WO2010145811A1 - Method for protecting confidential data sent out with an electronic message - Google Patents

Method for protecting confidential data sent out with an electronic message Download PDF

Info

Publication number
WO2010145811A1
WO2010145811A1 PCT/EP2010/003614 EP2010003614W WO2010145811A1 WO 2010145811 A1 WO2010145811 A1 WO 2010145811A1 EP 2010003614 W EP2010003614 W EP 2010003614W WO 2010145811 A1 WO2010145811 A1 WO 2010145811A1
Authority
WO
WIPO (PCT)
Prior art keywords
attribute
message
telecommunication device
data
access
Prior art date
Application number
PCT/EP2010/003614
Other languages
French (fr)
Inventor
Katrin Jordan
Rainer Hillebrand
Original Assignee
Deutsche Telekom Ag
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Deutsche Telekom Ag filed Critical Deutsche Telekom Ag
Priority to EP10729696A priority Critical patent/EP2443800A1/en
Publication of WO2010145811A1 publication Critical patent/WO2010145811A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/606Protecting data by securing the transmission between two devices or processes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • H04L51/58Message adaptation for wireless communication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M1/00Substation equipment, e.g. for use by subscribers
    • H04M1/72Mobile telephones; Cordless telephones, i.e. devices for establishing wireless links to base stations without route selection
    • H04M1/724User interfaces specially adapted for cordless or mobile telephones
    • H04M1/72403User interfaces specially adapted for cordless or mobile telephones with means for local support of applications that increase the functionality
    • H04M1/7243User interfaces specially adapted for cordless or mobile telephones with means for local support of applications that increase the functionality with interactive means for internal management of messages
    • H04M1/72436User interfaces specially adapted for cordless or mobile telephones with means for local support of applications that increase the functionality with interactive means for internal management of messages for text messaging, e.g. short messaging services [SMS] or e-mails
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2143Clearing memory, e.g. to prevent the data from being stolen
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/101Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measures for digital rights management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload

