DE102005045947B4 - Method for the secure detection and / or checking and / or assignment of subscribers or subscriber addresses in data networks - Google Patents

Method for the secure detection and / or checking and / or assignment of subscribers or subscriber addresses in data networks

Info

Publication number
DE102005045947B4
DE102005045947B4 DE102005045947.1A DE102005045947A DE102005045947B4 DE 102005045947 B4 DE102005045947 B4 DE 102005045947B4 DE 102005045947 A DE102005045947 A DE 102005045947A DE 102005045947 B4 DE102005045947 B4 DE 102005045947B4
Authority
DE
Germany
Prior art keywords
data
server
via
code
kode
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
DE102005045947.1A
Other languages
German (de)
Other versions
DE102005045947A1 (en
Inventor
Patentinhaber gleich
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
KOLLER, ROMAN, DE
ROMAN KOLLER, DE
Original Assignee
Roman Koller
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority to DE102004046413.8 priority Critical
Priority to DE102004046413 priority
Priority to DE102004059168 priority
Priority to DE102004059168.7 priority
Priority to DE102005007379 priority
Priority to DE102005007379.4 priority
Priority to DE102005008086 priority
Priority to DE102005008086.3 priority
Priority to DE102005009367 priority
Priority to DE102005009367.1 priority
Priority to DE102005010414.2 priority
Priority to DE102005010414 priority
Priority to DE102005012989.7 priority
Priority to DE102005012989 priority
Priority to DE102005015619 priority
Priority to DE102005015619.3 priority
Priority to DE102005016304 priority
Priority to DE102005016304.1 priority
Priority to DE102005029025 priority
Priority to DE102005029025.6 priority
Priority to DE102005045947.1A priority patent/DE102005045947B4/en
Application filed by Roman Koller filed Critical Roman Koller
Publication of DE102005045947A1 publication Critical patent/DE102005045947A1/en
Application granted granted Critical
Publication of DE102005045947B4 publication Critical patent/DE102005045947B4/en
Application status is Active legal-status Critical
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L29/00Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/00 - H04L27/00
    • H04L29/12Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/00 - H04L27/00 characterised by the data terminal
    • H04L29/12009Arrangements for addressing and naming in data networks
    • H04L29/12047Directories; name-to-address mapping
    • H04L29/12103Directories; name-to-address mapping using an address exchange platform which sets up a session between two nodes, e.g. Rendezvous server
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L29/00Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/00 - H04L27/00
    • H04L29/12Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/00 - H04L27/00 characterised by the data terminal
    • H04L29/12009Arrangements for addressing and naming in data networks
    • H04L29/12783Arrangements for addressing and naming in data networks involving non-standard use of addresses for implementing network functionalities, e.g. coding subscription information within the address, functional addressing, i.e. assigning an address to a function
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements or network protocols for addressing or naming
    • H04L61/15Directories; Name-to-address mapping
    • H04L61/1535Directories; Name-to-address mapping using an address exchange platform which sets up a session between two nodes, e.g. "rendezvous" server
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements or network protocols for addressing or naming
    • H04L61/35Network arrangements or network protocols for addressing or naming involving non-standard use of addresses for implementing network functionalities, e.g. coding subscription information within the address or functional addressing, i.e. assigning an address to a function
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/18Network architectures or network communication protocols for network security using different networks or paths for security, e.g. using out of band channels

Abstract

Method a) for the purpose of the secure detection and / or checking and / or assignment of subscriber lines at message links and / or subscriber addresses concerning these message links, with respect to an addressee and / or to a sender of data and / or with respect to authenticity of data and / or the allocation of data, b) with terminals, which each have a, the type of connection of a respective terminal corresponding message connection to a, the respective terminal respectively associated device, the communication link of the respective terminal respectively providing means, each Terminal communicates with its respective associated device and the, the communication link of the terminal providing facilities are networked together, said networking is done via locally separate devices or within a common device, wherein c) said networking the establishment of a communication link between the devices providing the communication link of the terminals, characterized in that d) a data loop DS is formed via the said communication links associated with the terminals via the said network of devices providing the communication link of the terminals on the terminal side d1) a data transmission (1a) made under the terminals and / or ...

Description

  • This patent application has the following priorities:
  • and relates to a method and a circuit measure taken for carrying out the method in order to achieve the following technical task:
  • - Task:
  • As a higher-level technical task, the technical requirement can be considered to use the coding (addresses, telephone numbers, radio channels, etc.) of the subscriber connection points of communication links of hierarchical networks (eg telephone connections) for the secure addressing of data connections of any networks, in particular for synchronization and networking of server processes that occur concurrently or at arbitrary time intervals. Depending on the application, this synchronization can include both hierarchical networks (telephone, mobile phone, etc.) and, in particular, non-hierarchical networks (eg, the Internet) in order to make the data connections more secure in non-hierarchical networks. For example, in order to link the possibly even temporarily existing addresses of non-hierarchical networks (eg Internet) to the coding of hierarchical networks (such as telephone numbers in landline and mobile), etc. Where this can be done not only to check temporary addresses, but the data transmitted via these insecure networks, namely that the data written or read in databases via these networks, can be securely addressed via the coding of hierarchical networks (such as landline and mobile telephone numbers). Thus, for example, even data transfers from mobile to mobile, or from mobile to landline, or landline to landline (even within conference calls) arbitrarily different or the same networks using their coding (eg telephone numbers) can be linked together, ditto the data regardless of the actual port addresses of servers and end devices, or even of end devices (eg in conference calls). This ensures that a data connection established between the respective subscribers (eg Internet subscribers, servers, mobile phones, etc.) actually affects the right subscribers and that no manipulation can be made when dialing (for example, through Trojan programs, etc .). In further development, this new method is used in many applications, such as cashless payment, secure server login, user authentication, and so on. Although the basic idea seems simple at first, there are many new applications that will lead to a rethinking of all electronic communication. Many of the state of the art, set only by costly programs to close vulnerabilities in operating systems, are unnecessary by the present invention, with a significant increase in security, because the proposed method is enormously transparent, simple, but more efficient than anything there are so far on this topic. For the reasons of the versatile applications of the invention, the application has become somewhat extensive. A further object is to specify a simplification of the connection establishment of a terminal using a further terminal.
  • State of the art:
  • As the prior art is given here, once the usual method of using a sender, in which a device sends an address that is recognized by the other device of a two-point connection, eg. As in the display of the phone number of a caller at the called party. And still the usual method, a user to submit a code, such. Example, by a number obtained when purchasing the charge of a mobile phone. Or also, for another application: After payment via the mobile phone, the sending of a code number via SMS, which must be entered by hand in a machine to operate the machine. The machine has stored the numbers in stock, comparable to transfer numbers of online accounts, which here also to the state of the art still to be specified. Above all, all of these systems have the disadvantage that the security depends directly on the network operator, since the feasibility of complex processes depends on the network operator (eg dependence on the network operator for cashless payment, etc.).
  • All these methods are therefore imperfect and prone, and for the high safety requirements and the required degree of automation of the applications specified in the invention completely unsuitable, therefore hitherto, in practice, said applications were not meaningful realized. So z. B. the input of a number at any time be passed on another data channel, and used by a third party. So that the provider of a WEB site could no longer reliably use the process as access protection, etc.
  • The solution is according to claim 1. Whereby (provided for by the user) closing of a data loop DS via the relevant networks or data connections via which a corresponding KODE for testing, or addressing, or assigning the relevant subscriber lines of the networks (or data connections ). In further development, this code is randomly generated as a security code. A further development relates to the real-time monitoring of an event relating to the generation of data over time.
  • The technical measures specified, relating to a client-side (user-side) formation of a data loop DS using two communication networks or connections or channels, and the transmission of a basically random (eg also randomly generated) data Code KODE, which is included in the transmission protocol of the data connection, solves the stated, very extensive technical problems and problems and allows, above all, the development of a wide field of the most versatile applications, as claimed in the corresponding subclaims as preferred embodiments of the invention further are. In this case, provision is made in a further development of the invention that the user can not manipulate this data link to another terminal (using a further communication link) and thus transmit the personal access to a third party.
  • In this case, in adaptation to the many different application possibilities, two basic variants are provided for the formation of the data loop DS of two communication networks or channels:
    • a) a variant to be called a serial data loop ( 1a ), and in which the data loop DS via a corresponding coupling of the terminals ( 2a . 2 B ) of the message networks at the client (user) so that the server sends the security code KODE on the one communication network (1) to the relevant terminal of the communication network and via the coupling DS of the terminal to the terminal of the other communication network receives back (2), wherein a check of the security code KODE takes place in the server;
    • b) and a second variant, or supplementary variant, which should be referred to as a parallel data loop ( 1b ), and in which the data loop DS via a corresponding coupling of the terminals of the communication networks at the client (user) is such that the server transmits the security code KODE on both communication networks (1, 2), wherein a check of the security code KODE at the terminal of the user is made. This may be a terminal which is connected to both networks, or it may also be terminals that communicate with each other via the preferred coupling DS, which is usually the case here. An example of such a coupling shows 2a . 2 B and 4 , For special applications, the parallel data loop is used for the present invention as a supplementary variant to the serial data loop, whereby the advantages referred to the serial loop are obtained via the serial data loop and the further advantages for the relevant application via the parallel data loop. In 1a . 1b we obtain this variant by bidirectional data transmission over the data path 2, wherein for further requirements, the data path 1 can optionally be designed bidirectional.
  • Both variants, serial data loop and parallel data loop, if necessary, can also be used in a common method, in which case an examination of the security code KODE emitted by it takes place in the server as well as in the terminals a check of the KODE takes place, wherein one terminal is the another terminal (the relevant message networks) via the coupling DS then informs the server each received KODE.
  • In either case, the serial data loop, as well as the parallel data loop, the code (KODE) check can be done either by a direct (immediate) comparison, or by a query like the KODE by the transmission over the two Networks according to a regulation (resp. after an algorithm) has changed. For example, in the even later 12c described variant, or when the code sent to a cell phone in the phone with a digital signature provided (ie encrypted), as well as additionally contains a further encrypted code portion in the corresponding computer of the Internet access (eg is further changed, wherein the server once decrypted the code to check him, further checks the made in the corresponding computer of Internet access manipulation of the KODE with, for. B. to determine whether the data coupling is actually made directly between the mobile phone and the corresponding computer of Internet access, or whether another data connection (eg., Via the Internet, or another telephone connection, etc.) is connected in between over the one locally at completely different place set up computer of Internet access via a coupling the security code KODE the server sends back, z. B. to disguise an unauthorized log-on, in which the data loop DS must be closed via a specific telephone line. Embodiments and developments of the invention are described below with reference to the drawings in detail. Examples of an acoustic coupling of the data loop DS show, for example 2a . 2 B , which will be explained later.
    • - A refinement of the invention relates to the assignment of the terminals used for the formation of the data loop DS by scanning the server at the same time actively active ports, as they are provided for sending and receiving the KODE's using different networks (for sending and receiving) to respectively form those pairs of ports via which, with respect to the generation in the server (in particular the serial data loop), the code KODE is transmitted on one port and is retrieved via another port (corresponding to a pair of associated ports). If a change (for example as part of an encryption procedure or a digital signature) is made on the data loop DS (via the encryption device or a digital signature), then a part of the KODE is still not encrypted, or generally encrypted for all users to the To be able to scan CODE, and so find the matching connection pairs. When the KODE is randomly generated in the server, it is checked for each generated KODE whether a same KODE has actually been assigned, ie sent out but not yet scanned. If this happens randomly (despite the extremely low probability actually once), then the generated KODE will not be sent out, but discarded.
  • - Preview:
  • What can you do with the invention? From the examples given in the following preview, the technical measures that are particularly relevant in the present invention can be seen.
  • ACCESS FUSES:
  • For the first time, a temporary address of an Internet subscriber assigned by the provider can be connected to a landline telephone number or to a mobile telephone number in order to allow access to protected WEB pages, or data, only using a data loop DS formed via this telephone number additionally via the relevant terminals (landline telephone or mobile phone) in conjunction with the basically arbitrary (eg randomly generated) security code KODE, the security code KODE at one of the corresponding terminals (or at the coupling point for forming the data loop DS) be provided by the user with a digital signature. In this case, the digital signature is incorporated both in the data transmitted via the data loop DS security codes KODE, as well as in the further transmitted via the data loop DS data. Thus in the server unique, z. B. the phone of a particular phone number (or smart card) and the associated digital signature of this phone number (or smart card) registered subscriber can be identified.
  • For the first time, a secure log-on to a computer (or to a network, etc.), instead of, as it is usually done with a password, even without further input of the password, with the automated log-in derives from the password, which in repeated logging However, on the user side no longer exists (not even in stored form).
  • Wherein at the first login using the password and the preferred data loop DS (via which the test code KODE is routed for testing, or for assigning the phone numbers of the mobile phone's), the telephone number of the telephone line used for the formation of the data loop DS ( Landline or mobile) is stored in the server, and, if desired, still the associated digital signature of the subscriber registered to this telephone number (eg chip card) is included in the test code KODE.
  • Thus, the password, or a password corresponding to the CODE only once (or possibly several times in succession) can be entered in a session, and after this recognized as the correct password input, the access in the other sessions exclusively only using the preferred Data loop DS (via which the test code KODE is routed for testing or for assigning the phone numbers of the mobile phone) is possible. It is evident that several different passwords can be provided in each case, under which the telephone number under which the data loop DS is formed in each case can be changed in each case, the same way the formation of the data loop DS (via which the test code KODE for Testing, or to assign the phone numbers of the cell phone's is conducted) not on the computer, (or not over the network, etc.), but via another phone connection, the server then closes both phone lines on the serial data loop, and changes the user's telephone number to the new telephone number in the server upon detection of this pairing (by the same code KODE for both telephone lines).
  • SERVER IDENTIFICATION:
  • For the first time, a WEB participant can securely identify a provider or server or, at any time, find out to a WEB site called up on the Internet whether the site is actually authentic. For this purpose, the user dials a phone number, the z. B. corresponds to a registered secure telephone number of the provider, and receives over a corresponding extension of the telephone network, regardless of its Internet access IT, via the telephone line Tel the data line of the server, via which the serial data loop DS, z. B. by acoustic coupling, or infrared coupling of his telephone / mobile phone T via the interface to the Internet connection IT (eg, a computer CL) by the user is ( 2a . 2 B ) to form the serial data loop DS, at which the server tests the test code KODE. In this test, since the serial data loop DS is formed over the telephone line Tel which the user has selected via his telephone set or his mobile phone T as a secure connection of a hierarchical network, a correct check result of the server is to ensure that the user is using the correct server and the right WEB page is connected.
  • The correct test result is then communicated to the user via the secure connection of the hierarchical network (here landline telephone or mobile phone). Wherein the user, for. B. by clicking a button on the WEB page, the sending of the code on the server side triggers, and after completing the relevant button of the WEB page changes its function and the prompt "receiving the handset" (to hear the message over the telephone line indicates). After clicking the button the server sends the positive acknowledgment, or a negative warning by a computer voice announcement over the telephone line, whose language, eg. B. on the WEB page can still be selected, etc.
  • ANONYMITY, NOW ALSO FOR THE SUPPLIER OF WEB SITES:
  • For the first time, the WEB site of a provider can not only be called anonymously by a WEB participant, but the provider himself can put his WEB page anonymously on the net. A practical embodiment will be described below. In this case, the WEB subscriber selects for the purpose of producing the preferred data loop DS again the telephone number of the provider, the data loop is in this case not on the WEB side of the provider, but on the side of a general data service, in which any page of the Network can be displayed. For example, within the WEB page of the provider. The actual page requested by the WEB subscriber is not called up by the Internet, ie not by a link, but by the telephone call of the WEB subscriber, wherein the server accesses the WEB page corresponding to the extension number received from the caller on one of the direct dial numbers , and on the phone number of the caller (checked, or given with the call), an address for forwarding the WEB page forms. Whereupon the relevant WEB page is imported from an anonymous server into the WEB page of the provider. About the secured by the data loop DS phone number of the WEB participant has again the assurance that he is actually on the desired WEB page.
    • • This can be done via a telephone number direct call a WEB page by direct telephone dialing of the server concerned via Internet telephony using an anonymous call, in which case this telephone call in turn by making the preferred data loop DS using a regular telephone connection hierarchical network is secured. This ensures that the user (via the anonymous IT connection, voice over IP) dialed number does not go through the hierarchical network, but only the backup of the Internet page used for this election by another more general telephone number. Thus the user can call an WEB page of an anonymous provider anonymously, taking advantage of all possibilities. The registration, presentation and transmission of a WEB page of an anonymous provider will be explained in more detail below to the figures.
  • CASHLESS PAYMENT AND GENERAL DATA DISTRIBUTION:
  • A basic idea of using the present invention for cashless payment is that of common household popular terminals for communications such as a landline phone, cell phone, and various Internet terminals (notebook, PC, terminal, etc.) by using the principle a data loop DS and the associated security code KODE to connect two servers and the associated terminals of two communication links at the same time and from the server side an infallible proof, which may also be provided with digital signatures (here of the Buyer and the seller) can be detected via this connection, in further association with corresponding data belonging to this evidence via the data loop DS between the users of the terminals and their own servers, or even to each other server (in each case based on the terminals) are exchanged.
  • This principle is also versatile for other applications, while the data loop DS may also be closed via only one terminal (in conference) and two or more servers when using a telephone z. B. at the same time several trunks are available, then at the same time the server of the seller and the server of the buyer (or possibly the server of the participating banks whose accounts are to be used) are connected to each other via this telephone connection. In this conference call can then still have a cell phone, z. B. of the buyer be involved, so that as a star connection, the servers of two banks (via the conference circuit of the mobile phone of the seller) and connected via the data loop DS coupled with the buyer's mobile phone. This would be an example of the fact that the data loop DS can also be formed over more than two networks, in which case by means of appropriate control characters, time windows for the transmission of the data of different subscribers can be determined by protocol. In the later description of the figures, an example is given that the code passed over the data loop can also be generated independently by each of the participating servers, cf. later to CODE (1) and CODE (2). Or there are only two mobile phones ( 5 ), via which the data loop DS of their networks is closed, or instead of the mobile phone of the seller and an IT network terminal can be used ( 4 ), etc.
  • In this way, a cashless payment transaction can be processed via the security association of the two servers by the preferred serial data loop DS and the code KODE routed there, or comparable actions can also be handled. These actions are generally understood to be data backup, as evidenced by a digital signature, which may correspond to any desired application. For example, in addition to payment transactions, this data deposit can correspond to a voucher paid via the Internet, with which goods (theater ticket, etc.) can be collected at the cash desk. Or the data deposit corresponds in connection with a to this data deposit, d. H. to the code KODE transmitted via the data loop DS and the associated data, a digital signature, an e-mail, the data loop DS being concluded via the server of a notary or a certification authority. This example will be described in more detail below. In particular, using multiple networked servers.
  • Another application relates to the training of the mobile phone with an RFID (Radio Frequency Identifier) detector. This fulfills the purpose that the customer can already monitor and control the amount to be paid later at the checkout, while the payment is carried out via the preferred method with the mobile phone.
  • Charging: By linking the data access via an entered code, which can be easily entered into a mobile phone as usual, or via an Internet access (or connected to a telephone network) ATM, via which the preferred data loop DS to the mobile phone to be charged establishes the respective allocation. It is in the ATM, z. A bank, paid-in amount, via the data loop directly to the mobile phone user, d. H. the phone number unchecked smart card corresponding phone number and the owner of the digital signature of the code KODE certified by the phone, well written.
  • Certification: The identification of the person paying for the mobile phone or paying it to the server when paying, as well as when charging via the mobile phone, is checked by the server via the data loop DS (from the mobile phone via another mobile phone, cf. 5 or from the mobile phone via a corresponding interface device of a Kesse or an ATM, cf. 4 , etc.) made to the server returned KODE's on the user side (via the phone) with a digital signature, similar to a document can be further encoded. Where the document here corresponds to the CODE returned to the server, supplemented with other data, such as the amount, if applicable the purpose of payment and the identification data (identification data) of the person (s) concerning the payment. In this case, for example, in addition to the usual pin number, even a fingerprint sensor, or a 3D camera built into the cell phone, can transmit the face of the person concerned to a mobile phone image analysis (iris analysis).
    • • In order to avoid the possibility of manipulation during image analysis (eg iris analysis) or, if necessary, also during speech analysis, the server performs an event specification which the user has to follow immediately, eg. B. by optical indication SMS, or broadband image transmission, etc., or by audible announcement, the user is given what he has to do: for example, what text he should speak, or when he should wink with his eyes (eg after a given knock rhythm). The server then evaluates the user's input regarding the specification of the real-time event (by measuring the delay time and / or making the correct input, eg a voice prompt to a given text, etc.).
  • In all cases, the respective sensors (camera optics, etc.) are ergonomically arranged on the mobile phone or on the device connected to the mobile phone via the preferred data loop DS so that the detected by the sensors detection data of the person using the phone, at the same time the code KODE transmitted via the data loop DS to another device can be scanned using the addition of the digital signature stored on the chip card of the mobile phone during the coupling (the data loop DS). A positive detection by the sensor then causes the stored in the chip of the mobile add the digital signature, possibly even extended to the input of a pin number.
  • In a voice verification, the counterpart, z. B. a support surface for the phone 4 , or an ATM, etc., also use an arranged on the machine, another microphone and the digitized audio signal of the microphone then be included in the data stream of the data loop DS with; the same applies to any existing 3D cameras to spatially record a person's face, etc.
  • CONNECTION OF A USUAL SIGNATURE WITH A DIGITAL SECURITY:
  • The method uniquely enables the combination of a digital signature with a standard hand-written signature. This is illustrated in 19b , It is state of the art to digitize a signature made on a digitizing pad in real time not only according to the coordinates x, and y as a function of time (t) but also while still maintaining the contact pressure p as a function of time (t) or of the coordinates x, y continue to digitize and assign to a person via a digital sample examination.
  • As has already been explained and will be explained below in a plurality of examples, the preferred test code KODE can be manipulated for the purpose of personal coding of the user by all methods known to the state of the art, and correspondingly decoded again in the server.
  • In the example below 19b For this purpose, a digitizing pad PAD is used as part of a device inserted into the data loop DS 300 , or in the cell phone used to form the data loop (T #) integrated, etc., or connected to the client computer CL. The SERVER receives over the data loop DS the test code KODE, which is further manipulated or via another test code KODEn according to the data of the PAD via a secret algorithm (eg a formula into which the data of the PAD and the KODEn used to obtain a new CODE) and should be referred to herein as linked code pad · CODEn. The algorithm for linking the current PAD data with the random code KODE sent by the server may be e.g. B. via the telephone line Tel, or via the Internet IT, or distributed over both networks in blocks, be loaded, or retrieved, changed, etc. (see also later 29 ).
  • Thus, this process makes absolutely clear which signature is made here to which document, or payment transactions, etc., as a real-time event. It would not do any good to feed a digital copy into the data loop DS, no matter where, because the code KODEn modulated by the signature on the secret algorithm is a random code generated spontaneously by the server. The server can then back up the data of the PAD upon receipt by inverse application of the algorithm. These data correspond to the x, y corrigenda recorded as a function of time during the delivery of the signature and the pressure p applied to the writing instrument. This data is then used for pattern matching for the digital signature check.
  • Of course, the code packet can be further secured via a hash code, according to a digital signature. The digital signature is then z. B. in the smart card of the phone and has its own pin number for unlocking and / or still uses a fingerprint sensor as a backup, etc.
  • In particular, there are advantages when using a digital signature, which can be supplemented with a digitized hand signature (PAD scanned) to increase further security and is also monitored by the random code sent over the data loop as a real-time event. This achieves the same effect, as if the user had signed under the supervision of a notary, except that the notary is realized by an electronic procedure. In code KODEn, passing through the data pad of the PAD in the code: New CODE = f (KODEn · pad), is changed, if necessary, another code KODE_dig is included, which results from the digital signature with a document, so with the hand signature, document and sent by the server test code are certified with. The test code serves as a real-time record and within which data loop DS, the hand-signature was made. If the server (depending on the application, see later), if appropriate, the document is not present, then also an additional additional new code is formed, without the KODE_dig with pure, so that the server can form the hand sign of the user back, and the new code with the KODE_dig saved as proof.
  • It is evident that the method shown here is also very suitable as a supplement to a passport, etc.
  • THE CODE TRANSFERRED THROUGH THE DATA LOOP DS AS EVENT:
  • A common denominator for as many applications as possible, the invention corresponds to when the time-definite event of the data coupling (for the production of the data loop DS) produced by the data code KODE transmitted via the data loop DS continues with that via the data loop (here serial) DS related data networks is linked; as this z. B. has just been described for a hand signature. It is not only when you log in, but during data transfer, z. As a very broadband, fast data network, the preferred serial data loop DS constantly maintained, and the ever-changing code generated during the data transmission code KODE the data loop DS, involved in the data. In this case, the data loop DS can be formed from the coupling of a low-bandwidth telephone connection and a high-bandwidth Internet data line. Thus, in this method the manipulation security of a data transmission no longer depends on the used protocol (eg Internet Protocol) of the data connection, but is constantly protected by the security code code KODE of the data loop.
  • Another EVENT APPLICATION is to use the GPS system of a cell phone so that when a data loop of two cell phones, e.g. As a stopper and a motorist, the km state of the motor vehicle is transmitted as data to in the realization of a carpool, the server this data in the data link, in addition to important information about the data (insurance, etc.) of the roving stopper to transfer. Whereby the passenger wants to send an SMS of his destination to the central office (or the corresponding server), which receives the location of the passenger, and so can communicate to all car driver members, who drive the way the hitchhiker wants. Motorists can also enter their destination (option). When leaving the vehicle, the status of the identified data link again sends the km status to the servers. In this case, both the motorist and the passenger in each case the same server (he also optimized the riders desired routes) under call different numbers with their mobile phone. The file transfer of the km booth to the mobile phone (eg the cell phone of the driver) is z. B. realized by a blue tooth interface.
  • ANOTHER EXAMPLE TO EXPRESS AN EVENT LINKING:
  • If the cell phone z. B. used for payment at the pump of a gas station, then the user can only pin when he formed the corresponding data loop with the server for a short time via a corresponding coupling point, z. To a speaker of an IT connection at the pump) and the server has detected the co-transmitted mobile number of the server. In this case, a possible callback of the server for verifying the number can also be done by an SMS that displays the user a number that he then has to enter on the keyboard of his mobile phone during the telephone connection to the server, or with existing SMS to audio converter, via the Mobile phone can also be sent back automatically. The same of course also applies to the optional use of a conference call, if an acoustic code of the server is sent back directly via the further line to the server.
  • If the user has fueled, then he repeatedly forms the data loop (with the IT connection dispenser), whereby the payment is triggered by debiting his account. In this case, via a (or the) conference call yet another bank server (such as 12c explained) are included in the data loop DS. In this case, there is the option that, in addition to the random code (KODE), another code in the data loop is added by the bank server in order to indicate to the filling station DS, with which the petrol station's accounting server is involved, from which account the amount will be transferred. The data of the billing server are then used again as a beneficiary (payee) by the transmitted code address and verified by the random code (KODE). The user can then request his bill via the WEB page of the gas station at home, which also includes his mobile number as a reference.
  • - Detailed description of preferred embodiments:
  • 1a and 1b illustrate the difference between serial ( 1a ) and parallel ( 1b ) Data loop DS, which refers to the loop test by the security code code KODE, including optional encryption. DS here symbolizes the terminals of the otherwise independent data paths 1 and 2 connected by coupling at the client (user). In the case of the serial data loop DS (see FIG. 1a ) is the encrypted by the SERVER to the terminal (= part of DS) of the data path 1 code in the relevant terminal (depending on the application in the terminal of the data path 1 and / or in the terminal of the data path 2) encrypted and sent back to the server.
  • Depending on the application, this encryption can have different purposes: If the encryption at the terminal of the incoming code signal KODE (here 1) and again a decryption of the outgoing code signal KODE (here 2), then a simple code comparison of the server outgoing code KODE with the recovered and yet a tampering is detected if the CODE (2) going to the server were sent back from another terminal (e.g., a telephone line other than 2). In this case, the incoming code 1 is encrypted in such a way that it does not correspond to any further code sent by the server, but remains identifiable for the server (which uses the same encryption algorithm). Thus, the server can determine exactly which subscriber is attempting, for example, to send the security code KODE sent by the server to the coupling of the terminals using a further message link via an unauthorized terminal in order to bypass the direct coupling DS to establish the data loop.
  • The same applies if only in the outgoing code signal KODE (here 2) an encryption takes place, which is decrypted in the server again, before the code is compared.
  • Another application is the already mentioned encryption of the security code KODE including further data and a digital signature.
  • An application example for a parallel data loop ( 1b ) is z. As the operation of a lock or a cabinet, or a safe, the z. B. via a mobile phone or a radiotelephone, which is located in the area of a home telephone exchange, should be opened. The lock is opened by a code that is sent as an SMS from the phone or mobile phone to the server in question, which then sends an Internet connection to control the lock or cabinet. To prevent hackers from operating the lock on the Internet, a backup is the preferred one Data loop DS, designed here as a parallel data loop provided. In this case, the security code is additionally transmitted from the server to the mobile phone and compared at the castle on the parallel data loop. At the same time, however, a serial data loop is also formed (previously for initialization), e.g. B. as shown in FIG 2 B in order to feed the code signal Tel = KODE transmitted from the server to the mobile phone via the coupling DS (here acoustically effected, for example) into the microphone of the lock (in this case CL). Whereby after a positive check of this serial loop (corresponding to 1a ), the server generates another random code, and as shown 1b forms a parallel loop, in the reverse direction of the previously transmitted in the direction 1b KODE's, which now corresponds to the direction 1. It is evident that by bi-directional data transmission over the data path 1 (that is eg the Internet connection IT) of the lock, the serial as well as the parallel data loop with the corresponding tests (and in principle any repetitions with differently generated KODEs) can be formed almost simultaneously. A listening to this castle, z. B. a garage door opener, would not be effective because the server generates the code as an arbitrary random code.
  • 2a and 2 B illustrate the two possibilities for the formation of the serial data loop by an acoustic coupling, wherein 2a the microphone of the telephone or mobile phone T is held to the loudspeaker of a notebook CL, which represents a WEB page via a browser, wherein the browser generates the acoustic tones of the data coding. In 2 B conversely, if the direction of transmission of the code KODE is reversed, the handset of the telephone or mobile T is held to the microphone of the notebook CL. The term IT refers to the data path of the Internet between client and server, where z. B. a notebook is used as a terminal on the user side (client); the term Tel refers to a telephone connection (landline or mobile) with a corresponding phone or mobile phone T as a terminal on the user side (client). TELCOM concerns the data paths to the server, whereby in symbolic representation the left half refers to the Internet connection, and the right half to the telephone network. The server is connected to the telephone network for each trunk line via an audio signal card, in 2a as input, in 2 B as output, or both (bidirectional).
  • Depending on the application, only the CODE and some important data (eg also encryption parameters, etc.) and acoustic security messages (voice announcement, etc.) can be transmitted via the telephone line Tel, or the telephone line Tel can also be used as a Type auxiliary channel can be used to (possibly bidirectional) Paramter to transfer, which supports the test / backup / encryption / the data transmitted via the Internet connection IT.
  • For a bidirectional connection is held (for the direction in which the server his audio signal via the telephone line Tel to the client), the handset of the phone or phone also to the microphone of the notebook, and the volume of the speaker of the notebook just turned on so far that the micro of the phone receives a sufficient sound level, which (because the server is also connected to the phone), on the WEB side of the user can be displayed, or the server by increasing the volume (if necessary, reduce again, if CL found) can automatically find. As long as the server searches for the pairwise assignment of the connections or scans (to determine which telephone connections Tel are associated with which Internet accesses IT), the transmission of the code signal KODE occurs (in the acoustic coupling variant) only in one direction by an acoustic feedback (whistle ) at client CL.
  • In the server all currently busy lines that have not yet been assigned, scanned as follows, with each new line occupancy of a telephone connection is set in each case a corresponding flag, which is deleted after assignment of the line connection again.
  • In this association, two independently operating processes (WEB pages, mobile-server connections, etc.) running, for example, on the same server through the preferred method can be performed via a telephone number, i.e., a telephone number. H. more precisely via an address of a line connected through the address (= telephone number) are linked together. This process can be carried out just as well over several networked servers.
  • In this case, the server which transmits the code signal compares the transmitted code signals (SO1, SO2,... SOn) with the returned ones (SI1, SI2) for all currently transmitted code signals (which are all not yet fully considered in this comparison) , ... SIn) in a pairwise comparison via a corresponding program loop design.
    Example: currently transmitted code signals: SO1, SO2, SO3,
    Currently received code signals: SI1, SI2, SI3.
  • Thus, with SO * in the outer loop (progressed) and SI * in the inner loop (progressed) is compared in pairs:
    SO1 / SI1; SO1 / SI2; SO1 / SI 3
    SO2 / SI1; SO2 / SI2; SO2 / SI3
    SO3 / SI1; SO3 / SI2; SO3 / SI3
    and the pairs SO1 = SI1, SO2 = SI2, SO3 = SI3.
  • SO1, SO2, SO3 ... are assigned, for example, the telephone numbers 100000, 200000, 300000 (which is verified by the callback of the server, or possibly decoded via the smart card of a calling mobile phone, or transmitted over the telephone network to the called server will, etc.), ie
    SO1 is sent to (or over) phone number 100000,
    SO2 is sent to (or else) telephone number 200000,
    and SO3 is sent to (or over) telephone number 300000.
  • The code signal is received back under the Internet addresses (here only symbolically) I, II, and III, whereby for example:
    at access I the code signal SI2 is found;
    at access II, the code signal SI3 is found;
    at access III, the code signal SI1 is found.
  • By substitution (via the tables created according to the program) we obtain the following assignments from access to the telephone number:
    Access I with all associated data information has the address or tel. No. 200000
    Access II with all associated data information has the address or tel. No. 300000
    Access III with all associated data information has the address or Tel. No. 100000.
  • As always, it is common that for the accessions I, II, III of the providers usually only temporary addresses are awarded. However, since during a session the data processing via the accesses obtains the direct assignment to the telephone numbers used as address (or key) (via which the data loop DS is respectively formed), the assignment at each session is also the case with constantly changing absolute addresses uniquely connected by the provider.
  • Before the loop, a kind of FIFO register is implemented in which the respectively newly added signals (as string vectors to be compared, or pointers to SO *) are written, and if the returned signal SI * a transmitted signal (to which the pointer shows) respectively corresponds to be deleted from this register again (or be controlled by markers). The signals SO * which are compared according to the sequence of their occurrence or their generation in this way are therefore never unnecessarily compared several times, whereby the comparison loop (s) construction is not unnecessarily utilized. Moreover, such statistical comparisons are state of the art of programming.
  • As doing the comparison itself, in the decoding of z. B. as a string of frequencies of an audio signal coded KODE's (for acoustic coupling via DS) is made, will be described in more detail in an example below.
  • Another example is that the user pays for a movie ticket via an ON LINE account, where he has formed the data loop DS when paying with his mobile phone, and the phone number of the mobile phone is read by the server, or assigned via the code of the data loop and / or has been tested. Thus, in the database of the server, the paid movie ticket is available under the mobile phone number.
  • At the box office (which can also be an automatic machine for card output on roll with printer), the user finds a support surface t ( 4 ) with a microphone (MIC), which is networked via a client computer with the web server, the mobile phone 2 with his earpiece HK on this bearing surface is hang up.
  • The user calls beforehand via his mobile phone a special number that connects to the web server or sends an SMS to the web server, which then decodes the phone number of the caller, asks the subscriber to hang up and then immediately calls the decoded phone number to over this Connection to the mobile phone to send an acoustic signal, which is sent back via the acoustic coupling DS via the microphone of the client computer to the server. If the server can not recognize the phone number of the calling mobile phone, it outputs an appropriate error message, eg. B. as Sprachansagetext with the request to disable the suppression of the phone number. One option is to use an SMS converter in the mobile phone, which converts a received SMS into an interface signal for data coupling (if telephone charges can be saved by it), eg. B. in the characters corresponding frequencies of a serial code, or in a serial infrared signal (or blue tooth interface, etc.). This converter can also include the sending of the phone number on the acoustic coupling of the mobile phone as another option.
  • By recalling the server, it is ensured that the user can not manipulate the payment purpose paid by him during the subsequent process (eg receives several movie tickets, even though he only paid one, etc.). In the same way, it is also possible to proceed if the user previously pays the movie ticket using the data loop DS formed with the mobile phone via his ON line account. Whereby also several mobile phones or even a landline phone can each be assigned to the same user, who then picks up the card at the cash register with one of these mobile phones. The coding of a relevant user's mobile phone or phones can basically be done so that one behind the other in the same session with the different mobile phones or phones the data loop DS is closed, their phone numbers are each assigned to that user in the database, to the already a number (a phone used in the data loops DS) is already stored.
  • As a variant to the SMS input of the callback number while the cell phone can still be modified, such that at the touch of a button or via the coding of a received via the data link initialization code, first the phone number of the phone via the coupling, which otherwise used to form the data loop DS is sent (via the microphone of the client computer) to the server (via the IT connection), which dials the phone after recognizing the phone number, so that the user accept the acoustically transmitted signal from the server and form the actual data loop on the coupling can. Where appropriate, the process is terminated by the server after a period of time, if the server does not receive the code KODE after a certain time. If a mobile phone contains an MP3 player, then it can also send a melody as coding of the telephone number (which the server subsequently has to dial) via the (eg acoustic) coupling of the data loop DS.
  • Via the data loop DS, the server checks the signal sent back to it via the (eg acoustic) coupling of the mobile phone to the client computer, with which it was sent to the mobile phone in order to be able to determine the assignment to the mobile phone again. As always, the acoustic coupling could also be reversed, z. B. from a earpiece of the support surface in the microphone of the mobile phone.
    • • If the option is used to pre-send the server the telephone number of the mobile phone via the IT connection, then the scanner process is unnecessary since the server no longer has to search for the IT connection.
  • A detailed example of the coding of the test and / or recognition COD for acoustic coupling transmitted via the data loop DS will be explained below.
  • Example of the Creation and Recognition of a Coded Signal Encoded as an Audio Signal: In this example, the serial coding of the KODE signal is performed so as not to be noticed at all as a coded signal by using any melody, or a voice prompt, etc. as a detection signal. and this can also change constantly from use to use, so that at each log-in another code for detecting the data loop DS, or for detecting the location affiliation of identified by the formation of the data loop terminal pair (eg phone or mobile phone T to Internet client CL or mobile to mobile phone) can be used.
  • The processing of the code KODE is done in such a way that a short piece of any desired tune is analyzed by the server with Fast Fourier Analysis (FFT) software to obtain the frequency spectrum associated with this section as a function of time as a recognition pattern. Not all frequencies must be used for the subsequent detection, but only those within the transmission bandwidth of the telephone channel used for the data loop DS frequencies that are stored as a recognition pattern of the KODE signal. Or it will be z. B. only uses those frequencies in which a clean assignment to tones of a scale is given, d. H. which are not directly on the border to another sound detection, etc. Whereby this limit can be arbitrarily different depending on the application (detection of the frequency-time pattern of a melody or a computer voice announcement).
  • For each stored frequency value (as a result of the FFT), the time value of the time duration is also stored, which elapses in each case until the next frequency value used in the recognition pattern occurs.
  • Conversely, in the examination of an incoming audio signal after the recognition pattern, the audio signal is first analyzed again with an FFT, wherein in the character-by-character check (see the following explanation) the time intervals between the characters are also checked and evaluated within a tolerance window.
  • The characters then correspond to frequencies that must correspond to a certain amplitude value (relative to the maximum value). Both the time intervals and the amplitude values are then provided with corresponding tolerance windows within which they are tested.
  • Example: z. B. the beginning of the played in D major melody Silent Night, Holy Night issued by the server as a code and analyzed on receipt by the FFT, then we get here z. B. as musical notes (the octave concerned) the following decoded frequencies:
    a, h, a, fs; a, h, a, fs; e, e, cis, d, d, a
    wherein the time values t * between the decoded frequencies (or here tones) are associated with the recognition pattern associated with. The frequencies detected via the FFT within a given tolerance grid then give the indicated notes.
    a (t 1 ), h (t 2 ), a (t 3 ), fis (t 4 );
    a (t 1 ), h (t 2 ), a (t 3 ), fis (t 4 );
    e (t 5 ), e (t 6 ), cis (t 7 ), d (t 5 ), d (t 6 ), a (t 7 );
  • Thus, once the portion of the music playback is stored for output by the server and, moreover, the associated recognition file, e.g. B. is stored according to the above example (to compare the data returned via the data loop DS KODE).
  • When closing the data loop DS on the client side by the user (by holding the telephone / mobile phone to the speaker or the microphone of the computer), the server receives the output audio signal via the connection made at the interface computer / telephone back again. If the KODE on the terminals of the client side before sending back to the server are still encrypted, then this can be z. B. by transposing individual tones or the entire piece of music done.
  • If necessary, the music playback contains a variety of other sounds, or frequencies that are not included in the recognition pattern: For example, tints (in a violin, etc.) or above all, additional noise, via the open acoustic coupling to the interface computer (client ) / Telephone, and stand out in quiet places or in pauses.
  • This circumstance is particularly taken into account in the particularly preferred development of the recognition method, whereby the method is thus characterized by a conventional character recognition, for. For example, the recognition of a $ string differs as follows:
    For example, from any input string (eg, $ string = "g, a, h, a, g, a, h, a, f"), the string should be recognized according to the predetermined pattern "a, h, a, f" Then, according to the usual method, for each incoming character ZE of the input string, the predetermined pattern ZM character by character is compared as comparison result VGL as follows:
    • 1) ZE = "g" ≠ "a" = ZM results in VGL = no, ie reset of the pattern string ZM to the first character "a" for the next comparison,
    • 2) ZE = "a" = "a" = ZM returns VGL = yes, ie pass on ZM to the next character;
    • 3) ZE = "h" = "h" = ZM results in VGL = yes, ie switching from ZM to the next character;
    • 4) ZE = "a" = "a" = ZM returns VGL = yes, ie pass on ZM to the next character;
    • 5) ZE = "g" ≠ "f" = ZM results in VGL = no, ie reset of the pattern string ZM to the first character "a" for the next comparison,
    • 6) ZE = "a" = "a" = ZM returns VGL = yes, ie ZM advances to the next character;
    • 7) ZE = "h" = "h" = ZM results in VGL = yes, ie switching from ZM to the next character;
    • 8) ZE = "a" = "a" = ZM returns VGL = yes, ie pass on ZM to the next character;
    • 9) ZE = "f" = "f" = ZM returns VGL = yes, where ZM is recognized as the last character of the pattern string, ie the string was successfully recognized.
  • Thus, with the steps 6) ... 9) the character string a, h, a, f contained in the input string is recognized.
  • In the conventional methods, therefore, for each incoming character of the input string, the pattern string is checked character-wise in the manner shown, ie, continue the pattern string if the character has been recognized, or return to the first character of the pattern string if the character has not been recognized to restart the exam. Likewise, if the pattern string has been incremented / checked to the last character, the output will be the recognition of the string to be examined, which may occur within any portion of the input string.
  • If one were to apply this method to the examination of the incoming (into the server) audio signal analyzed with an FFT (or through filters), then the problem would be that despite the correct sequence of tones corresponding to the recognition pattern, the pattern string is not limited to that last comparison sign would be continued, but would have been reset beforehand, because between the right sequence of tones the FFT further frequencies, or tones (as in the transition of the notes played with a violin, or a vocal, or by ambient noise at Pianissimostellen or pauses , etc.), which are included in the input string S $ tring, but do not occur in the pattern string. To avoid this, takes place before each implementation of the above comparison method, here in each case by the comparison steps 1 ... 9, in which by the usual method, the character by character comparison of the currently currently arriving character ZE (the input string S $ tring) with the Depending on the previous comparison result in each case currently incremented (incremented) or made to the first character characters of the pattern string ZM is made, the previous check whether the currently currently arriving character ZE of the input string $ string is ever a valid character. This is the case when it is included in the set of characters of the pattern string as a single character ZM.
  • In the program, this is realized by checking for each new incoming character ZE of the input string ($ string), within a loop, all characters contained in the pattern string, whether one of these characters corresponds to the newly incoming character ZE of the input string ($ String). If this is not the case, then the procedure is as if no new character ZE of the input string $ String had entered at all. On the other hand, if a character is recognized as being in stock in the pattern string, then the test method is performed according to the comparison steps given above.
  • In this way, the server can detect whether the recovered audio signal corresponds to the transmitted, whereby the location affiliation of the terminal pair used to form the coupling, or data loop DS (eg, coupling between IT computer and telephone connection, or from mobile to mobile ) is displayed to the server.
  • The checking of the time periods lying between the respectively valid incoming characters ZE of the input string ($ string) takes place in coincidence with the check as to whether ZE = ZM, whereby the time value (to the previous character of the pattern string) is also checked for ZM. Therefore, ZE (t *) = ZM (t *) is checked.
  • t * ... is evaluated in a corresponding tolerance grid in order to obtain reliable results (that is, whether t * lies between tmin and tmax).
  • If the test results in a wrong result according to the measured time value t *, then this result is also considered to be false even if ZE = ZM matches. H. rated as ZE ≠ ZM.
  • It is evident that instead of a tune, the frequency spectrum of any voice prompt can be used for the coding / decoding of the check code (KODE), or any audio signal can be used. In this case, it is advantageous for the generation of the code signal if an audio signal source (MP3), etc., which can be controlled by its control signal in its playback speed, can be used, which can change the playback speed while maintaining the pitch (frequency position). The coding takes place at frequencies selected from the spectrum of the audio signal with the time duration t * after which the next selected frequency ZM (t *) occurs, or switching algebraic combinations (eg, or function) of several frequencies of a spectrum ( as a frequency pattern) to form the value ZM (t *), respectively. The control signal of the audio signal source (MP3) then varies the tempo so that z. B. over the speech duration of vowels, each set between a pair of values ZM with subsequent ZM each time period t * is set in their desired duration, then with the value ZM (a frequency or a frequency pattern) in coincidence in each case a serial element of the serially encoded test codes CODE forms.
  • In addition to the following 6a and 6b explained time measurement for determining a bypass attempt of a local terminal in the formation of the data loop DS, this can also be avoided via a continued on the terminals encryption of the guided over the data loop DS code KODE, possibly to the illegal interposition of an inserted into the data link DS link to recognize. Another alternative is to detect such a case by bandwidth measurement. This option is based on the further inventive concept of constantly varying the frequency spectrum of the audio signal used for the coding of the code signal KODE according to a time function, and correspondingly evaluating the returned spectrum. Since the usual automatic level correction (gain control) in telephone networks, or data networks, over the average level of the signal is controlled, so the frequency-dependent attenuation of the transmission line can be measured. In particular, by a made between the terminal devices used for the coupling of the data loop DS bandwidth measurement, which can be made in addition to, or in addition to a made between the terminals encryption.
