die abhängigen Ansprüche definieren bevorzugte Ausgestaltungen der Erfindung.According to the invention, this object is achieved in whole or in part by a method having the features of claim 1, a provider module according to claim 8, a customer module according to claim 10 and a computer program product according to claim 11. The dependent claims define preferred embodiments of the invention.
Die Aufzählungsreihenfolge der Schritte in den Verfahrensansprüchen soll nicht als Einschränkung des Schutzbereichs verstanden werden. Es sind vielmehr Ausgestaltungen der Erfindung vorgesehen, bei denen diese Ver- fahrensschritte in anderer Reihenfolge oder ganz oder teilweise parallel oder ganz oder teilweise ineinander verzahnt (interleaved) ausgeführt werden. Dies betrifft insbesondere die Schritte der gegenseitigen Authentisierung des Anbietermoduls mit dem Kundenmodul und des Weiterleitens der von dem Anbietermodul empfangenen Anforderung an das Kundenmodul. Während in manchen Ausgestaltungen der Erfindung diese Schritte in der gerade ge- nannten Reihenfolge ausgeführt werden, ist in anderen Ausgestaltungen vorgesehen, die von dem Anbietermodul empfangene Anforderung zunächst an das Kundenmodul weiterzuleiten und erst dann - gegebenenfalls in Reaktion auf eine entsprechende Aufforderung des Kundenmoduls - die Authentisierung durchführen.The enumeration order of the steps in the procedural claims should not be understood as a restriction of the scope. Rather, embodiments of the invention are provided in which these process steps are carried out in a different order or in whole or in part in parallel or in whole or in part interleaved. This relates in particular to the steps of mutual authentication of the provider module with the customer module and forwarding the request received from the provider module to the customer module. While in some embodiments of the invention, these steps in the currently specified sequence are carried out, in other configurations it is provided that the request received by the provider module is first forwarded to the customer module and only then - if necessary in response to a corresponding request from the customer module - carry out the authentication.
Die Erfindung geht von der Grundidee aus, das Anbietermodul einerseits zur Vermittlung eines Datenaustausche zwischen dem Bediengerät und dem Kundenmodul und andererseits zur Authentisierung gegenüber dem Kun- denmodul einzusetzen. Durch diese Maßnahme wird ein System geschaffen, bei dem das Kundenmodul vor der Ausgabe vertraulicher Informationen erst die Berechtigung der abfragenden Stelle überprüfen kann. Ferner ermöglicht es die erfindungsgemäße Systemstruktur, Kunden- und Anbietermodule einzusetzen, die von einem Client-Server-Komrnunikationsmodell mit Anforderungen (requests) und Antworten (responses) ausgehen. Solche Module sind in vielfältigen Ausgestaltungen verfügbar.The invention is based on the basic idea of using the provider module on the one hand to mediate a data exchange between the operating device and the customer module and on the other hand for authentication to the customer module. This measure creates a system in which the customer module can only check the authorization of the querying body before issuing confidential information. Furthermore, the system structure according to the invention makes it possible to use customer and provider modules which are based on a client-server communication model with requests and responses. Such modules are available in a variety of configurations.
Die im vorliegenden Dokument verwendete Wortwahl "Anbietermodul" und "Kundenmodul" bezeichnet die Rolle der Nutzer dieser Module in typischen Anwendungen. In der Regel ist das Anbietermodul einem Anbieter von Gütern, Dienstleistungen oder immateriellen Leistungen zugeordnet, beispielsweise einem Händler, einem Apotheker, einem Arzt, einer Ausgabestelle für Bonuspunkte und so weiter. Das Kundenmodul ist dagegen im Besitz des Nachfragenden. Diese typischen Rollen sind jedoch nur als Beispiele und nicht als Einschränkung des Schutzbereichs zu verstehen. Es sollen vielmehr vorzugsweise alle Module, die eine Authentisierung anfordern können, als Kundenmodule im Sinne der vorliegenden Erfindung angesehen werden, und alle Module, die sich zu authentisieren vermögen, als Anbietermodule. Die Erfindung ist besonders flexibel, weil sie das sicherheitskritische Authentisierungsverfahren von der eigentlichen Anwendung - z.B. der Rezeptabgabe oder der Verwaltung von Bonuspunkten - trennt. Dadurch kann die Anwendung mit deutlich geringerem Aufwand und mit deutlich größeren Freiheiten als bei bisher bekannten Systemen entwickelt werden. Ferner ermöglicht es die Erfindung, die Interaktion zwischen dem Anbietermodul, z.B. einer Händlerkarte, und dem Kundenmodul über ein lokales oder globales Netzwerk, z.B. das Internet, ohne Medienbruch zu realisieren. Neben den bereits geschilderten Anwendungsmöglichkeiten kann das erfindungsgemäße System prinzipiell auch als System zum bargeldlosen Bezahlen oder als Geldbörsensystem - ähnlich wie das bereits genannte Mondex-System oder die in Deutschland bekannte GeldKarte - eingesetzt werden.The wording used in this document "provider module" and "customer module" denotes the role of the users of these modules in typical applications. As a rule, the provider module is assigned to a provider of goods, services or intangible services, for example a dealer, a pharmacist, a doctor, an issuing agency for bonus points and so on. The customer module, on the other hand, is owned by the customer. However, these typical roles are only to be understood as examples and not as a restriction of the scope of protection. Rather, all modules that can request authentication should rather be regarded as customer modules in the sense of the present invention, and all modules that are able to authenticate themselves as provider modules. The invention is particularly flexible because it separates the security-critical authentication method from the actual application - for example, the submission of prescriptions or the administration of bonus points. As a result, the application can be developed with significantly less effort and with significantly greater freedom than with previously known systems. Furthermore, the invention enables the interaction between the provider module, for example a dealer card, and the customer module to be implemented via a local or global network, for example the Internet, without media break. In addition to the application possibilities already described, the system according to the invention can in principle also be used as a system for cashless payment or as a wallet system - similar to the already mentioned Mondex system or the money card known in Germany.