Definitions

  • the invention relates to a method for protecting confidential data which are sent in or with an electronic short message from a first telecommunication device to a second telecommunication device.
  • the invention relates to program means for carrying out the method that are stored and are executable on each of the first and the second telecommunication device.
  • Such messages can be generated within an application, for example an e-mail application and sent from a mobile or stationary terminal to a second mobile or stationary terminal via a telecommunication network, for example a fixed line network or a mobile radio network.
  • a telecommunication network for example a fixed line network or a mobile radio network.
  • the contents of such messages are not protected, i.e. neither encrypted nor provided with access conditions which restrict the utilization of the data contents. Consequently, the author of a message loses control of its further utilization or distribution as soon as the message has left his terminal device.
  • DRM digital rights management
  • Digital Rights Management mechanisms control the access to digital media and are used especially in the distribution of film or sound recordings, software, electronic books or documents.
  • Cryptographic methods are used to control the access to digital contents.
  • the contents are unambiguously tied to a license by means of encryption. Without the valid license belonging to the digital content, a user cannot obtain access to the corresponding content.
  • a method for protecting confidential data which are sent in or with an electronic short message from a first telecommunication device to a second telecommunication device, wherein before the message is sent out, at least one attribute is appended and/or one attribute value is assigned to the message and sent together with the message to the second telecommunication device, the second telecommunication device restricting the utilization of the data to a singular access in dependence on the attribute and/or attribute value.
  • the method according to the invention is applicable to any messages, especially electronic short messages such as SMS or MMS which are sent from a first stationary or mobile telecommunication device, particularly a terminal device, to a second stationary or mobile telecommunication device.
  • the first telecommunication device can be, for example, a fixed line network telephone, a mobile telephone or a computer.
  • the second telecommunication device can be formed, for example, by a fixed line network telephone, a mobile telephone, a computer or also by a server in which a message is provided for downloading to a terminal.
  • An attribute is a feature which is represented in the form of a parameter which is attachable to the message to be sent out, wherein the parameter can be set with a corresponding value.
  • confidentiality attribute causes the second telecommunication device to restrict the utilization of the message.
  • each message sent by the first telecommunication device has a confidentiality attribute and the second telecommunication device restricts the utilization of the message only if the confidentiality attribute has a certain value which identifies the confidentiality of the message.
  • the confidential data can be, for example, text information such as address or calendar information which is contained directly in the body of the message.
  • the attribute and/or the attribute value can be allocated directly to the electronic message. This enables the message in its entirety being restricted to a singular access with regard to its utilization.
  • an entire message can be equipped with a confidentiality attribute according to the invention or a corresponding attribute value, respectively, but that attachments can also be added to this message and these attachments, as far as desired, can also be equipped with a corresponding confidentiality attribute or a corresponding attribute value.
  • Such attachments can be, for example, personal documents, digital photos or multimedia contents which are appended as a separate file to the message to be sent out. The attribute or the attribute value or a further attribute or a further attribute value is then allocated to this appended file. This enables the received message to be accessed as such several times but the file or files containing the confidential data can only be displayed and/or reproduced once.
  • the existence of the attribute and/or the value of the attribute is checked after having been received on the second telecommunication device, wherein the utilization of the data being restricted to a singular access if the attribute exists and/or the attribute has a certain value.
  • the type of access restriction can be a singular reproduction, i.e. a graphical display or replaying of the confidential data.
  • the data and/or the entire message can be deleted automatically after the first access, so that it is ensured that no further access to the confidential data is possible. This could be done, for example, by overwriting the electronic short message, in particular by overwriting its textual content with letters like 'A 1 , 'content deleted' or the like.
  • the data and/or the message can be made unusable so that no new direct access to the data is possible. In this case, the existence of the message can still be displayed on the second telecommunication device, but it cannot be selected for reproduction or display of its content.
  • the message and/or the data can also be blocked so that a new access is only possible by naming a special code word. This code word can be preferably set exclusively by the sender of the message.
  • the confidentiality protection attribute can also prevent the storage, the printing and/or the forwarding of the data and/or of the message. This ensures that no other receiver than the one determined by the first terminal can get notice of the content of the message.
  • a separate attribute can be appended to the message for each restriction of use. Consequently, the message can comprise attributes each of which either prohibits the singular access, or the storage, or the printing or the forwarding.
  • a single attribute can be appended to the message, the attribute value of which predetermines the type of access restriction.
  • an attribute value can express that only a singular access to the message is possible and any storage, printing and/or forwarding of the message is prohibited.
  • a further attribute value could specify, for example, that only a singular access to the data is possible, the storage and forwarding of the message is prohibited but the printing of the message is allowed at least once.
  • further attribute values can be used which restrict or allow the individual uses in their combination.
  • a user identifier can be requested by the second telecommunication device and data access can only be permitted if a user identifier received at the second telecommunication device is identical to a predetermined receiver identifier. This ensures that only that person who has permission to access the confidential data, i.e. who has the correct user identifier, can retrieve these data from the message.