  • Option: In order to determine in the server, for example, whether only approved terminals are used for the formation of the data loop DS, it is provided in this case that the server adds a harmonic component transmitted via the network to the audio signal (see signal via telephone line and mobile phone network Tel in 10 ), wherein the authorized terminal (here the phone) then the harmonic content from a certain frequency (via a low-pass filter TP) filters, the low-pass TP not constantly, but a serial data signal corresponding (coded) keyed (via mod, 10 ), here by selectively switching the output of the low-pass filter or the direct (non-filtered) line respectively to output the audio signal via the telephone or mobile handset (from TL) and to the client CL's microphone (from A to B) ) via the acoustic coupling. In this case, in addition to a start-stop method, for example, a modulo 2 method can be used to modulate the data on the harmonic content in the signal. The client CL sends back via the Internet IT or using another mobile phone as a client, via the other mobile phone connection, etc., the modulated signal in the harmonic content (IT), whereupon the server by decoding the missing harmonic components (compared to the originally sent Signal Tel) demodulates the serial signal, and from it the authenticity of the device used in the data loop (here A) recognizes. Furthermore, however, the server can also determine whether a data line is connected between the telephone or mobile phone (A) and the microphone of the client CL (here B) by measuring the attenuation.
  • This measurement is most easily made for the given example of Freufquenzkodierung so that the server also makes when transmitting a further manipulation of the harmonics; at relevant points, which do not affect the previously explained data signal, or at the decoding of the data signal, these points are then not evaluated. This manipulation of the harmonics takes place in the server also by a controlled according to a time function in the limiting frequency low-pass filter.
  • When the audio signal used for measuring the bandwidth is restored, the audio signal is analyzed by filtering in the server via an FFT. Thus, different harmonic components are obtained over the time course of the signal. In the audio signal received back, an evaluation is made as to how the broadband part is attenuated over the line in relation to the less wideband part of the audio signal in order to obtain a statement about the bandwidth of the line.
  • The described decoding of a recognition pattern within an arbitrary audio signal section can also be carried out such that for each currently received character ZE (as a frequency detected via the FFT) of the input string sequentially alternately switched several different pattern strings (with respective switching of ZM1, ZM2, .. ZMn) can be tested. Wherein some pattern strings encode the section (beginning / end) as a control character, in which the part of the audio signal for the bandwidth test is, or dito in which is the part of the audio signal corresponding to the code to be recognized.
  • The method described is suitable for any type of analog interface, in addition to an acoustic coupling for an infrared coupling, etc.
  • For a solely digital evaluation of the signal transmitted via the data loop, for a preferred variant during the transmission of the code (KODE) via the data loop DS from one terminal (A) to the other terminal (B), immediately ( 2a . 2 B . 5 ) or via a third party device (cf. 300 in 3 ), encrypted in a terminal (A) approved for the transmission and further encrypted in the further terminal (B), such that the server can carry out the further decryption upon receipt of the code (KODE). The server uses the encryption parameters in both directions (corresponding to a parallel loop 1b ), the terminals can pass each. In this variant, however, the statement as to whether the data loop DS has been manipulated is bound to the terminal returning the code (KODE).
  • 3 will be explained in more detail later and shows the basic possibility of networking multiple servers (here Server I and Server II, in prinizip, however, in any number), over which the preferred data loop DS can be closed. Each server can send its own code CODE (1), CODE (2) via the loop DS, which can be manipulated with different priorities in the servers, as well as at the coupling point DS by encryption / decryption as needed. For example, as will be explained in more detail below, certified applications, such as notarial filing as evidence of sent emails, or any other sent and provided with a digital signature digital contracts, etc. to deposit. And above all, as evidence of the time, sender and recipient, since this data in addition to the content, which can be properly assigned to the signed by the digital signature, this data, if necessary notarized by electronic means to deposit.
  • In 3 Furthermore, the option is shown, the coupling loop DS, here between mobile phone and client CL (eg, a standard Internet connection) via a blue tooth interface (HF) to realize, with a clock ( 300 ) is connected with appropriate blue tooth (HF) interface in order to possibly loop through the data in bidirectional data direction. The looped data is then further encrypted or decrypted in the clock as needed.
  • 4 relates to an attachment plate connected to an Internet connection or to an IT computer, with a microphone MIC, optionally also with an infrared interface IF, to a mobile phone 2 with the earpiece HK against the microphone MIC, or optionally to match the infrared interface b of the mobile phone hang up. The component MONO relates to a possibility for automatic switching from acoustic coupling to infrared, as will be explained in more detail later. to 12a ).
  • In 5 the data loop DS is closed via 2 mobile phones (each micro MIC directed against earpiece HK) via an acoustic coupling. In this case, the additional option is provided to insert a third party device (MIC ext., LS) in the acoustic coupling with the third device in addition to a notebook can also be a very small self-sufficient device, and has a fingerprint sensor to a digital signature in the transferred code KODE. It is evident that even a fourth external attachment could be used, one for each cell phone (held right and left). The individual links to which several devices or device pairs are involved at the coupling point DS are then separated by time division / half duplex (even after a forced sequence in which the order of the blocks sent by different devices is firmly defined or previously agreed by protocol) , or by filter means if full-duplex) with respect to their message content.
  • The following example concerns the use of several servers: cf. to 3 . 13a . 13b , also 33 and will be discussed in detail in the later part of the description. In addition to the certification applications already mentioned, this also concerns the possibility of initializing a server by telephone call, that if necessary, he also calls web pages registered under the telephone number via a further auxiliary server and places them in a carrier web page to which no specific content is assigned which is only used as a general data channel (eg of a provider) is copied. Although the authorized user can determine the authenticity of the page via the preferred data loop DS, the provider can remain anonymous. This authenticity check can also be tested by retrieving further information from other anonymous WEB pages using the preferred data loop DS.
  • Another example, which will be explained in detail below concerns a notary seal with a chip, which von Rolle ( 15 . 16 . 17 . 18 ), and continues to be involved in the process of using a preferred application of data loop DS. For this purpose, a suitable interface device is still provided (see also later 17 ), which is executed as a stamp and can be placed on the chip seal to make the digital signature of a document, which is also available as a document (eg in a notary) for a layman verifiable, ie for the first time there an indissoluble link between a document signed with a digital signature and a hard copy document corresponding to the digital document, this indissoluble link being formed by a stamp movement (of the device according to US Pat 17 ) is verifiable.
  • The following example relates to a variant in which a conference circuit is used to form the data loop DS and will also be discussed in detail in the later part of the description in detail. In this case, this application relates to the possibility with the same phone or phone to make the data loop DS simultaneously using other connections, eg. B. to settle a guided for a specific area code phone conversation not through the contractor of the subscriber (TELECOM, etc.) but directly with the subscriber, where instead of the otherwise used Kodenummerneingabe (proof of payment) closed the data loop on the server of the relevant telephone company is used to make use of the closing of another data loop (via the conference call) from a balance previously paid for using another data loop DS or a mobile phone from an ON LINE account of a bank. Ie. All processes are here by the mobile phone number, or possibly by another digital signature that can be made with an additional device, marked and can be assigned in different databases (via different server processes).
  • Another example shows 12b : Via a mobile phone, which has a conference call function, in which 2 connections (Tel1, Tel2) can be dialed simultaneously (the selection of which may optionally be triggered simultaneously via the telephone directory at the touch of a button), the user sends an SMS via a standard mobile phone connection , or dials by direct dialing (Tel1) the server of the bank, which decodes the phone number of the mobile phone via the SIM card in the mobile phone, and opens a connection which, if the procedure is not continued, after a measured timeout with a demolition by the Server is terminated. This timeout is a retriggerable function that is always extended (re-triggered) as the procedure goes one step further. The second connection of the conference call relates to the connection between the mobile phone and the client computer (client IT), for example, at home or in the office of the user, and is constantly accessible via the mobile phone connection by the user (via a suitable interface). The interface of the client computer (client IT) also realizes the time-out monitoring for this connection and is designed so that it has a telephone number decoding to recognize the call of the user's mobile phone and to decode. It is evident that the client interface of the client computer (client IT) with its minimal functions can be installed in a landline telephone and has a corresponding cable connection or blue tooth connection to the client computer (client IT).
  • If a call (ARU) is detected by the user's mobile phone from the interface, then there is an initialization signal to the switched-on computer (client IT), or if the computer should not be turned on, then a wake-up signal from standby in the operation, or a power-on signal to boot the computer and then call a relevant software. When calling this software, the computer takes an Internet connection IT to the server of the bank, which decodes the provided user identification (user ID) and then sends the randomly generated check code (KODE) to the client computer (client IT), which in turn via the telephone connection to the mobile phone to the mobile A transmits, and the mobile A via the conference circuit, the test code (KODE) sends to the bank server, which thus has the ability, regardless of the user ID of the client computer (client IT) Check authenticity of client machine and mobile user. The manipulations of the check code (KODE) proposed in the present invention can be performed optionally by the devices located in the serial data loop DS (client Rechnet, mobile phone). In particular, the KODE initialized by the server can also run through the data loop several times, and be manipulated accordingly in each pass, eg. B. by the mobile phone, a digital signature is added, with which the initialized by the server CODE is marked. The described variant could be carried out in Prinizip also without a conference call by the individual telephone connections Tel1 and Tel2 not simultaneously selected by the mobile phone, but sequentially, with respective caching of the code, but then can not the direct security dependency of a remote control function by the Mobile phone started client computer server connection to the server of the bank (via IT) can be achieved, as in the direct conference call with the many possibilities. If the server has recognized the authenticity of the mobile phone user, the phone number of the mobile phone, and client computer client IT, then the client computer starts the amount of money specified by this connection from the mobile phone (as a character or also sent SMS, etc.) from an ON LINE account to another account, of which B. a service is paid. Whereby, in that here the mobile phone user also has a direct connection to his computer, he z. B. the amount of money, or any other data (bank account, beneficiary, purpose of payment, etc.) first via SMS (at the initialization ARU, 12b ) can send to the client computer (client IT), so that he can use the corresponding data in the standard form of the bank through his software.
  • The circulating code loop DS makes it possible to verify the authenticity of each device in the loop by the device in question changing the code and verifying the change after receiving it. It is evident that instead of the mobile phone and a landline phone can be used, the user then z. For example, enter a long pinkode and a pre-set transfer code using the keypad to make an ON line transfer from your home PC. Thus via the data loop DS the home PC works comparable to a remote control (= telephone) controlled PC.
  • Example: In 12b the device interfaces of the devices mobile phone, SERVER BANK, client IT, located in the serial data loop DS are denoted by A, B, and C:
  • Step 1: The code (KODE) sent from C SERVER BANK (interface B) and returned from A to B is compared in the SERVER BANK (interface B) to check the authenticity of B and C;
  • Step 2: The code (KODE) circulating in the serial data loop DS is manipulated in the client C and, on receipt, the previously made manipulation in the client C is checked in order to check the authenticity of A and B;
  • Step 3: The code circulating in the serial data loop DS (KODE) is manipulated in the mobile A and checked the previous manipulation in the mobile A upon receipt, to check the authenticity of C and B.
  • Thus, all subscribers within the serial data loop DS can check the other subscribers for authenticity. It is of course also possible to carry out the steps 1... 3 at the same time by generating, according to a controlled protocol, each of the 3 devices A, B, and C its own self-sufficient code KODE_A, KODE_B, KODE_C, which can optionally be determined by an agreement. from the other devices can also be manipulated (option), which are set by a corresponding protocol these code elements KODE_A, KODE_B, KODE_C in corresponding time window, or block positions.
  • In 12b At the server interface B, the line option is still drawn in order to symbolically indicate that the generation, checking and assignment of the codes KODE sent out and received by the server can take place via additional hardware and software without changing the previous server software. The actual software for an ON Line account will then only be extended by queries provided by the add-on package (to stop the transaction in the event of a fraud attempt, etc.).
  • 12c relates to the realization of a telephone call, in which a connection server can be called by a mobile phone to make a direct dial connection, which can also concern the forwarding to another trunk (Tel1, Tel2). It is shown by dashed lines, that even for such a connection, a use of 12b explained conferencing advantages, once to charge the account for the payment of such a service, and further still, in order to transmit the connection data, immediately via IT the home IT-computer (client-IT) from the linked server, etc.
  • Another example 12c (Bank server option): If a bank server (parallel to connection Tel1 of the connection server) is selected in the conference call for the mobile phone connection Tel2 instead of the client computer (of the user), the procedure is such that the bank server uses the connection number ( also direct dialing) an Internet connection IT to the connection number (or direct line) appropriate connection server builds up, if such should not yet exist.
  • The code (KODE) generated by the bank server and routed via the data loop DS (linked server / client IT / mobile phone) is first manipulated in the linked server according to a specific algorithm, whereby this manipulation is checked in the bank server (according to a protocol agreement, which uses the Internet connection IT can be made). Only if this test is positive, the code is further manipulated in the bank server, which is recognized in the next pass of the loop DS in the linked server to the connection dialed via an extension number of the phone (via the network connection Tel1) (Tel1 ... Teln) actually dial. What is missing if the check of the code (KODE) in the bank server (in the previous first step) or in the linked server (in the current second step) negative.
  • According to the charge clock received for this connection, this information is included in the further code that is sent by the linked server to the bank server (via IT), the bank server immediately deducting the currently incurred fees from the user's account, or for cover reviewed. In this case, the bank server via the Internet connection IT, the connection switched by the connection server (Tel1 ... Teln) immediately stop if the conversation was no longer covered. Similarly, the user may consider a telephone billing account as the second account to limit the charges incurred. The user can then query the costs of the call via his ONLINE connection to the bank server or via SMS. After establishing a connection (Tel1) between the mobile phone and the connection server, no control data must be transmitted via the call line during the call. Thus, this method of real-time charging of call charges from any on-line account (server), controlled by an independent connection server, in any mobile connection as a third party for connection establishment (Tel1 via linked server) and as a fourth party for debt collection (bank server) can be integrated. Via the telephone call (Tel1, Tel2) by the user's mobile phone, the recording of the Internet connection IT between the two servers is initialized by a corresponding protocol between the connection server (SERVER) and the bank server, whereby all necessary protocol and security check data, such B. for the manipulation of the circulating over the data loop check codes KODE be agreed to agree between bank server and linked server manipulation and testing rules. Dito will also transfer the fee. The assignment of the data can then independent fixed addresses exclusively under the over the data loop DS and the test code KODE assigned, and on the call of the cellphone given, or possibly still checked by calling back to the phone still checked phone number.
  • After this brief preview, on the following pages of the description the examples mentioned under the further designation example 1.0 to example 10 under further use of the 11 to 38 be described in more detail.
  • In the further appendix at the end of the description of the other examples, then a list of characteristics is also indicated, which summarizes the invention in 251 features (feature 1 to feature 251) in order to further emphasize the particular performance of the invention.
  • Further detailed examples: (partly also summarized from previous explanation):
  • Example 1.0:
  • 11a and 11b illustrate the principle for establishing the acoustic coupling loop between IT networked computer (client CL) and telephone set T. In this case, the arrows of the transmission paths illustrate the transmission direction of the audio signal. In both variants, the server selects the phone number of the client (telephone or mobile phone T) on request (pressing a button) of a relevant WEB page. However, this can also be associated with a password entry or the entry of a change from session to session transfer number. Only after successful entry the server selects the telephone number of the user.
  • In 11a the microphone of the telephone set T is held to the loudspeaker of the IT networked computer CL, in 1b the handset of the telephone set is held to the microphone of the computer CL.
  • TELCOM is the Telecom network complex via which the computer CL obtains its Internet connection IT to the server of a provider, ditto the associated telephone connection of the user is selected by the server.
  • In some of the previously explained examples, it is important, in addition to other security applications a connected to the Internet via a provider IT computer (or client computer, etc.), which usually gets assigned only a temporary address, by a server that z. For example, a WEB page on this computer via its browser, as belonging to a terminal of another network (eg., A phone, mobile phones, etc.) to recognize. For this purpose, the terminal of the other network, z. B. the phone a telephone connection, called by the server in question, the server, for example, via the speaker output of the device used to display the website (client computer) sends an acoustic code signal (melody, etc.) that he over the called telephone connection (acoustically coupled ) receives and checks whether it is actually sent to him by the relevant WEB page code signal and evaluates the assignment of the WEB page concerned to the phone number used for the call as a passed security check only in the case of a positive result. In this case, the method can also be applied vice versa by the server sends the acoustic code signal to the earpiece of the mobile phone via a telephone connection, the code signal via the client's microphone Calculator acoustically coupled and sent back to the server. Furthermore, the phone can also independently enter the phone number into the microphone of the client computer acoustically coupled with.
  • Example (s) 2.0:
  • In this example, should without technical ancillary equipment, d. H. without a special service using these ancillary facilities, a mobile phone capable of being charged in advance or immediately before payment will be made available, allowing the deposit to an account via an on-line account at a basically arbitrary place (locally if necessary) the payee) and at the place of the payee directly by the phone over the telephone line, or phone number, this payment can be detected.
  • By using a server, or with this server networked terminal, the preferred data loop is formed via the phone as a temporary coupling and by a guided over the data loop code signal the previous transfer (payment) is detected or upon receipt of the purpose of payment (goods, service ) is booked (via the networked cash register or a vending machine, etc.). Of course, it does not matter whether the preferred data loop for identifying the phone number of the mobile phone, the previous payment via an on-line transfer or a cash deposit (eg, at a bank counter, cash register, etc.) is done.
  • This technical problem with the associated solution can be applied to several variants, some of which are described below under the names A, B and C.
  • Application A:
  • In this application, we have a station for charging a sum of money, z. B. on the access of an online account of a bank (or even a cash deposit), this charge can be assigned to a single, each directly payable invoice of the beneficiary or even a variety of future services to be provided different account holder. And we have a station to pay, where the phone serves as a bearer of the security code, which is defined when charging and assigned to the relevant phone number of the mobile phone and is delivered by the user of the mobile phone as a means of payment via the further networked terminal of the payee. Likewise, this method is with a in the payment using the WEB page, which relates to the payment, created code, which is to be delivered by the user to the payee, so that he can allocate the amount already paid during the deposit him to the depositor.
  • For this application A, therefore, the membership of the WEB page called up by a user and the telephone number of a mobile phone is used for the user to identify himself as a payer with the payee. Or technically expressed, the smart card of the mobile phone with the associated phone number is used as an address to allocate paid to a specific account of the payee amount to the payee.
  • The advantage of the system is that no service, in which a deposit account of the mobile operator must be present, is required and that the server, which handles the payment made by the mobile phone through its software, completely independent of the operator (or the provider communication) of the mobile phone network used for payment.
  • The independent server controlling the processing of the payment transaction is assigned to the web page concerned with the payment and is therefore also referred to below as the web server. In this case, this web server can be directly the server on which the relevant web page is running, or even relate to a separate service that offers this service for a variety of different providers, etc., such. As server of a provider, etc.
  • Example: On the web page of the web server z. For example, cinema tickets are offered which the user not only wants to order, but also wants to pay immediately, so that he can pick them up at the cash register immediately before the performance (or even shortly after they start).
  • For this purpose, the user proceeds in the following order: For the called WEB page, an assignment to the phone number of a mobile phone is made, this in the two variants, user calls the server or server calls the user. In the first variant, the user gives enter his telephone number into the web page (eg, via the copy clipboard), whereupon the web server calls the user to send back the acoustic signal sent via the WEB page and the speaker output via the microphone of the mobile phone to the server the server assigns the relevant telephone number to an expected payment receipt for this access to the website. However, if the WEB page is left again without the expected receipt of payment being determined, then the assignment of this telephone number is deleted again.
  • In order to make the receipt of payment for a variable selected by the user on the website (for example, a particular movie ticket, etc.), the user calls his online account via the server of his in addition to the WEB page offering the cinema tickets Bank on, copies the bank account of the beneficiary with the on the WEB side further specified purpose of payment (in this example, the relevant movie ticket for the performance referred to) and further the amount with Drag &. Dropping (via the copy of the clipboard) or, where appropriate, this copy (of inserting the data into the bank transfer form) also via a standardized format of additional software supplied by the Bank to the user or via a service provided by the Bank's server, etc., which can only be done by a single click on a corresponding button of the relevant WEB page. The user then sends the online transfer form to the bank's server. The server of the bank recognizes at the beneficiary (payee) the associated web server (directly or via a database, etc.) and reports directly to the web server the receipt of payment, mentioning the beneficiary, the purpose of payment and the amount.
  • This incoming message sent from the bank's server to the web server is assigned by the web server to the website via the specified beneficiary and the payment purpose of the previously checked telephone number. As a result, the phone has been charged for this process. It is evident that the user can do this for many arbitrary operations with the indication of the purpose of payment. For example, he has ordered a pizza, or he intends to go to the cleaning, or to visit various shops, etc.
  • In one variant, the special case (as an option) is provided that the software of the bank, or the server in question, via which the customer makes the transfer of his on-line account, also linking the phone number with the preferred method a mobile phone worth charging up and this phone number is included as a purpose of payment in the database. If the web server asks the bank server regarding the payment, then he can allocate the deposit to the account assigned to the web server without explicitly stating the user's purpose of payment.
    • - D. h. by the preferred use of the data loop using a code signal, two WEB pages represented on the client computer of the user by servers operating independently of each other are linked with each other via the telephone connection or telephone number used in the construction of the data loop to the relevant WEB pages, so that from one form of a WEB page on the form and its data content of the other WEB page by the server in question can be mutually accessed. It is completely irrelevant whether the WEB pages linked together by carrying out the method by the telephone number of the telephone connection used during the assignment (or formation of the data loop) are simultaneously displayed on a respective client computer, or individually independently of one another at arbitrary times It also does not matter which devices or networks or formats, etc. are involved. Ie. instead of WEB pages, any other formats of mobile phones, etc., can be linked to each other by the telephone number of a port used for general purposes. Also, instead of a telephone connection, another radio network with corresponding addressing device can be used for establishing a subscriber connection for networking, etc.
    • It is evident that, instead of two independently operating servers, two independently operating processes (WEB pages, etc.) running on the same server by the preferred method via a telephone number, ie more precisely via an address of a line connected by the address can be linked together.
  • In this case, the server which transmits the code signal compares the transmitted code signals (SO1, SO2,... SOn) with the returned ones (SI1, SI2) for all currently transmitted code signals (which are all not yet fully considered in this comparison) , ... SIn) in a pairwise comparison via a corresponding program loop design.
    Example: currently transmitted code signals: SO1, SO2, SO3,
    Currently received code signals: SI1, SI2, SI3.
  • Thus, with SO * in the outer loop (progressed) and SI * in the inner loop (progressed) is compared in pairs:
    SO1 / SI1; SO1 / SI2; SO1 / SI 3
    SO2 / SI1; SO2 / SI2; SO2 / SI3
    SO3 / SI1; SO3 / SI2; SO3 / SI3
    and the pairs SO1 = SI1, SO2 = SI2, SO3 = SI3.
  • SO1, SO2, SO3 ... are assigned, for example, the telephone numbers 100000, 200000, 300000 (which is verified by the callback of the server to which the code signal), ie
    SO1 is sent to 100000,
    SO2 is sent to 200000,
    and SO3 is sent to 300000.
  • the code signal is returned to the internet addresses (here only symbolically) I, II, and III, whereby for example:
    at access I the code signal SI2 is found;
    at access II, the code signal SI3 is found;
    at access III, the code signal SI1 is found.
  • This substitution (via the tables created according to the program) gives us the following assignments of access / telephone number:
    Access I with all associated data information has the address 200000
    Access II with all associated data information has the address 300000
    Access III with all associated data information has the address 100000.
  • As always, it is common that for the accessions I, II, III of the providers usually only temporary addresses are awarded. However, since during a session the data processing via the accesses receive the immediate assignment to the respective telephone numbers used as the address (or key), the assignment is unique at each session even with constantly changing absolute addresses of the subscribers connected by the provider.
  • Before the loop, a kind of FIFO register is implemented in which the respectively newly added signals (as string vectors to be compared, or pointers to SO *) are written, and if the returned signal SI * a transmitted signal (to which the pointer shows) respectively corresponds to be deleted from this register again (or be controlled by markers). The signals SO * which are compared according to the sequence of their occurrence or their generation in this way are therefore never unnecessarily compared several times, whereby the comparison loop (s) construction is not unnecessarily utilized. Moreover, such statistical comparisons are state of the art of programming.
  • Like the comparison itself, the z. B. is made as a string of frequencies of an audio signal used for acoustic coupling code signal has already been given in detail.
  • At the box office, the user finds a support surface ( 12a ) with a microphone, which is networked via a client computer with the web server, the phone with his earpiece is placed on this support surface.
  • The user calls beforehand via his mobile phone to a special number, which connects to the web server, which then decodes the phone number of the caller, asks the subscriber to hang up and then immediately calls the decoded phone number to this connection to the mobile phone beep to send, which is returned via the acoustic coupling via the microphone of the client computer to the server. If the server can not recognize the phone number of the calling mobile phone, it outputs an appropriate error message, eg. B. as Sprachansagetext with the request to disable the suppression of the phone number.
  • By recalling the server, it is ensured that the user can not manipulate the payment purpose paid by him during the subsequent process (eg receives several movie tickets, even though he only paid one, etc.).
  • As a variant, he can also be reversed way, in which the mobile sends a keystroke his own number as an acoustically encoded signal, which receives the server via the microphone of the client computer and dials after recognizing the phone number, so that the user dials the acoustically transmitted signal of the server can receive.
  • In both cases, the server checks the signal sent back via the acoustic coupling of the mobile phone to the client computer with the signal sent to the mobile phone in order to be able to determine the assignment to the mobile phone again. As always, the acoustic coupling could also be reversed, z. B. from a earpiece of the support surface in the microphone of the mobile phone.
  • The acoustic coupling of the mobile phone to the client computer, for example, by the bearing surface after 12a performed.
  • If the phone number already decoded by the web server during the call of the user is confirmed when the server is called back via the check by the transmitted code signal, then an associated confirmation signal is output to the client computer via the WEB side conducting the code signal to the server. For example, on the screen at a checkout the staff displayed, or possibly also issued to a machine as a command to print a ticket issued via a tear strip (eg, on the principle of a receipt printer) or directly right to open a turnstile, etc Or even a locker to open the removal of a DVD of an automated video store, etc.
  • The assignment to the purpose of payment is thus made here via the phone number of the mobile phone. The method is used twice, once for the assignment of the phone number of the mobile phone when transferring the amount of money to the beneficiary (web server) with the assigned depositor and the purpose of payment, and a second time vice versa on the phone number of the phone again the depositor with the Find payment purpose.
  • It is evident that using a common service server, which is networked with a plurality of web servers of different funds or even different providers, the phone can be loaded with a variety of payment orders. Or it can at the checkout z. Example, a phone number to be specified, which is to be selected by the user in each case to a payment process and which directly affects the special web server of the beneficiary, whereby a common service server is no longer necessary. In this case, after establishing the connection, the input of a password can still be requested (option), which the user could still specify when loading the mobile phone with the amount of money (transfer) on the WEB page.
  • A common service server is z. B. also makes sense if a complex additional service as additional security is still to be offered with, for. B. a voice recognition of the user who can repeat in this case also sent via SMS random text. Then there is a combined evaluation of the acoustic signal Textes, once via a text recognition, whether it is the SMS text, and once to an FFT analysis to recognize the voice.
  • Or by querying special data that are known only to the person concerned, via SMS, or by image analysis of the iris on the built-in camera (possibly with an extension provided by extending it lens, etc.).
  • Options for the code transmission for generating the actuation signal when redeeming the paid purpose. If z. B. a turnstile should be controlled for an access guard, z. As in a ski lift or a football stadium, etc., it may also make sense to connect the preferred method with the known method in which a clock is held by a sensor via which the opening function (generation of the actuating signal) takes place. The clock knows z. As in microphone or a earpiece or an infrared interface to allow between clock and mobile phone data transmission. Respectively. If necessary, the clock can also communicate directly with a PC via a data connection, so that the latter can write the digital receipt received as a data code when depositing directly into a memory of the clock, which in turn can be used against a respective interface Interface when redeeming the paid purpose with a computer and thus temporarily networked with a server generates the relevant actuation signal. The encrypted data will then contain the code issued by the WEB site when depositing on the online account.
  • Internal bank transfer for an instant transfer:
  • In the application C described later, the mobile is not charged, but it is immediately booked through the bank with each payment.
  • In this case, there is usually the problem when depositing on the account by the user that a payment can not be immediately determined because the bank in question, who receives the money this does not immediately good, or the bank server, who receives the order online Do not execute this order immediately. However, it is desirable that when charging the mobile phone with a certain monetary value, this process immediately, in real time to the transmission process, z. B. while in addition to the website of the bank, the relevant customer side of the web server is called in the user's browser, the web server from the initialization of this transfer process by the user "informed", or receives a corresponding message signal to the activation for payment the transaction via the identification of a telephone number to be able to make later directly, even if the amount transferred actually only two or three days later arrives on the account in question.
  • This is done so that the bank at which the user maintains an account for a payment order by the software checks whether the transfer is directed to an account associated with a respective (registered for that purpose) web server. Both the user account and the account corresponding to the web server thereby belong to a type (coded by a number range) which is recognized directly by the account number in order to accelerate this check. If this is the case, then the bank server first checks on receipt of the transfer order whether the amount is covered, if so then a reversal of this amount is blocked (until it is actually booked) and the web server receives a message immediately that an amount of that amount was irrevocably transferred with the payment purpose in question and the client in question (as the bank is unable to redeem the amount). With this message, the web server can then generate to the relevant record, which also includes the assigned mobile number, the subsequent redemption (against the paid item, or against the paid service) the release signal via the web server (to it at the cashier on the client Display computer, or even to generate the output signal for a networked via the Internet machine, etc.).
  • Application B:
  • When making use of the possibility of linking two WEB pages via a telephone number (which can also affect a landline in addition to a mobile phone), this has the decisive advantage for on-line banking that without an immediate connection the On-line Banking relevant web page to another software, which is called only when later pay, is required, the data supplied by this additional software can be linked with the data required for online banking.
  • This will be shown in the example described below in which the mobile is charged with a certain amount of money.
  • Example of a charging variant:
  • Overview of the servers and computers involved in the payment process:
    Cash Server: This server has access to transfer to a charge account, which corresponds to the current monetary value, which can be paid with the mobile phone as cash value. The cash server manages a load account for each user, but in practice it may also be a common account for all managed users, managed by a database that manages this account as if the user had a cell phone at each address Telephone callable account available.
  • Bank server: Corresponds to the server of the bank, through which the user can be transferred from his regular account through online banking an amount to the loading account. Conveniently, both accounts at the same bank to achieve faster transfer times. This is not a requirement.
  • Client computer: As a client computer, the server connected via the Internet to the cash server is designated, via which the payment is made by forming a data loop (from the cash server to the mobile phone and from the mobile phone to the server) with the mobile phone. In a special case, this client Calculator but also be a server, z. As well as the cash server, which forms the terminal of the data loop via another phone. Ie. the mobile phone used for payment is then temporarily coupled to the terminal of the client computer (here cash server) to form the data loop. Thus here in this case, the second mobile phone is practically used as a client computer (for acoustic coupling or also coupling via infrared interface, etc.).
  • Procedure for the monetary value of charging the mobile phone:
  • The user transfers a certain amount from his online account to the charging account with which he wants to charge his mobile phone. If he makes the transfer via an Internet browser on his computer, then he calls with his cell phone in addition to the bank server, which decodes the phone number and calls back so that the user on the data loop and the loop from the server via the phone and the Web Page of the on-line account (of the bank server) sent code can transmit to the bank server the number of his mobile phone. The bank server uses the thus decoded and verified telephone number of the user to give them as a purpose of payment to the transferred to the charge account amount, so that the payment can be credited to the phone corresponding phone number by the cash server. In the cash server, this telephone number is used as the address for the access of a mobile phone or user associated charging account, whereby the personal data of the user, as they are taken from the transfer of his account on the charging account, are specified.
  • Procedure for cash loose payment by mobile phone:
  • In order to pay without cash, it is sufficient to close the preferred data loop (from the cash server to the mobile phone via the link back to the cash server) on any terminal at short notice. This terminal can be either directly an Internet-networked input, or another cell phone that is connected via another phone connection to the cash server.
  • If the end device used is a checkout connected to the Internet or a client computer networked with the Internet as a checkout, or a (further) mobile phone that is used, for example, as a checkout, then the following protocol is appropriate:
    The price to be paid will be displayed on the device corresponding to the cash register (on the display), preferably also visible to the customer. The customer has (to avoid waiting times) previously called the cash server and sent via the dialpad an encrypted transmitted pin code to the server, which he can change, for example, via the WEB page when assigning his mobile phone on the preferred data loop as desired. With this PIN code transmission, the cash server decodes the phone number of the mobile phone (if this is not possible then it is canceled and the subscriber is requested to switch off the number suppression and dial again) and registers the call by entering a specific initialization status for this telephone number. Follows in this initialization status to this phone number another call of the mobile phone, which is done by simply pressing the redial, or can be made by an SMS, etc., then immediately a callback, in which the code signal from the cash server to the phone is sent.
  • The cash register sends over the Internet connection in addition to the transmission of the code signal for the data loop nor the money received in each case as amount to be paid, as it is also displayed to the customer on a display. In this case, this amount of money is directly associated with the code signal by the format used.
  • The cash server constantly checks all sent code signals. It is possible either to send the code signal from the cash server directly to the phone and get back over the Internet connection of the client computer, or to send the code signal from the cash server to the client computer and get back over the phone. Furthermore, it is still possible to replace the interface of the client computer for the formation of the data loop formed by temporary coupling via the mobile phone by another terminal, for. B. by another phone, which is connected to the cash server over the other telephone connection (this mobile phone).
  • If the cash server recognizes a transmitted and returned code signal as being consistent, then the software reads the telephone number which the server uses to establish this telephone connection and continues to decode the amount of money associated with the code signal (as displayed to the customer via a display on the cash register becomes).
  • The cash server sends via the recognized telephone number the account of the user which can be called up under this telephone number and checks whether the amount is covered. If so, then it will be transmitted to the mobile phone (via SMS or an alternative format) so that the customer can check the value to be debited and will then appear on the display. If only a smaller amount is covered, then in addition to this amount a warning message is issued (optical, acoustic, or amount flashes, etc.). If he is not covered at all, then appears as a zero with a corresponding warning message.
  • If the indicated amount is to be paid, then a defined key (eg #, etc.) of the mobile phone is to be pressed, if the amount is not to be paid, then another key is to be pressed. Where for payment can be inquired again and the key must be pressed repeatedly to confirm, the same may be provided for not paying.
  • The screen for the cash register networked with the cash server also displays the message when the customer has paid the amount. If he has paid less than the amount, then this is displayed with an alarm (eg the customer can pay the missing difference, which is also displayed at the cash register, in cash or otherwise, etc.).
  • Only when the customer has paid, whereby in case of a false sum the difference at the cash register has to be manually confirmed, the payment process at the cash register is completed as usual.
  • If the customer has confirmed the payment process on his mobile phone, the paid amount remains displayed on the phone until the customer performs another function, or the paid amounts can also be stored and displayed as phone numbers, etc.
  • The amount paid in this way, or the amount debited from the account of the relevant telephone number (the customer or user), may be canceled by the beneficiary within a short period of time during which the amount has not yet been transferred to the beneficiary. With usual cash payment this is possible by a special function (usually with a special key at the cash register). The same function is also possible here via the server access of the cash register. To this
  • For this purpose, proceed as in a payment and, except that instead of an amount to be paid, the amount typed as repayment by the beneficiary at the cash register, and sent to the cash server using the coupling, or data loop of the phone for the transmission of the phone number becomes.
  • The cell phone user then gets the well-written amount (which he can dispose of immediately, since he was not debited) on the phone with the note well written.
  • Furthermore, the mobile phone user, as usual on-line, can call the cash server to view his credit. Also cash deposits through a bank are possible in principle.
  • Application C:
  • The application C differs from the applications A and B mainly by the fact that the mobile phone does not have to be charged in advance, d. H. no pre-transfer by the user (the paid) must be made, but only the transfer takes place when the user makes the acoustic connection between the client computer of the beneficiary and his mobile phone, z. For example, when paying at a cash register of the beneficiary, etc. Where this is done for security reasons via a particular service server.
  • For this purpose, the user uses a mobile phone that can make a transfer from an online account, eg. B. a Java enabled mobile phone. It is provided for the input fields: beneficiary (or addressee of the payment), bank details (bank code and other required numbers, account number), amount and purpose of payment to provide an interface over which these information can be used automatically.
  • Where the amount and possibly (as an option) also on a receipt with specified payment purpose (store, date, even articles, etc.) is automatically used as Zalungszweck in the transfer. Of the possibilities given here, the following is for the sake of simplicity and Security is still preferred because all transfers are supported by a service server and the money transferred goes the following way:
    The service server can access accounts associated therewith via a robot, referred to as intermediate accounts. So that the transfer is not unnecessarily delayed, it is expedient that each of the most important banks such an intermediate account is opened, which is managed as all other accounts from the server of the bank. Although the user can transfer money to this subaccount, no transfers can be made from this account via standard online access, except via a secure connection via a landline telephone line, whereby a fast broadband connection can be used instead of a slow modem connection is still secured via the preferred method in addition to the usual encrypted data transmission. The necessary data loop for looping through the recognition codes then z. B. constantly switched.
  • And only on this secured data line, with which the service server is connected to the bank server, funds can be transferred to any other accounts of any bank.
  • If the user wants to pay with his mobile phone, then he first executes a bank transfer using his mobile phone to the fixed account account number provided intermediate account, which has the same bank account, as his account and the receipt of payment on the interim account by the server of the bank virtually no delay is reported to the service server. The user only needs to enter the pin number, further the amount and with a keystroke to transfer the amount of his account to the intermediate account (as fixed bank account).
  • The service server immediately determines this payment receipt via a direct reporting signal from the bank server (even if the amount has not actually been posted), and must assign it to the correct recipient because, for reasons of faster processing, the user only has one fixed account number, namely that of the intermediate account used to save the time-consuming entry of the bank details and account number of the payee.
  • The assignment of a no purpose of payment, without payee (ie without specifying the name or without specifying the bank account, or the account number of the actual beneficiary), and only with the fixed in the user's mobile phone for this payment function bank account and account number of the intermediate account on the Sub-account received amount is again using the preferred allocation method.
  • The cash register, or the client computer used as cash register, etc., of the actual beneficiary of the payment to be made with the user's mobile phone is networked with the service server, as explained in the example for application B for the cash server, whose function here the service server takes over.
  • Differences to application B:
  • The main difference to the application B is that the cash server only takes into account amounts that are actually already booked, while in this example, the service server already in the payment order with the user from his account a transfer to the intermediate account causes a message in real time and the bank server blocks this amount from further bookings (withdrawals and transfers) until it receives the message that the amount has been posted to the intermediate account. Furthermore, in the example of the application A is not transferred from a mobile phone, but usually via an Internet access through a computer, the amount to the intermediate account, or on the charge account of the mobile phone.
  • Another essential difference to B is the use of the accounts:
    The charge account used in application B, or the portion managed by the cash server for the user of the mobile phone (ie, the payee) under his telephone number, is to be regarded here as cash storage, which can be filled by the user by means of transfers or deposits, in order subsequently to be able to dispose of the amount as you wish, divided into any number of payments to different recipients (beneficiaries), whose account is transferred from this charging account controlled by the cash server.
  • On the other hand, the intermediate account used in application C, or that of the service server for the payee (ie the actual beneficiary), can be found under the phone number of the mobile phone (as they are Managed share is here to be regarded as already belonging to the payee and provided for security reasons in the payment via the data loop. Because only the service server, and even a secure connection, can access the intermediate account through the bank server. It is provided for each operation, which runs the software of the service server as a robot that serves the bank server via its online account interface, and a reduction of the amount on the intermediate account concerns to include the preferred data loop DS to authenticate the code signal the source of a software operation.
  • Ie. The method is suitable above all for identifying the source server that produces a WEB page, thus basically excluding manipulations via the name server (via which a WEB page is usually called or which generates the call address), etc ,
  • Similarities of application B and C:
  • As a comparable technical detail of these applications, the cash server in example B, like the service server in example C, performs the function for assigning the account of the beneficiary as the actual recipient account as well as the assignment of the debit from the payer (user). This assignment is made by using the method using the telephone number of the mobile phone used in the payment for making the particular data loop. Wherein, by finding the match of a code signal sent by the server and the returned code signal, the relevant telephone connection, which has established with its terminal (here eg a mobile phone) the special data loop for returning the code signal, which serves as connection key (or connection address). used telephone number of the relevant terminal (mobile phone) is identified by the server.
  • Note: Of course, the assignment of accounts made via the phone number of the mobile phone could also be made by direct transfer to the beneficiary's account from the payer's (user's) mobile phone. However, this has the disadvantage that the payer (user) would have to use each time the bank account of the beneficiary with the account number and the purpose of payment, which would be very time consuming. In the alternative, described method, he must only enter the amount after a keystroke, after calling the pin number, the form calls for the transfer, and send the confirmation after confirmation, similar to how he z. B. at an ATM can withdraw money. Only here is the chip card of his cell phone replaced the card for the ATM.
  • Here is the following, especially suitable for practice special measure for the unlocking of the security function of the mobile phone, which provides by a (eg, in addition own) pin number for access to the on line account of the mobile phone user implements in the software of the mobile phone: It is in addition to the z. B. longer pin number still a shorter pin number provided, which the user enters only when he enters the amount and sends the transfer order. This ensures that he can enter the longer number in peace and access to the on-line account still remains secured until he (when he is in line at the cashier's turn) enters the amount, presses a key and the second shorter pin number enters. If it is entered incorrectly, the status is reset to the entry of the first pin number to prevent the possibility of trial and error.
  • For further security reasons, a time-out is provided, which is started for all other transfers (except the permanently programmed intermediate account) with entry of the pin number, and if no subsequent transfer occurs, the locking of the on-line account after expiry of the timeout again automatically made becomes.
  • If, during the on-line transfer by the mobile phone, the transfer (to the intermediate account) does not take place within a short timeout, or within a short timeout after the transfer, the data loop for the return of the code signal to the server is not established; then the entry of the complete PIN number is required again to repeat the process or in case of repeated failure, the process finally canceled and reversed in the bank server due to the absence of expected by the service server acknowledgment signals to the phone number, the transfer to the intermediate account.
  • In order for the payer (user) to be able to automatically allocate his transfer to the bank account's interim account via his mobile phone, the procedure is as follows:
    The bank server accepts via the protocol (for the transfer) the access to the intermediate account (for the acceptance of a receipt of payment) only if the payer (user) with the telephone connection also enters his number (so that the bank server can use the phone number for the assignment in the purpose of payment). If this is not the case, then an error message is aborted. Since the intermediate account of the service server is maintained by the same bank server as the personal account of the payer (user), a technical realization of this requirement is not a problem. It is provided for a variety of bank servers, which manage an online account, each such an intermediate account (which is assigned to the service server, or under control of the service server to the beneficiary and not the payer!).
  • In this variant of application C (as in the other applications A and B in Prinizip also possible, but not condition) the immediate generation of a message signal provided when the payer (user) from his account (here on the intermediate account of the service server) a Transfer, whereby the amount remains blocked for the account of the payer (user) for all further transactions until it actually reaches the intermediate account. This can usually be done immediately because the intermediate account is an account that belongs to the same bank as the account of the payer (user). This message signal is then given to the service server and contains as information in addition to the amount transferred with the sender data (including bank details) and the phone number of the phone even the exact time when the online transfer has taken place.
  • After the service server has received the advance notification of a payment receipt (as a notification signal) from the bank server, which takes place practically in real time immediately after completion of the transfer of the user, he evaluates the following obtained with the message signal as obtained from the bank server record as follows:
    • - telephone number of the mobile to be recalled;
    • - time with date of the initialized on-line transfer of the paying (user);
    • - amount transferred (= received);
    • - Bank details of the sender, ie of the depositor (user or of the transferor);
    • - if applicable, the address of the sender.
  • Parallel to the process of transferring the amount of money corresponding to an invoice or a receipt, or even immediately before, when the cash register displays the amount to be paid, the cash register, or a respective client computer, etc., has the Internet connection to the service server recorded, or possibly keeps upright if necessary.
  • The customer or the user paying with the mobile phone has expediently entered the PIN number for unlocking the access to his account even before the actual payment, or only has to enter a short supplementary number in order to make a transfer from his account to the intermediate account can. After he gets the amount displayed at the cash register, he enters the amount in his cell phone and press the send button. From this point on, the mobile phone will be blocked for all incoming calls that are not made via the service server (recognized by the caller with a given phone number) (option).
  • After sending, z. B. an SMS or encrypted data to the bank server, which data may also contain an invisible to the user of the phone secret number or a transfer code generated by entering the pin number in the mobile phone, etc., puts the phone back on and the bank server sends the above-mentioned message (with the data listed above) to the service server in real time, which in turn calls the caller's phone number immediately. Upon receipt of this call back, the preferred acoustic signal with the preferred recognition code is transmitted to the mobile from the service server in constant repetition. Or one. Infrared signal controlled accordingly. Depending on the mobile phone, both options can be carried out at the same time, with automatic switching for the respective transmission mode, determined by a signal detector for each interface at the terminal via which the data loop is closed, and switching over a retriggerable signal triggered by the signal Mono time z. B. makes.
  • The user places the phone on the support surface with the microphone embedded therein to couple the earpiece of his mobile phone with the microphone and / or the infrared interface, etc.
  • About the microphone reproduced by the mobile phone code signal in the client computer (or cash register, or machines, etc.) and the client computer (or the cash register, etc.) of the payee (beneficiary) over the Internet connection to the service server again transferred back. In the data package of returning this code to the service server are still the Address and bank details of the payee (beneficiary) included (coded in the client machine or in the cash register, or vending machines, etc.).
  • Thus, the data packet sent to the service server contains, as a record obtained from the client computer (the cash register or an atomic, etc.), the following minimum data:
    • The code obtained by sending the service server to the mobile phone and from this back to the service server for checking back
    • - together with the sender details (name, address and bank details with account number).
  • The service server constantly checks for all recorded data connections concerning such payment transactions (payments by mobile phone), the returned code (simultaneously) with the inclusion of all currently sent codes, if such a code is recognized. If this is the case, then the received data record is assigned via this check code to that telephone number which has previously been called (in addition to other telephone numbers) or to which the relevant code has been sent.
  • In this case, under the connection key of this telephone number, the data record (BSD) received from the bank server is linked to the data record (CRD) received from the client computer (the cash register) in the service server.
  • Thus, this record maintained by the service server contains the following data:
  • BSD:
    • - telephone number of the mobile to be recalled;
    • - time with date of the initialized on-line transfer of the paying (user);
    • - amount transferred (received);
    • - Bank details of the sender, d. H. the depositor (user or referring person);
    • - if applicable, the address of the sender;
  • (CRD):
    • The code obtained by sending the service server to the mobile phone and from this back to the service server for checking, by means of which the telephone number of the mobile phone used for payment was found, the data corresponding to the telephone number obtained via the BSD data (BSD and CRD) can be linked together;
    • - together with the sender details (name, address and bank details with account number).