Erfindungsgemäß ist das Kundenmodul als tragbarer Datenträger ausgestaltet, und auch das Anbietermodul kann in bevorzugten Ausführungsformen ein tragbarer Datenträger sein. Beispiele für tragbare Datenträger sind insbesondere Chipkarten mit eigener Intelligenz (smart cards), die in Kreditkartengröße oder in kompakten Bauformen, wie z.B. Mobiltelefon- SIMs, ausgestaltet sein können. Der tragbare Datenträger kann jedoch auch eine nicht-kartenförmige Baugruppe, wie z.B. ein USB-Dongle, sein. In weiteren Ausführungsvarianten ist das Anbietermodul ein auf einem sicheren Server ausgeführtes Programm, das die Funktion eines physischen Anbietermoduls simuliert und daher als "virtuelles Anbietermodul" bezeichnet wird.According to the invention, the customer module is designed as a portable data carrier, and the provider module can also be a portable data carrier in preferred embodiments. Examples of portable data carriers are, in particular, chip cards with their own intelligence (smart cards) that are the size of credit cards or in compact designs, such as Mobile phone SIMs can be configured. However, the portable data carrier can also be a non-card-shaped assembly, e.g. a USB dongle. In further embodiment variants, the provider module is a program executed on a secure server that simulates the function of a physical provider module and is therefore referred to as a "virtual provider module".
In bevorzugten Ausgestaltungen erfolgt die Kommunikation zwischen dem Bediengerät und dem Anbietermodul und/ oder zwischen dem Anbietermodul und dem Kundenmodul über mindestens ein Internet-Protokoll. Bei- spiele für solche Internet-Protokolle sind TCP/IP (Transmission Control Protocol / Internet Protocol), UDP/IP (User Datagram Protocol / Internet Protocol), IPSec (IP Security Protocol), TLS (Transport Layer Security), SSL (Secure Sockets Layer), HTTP (Hypertext Transfer Protocol) und S-HTTP (Secure HTTP). Die Authentisierung des Anbietermoduls gegenüber dem Kundenmodul kann in manchen Ausführungsformen der Erfindung mittels HTTP Digest Authentication oder mittels SSL Client Authentication erfolgen. Die genannten Protokolle sind an sich gut bekannt und in den entsprechenden RFC-Normen bzw. anderen Dokumenten im Detail beschrieben. Die Protokolle als solche sind nicht Gegenstand der vorliegenden Erfindung.In preferred configurations, the communication between the operating device and the provider module and / or between the provider module and the customer module takes place via at least one Internet protocol. examples Games for such Internet protocols are TCP / IP (Transmission Control Protocol / Internet Protocol), UDP / IP (User Datagram Protocol / Internet Protocol), IPSec (IP Security Protocol), TLS (Transport Layer Security), SSL (Secure Sockets Layer ), HTTP (Hypertext Transfer Protocol) and S-HTTP (Secure HTTP). In some embodiments of the invention, the provider module can be authenticated to the customer module by means of HTTP digest authentication or by means of SSL client authentication. The protocols mentioned are well known per se and are described in detail in the corresponding RFC standards and other documents. The protocols as such are not the subject of the present invention.
Vorzugsweise ist neben der Authentisierung des Anbietermoduls gegenüber dem Kundenmodul auch eine Authentisierung des Kundenmoduls gegenüber dem Anbietermodul vorgesehen. In weiteren bevorzugten Ausgestaltungen erfolgt die Datenübertragung zwischen demIn addition to the authentication of the provider module to the customer module, an authentication of the customer module to the provider module is preferably also provided. In further preferred configurations, the data transmission takes place between the
Anbietermodul und dem Kundenmodul in gesicherter, z.B. verschlüsselter, Form. Insbesondere kann ein einmal aufgebauter gesicherter Datenübertragungsweg ohne nochmalige Authentisierung für eine Mehrzahl von Kommunikationsvorgängen zwischen dem Anbietermodul und dem Kundenmodul verwendet werden. Auch bei der Kommunikation zwischen dem Bediengerät und dem Anbietermodul kann in manchen Ausgestaltungen der Erfindung eine Authentisierung eines oder beider Kommunikationspartner und/ oder eine Verschlüsselung der übertragenen Nachrichten erfolgen.Provider module and the customer module in a secure, e.g. encrypted, form. In particular, a secure data transmission path, once set up, can be used for a plurality of communication processes between the provider module and the customer module without repeated authentication. In some embodiments of the invention, authentication of one or both communication partners and / or encryption of the transmitted messages can also take place in the communication between the operating device and the provider module.
Das erfindungsgemäße Computerprogrammprodukt weist Programmbefehle auf, um das erfindungsgemäße Verfahren in einem Datenträger zu implementieren bzw. auszuführen. Ein derartiges Computerprogrammprodukt kann ein körperliches Medium sein, beispielsweise ein Halbleiterspeicher oder eine Diskette oder eine CD-ROM. Das Computerprogrammprodukt kann jedoch auch ein nicht-körperliches Medium sein, beispielsweise ein über ein Computernetzwerk übermitteltes Signal. Insbesondere kann das ComputerproComputerprogrammprodukt ein Datenträger-Betriebssystem oder ein Teil davon oder ein zur Ausführung durch den Datenträger vorgesehenes Programm sein.The computer program product according to the invention has program commands in order to implement or execute the method according to the invention in a data carrier. Such a computer program product can be a physical medium for example a semiconductor memory or a floppy disk or a CD-ROM. However, the computer program product can also be a non-physical medium, for example a signal transmitted over a computer network. In particular, the computer pro computer program product can be a data carrier operating system or a part thereof or a program provided for execution by the data carrier.
Das Anbietermodul, das Kundenmodul und das Computerprogrammprodukt weisen in bevorzugten Weiterbildungen Merkmale auf, die den oben erwähnten und/ oder den in den abhängigen Verfahrensansprüchen genannten Merkmalen entsprechen.In preferred developments, the provider module, the customer module and the computer program product have features which correspond to the features mentioned above and / or to the features mentioned in the dependent method claims.
Weitere Merkmale, Aufgaben und Vorteile der Erfindung ergeben sich aus der folgenden Beschreibung eines Ausführungsbeispiels der Erfindung und mehrerer Ausführungsalternativen. Es wird auf die schematischen Zeichnungen verwiesen, in denen zeigen:Further features, objects and advantages of the invention result from the following description of an embodiment of the invention and several alternative embodiments. Reference is made to the schematic drawings, in which:
Fig. 1 ein Blockdiagramm mit Komponenten eines Ausführungsbeispiels der Erfindung, undFig. 1 is a block diagram with components of an embodiment of the invention, and
Fig. 2 ein beispielhaftes Ablaufdiagramm eines Kommunikationsvorgangs.2 shows an exemplary flow chart of a communication process.
In Fig. 1 sind ein Bediengerät 10, ein Anbietermodul 12 und ein Kundenmodul 14 gezeigt, die an ein Netzwerk 16 angeschlossen sind. Das Bediengerät 10 ist in dem gezeigten Ausführungsbeispiel ein persönlicher Computer (PC) mit Eingabemitteln, wie z.B. einer Tastatur und einer Maus, und Ausgabemitteln, wie z.B. einem Bildschirm. Das Bediengerät 10 führt einen Internet- Browser, wie z.B. den unter der Marke Internet Explorer bekannten Browser, aus. In Fig. 1 ist dieser Browser symbolisch durch ein auf dem Bildschirm des Bediengeräts 10 angezeigtes Browserfenster 18 dargestellt. In Ausführungsalternativen kann das Bediengerät 10 auch anders ausgestaltet sein, z.B. als kompaktes Gerät mit einer Anzeige und einem Tastenfeld.1 shows an operating device 10, a provider module 12 and a customer module 14 which are connected to a network 16. In the exemplary embodiment shown, the operating device 10 is a personal computer (PC) with input means, such as a keyboard and a mouse, and output means, such as a screen. The operating device 10 executes an Internet browser, such as the browser known by the Internet Explorer brand. In Fig. 1, this browser is symbolic by a on the screen of the operating device 10 shown browser window 18. In alternative embodiments, the operating device 10 can also be designed differently, for example as a compact device with a display and a keypad.