  • the user identifier can be input into the second telecommunication device by its user by typing for instance. It is then compared with the receiver identifier. Only if the user identifier is identical to the receiver identifier access to the confidential data is granted.
  • the receiver identifier can be an alphanumeric code word, a number, a name or the like. It could have been agreed between the sending and the receiving user. This ensures that no one else but the person who has received the correct identifier from the sending user is able to get access to the confidential data.
  • the receiver identifier can be allocated to the message at the first telecommunication device and can be sent together with the message to the second telecommunication device.
  • the invention relates to a program means that is stored and is executable on the first telecommunication device, for protecting confidential data which can be sent out in or with an electronic short message, the program means being set up for appending at least one attribute and/or assigning an attribute value to the message before it is sent out, and sending it together with the message to the second telecommunication device.
  • the program means can be an application for generating electronic short messages like SMS or MMS on the first telecommunication device.
  • a program means that is stored and is executable on the second telecommunication device which is provided for processing electronic short messages like SMS or MMS, this program means being set up for checking whether an attribute is appended to a message or a corresponding attribute value is assigned to this attribute, and this program means restricting the utilization of the data in dependence on the attribute and/or of the attribute value.
  • the program means stored on the second telecommunication device can automatically delete, in particular override, the data after a singular access when the attribute exists and/or the attribute has a predetermined value. Furthermore, it can be set up to request a user identifier and to permit data access only if an identifier received at the second telecommunication device is identical to a predetermined receiver identifier. Additionally, the program means can provide an information item about the restricted usability when the attribute exists and/or the attribute has a certain value.
  • the method according to the invention describes an approach which makes it possible that a user, before sending out messages generated by him, has the possibility of providing these messages with an attribute which ensures that the message is destroyed automatically and irrevocably after a singular access by the receiver.
  • this attribute can be designated as confidentiality protection attribute.
  • This confidentiality protection attribute becomes a component of the message and is transmitted together with this message.
  • the attribute specifies that a runtime environment must only grant a singular access to the useful data to a user or an application, after which these are irrevocably deleted.
  • the access rule for a message which is specified by means of the attribute can be applied and adhered to by a program means running on the second telecommunication device i.e., for example by an application for processing electronic short messages, by a runtime environment or an operating system.
  • an application supporting the confidentiality protection attribute processes an electronic short message in which this attribute is set in order to display the message on a graphical display
  • this application can delete the message automatically after it has been displayed or reproduced according to the access rule. This ensures that this application, or also another application on the second telecommunication device, cannot process the message again since it no longer exists.
  • the runtime environment or the operating system can adhere to the access rule in such a manner that the message is automatically deleted by the runtime environment or the operating system after having been read out by or transmitted to an application. If this message is requested again by this or another application from the runtime environment or the operating system it no longer exists.
  • the application requesting the message does not need to support the confidentiality protection attribute in this case.
  • One case of application of this exemplary method is, for example, keeping a confidential message available on a server from which the message can be called up by a terminal. According to the invention, this calling-up is possible only once since the message is deleted after the first call-up. In this case, the calling-up also represents an access to the message.
  • the confidential data are contained in individual parts of the message e.g. in files of different formats in the attachment to the message, it is not or not only the entire message which is provided with the confidentiality protection attribute but those or also those parts of the message which contain the confidential data. As a result, it is possible that only the parts of the message which are considered to be confidential by the sender are protected.
  • the attribute or the attributes for specifying the access rules is or are not set in the message which is stored as copy in the terminal of the sender after having sent out the message. It is only the message to be sent out which is given, or the message sent out which contains, the confidentiality protection attribute according to the invention.
  • an application which supports attributes for specifying access rules provides the user with an information item about the restricted accessibility of a message before the user orders the application to process, i.e. display or play such a message.
  • the checking of a message with regard to the presence of attributes or certain attribute values for access control is not to be considered as processing of the message itself by an application since otherwise the messages provided with a confidentiality protection attribute would have to be deleted after the checking and creating an overview of all messages in the terminal, before a user can inform himself of the content of the messages.
  • two exemplary access variants of the method according to the invention are represented:
  • a user sends an electronic short message via a mobile radio network from a first mobile telephone to a second mobile telephone, for example an SMS in a GSM (Global System for Mobile Communications) or UMTS (Universal Mobile Telecommunications System) network with explosive information to a certain person, but wishes to ensure that this short message is not available to any other person or application after its first use, not even in the case of a rental or theft of the receiving terminal.
  • GSM Global System for Mobile Communications
  • UMTS Universal Mobile Telecommunications System
  • a user sends a highly personal photo in a multimedia message (MMS) to a friend but wishes to ensure that the photo cannot be printed out, forwarded or provided to any other application by this person.
  • MMS multimedia message