  • With this data, the service server can immediately send the acknowledgment signal to the relevant institution of the beneficiary who has received the payment. In technical realization this concerns z. As a cash register (also screen of a client computer, etc.) or optionally a machine for unlocking a subject, or issue a printed card, or a printed ticket, etc.
  • Furthermore, the software of the service server sets a mark (for deadline monitoring) to the data combined using the phone number of a cell phone (left) corresponding record and waits for the actual payment, in which the account of the mobile phone user on the intermediate account of the service server, stating the Amount and the phone number of the mobile phone (which was recorded in the transfer from the bank server with), with the server of the bank, this phone number as the purpose of payment for the transfer to the intermediate account of the service server is inserted automatically (in the booking document).
  • Thus, upon actual receipt of payment of the transferred amount, the service server (by automatically reading the account statements of the intermediate account) receives the data as a copy of the record (BSD) received from the bank server:
    • - telephone number of the mobile to be recalled;
    • - time with date of the initialized on-line transfer of the paying (user);
    • - amount transferred (received);
    • - Bank details of the sender, ie of the depositor (user or of the transferor);
    • - where appropriate, the address of the sender,
    and may use this information (via the telephone number and the comparison of the other data) to arrange the transfer as a transfer to the beneficiary in accordance with the data designated by (CRD). To which the appointment marker is deleted. If the money expected on the intermediate account does not arrive, then a corresponding alarm message is output to the log file in order to be able to initiate an investigation with the data of the relevant data record.
  • General: A general improvement for transferring a sum of money with a mobile phone still brings the evaluation of a voice profile with an FFT, z. B. by voice announcement to the user a word is predicted, and / or is displayed that he must speak to recognize his identity.
  • Error messages:
    • are provided as usual, if z. B. online access to a bank account is not achieved, etc.
  • special:
  • However, the following possibility of error should basically be excluded or at least reduced in frequency. Concerning a mistake that could occur when the transfer of the user of the mobile phone to the intermediate account of the service server was performed, but for some reason, the subsequent assignment of the phone number of the mobile phone over the code signal issued by the service server within a predetermined period of time could no longer occur (eg battery of the mobile phone is empty, etc. or the Internet connection of the cash register or a machine has failed, etc.).
  • In addition to measures to avoid errors nor a time-out is provided, the z. B. is measured from the time when the callback is initiated to the mobile in question, or is considered yet another period of time that the user needs to place after receiving the call his cell phone on the support surface with the microphone. Respectively. If the number (of the mobile phone) is constantly occupied during a callback attempt, then a predetermined timeout is also started in the server. After expiration of the time-out, an error procedure is initiated as usual in such cases.
  • Exact timing of the transfer by the mobile phone from the account of the user or payer (managed by the bank server) to the intermediate account of the service server (managed by the bank server with robot access by the service server).
  • After the bank server reads from the user (payer) via his mobile phone a transfer order in which the beneficiary is the intermediate account of the service server (as a trigger condition), the following steps are initialized:
    • a) it is the phone number of the caller read by the bank server, this is not possible with an error message: "the number of the caller must be turned on" canceled and asked for a repeated call;
    • b) if the amount indicated in the transfer is not covered, then an error message: "amount not covered" is canceled;
    • c) if the amount is covered, then the read mobile number is transmitted from the bank server with the above BSD data (phone number, time with date, amount, bank details of the sender, address of the sender) the service server from the bank server, the bank server this (BSD ) Data on the phone of the caller hard coded values receives, or if necessary, even after the date encrypted transaction numbers for addressing this fixed data (the intermediate account) are used.
    • d) the service server selects the received telephone number of the mobile phone for a callback (or call), wherein d1) is aborted in case of failure of the subscriber after appropriate retry attempts) while the mobile subscriber is sent an SMS with the error indication; the bank server is sent a negative acknowledgment that he does not perform the transfer, or should cancel, continue to the phone number stored from the current processing taken (possibly stored for later research in another area). d2) on reaching the subscriber, the procedure is continued with the following step e):
    • e) in the callback (call) by the service server the code signal currently generated directly or by a random generator as the code signals of all other simultaneously checked cell phone connections code is output to the phone as an audible signal;
    • f) it is in the service server at the currently activated client connections (which each exercise a cash register function, ditto automaton function, etc.), which fed via their Internet connection from the phone and returned to the server code signal sought, or the connection address of the relevant web user searched to which the code signal belongs. This port address corresponds to the device address sent by the relevant client computer (or cash register, machine, etc.) associated with the beneficiary (which the payee identifies). If a terminal address corresponding to the code signal is found, then the procedure is continued with step g) given below, but if no terminal address corresponding to the code signal is found, then the method is aborted and a corresponding error message is output to the mobile phone via a corresponding SMS and the bank server sends a negative acknowledgment, whereupon the bank server does not initiate a transfer and the amounts of the respective accounts are not changed, and the data stored for the telephone number are further removed from the current processing (possibly stored for a later search in another area).
    • g) If a terminal address corresponding to the code signal is found (in the service server), a positive acknowledgment is sent to the bank server by the service server, whereupon the bank server reserves the amount exclusively for this transfer (or withdraws it in advance from the account balance for further inquiries and transfers) and the service server Transfer amount to the intermediate account. In this case, the mobile phone number read on receipt of the call by the mobile phone as the purpose of payment and the fixed data transmitted to it (the account number of the intermediate account) are transmitted in addition to the amount. After completion of the Überweisungsinitialisierung the service server is transmitted under the address of the relevant telephone number, a corresponding positive message, which triggers at the relevant terminal of the payee (cash register, vending machine, card printer of role with dispenser, turnstile access control, etc.) indicating a payment actuation signal ,
    • h) In the service server is the corresponding record, which the phone number of the mobile phone as a key to connect the data of the beneficiary payee (bank details, time, date, via the network with the terminal, via which the data loop with the phone of the concerned on the and the data communicated by the bank server to this telephone number (amount, sender, date, time, etc.) added (linked) and via a robot function the forwarding (transfer) of the relevant (via the phone number as the key address recognized) amounts are transferred from the intermediate account to the actual account of the beneficiary recipient, whereby this receipt of payment to this account, or the actual debiting of the intermediate account is monitored by the server,
    • i) If the debit from the intermediate account is not within the monitoring time (outage monitoring) started for each mobile phone number (from the generation of the actuation signal) in the service server, then the data of the transfer is written to a journal file, which is monitored by an operator, if necessary Investigate and operate.
  • It is evident that, as required, any number of error controls for error monitoring and timeout monitoring can be provided, furthermore, the method in addition to a cash register application, in which the actuation signal as a receipt for the deposit received z. B. is displayed on a display of a cash register and continue to release the printing of a receipt or ticket, etc., also controls for the control of a machine (eg cigarette vending machines) or access through a turnstile, etc., control.
  • Likewise, the phone z. B. with a variety of services to be paid by a bank transfer services, in which case each of the preferred production of the data loop on the code signal, the recognition of the payment is done (with the associated programmed process in the database).
  • Furthermore, instead of a cash register networked with a service server, a second mobile phone may also be connected to the service server via an internet connection, thus payment transactions can also be handled with two mobile phones.
  • 12a shows an example of one with a soft foam ( 1 ) padded support surface (plate), wherein the foam has a recess into which the mobile phone ( 2 ) for the purpose of producing a temporary data loop (in this case via microphone MIC of the support surface and earpiece HK of the mobile phone and / or via an infrared interface (IF, a, b) is inserted and pressed against the foam.) The acoustically or infrared coupled interface then networked with the server via a corresponding Internet connection of a corresponding terminal.
  • Furthermore, it will be illustrated how the automatic switching of infrared interface and acoustic coupling is performed. If the mobile phone has an infrared interface, whereby several possibilities for attaching a corresponding sensor to the support surface can be provided, then all other input channels (acoustic coupling, etc.) are switched off and only the infrared coupling (data) is evaluated. For this purpose, the respective infrared signal is used as trigger signal of a retriggerable mono-time MONO (eg implemented by software), the output Q of this mono-time then using only this signal channel and switching off all other available channels. It is evident that any number of infrared interfaces can be provided on a mobile phone, etc.
  • Also in the example explained below, it is also about a terminal connected to a server (eg an Internet provider) (eg an IT computer or client computer, or even just a mobile phone, etc.), which usually only a temporary address is allocated, as belonging to a terminal of another network (eg, a telephone, mobile phones, etc.) to recognize.
  • For this purpose, the terminal of the other network, which can be regarded as secure or distinctive connection, (eg a dial-up telephone connection of a landline or a mobile phone, or via radio channels, etc.), of the relevant Server called, the server via the speaker output of the device used to display the website (client computer) an acoustic code signal (KODE, also melody as code, etc.), which is generated by a random number generator in the server, which he sends over the called telephone connection (acoustically coupled via the microphone) receives back and over this data loop checks whether it is actually sent by him to the relevant WEB page code signal and only with a positive result, the assignment of the respective WEB page for the call used phone number as a passed security check. In this case, the method can also be applied vice versa by the server sends the acoustic code signal to the earpiece of the mobile phone via a telephone connection, wherein the code signal via microphone of the client computer is acoustically coupled to the server via the data loop sent back.
  • Furthermore, the necessary for the data loop coupling between the data output of the computer and the data input of the telephone connection, or possibly vice versa, the coupling between the data input of the computer and the data output of the telephone connection, in addition to the preferred compatibility reasons acoustic coupling by any interface can be realized such as infrared coupling, or other optical coupling, or pluggable connections with usual start-stop or synchronous data transmission (modulo 2, etc.), etc.
  • Ditto, the method can also be made exclusively under mobile phones (ie, from mobile to mobile) or in conjunction with mobile phones and a computer, etc., as already stated in examples, eg. B. to use the method for general payments.
  • Here, the server using the used for the data loop DS port number T- # of the mobile phone (ie, a fixed connection connected) can assign the data of a database or even different databases, even with temporally independent call, or can synchronize, if, when a database is called up, the preferred code (KODE) is routed via the respective mobile number T- # via a data loop formed at the user; and the server by pairwise comparison of each received code signals (KODE_1 ... (KODE_n), which must correspond to each of the emitted by him, the corresponding telephone lines, or phone numbers notes., And on the corresponding in this recognition telephone numbers T- #, The server processes belonging to each other by the data loop or sessions of the client CL are recognized as belonging to each other by this synchronization not only the server used in cashless payment transactions can be assigned processes, it can also after payment and booking under the for the synchronization used telephone number (T- #), the payment (booking) below or even before any other server processes (or their WEB pages, ditto databases) are assigned, eg to the service of a WEB page (or even a managed services through a WEB site, such as theater tickets, pizzas, Punitive mandates, etc.).
  • As already stated in the examples mentioned above, the emission of the code signal can also optionally take place in the reverse direction, ie the code signal is sent via the telephone connection to the telephone and sent back to the server via the WEB page (or IT connection) , Dito can the coupling of the data loop between the phone and the computer, which represents the WEB page (or another cell phone, etc.) also here via any interface, eg. B. via an infrared interface, etc ..
  • Due to the preferred data loop, different server processes are respectively synchronized via the telephone connections T- # used on the client side CL (or mobile page, etc.) for the data loop, whereby the telephone connections T- # used on the client side are checked by this data loop and Even with only temporary IT addresses (the server processes as interface to the client), the processes can be uniquely assigned to a specific session or to a specific client CL.
  • Example (s) 3.0:
  • In addition to the already explained application for using a mobile phone for a cashless payment, with the example, the smart card of a mobile phone can be recharged immediately, here are two other major applications for such synchronization on the phone numbers T- # used by the client CL Telephone connections proposed:
    • a1) the law-abiding link on any WEB page, in which a liability for this link is excluded, regardless of the nature and content of this page. The link is made so that it is not included in the "calling" WEB page as such;
    • a2) the lawful link to any unclaimed WEB site owned by no one, because it is managed in trust, and the source server can not be explored, and further, while respecting the IT protocol, the site under a different name (or under other IT Address) is presented to the client as it uses the originating server. The name of the WEB site may change constantly;
    • b) a novel use of a mobile phone to submit a digital signature of a document, which transmits via any terminal, or any client computer (including an Internet cafe, etc.), or displayed (or printed, etc.) This application can also be combined well with the already explained application for using a mobile phone for a cashless payment transaction. In further development, the integration of any WEB page into a (for example, a notary, court, etc., established) certificate server for the certification of digital signatures on documents that are presented on any non-certified servers to the client CL, wherein the client (client) receives a counter document transmitted electronically, which can not be forged if the client CL has no certification to recognize the authenticity of the document (eg from a notary server) received back (so that the signer also on the part of Contract partner of the WEB-side gets a legal document).
    • • Based on this application, it is also possible for the first time to send fully automated e-mails and faxes from the office computer (by sending a digital signature) without having to check the digital signature on the computer or client CL of the sender or recipient. This is done with the interposition of a certification server, which uses as security to the user the integration of the preferred data loop DS and receives its digital signature checks further, stores and archives the process, as well as the undersigned a certified copy of the document signed by him back. This makes it possible for the first time to automatically send e-mails and FAXE according to the status of a registered letter (also with "return receipt") in digital form.
  • Furthermore, if the client computer is already connected via a telephone connection (ie via a modem) to the server of a provider, the data loop can in principle also be used using a telephone callback of the (relevant) telephone number under which the client computer can be reached , getting produced. However, since the modem connections for Internet use are becoming increasingly rare, such a variant is not necessarily worthwhile, because in a modem connection this is fully utilized anyway with the data transfer.
  • In this case, however, the modem could also directly establish the preferred data loop on the client computer CL for its software for a second telephone connection (option).
  • In addition to the main applications mentioned above (relating to these examples), numerous applications of the method are still proposed.
  • In addition, also advantageous refinements for the design of the mobile phone are proposed in order to carry out the process in principle even more user friendly. This includes z. As the further option, the mostly built-in digital camera for the process in different applications to better use.
    • For this purpose, it is provided for technical further development to use the digital camera of the mobile phone, which is usually installed anyway, for the formation of the data loop of the code (KODE) sent by the server to the client computer CL and returned via the (further) telephone connection. For this purpose, an image field is optically displayed on the (or possibly also on a further additionally provided) screen of the remote station (screen of the client computer CL or cell phone) over which the data is transmitted by a brightness modulation, z. B. according to a synchronous method such as modulo 2, etc., comparable with the data transmission over a light guide (only slower). In this case, this optical image field next to a displayed in the display, also be a separate LED, etc.
  • Thus, it is sufficient to keep the optics of the digital camera of the mobile phone against the screen, or on this optical field of the remote station, if the client computer or a special additional mobile phone to the mobile data to be (coupled) to be.
  • It is further provided (optional) to indicate on the phone by means of two arrows (⇑⇓) ("⇑" or "⇓" or "" = OK), whether the phone with the built-in camera is closer or more distant to the screen to hold. It is also envisaged to make the lens extendable in order to narrow the detail of the image as a detail, as is the case with conventional intermediate rings of a standard objective. In this case, two detent positions are provided, one the distance of the lens to the mobile phone housing (equivalent end position to the camera housing back) shortened (usual position) and one extends this distance for the purpose of imaging a detail (image) section (as a special position for data coupling ).
  • Likewise, a barcode can be read by the camera of the mobile phone, z. B. also for the later too 18 described application to a certification server, the on the chip label ( 10 . 11 16 ), with which the document ( 40 ) to be printed.
  • A particular application, where the use of the camera on a cell phone also means a simplification in the handling, is a print engine, such as a newspaper, or a book, etc., not only about the information, eg. B. bind to a WEB page by an exemplary code specified in the printing unit, but to bind this WEB page in turn to a specific person, in which case the preferred data loop using a specific telephone line (number T- #) of a particular person, access to the WEB site binds to this person.
  • This binding, in turn, can be very well realized by the method by providing an exemplary code number KODE_external (i.e., for each instance, a different code KODE_extern) and extracting this code number KODE_extern in connection with the execution of the e.g. B. in a relevant WEB page is entered, in which the user has to log on the preferred data loop with the code sent by the server (KODE) to identify the telephone connection used for this purpose (T- #).
  • After entering the exemplary code of the KODE_extern magazine once, the user may continue to use the same telephone connection (eg cell phone or landline number T- #) for a certain period of time (or even number of sessions, etc.) using the data loop. , as it was used when logging in for the first time, log in as you like, without having to enter the KODE_extern of the magazine every time, or does not benefit another user of this exemplary KODE_extern the magazine, if he another telephone connection (eg mobile or landline number T # #), as used in the egg, by entering the exemplary code KODE_extern (the journal) for the data loop to transmit the security code (KODE) generated by the server at random.
  • As a result, the user is stopped z. For example, to regularly buy the coded with exemplary code numbers KODE_extern each newspaper. How the code is read from the newspaper does not matter. In the simplest case, it is only stamped, or printed as an exemplary number, or labeled by a laser inscription and entered via the keyboard or a pad for handwriting recognition, etc. in the relevant WEB page.
    • In a further development, this code KODE_extern over the for the purpose of transmitting the security code generated by the server (KODE) formed data loop (DS), here directly fed via the phone, the KODE_extern z. B. is read via the camera in the phone
    • - That is, the server receives in the data loop not only the code sent by him (KODE) back, but also the only here at the first login, related to the coded print engine KODE_extern, enter here (as a variant) via the phone acoustically becomes. In further pronounced security examples, which are described later, the advantage of this input method is still pointed out (whereby the CODE of the server and the externally entered KODE_extern in the mobile phone can still be coded together, etc.).
  • If the phone does not have a camera, then as a further preferred method, an additional code, the z. B. a number KODE_extern a correspondingly coded newspaper concerns and in connection with the preferred data loop of a server-generated code (KODE) in the WEB page in question, or enter into the server, the already existing in many mobile phone's acoustic input of digits ( eg for dialing). It can, as always, the implementation of the acoustically spoken digits in the corresponding character code either off-line, ie be made directly on the phone, on-line via a corresponding service number of the mobile network, at z. B. can be reached at the touch of a button.
    • - The same method can also be used to enter a pin number or a personal identification code (PIC) as used for encrypted transmission, eg. B. is used in a payment transaction or in connection with the delivery of a digital signature, in an example described later used.
  • ➀; ➄; ➄; ... Another application that makes the preferred assignment of a WEB page is that the server calls the user's telephone T-# T- # to make use of this telephone call to charge for the use of WEB's assigned to the data loop. Page to settle.
  • The technically simplest case is when the service is offered on the WEB side as long as the data loop is maintained with the transmitted code signal, thus telephone charges during the service on the WEB side via the user's telephone T- # immediately according to the one made Duration of the data loop can be billed.
  • Or, in a further variant, if for each one-time call of the server via the telephone connection T- # of the user a certain feature is enabled (to download a file, etc.). Wherein the called server can end the data loop by hanging up at any time (according to a synchronized with the WEB page duration).
    • - Another basic variant is when the WEB side using the preferred data loop, a user input is made so that the user enters a sum of money on the WEB page, or confirmed during the data loop via his phone or mobile phone connection T- # is coupled to the server of the WEB page, or the security code (KODE) transmits, with the entered or selected amount of money is then billed via the telephone charges.
    • In a further development, this method can also be performed well in connection with the submission of a digital signature (signature) to a certification server (as will be explained in detail in the later part of this description). The input of the over the telephone bill (the T- # connection) then abzubuchenden amount of money can also be done via the located in the data loop mobile phone, this input data to the server together with the security code (KODE), optionally encrypted, redirected. • The (later described in detail a function of its function) certification server then ensures as officially recognized mediation between any WEB page provider and any client user (user) that on the one hand the amount entered by the user to this WEB page is correct and secondly the Amount of money is to be allocated to the service offered, if necessary notarised. Ie. the usual rip-offs about dialers and excessive fee numbers we no longer needed for reputable providers, and could even be legally prohibited by the present innovation.
  • Also, this method could very well be combined with a parcel service in which the parcel courier (eg the post office), with its many branches, acts as a trustee for purchases / sales on the Internet. Ditto also still over the certification computer a central file is put on, with which only reputable offerers and buyers are registered, etc.
    • - Another, additional complementary application concerns the call of another WEB page by any other WEB page, without the usual link would be required (according to the main application mentioned a1 and a2): In contrast to the prior art, where a such a call is made with a usual link, in which the address, or the name is contained in the code of the WEB page to be invoked, or at least on the server via which the WEB page is called, the address or the name of the WEB Page is coded, this is not the case with this novel application. In this case, the server, which immediately (as provider) presents the client CL via the intermediary of further servers a WEB page, receives a WEB page, which he has not called, from a server in order to call it under a completely different (anonymous) name to the client CL, the client then only invoking the WEB page via the IT protocol that the server in question uses to display the (anonymous) WEB page displayed, comparable to any arbitration service in international law Data network, or a telephone network, etc., according to which the mediation service for the transmitted content is not liable and technically, can not be liable.
  • It is provided that the WEB page, via which the call is made by the client CL, only performs a general browser function, which supports the browser of the client CL in such a way that via the client CL directly (direct addressing) or indirectly (direct Indirect addressing) entered the name, or the address of the WEB page to be invoked.
  • In both cases (direct addressing and indirect addressing), this is not done here, as usual by entering in the relevant window of the browser on the provided standard interfaces (via keyboard or by decoding a left of the currently accessed WEB page), but by calling a Telephone number (via the telephone network or mobile phone network), which relates to the call of that server over which to access the WEB page to be accessed, or which should at least make another call to another server (so that the called WEB page generating additional servers, or even a whole battery of locally-branched servers, behind which the phone-initialized server can hide).
  • The user then only has to call a telephone number (of a corresponding server or corresponding robot station, etc.) in order to call up a corresponding, anonymously presented WEB page.
  • This call can then be made by the usual choice of a telephone number (or generally, by entering appropriate data for the control of a connection setup) via a landline or mobile phone (including radio network, etc.) by the user. Whereby in further training the WEB page to be called not only has a list of telephone numbers but can also generate a dialing code to dial directly.
    • - In this context, for the use of mobile phones, which standard moderately have a speech recognition for the election, this speech recognition additionally simplified by a sound detection, their execution, for example, the measures already indicated for detecting the server via the data loop back transmitted codes (CODE ) are used. In addition to using tone frequencies to enter the dialing code, a voice prompt could also be used directly, but the use of tone frequencies is more reliable.
    • - This method is not limited only to mobile phones, since the implementation of reproduced by a WEB site at the client CL audio frequencies in dialing numbers, not necessarily the terminal (or telephone device) of the user must be done, but z. B. can also be made to a server, via an intermediate selection or even immediately. In an intermediate selection, the user always selects a fixed number (in his telephone set, mobile phone, etc.) that relates to call forwarding. This call forwarding sets that to that of the user on the concerned WEB side, z. B. "WEB-Vermittlung.com" (hereinafter also called WEB-Seiten_A) clicked telephone number generated and reproduced by the client computer CL the user as audio frequencies phone number (eg "001 / xxx .... xxx") in dialing numbers for the further selection of the coded by the sound frequencies connection to. Optionally, instead of dialing a telephone number, it is also possible to send only one SMS to the telephone number of the call forwarding, the SMS then containing the telephone number of the server to be dialed. The call forwarding (as an option) can also call the sender of the SMS back to test the phone number, etc. Or even return to this phone number from the server to be called as a code received SMS, which in turn (via direct coupling by implementing the SMS in accordance with serial data) can be sent back to the server of a respective WEB page via the client CL (or a suitably formed data loop) to perform the check of the data loop, etc. The whole of course also works on IT telephony, etc. In the direct dialing, the preferred data coupling on the client side CL is made, for example, by dialing the relevant telephone number via the Internet, using a service provider (server), which are called over the telephone network (dialing network) to the server whose WEB page should cost-effectively dial into the telephone network.
  • Further explanation of the other options with which the web page can be accessed without direct link via another WEB page ::
    • I) In the case of direct addressing, the WEB page to be called up, here called WEB page_B, is called via a software installed on the client computer CL ("plug-in") into which a data interface (eg by an acoustic interface) Coupling or via an infrared interface, or a different interface, etc.), the data for the name, or for the address of the WEB page to be called can be written to the WEB page directly from the client computer CL but its Browser can call, or even for the call to use a special service via another server, which may call the WEB page anonymous in relation to the user, but can not represent anonymous in the current state of the art.
  • The data interface is fed via the preferred coupling established by the user or on the client side CL, in which the data are available after the user has called a telephone number or a relevant telephone server (or robot, etc .), From this telephone server to the telephone connection of the user (T- #) are transmitted and used by feeding into the data interface on the client computer CL (or on a mobile phone, etc.) for the call of the relevant WEB page.
    • II) In the case of indirect addressing, no specially installed software ("plug in") is required on the client computer CL in order to be able to call up a WEB page via an external data interface of the client computer CL. But it is a software with a function, as provided in the direct direct addressing on the client computer, installed on the server Server_A, which represents, so to speak, only an extension of the interface to the client CL through the IT connection.
  • In this case, the same data interface of the relevant terminals (client CL, phone or mobile phone) is preferably used for calling the WEB page to be called, here WEB-Seiten_B, as well as for the production of the preferred data loop when the user logs into the WEB-Seiten_A (eg of "WEB-Vermittlung.com") is used, whereby the user on the client side then in each case over the same telephone connection (its number T- #) to the concerning servers, Server_A, and Server_B dials (over the telephone network!).
  • In this case, the Server_B reads the phone number given during his telephone call over the telephone network T- # of the telephone line (the user, or client CL), or if this is not possible, the user receives the announcement over the telephone connection to repeat the process , however, switch off the telephone number suppression Server_B stores this telephone number as (later to be used allocation address, or for the subsequent synchronization of the data in relation to WEB-Seiten_A of Server_A) from.
  • Here again, the server or the server to identify the subscriber on this data loop (the telephone line T- #) by generating the test code (KODE), by sending and checking the returned code.
  • If the called WEB page, here called WEB-Seiten_B, stored on the same server (here called Server_A), such as the WEB page (here called WEB-Seiten_A), which visually represents the phone number of the server to be called (or as a data stream for direct automatic dialing of the data loop to the telephone / mobile generated), then only a one-time formation of the data loop would be required (the Server_A) to check the telephone caller through the data loop.
  • Since this (usually) is not the case, ie the called WEB page WEB-Seite_B is not stored on the server Server_A, but on any other server, here called Server_B, sends the here directly by the client user ( CL) calls server server_B its name (ie its IT address) via its telephone line (T- #) via the telephone connection, as it initially still exists by the production of the data loop DS to the server_A (under the WEB page_A) to the client CL, to the server_A. Ie. the data loop produced by the user on the client side CL is already connected to the server_B via the telephone connection (T- #), but is still connected via the internet connection to Server_A or to its WEB page WEB side_A. Whereby between Server_A and Server_B first no connection via the IT network must be included, ie the first established over the data loop DS at the client CL telephone connection is the only connection.
  • If, however, the server_A receives the IT address via the data link of the data loop DS via the telephone network (T- #) from the server server_B, then the server_A sets up an internet connection to the server_B and immediately transmits the telephone number of the telephone line (T- #) which the telephone number User in the production of the data loop used for the time being. Or the server_A sends the server_B the telephone number (T- #) via an SMS, etc., (see later).
  • It is evident that the user must form a first-time data loop to Server_A via his client computer CL only once when logging in, where he can keep the WEB-Seiten_A constantly called, and call any number of other servers of the category according to Server_B, so that these servers can each send their identifier (IT address) to Server_A via the data loop of the telephone. Ie. the user can call any number of servers of the category according to server B call on the WEB side_A called and form the data loop DS to the server_A, with the purpose that on the web page_A of Server_A, the WEB pages corresponding to the dialed telephone numbers the relevant server via WEB-Seiten_A Server_A as anonymous WEB page are displayed.
  • In this case, the telephone numbers may also relate to only one switching page of the server server B selected with the telephone number via the telephone network, with the corresponding links to the relevant WEB pages, or the WEB pages can also be called directly via the extension numbers on the Server_B.
  • If the server_B has received the user's telephone number (T- #) from the server Server_A via the established IT connection, then Server_B calls the corresponding WEB page, whereby this can be done via two alternatives:
    • - By direct call over the telephone connection to the user (T- #), via which the Server_B the serial signal for calling the specified by the phone number (his telephone dialing) (or decoded) WEB page on the WEB-Site_A of the client CL, or via the data loop (data coupling) to the server_A sends. However, the Server_B calls the WEB page, copies it and provides it under a different name (or other IT address), or sends it to another server for the same purpose (which then provides the page under a different name ). In each case under the name that the server_B sends to the WEB page_A for the call via the user's telephone T- #. Ie. The server_B called by telephone is here the extended arm of the user who calls the relevant WEB page (eg via a plug-in in his computer) and by using an anonymous access service.
    • - or by indirect call, in which the Server_B called by the phone number (his telephone dialing) designated (or decoded) WEB page and copied it into its own WEB page other name to them directly or via other server the Server_A for presentation within WEB-Seite_A. Ie. In this case the WEB-Seite_A provides an empty window to be called up with a mouse-click, within which the server_B directly or via further servers called page is presented to the user (under a different name). In contrast to the direct call over the telephone connection, where the relevant WEB page is presented in an empty window provided by Server_B to the user (under a different name), which calls it via the data loop of the relevant telephone connection.
  • In each case there is the option to make the call directly via a plug-in on the computer of the client CL or via the Server_A or the server of the provider.
  • Thus, in both cases, it is not a link in the legal sense, which would be provided in a particular WEB page acts, but a pure service, as occurs at a telephone number of a telephone network.
  • The same applies to WEB-Site_A of Server_A, which is nothing more than a telephone directory (of WEB pages calling anonymously by telephone call).
    z. B. a list of WEB page "WEB-Vermittlung.com" FULL TEXT SEARCH ... button THEME TEL. number I know something about corrupt politicians and tell all electoral fraud * bribery * abuse of office in the ministry * 001 / XXX ... Everything about cats 001 / XXX ... room cats 001 / XXX ... garden cats 001 / XXX ... Wildcats 001 / XXX ... , , etc....
  • Note: Since the callable exclusively by dialing a phone number pages are intentionally detected by a search engine hardly meaningful, as their only temporary assigned name NonameX.com (see also later) constantly changes for their access over the Internet, it is important to the topic the web page "WEB-Vermittlung.com", which can be accessed via the internet protocol, also provide keywords so that the search engines can use the "WEB-Vermittlung.com" page under the entered search term (eg "Wahlbetrug"; "Bribery", "Politiker ") Find. Since the page "WEB-Vermittlung.com" z. If, for example, the only or one of the few directories to which the call numbers of the anonymous WEB pages can be taken, the page "WEB-Vermittlung.com" will be called by many users and therefore ranked high in the ranking of search engines displayed on the other hand, the anonymous WEB page itself is not what should be. Ie. the procedure is also useful, if in addition to the anonymous WEB pages still completely harmless topics, such as the example with the cats are included, whereby the WEB side with the cats beside the call over the telephone number or also only over one direct link, under a regular WEB page (with regular IT address) that resides on a "more harmless" server. The purpose of this page in the search engine is, then so that the search engine shows the overview with the cats at the top. Of course, the WEB site "WEB-Vermittlung.com" also asked for a self-sufficient full-text search, so that the user can quickly find the desired terms within the list of topics.
  • In this example, the topic is indicated on the left side according to a lexicon, and on the right side is a US telephone number that the user has to dial to call up a WEB page no matter where the server is located worldwide. The left-hand column can also be opened via various information windows on the left-hand side, and an expert system can also be integrated in order to access the topics sought using intelligent search functions. Instead of topics, of course, any names and names can be provided, the one, z. B. already out of print name of a WEB page, z. For example, proper names, etc.
  • Further options for the example of indirect addressing:
    • • The user (Client CL) calls the WEB page "WEB-Vermittlung.com" (corresponds to WEB-Seite_A created by Server_A) via the input window of his browser and closes via this WEB page and via his telephone connection (the telephone number T- #) , via which he calls the Server_A by phone, the data loop, where appropriate, by a callback (option), the number used by the user (T- #) is checked; and further the telephone number used by the user for the data synchronization is stored in Server_A.
  • Note: In the case of a reputable provider that guarantees the security of telephone connections, the call of the user (client) can also be made using an IT telephone which can be reached at the telephone number (T- #).
    • Another cost-cutting option, which is equally applicable to all proposed examples, is that the user sends an SMS of the cell phone used to form the data loop and receives an SMS in response to his cell phone, which he uses for the data loop. In this case, the user does not even have to send the text message via his mobile phone, but simply sends the text of the SMS as an indication of his telephone number T- # to which the callback is to be made by the server.
  • special:
    • - For the callback contains the mobile phone SMS data converter as an interface with which the texts received SMS as appropriate character data on the intended to form the data loop DS interface of the user directly feed directly into his client computer, in which case the text of the SMS from the Server sent random code code.
  • For example, the received SMS characters are converted into an acoustic signal (modem signal or modulo 2 sync signal with block repetition and sync bit frequency, etc.) or converted into an infrared signal to read the SMS received in the client computer CL. Or the callback takes place via the telephone connection, also very cost-effective, if the callback server uses the IT network for this callback. There is again the option that the mobile adds another code within the data loop, which relates to the identification of the mobile phone and / or user (see later part of the description).
    • • Instead of the user telephoning via his telephone line (the telephone number T- #), the server_B whose phone number he takes from the directory (see example above), where also the option could be provided that by clicking on the relevant telephone number on the web page "WEB-Vermittlung.com" (WEB-Seite_A) the numbers are reproduced as serial data (eg acoustic, infrared, etc.) in order to avoid manual dialing Option provided that the selection of the Server_B via an SMS is sent to the specified phone number on the WEB site "WEB-Vermittlung.com" to the Server_B, as the text of the SMS, the phone number T- # of the user by the user is to be sent. In addition to the possibility that the user does this from his mobile phone, he can optionally also by clicking the number directly from the server_A to the server_B send the SMS, as the text of the SMS, the phone number T- # of the user then from the software of WEB Page of Server_A is automatically used (which Server_A received over the first data loop through Server_A). This is not a link in the classical sense, since Server_A does not make a call to WEB-Site_B of Server_B, but sends only an SMS of the user to Server_B to an undefined WEB-Site (but only to Server_B).
  • Ie. In this case, Server_A hands over the server number T_ # of the user directly via the text of the SMS sent by him.
  • The server_B retrieves the telephone number T- # obtained via the SMS and in doing so transmits the complete Internet address under which the page selected by clicking the telephone number (from the table) can be called via the telephone connection to the client CL, which assigns this number via the existing telephone number Send data loop to WEB-Site_A. In this case, the WEB-Seiten_A for calling the over the telephone line T- # obtained as a data code address (name) of the WEB page to be called also use a service that allows an anonymous call the WEB page, or with a corresponding plug in On the client computer, the data loop over the input of the address (name) of the WEB page to be called directly into the input window of the service concerned for anonymous call the WEB page can be redirected (Piping).
    • • Since the server_A on the WEB site "WEB-Vermittlung.com" (WEB-Seiten_A) has no direct link to WEB-Seiten_B (which was selected by clicking on a phone number), but the link only by the data input of the user (via the data interface) comes about, the linking to the WEB-Seite_B is very comfortable, but is not a link in technical terms, as well as in the legal sense, since the WEB-Site "WEB-Vermittlung.com" only corresponds to a usual telephone directory ( comparable to a business directory, etc.).
  • The closer selection of a WEB page to be called takes place z. B. by extension numbers or it can be presented after calling the WEB-Seiten_B an overview of the topics with real left to click on the user.
  • Checking the authenticity of a WEB page:
  • When a WEB page is invoked with the interposition of multiple servers, the client needs to check the authenticity of the page. This can z. Example, be made so that the server in question, which makes the transmission and testing of the code (KODE) on the data loop of a telephone network (ie via a telephone dialed by dialing office, in this case via the telephone connection to Server_B), an audible announcement about Telephone network is generated to confirm the authenticity of the page if the sent out CODE matches the returned one or gives a message if it is not, d. H. the WEB page that the client user sees on his CL machine is not the one he wanted to call. In this example, the server_A can transmit a part of the security code [KODE = CODE 1, CODE 2] shared in two parts to the server_B (via SMS, or IT network, also encrypted, etc.) in order to check them in advance allow and then ask a question "View WEB page, yes / no". so that the user does not leave the page in question (if forged) on his computer. Thereafter, the second part of the code is again used to directly check the WEB page generated by Server_B.
  • Another example of the anonymous creation of a WEB page (see also Fig. 19):
  • In the 19 (and also in the other figures 13 . 14 ) selected symbolic representations do not affect the actual data paths to the servers, which can indeed be very complex, but only those considered for the process.
  • The anonymously generated WEB page is not always made available on the server generating the page (the server_anonym, SANY), but kept or generated on the server without Internet access. Only if the server anonymously a calling the WEB page phone call, z. B. with an extension number, he copies the extension number corresponding page to another server (the server_display, SDIS) of a variety of registered WEB pages without their own content is available and the data corresponding to the received page in the empty Insert page. Conversely, form data entered into this page will be returned anonymously to the server.
  • The server display constantly changes (rotating) the name NonameX.com of the registered WEB pages, which it fills with the contents of the (or the) server_anonym sent to it. If via the telephone line (option also the calling address of the page to be called up) is transferred via the data link to the client computer, then this is done under the temporary name NonameX.com, under which the server_display currently displays the page in question, whereby the server_display then the NonameX. com informs the temporary name NonameX.com of the WEB page, so that the NonameX.com gives the user the call of the page NonameX via the telephone connection this name as data about the preferred data loop in the WEB-Vermittlung.com WEB page of the server_display can cause .com.
  • 19 illustrates this process, with the three most important phases for calling the anonymous WEB page (generated by server SANY) marked with steps 1, 2, 3:
    • (1) The user logs in with his client computer CL on the server SDIS via the call of the WEB page "WEB-Vermittlung.com" and closes on his telephone line T- # (or mobile) the data loop DS. The user has dialed the server SDIS via the telephone network TELCOM.
    • (2) The user removes from the list on the WEB page "WEB-Vermittlung.com" the telephone number of the WEB page to be called, which initially only designates the server SANY and selects the server SANY to send him an SMS with the text of the Send the number of the telephone line used for the data loop T- # (or mobile phone).
  • In principle, this process can also be carried out automatically via the Internet (also by mouse-click) (since the server SDIS has already checked the telephone number via the data loop DS), if the user does not need a proof of authenticity of the anonymously accessed WEB page, or later again checks over a telephone loop, etc.
  • The server SANY retrieves the user T- # and sends via the data link (acoustic, infrared, SMS, etc.) via the client computer CL the user's IT address (under which an IT connection with the server SANY are recorded can) to the server SDIS via the existing data link DS of the client to the "WEB-Vermittlung.com" of the server SDIS.
  • If the server SDIS (eg after clicking on a respective button on the WEB page "WEB-Vermittlung.com") detects an expected IT address (of any arbitrary server), then this is confirmed to the user, "Server is called ".
    • (3) The server SDIS takes the connection to the server SANY under the received IT address and sends to the server SANY the following data: - that telephone number T- # (of the user) corresponding to that session to the WEB page "WEB exchange. com (obtained via the data loop) (telephone number T- #) under which it has received (via the data loop DS) the call address of the server SANY, - the (unregistered) reference name or a field address of the database, to designate the desired WEB page, which the user selected from the list of topics by clicking on - and the name of one (of many) registered WEB pages NonameX.com (which can also be called "Pseudonym_583.de", for example), see later ), which is currently not in use and has no content, and under which the contents of the called and anonymously generated by the server SANY WEB page should be displayed.
  • The server SANY responds by transmitting the content of the relevant (desired) WEB page to the server SDIS, again at the address of the telephone number T- # of the subscriber that he used in the data loop. As already stated, the entire synchronization of the processes of server SDIS and server SANY can be done under this telephone number T- #. The server SDIS then copies the content of the WEB page received for the telephone number T- # (or the relevant session via its WEB page "WEB-Vermittlung.com") from the server SANY into the empty WEB page under the name of the WEB page "Pseudonym_583.de", whereby the user can call this WEB page also by entering this name in his browser window or by entering in a special service (for the anonymous call).
  • Respectively. In order to make the case more comfortable, the server SANY sends over the telephone network (2) TELCOM the call address that it received from the SDIS, so that it can be entered directly into the browser window of the user via the data loop DS with the support of a plug-in software , Furthermore, of course, there is the alternative to forward the call received via the data loop DS directly to the server SDIS. In all cases, the call is guaranteed not directly on the page "WEB-Vermittlung.com", the name "Pseudonym_583.de" (the called WEB page) is not even known, because the allocation of the currently free page (without Content) for displaying the WEB page received from the server SANY not via the "WEB-Vermittlung.com" is done, but via a server on the server SDIS running server software, of the "WEB-Vermittlung.com" only the phone number T. - # for the synchronization of the process passes, which corresponds only to the telephone connection of the T- # user and otherwise has no connection to the further expiration. Except for the option where the transfer of a field number from the advertisement (the telephone number list of WEB site "WEB-Vermittlung.com") to server SANY (to assign the selected WEB page) is optional the user can also communicate this (optically displayed) field number via the keyboard of his phone directly to the server SANY, which then assigns the desired WEB page via this field number.
  • The telephone numbers shown in the list of WEB site "WEB-Vermittlung.com" thus do not correspond to a left, but only one advertisement.
  • If the browser is extended (for example, also directly) so that it can link the information distributed to several registered WEB pages (link) and display them in a common window, then the matter (because of the constant change of the name of the the information-representing WEB pages NonameX1.com ... NonameXn.com) legally, even more complicated.
  • Reference to 13a : The user has identified himself using his phone, e.g. B. a cell phone or landline, which has a given to the called phone number T- # (which is recognized by the server I as a called or by a received SMS) using the preferred data loop DS (server I → CL → TELCOM (1) → Server I, 13a ), wherein the server I, the code signal KODE (1), cf. 13a , to the client computer (CL) on which the browser makes the presentation of the WEB side, as a loudspeaker signal L transmits and over the user-made data coupling DS (data loop) via the microphone MIC of the phone T for comparison (for identification) gets back. Respectively. if appropriate, the data link DS also via the reverse path from the server to the handset L of the telephone T ( 13b ) can be routed back to the server via the microphone MIC of the client computer CL (server I → TELCOM (1) → CL → server I, 13b ).
  • The data loop DS (Server I → CL → TELCOM (2) → Server II → Server I, or vice versa) is not yet closed when the user calls (via TELCOM2) via the Internet connection Server II → Server I (and vice versa) , which is only after notification of the IT address of the server II to server I (via the telephone connection of the data loop DS, as discussed above) or it can also server I in advance (via a direct link) to establish a connection to the server II, if the Procedure z. For other applications, such as the connection to a certification server described below for receiving / validating a digital signature. In this case, the server II then sends the server I, corresponding data with the address of the telephone number used for logging on the preferred data loop T- # ditto vice versa, when server I sends data to the server II.
  • Call forwarding: It is further evident that the telephone number to be called can be routed via a call forwarding via which the callbacks of the (or possibly the) server station (s) involved in the method can also take place. The same applies to the use of SMS, IT telephone connections, etc. as further data channels for the telephone connection of the connection (T- #) for establishing the data loop on the client side.
  • If necessary, the interposition of a trusted server is provided, the z. B. to Orststarif or free tariff SMS (possibly also a call) receives, in the SMS as text then two phone numbers that are marked by letters at the beginning are [s000111h22222222] specified. The first phone number (s) refers to the name of the server, but the name "000111" at the trusted server again in a phone number or e-mail address, or a direct call a server over the Internet, etc., is implemented, and the second number (h) relates to the specification of a separate telephone number T- #, z. B. a mobile number.
  • The trust server either negotiates the invocation of the web page to be called anonymously, and guarantees the user the authenticity of the called WEB page, or after the trusted server sends the received SMS [s000111h22222222] to the actual web server (the server_anonym, SANY), using a low-cost IT telephone call, the user calls the user back to the T- # terminal, whereby the user, via an acoustic coupling, or an SMS, infrared, etc., sends the data loop DS to the other server. the server display, SDIS), which displays the telephone number list via its WEB page "WEB-Vermittlung.com", in order to call up the respective WEB page in the manner described. The trusted server does not store the views of the WEB pages of the server anonymously, SANY (or even several, depending on the number of SMS received), but forwards them to another server, the like a name server, the z. B. in the first place of the SMS standing first number (s) is converted into an IT address, and the trust server responds. This data exchange takes place under the servers, as always, encrypted accordingly.
  • Encrypted presentation of WEB pages:
  • Since the provider of the WEB page can hide perfectly by the preferred Verfahrern, it is logical that such a provider z. For example, e-mails can also be looped through by a server in question (eg Server II) in order to hide the sender. Then the sender is z. B. "Pseudonym_081.de" and can even be disguised as an encrypted WEB page. In fact, an encrypted browser is already long overdue in order to make WEB pages accessible only to a specific circle that has the corresponding key. Since now also the sender or producer of the web page can no longer be determined, further e-mails can be disguised as encrypted WEB pages, and of course still as text or image, etc. encoded without being able to determine the sender, can be sent, the Internet will certainly be more interesting from a certain total encryption in many areas. Encryption without borders is the motto. Since now it can no longer be distinguished whether an encrypted page is a WEB page or a private email in which the text of the email geometric form of pretty girls is encrypted (because the server is the page then simply prepared accordingly), furthermore, the sender (or owner) of the WEB site can no longer be found, eavesdropping is actually becoming more complicated.
  • All this makes sense, of course, if the provider of a WEB site can safely hide, so that the server is not bugged by intrusive attackers. Ie. The task of securely hiding the sender of a web page, especially by calling the web page completely anonymous, bypassing the Internet using a different network (eg by calling a telephone number T- #), sets a Milestone in encryption technology in the IT sector. The network over which the call of a web page takes place and this is a telephone network, could also be any other, z. B. a radio network including using a Morse channel, etc. It is also possible to use different networks in the production of the preferred data loops for Server I and Server II.
  • In this example, the server II also identifies the user's telephone call via a data loop (2), with the option here of placing the data loop (2) also over several servers, in this case via the two servers I and server II, i. H. continue to form on the (first) called (and the browser of the client by the user as currently selected) WEB page 1 of the server I, and generated by the server II, forwarded to the client and encrypted KODE (2) via the server I, loop through. The decryption of the code KODE (2) sent by the server II is then carried out by the server II when it is restored.
  • Collateral for the data loop:
    • It is evident that the encryption of the code sent via the data loop (KOSE) can also be carried out by falsification, ie. H. if an attacker intercepts the code sent to the data loop from the server to return it to the server on the other channel, d. H. the server receives the same code over both data paths, he still recognizes him as wrong. For this purpose, the server sends to one of the terminals involved in the data loop an encrypted algorithm for the defined falsification of the code (or uses such) and checks on recovery of the code, after decryption of the falsification, oh the code is correct (ie with the sent out matches).
    • A further variant is to send to one of the terminals involved in the data loop an algorithm for the defined interruption after defined pause times / transmission times of the code, and to check these times when returning, ditto if necessary, from one of the terminals involved in the data loop to one check the code added to the particular algorithm, etc. The thus interrupted code is then reassembled before the check. If the time periods or the duration of a code fragment and the associated pause do not match those calculated in the server or specified by the server, then the code is considered fake.