Das Anbietermodul 12 und das Kundenmodul 14 sind als je ein tragbarer Datenträger ausgebildet. Im vorliegenden Ausführungsbeispiel ist jeder dieser Datenträger eine Chipkarte, die in an sich bekannter Weise einen Halbleiterchip mit einem Prozessorkern, mehreren in unterschiedlichen Technologien ausgestalteten Speicherfeldern und einer Schnittstelle zur drahtgebundenen oder drahtlosen Kommunikation aufweist. Die Datenträger sind über je ein Schnittstellengerät 20, 22 an das Netzwerk 16 angeschlossen. In Fig. 1 sind die Schnittstellengeräte 20, 22 als externe Geräte gezeigt. In Ausführungsalternativen ist dagegen vorgesehen, das Schnittstellengerät 20 und/ oder das Schnittstellengerät 22 in das Bediengerät 10 zu integrieren. Das Anbietermodul 12 kann fest oder herausnehmbar in das Bediengerät 10 eingebaut sein, während das Kundenmodul 14 in der Regel leicht in das Schnittstellengerät 22 eingeführt und wieder entnommen werden kann.The provider module 12 and the customer module 14 are each designed as a portable data carrier. In the present exemplary embodiment, each of these data carriers is a chip card which, in a manner known per se, has a semiconductor chip with a processor core, a plurality of memory fields designed in different technologies and an interface for wired or wireless communication. The data carriers are each connected to the network 16 via an interface device 20, 22. In Fig. 1, the interface devices 20, 22 are shown as external devices. In contrast, alternative embodiments provide for integrating the interface device 20 and / or the interface device 22 into the operating device 10. The provider module 12 can be permanently or removably installed in the operating device 10, while the customer module 14 can generally be easily inserted into the interface device 22 and removed again.
Im vorliegenden Ausführungsbeispiel ist sowohl das Anbietermodul 12 als auch das Kundenmodul 14 als Internet-Smartcard ausgebildet, also als Chipkarte, in welcher ein Internet-Protokollstapel implementiert ist. Der Internet- Protokollstapel umfaßt beispielsweise die Internet-Protokolle TCP/IP für die Transport- und Netzwerkschicht und HTTP für die Anwendungsschicht, wobei auf die Transportschicht eine Sicherungsschicht, die SSL verwendet, aufgesetzt ist. Es können jedoch auch andere oder zusätzliche Protokolle, insbesondere für Sicherungs- und Authentisierungszwecke, eingesetzt werden. Das Netzwerk 16 ist ein lokales TCP/IP-Netzwerk, das entweder von der Außenwelt getrennt oder - über geeignete Schutzvorrichtungen - mit dem Internet verbunden sein kann. Insbesondere in Ausgestaltungen, bei denen eines oder beide Schnittstellengeräte 20, 22 in das Bediengerät 10 integriert ist bzw. sind, kann das Netzwerk 16 lediglich eine oder zwei Punkt-zuPunkt-Verbindungen zwischen dem Bediengerät 10 und dem Anbietermodul 12 und/ oder zwischen dem Anbietermodul 12 und de Kundenmodul 14 aufweisen.In the present exemplary embodiment, both the provider module 12 and the customer module 14 are designed as an Internet smart card, that is to say as a chip card in which an Internet protocol stack is implemented. The Internet protocol stack includes, for example, the Internet protocols TCP / IP for the transport and network layer and HTTP for the application layer, a security layer using SSL being placed on the transport layer. However, other or additional protocols can also be used, in particular for security and authentication purposes. The network 16 is a local TCP / IP network, which can either be separated from the outside world or can be connected to the Internet via suitable protective devices. In particular, in configurations in which one or both interface devices 20, 22 are or are integrated in the operating device 10, the network 16 can only make one or two point-to-point connections between the operating device 10 and the provider module 12 and / or between the provider module 12 and de customer module 14.
Der Browser kann beispielsweise durch Eingabe der IP- Adresse in derThe browser can, for example, by entering the IP address in the
Adressenliste des Browsers direkt auf das Anbietermodul 12 zugreifen. Das Anbietermodul 12 präsentiert dann eine Webseite, die die Auswahl verschiedener Transaktionen und die Eingabe der Netzwerkparameter des Kundenmoduls gestatten. In einem ersten, ggf. einmaligen Schritt werden die Netzwerkparameter der Kundenmoduls 14 eingestellt, dann wird eine Transaktion ausgewählt, woraufhin das Anbietermodul 12 eine Netzwerkverbindung zum Kundenmodul 14 herstellt, sich authentisiert und den für die Transaktion erforderlichen Anweisungen samt Parametern in das Kundenmodul übermittelt. Daraufhin übermittelt das Kundenmodul 14 die angeforderten Daten an das Anbietermodul 12, welches die erhaltenen Daten verarbeitet und eine geeignete Erfolgsmeldung an den Browser übermittelt.Access the browser's address list directly to the provider module 12. The provider module 12 then presents a website that allows the selection of various transactions and the entry of the network parameters of the customer module. In a first, possibly one-off step, the network parameters of the customer module 14 are set, then a transaction is selected, whereupon the provider module 12 establishes a network connection to the customer module 14, authenticates itself and transmits the instructions and parameters required for the transaction into the customer module. The customer module 14 then transmits the requested data to the provider module 12, which processes the data received and transmits a suitable success message to the browser.
Alternativ wird zum Betrieb der auf dem Bediengerät 10 laufende Browser so konfiguriert, daß er das Anbietermodul 12 als Proxy für die Kommunikation mit dem Kundenmodul 14 verwendet. Dazu wird eine Adresse des Anbietermoduls 12 in ein zur Einrichtung von Proxies vorgesehenes Konfigurationsfeld des Browsers eingetragen. Namenskonflikte können bei einem lokalen Netzwerk 16 nicht auftreten. Der Browser leitet dann alle eigentlich an das Kundenmodul 14 gerichteten Anforderungen an das Anbietermodul 12. Auch das Anbietermodul 12 wird so konfiguriert, daß es über das lokale Netzwerk 16 auf das Kundenmodul 14 zuzugreifen vermag und als Proxy gegenüber dem Kundenmodul 14 arbeitet.Alternatively, for operation, the browser running on the operating device 10 is configured such that it uses the provider module 12 as a proxy for the communication with the customer module 14. For this purpose, an address of the provider module 12 is entered in a configuration field of the browser provided for setting up proxies. Name conflicts cannot occur in a local network 16. The browser then routes all actually directed to the customer module 14 Requirements for the provider module 12. The provider module 12 is also configured such that it can access the customer module 14 via the local network 16 and works as a proxy for the customer module 14.