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Human Computer Interaction (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Business, Economics & Management (AREA)
  • Computing Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to a method for protecting confidential data which are sent in or with an electronic short message (SMS, MMS) from a first telecommunication device to a second telecommunication device. Before the message is sent out, at least one attribute is appended and/or one attribute value is assigned to the message and sent together with the message to the second telecommunication device. The second telecommunication device restricts the utilization of the data to a singular access in dependence on the attribute and/or the attribute value. Furthermore, the invention relates to a program means that is stored and is executable on the first telecommunication device, for protecting confidential data which are sent out in or with the electronic short message (SMS, MMS), the program means being set up for appending at least one attribute and/or assigning an attribute value to the message before it is sent out and for sending it together with the message to a second telecommunication device. Furthermore, the invention relates to a program means that is stored and is executable on a second telecommunication device for processing electronic short messages (SMS, MMS), that it is set up for checking whether an attribute is appended and/or an attribute value is assigned to a message, and for restricting the access to the data in dependence on the attribute and/or the attribute value.

Description

Method for protecting confidential data sent out with an electronic message
The invention relates to a method for protecting confidential data which are sent in or with an electronic short message from a first telecommunication device to a second telecommunication device. In addition, the invention relates to program means for carrying out the method that are stored and are executable on each of the first and the second telecommunication device.
It is known to generate electronic messages such as, for example, e-mails, multimedia messages (MMS, multimedia messaging service) or short messages (SMS, short message service) on data-processing stationary and mobile telecommunication devices, particularly terminals for telecommunication, and to send these to one or more further terminals for telecommunication. Apart from less confidential text contents, these messages can also contain other personal or sensitive data contents which are either incorporated directly in the message itself or are appended to this message as so-called attachment. These can be, for example, personal documents which are generated by a text processing program, personal digital photos which have been recorded with a digital camera integrated in the mobile terminal, self-generated multimedia contents, for example personal ringtone compositions, videos etc., address data or also calendar data.
Such messages can be generated within an application, for example an e-mail application and sent from a mobile or stationary terminal to a second mobile or stationary terminal via a telecommunication network, for example a fixed line network or a mobile radio network. Generally, the contents of such messages are not protected, i.e. neither encrypted nor provided with access conditions which restrict the utilization of the data contents. Consequently, the author of a message loses control of its further utilization or distribution as soon as the message has left his terminal device.
It is known to provide messages with copy or forward protection. This copy or forward protection prevents the forwarding of a received message to third parties so that utilization of the data sent with a message is restricted. However, since the message is still stored on the second terminal device which originally received the message, any third party can still take notice of the confidential data on this terminal device. An absolute confidentiality protection is therefore not achieved by means of such copy or retransmission protection.
In the prior art, furthermore, it is known to grant the right of access to messages and their contents only to individual persons as is implemented, for example, by means of the Pretty Good Privacy (PGP) application and an asymmetric encryption method which requires administrative expenditure for the protected distribution of so-called public keys. Such an administrative expenditure including the distribution of keys cannot be expected from a terminal user, especially for sending out electronic short messages from a mobile telephone.
Furthermore, there are "digital rights management (DRM)" mechanisms which define the access conditions of messages and their contents, respectively, and can ensure that these are met so that, for example, a forwarding of a file can be prevented by means of DRM. Digital Rights Management mechanisms control the access to digital media and are used especially in the distribution of film or sound recordings, software, electronic books or documents. To control the access to digital contents, cryptographic methods are used. In this context, the contents are unambiguously tied to a license by means of encryption. Without the valid license belonging to the digital content, a user cannot obtain access to the corresponding content.
Due to the necessity that a receiver of an electronic message must have a corresponding access license, i.e. a corresponding authorization for access to the message, this possibility of access restriction, for practical reasons, can also not be transferred to messages which are transmitted in large numbers from one telecommunication terminal device to another telecommunication terminal device. In particular, these mechanisms are not suitable for electronic short messages (SMS) sent out from mobile telephones.
It is the object of the invention, therefore, to provide a method for protecting confidential data to be sent out with an electronic short message, which can be implemented without great technical expenditure and provides the users involved with the confidentiality protection of the data without unreasonable additional expenditure.
This object is achieved by the method as claimed in the features of claim 1 and by the program means having the features of claims 14 and 15. Advantageous developments of the invention are formulated in the respective subclaims.
According to the invention, a method for protecting confidential data is proposed which are sent in or with an electronic short message from a first telecommunication device to a second telecommunication device, wherein before the message is sent out, at least one attribute is appended and/or one attribute value is assigned to the message and sent together with the message to the second telecommunication device, the second telecommunication device restricting the utilization of the data to a singular access in dependence on the attribute and/or attribute value.