    • • If the code signal is routed through several servers, then this server can also perform the alienation of the code routed via the data loop (KODE ...) according to an encryption algorithm, whereby the responsible server decrypts this alienation again.
  • Further procedure of the example:
  • A corresponding data channel (channel CL-T- #) is provided between server I and server II in order to transmit the code signal KODE (2) between the two servers.
  • In 13a this data loop (2) connected via both servers is formed via:
    (Server II → Server I → CL → TELCOM (2) → Server II)
    or in the variant 13b :
    (Server II → TELCOM (2) → CL → Server I → Server II)
  • Example too 13a : Via this data channel (channel CL-T- #) connected in server I, the further code signal KODE (2) transmitted by the server II via the server I (via the Internet) is made available to the user just as for a data link DS, as before has already been made for the generated by the server I code signal KODE (1). However, in the case of the code signal KODE (2), the server I works only as an exchange or provides the data channel. Generation and transmission of the code and comparison takes place in the server IL However, in principle, the server I could generate the code signal KODE (2) and the server II only over an Internet connection IT "extended" telephone connection to transmit the code signal KODE (2) the server I provide. Of course the same principle works in the opposite direction, too 13b shown as a variant (alternative) and has already been explained at the beginning for data coupling on the client computer CL.
  • In this example (including server II and server I), the data loop (2) closed via both servers can be checked directly by the code signal KODE (2) to determine whether the user is calling for his telephone call from server II (directly or via a Call Forwarding) the same telephone line T- # (a relevant telephone number) used, as he has also used in the first identification when logging into the WEB page 1 for the data loop (1) of the first code signal code KODE (1) of the server I. , In this case, it is furthermore possible to use this data loop, ie via those considered secure or unmistakable (eg via a dialing office or consisting of radio channels). Connection (here the telephone connection between client CL and server II) both from the server II to the server I, as well as from the server I to the server II (in each case via the coupling on the client CL) encrypted data are exchanged, each server ( I or II) within this encryption can enforce its test code (CODE 1, CODE 2) arbitrarily.
  • In this case, if necessary, the coupling at the client CL can also be bidirectional, ie the client computer CL coupled, or transmits via the phone, or mobile phone, both input and output data of the relevant WEB page, ditto the phone.
    • • Likewise, in this example z. B. Server II to the phone over the telephone line (ie, bypassing server I) an algorithm, or z. B. store data for a string to be generated by the mobile phone break interruption of the returned code, or even just an algorithm for easy modification of the code (KODE 2) store over which the code is alienated, thus the server I the test code (KODE 2 ) of Server II can not falsify that server I erroneously rates the check code as positive. Conversely, server I via the IT connection to the client computer CL and the data link to the mobile phone (ie bypassing servers), the mobile phone the algorithm for alienation of the code (code 1) store over which the code is alienated, thus the server II can not falsify the check code (KODE 1) of Server I to the effect that Server II erroneously rates the check code as positive. Ie. Both servers I and Server II can independently encrypt their test codes (KODE 1, KODE 2) independently via the common data loop (via WEB page 1) on the one hand, and simultaneously use a common test loop (through their connection via the Internet) via they can receive data from the user's terminal (eg mobile phone), which are intended for both servers, and can also check the telephone loop via their check codes.
  • Thus, the option exists that Server I and Server II can independently of each other in each successive data loops (each telephone line T- #) to make the synchronization of the processes, or can make the synchronization of the processes via a common data loop (telephone line T- #). For the latter variant, which is preferably carried out with a mobile phone, the mobile has two independently functioning and also to be configured alienation functions for alienating the received and forwarded to form the data loop codes. For the code fed from the coupling interface (from client CL or another cell phone) (acoustic, infrared, etc.) to forward it over the telephone connection, and one for the code fed from the telephone line to forward it via the coupling interface (to client CL or another mobile).
  • Thus, for this example, the two options (in the full or half duplex method) send the server generated by the code signal KODE (2) either via server I and via the data loop DS of the user and the telephone connection (2) to the server II back to receive ( 13a ), or in the reverse direction to send out the code signal KODE (2) generated by the server II via the telephone connection (2) and to get it back to the server II via the data loop DS of the user and the Internet connection (IT) from the server I ( 13b ).
  • Further training variants and general options for selecting the server by the user (T- #):
  • For a further development variant, the telephone numbers to be dialed by the user are not only displayed as text in the WEB page, but also still encoded as a signal (eg acoustically in accordance with a modem signal) and output by the client computer CL and used in the same Terminal (landline, mobile, etc.) of the telephone line T- # used by the user, e.g. As the easier compatibility because of acoustic coupling for cheaper versions, or even over infrared for slightly more expensive versions.
    • - a) There is a general option, eg. B. for a cell phone, that in general supplementation (and direct applicability) by acoustic feed of a modem signal (acoustic coupling), or alternatively via an infrared interface made feed (as a further option) from a WEB side via such an interface (or another variant, etc.) issued phone number directly into the phone, or mobile phone can be read in order to then dial the number automatically. This option is also generally very well for specified in the WEB telephone directories, or telephone numbers, regardless of the preferred application.
    • - b) Or, if a standard phone is used without such an option, then the user can only be dialed a specific service number, the call forwarding to each of those Number dials, which the user via a simple acoustic coupling (from the speaker of his computer to the microphone of his phone) makes, this call forwarding then the server II including feeds with a given extension number. This application is applicable in the most general form regardless of the method according to the invention and can be used for all WEB pages displayed in the phone.
  • In both cases (a, b), the user copies on the relevant WEB page 1 (represented by any general server A) by dragging and dropping (via the clipboard of his operating system) the telephone number into a window of a second service website (represented by Service server TCOM). The service server TCOM is operated, for example, as a free service of a mobile phone manufacturer or a network operator, etc. After the user has sent the telephone number to the service server TCOM via the window of the relevant WEB page, this WEB page generates the signal output at the client computer CL of the user, whereby the user of this (acoustically or via infrared, etc. output signal) read into the phone, which decodes the signal corresponding to the phone number and enrolls in the dialing memory, while the user z. For example, add a comment to the WEB page of the service server TCOM, which is stored on the mobile phone for the number and displayed as a selection aid (text) for the selection of the telephone numbers. It is evident that in the case of networking the arbitrary, general server A with the service server TCOM, the user can save the input of the telephone numbers in the WEB page of the service server TCOM (via) drag and drop, and then by clicking on a relevant telephone number , or a selection field for the telephone number selection, etc., on the general WEB page of the general server A, by a standard link, a small window of the service server TCOM is called to indicate that the service server TCOM now via its WEB page Output of the signal corresponding to the telephone number generated (eg as modulo 2 sync signal with block repetition), which the user can feed into his mobile phone.
  • In further development for the design of a telephone set or mobile phone when using the preferred coupling for the preferred data loop (to / from the server) this use includes the following additional data:
    • a) the input of the address, or the name of a WEB page to be invoked in the client computer (via signal of the telephone line T- #), this via a plug-in software that supports the browser of the client computer CL directly, or via a relevant direct support of the Internet server can take place,
    • b) the input / output of data to be sent via the data loop of the client computer CL from a telephone connection to a server or from a server to a telephone connection, in particular the check code (KODE) for checking the data loop,
    • c) the implementation of an SMS received at the terminal of the telephone connection via the telephone line T- # (telephone or mobile phone), which correspond to a data code, or data, in a data stream via the data loop and the direct data connection of the client computer CL the server to be sent
    • d) the conversion of an SMS received at the client computer, which correspond to a data code or data, into a data stream which is sent to the server via the data loop (on the client side CL) through the telephone connection (telephone or mobile phone),
    • e) the alienation of the data loop received and re-transmitted code (KODE) such that the code obtained is changed (encrypted) according to an algorithm, which is reversed to restore the code (decryption) in the server, where the terminal concerning the data loop (eg mobile phone) at the coupling point of the data loop obtains the encryption data or the algorithm respectively from the transmission side from which the code to be alerted (KODE) is referred, which is in the other transmission side (after this Algorithm) alienated continues to be given and optionally (if necessary) for both directions independently of each other, the alienation (encryption) via the coupling point looped codes with completely decoupled encryption data is done.
  • As already stated, three variants are particularly preferred for the coupling of the telephone set or mobile phone to form the preferred data loop to a client computer CL or possibly also to another mobile telephone, wherein if necessary this coupling can also be bidirectional:
    • 1) an acoustic coupling over the existing handset and microphone of the telephone. or mobile phone, possibly also another mobile phone and / or speaker / micro client computer;
    • 2) the coupling between the mobile phone, possibly also another mobile phone and a client computer via the existing infrared interface;
    • 3) the coupling between the mobile telephone, if appropriate, also another mobile phone and a client computer via already existing camera optics and for the opposite side of a corresponding brightness modulation (or color, etc.) of a graphical area (eg circle, square, etc.) displayed on a display or screen , Etc.);
    • 4) the coupling via the SMS channel of the mobile phone, the SMS is read in via the data link as a data stream (depending on the data direction), or read;
    • 5) the production of the coupling via connections switched through hardware and / or software, wherein instead of a user, if appropriate, a server can also undertake the formation of the data loop DS instead of a client CL.
  • For these applications, in addition to the variants for the preferred method also sought for independent most general protection.
  • Another good application for the specified method is z. For example, proof that certain terms and conditions that have been disseminated via the WEB have been read when the data loop is formed via this page, or the linking of certificates.
  • The following chapter deals with the linking of servers, which are authorized to receive certified digital signatures (and are eg set up and supervised by a notary) with arbitrary servers, which are not subject to any official control and still present documents to which the client User (user) can submit a digital signature, but with the advantageous difference that the undersigned who makes the digital signature to such a document, has still backed up the counter-document to which an equivalent and possibly even notarized signature of the provider is present on whose document the user gives his signature. This countermeasure takes place (eg with the involvement of a notary with whom the relevant server is located) exactly to the document which the user of a respective WEB page signs with his digital signature.
  • Mobile phone (or possibly a landline phone) used for the digital signature of a WEB page:
  • for use:
    • - digitally sign documents, including e-mails received, that are displayed on any server and digitally sign them in the name of a certification server established at a notary or court;
    • To digitally sign outgoing e-mails addressed to any server and digitally sign them upon the search of a certification server established at a notary or court;
    • - to handle purchases on any WEB pages, to record deposits on bank accounts, transfers, etc., any processes and events which are controlled by a server and a mobile phone (eg access control to a bank locker, etc.) under Searching for a digitally signed certification server at a notary (or a bank, etc.).
  • In addition to the possibility of using exclusively a code entered in a WEB page as a digital signature, further development variants are described here which, in addition to this code, also use variants as alternatives or in simultaneous use for further security and a sensor system for identifying the person, below Person sensor called, with the following variants and options concern:
    • - a pin code input, and / or
    • - a fingerprint sensor, and / or
    • A voice recognition, and / or
    • - an iris query
  • The valid recognition of the fingerprint and / or voice, ditto possibly via the WEB camera made iris analysis is done for cost reasons in the best of the phone dialed server, with a pre-detection, however, can still be made in the phone. The possibility of the preferred method further provides a security, twice, once to test whether the ATM is actually operated by the right server, and further whether the phone communicates with the right server over the telephone network. Both possibilities of forming the data loop DS (serial to 14a and / or in parallel 14b ) are used for the purpose of this recognition. In the serial data loop ( 14a ) receives the phone over the safer connection, z. B. via the telephone connection from the server confirming that the loop was tested positive by the server sent KODE. In the parallel data loop ( 14b ), however, the mobile phone can determine the safer connection via the KODE sent by the server also autarkic.
  • It is evident that the method described below for issuing a digital signature can not only be used for a WEB page, but also at an ATM connected to the relevant server (via which the data loop is closed) to clear money , or even to open an apartment door, the electric lock is then in communication with the server, the opening signal, however, is sent as an encrypted signal to the lock from the phone directly to the lock (in addition to RF via infrared interface, etc.). Advantage: The server alone can not operate the lock without using a cell phone (as a key).
  • Procedure for this example (for opening an electronically locked lock): If the user is positively recognized (as the creditor), the server generates a random code (KODE), which he sends to the lock. Furthermore, the server also sends the code (KODE) to the mobile phone so that it transmits this code to the lock as an opening code. If the code matches, but what is checked here at the lock (ie the client CL), then opens the lock, this is not the case, the server aborts and registers the opening attempt with date and time, or optionally stores one more about one WEB camera with a sent photo (video), which documents the opening attempt, so that the authorized person can see him if necessary (eg also automatic call on his mobile phone and automatic communication via e-mail, etc.). The data loop with a code check at the client CL is here, in contrast to the serial data loop with code check at the server, referred to as a parallel circuit and the differences below with reference to 14a and 14b explained in more detail.
  • Locksmith: An authorized locksmith can B. via a mobile phone under the performance of his digital signature on any mobile phone, in which then enter the fingerprint of the claimant (usually the apartment owner), give access once by the identity number of the mobile phone for this one-time operation this fingerprint (in the server ), which occurs when granting the authorization for the locksmith to open the door (against the digital signature of the locksmith).
  • Instead of entering a PIN code, or as a supplement, it is expedient to use a voice recognition, the user simply indulges a text transmitted as text message on his mobile phone display. Where appropriate, these texts can also be spoken by the user as a pattern on a corresponding server in the certification of the signature, etc.
  • When recognizing a digital signature, for example, the procedure can be as follows: Entering an optionally even short pin number generates an initialization signal, which causes the mobile to send an SMS to the certification server, which responds immediately with an SMS, which the from User in the phone to speaking text and is displayed on the phone's screen. Another option is to enter a short pin number before speaking. Furthermore, in addition to or as an alternative to voice recognition, the data for the fingerprint analysis can be sent to the certification server, the certification server first sending a randomly generated encryption code to the mobile as input parameter for an algorithm encrypting (alienating) the one sent in the mobile phone Data.
  • It is expedient to form the cell phone so that encrypted, sensitive data concerning a fingerprint and / or a voice recognition and / or an iris query during the existence of the preferred data loop DS (checked via the server emitted code), or during the data loop is checked by a CODE, sent to the server in question, or that the mobile phone does not send the data to the server concerned, if the check of the data loop (or the code CODE) negative. This ensures that sensitive data, not even from the phone if the endpoint check of the connection (phone server / mobile / WEB server) does not match the desired connection.
  • If the user does not follow the actions to be taken within a time-out period initiated with the initialization of the process, then the server will abort the process and possibly only permit a limited repetition of initialization attempts, as is also the case with the usual simple pin entry at ATMs.
  • In connection with the preferred data loop (2), a digital signature is to be sent to any WEB page "WEBX.com" of any server (eg from server I, which may also be located on the Fiji Islands) via a corresponding mobile phone in which case the server II is used as a check server to check the digital signature and should be well secured and well monitored by a notary or court, or a certification authority.
  • In this application, the procedure is as follows: The user has called a WEB page "WEBX.com", which is generated by the server I.
  • For this check of a digital signature, the check is initially carried out as to which telephone number T- # of the mobile phone the user is logging into using the preferred data loop in the server (here server I). By clicking on a button on the relevant WEB page of the server I, the server I to the certification server II establishes a data connection, if none existed (concerning other participants or users).
  • In this case, the server II (certification server) sends the random-generated KODE (2) and receives it for checking on the already data loop 2 (either after 13a or after 13b ), ie via the WEB page "WEBX.com" (which has a corresponding interface for supporting a digital signature) back, whereby via CODE (2) the server II for this application checks which telephone connection, in particular which mobile phone ( ie which number T- #) is used during this data loop 2. In this application, the CODE (2) consists not only of the identification code generated by the server II to determine which cell phone is in the data loop, the phone number of the cell phone T- # z. B. is checked again by a callback of the server II and then the data loop 2 is formed in this call back, but the phone generates in this data loop 2 another identification code, here referred to as personal identification code (PIC) added, comparable to the additional data, the for a cashless payment by means of mobile phone in the identification data loop (data loop DS) are added, as already explained in detail. In addition to the addition of the personal identification code (PIC) alienated the mobile phone received from the server II CODE (2) for the purpose of encryption according to a secret algorithm, the server II for this purpose beforehand corresponding parameters (as input variables) to the mobile phone over the secure , direct connection, ie via the telephone network (T- #) loads. The returned to the server II CODE (2) is then decrypted in the server II.
  • The Personal Identification Code (PIC), which in addition, or rather as part of KODE (2) is also transmitted via the data loop 2 to the Server II, corresponds to a standard code as used for the transmission of a digital signature and can still the required additional data (as an option), such as: Example, the data for the identification of a fingerprint and / or an audio text for voice identification or an optical image of an iris, or even a common pin code, etc., thus in addition to the server II emitted and alienated in the mobile phone code CODE (2) optionally, a long block of data is transmitted as the server returned CODE (2) via the data loop 2. In the mobile then takes place for this purpose a corresponding formatting, which includes the code received from the server KODE (2) in the encryption so that a falsification of the block also sent by the server via the data loop to the phone code KODE (2 ) with falsified.
  • Ie. In an advantageous development is provided, the personal identification code (PIC), which actually only when the user's device (which in this case is the phone) is generated and added, and the original code (2), which already generated by the server II is, and is only transmitted back to connect via an encryption so inseparable that although manipulations are not possible anyway, already the approach to manipulation is further complicated. Thus, the sent out by the server II original code (2) in the terminal of the user (here cell phone) not only alienated and looped through, but after the addition of personal identification code (PIC) in the phone again encrypted and then decrypted when returning to the server II accordingly as well as from the specific mobile phone data (PIC) again separated, so that the originally sent CODE (2) after its recovery (decryption) checked, or possibly the sent can be assigned to the associated WEB page "WEBX.com" of the server I, or the associated session whose data loop 2 is routed via the telephone number T- # of the user (via which this CODE 2 of the server II) identified in the server II in the preferred data loop (via the IT connection between server I and server II, cf. , 13a . 13b . 19 ), to find.
  • In short, in this process, the following steps have been carried out so far:
    • 1. Login of the user via data loop T- # into the page "WEBX.com" of server I; Note: If server I is dialed via T- #, then he can directly determine the telephone number of T- # via the separate data loop (DS = 1) T- #. If this selection is to be spared to the user, the data loop (DS = 2) is closed via both servers (via the IT connection between server I and server II), via which shared data loop 2 (via which both servers are involved, both Server can determine the phone number of T- #.
    • 2. After receiving a command from server WEBX.com page I: Examine existing IT connection between server I and the certification server (Server II), if not present, then build, with server I dialing the Server II certification server and verifies the identity of the server II. In this case, the existing method can be used in addition to this test by the server I z. B. over its fixed telephone line T - ### automatically selects the server II, and over a parallel or serial data loop DS = T - ### (possibly with encrypted receipt of Server II) checks the authenticity of Server II. Note: For this test, the data loop DS is not made by a user or operator but by automatic coupling (semiconductor switch, relay, port addressing, etc.) between telephone line T - ### and server I. The formation of a parallel loop here has the advantage that the server II accordingly 14b Although the generated by a random generator code for both channels (1 and 2, here T - ### and IT) internally generated the same, but by the encryption (alienation of a channel or both channels, here 1 and / or 2) unequal codes sends data lines (1 and 2) to the client; this is the server I, over which the data loop DS is formed (by appropriate hardware interface), the server I restores the alienated sent code after the algorithm agreed with Server II, so that he (with correct looping 2) for both Channels 1 and 2 ( 14b ) becomes identical again (1 = 2), thus verifying the authenticity of the server II (the certification server) selected by the server I. It is evident that this can also be done in the opposite direction in order to check the authenticity of Server I by Server II.
    • 3. Select the server II via the telephone connection (or mobile phone) T- # of the user. In this case, the data connection (or mobile phone) T- # of the user and the existing IT connection between server I and server II, the data loop 2 is formed as a serially connected data loop DS, according to 14a (see also 19 ).
    • 4. Server II (this is the certification server) sends the terminal on the data loop DS (here cell phone used for DS = 2) in direct access over the secure connection (this is telephone connection) the current input parameters to use for encryption of CODE 2 which is sent by Server II for the purpose of examining DS and routed via Server I, along with the security data entered by the user into the mobile phone (pin number, data of fingerprint, voice, iris, etc.) in the mobile phone continues to be encrypted. Thus server II (the certification server) receives the sensitive data of the mobile phone as well as its test code KODE 2 encrypted to check the data loop DS, without the server I Thus Server II, via whose IT connection would have the opportunity to identify the encrypted data, even if he knew the algorithm, he still would not have the actual input parameters for decryption. Likewise, in this variant (since DS = 2 is used), the server I likewise has the option of configuring the data loop DS for the encryption of the data assigned exclusively to it, ie the terminal on the data loop DS (in this case using the mobile phone for DS = 2) the IT connection (to the client CL) the current input parameters to use for the encryption of its code KODE 1 for autarkic testing of the loop (2) as well as possibly from the phone to server I and data can be transmitted, which Server Servers II can not decrypt. Conversely, in accordance with special training of the mobile phone, the server I via the coupling (acoustic, infrared, etc.) z. B. also directly query the phone number T- # of the mobile phone regardless of server II. If this training does not exist, then, for example, server I can also do this by the user having to select him via the telephone network before; which is spared in the further education version of the mobile phone, however (see also later on) 20 ).
    • 5. The Server II certification server constantly cycles through a scanner cycle and compares all the codes (here via the IT connection of Server I) after they have been decrypted (CODE 2 of all subscribers, possibly of a large number of servers of the "Server I" type). ) with the codes sent out to form the pairs, as already suggested in a comparable example, and assigns to each code pair the associated telephone number T- # (at which a respective code has been sent out or from which a respective code has been sent each has been obtained, depending on which variant 13b or 13a is used). Thus, Server II can constantly check as often as required, or associated with the code data of the phone can clearly assign the relevant phone number T- # of the user, if not him directly, but via the IT connection of the server I together with the code 2 , or also with the telephone number T- # be transmitted. It would be possible for many applications, eg. B. opening a turnstile, etc. even apply the method as needed so that the server I, which offers the power (and the hub monitors) makes no identification of the phone number T- #, but to a server II sent code 2 only receives the respective answer (OK or non-OK), ie if recognized, then open the turnstile, or a door to a bank, etc. Furthermore, the server I can of course also own data, such as documents under the assignment of code 2 (Ditto T- #) send to the certification server Server II, so that this document in the database of the server II can be uniquely assigned to a particular cell phone, which has formed a data loop (DS = 2) with him.
    • As a further special feature, it is also possible with this method that, via a special plug in software of the client computer, the relevant document or parts of the document (also only checksums of the data in the text lines, etc.) via the coupling of Mobile phone from the client computer via the telephone line directly to the server II (certification server) are sent so that if the document later receives from the server I over the IT connection to a specific phone number T- # can also check if it is exactly is about this document.
  • For the delivery of the digital signature from the input code KODE (2) the code (PIC) is added in the mobile phone and this entire code is encrypted, the code (PIC) also previously (additionally) can be encrypted as desired, etc. The server II then decrypts this code again and disconnects the code (PIC) from the CODE (2) and checks on the one hand the CODE (2) for the telephone number T- # to be obtained and further checks the transmitted from the transmitted digital signature and the user identification (PIN number, Fingerprint, voice, iris, etc.) composing code (PIC), whether:
    • 1. the digital signature of the received telephone number (T #) associated with the code in the database (2) correctly corresponds to the received digital signature?
    • and 2. whether the user belongs to the cell phone of the telephone number T- #?
  • Ie. we receive the usual security of using a certified code for the purpose of a signature, within the code rated by the server, i. H. at the time the code arrives (and not just by a prior check, etc.) nor the additional assurance that the user and the exemplary coded input device (here with the phone number T- #) must be inseparably connected, otherwise also the personal Identification code (PIC) is evaluated negatively. That this statement is contained in a single (common) code, has the advantage that even if the telephone exchange by an attacker, or hacker had already been conquered, even then (- careful encryption provided) - it will not succeed, this To manipulate statement.
  • In addition, in this method, when sending the code KODE (2) originally used by the server used to identify the preferred data loop, this code can be supplemented with a certain bit length with excess bits, the excess bits being provided only as placeholders , The digits that belong to the valid code are nested among the wildcards (according to a given encryption), so that speculation becomes more difficult here as well.
  • It is evident that the same method can also be used to jointly encrypt the data for the payment transaction with the code for the loop identification, to decrypt it again in the server.
    • As a concrete example for the further addition and testing of codes within the preferred data loop (s) (1, 2, etc.) is described in the application explained below, in which a cell phone or a telephone set (a landline) than Ideal encryption device is used to perform a digital signature, with the possibility of digital signature over any network and any terminal (here, for example, on the screen of any connected to the Internet Client Rechner CL) for the performance of a digital signature for a transmitted via this device document (eg, via a WEB page) to use. It is evident that here again as a terminal in addition to a client computer CL, also another cell phone can be used. Furthermore, according to this method, other person-related activities (opening of barriers, access protection, etc.) can be controlled.
  • Here, the client computer, on the z. B. the WEB page is shown with the document to be signed, also in an Internet Cafe and be provided with a special acoustic coupler or infrared interface, etc., for coupling the mobile phone's.
  • It is evident that the data for recognizing the person or the user identification (pin number, fingerprint, voice, iris, etc.) can also be pre-evaluated already in the mobile phone by a corresponding processor.
  • The mobile phone with its secure electronic signature is bound by the preferred method to the WEB page used for the data loop, as already explained for the examples of cashless payment transactions. This connection increases the security, and above all, the affiliation to which WEB site an electronic signature has been made. It is provided in a further development, even the document or test values (cross sums, determined via lines sums of data, etc.) via the data loop DS to transmit (possibly encrypted), thus the certification server, the data via the loop DS from the phone for the digital signature, and at the same time receives the document to which the signature has been made.
    • Generally speaking, several servers (I, II) can therefore be integrated into the data loop DS, the data entries PIC assigned to one another via the mobile phone and data (eg a document, etc.) also being transmitted via their test code (KODE 1, CODE 2) secured data loop DS, whereby also the servers among themselves their information, regarding the data input by the mobile phone over different encryptions can keep secret (see also 20 later).
  • In the conventional methods according to the prior art these possibilities and this security is not given. Since the proof of authenticity of an electronic signature of some dimensions, a corresponding effort, but against attacks in the WEB, where the signature against better knowledge of the undersigned can also be done to a completely different document (or even another foreign server web Page could be under the name of the certification server when intercepting the call on the Internet), the signer is not immune, especially if the presentation of the document is a different server used than for the input (and verification) of the digital signature.
  • Since the data for recognizing the authorization of the signature provided with the corresponding data is encrypted, they can also be looped through for the purpose of logging by that server which actually generates the document to which the user of a client computer CL signs. Here is the server I.
  • In this case, and this is a further advantage of the method, the server I can additionally feed its own identification code KODE (1) into the data loop in order to receive the telephone number T- # via the return by the client CL (or via the mobile phone). check the telephone or mobile phone used to hand in the digital signature.
  • Wherein server I can do the same twice, a first time when the user logs into the generated by server I WEB page "WEBX.com", wherein the user establishes the telephone connection to the server I by his direct telephone dial (to the data loop 1, which may also be omitted in the more elaborate variant of a more elaborate protocol) and subsequently, to sign the document, although the document is located on the WEB WEBX.com Web site generated by server I, the user is the telephone connection to server II through its direct telephone dialing establishes (to form the data loop 2). Ie. the (in principle any) server I represents the WEB page "WEBX.com" on the browser of the client computer CL of the user, the input and verification of the digital signature is made via the certification server Server II, for this purpose from User is dialed directly by phone to form the data loop 2, and is for example in an office or a notary.
  • For both variants 13a or after 13b , the client CL has first called the web page generated by server I "WEBX.com" and is now to a on this WEB page, or on a sub-page (such as WEB page 1, etc.) presented document his signature make by delivering the digital signature, this z. B. can be made to a sent e-mail, or the document to be signed can be any electronic document that is sent via such Internet access, regardless of whether the signer gets sent the document for signature, or whether he as E-mail sent.
  • If the user of the client computer CL wants to submit his electronic signature to a basically arbitrary electronic document X, he first forms a data loop (1) by telephone call of the server I, via which the server I can identify the telephone call of the server (or also as Option: equal to a data loop 2 via the certification server II), wherein the server I recognizes the telephone number T- # used by the user (directly via the data loop 1 or as an option: also via the data loop 2, or via the server II), or ., Where appropriate, by a call on the user's callback, via which the data loop (1) of the user is then formed, also checked immediately. Server I represents the relevant document X on its WEB page ("WEBX.com").
  • Immediately before the user wants to make his signature (electronic signature) to a relevant document X, d. H. if the supplements to be made by the user in the document, if necessary via form input, have been recognized as complete by the server I software, the user will download the document ready for signature to his PC for archiving and will also be expressly posted on the relevant WEB page WB Page "WEBX.com" prompted to do so. It is expedient if the user before signing the text that he signed for prints, so that he can read it carefully again.
  • If he has saved the document on his computer, then the user can terminate the data loop (1) and click the link on the document (the WB page "WEBX.com") concerning the performance of his digital signature. This link is used to call WEB page 2 of the Server II certification server.
  • The certification server is in an office or at a notary and
    • - accepts electronic signatures from the undersigned (undersigned) together with the document to be signed, whereby here the option exists to also obtain the document in addition to the direct transmission possibility via the Internet via the data loop DS,
    • - checks the accepted signature with the stored pattern, archives the document and signature,
    • - and send to the undersigned as a record the document with the advance confirmation that he has signed it. Later, the undersigned may also receive the document from the official body or from a notary by post confirming that he has signed it with his electronic signature. This service can, for. B. in a notary from the certification server almost fully automatically handled so that the documents are printed together with a letter sticker of the addressee on a stack, the payment of this service via the associated with the WEB side of the certification server method using a phone, ie via telephone charges or via the described cashless procedure. In the following, a further development is described, in which a chip is stuck under the seal (of the notary or an office, etc.) as proof of the signing of the document, which is created automatically by the certification server in each case.
  • In a further developed, (optional) additional function, the user, ie the signer who uses the digital signature for a particular document, should have the absolute certainty that the digital signature was sent to the correct server (ie server II here). This is done in a training option so that within the data loop (2), which relates to the certification server (Server II), the code generated by the server II (2) in addition to the generated as a random code portion of the code (for verifying the authenticity of the user within the data loop 2) still contains an encrypted name code of the server II, via which the mobile phone (possibly also another terminal, such as a telephone set or a plug-in in the client computer CL, etc.) recognizes the server II, so that Abuse attempts (with fake WEB pages) not only after sending the certified and encrypted code of the mobile phone, or terminal are recognized (because of the wrong, or in the mobile phone, or terminal not recognized acknowledgment of the server, which also access to access according to the principle of a transfer code can be constantly changed), but already when contacting the server (II) after de It is clear from the protocol that this is not Server II. The encryption / decryption of the name code of Server II can be done by any algorithm, in the simplest case using partly by program (stored in the chip card of the mobile phone with stored) as the transfer codes constants and partly determined by a secret formula variables that change from access to access, with the number of access attempts in the phone and server are counted and also can be reconciled with control data between server and mobile phone, etc.
  • The data loop (2) therefore ensures:
    • a) the authenticity of the access by server II within the data loop (2) of the mobile phone as additional optional security in terms of avoiding that the user logs on the wrong WEB page, or in the wrong server in the delivery of the digital signature ;
    • b) further by selecting the phone number of the server II is already given a high level of security that only server II is in the data loop;
    • c) that the mobile in question with the relevant telephone number T- # is in the data loop and the digital signature is provided by the user (in compliance with the said other collateral such as pin number, fingerprint, voice profile, etc.), the mobile this digital Encrypted signature sent to the server II within the data loop (2);
    • d) and still further that the collateral mentioned under a) ... c) can, if necessary, be combined into a self-contained, encrypted code, whereby the server can detect manipulations of this code during decryption.
  • Thus, via a data link of a telephone connection corresponding to the number of a mobile phone (or another terminal) T- # secured link the call of WEB page 2 of the certification server (server II) by the browser of the client computer CL.
  • When pressing this left (ie call the WEB page 2 of the certification server) sends the server I, which represents the document X on its WEB page "WEBX.com", to the server II, the receipt / verification of a digital signature document X, the message that a cell phone (or an alternative terminal) with the phone number T- # has logged, thus the server II a digital signature to this document X, which is stored on the server I to form a data loop with the telephone number T- # (by the user) expected.
  • This document X, which does not necessarily have to be a text file, can therefore also be an image file, or it can also be a process description that server I has generated, such as eg. Example, the opening of an apartment door using the method by a locksmith, etc., as it should be signed (ie, if necessary, including made form entries of the user) with the phone number T- # as a mapping address, from the server I to the server II sent. As these can also be confidential documents, the Server II is best placed under the access management of a notary who also has exclusive access and administers the system administration, etc. In case of a challenge to the signature, the notary can then verify the correctness of the Process as a witness either confirm or deny. In this case, the server II can be connected to a log printer, which prints the signed document in each case and complements the digital signature with the text of the owner. So that the signed document is available as a hard copy at the notary, or later in the legally prescribed manner (microfilm, etc.) can be archived if the paper is destroyed for reasons of space, or the undersigned can be handed over a notarized by the notary copy , Likewise, further data carriers, for. In the following, a preferred variant is described in which the storage of the process (signature + document) is archived on a chip that is under a seal (eg a notary). can be stuck.
  • All these operations between Server I and the Server II certification server that the user has triggered by pressing the link on the WEB WEBX.com page of Server I for the purpose of calling the Certification Server WEB page 2 (Server II), Of course, run using a user interface fully automatically on the WEB side.
  • Whereby the server I by transmission of the document X together with the telephone number T- # of the relevant mobile phone of the user (as access address) to the server II, the call of WEB page 2 (by pressing the left on the WEB page "WEBX. com ").
  • Ie. while the WEB page 2 of the certification server Server II is called by the "WEBX.com" (the server I), server I receives the telephone number (mobile number T- #) of the user and the associated document X from server I.
  • Thus, this process is an application as it has already been stated, namely, that different processes running on several servers via corresponding data loops, which are connected via telephone networks (ditto mobile networks) by the telephone numbers T- # of the connections ( or the user on the client side CL) coordinated or assigned.
  • Through the WEB page 2 (via the link of WEB page "WEBX.com") called by the certification server (Server II), the user receives the request to dial the telephone number (of a dial-up network) specified on the WEB page. By this step, the user is given the absolute security (corresponding to the dialing network) that when the respective WEB page is displayed, this page is actually the "WEB page 2" of the certification server (server II). If the server has checked this by the code generated and sent by him (CODE 2), then he reports this via an audible and / or visual display on the user's mobile / telephone, possibly also with an SMS. If this confirmation does not exist, then a procedure is provided on the mobile (in a further development) in which the mobile generates a warning tone (or warning display on the display, etc.) after a period of time (from which the data loop DS was formed) , This would mean, assuming the user did not dial, the called WEB page is not sent from the certification server (Server II). Depending on whether a standard cell phone or a specially trained for this certification is used, in a negatively failing examinee the phone to this current phone connection internally still be locked so that it can not send a corresponding digital signature code.
    • - For further security on the server side there is still the possibility to generate the code (KODE 2) of the certification server (Server II) externally (eg by a DSP circuit) and to feed it externally into the server, ie the check of the (also here via the IT connection to the client CL sent and over the telephone connection T- #) back received codes also externally (eg by the DSP circuit) make and the message OK / error to the client (via the telephone connection T- #) also via the external circuit (eg through the DSP circuit). If the certification server (Server II) were successfully attacked, then the user would notice this if he were connected to a wrong server that mimics the web page of the certification server (Server II); in order to prevent, independently of the measures taken for the security of the server (II), that an incorrect server receives secret digital signatures (even if they are encrypted) and, if necessary, also transmits secret documents.
  • By clicking on the corresponding button on the WEB page 2 in the certification server (Server II) a corresponding timeout is started, within which the certification server (Server II) must have assigned the phone number of the mobile via the data loop (2). If this is not the case then an error message is displayed on the WEB page:
    "Phone number of the calling cell phone not recognized, please turn off number suppression, or try again."
  • However, if the number of the calling mobile phone is recognized, then the message:
    "Telephone connection has been successfully completed, the display of the document to be signed is now displayed and the server is called back so that they can provide the digital signature".
  • When the server is called back, the server generates the CODE (2) for identifying the mobile phone within the data loop (2) of the server II, optionally (as additional variant) or the encrypted name code of the server II, so that the mobile phone can look in a table to see if it is in fact, the server is an authorized server (II) to receive a digital signature. If this is the case, then the user receives the message on the display of the mobile phone:
    "You have successfully entered the server" SERVERNAME "to receive a digital signature; Location (eg in notary, etc.) logged in ".
  • If this is not the case (just as with a negative test result on the data loop through the KODE 2 of the server) then the sending of a valid electronic signature on the phone is again suppressed, or the phone can then also issued a warning beep, so that fake Server calls (wrong certification server) are immediately recognized by the user. The phone determines the lack of positive response of the server by expiration of a time-out within which no positive message from the server is detected.
  • However, if the user has successfully logged into the WEB page 2 of the certification server (server II), then he gets the previously transmitted from the server I to the certification server (server II) under the assignment address of the phone number of the phone's document.
  • Further training option: After the server I has sent the document to be signed to the server II, the user can now under the WEB page 2 of the server II, ie on the certification server, the corresponding file, X and as he should sign it see only, but also still with the original file X, which he has previously downloaded from the server I in his computer (CL), but a comparison of the certification server (Server II) provided comparison program compare. If, for any reason, the user has not previously backed up the file X whose content he is to sign, (via WEBX.com WEB page generated by server I, he is prompted to do so now, after which he will make the comparison Furthermore, the user is asked to read the document carefully before signing (eg also in printed form).
  • In order for the certification server (Server II) to compare the file (or document) stored at the phone number T- # address of the mobile user with that stored on the client computer CL of the user, the user must first select the one from the WEB page "WEBX.com" of the server I send on its client computer CL file X stored to the certification server (Server II), the certification server (Server II) then performs the comparison of the files X.
  • This comparison is relatively unproblematic for a text file, in image files in addition to the pixel by pixel comparison, a vectorial Linienzugbewertung be provided so that if due to different resolutions, the pixels change slightly, the comparison only the polyline, z. A handwritten text, etc.
  • If the comparison is correct, then this is displayed to the user and a request is made to submit the electronic signature. If the comparison is not correct, then the relevant text passages or positions in the file are displayed on the screen of the client computer CL by the certification server (Server II).
  • During the comparison of the documents, the user can also terminate the data loop (2) or, for security reasons, also select the option (eg entered via the mobile phone) to constantly maintain the data loop (2) for monitoring, whereby the certification server (server II ) aborts the comparison of the documents if this data loop (2) is interrupted, etc.
  • For the delivery of the electronic signature, the data loop (2) is required in any case to identify the correct mobile phone (for example, by repeated callback can be requested by clicking on a corresponding button on the WEB page 2 of Server II ), wherein the certification code in the usual way the server II is transmitted encrypted by the mobile phone, here including the control code generated by the server II KODE (2) to control the data loop (2). In order not to be able to crack the encryption, it is recommended to use a different algorithm for the encryption of KODE (2) than to encrypt the encryption of the digital signature or if necessary the KODE (2) also with the name of the server, etc ,
  • After the user has made the digital signature, he can download the document signed via the certification server (server II) to the client computer CL, eg. For example, with the confirmation of the notary, that he has placed the signature on the document on that day (for example, as a counterpart of a contract, etc.).
  • The notary's confirmation may be filed on the relevant document with the notary's seal as signature authentication. Furthermore, important data can be recorded on an electronically described ROM chip mini card, the z. B. glued between the Notarsiegel and can be read via a capacitive coupling. Or the seal has a window so contacts can pick up the chip.
  • The data on the chip contain the data of the document or, in the case of extensive image data, possibly also only reference data, etc., furthermore the proof of all digital signatures belonging to a document, including the encrypted digital signature of the notary, or an authority contained in the data etc. In the following part of the description, this method with corresponding device features will be discussed in more detail.
  • Since the authenticity of the server via the data loop (2) by issuing the encrypted name identifier in the server is also checked (option), furthermore, the selected phone number T- # may concern only the certification server (Server II), the security of the authenticity of the certification server (Server II) issued document. The optional additional encrypted name identifier of the server prevents a user from falling for fake information and dialing a wrong phone number of a malicious certification server.
  • In order to avoid that inadvertent users who may not automatically check the mobile phone number dialed by the client computer and dialed by the mobile phone T- #, this automatic function should be handled with care, or it may be better if the Cell phone dials this number (with frequent use) on the phone number memory, or over the free for electronic signature provided chip card of the mobile phone this number can be called via the phone number memory under the name server number for digital signature by the user for automatic dialing, so no wrong Number is dialed (which has an important security function).
    • • Below is described a further development example, for which, in addition to the use as a device in connection with carrying out the method according to the invention, for independent protection is sought. It is about, for a series process, eg. B. in conjunction with a certification computer, automatically provided with a digital signature documents, or protocols to a process, etc., to record on a chip that may be under a seal (eg., A notary or a Authority, etc.) can be glued in between to authenticate the signature by the notary or the authority.
  • The relevant document on which the signature was provided is stored on the electrically programmable ROM, or if that would be too extensive, then the number of the document deposited with a notary, together with the notarised proof of the documents submitted for that document correspond to digital signatures, wherein in this ROM chip at the same time the digital signature of the notary or an authority is stored. This process can also be automated. As a chip technology, an electronically protected against overwriting FLASH memory, or an EPROM technology, or can all common chip card techniques are used, including the interface, which may relate to ohmic contacting and a capacitive contacting, etc.
  • In this case, such a chip can be used not only for the proof of a signature, but also for the detection of any caused by the user via the delivery of a digital signature events, in which case the certification computer creates a corresponding accompanying document, or printed. For example, in addition to the already mentioned lock application (to operate an electric lock or similar device), also to make choices. Should be selected via the certification calculator, then a lot of votes are stored in a chip, further can also be described for security several chips with the same data, etc.
  • In a special design and generally applicable for the issue of certified documents, the in 16 to 18 and 15 illustrated variant in which the chips in question 30 on a label strip ( 10 with tear-off perforations 11 ), on roll ( 70 . 15 ), are applied, the label strips replace the carrier material of an otherwise conventional plastic card here.
  • Besides the possibility of the chips ( 30 ) Stick on a small plastic backing or even on a thin ceramic plate as a backing on the labels, there are already the technical prerequisites for gluing the chip directly between two paper carriers.
  • The roll with the chips ( 30 ), for example, on a thermal paper strip ( 10 ) are applied, which one with laterally (as a peeling edge) standing out cover ( 80 ) has a self-adhesive layer protected by a corresponding roll holder ( 70 . 71 . 15 ) and a printing unit (housing 61 ). This printing device corresponds for example to a conventional thermal printer (with printing unit 114 in 15 and edition 58 ), which, however, additionally a Kontaktierungskopf ( 53 . 53b ) used to contact the chip. If the chip card is designed with a capacitively coupled contact, then it is sufficient to place it on the paper strip ( 10 ) applied smart card ( 30 ) at the contacts ( 53 ) just pull over (against the pad 57 supported). With ohmic contacting, the contacting head ( 53 . 53b ) lifted by a solenoid (EM) during paper transport and lowered only for contacting. An optical reflection meter 113 scans a coding on the edge of the paper strip ( 13 . 16 ), which corresponds exactly to the contacting position of the chip.
  • With the thermal printer (which is provided here as an option) becomes each chip 30 , or to each by perforation ( 11 ) label, one text and one barcode each, which is also printed on the 40 ) is printed with (cf. 18 ). Thus, before sticking the label on the document, by simply scanning the label and the document with a barcode scanner, or digit scanner, etc., can be accurately compared whether the previously described via the certification server to a printed document chip ( 30 ) belongs to the document at all.
  • After sticking with the chip ( 30 ) equipped paper strip 10 to the document in question 40 , the seal ( 20 ) of a notary, or an authority (which monitors the certification server) glued over it, possibly with the cord which the document pages ( 40 ) inseparably connects with each other. Wherein when storing the complete document text on the chip ( 30 ), this otherwise usual connection cord of the document is actually unnecessary.
  • If the chip can be contacted capacitively, then the seal must 20 have no windows, since the scanning electrodes through the seal ( 20 ) through the contacting of the chip can make. If this is not the case, then the seal ( 20 ) a corresponding window 22 on. The seal 20 , as well as on the carrier strip 10 of the chip 30 imprinted mark m, (eg as a crosshair, etc.) facilitate the precise placement of the seal 20 if a window 22 is provided.
  • In 17 a housing proposal for a reader of the chip is shown when the chip z. B. has an ohmic contact. The housing corresponds in its design to a standard cassette stamp (of course without stamp and without ink pad). Instead of the stamp, the support base ( 53b ) of the contact pins 53 upon actuation of the handle 50 pressed down, where appropriate, on a display 54 (Option) the name of the document (TEXT) is directly readable. The Electronic ( 53b ) with the resilient Abtastspitzen and with the batteries (not shown) is in the handle part 50 housed, which can be by pushing the laterally inserted snaps k, the locking springs f back so far that they disengage from the attacks a, can lift off to change the battery. the data transmission to the computer takes place via an HF or via an infrared ( 59 ) Interface, similar to a wireless mouse or keyboard. The seal then has a printed Aufsetzrahmen 21 on, after which the landing surface 51 of the "stamp" can be placed exactly to contact with subsequent press down the contacts, and until the punch a built-in piezo pips sounds, indicating that the data of the chip have been successfully read and transferred to the computer, ditto if he is missing, the data transmission has failed, resulting in the presence of a display 54 is displayed on this, or otherwise determined on the computer, if the confirmation is missing (if this has been initially initialized on the computer). Otherwise, it is useful after reading de chips 30 to store in the electronics of the stamp between, to call up the corresponding software over the wireless connection of the computer, or to check and to write the data into the computer (PC, server).
  • Another option is instead of batteries or a battery (which is in the handle housing 50 are housed) to use a generator G for power generation. The usual construction of a cassette stamping case is used in which by depressing the handle 50 via a deflection of the linear movement in a rotational movement made on the guide rails of the stamp, a generator rotates rotor G (instead of the stamp otherwise fastened here, the axis a, however, without rotary punch, on the other side between the contact spring pins ( 56 ) is performed). The stator of the generator is then attached to the laterally guided linear guide of the handle and thus by the stroke movement of the handle (as well as otherwise the storage of the punch, and here the rotor G) moves linearly with. As a rotor z. B. small permanent magnets (cobalt, etc.) are provided. Since all the electronics are in the stamp anyway, the contacting of the generator voltage generated in the stator winding, which charges a capacitor, presents no particular problems. The generator voltage is then fed via a conventional rectifier circuit with a relevant control and overvoltage protection to a capacitor which feeds a clocked mini power supply for generating the voltage (for the transmitter, possibly also receiver of the tapped chip signals).
  • Another option concerns an additional mini temple 100 that is either on the handle housing 50 Static (with ink transfer via an external ink pad) or directly on the rotor axis of the generator as a rotary punch (with built-in ink pad 101 ), and if necessary, of course, can also be installed without a generator (battery operation), and the sides of the contacts 56 with the purpose of stamping a dot or a small character on the document as confirmation that after the seal has been affixed, the function of the chip has been retested.