Um das Kundenmodul 14 anzusprechen, wird die Adresse des Kundenmoduls 14 (z.B. http://kunde.loca!) in die Adressleiste des auf dem Bediengerät 10 laufenden Browsers eingegeben. Der Browser sendet daraufhin eine Anforderung (request) an das als Proxy dienende Anbietermodul 12. Wenn die Anforderung keinen Zugriff auf besonders geschützte Daten beinhaltet, kann sie ohne weiteres vom Anbietermodul 12 an das Kundenmodul 14 weitergeleitet werden.In order to address the customer module 14, the address of the customer module 14 (e.g. http: //kunde.loca!) Is entered in the address bar of the browser running on the operating device 10. The browser then sends a request to the provider module 12 serving as a proxy. If the request does not include access to specially protected data, the provider module 12 can easily forward it to the customer module 14.
Das Kundenmodul 14 arbeitet als Internet-Server und reagiert auf die ein- gehende HTTP- Anforderung mit einer geeigneten HTTP- Antwort (response). Beispielsweise kann die Antwort ein HTML-Dokument enthalten, das Auswahlfelder für mehrere von dem Kundenmodul 14 angebotene Operationen definiert. Die Antwort wird über das Anbietermodul 12 an das Bediengerät 10 geleitet. Dort zeigt der Browser das vom Kundenmodul 14 stammende HTML-Dokument am Bildschirm an. In dem in Fig. 1 dargestellten Browserfenster 18 ist ein Ausschnitt des HTML- Dokuments sichtbar, der als einziges Auswahlfeld die vom Kundenmodul 14 angebotene Operation "Rezept ausgeben" enthält.The customer module 14 works as an Internet server and responds to the incoming HTTP request with a suitable HTTP response. For example, the response may include an HTML document that defines selection fields for several operations offered by customer module 14. The answer is passed on to the operating device 10 via the provider module 12. There the browser displays the HTML document from the customer module 14 on the screen. In the browser window 18 shown in FIG. 1, a section of the HTML document is visible, which contains the operation "output recipe" offered by the customer module 14 as the only selection field.
In Reaktion auf jede Auswahl einer Operation - z.B. durch Anklicken des entsprechenden Auswahlfeldes i Browserfenster 18 - generiert der Browser eine neue Anforderung, die das Bediengerät 10 an das Anbietermodul 12 sendet. Fig. 2 zeigt einen beispielhaften Ablauf, der ausgeführt wird, wenn diese Anforderung vertrauliche Daten betrifft. Dies ist beispiels- weise bei der Operation "Rezept ausgeben" einer Patientenkarte der Fall, weil das gespeicherte Rezept nur berechtigten Personen - z.B. Apothekern - zugänglich gemacht werden soll. Die bei Auswahl der Operation "Rezept ausgeben" erzeugte Anforderung ist als sicherheitskritisch gekennzeichnet, z.B. dadurch, daß in ihr als Protokoll nicht "http:", sondern "https:" angegeben ist. Schritt 30 in Fig. 2 betrifft das Übertragen dieser Anforderung vom Bediengerät 10 an das Anbietermodul 12.In response to each selection of an operation - for example by clicking on the corresponding selection field i browser window 18 - the browser generates a new request, which the operating device 10 sends to the provider module 12. FIG. 2 shows an example flow that is executed when this request concerns confidential data. This is for example wise in the operation "issue prescription" of a patient card, because the stored prescription should only be made accessible to authorized persons - eg pharmacists. The request generated when the "Issue recipe" operation is selected is marked as security-critical, for example in that it does not specify "http:" but "https:" as the protocol. Step 30 in FIG. 2 relates to the transmission of this request from the operating device 10 to the provider module 12.
Das Anbietermodul 12 analysiert die eingehende Anforderung und stellt fest, daß eine Authentisierung beim Kundenmodul 14 erforderlich ist, weil sonst das Kundenmodul 14 die Anforderung nicht beantworten würde. Das Anbietermodul 12 führt darauihin die Authentisierung durch. Dies geschieht im vorliegenden Ausführungsbeispiel in den in Figr2 nur schematisch gezeigten Kommunikationsschritten 32 und 34, indem das Anbietermodul 12 eine gesicherte SSL- Verbindung mit dem Kundenmodul 14 aufbaut. Das Anbietermodul 12 bildet dabei den Client, und das Kundenmodul 14 bildet den Server.The provider module 12 analyzes the incoming request and determines that authentication with the customer module 14 is required, because otherwise the customer module 14 would not answer the request. The provider module 12 then carries out the authentication. In the present exemplary embodiment, this is done in the communication steps 32 and 34, which are only shown schematically in FIG. 2, in that the provider module 12 establishes a secure SSL connection with the customer module 14. The provider module 12 forms the client and the customer module 14 forms the server.
Im Zusammenhang mit dem Aufbau der SSL- Verbindung wird - neben einer Authentisierung des Servers beim Client und neben der Vereinbarung eines Sitzungsschlüssels für die weitere, verschlüsselt ablaufende Kommunikation - auch eine Authentisierung des Client beim Server durchgeführt, die als SSL Client Authentication bekannt ist. Für diese Authentisierung kann z.B. ein an sich bekanntes Challenge-Response- Verfahren eingesetzt werden. Hierbei erhält der Client vom Server Daten - den sogenannten Challenge - die der Client in einer kryptographischen Operation unter Verwendung eines privaten Schlüssels des Client verarbeitet. Das Ergebnis sendet der Client an den Server, der daraufhin unter Verwendung des komplementären, öf- fentlichen Schlüssels des Client überprüft, ob der Client tatsächlich in Besitz des korrekten privaten Schlüssels ist.In connection with the establishment of the SSL connection, in addition to authenticating the server with the client and agreeing on a session key for the further, encrypted communication, the client is also authenticated with the server, which is known as SSL Client Authentication. For example, a challenge-response method known per se can be used for this authentication. Here, the client receives data from the server - the so-called challenge - that the client processes in a cryptographic operation using a private key of the client. The client sends the result to the server, which then uses the complementary, public the client's public key checks whether the client actually has the correct private key.
Die bei der SSL- Authentisierung verwendeten Schlüssel der Anbietermodule 12 werden von vertrauenswürdigen Organisationen - sogenannten Trustcentern - ausgestellt. Die Trustcenter sind auch im Kundenmodul 14 als vertrauenswürdig eingetragen. Eine solche unter der Bezeichnung Public Key Infrastructure (PKI) bekannte Schlüsselverwaltung ist insbesondere dann erforderlich, wenn einer Gruppe von Händlern oder Dienstleistungsanbietern Zugriff auf Kundenmodule 14 ermöglicht werden soll.The keys of the provider modules 12 used in the SSL authentication are issued by trustworthy organizations - so-called trust centers. The trust centers are also entered in the customer module 14 as trustworthy. Such a key management known as Public Key Infrastructure (PKI) is particularly necessary if a group of dealers or service providers is to be given access to customer modules 14.