It is the basic idea of the present invention that confidential messages are only made available, i.e. represented or reproduced, to the addressee or the receiving and processing application for a single time, and after this singular utilization are automatically and without further user interaction not available anymore and for further utilization. This is achieved especially by the fact that a user, before sending out his generated messages, has the possibility of providing these with an attribute or an attribute value which ensures that the message is deleted, blocked or made unusable automatically and irrevocably, after the massage being used by the receiver or the receiving application for the first time, so that the message itself or the confidential information contained in the message, is no longer available after this singular access. The method according to the invention is applicable to any messages, especially electronic short messages such as SMS or MMS which are sent from a first stationary or mobile telecommunication device, particularly a terminal device, to a second stationary or mobile telecommunication device. The first telecommunication device can be, for example, a fixed line network telephone, a mobile telephone or a computer. The second telecommunication device can be formed, for example, by a fixed line network telephone, a mobile telephone, a computer or also by a server in which a message is provided for downloading to a terminal.
An attribute is a feature which is represented in the form of a parameter which is attachable to the message to be sent out, wherein the parameter can be set with a corresponding value. In principle, it may be sufficient that the mere fact that an attribute according to the invention exists in the following also called confidentiality attribute, causes the second telecommunication device to restrict the utilization of the message. However, it is also possible that each message sent by the first telecommunication device has a confidentiality attribute and the second telecommunication device restricts the utilization of the message only if the confidentiality attribute has a certain value which identifies the confidentiality of the message.
The confidential data can be, for example, text information such as address or calendar information which is contained directly in the body of the message. In this case, the attribute and/or the attribute value can be allocated directly to the electronic message. This enables the message in its entirety being restricted to a singular access with regard to its utilization.
As an alternative or in combination, it can also be provided that not only an entire message can be equipped with a confidentiality attribute according to the invention or a corresponding attribute value, respectively, but that attachments can also be added to this message and these attachments, as far as desired, can also be equipped with a corresponding confidentiality attribute or a corresponding attribute value. Such attachments can be, for example, personal documents, digital photos or multimedia contents which are appended as a separate file to the message to be sent out. The attribute or the attribute value or a further attribute or a further attribute value is then allocated to this appended file. This enables the received message to be accessed as such several times but the file or files containing the confidential data can only be displayed and/or reproduced once.
According to the invention, the existence of the attribute and/or the value of the attribute is checked after having been received on the second telecommunication device, wherein the utilization of the data being restricted to a singular access if the attribute exists and/or the attribute has a certain value. This ensures that received messages which do not have a corresponding confidentiality attribute or which have an attribute, but its value does not specify confidentiality can be treated and processed without being restricted in access.
The type of access restriction can be a singular reproduction, i.e. a graphical display or replaying of the confidential data.
According to the invention, the data and/or the entire message can be deleted automatically after the first access, so that it is ensured that no further access to the confidential data is possible. This could be done, for example, by overwriting the electronic short message, in particular by overwriting its textual content with letters like 'A1, 'content deleted' or the like. As an alternative, the data and/or the message can be made unusable so that no new direct access to the data is possible. In this case, the existence of the message can still be displayed on the second telecommunication device, but it cannot be selected for reproduction or display of its content. In a further alternative variant of the embodiment, the message and/or the data can also be blocked so that a new access is only possible by naming a special code word. This code word can be preferably set exclusively by the sender of the message.
As an alternative or in combination with the deleting, making unusable or inhibiting of the confidential data or the whole message, the confidentiality protection attribute can also prevent the storage, the printing and/or the forwarding of the data and/or of the message. This ensures that no other receiver than the one determined by the first terminal can get notice of the content of the message. In an advantageous development of the method according to the invention, a separate attribute can be appended to the message for each restriction of use. Consequently, the message can comprise attributes each of which either prohibits the singular access, or the storage, or the printing or the forwarding. As an alternative, a single attribute can be appended to the message, the attribute value of which predetermines the type of access restriction. Thus, for example, an attribute value can express that only a singular access to the message is possible and any storage, printing and/or forwarding of the message is prohibited. A further attribute value could specify, for example, that only a singular access to the data is possible, the storage and forwarding of the message is prohibited but the printing of the message is allowed at least once. In this sense, further attribute values can be used which restrict or allow the individual uses in their combination.
It is also of advantage if the attribute or attributes are only appended to the message to be sent out or the attribute value or values are only assigned to the message to be sent out, and no attribute or no attribute value restricting the access is allocated to a copy of the message to be stored on the first telecommunication device. This ensures that, although the access to the message or the data is restricted at the receiver, the sender can access the message at any time.
According to the invention a user identifier can be requested by the second telecommunication device and data access can only be permitted if a user identifier received at the second telecommunication device is identical to a predetermined receiver identifier. This ensures that only that person who has permission to access the confidential data, i.e. who has the correct user identifier, can retrieve these data from the message. The user identifier can be input into the second telecommunication device by its user by typing for instance. It is then compared with the receiver identifier. Only if the user identifier is identical to the receiver identifier access to the confidential data is granted.
The receiver identifier can be an alphanumeric code word, a number, a name or the like. It could have been agreed between the sending and the receiving user. This ensures that no one else but the person who has received the correct identifier from the sending user is able to get access to the confidential data.