  • Furthermore, in 15 . 60 ... leadership roles, 90 Edition.
  • It is evident that instead of a paper on (or embedded between layers of paper) the chips 30 are arranged, a film, etc. could be used. In 16 the chips are alternately offset alternately (in relation to the longitudinal centerline of the paper strip 10 ) so that they apply symmetrically. However, they could also be placed in the middle of the strip, or it can be used for balancing even plastic or cardboard chip without a chip, etc. Furthermore, for the in 15 Proposal also shown a rewinder for winding the automatically transported labels with the chips automatically described by the certification server be provided, the documents are then stacked when printed by the certification server so that the last document is at the top of the stack, ie in the Order the stack can be removed, as the label strips me the chips from the (in 15 not shown and connected at the end of e) take-up reel can be torn off in order.
  • In connection with the device described, notaries or even courts can certify documents as on the assembly line, which can be signed worldwide using the Internet. In the same way, public authorities can be networked worldwide in this way in order to submit timely and legally binding information with a corresponding signing to another state or authority, notary, etc.
  • Certification of electronic signatures for e-mails sent by the undersigned:
    The same procedure can also be performed with a sent e-mail by first sending the e-mail in advance to the certification server, where it is stored in a database of the server at the sender's e-mail address. The sender calls the relevant service, e.g. As the web page of the certification server, logs on the preferred data loop DS on his phone with his client computer CL, indicating his (e-mail) address, and thus gets access to his document, him on the client Calculator CL is displayed and to which he, as already explained in principle, can submit an electronic signature with his cell phone. After the signing of the document, he still has the possibility not to send the document, but to delete it on the certification server, then the electronic signature will be deleted, as well as delete the document before signing on the certification server, or sends sign the document for signature. If the document is not signed and the user leaves the Certification Server web page for a long time (time out), the document is automatically deleted from the Certification Server.
  • The document can be sent in such a way that the content of the e-mail in the header automatically places the addressee in the submission window of the certification server, which can also be corrected by the user. If the e-mail does not reach the addressee after being sent by the certification server, then the addressee is notified accordingly.
  • Archiving the sender's proof: To archive the proof that the user has signed the e-mail via the certification server and sent it to the designated sender, the content of the e-mail and the associated further guide data, such as addressee, sender, date, undersigned, stored on the certification server, which can also be encrypted.
  • Depending on the extent of the content, z. B. in addition to the unencrypted stored Leitdaten, the key of the e-mail stored on the chip, the z. B. Notarized. Although this key can still be stored encrypted on the certification server for security of its data, this is done only in case of an emergency that the chip would be defective.
  • In a particular development, a special algorithm is provided on the chip, which controls the connection of the chip to the certification server, in such a way that it provides the key for the decryption of the encrypted only on the certification server document, but only if at the time where this should be the case:
    • 1) The chip via the interface to the certification server, this is, for example, the already explained contact stamp which is placed on the chip on a respective document (in printed form) on the seal,
    • 2) and, while the stamp is being operated, the sender of the e-mail must have logged in via his mobile phone to perform the digital signature via the data loop DS, signing and also passing a mode through the data loop DS is passed to the certification server, which initiates the initialization of the file specified for decryption. This file corresponds to the file name noted in the chip, which is displayed to the user (addressee) on his client computer if (for example in the notary office) the contact stamp is placed on the relevant chip.
  • Only then will the relevant document be decrypted on the certification server.
  • When archiving the chips, the notary or the court, etc., can carry bound files, in each of which the file name, the guide data, etc. are indicated for quickly locating a process. It can also make sense for particularly important processes, the process on to store two chips in duplicate and, if necessary, to save important texts of a document, also directly on the chip, etc.
  • The user has also saved these documents under this name on his computer. For the case of a complaint, z. If, for example, a court, or a government agency, did not receive a particular e-mail, then the notary can find the chip in his books under that data, and decrypt, print, and print the file using the method described above (Authority), with the attestation that this e-mail (time + date) has been sent.
  • It can also be agreed with authorities in addition to a receipt mode for sending e-mails that the server of the authority the certification server automatically a receipt for a received e-mail (indicating the exact data, and possibly a serial number, if several Emails).
  • Certification of electronic signatures for faxes sent by the undersigned:
    This is done in prinizip exactly as described above for e-mails, except that the certification server when sending to the addressee from the sender receives a FAX number, from which he sends the e-mail as FAX. In this case, attachments can also be sent as an image file to the e-mail concerning the certification server and faxed during forwarding. These files can also be stored encrypted, etc.
  • Respectively. Different modes can be used at different costs:
    • - only the guide data is stored on the chip,
    • - The transmitted document is also stored encrypted on the chip.
  • Thus the post office can be relieved with millions of registered letters to authorities, etc.
  • It may even be worthwhile for the post office to offer this service, and then the client, who has sent an FAX with a certified signature by e-mail to a certification server established at the post office or on behalf of the post office, receives Postal and enrolled a document with the chip, which he with the preferred stamp contact and an interface to his client computer CL self-sufficient, or via the certification server at login but can read the preferred data loop DS for control. This document with the glued-on chip can also be produced fully automatically at the post office (for example, by having the chips already printed on a roll with corresponding tear-off cards onto which the addressee of the certification server is imprinted with a dot-matrix printer), and serves the recipient as Proof of being sent by e-mail and forwarded as FAX with a certified signature.
    • - Another variant relates to the already mentioned and partially described embodiment for opening a lock, etc., or for other operation of a triggering operation (such as the opening of a barrier a roadblock, or the release of the access of a person via a turnstile , etc.) by the server, but only if at the same time closed the data loop on the phone, and the digital signature is done.
  • In such applications, the operation of the lock, or the (general) triggering operation of a general device is only released when, on the one hand, the server sends a randomly generated code (KODE) via a data link to the device (eg to a lock) , z. B. via an Internet data connection, and on the other hand this code (KODE) still on the further connection, z. B. via the telephone connection T- sends to the mobile phone, which by closing the preferred data loop (acoustically or via infrared, etc.) DS, the code received from the server (KODE) to the device (eg, in an electronic lock) which compares the code (KODE) received from the server via the direct data connection (eg an Internet data connection) with the code (KODE) received further from the server via the data loop (which is formed by the coupling via the mobile phone), so to speak as an extended function of the server.
  • It is also useful in this variant to encrypt the code again, or to alienate. This is done, for example, so that in this encryption from the server via the different data paths (in this parallel variant over the telephone network T- # of the mobile phone and the IT interface of the lock of the "data loop" DS) sent codes (KODE) are unequal, because the in and of itself matching code (KODE) at the feed into the telephone network T- # is alienated, that is encrypted transmitted to the mobile phone, which makes again the decryption (decryption) of the code, so that when the correct data loop DS via the data loop, the same code (KODE) is fed into the unlocking electronics of the castle, How it is sent to this electronics from the server directly via the IT connection The code fed by the server via the direct IT connection is of course also encrypted and is decrypted in the unlocking electronics. It makes sense, if appropriate, if parameters (eg open keys, etc.) to be used in the unlocking electronics for decoding the codes are to be updated (likewise encrypted with a fixed, closed key) via to carry out in their assignment (cross-exchanged) data paths, ie the possibly sent by the server (open) parameters for the decryption of the transmitted over the IT connection code (KODE) are sent over the telephone line T- # to the phone and the parameters for the decryption of the over the telephone line T- # transmitted to the phone codes (KODE) are sent over the IT connection to the phone. Whereby via the data loop DS closed by the user on site (at the lock), the mobile receives the parameters via the data loop DS from the unlocking electronics (connected to the IT connection) and the unlocking electronics receives the parameters via the data loop DS from the telephone connection of the mobile phone ,
  • Whereby the decrypted codes obtained via the separate data paths, the actuation of the lock, or the (general) triggering operation of a general device, take place directly through the electronics of the lock, or the device, only if they match.
    • - The difference of this example for the comparison of the code directly at the server is that, strictly speaking, here between sending (from the server) and comparison of the code (at the device, or at the castle) a parallel connection of the different data paths (server, telephone T- #) takes place, while in the previous examples between sending (from the server) and comparison of the code (again on the server) a series circuit (via the client, or a phone or a mobile phone, possibly also two mobile phones) takes place. However, in both cases the data loop is closed by the user's terminals (eg mobile phone and IT interface, or client computer CL). In both cases, the alienation or encryption / decryption of the code transmitted via the data loop can take place. Whereby z. B. in the series connection, it is expedient to perform the alienation or encryption on the data loop DS (eg in the mobile phone, and / or possibly also in the client CL) and the regression or decryption of the data loop DS transmitted to the server Codes to make at the server.
  • 14a illustrates the serial connection via the data loop DS on the client side CL; 14b however, the parallel connection. 1, 2, the two data paths of which a z. B. an Internet connection and the other is a telephone connection.
  • In 14a the comparison (1 = 2) of the random codes generated by the server and sent via the data loop (1, 2) takes place in the server, and if necessary at the data loop DS (or one at the end points, or terminals over which the data loop DS is closed) for the purpose of encryption alienated and restored to the server for decryption.
  • In 14b the comparison (1 = 2) of the random codes generated by the server and sent via the data loop (1, 2) takes place at the client (in one of the two terminals forming the data loop DS, whereby in special cases this comparison can also be made in both terminals to be evaluated in coincidence, etc.), and the code is eventually alienated upon transmission by the server for the purpose of encryption and restored to the data loop DS (ie, to the respective terminal (s)) for decryption.
  • It is evident that the two methods after 14a and 14b can be used together if it is useful for the application.
  • There are also possibilities for the variants described above, instead of a series connection to make a parallel connection of the data loop, z. B. if it can be assumed that the code comparison can be made in a mobile phone safely and not manipulated, and the user continues immediately (even without special acknowledgment signal, or even regardless of the code contained in the code or name of the server) to guarantee that he actually communicates with the selected server, etc.
  • It is evident in both cases (series connection or parallel connection of the data loop) that z. For example, the telephone connection (T- #) assumed in the examples as the second, secure data path can likewise be switched via an Internet connection. These methods are well advanced and may also be used to request the server to call back to the user's T-# telephone (at client CL), and so on.
    • - For the two options series connection or parallel connection of the data loop is still to determine that for the purpose of testing the data loop by a code (KODE) this code instead of the server in principle by the mobile phone (or generally by one of the two terminals, which are used for the production of the data loop) can be generated and sent, with the respective options, whether the equality of the code at the data loop DS or the server is checked. The data loop is then formed, so to speak, at the server. Likewise, the alienation (encryption) and restoration of equality (decryption) adapted to the requirements, even done so that the encryption / decryption at the server / client or vice versa (client / server) can take place. Ie. One obtains the possibilities by applying the principle of duality, by at 14a , respectively. 14b Server and client simply swapped. • Another option that may still be used to generally apply a mapping between two server processes, where necessary. B. under a particular port number T- # a data loop on a first WEB-Seiten_1 is closed and at a subsequent call another WEB-Seiten_2 (another server) under this port number T- # another data loop is closed to the user data both To synchronize WEB-Seiten WEB-Seiten_1 and WEB-Seite_2 under this connection number T- #, or to allocate, is to introduce a time monitoring between the two calls of the WEB-Seiten WEB-Seiten_1 and WEB-Seite_2 and after expiry of the closing of the Data loop of the WEB-Seiten_1 started time monitoring no synchronization of the user data of WEB-Seite_2 more to allow, since at the end of time, the readiness to transfer the port number T- # to the server of the WEB-Seiten_2 from the WEB-Seiten_1 (resp. their server) no longer exists.
    • Development efforts are currently underway, such as a telephone connection difficult to connect to fixed data paths due to the nature of the Internet, which comes to use exclusively the data paths of the Internet, in terms of connection reliability of the port numbers between which a connection is made, a registered telephone number of the caller, as well as the callee can be assigned.
  • The proposed method is also suitable for this, without having to intervene in the basic structure of the Internet, which controls the time-synchronous distribution and reassembly of data blocks transmitted over different data paths. This control mechanism can be considered very reliable. Critical is the inclusion of the data connection when a server with the involvement of a name server, to be asked to connect to another server. Ie. the identification of the participants over the existing telephone network by means of a short-term formed data loop of a called WEB page (in case of prolonged telephone conversation over the IT network) can also bring security here.
  • Of course, there is the possibility for longer connections, such a data loop often times briefly to switch between. The data loop is then not formed by hand by the user, but z. B. by a plug-in software of the client computer, or what is sufficient in most cases, directly from the provider, in conjunction with appropriate hardware facilities.
  • For this purpose, when the WEB page is called on the side of a telephone service over which he wishes to establish a secure Internet telephone connection, the user calls the service number of the server of that service via a conventional dial-up connection (a conventional dial-up network), where, as already explained, the telephone number T- # of the caller is determined in this way on the one hand by the server safely, on the other hand, the user can receive a message (by announcement, or via an SMS, etc.), that it is used Service that he z. B. with his client computer CL (possibly also with a mobile phone, etc.) has called; because when calling via a name server, or in the presence of a so-called. "Trojan horse" on the client machine, the call of WEB pages could possibly be falsified by an attacker.
  • In this case, the user dials the phone number via the input window (the WEB page) of the service in question, or gives this phone number with an extension, or by keystrokes his phone, etc., right at the phone dial the server, which he over the Internet want to choose.
  • The server of the service then calls the phone number received from the user via a switched by dialing telephone connection, which is to be phoned via the Internet connection and tells him what the called the WEB page of the service calls. It is evident that this process can also be fully automatic when a special telephone device is available as a terminal. Such a terminal, or telephone device, then consists of a traditional telephone connection, an Internet telephone of the service concerned and an automatic coupling device (relay, semiconductor switch, etc.) for the production of the data loop between conventional Telefananschluß (without user intervention). About this coupling device is after calling the WEB page of the service concerned, via the server to this WEB page, or to the called user again via the data loop sends a CODE on the one data connection and the other again to the test returns, checked, oh when the WEB page was actually called the correct WEB page.
  • It is evident that the method can also be performed when the WEB page is called manually by the called party, ditto the data loop via a manually established coupling (acoustic coupling, infrared coupling, etc.) is made.
  • It is evident that this method of distinctive coding of a caller, ditto the distinctive coding of a called party, using the phone number of a classic (dial-up connection) telephone line (T- #) of the caller (ditto possibly also in the reverse direction of the called ) can continue to be used to monitor not only the servers at the endpoints, which represent the interface of their terminals (client server CL, or Internet phone, etc.) for callers and called parties, but also for arbitrarily intermediate servers including home wiring of caller and callee connections.
  • In principle, the preferred data loops DS and their check codes can also be used to track the paths of the data packets through the Internet, without having to access the network directly. In this case, instead of dial-up connections, other Internet connections can be used to establish the data loops. Just as for all examples instead of dial-up connections (T- #) also other classified as safe connections, or network connections (including those of the Internet, if special measures are provided) in the prinizip can be used.
  • It is further evident that in addition to or instead of using the phone number T- # of a mobile phone also an encrypted identity number of the mobile phone in the data sent from the phone encrypted recorded and used for the identification of the mobile phone in conjunction with the data loop DS used can, in order to give attackers no chance to attack. Ie. T-# telephone connection is generally understood here to mean the entire combination of the (for a switched connection) security measures taken by the network provider for the establishment of such a connection.
  • 8th illustrates the access for setting current encryption parameters in the phone by the server. For example, are two servers (Display Server SDIS and anonymous server SANY in 19 or also a general server I and a certification server II, 13a . 13b ) into the data loop DS closed over the mobile phone (telephone network / IT network, 8th ) included as a serial circuit, then the over the telephone network the mobile phone directly feeding server (the network continued via IT network server chain) via the transmitting / receiving part S / E of the mobile phone, the encryption parameters directly bypassing the other server in the phone store ( VSE), ditto the directly via the IT network via the client computer CL (with coupling interface, or interface IF to mobile phone) directly feeding server, the encryption parameters in the phone via the coupling interface IF directly bypassing the other server store (VSS ). The encryption units VSS and VSE work independently of each other separately, so that the encryption of the data loop in the activated server chain (I, II) can be done completely independently of each other.
  • In a parallel circuit of the data paths, a single server can do this the other way round via a cross-commutation of the data paths, as already discussed. Weather different configurations can also be transmitted and controlled by control characters, etc. from the server.
  • Example (s) 4.0:
  • The following examples relate to particularly advantageous further developed applications of this method, in which over a further network (telephone network, mobile phone network, etc.) in addition to an IT network (or alternatively to an alternative network such as intranet, etc.) a data loop is formed over the respective terminals (such as an IT client CL and a telephone / mobile, etc.) of the networks to pass through the data loop DS sent code (KODE) the assignment of the terminals concerned subscriber lines or addresses (WEB pages, etc.) or even different server processes on the port number (also telephone number T- #) of the relevant other network to make.
  • In this case, the two options (possibly also to be used at the same time) are provided, the data loop made by coupling at the client CL server ← → terminals (such as IT website ← → telephone via T # number) ← → server, as a series connection in which a code (KODE) sent by the server via the one data path is passed back to the server via the (respectively) other data path via the data loop DS formed by the client (via the end devices) and sent by the server to the server as specified by him as a random code Code (CODE) with the returned one checked for consistency. If necessary, using an encrypted alienation / dito again decrypted recovery of the code (CODE).
  • Or, if necessary, the data loop DS can also be implemented as a parallel circuit, in which a code (KODE) transmitted by the server via both data paths is checked via the terminals present at the client CL, the check being made via a coupling of the data paths (as data loop DS) into one of the terminals (eg in a mobile phone, etc.) of the user takes place. In both cases of series connection and / or parallel connection, alienation (encryption) and restoration (decoding) of the code (CODE) are furthermore preferred in order to prevent manipulation by attackers.
  • 21 concerns another preferred application with the purpose of being integrated into a local server, e.g. B. a company network using a cell phone simple and without password, or with a very simple password (to which not the security of the actual access to the protected data, but only the initialization of the access method depends) to log.
  • In the examples already described, such an application for an Internet server is already described, with the purpose that the user a in a journal, or other print engine, etc., printed exemplary code, eg. As a number, enters a WEB page, in which he logs in using his cell phone with a data loop DS concerned, in which a code sent by the server code (KODE) on the phone back to the server, wherein after input the initial input of the exemplary number (taken from the printing or from the magazine), for subsequent calls (or sessions of this WEB page) the user already by using only his cell phone (identified by his phone number T- #) by Closing the data loop DS (via his mobile phone) gets access to the protected data.
  • In 21 an example is described where the same method is applied to an internal company server server I connected via an intranet ITR or other common network to the client, or a workstation CL, and further as already described in said examples , the implementation of an SMS received from a mobile phone in a serial coupling signal, which is used for the coupling to the client computer CL, takes place, for. B. in an acoustic signal which is fed via the handset L of the mobile phone in the micro MIC of the client computer, or in an infrared signal when an infrared interface between the mobile phone and client computer (or workstation) CL is used, etc ,
  • If the user wants to log into server I via any workstation CL, then he can do so without a password or in addition to a password in the following way:
    He enters a name assigned to him and / or a password in the workstation CL, whereupon the server I generates a random code (KODE) and calls the user's mobile phone, or sends via the Internet IT to the user's mobile phone an instant message.
  • In this case, the converter interface of the mobile phone, which converts the SMS in the serial coupling signal, designed so that the text of the SMS z. B. a freely selectable by the user (and the server sent as text with) code word that the user reads as text, z. Eg "LOG IN TO COMPUTER WITH NUMBER KEY 1". Furthermore, the user can see the phone number of the sender that the company server has sent this SMS, with the sender number in the phone z. B. a text "COMPANY SERVER" can be assigned, etc. By a special operating function, eg. B. a keystroke a certain number key ("1", etc.) of the mobile phone, the transmission of the text message contained in the mobile, but not necessarily displayed in the phone, generated by the server test codes KODE (eg., As modulo 2 signal with constant block repetition and synchronous bit). The modulo 2 signal, as at This method is conventional, with fixed block length, continuous block repetition and a block, alternating block-to-block alternately changing synchronous bit work, thus by Exclusiv or comparison of the block length delayed serial data signal with the urverzögerten, while checking the block length, the components a correct block information (with error detection, or by overwriting successful correction) can be decoded out.
  • If the server determines by the comparison of the received code (KODE) after its decryption that it corresponds to the (before the encryption) emitted, then he releases the access, or the authorization of the user is recognized as recognized. Since further encryption of the code KODE can be carried out in the data loop DS at the terminals, the decryption in the server still takes into account all algorithms according to which corresponding alienations of the code have been made.
  • As already explained in the explained examples, the possibility of forming a data loop DS can furthermore basically be secured by entering a pin number on the mobile phone, and personal data (PIC) of the user to the server (I, 21 ) are sent via the data loop DS (and likewise encrypted), as are the data for recognizing a fingerprint (via sensor FI, which is arranged below a transparent key, for example, see later), or for voice recognition, in addition, if the IT connection is maintained, the mobile phone is additionally spoken. It can be z. B. as a micro for the client, an external micro (as an adapter) can be used, which can be attached to the handset T of the mobile phone via a self-adhesive rubber (which is also interchangeable of this adapter to renew it with decreasing adhesion) and at any time can be easily solved again. If the sample text which is still displayed as an SMS text (from the server) is then spoken into the microphone, then this acoustic signal is transmitted in the signal sent by the mobile phone to the data loop DS (acoustically or via infrared, etc.) in an analogue or digitized manner. The two options are to include the user's personal data (PIC) closed between two blocks of the server-generated KODE's data loop, or to interleave (or encrypt), etc.
  • Since the code sent by the server via the mobile phone (KODE) is sent encrypted by the server, and in the mobile phone, as well as in the client computer again (thus doubly encrypted before it is returned to the server I, possibly in a simplification of the code with If, however, it is to be disconnected, then the mobile phone is modified so that upon detection of a server number (as the sending telephone number of the SMS) this separation of the code number KODE simply makes and does not display, eg the CODE then by a control character sequence, such as, for example, three points ("... CODE"), etc., are initiated.
  • The encryption of the code takes place, then in each case at the relevant point in that he before the transmission (server), or the received in the terminals (HANDY, CL client) code according to an algorithm, which on the one hand constants, on the other hand handles variable changes will be undone accordingly before the comparison. As already explained in the examples given, the parameters (variables) can be changed as desired, whereby, depending on the purpose, from both sides of the data loop DS (in relation to the different connections ITR and mobile telephone connection), these parameters are in each case assigned to one place Encryption / decryption of the server (I) can be sent, not only via SMS, possibly also using the regular data format of a mobile phone, etc.
  • It is sufficient for many applications if the via a corresponding terminal CL (which, for example, a via Internet IT networked with a server smart card reader may be, etc.) closed on the client side data loop DS only briefly for the purpose of Passing the encryption parameters is closed, and after the Internet IT connection has checked the phone number T- # of the telephone line used by the client (or even mobile phone connection, etc.) and the current parameter (variable) for encrypting / decrypting the data from the server has transmitted (for the KODE as well as the general data, such as for the delivery of a digital signature, etc.), the relatively expensive telephone connection (mobile phone connection) can be terminated while still maintaining IT connection to the relevant terminal CL. At the same time, the server can check via the IT protocol at any time whether it is still the same IT connection already identified by a mobile phone connection T- #, or the telephone connection T- # can also be transmitted by the server via the Internet IT Phone can be dialed to save costs.
  • It is evident that the server I can continue to query any database via IT for checking the fingerprint or a voice pattern. Besides that too 21 in principle, the testing of the data loop could also take place via a local switching system with a corresponding radio network, etc., but the use of standardized mobile phones is of great advantage, in particular because the proposed extension function in which an SMS is inserted into the serial data signal for coupling the data loop DS is implemented, for all applications that are mentioned in the examples already discussed, can also be used and it is basically the same whether the server I is a local server with a workstation CL, or an Internet server with a client CL is.
  • Also for the detection of a fingerprint an improvement alternative is proposed: The sensor is located under a transparent surface of the phone, the user has to press slowly with his finger, the impression is to be pressed and the resilient yielding, the optics fixed underneath is arranged. The image of the fingerprint is changed from outside to inside when it is pressed onto the transparent surface. The optics (with respect to the diaphragm) is so dimensioned that it has a particularly small depth of field, so that only the directly on the surface resting part of the finger is sharp, the (spatial) behind it no longer part, and also a not closer to the optics zoomed object. Such a design can be achieved well by the image section of the optics by increasing their distance to the recorded image (chip) increases accordingly, as z. B. in cameras by spacers is the case. If the transparent support surface gives way elastically, then the part of the object that was previously sharp (because it is too close to the lens) and the part that was previously out of focus (because it is too far away from the lens) now becomes sharp. The approach of the transparent support surface is measured to the lens. Ie. The fingerprint is captured by the built-in camera of the mobile phone not only as a surface image, but also as a spatial image, because the measured values of the surface approaching the lens are constantly measured. Ie. the finger is also measured with respect to the curvature.
  • In the evaluation, all snapshots of the fingerprint are evaluated and related to each other at the measured distance of the photograph (i.e., to the scanned path of the photograph surface). Advantage of this method is that it is no longer so easy, for. B. from a glass to take a fingerprint to him then PC editing for such input, z. B. using a high-resolution optics adapter of a computer to use for a fake.
  • For FIGS. 22 to 28:
  • The pictures 22 to 28 are not to scale but only shown schematically.
  • 22 relates to a further proposal to accommodate a cheap optics side of a cell phone to scan fingerprints, the expensive, high-resolution chip of the video or digital camera is used for scanning, with the training at the same time also the finger bend corresponding to the finger scan with. In this case, the image reversal described below (via mirror) can also be well gekappselt housed in a particularly small module.
  • 23a and 23b to 25 , refer to proposals to record the iris with the high-resolution standard optics of the mobile phone and transmit it to the server for analysis. As pointed out in the previous examples, the personal data of the user together with the check code KODE of the data loop DS of the other network (mobile phone network + IT network) are encrypted so that they, even if they are illegal by an attacker as applicable data should be evaluated in the server as invalid, if the generated by the server test code KODE (to check the data loop DS) is not correct.
  • 24 relates to a variant to indicate the correct removal of the mobile phone from the user's face when recording the iris.
  • 25 concerns a further variant 23a . 23b ,
  • 26 concerns a variant in which the earphones of a mobile phone connection are connected via radio or via a plug connection with the mobile phone and are fixed to a headband (otherwise conventional design),
    in which 40 Headband with 44 electrical connection of the headphones ( 41 ) to an RF receiver with amplifier 45 wherein the antenna may likewise be inserted in the headband (eg between two elastic fabric layers), 43 ... optional holes.
  • 27 concerns a microphone attached to a tie pin ( 51 ) is mounted and connected via radio or via a plug connection to the mobile phone, wherein 50 ... microphone, 51 ... needle, ... 52 Fixing connection of the needle.
  • 28 concerns a detail for the slider for covering the camera optics, with 23 ... slider, 20 ... front of the phone with the optics 18 ,
  • to Fig. 22
  • General: For the execution of a low-cost fingerprint sensor, the pressure surface on a cheap optics, or lens, the finger is placed over a spring arranged above transparent support surface. Below a small reflective mirror (45 °) is provided, in which the image is directed to another 45 ° mirror, which is only partially reflective, or semi-transparent, and therefore works as a beam splitter. Furthermore, the usual for the fingerprint scanning light source is still provided. The straight path (from the top) of the beam splitter affects the usual camera optics of the mobile phone. By a simple, manually operated slide, with depending on the position of either the lens for the fingerprint sensor or the camera optics (see also 28 ) is covered, the dropping onto the image pickup chip unwanted image is darkened in each case. This simple method makes it easy to double-use the expensive image capture chip along with its transmission technology to the grid.
  • By means of the path recording according to the approach of the contact surface of the finger in front of the optics for the contrast evaluation of the respective sharply recorded fingerprints via the image analysis in the server, a safer typing and a particularly difficult circumvention (which could be effected, for example, by generating a relevant simulation image ) can be achieved.
  • In this case, a display (on the display) made in training, z. B. also like her 24 corresponds to, or a similar, which indicates to the user whether he is tighter or less firm on the receiving surface ( 11 . 22 ), in which case the server monitors and analyzes this action of the user in real time, with constant evaluation of the image of the partly blurred fingerprint, or the displacement of the sharp areas of the image made by this actuation.
  • Special: In a modified version after 22 That's the cheap lens 15 (as optics) taken over a greater distance (a) on the image receiving surface corresponding mirror 16 projected, which has a further deflection mirror 17 the picture on the recording chip 19 projected. The greater distance a between mirrors 16 and lens, or lens 15 corresponds to the spacer rings otherwise used in a camera, to a very small image detail at a given focal length of the lens 15 to get, with the associated side effect of a particular shallow depth of field is desired.
  • Because of the relatively "large" distance a, the recording of the fingerprint (line of sight S2) takes place from the narrow side of the mobile phone, but the camera lens 18 for regular recording of the images (visual beam S1) as usual front of the phone is provided. So z. B. laterally to the point where the camera lens 18 is provided, a slightly longer distance for the realization of the distance a for the inclusion of the fingerprint, in otherwise conventional design of a mobile phone, is possible.
  • This is done via the mirror 16 . 17 Guided projection path for recording the fingerprint (visual beam S2) once perpendicular to the narrow side with deflection by mirror 16 and still diagonally to the broadside, with mirror 17 deflected (see also angle α of S2 on mirror 17 ), or via mirrors 17 obliquely on the image pickup surface 19 of the image pickup chip projected, wherein the straight projection path of the visual beam S2 for the actual camera lens 18 (perpendicular to the front of the phone) is not hindered and immediately without mirror deflection on the image pickup area 19 of the image pickup chip. Thus on the image pickup area 19 the image pickup chip is a mixture of superimposed projected images, wherein by simple manually operated slide 22 . 23 , each in front of the optics ( 18 ) can be pushed (or in front of the transparent support surface 11 for the fingerprint recording), the respectively unwanted projection path is darkened.
  • How out 22 visible and somewhat exaggerated in length (so that the details can be recognized from the drawing), the distance between the support surface 11 of the finger 10 (or object) and lens 15 (or lens) through a guided ( 24 ) Tube (sleeve 12 ) formed on the upper side (ie the outside of the mobile phone housing 21 ) has the support surface for the support of the fingerprint and is resiliently mounted (see 13 ). In this case, the compression spring 13 and the tube 12 also be made of plastic. By the already explained large distance a between the lens (lens 15 ) and image redirection (at the mirror 16 ) we get a very shallow depth of field. Where, when taking the fingerprint, the finger ( 10 ) over the transparent support surface 11 on the tube 12 suppressed. According to the size of the finger 10 will therefore be during the approach of the bearing surface 11 (because the sleeve 12 against the spring force 13 displaceable), to the objective (lens 15 ), change the sharpness of the image (corresponding to the curvature of the fingertip) from the inside to the outside, this change taking place according to this approach, and this approach being the sliding path of the sleeve 12 corresponds, which is measured by a sensor. For example, by a solenoid 14 , in which the sleeve is immersed (or approaching) with a frontally attached metal ring, wherein according to the eddy current principle, an approximation measurement, or by gap measurement through a hole through which a light beam on the change in intensity, the displacement of the sleeve 12 is measured. Furthermore, an indirect light source is still present around the object, ie the fingertip when placed on the pressure surface 11 to illuminate accordingly. It is sufficient if the fingertip (to get defined ratios) as flat as possible on the support surface 11 is put on.
  • to 23 Another preferred training for the phone concerns the iris scanning, in addition to the retractable lens 18 To put a small mirror so that the user can look into this mirror and adjust its position to the phone so that he sees in this mirror his eye to record with maximum resolution, the iris with the camera.
  • The in 3a Framed by a rectangle highlighted part of the drawing corresponds to such a training using a standard lens 18 , where the side-facing and to match the field of view of the lens 18 tilted mirrors 34 (if appropriate, also correspondingly curved, etc.) at the correct distance to the mobile phone the user shows his eye and according to this position, the user's eye over the entire receiving surface of the chip 19 is projected. In order for this adjustment is easy to realize, is the lens 18 extendable to the distance between optics 18 and image pickup area 19 to increase the chip accordingly, which z. By manual rotation about a spiral groove (eg, around hollow cylinder 32 , within which the electronics of the recording chip is housed) is made, similar to the linear feed in mini printers, etc.
  • In principle, the mirror to be integrated in the prinizip at any point in the mobile phone on the front side, cf. 34 , (or from the bottom undressing mirror, etc.) also on the display, which reproduces the image of the eye, be realized, however, this variant is also suitable for mobile phones that have no particularly complex display and have only a cheap camera ,
  • Or, as in 25 shown, the linear guide 30 of the lens 18 is with a compression spring 39 so biased that they are the lens 18 pushes outward, thus to the image capture chip 19 ( 23b ) the farthest distance a is set. Should the lens 18 on the other hand, stand in the normal recording position, then the linear guide 30 simply pushed in by hand. It is provided in a further development that the lower (or relative to the mobile phone housing, inner) edge of the sliding cylinder 30 with a soft iron ring ( 36 ) is provided, which with inserted sliding cylinder 30 on a small cobalt magnet ring 37 rests, causing the sliding cylinder 30 against the spring force of the compression spring 39 is kept fixed in the retracted position. So that the inserted sliding cylinder 30 (where the optics 18 ) is mounted, also precisely rests, special mating surfaces are provided for the edition, being between soft iron ring 36 of the sliding cylinder 30 and Kobald magnets 37 of the housing ( 40 ), then a very small air gap is tolerated (because the magnets can not be made so accurate). Ie. in the retracted position (II) is provided as a lens carrier slide cylinder 30 very precise on the housing.
  • In the extended position (as shown in 25 ) lies the projecting edge (cf. 36 ) of the sliding cylinder 30 on the housing neck 41 the linear guide of the sliding cylinder 30 on, or is very well centered (by all-round pressure of the spring force on the ring 41 the end face of the housing neck. Ie. in the extended position (I) is provided as a lens carrier slide cylinder 30 very precise on the housing neck.
  • In the positions in between there is no need for precision, that is to say the sliding cylinder 30 can be guided very loose, so that it is pushed out at very low spring force, when the tightening force of the magnetic field of the Kobald magnet ring 37c is correspondingly weakened, what about an opposing field coil 38 takes place, for which purpose a corresponding Sägezahnstromimpuls is fed with a slow current pulse, so that the field is sufficiently weakened. It is expedient, in order to save power, the sawtooth switched in its increase, where it follows up to the vicinity of the detected field weakening a steep slope, and after detecting the field weakness follows a slower increase until the spring force 39 stronger and the sliding cylinder 30 jump out. Measured is the field weakness, z. B. by the sawtooth a small square pulse is superimposed, the induced voltage (as superimposition) is measured. If this voltage reaches a certain minimum, then the increase of the counter-field current (as a sawing stem) is flattened. The opposite field is always triggered when the user uses a corresponding function, eg. As scanning the iris of his eyes, or reading a bar code or scanning a text, or even to use the camera to couple for the data loop DS, etc. Where the optics then according to the principle of an attachment ring of a camera brings a corresponding magnification.
  • In training is the too 23a discussed mirrors 34 semi-permeable or partially reflecting, ie it reflects on the one hand the user's eye as a mirror image on the other hand allows an underlying optics with a corresponding recording chip 35 which can also have a lower resolution than the chip 19 the camera, another shot of the eye, which serves only to get a multi-dimensional image. The light conditions are selected accordingly, or can support this effect during the recording even a mounted under the lens light source. In 24 is still a suggestion made to show the user the correct distance to the phone when taking his eye. The vertical bar on the right (hatched) symbolizes the cell phone, with only one of the two arrows shown here, whether the user has to hold the phone closer to his face or further away, further if the position is right, not an arrow, but a "OK" is displayed. This display can be right next to the mirror 34 , z. B. at its lower or upper edge, so that the user can concentrate entirely on this mirror.
  • In addition to the variant of placing a second camera on this mirror, a double lens, as in 23a . 23b further depicted, may be provided to transmit a spatial image to the server.
  • In a further development, it is provided that for the electronics required in the implementation of the chip 19 , which detects the image data, already has an encryption that is coupled to the preferred data loop KODE, ie the code KODE sent by the server or other encryption parameters (open key), are already linked in this chip with the image data, so that at a corresponding Manipulation of the mobile phone no image preservation can be fed while the data loop is checked, this also applies to all other variants, such. A fingerprint exam, etc.
  • Another way to avoid this is to show the user (eg by briefly flashing a symbol, as in 24 shown as a checkered dot, etc.), that he should blink his eyes at what he is dealing with at this moment. In the image analysis, this is then taken into account and the linear course of the movement of the image in the server analyzed to make sure that it is not a photo or video, etc. Conservation.
  • The field of application of the person recognition proposed here goes far beyond the self-interest of a person that no other person can use this recognition in their place, as is the case with the usual backups. The proposed training variants of the cell phone, it is possible to use officially certified mobile phone as a passport or ID, ditto as a driver's license, etc. In combination with the usual controls, therefore, the passport control can be largely automated, such. B. also at border crossings, can be done with a mobile phone via infrared, etc., through the car window through a Paßabfrage, etc. Which is why here more complex measures for encryption (as an option to be used) are proposed.
  • If the three basic variants, voice recognition, fingerprint input, iris recognition are compared with each other, then it can be regarded as an advantageous improvement that the server gives instructions to the user while inputting his characteristics (voice, fingerprint, iris image recording) the user has to follow while entering the features; be it to repeat certain displayed texts immediately, or with his fingerprint over a measured narrow Distance within which the shot is sharp, and otherwise blurred, to approach or even remove the lens (by pressing on the springy surface), or to wink at the eye during image acquisition of the iris. This prevents the user from outsmarting the system through a simple prepared preserve or template. Dito can be further prevented that the user automatically generates a canned to the specifications of the server in real time and feeds into the image transmission when z. B. immediately the chip for image acquisition is already included directly in the encryption.
  • Finally, another option for the coupling of mobile phone and a client computer CL or a workstation should be specified. An SMS is sent from the server and displayed on the screen of the mobile phone and held the screen against a WEB camera of the client computer to read the displayed SMS. In this case, from the time of sending the SMS, in the server, a time-out started, after the expiration of the SMS can no longer be read into the client computer or server as valid. This prevents the content of the SMS by phone, etc. can be communicated to another user The client computer can also encrypt only the image file directly and z. B. as in an abstract image hidden contrast values, the server after decryption of the image file via an OCR software receives the characters back dito over another decryption of the received code is decrypted so that it internally stored in the server code (the is the CODE before its encryption when sending) must correspond if the examination of the data loop DS brings a correct result. Or the OCR software for the implementation of the pixels in characters is already used in the client computer CL, in which case only the characters are encrypted Similarly, the server can also send the phone, if necessary, a picture as a CODE, etc.
  • Another option of encryption, as already mentioned in the previous examples, concerns that the encryption parameters of the encryption on one of the two terminals, for. B. on the phone, from the other network are loaded into the phone, with respect to the network through which the phone receives the via the data loop DS forwarded by the server generated code (KODE).
  • If z. B. the phone receives a call from a server and the code signal KODE from the server to the mobile phone as an audio signal (modem signal) or as a direct data signal or SMS is transmitted, then it makes sense from the other side, the cell phone the encryption parameters of an open Key (for a secret encryption algorithm). This is in this example via the data loop DS from the client computer CL, or from a workstation, etc., the case, for. B. via the WEB page, through which the user wants to gain access to the data via the data loop. During the transmission of the code (KODE) directly sent by the server to the relevant terminal (in this case the mobile phone via the T- # connection), the encryption parameters of the open key used for the encryption, which are transmitted via the other network (here via the IT network of the client) sent by the server and received from the mobile phone, can be exchanged. This works, too, if z. B. the cell phone over the T- # connection receives only one SMS.
  • Where then in the parameters obtained via the IT network of the client (within these parameters encrypted) still the information is contained, to which character positions, or even bit positions of the serial data signal, each a new open key, the secret separator also as String $ S1, $ S2 ... $ Sn subdivided over the IT network and / or over the telephone connection T- # is transmitted to the mobile phone belonging. For example, if the value $ 20 is encoded in the previous key value $ S1, then this means that from the 20th character position of the code (KODE) transmitted from the server via the other network (here T- # net) the subsequent character of the serial code with the the next key value $ S2 in the composite string (the parameter for the open key) is to be encrypted, etc. Since there is usually enough (low-cost) bandwidth available via the IT network, the scope of this network (IT network) sent open key encryption parameter is a multiple of the actual check code (which in this example over the T-# network of the mobile phone sent by the server). The coupling interface of the mobile phone to the client computer (to form DS) is then, as already stated in the examples mentioned, carried out bidirectional to the further encoded in the mobile phone code (KODE) from the phone to the client computer CL in one direction, ditto from the client computer CL to the mobile phone to transmit the encryption parameters.
  • As already stated in the above examples, this can also be done in the opposite direction, the mobile then the code sent by the server (KODE) via the client computer CL (via the coupling interface of the client computer to the mobile phone to form DS) and the encryption parameters are transmitted directly via the T-# network (mobile phone network). Both methods can alternatively be used alternately (in half-duplex) or simultaneously (in full-duplex) ie both the code sent by the server (KODE) constantly changes its transmission direction on the data loop DS (eg server via IT → client CL via DS coupling → mobile → T- # → server, or in the other direction as well : Server via T- # → mobile via DS coupling → client CL → server). In this case, within the serial data stream for the code KODE even the transmission direction is alternately alternately by encrypted in the open key (which is transmitted in each case to the test code KODE of the server in the opposite direction) encoded contained synchronization characters (which indicate the current transmission direction respectively) encrypted , Not only to arbitrary characters, but also to arbitrary bits of the test code KODE sent by the server, comparable to the constant change of the values ($ S1, $ S2 ... $ Sn) of the open key (each via the other data path, or the other network of the data loop DS) the relevant terminal, z. B. mobile phone or a Java applet in the client computer, etc., are transmitted.
  • In a further development, the parameters which form the open key for the respective encryption performed in the devices (ditto server) can also contain the following control parameters (encrypted) whose decoding takes place via a secret protocol agreement made between the server and the terminals (the data loop DS). It is evident that this agreement (selected by sent addresses) can also be changed constantly.
  • These encrypted control parameters are:
    • a) the designation of the assignment of (possibly also alternately via different data paths) the relevant devices (terminals such as mobile phone, telephone, client CL, server, even multiple networked servers, etc.) sent parameter values ($ S1, $ S2 ... $ Sn) for the use (eg as an input parameter into a secret algorithm, or open key) for encryption / decryption of the individual code elements to be respectively encrypted or decrypted of the KODEs generated by the server for the purpose of identifying the data loop DS, which encryption / decryption concerns
    • b) the coding or display of the respective current transmission direction of the via the data loop DS, or via the coupling of the relevant terminals (client CL → cell phone, ditto mobile → client CL) led codes (KODE), wherein at full duplex in the non-displayed Direction continues to transmit a dummy code (dummy code) (which is not rated) to fool an attacker,
    • c) the addressing of different, among the devices concerned (terminals such as mobile phones, telephones, clients CL, servers, even multiple networked servers, etc.) agreed secret algorithms for encryption / decryption, the addresses used parameters such as device addresses which the Genus or device (client CL, or mobile or server, etc.) where encryption is made, ditto data for the composition of keys transmitted over different data paths using a secret protocol, including the indication of the device which has generated a key ditto the associated (secret algorithm, etc.).
  • This preferred method of explaining bidirectional coupling of the data between client and mobile phone or mobile phone and client has the advantage that manipulation by transferring the data transmitted via the mobile phone to another location (or client computer CL) is practically no longer possible is, d. H. the data loop DS (or the place where it is formed) can not be manipulated.
  • The other particularly preferred features will become apparent from the appended claims. The claims are in this case also Annex to the description.
  • Example (s) 5.0:
  • The following example relates to particularly advantageous developments of this method.
  • 29 illustrates another example of the data exchange via a bidirectional coupling of the data loop DS, z. B. between a mobile phone and any client computer CL, IF ... symbolizes the interface to the coupling DS, z. B. an infrared interface or an acoustic coupling to close the data loop DS on the user side.
  • On the right is the data stream, which is routed to the mobile network (T- # network) of the mobile phone to / from the server, on the left is the data stream, which is routed to the server via the Internet IT network (ie via the client CL) and on the preferred coupling continues to be supplied to the phone. In addition to the possibility of encrypting the identification code KODE in the client CL by means of a plug-in software or via a Java applet, this encryption is mainly carried out in the mobile phone, since this encryption is easily exchangeable over the chip card, which also identifies the participant, and if necessary further algorithms in the processor chip of the mobile phone for unauthorized are not graspable.
  • The illustrated data streams respectively indicate the direction relative to the server which essentially transmits the data, but the mobile can assert its specific data (PIC) at any time, as already explained. The same applies of course to the client computer CL (or a notebook or another cell phone, etc.).
  • The transmission direction designated A relates to the data transmission from the server via the telephone connection T # network to the mobile phone via the coupling interface DS to the client CL and further from the client CL via its Internet connection IT network back to the server.
  • The transmission direction designated B relates to the data transmission from the server via the Internet connection IT network to the client CL via the coupling interface DS to the mobile phone and further from the mobile phone via its telephone T- # network back to the server.
  • In this case, the client CL via the Internet connection IT network with the server regardless of the status of the coupling of the data loop DS (whether on the user side closed or not closed, or coupled) directly connected, or dito is the phone via its telephone T-. # Network independent of the status of the coupling DS directly connected to the server. Ie. the initialization to form the data loop DS can be made for both the client CL and the mobile regardless of the status of the coupling by the server.
  • The encrypted transmission of the code KODE sent by the server for checking the data loop DS (in connection with the checking and identification of the telephone number T- # of the mobile phone) is carried out using both transmission directions (A and B), the code resulting from the correct combination of the composed over both transmission directions shares, or code elements composed. During the looping DS, or during the coupling, the data in both directions of transmission (A and B) in full duplex (or possibly only in half duplex) can be transmitted continuously, as in 29 for the data stream in direction A with the data KD1 ... KD46 is designated, and in the direction B with the data kd1 ... kd46.
  • The in this (in 29 shown) data stream from the server directly to the client CL, further via the coupling to the mobile phone and from this to the server back (towards B) transmitted code is CODE (B) = kd40 * kd33 * kd17 * kd15 * kd13 * kd5 * kd1;
  • The in this (in 29 shown) data stream from the server directly to the mobile phone, further via the coupling to the client CL and from this to the server back (in the direction A) transmitted code is CODE (A) = KD32 · KD31 · KD29 · KD28 · KD26 · KD22 · KD21 · KD17 · KD7 · KD5;
  • Here are all further in 29 represented in the code CODE (A) and CODE (B) after its decryption no longer contained code elements control characters for handling the protocol, and parameters for the encryption.
  • The two unencrypted codes KD46 and KD1 are BEGIN and END codes sent directly to the mobile from the server (via T- # network) to initialize the beginning of a transmission, thus indicating the end. As long as the data loop DS is not closed sends z. B. the phone constantly a test code KD1, if there is an answer, z. B. kd1 receives from the client CL to detect the closure of the loop DS and begin the actual transmission of data in the encrypted data are also included in the user's personal data added in the mobile phone (PIC).