In Ausführungsalternativen sind andere Authentisierungsverf ahren vorgesehen, z.B. die an sich bekannte HTTP Digest Authentication. Allgemein sollen diese Verfahren sicherstellen, daß keine unberechtigte Person ein funktionierendes Anbietermodul 12 herstellen kann. Eine Authentisierung des Servers beim Client und der Aufbau eines verschlüsselten Kommunikationsweges sind nur für manche Anwendungen erforderlich, so daß in Ausführungsalternativen auf eines dieser Merkmale oder auf beide verzichtet werden kann.Other authentication methods are provided in alternative embodiments, e.g. the well-known HTTP Digest Authentication. In general, these methods are intended to ensure that no unauthorized person can manufacture a functioning provider module 12. Authentication of the server at the client and the establishment of an encrypted communication path are only required for some applications, so that one of these features or both can be dispensed with in alternative embodiments.
Nachdem die Authentisierung erfolgreich abgeschlossen ist, leitet das Anbietermodul 12. in Schritt 36 die Anfrage an das Kundenmodul 14 weiter. Das Kundenmodul 14 bearbeitet die Anfrage und erzeugt in Schritt 38 die gewünschte Antwort. Dies kann z.B. eine HTTP- Antwort mit dem im Kunden- modul 14 gespeicherten Rezept in Form eines HTML-Dokuments sein. Die Antwort wird in Schritt 40 vom Kundenmodul 14 an das Anbietermodul 12 ; übertragen und in Schritt 42 vom Anbietermodul 12 an das Bediengerät 10 weitergeleitet. Dort wird das in der Antwort enthaltene HTML-Dokument in Schritt 44 vom Browser im Browserfenster 18 angezeigt. Es können sich nun weitere Kommunikationsschritte anschließen, die jeweils eine vom Bediengerät 10 über das Anbietermodul 12 zum Kundenmodul 14 geleitete Anforderung und eine vom Kundenmodul 14 über das Anbieter- modul 12 zum Bediengerät 10 geleitete Antwort aufweisen. Eine nochmalige Authentisierung ist in der Regel nicht erforderlich, insbesondere dann nicht, wenn - wie im vorliegenden Ausführungsbeispiel - im Zuge der ersten Authentisierung ein gesicherter Datenübertragungsweg zwischen dem Anbietermodul 12 und dem Kundenmodul 14 aufgebaut wurde. Es sind jedoch auch Ausführungsalternativen vorgesehen, bei denen das in Fig. 2 gezeigte Verfahren einschließlich der Authentisierung für jedes Anf orderungs- Antwort-Paar wiederholt wird.After the authentication has been successfully completed, the provider module 12. Forwards the request to the customer module 14 in step 36. The customer module 14 processes the request and generates the desired answer in step 38. This can be, for example, an HTTP response with the recipe stored in the customer module 14 in the form of an HTML document. The answer is sent in step 40 from the customer module 14 to the provider module 12 ; transmitted and forwarded in step 42 from the provider module 12 to the operating device 10. There the HTML document contained in the answer is displayed in step 44 by the browser in the browser window 18. Further communication steps can now follow, each of which has a request directed from the operating device 10 via the provider module 12 to the customer module 14 and a response directed from the customer module 14 via the provider module 12 to the operating device 10. A renewed authentication is generally not necessary, especially not if - as in the present exemplary embodiment - a secure data transmission path has been established between the provider module 12 and the customer module 14 in the course of the first authentication. However, alternative embodiments are also provided in which the method shown in FIG. 2, including the authentication, is repeated for each request-response pair.
Im hier beschriebenen Ausführungsbeispiel ist das Anbietermodul 12 dazu eingerichtet, die vom Bediengerät 10 eingehenden Anforderungen zu überwachen und vor dem Weiterleiten der ersten sicherheitskritischen Anforderung die Authentisierung in den Schritten 32 und 34 anzustoßen. Es sind auch Ausführungsalternativen vorgesehen, in denen das Anbietermodul 12 zunächst alle eingehenden Anforderungen an das Kundenmodul 14 weiter- leitet und den Authentisierungsvorgang erst in Reaktion auf eine Fehlermeldung oder eine sonstige Authentisierungsaufforderung des Kundenmoduls 14 beginnt. Ferner sind Ausführungsvarianten denkbar, in denen das Anbietermodul 12 sich stets beim Kundenmodul 14 authentisiert - gegebenenfalls in Zusammenhang mit dem Aufbau eines gesicherten Datenübertragungs- kanals -, bevor es seine Tätigkeit als Proxy für die Vermittlung von Nachrichten zwischen dem Bediengerät 10 und dem Kundenmodul 14 beginnt. Ebenso sind insbesondere für Online-Händler Ausführungen sinnvoll, bei denen mittels Browser auf das Kundenmodul 14 zugegriffen wird und dieses daraufhin eine Kommunikation mit dem Anbietermodul 12 initiiert.In the exemplary embodiment described here, the provider module 12 is set up to monitor the requests arriving from the operating device 10 and to initiate the authentication in steps 32 and 34 before forwarding the first security-critical request. There are also alternative designs in which the provider module 12 initially forwards all incoming requests to the customer module 14 and the authentication process only begins in response to an error message or another authentication request from the customer module 14. Furthermore, design variants are conceivable in which the provider module 12 always authenticates itself with the customer module 14 - possibly in connection with the establishment of a secure data transmission channel - before it begins to act as a proxy for the transmission of messages between the operating device 10 and the customer module 14 , Likewise, versions are particularly useful for online retailers in which the customer module 14 is accessed by means of a browser and this then initiates communication with the provider module 12.
In einer alternativen Ausgestaltung des in Fig. 1 gezeigten Systems ist das Anbietermodul 12 als virtuelles Anbietermodul ausgestaltet. Dies heißt, daß die Funktionen des Anbietermoduls 12 von einem Programm simuliert werden, das von einem gesicherten, in den Figuren nicht gezeigten Server ausgeführt wird. Der gesicherte Server ist über das Netzwerk 16 - entweder lokal oder über ein virtuell-privates Netz (VPN) oder über' einen gesicherten Datenübertragungskanal im Internet - erreichbar. Das virtuelle Anbietermodul, das von dem gesicherten Server bereitgestellt wird, kommuniziert dann ebenso wie in dem in Fig. 2 gezeigten Ablauf mit dem Bediengerät 10 und dem Kundenmodul 14 und führt die erforderliche Authentisierung gegenüber dem Kundenmodul 14 durch. Es kann insbesondere vorgesehen sein, daß der gesicherte Server eine Mehrzahl von virtuellen Anbietermodulen - für einen einzigen oder für mehrere Anbieter - bereitstellt. In an alternative embodiment of the system shown in FIG. 1, the provider module 12 is designed as a virtual provider module. This means that the functions of the provider module 12 are simulated by a program that is executed by a secure server, not shown in the figures. The secure server over the network 16 - either locally or over a virtual private network (VPN) or via 'a secure data transmission channel in the Internet - to reach. The virtual provider module, which is provided by the secured server, then communicates with the operating device 10 and the customer module 14, just as in the sequence shown in FIG. 2, and carries out the required authentication with respect to the customer module 14. In particular, it can be provided that the secured server provides a plurality of virtual provider modules - for a single provider or for several providers.