In order that the second telecommunication device is able to compare the user identifier with the predetermined receiver identifier the receiver identifier can be allocated to the message at the first telecommunication device and can be sent together with the message to the second telecommunication device.
In addition, the invention relates to a program means that is stored and is executable on the first telecommunication device, for protecting confidential data which can be sent out in or with an electronic short message, the program means being set up for appending at least one attribute and/or assigning an attribute value to the message before it is sent out, and sending it together with the message to the second telecommunication device. The program means can be an application for generating electronic short messages like SMS or MMS on the first telecommunication device.
Correspondingly, a program means that is stored and is executable on the second telecommunication device is proposed which is provided for processing electronic short messages like SMS or MMS, this program means being set up for checking whether an attribute is appended to a message or a corresponding attribute value is assigned to this attribute, and this program means restricting the utilization of the data in dependence on the attribute and/or of the attribute value.
Preferably, the program means stored on the second telecommunication device can automatically delete, in particular override, the data after a singular access when the attribute exists and/or the attribute has a predetermined value. Furthermore, it can be set up to request a user identifier and to permit data access only if an identifier received at the second telecommunication device is identical to a predetermined receiver identifier. Additionally, the program means can provide an information item about the restricted usability when the attribute exists and/or the attribute has a certain value.
In the text which follows, the individual steps of the method according to the invention will be explained by way of example. The method according to the invention describes an approach which makes it possible that a user, before sending out messages generated by him, has the possibility of providing these messages with an attribute which ensures that the message is destroyed automatically and irrevocably after a singular access by the receiver. As previously mentioned, this attribute can be designated as confidentiality protection attribute.
It is an essential component of the method that the message is provided with the confidentiality attribute before being sent out. This confidentiality protection attribute becomes a component of the message and is transmitted together with this message. The attribute specifies that a runtime environment must only grant a singular access to the useful data to a user or an application, after which these are irrevocably deleted. The access rule for a message which is specified by means of the attribute can be applied and adhered to by a program means running on the second telecommunication device i.e., for example by an application for processing electronic short messages, by a runtime environment or an operating system.
If an application supporting the confidentiality protection attribute processes an electronic short message in which this attribute is set in order to display the message on a graphical display, this application can delete the message automatically after it has been displayed or reproduced according to the access rule. This ensures that this application, or also another application on the second telecommunication device, cannot process the message again since it no longer exists.
If the receiving of messages is implemented within a runtime environment or in an operating system separately from an application for processing and display, the runtime environment or the operating system can adhere to the access rule in such a manner that the message is automatically deleted by the runtime environment or the operating system after having been read out by or transmitted to an application. If this message is requested again by this or another application from the runtime environment or the operating system it no longer exists. The application requesting the message does not need to support the confidentiality protection attribute in this case. One case of application of this exemplary method is, for example, keeping a confidential message available on a server from which the message can be called up by a terminal. According to the invention, this calling-up is possible only once since the message is deleted after the first call-up. In this case, the calling-up also represents an access to the message.
If the confidential data are contained in individual parts of the message e.g. in files of different formats in the attachment to the message, it is not or not only the entire message which is provided with the confidentiality protection attribute but those or also those parts of the message which contain the confidential data. As a result, it is possible that only the parts of the message which are considered to be confidential by the sender are protected.
Apart from the confidentiality protection attribute, other access rules such as, e.g. the storage, the printing or the retransmission can be specified which are restricted or prevented after an access to the message.
To prevent the sender from also being able to use his transmitted message only once, the attribute or the attributes for specifying the access rules is or are not set in the message which is stored as copy in the terminal of the sender after having sent out the message. It is only the message to be sent out which is given, or the message sent out which contains, the confidentiality protection attribute according to the invention.
According to the invention, an application which supports attributes for specifying access rules provides the user with an information item about the restricted accessibility of a message before the user orders the application to process, i.e. display or play such a message. The checking of a message with regard to the presence of attributes or certain attribute values for access control is not to be considered as processing of the message itself by an application since otherwise the messages provided with a confidentiality protection attribute would have to be deleted after the checking and creating an overview of all messages in the terminal, before a user can inform himself of the content of the messages. In the text which follows, two exemplary access variants of the method according to the invention are represented:
A user sends an electronic short message via a mobile radio network from a first mobile telephone to a second mobile telephone, for example an SMS in a GSM (Global System for Mobile Communications) or UMTS (Universal Mobile Telecommunications System) network with explosive information to a certain person, but wishes to ensure that this short message is not available to any other person or application after its first use, not even in the case of a rental or theft of the receiving terminal.
A user sends a highly personal photo in a multimedia message (MMS) to a friend but wishes to ensure that the photo cannot be printed out, forwarded or provided to any other application by this person.