  • In order for the server to recognize the data loop correctly and to the respective telephone number T- # of the mobile or user, the codes CODE (A) and CODE (B) transmitted encrypted in both directions by the server in the described manner must match, thus CODE = CODE (A) · CODE (B) is evaluated in coincidence of the transmitted in both directions of transmission codes.
  • In this case, the code sent by the server, starting from the values generated internally in the server wA (for direction A) and wB (for direction B) as well as encrypted sent and again upon receipt decrypted values wRA and wRB, respectively, whether wA = wRA ditto also wB = wRB is to correspond to the coincidence CODE = CODE (A) · CODE (B).
  • The scheme after 29 shows a time snapshot of the data transfer at the data loop DS:
    In the data direction A, KD1 is sent unencrypted by the server via its direct telephone connection (T-# network) to the mobile as a BEGIN code. The BEGIN KODE KD1 uses a character, which otherwise does not occur (not even as encrypted, etc.), thus is recognized by all present in the data loop DS terminals (client CL, mobile phone) as the initialization condition. At the same time (in the full duplex option) the server sends in the opposite direction (data direction B) via its direct Internet connection (IT network) to the client CL and its coupling to the mobile phone, to the mobile phone a response kd1 associated with the BEGIN code (KD1) if he has recognized the initialization by KD1 when the data loop is closed.
  • During initialization, continuous repetition of the BEGIN code (KD1) is transmitted by the mobile at its interface, in data direction A, fed directly by the server or even only by a control character of the server, etc. As long as (if not canceled because of exceeding a time specification is) until the server receives back the BEGIN code (KD1) via the coupling interface (after closing the data loop DS via the coupling made by the user), or via its Internet connection (IT network) to the client CL and then in the data direction B sends the answer with kd1, over the internet connection to the client CL and over its coupling to the mobile phone. Thus, kd1 gets back and sends in the data direction A KD2 to begin the actual data transfer. As already stated, it is expedient to encode the respective data direction in the code, because this makes the interface in a telephone or in a mobile phone somewhat simpler in design (for the most diverse couplings), but this is not a requirement.
  • In the opposite direction (data direction B), the data kd2 is sent over the data loop in response to KD2, etc.
  • In the snapshot of 29 were in the data direction A, the data KD2 ... KD23 already changed by the phone further, ie further encrypted the server via the data loop DS (by the client CL) via the Internet IT network already sent back and follow (provided in the output scheme of Servers), the server also already pre-encrypted to the phone over the telephone network yet to be sent data KD24 ... KD46, KD24 is just read into the phone (pre-encrypted) and KD23 (after it was further encrypted in the phone) is read, where If necessary, the server then performs the final decryption (when recovering the data).
  • Dito in the data direction B, the data kd2 ... kd23 already changed by the phone also, d. H. further encrypted the server over the data loop DS over the T- # net of the Handy are sent back and follow (provided in the output scheme of the server), the server also already pre-encrypted to the phone over the telephone network yet to send data kd24 ... kd46 , where kd24 is being read into the cell phone (pre-encrypted) and kd23 (after it has been further encrypted in the cell phone) will be read out, whereupon the server will eventually do the final decryption (when recovering the data).
  • The further data for the already explained of CODE = CODE (A) · CODE (B) concern the parameters for the encryption, the name of the positions, which data are to be evaluated (ie where the data for CODE (A) and CODE (B) stand), z. B. still from which direction (A or B) the parameters for the encryption for the relevant code data CODE (A) and CODE (B) are to be obtained, ie it can, for. For example, for KODE (A) whose encryption is obtained in part from the direction A, as well as from B, ditto for KODE (B), etc. Thus, the formation of secret protocols for the Use for encryption virtually no limits. Furthermore, a lot of the data can not be used at all, or even only as a placeholder. In the encryption data then the dummy data (dummy data) are designated, which on the way to the server to the relevant terminal (eg to the mobile phone), directly, or via the data link of the data loop DS, do not contain any specific information, or even only denote encrypted control characters for recognizing their property as dummy data (dummy data), optionally also containing a position number, or a function assignment, which data they should receive. After passing through the relevant terminal whose data they are to receive (for example as personal data PIC of the user), these data are essentially replaced by the data to be recorded or by control characters, which include the name, the block length, etc. of the Data concern. Again, the formation of secret protocols for use for encryption virtually no limits, with z. B. also the assignment of the bit sequence for the decoding of the data can be included in the encryption; Furthermore, the assignment of which data can be determined by encrypted agreement likewise first, ditto the addressing of different encryption algorithms (eg formulas, sequencer controls, etc.), which are fed with the (as a variable) transmitted parameters Encryption of the parameter sent as a variable also constantly changing (implicitly included in their permanent encryption), partly controlled according to fixed patterns, on the other hand after by the server at random and in the data stream (A, B) with sent variables. Wherein, according to an encrypted algorithm, also a randomly via transmitted key variables controlled, unpredictable swapping of data transmitted via the data link to the relevant terminals (eg mobile phone) related to the assignment of the data direction (A or B) related encryption data or validity of a CODE, etc. may still be made. So that it is unpredictable, which key parameters from which data direction (A or B) to which code elements concerning code A, dito from code B, dito also for the encryption of the user's PIC data, or as they also using both data directions splitting the user's encrypted PIC insertion between data directions A and B. As always, such information may be coded directly as a bit combination of a word or byte, or over a longer sequence, ditto among secret (encrypted transmitted) constantly changing word and bit combinations, etc.
  • Measures to avoid that to be made on the user side between the terminals direct coupling to form the data loop DS (eg, between a cell phone or telephone T- # and an Internet client computer CL, or between two cell phones, etc.) not can be bypassed by interposing another network (Internet, telephone, radio network, etc.).
  • Such a measure makes sense for some of the mentioned, for example, if it is to be prevented that the user via a third line via his phone number T- # identification could also move to another client computer CL to the data loop used for the identification DS form.
  • A measure for the acoustic coupling was in the DE 10 2004 046 413.8 already stated, namely to make a statement about the measured bandwidth.
  • The following development is somewhat more universal and uses a transit time measurement of the transmission path of the data loop DS used via the coupling of the terminals on the user side. The duration of an acoustic coupling to a high proportion by the (relative to the electrical reproduction) relatively low speed of sound over the transmission path of the coupling is determined, in contrast to an example made infrared coupling, where this route is then practically not included in the measurement and therefore the transmission time of an optionally interposed in the coupling between the data link because of the length of the path is an extreme multiple of an optical coupling.
  • To get out now, whether in the coupling path (to form the data loop DS) between the terminals concerned (which are generally referred to here as the data transmitter S and data receiver E) on the user side, a data link has been switched between, in which the data propagate at about 300 m / μs, assuming availability of support for the terminals used for the coupling, different assumptions are made.
  • A preferred possibility is, from the data receiver E (ie in the reverse data direction tü = tES, 32a . 32b ) via the coupling interface to transmit a set signal to the data transmitter S, which sets a high-resolution clock (μs clock) in the data transmitter S (eg, also via a support software in the client computer CL), in accordance with a in the data receiver E. (eg in a mobile phone) also existing clock and then by protocol understanding between data receiver E and data transmitter S a time related to the internal clocks (starting value, 32a ), to which the actual data transmission from the data transmitter S (here, for example, the client computer CL) to the data receiver E (eg in a mobile phone) should begin for the purpose of a transit time measurement. At this time, then the data transmitter S sends a signal or data signal to the data receiver E, with its internal clock, the duration of the signal from the agreed time, where the transmitter data transmitter S (according to protocol agreement) sends the data until the actual arrival of the data (at the data receiver E) measures.
  • Since the clock of the data transmitter S from the data receiver E using the over the coupling of the terminals (here client CL and mobile phone) existing data path was set with a set signal is in the Case that this data path has a significant duration (t = ES in 22b ) (because the data path was not closed, for example, directly via an infrared link, but rather via a "hidden" data network, or was closed via an acoustic coupling with a corresponding transit time), the clock of the data receiver E at this time (tü = tES) relative to that of the data transmitter S (which has been set by the data receiver E).
  • The setting signal for setting the clock in the encrypted data stream (cf. 29 ), so that the user can not explore the time of setting. In the subsequent measurement of the transit time, therefore, in relation to the time agreed by protocol (t3 in 32a . 32b ) to which the data transmitter S sends the data or the signal (measuring code in 32b ) to which (s) the transit time measurement relates, the sum of the following times (tES + tSE) is measured:
    • The absenteeism (tü = tES), by which the clock in the data receiver (compared to that of the data transmitter S) proceeds and
    • - The duration (tü = tSE), which requires the data as a signal (measurement code) from the data transmitter S to the data receiver E.
  • 32b illustrates this in an example. The mobile phone, which is to correspond to the receiver E for the later data transmission (measuring code) via the coupling interface, sends the setting signal to the data transmitter S at the time t + 300 via the coupling interface. In the drawing, for the sake of simplicity, the time t is not entered, but only the fine resolution, each in μs. Whereby, since only a small time range of high resolution is of interest, the value t z. B. also zero can be set (ditto also instead of the value 300 could be started at zero, etc.).
  • Since the (sent in the opposite direction of data) setting signal which here z. B. has the value 300 (but could as well have the value zero, etc.) via the bidirectional coupling interface from the data receiver E to the data transmitter S ( 22b , tü = tES) takes 100 μs until it arrives at the data transmitter S and sets the clock of the data transmitter S to the value 300, the clock of the data receiver E at this time has the value 400, is thus 100 μs compared to that of the data transmitter S. , The setting process of the clocks is either initialized by the server, or if initiated independently on the peripheral devices, then the server is notified of this process via the protocol. In this case, the setting of the clock in a client computer CL (as a data sender S) z. B. be done so that the coupled to the data loop DS cell phone (or the data receiver E) as a set signal to the client computer CL passes a time at which the support software in the client computer CL an offset value at the time of the internal computer clock (with microsecond resolution) forms over which then the start time of one of the client computer CL at a well-defined time (t3) to be sent out signal can be monitored.
  • Immediately after setting the clocks (in 32a if this is the time t2), the server sends to the client CL (data sender S) as well as to the mobile phone (data receiver E) a data value which corresponds to a start value for specifying a time t3, to which the client CL as the data sender S the data receiver E that signal transmitted as a measurement code, which is evaluated in the data receiver E as Zeitmeßsignal. This measuring code can be any code occurring in the protocol if the server adds this code (in communication with the terminals) when specifying the starting value for the indication of the time t3 (as parameter). Whereby this parameter then sets the pattern for decoding the measurement code expected in the data receiver E at the time t3. Or, if appropriate, for particularly precise measurements, it may also be just a signal edge which, after the transmission of a preparation code for announcing this signal edge, is sent to the data receiver E by the data transmitter S. For the time of t3 = 550 μs determined by the protocol (eg agreed on the data traffic with the server) above the starting value, the client CL (data transmitter S) sends the mobile phone (as data receiver E) the measuring code. The clock of the data receiver E (in the mobile phone) at this time has the cue (550 + 100) μs = 650 μs. Thus, when the measurement codes arrive, the time measurement made in the cell phone measures the time value (750-550) .mu.s = 200 .mu.s for the outward and return path of the signal conducted via the coupling loop. The reference value of 550 μs has received the data receiver E in the mobile phone via the protocol as the starting value (as well as the data transmitter S of the client CL).
  • The simple way of 200/2 μs = 100 μs corresponds to z. B. about 30 km line path as a series connection to an infrared coupling interface of the terminals, or about 33 mm sound path of an acoustic coupling. If a support surface is used for the acoustic coupler, or made to the condition that the microphone of the phone as close as possible to the speaker is to keep, where 3 cm then too much, then it can be assumed in both cases that in the coupling interface between the End devices still an unauthorized connection is connected in series. In this case, the phone sends a corresponding notification code to the Server, which then z. B. terminates the process, or when an acoustic coupling asks the user to keep the microphone of the phone closer to the speaker of the client computer or closer to the earpiece of another cell phone (which in this case the data transmitter S is to keep), etc.
  • 6a further illustrates the timings wherein:
    t1 ... the time is where the start time to the two clocks ( 6b ) is brought in the data transmitter (clock-S) and in the data receiver (clock-E) on the data connection of the coupling (ES) by a set by the data receiver (clock-E) to the data transmitter (clock-S) set signal to "match" wherein the "simultaneity" does not actually occur because of the transit time (tES) of the set signal and therefore the clock of the data receiver (clock-E) corresponding to the time difference (tES) of the set signal relative to the clock of the data transmitter (clock-S) proceeds accordingly ,
  • In 22b two cases are drawn, one with a shorter duration tES (point A) and one with a longer transit time tES (point B). This also applies to the reverse transmission direction t'SE.
  • t2 ... is the time or time range in which the server transmits the starting value for both terminals (data transmitter S and data receiver E). This value contains the information from when (in each case measured with the internal clock of the devices affected by the coupling) of the measuring code, the duration of which is to be measured from this point on, is to be transmitted from the data transmitter S to the data receiver E. This is time t3 (point C). It is evident that this point in time is sufficiently selected after the transmission of the starting value has expired. Points D and E refer to the length of time that the clock in the data receiver (clock-E) is opposite to the clock in the data transmitter (clock-S). (For both cases, tES and t'ES are drawn, each referring to point C or t3). The running time (tSE or t'SE) of the measuring code (from the data transmitter S to the data receiver E, see also FIG 22b ).
  • In 32a is also the option of using a time window tF drawn. This, set by the data of the start value (at time t2) in the data receiver E (or set) time window allows the use of the measurement codes obtained in the data receiver only in this time range, otherwise the code is ignored.
  • In 31 another variant is shown in which, unlike the previous method, the transit time is not measured by the data receiver, but by the data transmitter, which, however, receives from the data receiver an acknowledgment signal for this purpose, or an acknowledgment code via the data link.
  • IS ... corresponds to an infrared interface of the mobile phone, from which the controller or directly a processor receives the data. In addition, a state-machine sequencer is provided, here divided into OS for generating an output signal Response Code OUT and INS for the rapid decoding of a received code from the client CL, this client CL may also be a second mobile phone, etc. Will be through INS encodes a measurement code obtained from the client CL, then OS responds with a response code response code OUT and the time difference between the measurement code and the response code is measured in the client CL. Conversely, a response code can also be sent out to the client to give it an answer that is decoded by INS and that the delay between the transmitted code and the received response can be measured as a TIME VALUE for assessing the runtime. Thus, here is a real-time handshake measurement method in which the hardware demands are slightly higher, as in the previous variant, which uses two clocks for measurement.
  • In general, a runtime measurement is therefore used for both variants, in which the transit time of a signal transmitted by the data transmitter (S) to the data receiver (E) via the coupling loop is measured, wherein
    • The measurement of the transit time takes place with a time measuring device provided in the data receiver (E), with reference to a time known to the data receiver (E) when the signal is transmitted by the transmitter,
    • - Or the measurement of the transit time with a provided in the data transmitter (S) time measuring takes place, based on an acknowledgment signal which the data receiver (E) on receipt of the signal to the data transmitter (S) sends.
  • 30 shows the sake of completeness, the coupling of a notebook with a mobile phone via an infrared interface.
  • Example (s) 6.0. concerns further applications:
  • The following example relates to particularly advantageous developments of this method.
  • 33 . 34 . 35 relate to an example in which the data coupling does not take place directly between the terminals in question (in this case mobile phone and client computer CL), but via another intermediate link, which again encrypts the data path between the two terminals (mobile phone and client computer CL) (possibly also bi-directional ). In addition to the possibilities of using an infrared interface, etc., an HF interface of particularly short range is used, comparable to electronic car keys, etc. In this case, because of the short range, the power supply of the chip (HF) in the intermediate link 300 (eg a wristwatch, etc.) can also be powered by the RF transmitter of the cell phone and / or client CL. If necessary, an adapter is provided for the client CL, which converts the HF interface of the clock into an available one on the computer (eg infrared, etc.). In 35 these RF interfaces are labeled CL (client) and H (mobile), the data path being via the encryption chip (VS chip).
  • 34 shows an example of a protocol of the encryption chip, the z. B. in a clock, or in a piece of jewelry, such as. B. in a ring or in a brooch, etc., is housed. The procedure begins unencrypted in the relevant chip with a standard communication, via which the data loop DS is closed. In this case, the last access number stored non-volatile in the chip (from the previous data transmission) is queried. This access number is comparable to a transfer code number insofar as it designates a selection address which corresponds to an encryption algorithm hidden in the chip via which the current encryption is to be carried out. Multiple addresses may optionally be stored, and if the method is repeated within a short time, these (old addresses) will be used sequentially to designate the encryption algorithm. The reason for this is that interception of the current encryption address should be prevented. Ie. even if secret betrayal would betray the algorithm, it is unclear which current encryption parameter or algorithm is used, ditto only one algorithm can be used and the access parameters key (variable), which are used for this algorithm respectively current. The advantage of the intermediate element for further encryption is that in the case that the cell phone would be lost, or any other manipulation Vorläge, by the further intermediary of the control code KODE is suitably further encrypted and this further encryption from the server (when checking the code) likewise must be encrypted back. Thus, both the cell phone and the link (here the clock) must be present in order to close the data loop correctly.
  • In 33 is still the option illustrates that the server I, which the client z. B. presents a WEB page for a referendum, its check code (code 1) both via the networked via IT Server II, as well as directly via IT to Server III of the wireless network (for the mobile network) can send, dito conversely, the server II (relevant test code 2). In this case, server II via server I and the client CL can send a code (2) to the phone, ditto Server I via server II and the mobile network (server III) can send a code (1) to the phone. Dito also in the opposite direction Server II can also directly via the mobile network send a code. Ie. Both on the server side, as well as on the mobile page can be done after appropriate decryption a code comparison. The mobile phone can send a message directly to the server II via the telephone connection (server III) if the code comparison of the code received via different network is not correct.
  • This also applies in the prinizip for the client CL. Thus, the data given by the terminals (client CL and / or mobile phone) can be specifically intended only for server I, ditto further data may only be intended for server II, and yet each server has the security of verification that it is the same data. In this example, in this example, server II can check and receive, for example, the telephone number of the mobile phone (with the assistance of server III) via its direct access to the radio network, but the server I for this example (consciously) does not. He receives over the client CL specific data z. For example, a ballot filled out via a WEB form. Server I receives over server II, the z. B ,. is at a notary, only the message whether the cell phone has logged in validly for this process. This is the case if the subscriber who has been certified with the mobile phone and, if necessary, with a digital signature is registered in the voter register (ie may vote) and has not yet voted. If this is not the case, then server II tells server I that voting must not take place. Thus, the standing in the polling server I receives only valid votes, and the voter remains secret. Dito the server II only receives information, whether someone is allowed to vote, has already voted or not, or whether the person in question may even choose.
  • By a possibly at the interface to the Internet further connected log server, each server (server I and server II) may have such a log server, is constantly monitored that
    • a) the server I (at the polling station) does not receive any information of the telephone loop concerning a data loop, but only temporary addresses for switching through the data loop via a data loop identified by means of a check code;
    • b) the server II (at the notary) can not decode any information that is still encoded in the data loop (and intended only for server I).
  • The assignment of the temporary addresses, via which the two servers, server I and server II respectively communicate and the 1 of n corresponding selection within the set at the server III of the telephone network respectively incoming telephone connections (T- #) of the logging for this purpose mobile phone Use, carried out according to the same method as described in the examples mentioned above, except that for each pair found (KODE / T- #) the phone numbers are replaced by temporary addresses (or intermediate addresses). By this measure, the distribution of servers I and II with their Internet connection 400 acts like a fire wall. Server I has the data of the input (eg the checked lists of a choice), Server II has the access control for the monitoring of the dialing permission. In the case of complaints or suspicions of election fraud (which is more relevant today than ever before), every process in the server I is comprehensible, not via the telephone number T- # but via the associated random code KODE of the preferred one used when assigning a temporary address Data loop DS. In this case, the code (KODE) assigned in each case only once by the relevant server for checking the data loop DS as a random number can be stored in both servers (I and II, ditto also in server III of the telephone network T- #). The telephone numbers T- # are stored in the server II as long as (strictly isolated from the code KODE!) As storage information, as they have chosen until the end of the election for the purpose of checking whether one has chosen or not. In addition to the telephone number T- # special user data such. B. in the zu 33 already explained intermediate member (a clock, etc.) can be used and also to the telephone number T- # as (positive) recognition criterion with stored, or it may be the personal data of the user (PIC) for the recognition of the telephone number T- # queried but do not need to be saved.
  • The repetition of the code given by the server as a random number (KODE) takes place only when the ambiguity no longer allows misinterpretation (eg after the election has ended or after a certain period of time, etc.).
  • The procedure is that
    • Server II generates the random number KODE and informs the server I of the generated number KODE (or, depending on the implementation, if necessary also informs the server III of the telephone network), whereby instead of the direct message to server I also an already evaluated message can be made (KODE = OK or CODE = NOT_ok);
    • Server II (possibly in conjunction with the server III of the telephone network) generates the corresponding pairs (KODE / T- #) by scanning the current connected telephone connections T- # using the random code KODE emitted by it, wherein Server II Checking for each couple, whether T- # has already voted or not, ditto, of course, whether T- # is entitled to vote at all. In this case, as with all other applications, the telephone number can only be recognized as valid if the personal data of the user (PIC) are also correct, such as a voice sample, for example, by reading an SMS sent to the user on his mobile phone Text is tested, etc.
    • - For all positively reported check codes KODE = OK, the server I writes the data entered in the WEB form by the user into a file in question, although the check codes KODE (OK) can be stored for the purpose of verification, but not the telephone number T. - #, the server I (to the phone only via the data link DS of the client computer CL has a connection to the phone) does not know.
    • - For all negatively reported check codes KODE = NOT_ok, the repeated attempt can be stored in the server II, if someone tried to dial repeatedly, or if someone who is not eligible to vote, has tried to vote.
  • When scanning the data loop, for example, one can proceed so that Server II is synchronized by Server I, or that Server I is synchronized by Server II.
  • Synchronization of Server I with Server II:
    • In this case, server I selects the clients CL to be checked (cl_1... Cl_n) in succession, and for each dialing, server II (or, if appropriate, telephone server III) uses all the current connections T- (T1 ... Tn) in order to find the pairs (KODE / T- #) through the server II, whereby, of course, server II must send out a random code each time and must check the data returned via the data loop DS.
  • Example:
    Figure DE102005045947B4_0002
  • Thus, in the described test, the incremental continuation of the addresses of the clients CL (cl_1... Cl_n), which are usually assigned only temporarily by a provider, corresponds in this case to an outer loop, and the incremental continuation of the current telephone connections (T1... Tn) corresponds to one inner loop corresponds.
  • Synchronization of Server II by Server I:
    • - In this case, Server II (or possibly Telephone Server III) dials the current connections T- # (T1 ... Tn) one after the other, and for each dial-in, the clients to be checked CL (cl_1 ... cl_n) are scanned in order to find the pairs (KODE / T- #) through the server II, whereby of course server II must send out a random code to it and must check the data returned via the data loop DS.
  • Example:
    Figure DE102005045947B4_0003
  • Thus, in the described test, the incremental increment of the addresses of the clients CL (cl_1... Cl_n), which are usually assigned only temporarily by a provider, in this case corresponds to the inner loop, and the incremental continuation of the current telephone connections (T1... Tn) outer loop corresponds.
  • In both cases, server II can either take over the function of a telephone server III directly, or the telephone server III is also included in the explained synchronization accordingly.
  • In 33 Furthermore, the code code (1) used by the server I for a self-sufficient test is drawn in addition to the code code (2) used by the server II for a self-sufficient test. With this code, then, the respective server exclusively related data of the user are linked, or encrypted.
  • An application is also specified in which the purpose is to generally transmit the subscriber identification made via a mobile phone number to a file made accessible by means of this identification during the down load. The server then encrypts this phone number into the downloaded file and the playback device or processing device. Computer, etc. uses this data (telephone number and possibly associated user-specific data PIC) as copy protection, according to claims 32 or 33.
  • See also the pre-registrations
  • from the same applicant.
  • Method via which by the access number (eg telephone number) of a terminal connected to a further network (eg telephone network) (eg a mobile phone) or directly by a protected network access, etc., the user's login into the network (eg using a mobile phone with its telephone number as a condition for logging in), in particular using a method DE 10 2004 046 413.8 / DE 10 2004 059 168.7 / DE 10 2005 007 379.4 / DE 10 2005 008 086.3 in that, in particular, that the telephone number of the user specified by a respective server when logging in (eg in a WEB page), optionally (as an option), in combination with others with the telephone number (eg via the mobile phone ) associated personal data of the user (such as a voice analysis, etc.) are included as added by the server additional data in the downloaded file, the downloaded file when playing with a relevant playback device (MP3 player, CD, DVD, etc.) contained therein and added by the server data (tags, addresses, etc.) as a test template for a playback option of the file (to check the phone number of the user, optionally as an option in combination with other associated with the phone number data ) are used, by this data added by the server (marks, addresses, etc.) the reproduction of the data is protected and the data is reproduced by the device only if by a cell phone via an appropriate interface (to the player) transmitted data encoding, according to the Loading the file used phone number of the terminal or mobile phone playback is initialized, or if necessary, the mobile phone to initialize the playback device can also directly contain (eg MP3 player).
  • This method can be used for any data reproduction or processing device (visual files, acoustic files, text files, programs, etc.).
  • In addition, it should be mentioned that the method of the present invention still with the method DE 10 2005 003 677.5 (Method for generating a random number) can be used very well, regardless of whether the interactive game (which is described in this application) via mobile phone (self-sufficient) or via a WEB page, or via a TV, in which z. B. the inputs are interactive with a mobile phone (eg, even with an identifier that can only be played with a specific mobile device brand, etc.) is played. The process can identify the players and still make the payment of the bets in seconds.
  • Example (s) 7.0:
  • The following example relates to a further developed application of this method, in which via a further network (telephone network, mobile phone network, etc.) in addition to an IT network (or to an alternative network such as intranet, etc.) a data loop over the respective Terminals (such as an IT client CL and a telephone / cell phone, etc.) of the networks is formed in order by a sent over the data loop DS code (KODE) the assignment of the terminals concerned subscriber lines or addresses (from WEB pages, etc.) or by different server processes on the port number (also telephone number T- #) of the relevant other network to make.
  • In this case, the two options (possibly also to be used at the same time) are provided, the data loop made by coupling at the client CL server ← → terminals (such as IT website ← → telephone via T # number) ← → server, as a series connection in which a code (KODE) transmitted by the server via the one data path is routed back to the server via the data loop DS formed by the client (via its terminals) via the (respectively) other data path and sent to the server by the server as specified by him as a random code Code (CODE) with the returned one checked for consistency. If necessary, using an encrypted alienation / dito again decrypted recovery of the code (CODE).
  • Or, if necessary, the data loop DS can also be implemented as a parallel circuit, in which a code (KODE) transmitted by the server via both data paths is checked via the terminals present at the client CL, the check being made via a coupling of the data paths (as data loop DS) into one of the terminals (eg in a mobile phone, etc.) of the user takes place. In both cases of series connection and / or parallel connection, alienation (encryption) and restoration (decoding) of the code (CODE) are furthermore preferred in order to prevent manipulation by attackers.
  • The task for this application concerns a further variant for the automatic linking of two server processes via the preferred method, using a client computer and a telephone, or even two mobile phones, eg. B. for two mobile phones as a crosspoint of a one or two (networked server) sent code signal to determine a running on the two mobile phone's acknowledgment process. However, here, in this example with the difference that here the server sent his code z. B. does not get directly back via the direct coupling of two cell phone's back, but the data loop DS is formed a little more complex, in particular using the property of the telephone connection T- # to make a conference call. This also applies to all applications in which the coupling for the preferred data loop DS between a client computer CL and a mobile phone or telephone T- # is made.
  • A preferred application example, which will be described in more detail in the later part of the description, concerns the exclusive allocation of two server processes of two servers not communicating with each other via the Internet, through the preferred data loop DS of an additional telephone connection T- #, which a user enters separately in the both servers used.
  • Another preferred application example relates to the creation of the possibility that two or more subscribers can each log into a WEB page, each using their phone or mobile phone to form a self-sufficient data loop DS in a server process and the WEB page, or database of Servers can not only identify the participants, but also assign each other without the need for further input from the user. Likewise, for many of those already mentioned in the other examples, this method can also be used advantageously.
  • This application should be referred to as the assignment of two or more client users to a common server process or two server processes to be linked together.
  • A very useful application for this is, for example, the aquiration of a co-partner for various games on the Internet. If z. For example, if a game is played in which the players each have to pay small amounts as a bet for certain actions of the game, then it is appropriate to animate the players to recruit other players and in return (as is common among agents) one to claim a certain percentage of the recruited player as their own stake.
  • If, for example, player B1 encourages player B2 to play, then all amounts b2 paid by player B2 are reduced to a certain percentage p, and this amount p · b2 is then received by player B1 as credits in order to play himself. If p is z. B. defined with 0.1, and advertises player B1 ten players (10 · 0.1), then the player B1 z. B. already play for free.
  • As a special feature here is a conference call is used, in which the participants concerned, z. B. Client (CL) user (User 1 and User 2, 36 ) on the one hand each a user for himself a data loop DS on his client computer CL to his telephone line T- # (landline or mobile) forms (A), on the other hand, the participants directly also communicate with each other via this conference call (B).
  • Ie. for user 1 (E3),
    there is a telephone connection to the server (user 1, E3 & server, to E1) and further directly to user 2 (user 1, E3 & user 2, E3);
    dito exists for user 2 (E3),
    a telephone connection to the server (user 2, E3 & server at E2) and further directly to user 1 (user 2, E3 & user 1, E3);
  • The transmitted code is in this case routed via the coupling of the data loops DS to the client computer CL (in each case via E3 for each user);
  • In such a way that
    the user 1, which carries out its identification to the server via the code 1 transmitted by the server to the telephone network T- # and received back via the client CL, at the same time via the direct telephone connection to the user 2 whose code 2 via the coupling of the telephone T # gets to his client computer and sends back to the server, ditto the user 2, which makes its identification to the server via the server 2 sent to the telephone network T- # and received back via the client CL code 2, at the same time still on the direct telephone line to User 1 whose code 1 receives via the coupling of the phone T- # to his client computer and sends back to the server.
  • Thus, through this conference call, the server can find the associated partner in the network via the identified code pairs code 1 and code 2, whereby code 1 is the own code sent to the client of user 1 via the data loop, therefore code 2 is assigned to the associated but foreign client , or user 2 corresponds. Dito also for the code pair code 2 and code 1 of the other user, where code 2 is the own sent to the client of the user 2 via the data loop code, therefore code 1 corresponds to the associated but foreign client or user 1.
  • This assignment can not only be done on a simple WEB page, but via any Internet service, such. As Internet telephony, the participants identify themselves only by logging on their phone numbers, and also have the opportunity to verify this with active participation, namely by direct short mutual call. For cost reasons, after the establishment of the Internet phone connection via the dial-up network / landline or mobile network switched connection while maintaining the Internet phone connection to be terminated prematurely, after the examination was made by the server, if the code signals sent by the server and the individual telephone lines T-. # allotted correspond. Likewise, if appropriate, the preferred conference circuit can be realized with the inclusion of Internet telephony.
  • Embodiment: 36 illustrates an example, ... where T- # network symbolizes the telephone network (landline or mobile), further IT each symbolizes the Internet, via which the client CL computer of the user (respectively user 1 and user 2) via their provider the IT Backbone (not shown here) are connected and the connection to the server (SERVER) to represent the relevant WEB page (s) on the client computers of the user is made DS ... symbolizes on each user page the coupling to the client computer, the z , B. in addition to an infrared connection can also be acoustically, or all in the examples mentioned above continue to be used for the transmission of data via the data loop DS can be used (including the there explained SMS converter in a mobile phone or telephone, etc.).
  • The server (SERVER) can, as stated in the examples already explained, also be several servers which can, but do not have to, be networked via the Internet. This option is in 36 symbolized by the dashed dividing line, z. B. then the left half (on the side of user 1) the server I and the right half (on the side of user 2) the server II. Where server I and II then need not be networked together otherwise, as z , B. is provided for a further example explained below.
  • Server I would then receive back its own identification code code 1 via the data loop DS (the telephone connection T- #), and additionally the code 1 generated by server II (in the example described below, still in connection with the code 2 generated by server II and that of Server II furthermore transmitted data), without an Internet connection from server I to server II would be necessary.
  • Dito, would the server II then via the data loop DS (the telephone connection T- #) its own identification code code 2 back and in addition to that of server I (code 1) without an Internet connection from server II to server I would be necessary.
  • Allocation of two server processes, without the servers having to be networked via an Internet connection:
    The combination of the code code 1 · code 2 linked in the server I as well as the combination of the code code 2 · code 1 linked in the server II coincidence can thus be assigned to the same process without the two servers having to be networked with one another , In the following example, it is disregarded that the own code generated by the server can also be encrypted, and can be further changed by the telephone or mobile phone, as well as decrypted during code comparison.
    Example: Server 1 generates code 1 = 300 and decodes (receives) code 1 = 300,
    Server 2 generates code 2 = 500 and decodes (receives) code 2 = 500.
  • The code specifications 300 and 500 are here to be understood only symbolically, in reality, it is a number from a very large amount of code (for example, from a sequence of 256 bit words, etc.) to the statistical probability of exclusivity To guarantee repeat repetition.
  • If the two servers I and server II are not coupled to each other via IT, then the two servers, server I and server II can feed the code only insufficiently synchronized into the telephone network, eg. B. Frequency-coded modem signal, wherein the frequency selection (f1, f2, f3, f4) for the representation (of log 0 and log 1.) of the serial data signal, the distinction of code 1 and code 2 is made. Ie. Code 1 is represented by f1 and f2, and code 2 is represented by f3 and f4, with these four frequencies f1, f2, f3, f4 superimposed on the telephone line via a conference call. Of course, not necessarily a start-stop signal for the serial data transmission must be used, but it can also be a modulo 2 signal used, etc. Since the data are thus transmitted analogously, z. B. the decoding method specified in the examples already explained are used. Each server then determines by scanning the received code signals, the assignment of only temporarily existing address of the addressed client to the phone number and / or at least the received code. In order to improve the statistical probability, it is also possible for the two servers 1 and 2, which are otherwise operating independently of each other, to be separated in their code code 1 and code 2 code generation (eg by MSB, Most Signific bit) so that code 1 ≠ code 2 remains. Also, in the decoding of the code itself, the address of the server that sent in may be included, as already indicated in the examples already explained.
  • The second possibility is the strict observance of a half-duplex protocol, in which the beginning of data to be sent out of a currently being ready to receive server is synchronized by the currently sent data of the other server respectively (Handshake Prinizip). The handshake, ie the indication that in each case the last character of a code has been sent, and the next follows, or a send-receive switching must take place of the involved in half-duplex server, then carried out by the usual methods, such as use of appropriate Control characters and / or determining breaks, etc.
  • For the special development of the subject of the invention realized via a conference call, the application examples can be typified as follows:
    • - 1.0) a three-point conference call, in which a server ( 36 , here corresponds to the entire designated SERVER block I + II, corresponding to a server or possibly even multiple servers) any number of clients served, and in which the 36 both users (user 1 and user 2) with their telephones T- # or mobile phones using the preferred data loop DS have logged into the SERVER respectively,
    • - 2.0) a three-point conference call, in which two servers that are not otherwise networked ( 37 , here corresponds to the SERVER I and the server II) only use the preferred data loop a common client CL, the user with his phone T- # or mobile's using the preferred data loop DS each logs into the otherwise non-interconnected SERVER.
  • Example 1.0 can z. B. are used for the example mentioned above, in which a player B1 (user 1) as client CL of the server, the player B2 (user2) as another client CL of the server to play along. Or, if necessary, even more than two users can be networked with each other. The users then dial, each independently of the other, the telephone number T. # of the server with their telephone set, or mobile phone, and log in to form the preferred data loop DS.
  • Example 2.0 may, for. B. can be used to connect to a server, eg. B. with Server II, a caller who continues to enter completely independent of this server (II) in the other server I still data to identify. In this case, server I has the task of determining via the identified call number of the user's mobile phone and / or other recognition data (such as PIC, personal identification code) whether the user is in principle authorized to enter data into server I, and how often the same user enter the data. The two servers, server I and server II are networked exclusively via the preferred data loop DS of the telephone network T- # (and must not continue to be networked for this purpose!) To make the deliberately anonymous assignment so that the user can enter its data in the first server I, but the authorization is checked exclusively in the server II, without server I had a way to tap the data for an authorization check.
  • It is evident that this application can be used quite generally, starting with simply checking the authorization for access to a data record stored on a first server I, but the access authorization is checked exclusively on a further server II, and there the server I with the server II except via the preferred telephone T- # is otherwise not networked, or possibly such further networking with relatively simple, transparent means can be blocked well (with a particularly simple fire wall here, which is the access address of Server checks, etc.), the access to server I, in relation to server I is checked completely anonymously. The Fire Wall used to block the two servers I and Server II can also be run as an additional parallel connected to the Internet access processor (eg, a signal processor DSP) to accurately monitor as a Watch Dog, which servers each turn on the servers in question.
  • As indicated in the examples already explained, in this case, the preferred transmission and return of a recognition code (KODE) generated by a respective server is used to derive an intermedial connection address for the assignment of the two server processes otherwise running on separate servers (server I and server II). using the same telephone line T- # of the user used for the login, but whose telephone number T- # is actually only checked by one of the two servers (here Server II). The server where the data is entered (here server I) purely purely by using the preferred intermedial connection address (which is purely physically derived from the telephone connection T- # to the server II) already no way to identify the caller directly. For example, in elections or referendums, the characteristics of one with a digital signature, on his mobile via Server II identifying user to separate from the actual data entry in Server I.
  • Consequently:
    Server II ... identifies the user,
    Server I ... accepts the voting data (election data, referendums, etc.).
  • In the examples already described, an example was already explained in which the two servers I and II are also networked via the Internet, but by the use of an intermedial variable in data exchange (via the Internet) between the servers, provision is made that the personal data Server II can not get to server I.
  • Here, in this example, in the election or vote, the user via a conference call, or specially trained mobile phones, etc., two completely independent of each other via Internet IT communicating with the client computer CL user server I server and II the method can perform anonymous mapping of data for identification. And without a connection between the servers via the Internet is called.
  • Exemplary embodiment: belonging to the above example 37 with the above-mentioned code data code 1 = 300, code 2 = 500, the process then proceeds as follows:
  • The user first calls up the relevant WEB page in Server I for ticking the form.
  • The user is stopped, for. B. on the WEB side I of the first server (server I), the transmission of his phone number on his phone or mobile T- # off and call the phone number of the first server I to log in via the preferred data loop DS. If he has successfully done this (tested over the code sent by server 1, eg code 1 = 300), then the user will still be prompted to maintain the telephone connection T- # via the data loop DS (ditto the coupling of the telephone / Handy's to the client CL), and with the telephone connection T- #, in which the server I continues to feed its test code code 1 = 300, to call the WEB page II of the second server (II). On this WEB page II, the user is asked to enter his phone number (the transmission to the called is yes switched off) in the WEB page II in a corresponding form window. To which server II retrieves the entered telephone number T- # of the user and sends out his check code (code 2 = 500). If the phone number specified in WEB Page II's form does not match that of the user, then the check is negative because the server does not receive the check code back and the process is aborted, but if it matches then the process continues in that the user is requested via the WEB page II while holding the telephone connection T- # in which the server II continues to feed his check code code 2 = 500, the window of the WEB page I of the second server (I) in his browser again to click, d. H. both the code code 1 = 300, which is constantly fed into the telephone connection by server I, and the code 2, which is constantly fed by server II into the telephone connection, are constantly fed into the client computer CL via the coupling interface (to form the data loop DS).
  • In this process, three temporal phases can be highlighted in this process:
    • - 2.1) It feeds (initially) only server I the code 1 = 300 (eg, using the frequencies f1 and f2) in the phone / mobile T- # of the user and thereby checks over the loop DS on this code in which the loop DS is closed via the WEB side I of the server I on the client side CL (in the case of a negative test result, being aborted);
    • - 2.2) Server I (with f1 and f2) and Server II (with f3 and f4) each feed their codes (code 1 = 300 and code 2 = 500), although the DS loop now uses the WEB page II of the server II on the client side CL is closed. In doing so, Server II checks the code (= f3 and f4) sent by him (with f3 and f4), whereby in the case of a negative test result, and server II this code (code 2 = 500 in the case of a positive test), the f1 and f2 ) from server I (code 1 = 300). In accordance with this assignment, server H adds to the code (500) sent by it (with f3 and f4) the value (300) as the assignment address, as well as other data including the user identification, the access authorization and the number of identifications under it Number (and any other results of the test criteria, but not the test criteria themselves). Thus server II (with f3 and f4) has the code 2 = [300; 300; PIC] into the telephone connection T- # to the user.
    • 2.3) By clicking on the window of the WEB side I of the server I, the loop DS is now closed via the WEB side I of the server I on the client side CL. As a result, the server I now the Client CL, or the user who has previously logged into the server I without the possibility of identifying his phone number T- # using his phone or mobile phone, can assign exactly those data to z. For example, check the validity of the data I entered directly into the server (accept or not accept, eg in elections, referendums, etc.).
  • In a further development, the data sent by server II (eg via the frequencies f3 and f4) via the telephone network to the telephone connection / mobile telephone T- # of the user is code 2 = [500; 300; PIC] by a kind of external Fire Wall (eg a DSP circuit), which on the one hand performs the formatting (with exactly defined bit placement of the individual yes / no identification bits, ditto for the two codes of Server 1 and Server 2) on the other hand ensures that no unfair data of the user is transmitted to the server I.
  • Similarly, server I can be formed by a special hardware with limited possibilities as a pure voting machine, so that abuse is prevented from the outset.
  • Thus, in relation to the representation of log. 0 / log. 1 by the frequencies f1, f2 for server I, dito by the frequencies f3, f4 for server II,
    server I sends code 1 (with f1 and f2), and it
    Server II sends (code 2) z. With f3 and f4.
  • Thus Server I (from Server II) receives:
    f3 / f4: [Code 2 = 500 · Status = Select info yes / no · Already identified yes / no · Address = 300] and furthermore with f1 / f2: (via conference call) own code 1 = 300;
    and Server II (from Server I) receives:
    f1 / f2: [code 1 = 300]
    and f3 / f4: (via conference call) own code 2 = 500;
  • With the own code code 2 = 500 Server II checks the telephone number T- # of the subscriber and encodes the status of the subscriber and he adds this code with the received from the server I (code 1 = 300) as an address, such that the server I , by the value of code 1 = 300 can correctly assign the code obtained via the data loop DS, ditto server II the other status data [status = Info select yes / no · already identified yes / no] still added (via the telephone connection T # of the data loop DS is also received) and decoded by server I and assigns to the address 300 via the client CL received from the user inputs.
  • Thus, server I to the code sent by him with f1 / f2 code 1 = 300 from the telephone signal transmitted to him with f3 / f4 of Server II, with the address = 300, the relevant data, status = Info rummage yes / no · Already identified yes / no can decode, and can rate. Had a voter (choose info = yes) already logged in the server once before (already identified = yes), where z. For example, if the server I sent the code = 232, then the server II in the phone signal encoded with f3 / f4 still sends the address or addresses (or possibly even last address only), in this case the address 232, in addition to the current address 300 The server I can therefore look to see if under a previously assigned address 232 has already been ticked a valid ballot, or even more invalid, etc., or if it is an error of the process, eg. For example, the user of address 200 did not enter anything, or only incompletely (eg, because of an error on his computer, etc.). Thus, in this case, the program in server I may decide whether to allocate the data input to the address 300 by the user as a valid voice, or to discard for unauthorized retry (for example, if no correction is permitted).
  • Synchronization when sending the signals f1 / f2, dito f3 / f4 by the two servers I and II: In order to make the decoding described above, both server, server I and server II must send their transmitted codes synchronously with respect to the client CL , or since for each new call a new code is generated, the code correspondingly synchronously.
  • Server I and Server II each generate a new code (eg, code 1 = 300) when they find they are receiving a new call (on one of their trunks) and keep this code until the connection is re-established. In doing so, they then relate the evaluation, as explained above, to the new generated code. In this case, the method can be performed with any conventional standard cell phone, or other options for encryption and identification can be used, as already described in the previous examples.
  • Likewise, it is possible in principle, the sender coding related to the individual servers, which indicates which server has just fed their code into the telephone connection T- # instead of the selection of frequency pairs (here f7 / f2 dito f3 / f4) via corresponding Address protocols (also to realize half duplex with handshake). Such synchronizations and associations are well known in the art of general networking.
  • Thus, it can be generally stated that for this application (assignment of two server processes, without the servers would have to be networked via an Internet connection), the two servers I and II, a conference circuit, in addition to the actual data network of the client computer CL (Internet IT) provided Network (here telephone network T- #) use, over which both servers (I, II) independently (and not networked by the actual data network IT) send their randomly generated code signals and after receiving the return for each server I and II independently each on the client side CL each closed data loop DS examine, as well as the transmitted code signals for the assignment of the two independently running server processes (eg, data sets, input data, etc.) use, where
    • - One of the two servers (here server I) via the Internet with the client computer CL, or the communicates for the purpose of entering data specified by the user and the conference circuit of the telephone network used to form the preferred data loop DS T- # be generated code signal (code 1) via the connection to the client CL accessible, this code signal (code 1) is not used for the identification of the client (CL) user, but exclusively only for the assignment of the other server (here Server II ) is used for identification of the data network T-# concerning the data loop DS
    • - And the other of the two servers (here server II) via the Internet with the client computer CL for the purpose of display and flow control communicates with the user as well as over the conference call of the telephone network used to form the preferred data loop DS T- # generated code signal provides the connection to the client CL accessible, this code signal (code 2) is used for the identification of the client (CL) user, ditto further if necessary for the personal identification of the user at the client CL, or user via the data loop DS (z data added via the mobile phone PIC) are added to the code signal (code 2).
  • Thus, via the common telephone connection (T- #) to the client CL existing through a telephone conference call (T- #) for both servers and the data loop DS formed at the client CL via this telephone connection (T- #) for each server (I and II) the allocation of running in the two servers server processes (I and II) is made, wherein
    • - The sensitive, to be protected data connection of the client CL on the actual data network of the client computer CL (Internet IT), which is one of the two servers (here I), for the input, or the exchange of sensitive data (concerning the user ) is being used,
    • - And the data connection of the client CL on the actual data network of the client computer CL (Internet IT), which is the other server (here II), for the identification check using the preferred data loop DS and the connection used for this purpose (here telephone number T- T # a mobile phone with identification data, PIC, such as voice recognition) is used.
  • Sensitive data are z. Eg in elections, the voter form filled in by the voter, or in a standard application, data whose access is to be protected, etc. D. h. The term sensitive data may refer to both the provider of the data and the user. The optional data addition PIC can be used, for example, by using the possibilities for the integration of personal data of the user already described in previous examples by the mobile phone (or telephone network T- #) used in the data loop into the code of the relevant server (here Server II ), via the data loop DS, eg PIC = voice check, or even fingerprint check). In the fingerprint test, reference is made to the action of actively actuating a pathway-wise measured change in depth of field as suggested in the previous examples to ensure that the fingerprint of the user is transmitted during the existence of the data loop DS.