Claims

P a t e n t a n s p r ü c h e Patent claims
1. Verfahren zur Kommunikation zwischen einem Bediengerät (10), einem Anbietermodul (12) und einem als tragbarer Datenträger ausgestalteten Kundenmodul (14) über ein Netzwerk (16), mit den1. A method for communication between an operating device (10), a provider module (12) and a customer module (14) configured as a portable data carrier via a network (16) with which
Schritten:steps:
Übertragen (30) einer Anforderung von dem Bediengerät (10) zu dem Anbietermodul (12),Transmitting (30) a request from the operating device (10) to the provider module (12),
Authentisierung (32, 34) des Anbietermoduls (12) gegenüber dem Kundenmodul (14),Authentication (32, 34) of the provider module (12) to the customer module (14),
Weiterleiten (36) der Anforderung von dem Anbietermodul (12) an das Kundenmodul (14),Forwarding (36) the request from the provider module (12) to the customer module (14),
Übertragen (40) einer Antwort auf die Anforderung von demTransmitting (40) a response to the request from the
Kundenmodul (14) zu dem Anbietermodul (12), und - Weiterleiten (42) der Antwort von dem Anbietermodul (12) an dasCustomer module (14) to the provider module (12), and - forwarding (42) the response from the provider module (12) to the
Bediengerät (10).Control unit (10).
2. Verfahren nach Anspruch 1, dadurch gekennzeichnet, daß das Anbietermodul (12) weitere von dem Bediengerät (10) stammende Anfragen an das Kundenmodul (14) weiterleitet und weitere von dem Kundenmodul (14) stc-mmende Antworten an das Bediengerät (10) weiterleitet.2. The method according to claim 1, characterized in that the provider module (12) forwards further requests originating from the operating device (10) to the customer module (14) and further answers from the customer module (14) stc-mmende to the operating device (10) forwards.
3. Verfahren nach Anspruch 1 oder Anspruch 2, dadurch gekenn- zeichnet, daß neben der Authentisierung (32, 34) des Anbietermoduls (12) gegenüber dem Kundenmodul (14) auch eine Authentisierung des Kundenmoduls (14) gegenüber dem Anbietermodul (12) und/ oder der Aufbau eines gesicherten Datenübertragungsweges zwischen dem Anbietermodul (12) und dem Kundenmodul (14) erfolgt.3. The method according to claim 1 or claim 2, characterized in that in addition to the authentication (32, 34) of the provider module (12) to the customer module (14) and an authentication of the customer module (14) to the provider module (12) and / or building a secured Data transmission path between the provider module (12) and the customer module (14).
4. Verfahren nach einem der Ansprüche 1 bis 3, dadurch gekenn- zeichnet, daß das Anbietermodul (12) und das Kundenmodul (14) über ein Internet-Protokoll, insbesondere mindestens eines der Protokolle TCP/IP, UDP/IP, IPSec, TLS, SSL, HTTP und S-HTTP, miteinander kommunizieren.4. The method according to any one of claims 1 to 3, characterized in that the provider module (12) and the customer module (14) via an Internet protocol, in particular at least one of the protocols TCP / IP, UDP / IP, IPSec, TLS , SSL, HTTP and S-HTTP, communicate with each other.
5. Verfahren nach Anspruch 4, dadurch gekennzeichnet, daß die5. The method according to claim 4, characterized in that the
Authentisierung (32, 34) des Anbietermoduls (12) gegenüber dem Kundenmodul (14) mittels HTTP Digest Authentication oder mittels SSL Client Authentication erfolgt.The provider module (12) is authenticated (32, 34) with respect to the customer module (14) by means of HTTP digest authentication or by means of SSL client authentication.
6. Verfahren nach einem der Ansprüche 1 bis 5, dadurch gekennzeichnet, daß das Bediengerät (10) und das Anbietermodul (12) über ein Internet-Protokoll, insbesondere mindestens eines der Protokolle TCP/IP, UDP/IP, IPSec, TLS, SSL, HTTP und S-HTTP, miteinander kommunizieren.6. The method according to any one of claims 1 to 5, characterized in that the operating device (10) and the provider module (12) via an Internet protocol, in particular at least one of the protocols TCP / IP, UDP / IP, IPSec, TLS, SSL , HTTP and S-HTTP, communicate with each other.
7. Verfahren nach einem der Ansprüche 1 bis 6, dadurch gekennzeichnet, daß das Anbietermodul (12) als tragbarer Datenträger oder als virtuelles Anbietermodul ausgestaltet ist.7. The method according to any one of claims 1 to 6, characterized in that the provider module (12) is designed as a portable data carrier or as a virtual provider module.
8. Verfahren nach einem der Ansprüche 1 bis 7, dadurch gekennzeichnet, daß zunächst das Bediengerät (10) eine Anforderung an das Kundenmodul (14) schickt und diese d-iraufhin die Kommunikation mit dem Anbietermodul (12) beginnt. 8. The method according to any one of claims 1 to 7, characterized in that the operating device (10) first sends a request to the customer module (14) and this d-iraufhin begins communication with the provider module (12).
9. Anbietermodul (12), insbesondere in Form eines tragbaren Datenträgers, das dazu eingerichtet ist, mit einem externen Bediengerät (10) und einem externen Kundenmodul (14) über ein Netzwerk (16) zu kommunizieren, wobei das Anbietermodul (12) einen Da- tenaustausch zwischen dem Bediengerät (10) und dem Kundenmodul (14) vermittelt und zusätzlich dazu eingerichtet ist, sich gegenüber dem Kundenmodul (14) zu authentisieren.9. provider module (12), in particular in the form of a portable data carrier, which is set up to communicate with an external operating device (10) and an external customer module (14) via a network (16), the provider module (12) having a da - Exchange of information between the operating device (10) and the customer module (14) is arranged and is additionally set up to authenticate itself to the customer module (14).
10. Anbietermodul (12) nach Anspruch 9, dadurch gekennzeichnet, daß das Anbietermodul (12) dazu vorgesehen ist, in einem Verfahren nach einem der Ansprüche 1 bis 7 eingesetzt zu werden.10. provider module (12) according to claim 9, characterized in that the provider module (12) is intended to be used in a method according to any one of claims 1 to 7.
11. Kundenmodul (14), das in Form eines tragbaren Datenträgers ausgestaltet ist und das dazu vorgesehen ist, in einem Verfahren nach einem der Ansprüche 1 bis 8 eingesetzt zu werden.11. Customer module (14) which is designed in the form of a portable data carrier and which is intended to be used in a method according to one of claims 1 to 8.
12. Computerprogrammprodukt, das Programmbefehle aufweist, um einen tragbaren Datenträger als Anbietermodul (12) gemäß Anspruch 9 oder 10 oder als Kundenmodul (14) gemäß Anspruch 11 zu konfigurieren. 12. A computer program product that has program commands to configure a portable data carrier as a provider module (12) according to claim 9 or 10 or as a customer module (14) according to claim 11.
PCT/EP2003/014254 2002-12-16 2003-12-15 Communication between an operator device, a seller module and a customer module WO2004055744A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2003296651A AU2003296651A1 (en) 2002-12-16 2003-12-15 Communication between an operator device, a seller module and a customer module