Claims

Claims
1. A method for protecting confidential data which are sent in or with an electronic short message (SMS, MMS) from a first telecommunication device to a second telecommunication device, characterized in that before the message is sent out, at least one attribute is appended and/or one attribute value is assigned to the message and sent together with the message to the second telecommunication device, the second telecommunication device restricting the utilization of the data to a singular access in dependence on the attribute and/or attribute value.
2. The method as claimed in claim 1 , characterized in that the attribute and/or the attribute value is directly allocated to the message.
3. The method as claimed in claim 1 or 2, characterized in that the attribute and/or attribute value or a further attribute and/or a further attribute value is allocated to a file appended to the message.
4. The method as claimed in one of the preceding claims, characterized in that the existence of the attribute and/or the value of the attribute is checked after reception on the second telecommunication device, the utilization of the data being restricted to a singular access if the attribute exists and/or the attribute has a certain value.
5. The method as claimed in one of the preceding claims characterized in that the access restriction is the singular reproduction of the data.
6. The method as claimed in one of the preceding claims, characterized in that the data and/or the message is/are automatically deleted, blocked or made unusable after the access.
7. The method as claimed in claim 6, characterized in that the data and/or the message is/are deleted by overwriting its content.
8. The method as claimed in claim 5, 6 or 7, characterized in that the storage, the printing and/or the forwarding of the data and/or of the message is prevented.
9. The method as claimed in one of the preceding claims, characterized in that a separate attribute is appended to the message for each restriction of use.
10. The method as claimed in one of the preceding claims, characterized in that the attribute value predetermines the type of restriction of use.
11. The method as claimed in one of the preceding claims, characterized in that the attribute or attributes is or are only appended to the message to be sent out or the attribute value or values is/are only assigned to the message to be sent out, and no attribute or attribute value restricting the access is allocated to a copy of the message to be stored on the first telecommunication device.
12. The method as claimed in one of the preceding claims, characterized in that a user identifier is requested by the second telecommunication device and that data access is only permitted if a user identifier received at the second telecommunication device is identical to a predetermined receiver identifier.
13. The method as claimed in claim 12, characterized in that the receiver identifier is allocated to the message at the first telecommunication device and sent together with the message to the second telecommunication device.
14. A program means stored and executable on a first telecommunication device, for protecting confidential data which are sent out in or with an electronic short message (SMS, MMS) characterized in that it is set up for appending at least one attribute and/or assigning an attribute value to the message before it is sent out and sending it together with the message to a second telecommunication device.
15. The program means stored and executable on a second telecommunication device for processing electronic short messages (SMS, MMS), characterized in that it is set up for checking whether an attribute is appended and/or an attribute value is assigned to a message, and restricting the access to the data in dependence on the attribute and/or attribute value.
16. The program means as claimed in claim 15, characterized in that it automatically deletes the data after a singular access when the attribute exists and/or the attribute has a predetermined value.
17. The program means as claimed in claim 16, characterized in that it automatically overwrites the data after a singular access.
18. The program means as claimed in claim 15, 16 or 17, characterized in that it is set up to request a user identifier and to permit data access only if an identifier received at the second telecommunication device is identical to a predetermined receiver identifier.
19. The program means as claimed in one of the claims 15 to 18, characterized in that the program means provides an information item about the restricted usability when the attribute exists and/or the attribute has a certain value.
PCT/EP2010/003614 2009-06-16 2010-06-16 Method for protecting confidential data sent out with an electronic message WO2010145811A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
EP10729696A EP2443800A1 (en) 2009-06-16 2010-06-16 Method for protecting confidential data sent out with an electronic message