  • As always, the closure (ditto opening) of the data loop DS made on the client side CL of the user can be done manually (via the preferred coupling variations) or possibly also by an electronic switching signal (via relays, semiconductor switches, etc.). Likewise, as pointed out in previous examples, when using a cell phone to close the data loop DS, the cell phone can optionally support many features. For example, a buffer may be provided in the mobile phone, which further encrypts the transmitted codes, or also caches for the next login, or it may also be a Zeitmeßvorgang for measuring the time between logging be made to determine if necessary, a time-out and this the server tell ditto, by time measurements or bandwidth measurements, the server can determine whether a data loop DS is being closed directly or by using another data transfer loop, etc.
    • For the other mentioned application (assignment of two or more client users to a common server process or two server processes to be linked together), it can be generally stated that the respective SERVER can be contacted via the Internet with the client computers CL of the users (of user 1 and user 2) for the purpose of input / output / display / generation of data relating to the user, as well as via the conference circuit of the telephone network T- # used for forming the preferred data loop DS, for each subscriber affected by the assignment procedure (user 1 and user 2) provides different code signal (code 1, code 2) accessible via the connection to the client CL, via these code signals (code 1 for user 1, dito code 2 for user 2) each client CL user (here user 1 and user 2) on their Phone number T- # are identified by the code signals the assignment of the telephone number tn # or its associated user in the SERVER.
  • The allocation of the server processes to associated user identifications using intermedial addresses, or even direct telephone numbers, can be done as already indicated in the examples mentioned for the identification via the telephone number T- # of the user.
  • Furthermore, the data (eg access information) sent via the data loop of the client DS is either encrypted by a server in question (eg server II for the application, assignment of two server processes, without the servers having to be networked via an internet connection) sent, or digitally signed, etc., so that the user can not falsify the data.
  • A third supplementary application to the already mentioned in the examples mentioned possibilities of the invention relates to the already explained in several variants coupling between two mobile phones, via this coupling the server in question send their code signals to the data entered via the mobile phone's phone numbers, to the personally entered data (PIC data), such as amount of money, pin number, voice sample, fingerprint, etc., assign.
  • The further application proposed here concerns the data further input to the code signals for the following particular application:
    For an automatically via the mobile phone, or via the associated server, completed riders center, coordination of driver and passengers, personal identification, and route detection of the track traveled must be entered into the server.
  • It is state of the art that the phone are provided with a GPS service, so that a cell phone users can view the location of friends on the screen of the mobile phone, the position determination is supported by GPS on the phone. the same possibility exists also for registered passengers, who, for. B. by SMS to the headquarters show their Mitfahrbereitschaft, with all the same registered motorists who are in the vicinity, get the location of the rider displayed.
  • The passenger center realized by a server is concerned with being able to register drivers as well as passengers with their personal details, wherein the mobile telephone number T- #, which relates to the closing of the data loop, may be combined with further personal data (PIC, such as Voice sample, fingerprint, etc.), which are entered under this mobile phone number, is linked, and the server receives this data.
  • In particular, for this application, the preferred feature is that when the data loop DS is closed, the GPS position is transmitted to the server. It is envisaged that both when entering the vehicle, as well as when leaving the passenger with his cell phone closes the data loop to the server DS via the user's mobile phone.
  • Thus, the server, or the server, the code from the server of the network, which affects the mobile phone driver, via the two mobile phones to the server of the network, which affects the mobile phone of the rider, dito in the opposite direction by the coupling of mobile phones can exchange and so the driver gets displayed whether the passenger is registered with his personal data, or the passenger is registered with the date and time, dito the passenger is displayed, is registered on the driver with his personal data, or the passenger with date and time is registered.
  • It is by connecting with the transmission of the GPS data to the server, the server allows to calculate the distance whose payment is deducted from the passenger's account, ditto the driver is credited to his account It can at the respective closing of the data loop still in the Cell phone are entered, whether the journey is started or stopped, ditto be checked on the basis of the two processes, whether the input data are correct, z. B. is inquired when the passenger leaves again, without a km difference is detected by the GPS system, etc. The path is then calculated according to a road map, with one of the two cell phones or both cell phones as SMS a dash of the route traveled sends the server so that it can determine the route. Dito can be tapped for this purpose, the km counter of the vehicle to over the phone, for. B. to the cell phone of the car driver, the km number instead of, or in addition to the GPS data to send to the server, etc.
  • In a special embodiment, the vehicle in addition to the radio tapping of the km counter nor an outwardly placed hands-free system of the mobile phone, z. B. next to the mirrors, to an acoustic coupler on which the cell phone is to hang up, or even only to hold (eg, handset of the phone directly to the micro hole next to the mirror, under the mirror (at a distance The car can also be provided with an acoustic coupler or infrared coupler so that the driver can easily hold his cell phone against it.
  • 38 shows an example of such an exterior mirror: In the frame of the mirror are two speakers LSP1 and LSP2 housed, the sound at the side of the mirror penetrates sufficiently loud. The microphone (MICRO) of the mirror is arranged on the side inside. For this purpose, the soundbox SK of the mobile phone is brought close to the MICRO of the mirror. Dito the microphone of the phone is held against the mirror.
  • In 38 Yet another option is shown, in which a small window is not mirrored in the mirror glass (IFRA), and under the window, an infrared interface is provided, which can also communicate with the phone.
  • The wiring of the interface is then, as usual z. B. together with the heater and the servomotor, etc.
  • Example (s) 8.0: concerns further application possibilities, according to a method in which via another network (telephone network, mobile phone network, etc.) in addition to an IT network (or to an alternative network such as intranet, or another telephone connection , etc.), a data loop is formed via the respective terminals (such as an IT client CL and a telephone / mobile, etc.) of the networks in order to determine the assignment of the codes by means of a code (KODE) sent over the data loop DS the terminals concerned subscriber lines or addresses (from WEB pages, etc.) or from different server processes on the port number (also phone number T- #) of the relevant other network to make.
  • In this case, the two options (possibly also to be used at the same time) are provided, the data loop made by coupling at the client CL server ← → terminals (such as IT website ← → telephone via T # number) ← → server, as a series connection in which a code (KODE) sent by the server via the one data path is passed back to the server via the (respectively) other data path via the data loop DS formed by the client (via the end devices) and sent by the server to the server as specified by him as a random code Code (CODE) with the returned one checked for consistency. If necessary, using an encrypted alienation / dito again decrypted recovery of the code (CODE).
  • Or, if necessary, the data loop DS can also be implemented as a parallel circuit, in which a code (KODE) transmitted by the server via both data paths is checked via the terminals present at the client CL, the check being made via a coupling of the data paths (as data loop DS) into one of the terminals (eg in a mobile phone, etc.) of the user takes place. In both cases of series connection and / or parallel connection, alienation (encryption) and restoration (decoding) of the code (CODE) are furthermore preferred in order to prevent manipulation by attackers.
  • Below, further embodiments of the invention are given. In this example, in the way that the coupling of the data loop DS between client and phone, or mobile phone within the same Device (by corresponding electronic circuit or push button, etc.) is made, for. As a telephone or mobile phone, by the property of a conference call, in which a connection to several participants (eg., Two) is simultaneously possible, and via these participants, the data loop DS is formed.
  • One example relates to a variant of the conference circuit already specified in the previous examples with the specified data encryption. As already stated, the method can also be carried out when the preferred data loop DS via a semiconductor switch or a relay of a terminal, for. As cell phones or phones is closed, this switch then z. B. is realized by the already built-in function of a conference call and continue the data loop over two telephone connections, which is made by the conference call is closed on the user side.
  • Through this conference call, the user can call from his mobile phone with the phone number T # _user,
    • a) z. B. calling a first server (S1) (having the telephone number T # _S1),
    • b) the server (S1) recognizes the given telephone number of the mobile phone and calls back,
    • c) the user calls a second server (S2) (which has the telephone number T # _S2) and, by entering his identification code and corresponding operation, forms the data loop from the server S1 via his mobile to the called server S2, with server S2 sending the check code KODE .
    • d) the user enters a sum of money and confirms it.
  • The user receives the corresponding messages when the server calls.
  • Server S1 relates to a bank server, wherein the bank server identifies the user via the telephone number of the mobile telephone and checks the personal code inputs (PIC) or finds the user's account via this data. If the user has multiple accounts, then he can use these z. B. distinguish over an extension. If the checked data (PIC), then the user gets the account number displayed and selects the bank server S2 on his mobile phone as a conference participant, on whose account he wants to transfer the amount entered to a beneficiary. He gives z. For example, enter the beneficiary's account number into the cell phone, and the bank server will receive this information along with the check code of server 1 (referring party's bank server).
  • The data amount and account number must under no circumstances always be entered; B. in the phone (such as phone numbers) already be saved or by acoustic coupling via a TV set (which just receives a corresponding product advertising broadcast) or via a radio (via acoustic coupling, etc.) or it can also Camera of the mobile phone can be used to read the coded in a window on the TV screen by color modulation and / or light blanking serial data signals in the phone, ditto can also be done an infrared coupling, etc (modulo 2 with block repetition and alternately to each block alternately , log 0 / log 1, sync bit, or start stop, etc.).
  • In the mobile phone is still a coding of the digital signature. In this case, the mobile phone can also encrypt the code received from the server 1, ditto the code obtained from the server 2 is decrypted again before the test. Furthermore, it is as already indicated in the previous examples as a further possibility that the server 2 (here the payee) is networked to the server 1 (the payer) via the Internet, and / or via a (further) connection of a conference call (Option).
  • The mobile phone signs the code received from server 1 and sends it back to server 2, which can not decrypt the data intended for it, but the signed test code (of the server 1), and as it receives it to server 1 via the Internet continues to send. Server 1 can decrypt the code. Furthermore, server 1 addresses the signature of the sent code via the checked phone number of the mobile phone and signs it internally with the digital signature belonging to this mobile phone. Subsequently, the code internally signed in the server 1 is compared with the returned and cell-signed code to test the connection. Likewise, a portion of the code is decoded to provide the required assignments (to test and meet the user, amounts, payee, etc.). The server 1 then sends the server 2 upon positive recognition of the transfer, the acknowledgment signal to this encrypted by the phone number of the user connection address (the server 2 may check by call back, but not must, because he is only the payee, therefore the number given the mobile phone sufficient). However, these processes have already been explained, it has already been explained that server 2 can decode the data associated with it, such as amount and payee, directly via the telephone connection, on the one hand. On the other hand, of course, this transfer can be handled by the Internet protocol between server 1 and server 2, or even via another connection of the conference, as also indicated in an example of the previous examples.
  • Another example concerns the detailed implementation of the passenger center already indicated in previous examples, in which the location of the entry (into the vehicle) and of the entry point via the data loop DS formed by two mobile phones (of the driver and the passenger) in conjunction with a GPS system Ausstieges is logged (including verification of the insurance and the identity, etc.) and further the respective mitgefahrene distance via the mobile phone coupling is billed immediately, possibly also by a coupled via a blue tooth interface km counter of the vehicle (with the driver's mobile phone RF transmitter / receiver coupled).
  • This is explained via an SMS input to the server, the driver his destination and the willingness to take one or more passengers, ditto the passenger sends an SMS to the server to indicate his desired destination. The server coordinates this by inquiring about SMS or computer voice from the drivers in the vicinity, or displaying the passengers on his route on his mobile phone.
  • If now the proximity of the Mitfahrwilligen be displayed without constantly the GPS system must be activated, then it is provided via an RF interface to establish a data link between the two mobile phones (passengers and drivers), and the measurement of the RF power of the receiving mobile phone , or even a regulation of the sending mobile phone (then the rule is the HF measured) to determine the distance between the cell phone's, the GPS system must calibrate only a few waypoints, d. H. does not have to constantly provide the route data, or in a temporary reception problem can also be replaced by the RF distance measurement.
  • Example (s) 9.0: concerns further additional options and possibilities for the described method, which communicate using the temporary coupling of two mobile phones (acoustically or by infrared, etc.), which communicate with one or even two servers or computers of the network , forms a data loop DS, wherein via this coupling a test code is passed, which is generated by the server via the data connection to a mobile phone, and via the data connection of the server or another server to the other cell phone of the test code is passed back for testing (series connection ). Where if a separate server is used for each cell phone, the server loop through the code via the Internet or possibly via a conference call the cell phone. Furthermore, the code can be encrypted in the relevant mobile phone or a mobile phone. Or a method is provided in which the code from two sides (via the second mobile phone) is forwarded to a mobile phone (parallel connection) and the comparison is made at the mobile phone.
  • By determining the phone numbers, the cell phone's then the assignment is made to the data entered via the mobile phone.
  • Ditto has already been specified, the test code special additional data (PIC), which relate to the particular application to add. So z. B. via an RF interface of the mobile phone (eg Blue Tooth) of the meter count of a vehicle added, ditto if necessary, the GPS data, if the phone has no own GSP chip.
  • In the previous examples, another interface here also concerns data added via an HF interface of the cell phone (eg Blue Tooth), e.g. B. in addition to the km state, z. For example, the data provided by an RFID chip and a packet address correspond. The chip is glued to a package, as in a goods label in the department store. The reading system of the chip is located in the trunk or in the hold of a vehicle and feeds the user's mobile phone associated data, which are all the codes of all packages that are in the trunk or in the hold, either directly via a server connection or via a wireless connection to the phone, in the server. This process is always initialized after a coupling of two mobile phones has been made to allow the identification of the user, ditt still the associated GPS position, and the respective km state of the involved vehicles inscribed in the mobile phone and the / (the) server (the) n) are transmitted.
  • In the previous part of the description, the proposal has already been made to use the coupling of a networked with a corresponding server cell phone with a client computer, which is also networked with a server, as a cash register function. Furthermore, the proposal was made to use instead of the client computer, another phone to realize the payment. For Cash registers, it is state of the art that an electronic detection system detects the contents of a basket of goods by means of RFID (Radio Frequency Identification) chip coding of the goods.
  • In connection with the invention corresponding to said file reference is provided that in the trunk or cargo space or in a warehouse, etc., a common electronic detection system detects the goods, or scans, this process is in each case initialized by an event by the temporary pairing (DS) of two mobile phones and the server's check code passed over them is triggered when the server finds the sent code when scanning its currently sent codes. In this case, the server then sends an activation signal to the mobile or mobile phone (s) corresponding to the detected code. This activation signal initializes in the mobile phone a data transmission via an HF interface (for example blue tooth), the electronic detection system located in the region of the mobile phone which discharges the RFID chips of the relevant packets.
  • It should be further avoided in a further development that a mobile phone optionally activates a false detection system, for example, two cars (taxis, etc.) side by side with open trunk lid next to each other, and make the driver on their mobile phone's coupling to a corresponding transfer of packages to the server. In this development, it is provided that the likewise transmitted via the RF interface odometer of a vehicle (or GPS coordinates, if necessary) an address of the vehicle the code (PIC) is added, or possibly only the address of the vehicle (PIC) the Mobile phone is transmitted. Whereby this address is also assigned to the RFID detection system installed in the vehicle, or likewise can be activated under an assigned address. This address is addressed in the activation of the RFID detection system via the RF interface (blue tooth) of the mobile so that each participating in the coupling cell phone of the two drivers initialize the associated RFID detection system. The drivers, d. H. the mobile phone's affiliation with the vehicle also constantly change when z. B. also a data loop DS to the phone via a vehicle-mounted and connected to the server device (via RF) is closed. Ie. the server can determine exactly which mobile phone is in which vehicle. Furthermore, during the initialization of the detection system, the server can set a priority (by a control signal) when the detection process should take place in each case, with the detection systems of the vehicles involved in the transhipment process (two or more) being offset in time, so that the HF signals of the A group of parcels in a car associated RFID signals, not guaranteed by a group of packages that are stored in another car. In this case, the detection system should be recorded in all cars as possible all stored in the car packages (even those lying on a seat, etc.). Since the server (s) synchronize a staggered query the acquisition systems, a clean separation of each stored in the car packages is possible.
  • Each time the RFID detection system of a vehicle is initialized, the entire inventory of the packages (eg, in the trunk, cargo space, etc.) is detected. For both vehicles, when the goods are reloaded and the data loop DS is closed via the drivers' mobile phones. There will be a surplus in relation to the previous situation and a lack of packages will occur in the vehicles concerned. Ie. the server can determine exactly when and where, and about which vehicles the packages (over how many km, etc.) are transported and transhipped. If a package is delivered, then also the handover can be ascertained via the mobile phone (with GPS, etc.), ditto the deficiency occurring in the hold of the respective vehicle due to the handover.
  • By this measure, it is z. For example, it is possible to make better use of the entire infrastructure of vehicles (taxis, etc.). The taxi driver enters his destination in a passenger transport in order to send it via SMS to the server. The server determines the optimal route taking into account traffic and other nearby taxis to take over the package (s), etc. The passenger is only charged for the shortest route and the parcel service finances the rest of the route. It can also very well taxi drivers are coupled with exclusive parcel services, etc. Dito empty rides are used by taxi drivers, waiting taxis are used as intermediate storage of the goods (in the trunk), etc. Since all activities on the server, also via voice announcement (in the car ), the driver is burdened only insignificantly by this activity.
  • In a further option, the mobile phone used also has a recognition device or reader for reading the RFID chips, or a bar code reader with which the corresponding packet code can be read into the mobile phone as associated data (PIC) and forwarded to the server. Whereby as Barkodeleser also the built in digital camera of the Handy's can be used, etc.
  • Example (e) 10: concerns further additional options and possibilities for the described method, which communicate using the temporary coupling of two mobile phones (acoustically or by infrared, etc.) communicating with one or also two servers or computers of the network , forms a data loop DS, wherein via this coupling a test code is passed, which is generated by the server via the data connection to a mobile phone, and via the data connection of the server or another server to the other cell phone of the test code is passed back for testing (series connection ). Where if a separate server is used for each cell phone, the server loop through the code via the Internet or possibly via a conference call the cell phone. Furthermore, the code can be encrypted in the relevant mobile phone or a mobile phone. Or a method is provided in which the code from two sides (via the second mobile phone) is forwarded to a mobile phone (parallel connection) and the comparison is made at the mobile phone.
  • By determining the phone numbers, the cell phone's then the assignment is made to the data entered via the mobile phone. The same applies if instead of two mobile phones the coupling between a mobile phone and a client computer (which represents a WEB page) is made.
  • In summary, the securely encrypted, fully automated recognition and address assignment of a subscriber of any first network (eg Internet, mobile phone network, etc.) relates to the short-term use of a further subscriber line of a second network (eg landline telephone, mobile phone, or another mobile phone) , etc.), or for special cases also the same network (eg telephone number of an Internet telephony, etc.), wherein the participant of the first network does not have to have a fixed access address, d. H. an address that can be assigned temporarily differently on the Internet only for each session, and the second network via its connection number (eg mobile number), etc., which forms the address assigned on the Internet.
  • In this way, z. B. the readers exemplary coupling of a WEB page to newspapers, or logging in server, or payment via a WEB page or from mobile to mobile phone, dito z. B. also from landline phone to mobile phone, further still both the secure identification of users and providers of WEB pages (bypassing the name server, etc.) possible. It is sufficient to briefly couple the two networks in question (eg acoustically, infrared, blue tooth, etc.) during log-in, in order to assign the port number of the second network as the address to the first user. In a mobile phone to mobile phone or landline to mobile phone or landline to landline pairing then the two numbers of the pairing participants are tested as a secure pair of addresses and utilized.
  • In this case, an exemplary accession number is provided in the newspaper, which is free to rub by the reader and allows a single login with further use of his cell phone. In this process, as an access key, the exemplary access number to the WEB page is replaced by the phone number of the mobile phone, and thus need not be entered.
  • Will the reader z. For example, if you buy an advance on advertisements, you can do so in the relevant stores, which also have Internet access, and then connect to the Internet (eg, the phone number), the customer, and the seller. via a special acoustic coupler, or via the seller's mobile phone, etc. etc.), and for each login a separate call (or SMS, etc.) is made by the server to check the mobile number or telephone number. The server must now assign both processes to each other, that the payment of the customer can also be credited to the customer, ditto the server must allocate the payment to the seller for the sale.
  • This technical problem has been solved by the fact that the process is repeated within two consecutive processes and each of the same code or a codepair defined by the server is used to detect the coupling, this code within a period of time within which the detection process is valid, this code is not reused for other purposes, and that the server by recognizing the repeatedly received code or associated code to a code pair, which, or which are fed back independently (with intermittent network decoupling) in the server, a related pair of at the Code coupling detects involved terminals.
  • Compilation of important features of the invention u. preferred applications:
    • 1. A method for the secure detection and / or checking and / or assignment of subscriber lines, or subscriber addresses, between two or more (eg, possibly also in conference call) directly or via any number of networks, or intermediate stations (eg. Server in the Internet, or telephone connections, radio connections, etc.), connections of a data or communication network hereinafter referred to as the first network), in particular by the use of a further data or message network (or possibly a further connection, eg a conference call) as an option), hereinafter referred to as the second network, via which, for the purpose of said detection and / or verification and / or assignment, on the relevant subscriber side (eg client, WEB browser, mobile phone, landline connection, radio device, etc.) Coupling of the terminals of the networks concerned, or the second connection (possibly also by switching a conference scarf tion via the same terminal) by forming a data loop DS (resp. Network coupling) is established via both networks or connections in order to transmit a basically random (corresponding to the random principle) CODE via this data loop DS, which is integrated into the transmission protocol of the data connection and according to the criteria Whether the code has changed during transmission over the two networks (which corresponds to a direct comparison of the codes), - and / or how the KODE has changed in the transmission over the two networks in accordance with a rule (eg according to a formula or an algorithm), which is a comparison of the code detected before encryption with the expected result or with the re-encrypted code), is checked in order to obtain the secure detection and / or verification and / or assignment of the subscriber lines, or subscriber addresses, said KODE may relate to any type of coding (in addition to a digital and an analog, etc.).
    • 2. A method according to feature 1, especially by a monitoring (or testing) in the generation of the KODE's, such that for all in the process at the same time (if necessary, each extended by a further time lock) involved participants, the KODE not repeatedly awarded becomes.
    • 3. Method according to feature 1 or 2, characterized in that the integration of the in principle arbitrary (eg, corresponding to the random principle) CODE, which is transmitted via the data loop DS of said data or communication networks, respectively in the data stream for that data connection (possibly also data connections) is included whose data path is to be identified by the code, the following cases being provided as alternatives: - The code is only transmitted and checked via the data loop DS when logging in, and or The code is included in the structure (eg block structure) of the transmitted data during the entire duration of the data connection, and that the said method, for the recognition, or for the synchronization, of two or more simultaneous or successive processes in the data transmission is used in connection with a usual data processing and using the connection designation n used in the data transmission one of 1 switched connections of n (eg a telephone number T- # in the case of a telephone network, or of a certain radio channel in a radio network, an address or a port of a secure data channel, etc.) used in the formation of said data loop DS (corresponding to said second network) with respect to the switched connection name n is used as safe to be regarded network, wherein the connection name (1 from n = T- #, etc.) is used as the common address of the processes to be synchronized for the purpose of their assignment.
    • 4. The method according to one of the features 1 to 3, characterized in that the method is used in one of the following applications: a) for the use of the production of the assignment of the telephone line, or the telephone number of a landline or mobile phone (T- #) the telephone connection Tel, which for the production of said data loop (DS on the client side CL) with a (simultaneously or consecutively) respectively addressed data connection IT concerning a WEB page shown on the client side CL (or a similar data connection of composing data blocks) is used, for the purpose of assigning the WEB page to the user of the telephone line, or to its telephone number (of a landline and / or a mobile phone) as user identification for the processing of data transmitted via a WEB page; b) for use as specified under a), with the user identification associated with the access protection to data protected by this security; c) for use as indicated under a), wherein the user identification serves as evidence that a specific user (the telephone line, or possibly the mobile number T- # assigned d) for use as indicated under a), wherein the user identification is used for the purpose of verifying the genuineness of the WEB page by using the respective one of the WEB page via which said data loop is closed; WEB page is tested using the preferred data loop DS by the user on their authenticity, and this is the client (possibly also acoustically or via display of the telephone or mobile phone) is displayed; e) for using the establishment of the assignment of the telephone line, or the telephone number of a landline or mobile phone (T- #) of the telephone line Tel, which for the production of said data loop (DS on the client side CL) with a (simultaneously or consecutively) respectively addressed data connection IT relating to a WEB page (or a similar data connection of addressing blocks constituting data blocks) shown on the client side CL, such that the server generates code elements embedded in the data blocks (as part of KODE) , ditto checks on retention, these code elements KODE respectively in the on the server side and / or on the client side sent, according to the data transmission method (eg the protocol of the Internet, IT traffic) data packets transmitted as test information (possibly encrypted ) to constantly test whether during the da tampering with the data aggregated into data packets, where appropriate, if multiple servers are used, also the server can be scouted, which performs the manipulation and this is the user or operator over the telephone connection (audible or visual) is displayed, - optionally the telephone connection Tel is used as a kind of auxiliary channel, which can operate at a much lower transmission rate (baud rate), than the addressed data connection IT (z. B. Internet), and are transmitted via the auxiliary channel Paramter, which supports the examination, or backup and / or encryption of data over the addressed data connection IT (eg Internet) data; f) for using the establishment of the assignment of the telephone line, or the telephone number of a landline or mobile phone (T- #) of the telephone line Tel, which for the production of said data loop (DS on the client side CL) with a (simultaneously or consecutively) respectively addressed data connection IT relating to a WEB page (or a similar data connection of addressing blocks constituting data blocks) shown on the client side CL, such that the server generates code elements embedded in the data blocks (as part of KODE) , ditto checks on retention, these code elements KODE respectively in the on the server side and / or on the client side sent, according to the data transmission method (eg the protocol of the Internet, IT traffic) data packets transmitted as test information (possibly encrypted ) is integrated to one, via an IT connection e telephone connection, or similar connection (such as FAX, etc.) to monitor the distinctive coding of the caller produced by the preferred data loop, ditto the called party where appropriate, using the telephone number of a traditional (dial-up or mobile network dialed) telephone line ( T- #) of the caller, ditto, if necessary, of the called party (to check the authenticity of the service over which the Internet telephone connection is established, concerning the WEB side, or the server of the service); g) for use as indicated under a), wherein the user identification for the purpose of assigning the WEB page and an access number associated with the WEB page, but separately from the WEB page received (eg a print engine, such as newspaper, book or an invoice, etc.), and this access number is provided to an exemplary (exemplary) person to be entered into the WEB page (via the keyboard or by scanning or via a chip, or via a relevant interface, such as blue tooth, etc.). Code KODE_Elegigung corresponds, - which is linked in the input with the over the data loop (KODE to feature 1) connection number of the telephone connection (telephone number, mobile number, etc.) to gain access to a portion of the WEB page, in which the said input code KODE_Berechtigung the connection number of the telephone connection (telephone number #, mobile number #, etc.) as future (for future sessions to be used Z access authorization), as well as on subsequent calls of the WEB page by the user using said data loop DS of the telephone connection, access to the protected WEB page data only under the connection number of the telephone connection (telephone number #, mobile number #, etc.), as at the first use of the code KODE authorization (as authorization for the access) to form the formation of the data loop DS (over which the code KODE for testing, or to assign the phone numbers of the mobile phone was passed) If necessary, this access may also be limited to a certain period of time or a certain number of sessions, etc. (option) and, if necessary, the further use of the code CODE_ authorization can be waived (option), which is then assigned by the assigned telephone number T- # is replaced; h) for use as indicated under a), wherein the user identification is used for the purpose of billing via the telephone charges of the telephone connection used for the assignment for the payment of the service offered or received via the WEB page; i) for use as indicated under a), wherein the user identification for the purpose of assigning the WEB page or the data received to a WEB page to the user as user identification for opening an electronic lock associated with the server, etc. , (or used for other operation of a triggering operation (such as the opening of a barrier for a parking garage or a roadblock, or the release of a person's access via a turnstile, etc.), said comparison of the one sent by the server Check codes (KODE) for user identification as a condition (or further condition) for the release of the opening of the lock, or for the operation of the triggering operation, the lock (or a device concerned) is self-sufficient and the data loop in question via the with the electronic Locked cell phone is closed; j) for use as indicated under a), wherein the user ID entifizierung for the assignment or synchronization of two or more simultaneously or successively successful processes in the data transmission and / or data processing is used and as a telephone connection for the client side CL established data loop (to the server) a landline phone or a cell phone for the purpose of processing a cashless payment transactions are used; k) for use as indicated under a), wherein the user identification for the assignment or synchronization of two or more simultaneous or successive processes in the data transmission and / or data processing is used and as a telephone connection for the client side CL established data loop (for Server) two mobile phones over which the preferred data loop is produced by data coupling (to the server) is used for the purpose of processing a cashless payment transaction; l) For use as indicated under a), wherein the user identification for the assignment or synchronization of two or more simultaneous or successive processes in the data transmission and / or data processing is used and as a telephone connection for the client side CL established data loop (for Server) a landline telephone or a mobile phone for the purpose of networking multiple servers in connection of the anonymous call a (possibly also anonymously generated) WEB page is used; m) for use as indicated under a), wherein the user identification for the assignment or synchronization of two or more simultaneous or successive processes in the data transmission and / or data processing is used and as a telephone connection for the client side CL established data loop (for Server) a landline telephone or a mobile phone for the purpose of networking multiple servers in connection of the levy (possibly also the proof of delivery) of a digital signature (signature) is used to a document displayed on a respective WEB page; n) for use as indicated under a), wherein the user identification is used for the assignment or synchronization of two or more simultaneous or successive processes in data transmission and / or data processing and as a telephone connection for the data loop (for Server) a landline phone or a cell phone for the purpose of networking multiple servers in connection of the levy (possibly also the proof of the delivery) of a digital signature (signature) is used to a sent on a WEB page e-mail; o) for use as indicated under a), wherein the user identification is used for the assignment or synchronization of two or more simultaneous or successive processes in the data transmission and / or data processing and as a telephone connection for the data loop produced on the client side CL (for Server) a landline telephone or a cell phone for the purpose of networking multiple servers in connection with the delivery (possibly also the proof of delivery) of a digital signature (signature) is used to a general operation triggered by a server; p) for use in conjunction with two mobile phones for establishing the coupling of the preferred data loop DS, wherein the mobile phones include a GPS coordinate detection system or a comparable system, also km detection system of a vehicle (etc.) is provided with a data connection to the mobile phone, etc., and in the formation of the data loop DS (via which the test code is passed for testing or for assigning the phone numbers of the mobile phone) as associated input data, the GPS coordinates and / or the current mileage of a vehicle to the (or to the) the server concerned and this process takes place in two different locations and to this phone number combination of the relevant mobile phone's distance (possibly according to a street plan) is determined, optionally one of the cell phone (or both) for this purpose send appropriate location messages to the server ( or the entered km state is used, etc.), and practice r the Data coupling of the mobile phone to the server, the personal data on the phone number of the mobile's are recorded and evaluated (to give the driver the necessary security for persons identification, if the passenger is adequately insured, etc.), where appropriate, instead of or in addition to the GPS data the km counter is transmitted via a radio interface to the mobile phone (eg the driver) the km state for determining the route and then optionally can be dispensed with the GPS coordinate detection system, and / or further optionally (as an option) in a closer, by a acoustic coupling device, which is installed under the exterior mirror of a vehicle (see. 3 ), the connection to the driver's cell phone is established by the relevant mobile phone (the rider) is held from the outside against the outside mirrors and for the driver's cell phone in the vehicle, a corresponding coupling device is provided which has the acoustic coupling device of the exterior mirror of a corresponding compound ; q) for use in a conference circuit such that said coupling of the data loop DS between client and telephone, or mobile (preferably within the same device by corresponding electronic circuit or buttons, etc.) is made; r) for using the establishment of the assignment of the telephone line, or the telephone number of a landline or mobile phone (T- #) of the telephone connection, which for the production of said data loop (DS on the client side CL) with a on the client side CL further Telephone connection of a landline or mobile phone is used, for the purpose of assigning the terminal name (or telephone number #) of the other telephone connection as another access address for one of the applications mentioned in paragraphs a to q (eg for a WEB page, etc .), depending on the application, the former used as an access address telephone connection can be maintained or replaced as an additional address, or if necessary, this process of assigning a new telephone number as an access address using a corresponding access code KODE_Berechtigung (see paragraph g) can take place; s) for use as specified under a) and d), for the purpose of checking the authenticity of a WEB page, which by a telephone call of the user via a (in addition to the Internet network IT used) another network (telephone network, mobile phone network) by calling the Servers (eg, addressing over an extension number, etc.) is called and checked using the preferred data loop DS by the user on their authenticity, the WEB page concerned using another Internet access (another server access of the same or another Servers) is copied for their presentation on the computer (client) of the user in another used only as a passive data container (or data terminal) WEB page, which is used as data access for any such WEB pages to be displayed and in this WEB page copied for the data access WEB page both anonymous (via the network to the IT network existing network telephone network, mobile network) is called as well as a generated by an anonymous data source (which is presented on the WEB page used only as a data container, or data terminal) generated WEB page; t) for use as indicated under a) for the purpose of verifying and / or establishing the identity of a caller using the Internet network (IT) making a telephone call to a corresponding user via a voice call, the caller first make a short call over a standard telephone network (standard telephone connection) to form the data loop (DS) for transmission of the test code KODE to the caller and / or called party, and after establishment of the Internet telephone connection (Voice over IP) the standard telephone connection via the usual telephone network can be interrupted again; u) for use as indicated under a) to t), wherein the data loop DS via two or more servers (I, II, ...) is formed, which independently looped through the other server or via the server, via the preferred data link (at the user or client CL) their test code (KODE 1, CODE 2 ...) each transmitted and evaluate in a hierarchy corresponding to the application; v) for use as indicated under a) to u), wherein the data loop DS is formed by two or more servers (I, II,...), which independently of the other servers (or looped through the servers) their test code ( KODE 1, KODE 2 ...) via the preferred data coupling at the user (Client CL) respectively transmit and evaluate in a hierarchy corresponding to the application in addition to the identity of the user and the identity of the server access continue to check with networked server, and / or for data on the same WEB page (displayed to the user) of different secrecy affiliation with respect to respective databases running on the relevant servers (I, II,...), by a test code respectively assigned to the data (CODE 1, CODE 2 ...), independently back up the relevant data before accessing the other with a networked server, or the other with networked servers (I, II, ...); w) for use in such a way that the code (KODE) circulating in accordance with feature 1 in a serial data loop DS via two or more devices, which is emitted and / or manipulated by a device (in each case), is compared on return, or if appropriate the one made Manipulation is tested in the special in such a way that in the data loop the code to the next device respectively passing devices each such a test (in order, or simultaneously with each self-sufficient code) make to verify the authenticity of the other devices each (see. 12b ); x) for use in such a way that the code (KODE) circulating in a serial data loop DS via two or more devices, which is transmitted and / or manipulated by a device (each), is passed via a data loop DS, the following Device connections comprises ( 12b , Option), whereby the mobile phone selects two telephone connections (Tel1, Tel2) over a conference connection: - a Handyverbindung (Tel1) to a connection server, which makes a call forwarding of the call (also Voice over IP, etc.) (Tel1 ... Teln ), - an Internet connection IT between the connection server and a bank server for managing an on-line account, - a mobile connection (Tel2) to the bank server, and corresponding code manipulations in the connection server with verification of the manipulation in the bank server, and further manipulation in the bank server with verification this manipulation in the linked server, monitoring of the debiting operation of the on-line account managed by the bank server according to the services provided by the linked server, the manipulations and checks of the code being made according to an agreement between the linked server and the bank server (eg, via protocol via IT); y) for use in such a way that feature 1 is used in conjunction with the features given in the annex in the description; z) wherein for the uses mentioned under a) to y), if appropriate, if the application allows, as a telephone connection to form the data loop DS and a correspondingly secure Internet connection IT can be used.
    • 5. Method according to one of the features 1 to 4, characterized in that for checking the data loop DS produced on the respective subscriber side (eg client side) by a corresponding coupling of the networks, one of the technical measures or measurements specified below is used (see also 6a and 6b ), whereby it is determined by this check (via the evaluation of the measurement) whether the terminals (T or CL in FIG. 2) used for the coupling (for sending S and receiving E over the path of the coupling path DS) 2a . 2 B , hereinafter referred to as the coupling path with S and E) within a certain minimum distance (directly), or via unauthorized interposition of another data link: a) it is by a corresponding measurement method, the duration of the signal via the coupling interface between each transmitting terminal (S) and receiving terminal (E) measured (see. 6a . 6b ), if necessary also bidirectional (option); b) and / or there are provided cryptographic algorithms with which the random code (KODE) at the coupling point at each transmitting (S) terminal changed as well as the receiving terminal (E) according to a corresponding algorithm further changed or changed back before he is sent back to the server, wherein the interlinked change of the code (KODE) with the participation of sending (S) terminal and receiving terminal (E) ensures that a respective pair of terminals (the same user) for the coupling DS to Production of the data loop is used, optionally with the below-mentioned measuring method can be used; c) and / or it is measured by a corresponding measurement method, the bandwidth of the data loop DS.
    • 6. The method according to one of the features 1 to 5, or according to the preamble of the feature 1, or method for secure detection and / or verification and / or assignment of the subscriber lines, or subscriber addresses, in association with participating in a server process participants and in conjunction with associated data of a data network (eg, Internet, mobile phone network, landline telephone, radio network, etc.), hereinafter referred to as the first network whose data is encoded by the subscriber addresses for designating data accesses, these subscriber addresses - independent of the actual temporary ones or fixed connection addresses of the data network, as used for establishing the data connection, can be used, and / or recognition and / or verification and / or assignment of temporary or fixed connection addresses, can be further linked to connection addresses of the data network, in particular, (a) that via another network (encrypted Internet, Mobile network, landline, radio network, etc.), hereinafter referred to as backup network or else second network whose connection structure is to be regarded as secure from subscriber to subscriber by the technology used, and - via servers and terminals (of the networks used), and / or via several networked servers and terminals (of the networks used), and / or via several networked terminals (eg a conference circuit), a data loop DS using both networks (of said first network and of said second network , or safety net) is formed, over which a security code KODE is transmitted, b) and that a test (1 = 2? 7a or 1b ) of the security code (KODE) following polls: - whether the KODE has changed in transmission over the two networks (which corresponds to a direct comparison of codes), - and / or how the KODE is in compliance with the transmission over the two networks has changed according to a rule (or according to a formula or an algorithm) (which corresponds to a comparison of the code detected before encryption with the expected result or the decrypted code), depending on the obtained test result (true or false), the secure detection and / or checking and / or assignment of the subscriber lines or subscriber addresses in relation to the device or devices specified below is carried out: in relation to a check of the correct client concerning the terminals used for the data loop DS (of first network and second network), optionally in further connection with within the data loop of still existing data accesses; and / or - in relation to a checking of the (or possibly also the) correct server, which (or is) connected via the data loop DS to the affected terminals (of the first network and the second network) , optionally in further connection with within the data loop still further existing data accesses; the coupling of the data networks coupled to a data loop DS on the client side (first network and second network) can relate to arbitrary network combinations depending on the application, such as, for example, - Internet network and mobile network, - Internet network and telephone network (fixed network), - telephone network (landline) and mobile phone network, - mobile phone network and mobile phone network, - telephone network (landline) and telephone network (landline) using a conference call, - mobile phone network and mobile phone network using a conference call, - TV video and mobile phone network or telephone network (Landline), - TV speakers and mobile network or telephone network (landline).
    • 7. Method according to one of the features 1 to 6, with a server / client model (eg a client as a WEB participant addressed by the server of an Internet provider), in particular by virtue of the fact that the client has a terminal for each network (of the networks concerned) and via a coupling of the (two) terminals, directly ( 4 . 5 ) or optionally via another device ( 300 3 ), a serial data loop DS is formed over the networks, it being possible for any number of networks to be involved, that via one of the data networks 1 (FIG. 1a ) the server-generated security code (KODE, 1a ) is sent to the relevant terminal and the coupling directly or data manipulated technically using the other network 2 (or possibly the other data networks) is returned to the server, said test (1 = 2?) of the CODE made in the server is, and / or - that the client for each network in each case a terminal (of the networks concerned) is provided and the server generated security code (KODE, 1b ) via both data networks (1, 2) the respective terminals (such as a vending machine, or connected to the Internet electronic lock, door lock, barrier, turnstile, etc.), one of which is a mobile phone connection (via coupling DS ), in order to form a parallel data loop DS by means of a coupling of the data networks to the terminals, wherein said check (1 = 2) of the CODE is made at the coupling or at a terminal relating to the coupling, if appropriate, a serial data loop and a parallel data loop for the same recognition and / or verification and / or assignment process (quasi simultaneously) can be formed.
    • 8. Method according to one of the features 1 to 7, characterized in particular a) that the coupling on the client side, or data loop DS, is formed directly via corresponding interfaces of the respective terminals (acoustically, infrared or optically via sensor or camera, ditto screen, or via blue tooth or HF; galvanic, inductive, capacitive, etc., cf. 2a . 2 B ), b) and / or that in this coupling, or data loop DS a still existing self-sufficient third-party device ( 300 in 3 ) is provided, via the use of appropriate interfaces (acoustic, infrared or optical sensor or camera, dito screen, or via blue tooth or RF or galvanic, inductive, capacitive, etc.,) to the terminals the data coupling ( DS) is looped through (possibly with further data manipulation via this third device), wherein this data coupling in the data loop DS produced directly between the terminals or possibly via the still existing stand-alone third-party device and the terminals comprises the following options: the data coupling (for Formation of the data loop DS), - and / or further optionally a data input and / or data output, - and / or optionally further an encryption (modification) of the server-transmitted code (KODE) on the client side is made, - where appropriate in the encryption , entered and / or exited via the client's terminals data included ( 7 ) and corresponding encryption parameters are exchanged between the server and the terminals, - and / or a digital signature is included in the encryption of said code (KODE), and / or there is an SMS converter in the terminal or one of the data links DS used terminals (eg mobile phone), which converts a received SMS into the relevant interface signal for the production of said coupling or transmission of the code sent with an SMS (KODE) (where appropriate, this implementation also via display and camera for the Devices used for data coupling can be used), and / or via the interface of the terminal (mobile phone, etc.) via which the data coupling is otherwise used to form the said data loop DS (eg at the keystroke on the mobile phone or via the coding an initialization code obtained via the data coupling), first the telephone number of the mobile phone via d ie the coupling (eg via the microphone of the client computer) is sent to the server, which dials the mobile phone after the telephone number has been transmitted so that the user can receive the acoustically transmitted KODE signal from the server and form the actual data loop DS via the coupling , where appropriate, the process is terminated by the server after a period of time, if the server does not receive the code KODE after a certain time.
    • 9. A method according to feature 5, feature a, characterized in that the following two options (a or b) are used, said data receiver (E) and data transmitter (S) being located in the respective terminals of the data networks, via which the data loop DS is produced at the client (user) in each case, and optionally (option) are also operated bidirectionally (with changing data direction). a) that the measurement of the transit time with a provided in the data receiver (E) Zeitmeßeinrichtung, or clock, based on a data receiver (E) known time in which the measurement signal from the data transmitter (S) using a data transmitter in the (S) also present (or the data transmitter associated) clock is sent, both clocks (the data receiver E and the data transmitter S) are synchronized in their relative gear accuracy (eg measured by trailing quartz on a radio clock, etc.) and in closer training for carrying out the method (see. 6b ), the clock of the data transmitter (S) is set by a from the data receiver (E) via the bidirectional data path of the coupling path (or the coupling path) to the data transmitter (S) sent set signal in accordance with the clock of the data receiver (E), wherein caused by the duration of the coupling path (or the Koppelweges) the clock of the data receiver (E) then at this time compared to the clock of the data transmitter (S) and that via a protocol agreement in the data transmitter (S) and in the data receiver (E) a time is agreed, to which the data transmitter (S) to the data receiver (E) sends a measurement signal (or data) whose time of arrival at the data receiver (E) in the data receiver (E) based on the previously agreed by protocol dispatch time of the data transmitter (S ) is measured as the transit time for the round trip of the data over the coupling path (or of the coupling path), b) or that the measurement of the transit time with a in the data transmitter (S) vorgeseh A time measuring device takes place, based on an acknowledgment signal, which the data receiver (E) transmits on receipt of the signal to the data transmitter (S), wherein in an expanded option for carrying out the method, the data receiver (E) the data transmitter (S) sends an acknowledgment signal over the coupling path (or via the coupling path), by its in the data transmitter (S) time measurement, with respect to the acknowledgment signal, the runtime for the out and Return path of the data over the coupling path (or the coupling path) is measured.
    • 10. The method according to one of the features 1 to 9, characterized in that said first data network to an Internet access, or a corresponding client computer, and said second data network is used as a backup network, which relates to a telephone network, or a mobile phone network and on the client side (user side) the first data network (the Internet access) and the second data network (the telephone connection) is closed via said coupling to form a serial data loop DS to - one from the server via the telephone line (said second data network) to relevant telephone connection, or to the mobile phone connection (T) of the client (or user) emitted code (KODE) via the coupling made at the client (DS) to the terminal (CL) of the first data network (or here the Internet data port) to the Server (over the first data network) to send back 2 B ), or - a code (KODE) sent from the server via the first data network (or here the Internet) to the relevant terminal (CL) of the client (user) via the coupling (DS) carried out at the client to the telephone connection or to the hand connection (T) of the client to the server via the telephone line (said second data network) back to send ( 2a ), and that the mentioned check (1 = 2?) of the CODE is made in the server ( 1a ), wherein a) a correct test result of the server over the secure telephone connection, or mobile connection T of the said second data network (from the server to the client) by a positive acknowledgment, or message, or to the user of the client, reports the client is shown that it is the correct access of the first data network related connection (or here to the right server on the Internet), wherein the user the telephone connection of the server (via TELCOM 2a . 2 B ) in order to initiate the transmission of the check code by dialing a telephone number concerning the server (via the telephone connection), whereby the insecure connection of the first data network (here the internet connection between client and server) via the secure connection of the said second data network (here the telephone connection, or mobile connection T) is tested; b) a correct test result directly indicates to the server that the client identified by the telephone connection, or by the user's mobile T via the secure connection of said second data network, is still identified with via the telephone connection or in the mobile telephone connection (immediate 1a . 1b or over another device 300 . 3 ) into the coupling of the data loop DS to the data still being entered between the server and the client (such as a digital signature, etc.) corresponds to the correct subscriber, the server being informed by a previous call or callback (via TELCOM 2a . 2 B ) of the telephone line T, or of the user's mobile phone and / or identification data of the smart card of the user (SIM card of the mobile phone, or by specific facilities of the switching system, such as when calling phone number, etc.) the right user, or client identified.
    • 11. A method according to feature 10, characterized in that when logging into the concerned (by the said assignment to a phone number checked) data area (in a corresponding session) in a unique code to be used as access protection by the user is entered, possibly also with several in the number (eg three) and / or in the time period (for the input) admitted attempts for the entrance, and in the server in a usual procedure on its correctness is examined, and that with a positive examination result (= correct, or true) this code is replaced by the assigned at this session telephone number for the access detection of subsequent sessions.