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE10258769.8A DE10258769C5 (en) 2002-12-16 2002-12-16 Communication between an operator panel, a vendor module and a customer module
DE10258769.8 2002-12-16

Publications (1)

Publication Number Publication Date
WO2004055744A1 true WO2004055744A1 (en) 2004-07-01

Family

ID=32336379

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2003/014254 WO2004055744A1 (en) 2002-12-16 2003-12-15 Communication between an operator device, a seller module and a customer module

Country Status (3)

Country Link
AU (1) AU2003296651A1 (en)
DE (1) DE10258769C5 (en)
WO (1) WO2004055744A1 (en)

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE10356512A1 (en) * 2003-12-03 2005-07-07 Siemens Ag Payment device for facilitating payment transactions in a health system uses machine-readable media for patients and service providers like medical staff
DE102006057201B4 (en) * 2006-12-05 2008-08-21 Vita-X Ag Smart card and method for use as a patient card
DE102007055653A1 (en) 2007-11-21 2009-05-28 Giesecke & Devrient Gmbh Portable disk with web server
DE102008000897B4 (en) 2008-03-31 2018-05-03 Compugroup Medical Se Communication method of an electronic health card with a reader
DE102008002588B4 (en) 2008-05-15 2010-06-02 Compugroup Holding Ag A method for generating an asymmetric cryptographic key pair and its application
DE202008013415U1 (en) 2008-10-10 2009-03-19 Compugroup Holding Ag Data processing system for providing authorization keys
DE102009001718B4 (en) 2009-03-20 2010-12-30 Compugroup Holding Ag Method for providing cryptographic key pairs
EP2348449A3 (en) 2009-12-18 2013-07-10 CompuGroup Medical AG A computer implemented method for performing cloud computing on data being stored pseudonymously in a database
EP2348447B1 (en) 2009-12-18 2014-07-16 CompuGroup Medical AG A computer implemented method for generating a set of identifiers from a private key, computer implemented method and computing device
EP2348452B1 (en) 2009-12-18 2014-07-02 CompuGroup Medical AG A computer implemented method for sending a message to a recipient user, receiving a message by a recipient user, a computer readable storage medium and a computer system
US8266435B2 (en) 2010-01-25 2012-09-11 Compugroup Holding Ag Method for generating an asymmetric cryptographic key pair and its application
EP2365456B1 (en) 2010-03-11 2016-07-20 CompuGroup Medical SE Data structure, method and system for predicting medical conditions

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2681165A1 (en) * 1991-09-05 1993-03-12 Gemplus Card Int Process for transmitting confidential information between two chip cards
WO1997022092A2 (en) * 1995-12-14 1997-06-19 Venda Security Corporation Secure personal information card and method of using the same
US5878134A (en) * 1994-10-03 1999-03-02 News Data Com Ltd. Secure access systems utilizing more than one IC card
US5979773A (en) * 1994-12-02 1999-11-09 American Card Technology, Inc. Dual smart card access control electronic data storage and retrieval system and methods
WO2000079411A2 (en) * 1999-06-21 2000-12-28 Sun Microsystems, Inc. Method and apparatus for commercial transactions via the internet
US6247644B1 (en) * 1998-04-28 2001-06-19 Axis Ab Self actuating network smart card device
US6250557B1 (en) * 1998-08-25 2001-06-26 Telefonaktiebolaget Lm Ericsson (Publ) Methods and arrangements for a smart card wallet and uses thereof
EP1111505A1 (en) * 1999-12-21 2001-06-27 Motorola, Inc. Architecture for executing applications in a data communications environment
US20020065730A1 (en) * 2000-11-30 2002-05-30 Naoaki Nii Method of and a system for distributing electronic content