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE102009025414.5 2009-06-16
DE102009025414A DE102009025414A1 (en) 2009-06-16 2009-06-16 Method for protecting confidential data sent with an electronic message

Publications (1)

Publication Number Publication Date
WO2010145811A1 true WO2010145811A1 (en) 2010-12-23

Family

ID=42355413

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2010/003614 WO2010145811A1 (en) 2009-06-16 2010-06-16 Method for protecting confidential data sent out with an electronic message

Country Status (3)

Country Link
EP (1) EP2443800A1 (en)
DE (1) DE102009025414A1 (en)
WO (1) WO2010145811A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2018506083A (en) * 2015-09-18 2018-03-01 小米科技有限責任公司Xiaomi Inc. Method and apparatus for reading a short message
US10021543B2 (en) 2015-09-18 2018-07-10 Xiaomi Inc. Short message service reading method and device
US10027629B2 (en) 2015-09-18 2018-07-17 Xiaomi Inc. Short message service reading method and device

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050193145A1 (en) * 2004-02-26 2005-09-01 International Business Machines Corporation Providing a portion of an electronic mail message based upon digital rights
US7021534B1 (en) * 2004-11-08 2006-04-04 Han Kiliccote Method and apparatus for providing secure document distribution
EP1791316A1 (en) * 2005-11-23 2007-05-30 Research In Motion Limited E-mail with secure message parts

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7356564B2 (en) * 2002-01-09 2008-04-08 At&T Delaware Intellectual Property, Inc. Method, system, and apparatus for providing self-destructing electronic mail messages
US7548952B2 (en) * 2002-05-31 2009-06-16 International Business Machines Corporation Method of sending an email to a plurality of recipients with selective treatment of attached files

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050193145A1 (en) * 2004-02-26 2005-09-01 International Business Machines Corporation Providing a portion of an electronic mail message based upon digital rights
US7021534B1 (en) * 2004-11-08 2006-04-04 Han Kiliccote Method and apparatus for providing secure document distribution
EP1791316A1 (en) * 2005-11-23 2007-05-30 Research In Motion Limited E-mail with secure message parts

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of EP2443800A1 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2018506083A (en) * 2015-09-18 2018-03-01 小米科技有限責任公司Xiaomi Inc. Method and apparatus for reading a short message
US9998887B2 (en) 2015-09-18 2018-06-12 Xiaomi Inc. Short message service reading method and device
US10021543B2 (en) 2015-09-18 2018-07-10 Xiaomi Inc. Short message service reading method and device
US10027629B2 (en) 2015-09-18 2018-07-17 Xiaomi Inc. Short message service reading method and device

Also Published As

Publication number Publication date
DE102009025414A1 (en) 2010-12-30
EP2443800A1 (en) 2012-04-25

Similar Documents

Publication Publication Date Title
EP1735934B1 (en) Method for dynamic application of rights management policy
US8769492B2 (en) Method for updating data in accordance with rights management policy
US7039806B1 (en) Method and apparatus for packaging and transmitting data
US6920564B2 (en) Methods, systems, computer program products, and data structures for limiting the dissemination of electronic mail
US8201263B2 (en) Method and apparatus for enabling access to contact information
US20050137983A1 (en) System and method for digital rights management
WO2001026277A1 (en) Method and apparatus for packaging and transmitting data
EP1386242A4 (en) Privileged e-mail system with routing controls
JP2009510903A (en) Method and system for selectively protecting shared contact information
US7215778B2 (en) Encrypted content recovery
US20060174347A1 (en) System and method for providing access to OMA DRM protected files from Java application
US9716693B2 (en) Digital rights management for emails and attachments
WO2010145811A1 (en) Method for protecting confidential data sent out with an electronic message
KR100702142B1 (en) Method For Protecting Copyright Of Contents In A Wireless-Terminal
US20150178479A1 (en) Transmission of a Digital Content Between a Source Terminal and a Recipient Terminal
JP2008234135A (en) Management device for electronic file, management method for electronic file and management program for electronic file

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 10729696

Country of ref document: EP

Kind code of ref document: A1

WWE Wipo information: entry into national phase

Ref document number: 2010729696

Country of ref document: EP