Family Cites Families (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CA2199934C (en) * 1994-09-13 2007-07-10 Irmgard Rost Personal data archive system
GB9513379D0 (en) * 1995-06-30 1995-09-06 Jonhig Ltd Electronic purse system
JPH0950465A (en) 1995-08-04 1997-02-18 Hitachi Ltd Electronic shopping method, electronic shopping system and document authentication method
NL1001509C2 (en) 1995-10-26 1997-05-02 Nederland Ptt Method for canceling a transaction with an electronic payment method, as well as a payment method for applying the method.
US7036738B1 (en) * 1999-05-03 2006-05-02 Microsoft Corporation PCMCIA-compliant smart card secured memory assembly for porting user profiles and documents
US6845367B2 (en) 1999-12-23 2005-01-18 International Business Machines Corporation Process and device for internet payments by means of security modules
JP2001216400A (en) 2000-02-04 2001-08-10 Teikoku Databank Ltd Electronic business transaction system
US20010032878A1 (en) 2000-02-09 2001-10-25 Tsiounis Yiannis S. Method and system for making anonymous electronic payments on the world wide web
DE10031220C2 (en) 2000-06-27 2002-05-29 Ulrich Michael Kipper Method and device for processing a transaction in an electronic communication network
US20020029169A1 (en) 2000-09-05 2002-03-07 Katsuhiko Oki Method and system for e-transaction
DE10058249A1 (en) 2000-11-23 2002-06-13 Anthros Gmbh & Co Kg Secure electronic transmission method for transaction data uses identification data containing singular identification characters for preventing payment duplication
US7114178B2 (en) 2001-05-22 2006-09-26 Ericsson Inc. Security system

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2681165A1 (en) * 1991-09-05 1993-03-12 Gemplus Card Int Process for transmitting confidential information between two chip cards
US5878134A (en) * 1994-10-03 1999-03-02 News Data Com Ltd. Secure access systems utilizing more than one IC card
US5979773A (en) * 1994-12-02 1999-11-09 American Card Technology, Inc. Dual smart card access control electronic data storage and retrieval system and methods
WO1997022092A2 (en) * 1995-12-14 1997-06-19 Venda Security Corporation Secure personal information card and method of using the same
US6247644B1 (en) * 1998-04-28 2001-06-19 Axis Ab Self actuating network smart card device
US6250557B1 (en) * 1998-08-25 2001-06-26 Telefonaktiebolaget Lm Ericsson (Publ) Methods and arrangements for a smart card wallet and uses thereof
WO2000079411A2 (en) * 1999-06-21 2000-12-28 Sun Microsystems, Inc. Method and apparatus for commercial transactions via the internet
EP1111505A1 (en) * 1999-12-21 2001-06-27 Motorola, Inc. Architecture for executing applications in a data communications environment
US20020065730A1 (en) * 2000-11-30 2002-05-30 Naoaki Nii Method of and a system for distributing electronic content

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
BLOBEL B ET AL: "Securing interoperability between chip card based medical information systems and health networks", INTERNATIONAL JOURNAL OF MEDICAL INFORMATICS, ELSEVIER SCIENTIFIC PUBLISHERS, SHANNON, IR, VOL. 64, NR. 2-3, PAGE(S) 401-415, ISSN: 1386-5056, XP004329226 *
JEAN S ET AL: "Smart cards integration in Distributed Information Systems: the Interactive execution model", XP002273457 *
WON JAY SONG ET AL: "The internet- and digital signature-based prescription order communication system using synchronized smart cards in the 2-way type terminal", PROCEEDINGS OF THE 23RD. ANNUAL INTERNATIONAL CONFERENCE OF THE IEEE ENGINEERING IN MEDICINE AND BIOLOGY SOCIETY. 2001 CONFERENCE PROCEEDINGS. (EMBS). INSTANBUL, TURKEY, OCT. 25 - 28, 2001, ANNUAL INTERNATIONAL CONFERENCE OF THE IEEE ENGINEERING IN M, ISBN: 0-7803-7211-5, XP010593918 *

Also Published As

Publication number Publication date
DE10258769B4 (en) 2012-05-31
DE10258769C5 (en) 2017-08-17
AU2003296651A1 (en) 2004-07-09
DE10258769A1 (en) 2004-06-24

Similar Documents

Publication Publication Date Title
EP1108308B1 (en) System and method for controlling the operational sequence in network applications
DE60200093T2 (en) Secure user authentication via a communication network
EP1358533B1 (en) Method, arrangement and secure medium for authentication of a user
DE60214632T2 (en) Multidomain authorization and authentication
DE60200081T2 (en) Secure user and data authentication via a communication network
EP2856437B1 (en) Method and device for control of a lock mechanism using a mobile terminal
DE60209217T2 (en) TERMINALS COMMUNICATION SYSTEM
EP2415228B1 (en) Method for reading attributes of a token via a wireless connection
DE102011089580B3 (en) Method for reading e.g. attribute stored in passport, for electronic-commerce application, involves examining whether attribute of security assertion markup language response fulfills criterion as premiss for contribution of service
EP2769330B1 (en) Method to call a client program
DE10065667A1 (en) Community administration method and apparatus for performing services on remote systems
EP2454704A1 (en) Method for reading attributes from an id token
EP2338255A2 (en) Method, computer program product and system for authenticating a user of a telecommunications network
EP1792248A1 (en) Portable device for clearing access
DE10258769B4 (en) Communication between an operator panel, a vendor module and a customer module
EP3748521B1 (en) Method for reading attributes from an id token
EP2080147A1 (en) Method for executing an application with the aid of a portable data storage medium
DE602004012059T2 (en) Techniques for dynamically building and handling authentication and trust relationships
DE102008062984A1 (en) A process of authenticating a user with a certificate using out-of-band messaging
EP1697820B1 (en) Method for activation of an access to a computer system or to a programme
WO2009052983A1 (en) Internet-smart-card
DE10250195A1 (en) Method and arrangement for authenticating an operating unit and transmitting authentication information to the operating unit
WO2002067532A1 (en) Method for transmitting data, proxy server and data transmission system
DE102018204447A1 (en) Automated process for the protection of electronic data for the purpose of data processing by third parties, including transparent and interruption-proof remuneration
EP3502971B1 (en) Processor chip card and method for its operation

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): BW GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP

WWW Wipo information: withdrawn in national office

Country of ref document: JP