    • 12. Method according to one of the features 1 to 11, characterized in that, in the case of a checking result of the code (KODE) recognized as correct, of the checking of the dialing address (or telephone number or equivalent connection data) of that data network involved in the data loop DS, which is used as the backup network (second network), is derived from the dialing address (or telephone number #, or equivalent connection data) an address or assignment rule (or the election address is used as such) to the input and / or output and / or processing of data (ditto data records, etc.) in databases, or processes (server processes), which may also affect different databases, or servers, assign (or link) or verify this assignment (or link).
    • 13. The method according to one of the features 1 to 12, characterized in that the currently sent by the server, or received back code signals (these are all, which are not fully taken into account in this comparison) SO1, SO2, ... SOn with via the (serial) data loop DS SI1, SI2, ... SIn are compared (in a pairwise comparison) to obtain respective pairs each belonging to a subscriber forming the data loop DS through said coupling, where - for a check by direct code comparison, the pairwise comparison is made directly over the code (KODE as a function of SO1, SO2, ... SOn and SI1, SI2, ... Sin each found pairs), or - for a test by comparing the of Server emitted codes with the expected result of a changed in the data loop DS code (eg, in a subscriber-dependent encryption), the pairwise comparison using a respectively the actual test code (KODE) code added, not changed over the data loop DS Codes is made to determine in the server the respectively associated code pairs of a data loop DS, and for the respectively associated Codepairs, the decryption of the code, or to verify the affiliation using the decrypted KODE's.
    • 14. Method according to one of the features 1 to 13, characterized in that the application relates to a cashless payment system, wherein the code (KODE) data added to the client the amount of money, if necessary, the digital signature and other usual data in payment transactions (purpose, payee, Payer, date, etc.).
    • 15. Method according to feature 14, for use with mobile phones, characterized in that the amount to be paid by the payer and the payee with a corresponding note (whether Zahlender z or payee e), if necessary, with the intended use via SMS to the server in question who then calls both the cell phone's (the payer and the payee), optionally re-indicating the amount and transfer direction (+/-) (for the purpose of confirmation) and the code (KODE) about the data loop made between the cell phones for performance of the Tranfsers sends, whereby the KODE is packed accordingly in the further data (if necessary also coded).
    • 16. The method according to feature 14 or 15, for use with mobile phones, characterized in that for each unique submission of the relevant SMS to the relevant phone number of the server (respectively for the payer and for the payee), or for the valid recognition of this SMS by the server, a special pin number must be entered, with the phone is switched to the standby status for issuing an SMS to trigger the payment, whereby when entering the pin number, a time is started within which the SMS sent to trigger payment transactions otherwise the readiness status for issuing the SMS after the expiration of that time is reset (and therefore the pin number would have to be reentered to allow payment transfer).
    • 17. Method according to one of the features 12 to 16, characterized in that, in connection with said technical equipment and conventional data processing, the data input of a value takes place (eg regarding the loading of a credit for a monetary amount), said data input being during the said coupling (the serial data loop DS) being made in the protocol in which said code KODE (via the data loop) is transmitted by using one of the following options: OPTION 1: Using said serial data loop DS for the Logging in or during the data transmission to carry out an ON LINE transfer (as data entry of a cash amount) is from a bank account to another bank account, hereinafter referred to as a coupon voucher account, the charge amount under further data transfer in the serial data loop DS used telephone number r # (corresponding to characteristic 9 feature b), the amount available on the voucher account (with the note of the purpose of payment stating the telephone number used in the serial data loop # #) from an external server (irrespective of the bank server of the voucher account) is requested for updating; OPTION 2: Using an example (currently only available once) secret number, as used for example for charging mobile phones, the PIN is entered via a telephone connection (via landline or mobile phone) in the external server (regardless of a bank server), which is assigned within the lifetime of a particular paid amount, according to the communication technology used (smart card, callback, etc.), the server determines the phone number of the user used for this process to the entered Geheinzahl using this phone # # (possibly even more data ) and the said PIN is obtained in cash or during an ONLINE transfer on the Internet; in which a) said, enriched as an external server server, for the purpose of a (later) payment (via said voucher account) by the user of the relevant terminals, such as telephone or mobile phone, etc. (cell phone of the payer as voucher holder and mobile phone of an amount or partial amount the voucher redeeming) is selected in each case to carry out the corresponding with the payment via the coupling DS of the terminals test codes KODE the payment corresponding to the payment (as a reduction of the voucher account), or b) the said, enriched as an external server server, for the purpose of (later) payment of this coupon account of the user-related terminal, such as telephone or mobile phone, etc. (cell phone of the payer as voucher holder) is selected to include the inclusion of the coupling DS of the terminal and another to the Internet connected terminal transmitted test codes KODE the Bez corresponding data transfer (as a reduction of the voucher account) to make appropriate amount.
    • 18. Method according to one of the features 1 to 17, characterized in that the code sent by the server and checked in the server for return receipt, 1a (in the case of serial data loop DS) or, if appropriate, the code sent by the server and tested by the client, 1b (in the case of a parallel data loop DS), an audio signal whose characteristic frequencies are used as coding (for example, by a melody, or else a voice announcement, etc.), wherein DS is used by the serial data loop DS Server transmitted code (KODE) via the speaker of the terminal of the first network (eg speakers of a computer, or handset of a mobile phone CL) is sent and the microphone of the terminal of the second network, or security network (eg a landline phone or mobile phone T, etc.) is transmitted back to the server ( 2a ), or sent by the server code (KODE) via the speaker of the terminal of the second network or security network (eg handset of a landline phone or mobile phone T, etc.) is sent and via the microphone of the terminal of the first network (z B. Microphone of a computer, or a mobile phone CL) is transmitted back to the server ( 2 B ), or - (possibly also additional use of a parallel data loop DS, the code sent by the server (KODE) via an IT interface of the first network to the tester at the client (to check the code) is sent and over the handset of the terminal (eg mobile phone) concerning the second network or security network is sent to the test device (for checking the code) at the client, wherein (in each case) the coding / decoding of the audio signal to identify the code via a frequency filtering (eg. FFT) is converted into decodable character values (eg, quantized values of frequencies, amplitudes, tones).
    • 19. Method 18, characterized in that at least one of the following features is provided in the method: a) that in the coding / decoding of the audio signal, the time periods of the time periods respectively lying between the decoded character values are included ( to decode the audio signal according to a predetermined pattern string of such character values), b) and / or that before the comparison, or a respective comparison step, for the purpose of recognizing the pattern string, a preliminary check takes place in the character string to be examined, whether that for checking the the character string to be checked in each case currently submitted, or used comparison character in the pattern string at all, that is independent of the character position, is included, and that if this is not the case, the corresponding character string to be examined is not included in the test , c) and / or that an examination of the band width (of line quality) of the other network used for transmission of the code (e.g. Telephone network, mobile network) is made by the server, which interprets this as a manipulation attempt (by using another between switched transmission) upon detection of a significant deterioration, wherein the verification of the bandwidth sent by a server and in the manner mentioned (such Code signal) which has a different harmonic content (corresponding to a different time-varying characteristic or bandwidth requirement for the transmission of the audio signal) at different time intervals and that by bandwidth analysis of the harmonic components of the audio signal, the bandwidth for judging whether a manipulation attempt or not, measured in the server, or evaluated and / or that in addition to the coding for detecting the location affiliation of the terminal of the first network (eg IT computer) and the terminal of the second network (eg secure telephone connection), further codes are simultaneously decoded from the audio signal received back in the server, these further codes being used as control characters in order to divide the audio signal into two areas and to indicate to the server: One or more areas relating to the bandwidth measurement (for determining whether the data loop DS is optionally connected via a communication link, i.e. if the terminal used for the data loop is permitted, if appropriate, for the specific purpose), and an area which controls the transmission of the code for testing said location affiliation, optionally by said harmonic manipulation (as a function of time, possibly also according to a serial coding) of the audio signal (generated by the server, filtered by the terminal) is checked when the return of the audio signal by the server whether a terminal used for the coupling of the data loop DS is authorized to form the data loop by filtering the harmonic components generated by the server by the respective terminal in accordance with said harmonic manipulation, and filtering this (via the missing harmonic components in the signal) are checked by the server.
    • 20. A method for use with a method of the preceding features, or in its own application, in particular by a chip inserted into a notary seal, which roll ( 15 . 16 . 17 . 18 ) can be used, and further integrated into the process for the use of a preferred application of the data loop DS, where appropriate (as an option) still a suitable interface device provided (see 17 ), which is executed as a stamp and can be placed on the chip seal to make the digital signature of a document, which is also available as a document (eg in a notary) for a layman verifiable.
    • 21. Method according to one of the preceding features, or method for detecting the network connection of a computer networked with a server, z. B. a computer connected via a provider to the Internet, a) in which (at least when logging in) using a connected to another network (eg., Via a telephone connection) terminal to which the server in question is also connected, sent by the server and returned for checking code via an input and / or output interface of the computer and the said terminal (the other network) is transmitted, b) the connection of this further network or its terminal to the input / output interface of the networked computer is regarded as the code checking unit (for the location of the computer and the terminal), c) and the code sent by the server c1) sent to the computer and displayed to the user via one of its output interfaces (eg above its screen) and reentered by the user at the input interface of the terminal related to the other network (eg via the keypad of a telephone) and the server is sent back via this network, and or c2) are sent to the terminal which concerns the further network (eg as an announcement via the telephone receiver) and reentered by the user at the input interface (eg via the keyboard) of the computer and sent back to the server becomes. in particular in that the code sent by the server and tested upon return relates to an audio signal whose characteristic frequencies are used as coding, whereby the location affiliation of computer (eg IT computer) and the terminal of the further network (eg. a telephone connection) is displayed to the server.
    • 22. Method according to feature 21, characterized in that the code sent by the server a) is sent to the loudspeaker of the computer and is transmitted back to the server via the microphone of the terminal which concerns the further network (eg mobile telephone, telephone), and or b) is transmitted to the handset of the end-of-line device (eg mobile phone, telephone) and is sent back to the server via the microphone of the computer.
    • 23. Method according to feature 21 or 22, characterized in that the coding / decoding of the audio signal for recognizing the code is converted via an FFT into decodable character values (eg quantized values of frequencies, amplitudes, tones).
    • 24. A method according to feature 23, characterized in that in the coding / decoding of the audio signal the time periods of the time periods respectively lying between the decoded character values are included (to decode the audio signal according to a predetermined pattern string of such character values).
    • 25. Method according to one of the features 21 to 24, with a customary recognition method for the recognition of one or more pattern strings, which (which) is located at any position in a string to be checked, characterized in that prior to the comparison, or a respective comparison step, for the purpose of recognizing the pattern string, in the string to be checked, a pre-examination takes place, whether the currently used for checking the character string to be tested Character in the pattern string at all (ie, regardless of the character position) is included, and that if this is not the case, the character string corresponding to the character string to be examined is not included in the test.
    • 26. Method according to one of the features 21 to 25, characterized in that a check of the bandwidth (the line quality) of the further network (eg telephone network, mobile phone network) used for the transmission of the code is made by the server Finding a significant deterioration this is interpreted as a manipulation attempt (by using another between switched transmission).
    • 27. A method according to feature 26, characterized in that the checking of the bandwidth by a sent from the server and in the manner mentioned (like the code signal) received audio signal, which at different time intervals a different harmonic content (corresponding to a different time-varying Bandwidth of the audio signal) and that by ratio analysis of the harmonic components of the audio signal, the bandwidth for judging whether a manipulation attempt or not is measured in the server
    • 28. Method according to feature 26 or 27, characterized in that in addition to the coding of the identification of the location affiliation of computer (eg., IT computer) and the terminal of the other network (eg a telephone connection) even more codes simultaneously be decoded from the received back audio signal in the server, these further codes are used as control characters to divide the audio signal into two areas and to the server to display: d) an area related to the bandwidth measurement, e) and an area related to the transmission of the code for the examination of said location affiliation.
    • 29. Feature omitted.
    • 30. Feature omitted
    • 31. Method according to one of the preceding features, or method for detecting the interconnection of two or more database events, which relate to an input and / or output of data from not directly networked terminals using a method for detecting or establishing a network connection with a server networked computer, or terminal, in particular a mobile phone, in which the server emits a code, which by temporarily coupling the not directly networked terminals (eg acoustically, or by infrared, or inductive or capacitive, etc.) from the server one of the temporarily coupled terminals is sent and routed back to the server via the other terminal, whereby a data loop is formed via the respective terminals in order to compare the transmitted code with the returned code an existing allocation of database events or similar Proz verifying that the database events concerning an input and / or output of data can relate to the same database or different databases, and / or a method for linking two server processes (which, however, may also run on the same server) with a temporarily made for coding telephone connection as a data loop via a mobile phone, via which one from the server to the phone and back to the server via a respective terminal (as an interface to the mobile phone) is passed and on the detection of the code, the phone number of the cell phone used in the data loop is checked, in particular in that the assignment of said data events relating to an input and / or output of data, or of said server processes, takes place via the telephone number of the mobile telephone connection used for the production of said data loop relating to the terminals during the temporary coupling , And that for the purpose of this assignment, all currently sent by the server concerned and returned via said data loop code pairs are compared with each other, wherein a comparison pair of two signals each consisting of a sent and a data loop back on the received code signal, wherein the associated each corresponding comparison signals corresponding communication channels (Internet addresses and telephone numbers) are also recognized as belonging to each other.
    • 32. A method according to feature 31, characterized in that the association relates to an event relating to an input and / or output of data, which is assigned to the same database, in that the acknowledgment signal (corresponding to an acknowledgment signal) is generated via the data loop concerning the terminals (a temporary coupling) using the cell phone used to form the data loop by the code sent by the server and returned back if the code matches; Connection, or the telephone number under which the connection is made to form the data loop is used as an access code for generating the acknowledgment signal (by the server).
    • 33. A method according to feature 31, characterized in that the association relates to an event relating to an input and / or output of data allocated to different databases, via the data loop (a temporary coupling) relating to the terminals, using the message to form the By means of the code sent by the server and returned back to the data loop, by assigning this code as the key for data access of the different databases, the cell data relating to the key are linked to a data record or to a related data group and if the code matches Confirmation signal (corresponding to an acknowledgment signal) is generated, and that the cell-related connection, or the telephone number under which the connection is made to form the data loop, as a connection code for the combination of the relevant data difference used as an access code to generate the acknowledgment signal (by the server).
    • 34. The method according to one of the features 31 to 33, characterized in that the method is used to pay a data entered into the database via a data entry purpose by the (via a temporary coupling made) formation of the data loop (with the mobile phone) as is paid (according to the generation of an acknowledgment signal by the server), wherein prior to formation of this data loop the transfer to pay the amount used via an on-line account, in which the user in this transfer via a telephone connection (data connection) of his mobile phone for Server using the used as an access code, or possibly also as a connection code for said data link telephone number logs in and this phone number from the server in question, which makes the transfer, or a relevant server that is involved in this transfer, as a key for the Zuo tion of this transfer to a data signal (the mobile phone) later received or generated confirmation signal is used.
    • 35. The method according to one of the features 31 to 34, in particular by the following method steps, wherein the method is used for payment transactions, in which, upon presentation of a code, which is issued to prove a payment, the payment is recognized to a corresponding confirmation signal ( by the server) (when receiving a good, a ticket, or opening a slot machine, etc.). a) the user logs on via an Internet connection in a (WEB) server, or uses the WEB page (as a comparable equivalent), the user transmits the phone number of his mobile phone to the server via this Internet connection or the server already this number in one Database is stored, b) the server in question calls the user via a mobile phone, sending the data code which is sent back to the (WEB) server for checking or recognition via the data loop to be established by the user through temporary coupling (eg via an acoustic coupling from the mobile phone to the computer with the Internet connection, or vice versa, or by an infrared connection, etc.), wherein upon recognition of the returned code in the server, the phone number of the mobile phone as later to be entered via another Internet connection assignment key, c) the user transfers (or has already transferred) the requested amount (eg via his on - line account, etc.) in order to be able to accept the paid purpose later as a proof of payment via a data loop created by temporary coupling with the mobile phone; to be able to initiate the confirmation signal to be generated by the server, wherein the bank server causes an immediate message for the receipt of payment, indicating the purpose of the payment to the (WEB) server, d) in the later payment by temporary coupling by means of the mobile phone of the telephone number as assignment key having produced cell data loop, the (WEB) server via the data loop emitted code as a mapping key for the assignment of the data associated with the generation of confirmation signal this process used.
    • 36. A method according to feature 35, characterized in that in the said process step (c) access to a bank server using an on-line account this access is also made by the phone whose phone number (for establishing the connection) in the process steps (a) corresponds to (b) and (d), wherein the (possibly also by recall) from the bank server securely recognized phone number for the assignment of the payment purpose specified in the WEB server is used in the execution of the transfer.
    • 37. Method according to one of the features 31 to 34, in particular by the following method steps: a) the user logs in via a telephone call of a mobile phone into a bank server for the purpose of using an on-line account, wherein the telephone number of the mobile phone, or the telephone connection used in the process is recognized by the bank server (and optionally checked by callback) and the user transfers an amount entered into his mobile telephone to a bank account of a service server (as intermediary beneficiary) which is permanently coded as bank transfer from his account, wherein the bank server uses the recognized phone number of the mobile as its intended use, b) the bank server transmits to the service server the telephone number of the transfer made in step (a) with the associated data, which in addition to optional further information (date, time, etc.) recognized during the transfer, or checked phone number of the mobile phone and (as Another option) contains the amount, wherein the phone number of the mobile phone for the in step (c) to be generated confirmation signal the key for later assignment (the other data) of the user (as a payer) on the intermediate account transferred amount to that of the intermediate account c) the generation of the said confirmation signal (which corresponds to the payment in the service server recognized code signal) via a call of the service server on the (used for payment) mobile through the user in formation of said you The data loop to be made by the mobile telephone via the said temporary coupling, in which the code signal sent by the service server is transmitted via the data packet to the actual (actual) payee. Beneficiaries) associated terminal is sent back to the server for verification and assignment, and by the code signal on the assignment of the telephone number received from the bank server and used for the data loop phone number of the (or the connection) the assignment of the intermediate account (the service server) received transfer of the principal (mobile user) and the intermediate account to the account of the actual beneficiary (by an on-line account robot function of the service server) to be made forwarding (transfer) with each complementary data (from bank server and service server) is made, the Service server the data assigned to the beneficiary of his bank account (and his address, etc.) on the access to the service server receives, as he in the case of formation of the said made by the mobile phone data loop of networking the Endg used corresponds to the same.
    • 38. The method according to one of the features 31 to 37, characterized in that as a networked with the server terminal via which the confirmation signal for enabling a payment corresponding to the transfer (a product, a ticket, an access, etc.) is received from the server and which is used for the purpose of forming said data loop using the mobile phone used for identification (via the telephone number), is a cash register or a computer used as a cash register, this terminal is correspondingly networked with the server generating the confirmation signal (and Acknowledgment signal is displayed as an acknowledgment for the payment effected, or is integrated, eg for the release of a receipt, etc.).
    • 39. The method according to one of the features 31 to 37, characterized in that as a networked with the server terminal via which the confirmation signal for enabling a payment corresponding to the transfer (a product, a ticket, an access, etc.) is received from the server and which is used for the purpose of forming said data loop using the mobile phone used for identification (via the telephone number), an automaton - to issue a product (eg cigarettes, etc.), - to issue tickets (eg roll-printed tickets, - to activate an access control (eg turnstile of a ski lift, etc.). is, this terminal with the confirmation signal generating server is correspondingly networked (and the confirmation signal is displayed as a receipt for the payment carried out, to enable the output or activation of the access, etc.).
    • 40. Method according to feature 37, characterized in that for the implementation of method step a, the input of a PIN code or a comparable code (fingerprint, speech analysis, etc.) is required to log into the on line account for the purpose of a transfer to can, or methods in their own application for entering a pin code in a mobile phone, especially by the following features, or process steps: a) By entering the pin code, the device is switched to a status that only permits the input of a further (shorter) pin code, freely definable by the user (after unlocking), b) If instead of entering this further (shorter) pin code another function of the mobile phone is used or a wrong pin code (of this further code) is entered, then the mobile phone shuts itself off and the function protected by the pin code is only by the previous one entered (longer) pin code, c) by entering the further shorter PIN code, the transfer of the transfer order to the bank server (eg to the intermediate account) is triggered, whereby the amount to be transferred is to be entered in advance.
    • 41. Method according to one of features 37 to 40, characterized in that, at the time of the definitive dispatch of an on-line transfer performed via the mobile telephone (eg after the amount input), a time measurement is started within which the formation of said data loop ( in order to loop through the code of the server and to transmit it via the payee's terminal), otherwise the payment made by the bank server (transfer) is reversed This time monitoring is started in the bank server (eg when sending the transfer to the bank server by the mobile phone) and within this time by the service server a corresponding acknowledgment signal of the mobile phone, or its phone number that the associated (sent by the service server ) Code has been sent back to the server correctly, is delivered to the bank server, otherwise the bank server reverses the transfer (to the intermediate account).
    • 42. The method according to feature 35, characterized in that method step d) allows a variety of transfers made for different payment purposes, which are linked by the said method with the phone number of the mobile phone and the repeated implementation of method step (d) the redemption of in step (a) with (b) the phone number of the mobile phone respectively assigned payment purposes are marked in the server (to avoid repeated redemption).
    • 43. Method according to one of the features 37 to 42, characterized in that the user's terminal is likewise a mobile phone which has a corresponding connection (eg via the Internet) to said service server.
    • 44. The method according to any one of the features 37 to 42, characterized in that said service server runs on the bank server, or optionally in this is included as a corresponding function.
    • 45. The method according to one of the features 31 to 44, or according to the preamble of the feature 31, characterized in that the following application is realized with it: Due to the preferred use of the data loop using a code signal two on the client computer of the user by completely independently operating server processes (which may also run on the same server) simultaneously or at any time represented WEB pages (or comparable data access, also About mobile network, etc.) linked via the telephone connection or telephone number used in the construction of the data loop to the relevant WEB pages, so that of a form or record of a WEB page on the form, or data content, or record of other WEB page can be mutually accessed by the server in question.
    • 46. Arrangement for carrying out the method according to one of the features 31 to 45, in particular by a support surface with a sound-insulating surface (eg foam, etc.) in which a microphone and / or a hearing capsule for producing an acoustic coupling via which the formed data loop is formed, is embedded.
    • 47. Arrangement for carrying out the method according to one of the features 31 to 45, in particular by an infrared interface over which said data loop is formed.
    • 48. The method according to one of the features 31 to 45, wherein the method, the data of an on-line account bank transfer will be marked, which is used for Geldwerte recharge a mobile phone, in particular, that on the preferred link this online account account transfer and an over a server with a corresponding terminal controlled event of the said temporary production said data loop on a mobile phone concerned (when paying), while the telephone connection, or telephone number through which a linkage of the data in the server for account transfer is made, in addition to the above purposes continue to do so is used to represent input data of the server (which is associated with the terminal for forming the data loop) on the mobile phone (eg an amount to be paid) and / or vice versa.
    • 49. Method according to one of the preceding features, characterized in that said data loop over which said code signal is transmitted is constantly maintained and the method is used to establish where the data source of a WEB page, or equivalent transmission, originated secure or check the data source in this regard.
    • 50th Feature deleted.
    • 51. Method according to one of the preceding features, or method for the assignment of the network connection of two or more data networks and / or signal networks used for data transmission and / or data processing (eg IT network and a telephone network, etc.) with respect to used in the data transmission channels (eg, ports or dial-up by a phone number switched connections, etc.), wherein a so-called. Client / server model comes to the application, in which the terminal of the user is referred to as a client CL and connected directly or via a further data link (via other clients, or other devices of other users, etc.) to a server or similar device or methods according to the preamble and / or the characterizing part of feature 1, characterized in that the connections established according to the client / server model comprise two or more of the connections established by the client to the server or from the server to the client. pertaining to switched connections, of which at least one connection considered to be securely distinctive (eg via a dialing office or consisting of radio channels) can be considered their connection designation n of 1 out of n switched connections (eg telephone number in a telephone network, radio channel in a radio network, etc.) establishes the unique connection between a specific client and a specific server from the set of all available clients or servers in the data network becomes
    • I) and that a data loop DS is switched (made via a corresponding coupling, such as, for example, an acoustic or infrared, or an optical coupling, etc.) or connected using the said connections on the client side CL ( also by plug-in connection, relay, electronic switch, etc.), via which a code (KODE), which is sent directly from the server (or the comparable device) and returned again for checking, is not forwarded unmistakably regarded connection (eg over a dialing office or consisting of radio channels) and on the other hand the still existing data connection between client and server as a series circuit over which the data stream of the server generated and again received code (KODE) is led, whereby the two variants are provided as alternatives or options a) of the unpredictable in its transmission code (KODE) from the server (or a similar device) via a direct data connection to the client is sent (where appropriate, this code can also be on several clients and / or server slides) and that this code (KODE) is sent back to the server for the purpose of comparison by means of a data loop (or connection) established on the client side via the connection regarded as secure or unmistakable (eg via a dialing office or consisting of radio channels) (where appropriate, this code can also be passed over multiple clients and / or servers), and / or at b) the code (KODE), which is not predictable when it is transmitted, is sent to the terminal by the server (or a comparable device) via the connection which is regarded as secure or unmistakable (eg via a dialing office or consisting of radio channels) (Where appropriate, this code can also be routed via several clients and / or servers) and that this code is sent back to the server for comparison by means of a data loop (or connection) established on the client side via directly existing data connection (where appropriate, this Code can also be routed via several clients and / or servers),
    • II) and / or using the said connections on the client side CL a data loop DS is switched (made via a corresponding coupling, such as an acoustic, or an infrared, or an optical coupling, etc.) or switched is (also by plug-in connection, relay, electronic switch, etc.), via which one of the server (or the comparable device) immediately sent out and both about the definitely unmistakable considered (eg via a dialing office or consisting of radio channels) Connection, as well as on the existing data connection (eg IT connection) at its emission unpredictable code (KODE) is passed, whose data path on the one hand as certainly unmistakable considered (eg via a dialing office or consisting of radio channels ) Connection and on the other hand, the still existing data connection between client and server used as a parallel connection, but that of the data trom of the server generated and retrieved code (KODE) is passed, wherein the guided over the different data paths from the server to the client CL code is checked at the client CL to match a certain operation on a device in question (at the client CL) trigger (such. B. opening a lock, a cabinet, a turnstile, etc.).
    • 52. Method according to feature 51, or method according to the preamble and / or the characterizing part according to feature 1, characterized in that the method for detecting, or for the assignment or synchronization of two or more simultaneously or successively occurring processes in the data transmission and / or data processing is used by those considered as between client and server as certainly distinctive (eg switched connection via a dialing office) or its connection name n of 1 out of n switched connections (eg telephone number T - # in a telephone network, radio channel in a radio network, or also a particularly secure network connection, as well as an internet connection, etc .) is used as a common address for the assignment or synchronization of said processes.
    • 53. Method according to feature 51 or 52, characterized in that said assignment or synchronization of two or more simultaneous or successive processes in data transmission and / or data processing using the connection designation n of a connection switched from 1 to n (e.g. a telephone number T- # in a telephone network, a radio channel in a radio network, etc.), which is used in said data loop according to feature 51 for the assignment of the network connection, wherein the connection name n (or T- #, etc. ) is used as the common address of the processes to be synchronized for the purpose of their association, thereby in particular, that the method is used for at least one or more of the following purposes: aa) for using the establishment of the assignment of a telephone connection (which is used for said data loop) corresponding to the telephone line (T- #) on the client side CL to a (simultaneously or consecutively) respectively constructed data channel of a WEB page (or a similar data connection) displayed on the client side CL for the purpose of assigning the WEB page or the data received to a WEB page to the user as general user identification for further processing of the data displayed on the WEB site; bb) for using the establishment of the assignment of a telephone connection (which is used for said data loop) corresponding to the telephone connection (T- #) on the client side CL to a (simultaneously or consecutively) each constructed data channel of a WEB displayed on the client side CL Page (or similar data connection) for the purpose of associating the WEB page, or the data received to a WEB page, to the user as user identification, this user identification being associated with the access protection to data protected by that backup; cc) for using the establishment of the assignment of a telephone connection (which is used for said data loop) corresponding to the telephone connection (T- #) on the client side CL to a (simultaneously or consecutively) each constructed data channel of a WEB displayed on the client side CL Page (or a similar data connection) for the purpose of associating the WEB page or the data received to a WEB page to the user as user identification, this user identification serving as evidence that a particular user (to whom the telephone line T- # associated) read a particular document of the WEB page over which said data loop is closed; dd) for using the establishment of the assignment of a telephone connection (which is used for said data loop) corresponding to the telephone connection (T- #) on the client side CL to a (simultaneously or successively) constructed data channel of a WEB displayed on the client side CL Page (or similar data connection of blocks of data composed by addressing) for the purpose of verifying the authenticity of the WEB page, this being indicated to the client (possibly also acoustically or via display of the telephone set); ee) for using the establishment of the assignment of a telephone connection (which is used for said data loop) corresponding to the telephone connection (T- #) on the client side CL to a (simultaneously or consecutively) each constructed data channel of a WEB displayed on the client side CL Page (or similar data connection of addressing blocks of data blocks) such that the server generates code elements as it checks for retrieval, these code elements corresponding to the data sent on the server side and / or on the client side and according to the data transmission method (e.g. B. the Protocol of the Internet, IT traffic) corresponding transmitted data packets each as test information (possibly encrypted) is added to constantly test whether during data transfer manipulation of the data packaged in data packets are made, optionally if multiple servers are used . also the server can be scouted, which performs the manipulation and this the user or operator (possibly also acoustically or via the display of the telephone set) is displayed; ff) for using the establishment of the assignment of a telephone connection (which is used for said data loop) corresponding to the telephone connection (T- #) on the client side CL to a (simultaneously or consecutively) each constructed data channel of a WEB displayed on the client side CL Page (or similar data link of addressing blocks of data blocks) such that the server generates code elements as it checks for retrieval, these code elements corresponding to the data sent on the server side and / or on the client side and according to the data transmission method ( eg the protocol of the Internet, IT traffic) correspondingly transmitted data packets each as test information (possibly encrypted) is added to a set up via an IT connection telephone connection, or similar connection (such as FAX, etc.) over by the preferred Data Loop created unmistakable encoding of the Caller, ditto, where appropriate, to monitor the distinctive coding of a called party, using the phone number of a classic (switched dial-up connection) telephone line (T- #) of the caller, ditto if necessary, the called party (the authenticity of the service through which the Internet -Telephone connection is established to check (regarding the WEB page, or the server of the service). gg) for using the establishment of the assignment of a telephone connection (which is used for said data loop) corresponding to the telephone connection (T- #) on the client side CL to a (simultaneously or consecutively) each constructed data channel of a WEB displayed on the client side CL Page (or a similar data connection) for the purpose of assigning the WEB page and a receipt of payment for the WEB page on purchase (eg of a printed matter, such as newspaper, book or even an invoice, etc.), whereby the proof of payment one in the WEB-side (over the Keyboard or by scanning or a chip, etc.) contains exemplary (exemplary) code (KODE_Zahlung), which is linked in the input with the established over the data loop connection number of the telephone connection (telephone number, mobile number, etc.) to access to to receive the protected data of the WEB page as well as in subsequent calls of the WEB page by the user using the data loop of the telephone connection, access to the protected data WEB page only under the connection number of the telephone connection (telephone number, mobile number, etc .) which has been used when first using this code (CODE_payment), which access may also be limited to a certain period or a certain number of sessions, etc. (if necessary, option); hh) for using the establishment of the assignment of a telephone connection (which is used for said data loop) corresponding to the telephone connection (T- #) on the client side CL to a (simultaneously or consecutively) each constructed data channel of a WEB displayed on the client side CL Page (or similar data link) for the purpose of billing the telephone charges of the telephone line used for the assignment to pay for the service offered or received via the WEB site; ii) to use the establishment of the assignment of a telephone connection (which is used for said data loop) corresponding to the telephone line (T- #) on the client side CL to a (simultaneously or consecutively) each constructed data channel of a WEB displayed on the client side CL Page (or similar data connection) for the purpose of assigning the WEB page or the data received to a WEB page to the user as user identification for opening an electronic lock associated with the server, etc., (or other operation a triggering operation (such as the opening of a barrier for a car park or a roadblock, or the release of a person's access via a turnstile, etc.), said comparison of the test code sent by the server for user identification as a condition (or further condition) for the release of the opening of the lock, or for the Betätigungsigun g of the tripping process, at the lock (resp. a relevant device) is self-sufficient and the relevant data loop is closed via the coupled with the electronic lock cell phone; jj) for using the assignment or synchronization of two or more simultaneous or successive processes in the data transmission and / or data processing, wherein as a telephone connection for the data loop (on the server) made on the client side CL a landline telephone or a mobile phone for the purpose of processing a cashless payment transaction is used; kk) for using the assignment or synchronization of two or more simultaneously or successively occurring processes in the data transmission and / or data processing, wherein as a telephone connection for the client side CL established data loop (to the server) two mobile phones over which the preferred data loop by data coupling (to server) is used for the purpose of processing a cashless payment transaction; ll) for using the assignment or synchronization of two or more simultaneous or successive processes in the data transmission and / or data processing, wherein as a telephone connection for the client side CL established data loop (to the server) a landline phone or a cell phone for the purpose of networking multiple servers in connection with the anonymous call of an (possibly anonymously generated) WEB page is used; mm) for using the assignment or synchronization of two or more simultaneous or successive processes in the data transmission and / or data processing, wherein as a telephone connection for the client side CL established data loop (to the server) a landline phone or a cell phone for the purpose of networking multiple server in connection with the levy (possibly also the proof of the delivery) of a digital signature (signature) is used to a document displayed on a respective WEB page. nn) for using the assignment or synchronization of two or more simultaneous or successive processes in the data transmission and / or data processing, wherein as a telephone connection for the client side CL established data loop (to the server) a landline phone or a cell phone for the purpose of networking multiple server in connection with the levy (possibly also the proof of delivery) of a digital signature (signature) is used to a sent to a WEB page e-mail. oo) for using the assignment or synchronization of two or more simultaneously or successively occurring processes in the data transmission and / or data processing, as a telephone connection for the client side CL established data loop (to the server) a landline phone or a cell phone for the purpose of networking a plurality of servers in connection with the delivery (possibly also the proof of the delivery) of a digital signature (signature) is used to a general operation triggered by a server.
    • 54. Method according to one of the features 51 to 53, characterized in that on one of the terminals used for said data loop DS of the relevant data connections and / or optionally in (further) server, when the data loop is directed controlled controlled over this (as an option ), an alienation of the code (KODE) sent out by one (or other servers in each case) according to an algorithm known at the code comparison point (at the server when the data loop is connected in series and / or at the client if the data loop is connected in parallel) At this point of comparison the alienation is decrypted again.
    • 55. The method according to one of the features 51 to 53, in particular according to feature 54, with an encryption / decryption of the guided over said data loop DS test codes at said locations, characterized in that the following variants are used (simultaneously or alternatively): a) alienation of the code sent by a particular server; b) adding another code; c) Interrupting / sending the code according to defined (encrypted certain) times, these times are checked when comparing the code with.
    • 56. The method according to one of the features 51 to 55, for using the assignment or synchronization of two or more simultaneously or successively occurring processes in data transmission and / or data processing, characterized in that the synchronization of the processes to different servers and / or to different WEB pages, or even sessions (even of the same server) in succession by respective formation of the said data loop to the (individual or relevant) (server / s) under the same port number (or telephone number).
    • 57. The method according to one of the features 51 to 55, for using the assignment or synchronization of two or more simultaneous or successive processes in the data transmission and / or data processing, characterized in that the synchronization of the processes to different server and / or to different WEB pages, or even sessions (even of the same server) at the same time by forming a serial data loop on the server in question under a respective port number (or phone number), the data loop is closed via the Internet connection server concerned.
    • 58. Method according to one of the features 51 to 57, characterized in that the terminal (eg a mobile phone) used to form the data loop (eg via a telephone connection) at the coupling point of the data loop encodes the encryption data or data Obtains algorithm each from the transmission side, from which the code to be alienated (KODE) is obtained, which is given alienated in the other transmission side (according to this algorithm) and optionally (if necessary) for both Transmission directions are independent of each other, the alienation (encryption) via the coupling point looped codes with completely decoupled encryption data is done.
    • 59. The method according to any one of the features 51 to 58 with a mobile phone or a trained telephone as a terminal for the formation of the data loop, in particular in that the use of the preferred coupling for the preferred data loop (to / from the server) further includes the following data: a) the input of the address, or the name of a WEB page to be invoked in the client computer (via signal of the telephone line T- #), this via a plug-in software that supports the browser of the client computer CL directly, or via a relevant direct support of the Internet server can take place, b) the input / output of data to be sent via the data loop of the client computer CL from a telephone connection to a server or from a server to a telephone connection, in particular the check code (KODE) for checking the data loop, c) the implementation of an SMS received at the terminal of the telephone connection via the telephone line T- # (telephone or mobile phone), which correspond to a data code, or data, in a data stream via the data loop and the direct data connection of the client computer CL the server to be sent d) the conversion of an SMS received at the client computer, which correspond to a data code or data, into a data stream which is sent to the server via the data loop (on the client side CL) through the telephone connection (telephone or mobile phone), e) the alienation of the data loop received and re-transmitted code (KODE) such that the code obtained is changed (encrypted) according to an algorithm, which is reversed to restore the code (decryption) in the server, where the terminal (eg cell phone) relating to the data loop obtains the encryption data (or the open key) at the coupling point of the data loop from the transmission side from which the code (KODE) to be alerted is obtained, which is transferred to the other transmission side ( according to this algorithm) is given alienated further and optionally (if necessary) for both directions independently of each other the alienation (encryption) via the coupling point looped codes with completely decoupled encryption data is done.
    • 60. The method according to one of the features 51 to 59 with a mobile phone or a trained telephone as a terminal for the formation of the data loop, characterized in that the preferred coupling for the preferred data loop DS (to / from the server) via the following interface of the mobile phone or if necessary telephone apparatus takes place: 1) an acoustic coupling over the existing handset and microphone of the telephone. or mobile phone, possibly also another mobile phone and / or speakers / micro client computer, and / or 2) the coupling between mobile phone, if necessary, another mobile phone and a client computer via the existing infrared interface, and / or 3) the coupling between the mobile telephone and, if appropriate, also another and a client computer via already existing camera optics and for the opposite side of a corresponding brightness modulation (or color, etc.) of a graphical area (eg circle, square, Etc.), 4) the coupling via the SMS channel of the mobile phone, wherein the SMS is read in via the data coupling as a data stream (depending on the data direction), or read, 5) the establishment of the coupling via hardware and / or software switched connections, where instead of a user, if necessary, a server, the formation of the data loop DS instead of a client CL can vorehinen.
    • 61. The method according to any one of the features 51 to 60, characterized in that in the two alternatives mentioned, to form the data loop by a series circuit or parallel circuit provided for the purpose of checking the data loop code (KODE) instead of by the server by one of the both terminals, or possibly both, which are (s) used for the production of the data loop is generated and sent, the code is then returned by the server or is compared, the already mentioned possibilities for a comparison check of the code (KODE), as well as for alienation (encryption) and recovery (decryption) of the code by swapping the function of server and terminals to form the data loop DS with respect to the examination of the data loop DS by the code (KODE) (ie Swap from SERVER and DS in 2a , dito 2 B ), wherein the code comparison according to the application of said series connection or parallel connection is made at the server or at a respective terminal of the data loop DS.
    • 62. The method according to feature 61, characterized in that At the data terminal DS, which is closed via terminals of different networks (IT network, telephone network) concerned, the two variants mentioned execute a series connection or parallel connection simultaneously within the same data loop DS, And / or that the two variants mentioned perform the code comparison of the codes (KODE) transmitted via the data loop DS on the server side or on the side of the data loop DS closed via the terminals, with the alienation (encryption) possibly still being made (and adapted) , or recovery (decryption) of the code (KODE), simultaneously within the same data loop DS to carry out.
    • 63. The method according to one of the features 51 to 62, with a mobile phone, via which said data loop DS is formed, characterized in that the cell phone is designed so that in the (usually encrypted) sending sensitive data (such. A pin number, a fingerprint, a voice recognition, an iris interrogation, etc.) during the existence of the preferred data loop DS (checked via the CODE sent by the server) or while the data loop is being checked by the (KODE) to the respective one Server are sent, or that the mobile phone does not send the data to the server in question, if the check of the data loop (or the code KODE) negative.
    • 64. Method according to one of the preceding features, in particular according to feature 53, paragraph 1, for the purpose of calling a WEB page by dialing via the Internet connection existing further network (eg., Via a telephone network, etc.) in which the Connection to the server or to a group of further networked servers via a data loop DS produced at the calling subscriber (client CL, mobile phone or also another server, etc.) according to a method according to one of the features 51 to 63, characterized in that the address (or the name, etc.) of the WEB page to be called up from a relevant server (eg server 2) via the further network (eg via a telephone network) existing for the Internet connection and via the existing network Data loop DS to an existing at the Client CL Internet connection (eg, server 1) and transmitted to the present at the client CL Internet connection (eg., A WEB page) is fed, whereby the call of the subject WEB page (via client CL and / or its server connection).
    • 65. Method according to feature 64, characterized in particular a) that, for the purpose of calling a relevant WEB page, the relevant server (eg server 2) is dialed or called via the additional network existing for the Internet connection (eg via a telephone network, etc.), b) that the server (server 2) selected or called (eg via a telephone network) sends via the said data loop DS its call data via which it can be called in the network (Internet), c) via the Internet connection (eg server 1) into which the data loop DS at the client CL (eg via a further server 1) is fed in, from the client side via the further network (eg the one telephone network ), selected, or called server (server 2), is called on the Internet, or the server (server 1), which represents the Internet connection (in which the data loop DS is fed to the client CL) at the client CL, an Internet connection with the server to be called (server 2), via which and / or under that d) and that the feed (in server 1) made in feature 64 via the data loop DS, the coupling of which through the action still taken in paragraph c), the server ( Server 2) via the and / or under the participation of the relevant WEB page is to be called, the call via the Internet connection existing further network (z. B. via a telephone network, etc.) to the data loop DS for the purpose of feeding into the Internet (via the client CL) sends, whereby the data loop is made as such, between steps a) to d), if appropriate, the already mentioned further Steps, or measures in connection with the formation of said data loop DS are additionally made.
    • 66. A method according to feature 64 or 65, characterized in that the server via which the feed-through made by the data loop DS takes place (server 1), one or more WEB pages (as forms) holds in which the information of other WEB Pages (eg, the server 2) can be copied, dito the data input of the user in such a WEB page (the server 1) each to that WEB page (the server 2) is passed again, their information in the of the data input of the user affected (related) WEB page (form of the server 1) have been registered.
    • 67. A method according to feature 66 having feature 64 and / or feature 65, characterized in that the server (server 1) holding one or more WEB pages as forms into which the information of other WEB pages (e.g. the server 2) can be copied to the server (here the server 2), which holds the information as a source for this copy, or generates, from the server (server 1), which holds the forms, using the over the Said data loop T- # initiated assignment to the user, or to a current session, sends a message in which the address (or name) of the WEB page currently used for recording the copy (or as a form) is included What: a) the server (here the server 2), which provides the information as a source for the copy (using the over the said data loop T- # obtained assignment to the user, or to a current session) the server (here server 1) which copies the WEB page into a form to display it to the user under that name (this address), copies the WEB page (if necessary updated constantly) and opens a data interface to this WEB page in to record the web page user-entered data and reactions (mouse clicks, etc.); b) and the server (here the server 2), which supplies the information as a source for the copy (to the server 1), to said data loop DS (T- #) via the call mentioned in feature 65, paragraph d existing additional network (eg., Via a telephone network, etc.) sends, whereby the call of the respective WEB page to the Internet (terminal) via the client CL is entered (and represented by server 1 as a foreign side, but of Server 2 is generated anonymously).
    • 68. A method according to feature 67, characterized in that the (empty) WEB pages that are used (in server 1) for receiving as forms for the (by server 2) anonymously generated WEB pages selected by a random number generator and Switch call to call.
    • 69. A method according to feature 67 or 68, characterized in that the (empty) WEB pages that are used (in server 1) for receiving as forms for the (server 2) anonymously generated WEB pages, selected by a random number generator and during the presentation of the content of the relevant WEB pages, the name of the WEB page by from the currently displayed WEB page by program constantly (corresponding to a time interval) generated calls other WEB pages (which are manipulated as well as the current page displayed ), whereby: a) for each change of the name of the WEB page, the content of the currently displayed page WEB page is overwritten with a blank information, b) in preparation, respectively said protocol between the servers, the information of the WEB-Site and the server, the (blank) forms as blank WEB pages for the information to be provided, is handled (using the above-mentioned c) for each new copy a new form (under a new name) the display position of the on-screen data of the previously used form is stored, and the current new form in a window above the old window (whose information has been overwritten for the purpose of deletion) is displayed on the screen of the client CL, d) the old forms are always used with the overwritten for the purpose of deletion information for recording new copies , e) and that the permanent association between the software or database of the server and the current session of a user required by the constantly changing names of the WEB page is established by the preferred data loop over a further network (T- #), wherein possibly further such data loops that use regular Internet connections (and therefore do not incur any special costs, such as IT telephony, etc.) are kept constantly connected to the operations over data (codes) routed through the loops, to synchronize.
    • 70. The method according to one of the features 64 to 69, characterized in that the dialing of the telephone number, which triggers the call of a WEB page, by a robot, which is initialized by the usual call a corresponding (other) WEB page
    • 71. Method according to one of the preceding features, in particular according to feature 63, paragraph g, for the purpose of assigning the WEB page and a proof of payment received on the WEB side via purchase (eg of a printing unit, such as newspaper, book or even a Invoice, etc.), especially by the following method steps; When the user logs in using the data loop DS via the telephone line of his telephone number T- # (or mobile number) in the relevant WEB page, then takes place (in the server software) query, on this phone number T- # (as Database address) a the proof of payment, or print engine, etc. corresponding exemplary code "KODE_Zahlung" has already been entered and stored, for a new input of the code "KODE_Zahlung" the validity or authenticity is checked according to a specific algorithm or a table: a) if no such code "KODE_Zahlung" is stored under the established telephone number T- # (as database address), then the entry of such a code is required to gain access to the protected data; b) such a code "KODE_Zahlung" is already stored under the determined telephone number T- # (as database address), and if no new "KODE_Zahlung" is detected, then the user receives access to the protected data; c) as long as the user is to have access to the protected data, which may also (in the selection) refer to the "CODE_payment" (eg via a table of assignment to a particular publication date of a magazine, etc.) the "KODE_Zahlung" stored under the telephone number T- # (as the access address to the database position), otherwise he (for example, depending on the payment of fees or an expiring deadline, etc.) deleted (so that then the case a occurs) ; d) if a new code "KODE_Zahlung" is entered, then it will be stored under the telephone number T- # (as access address to the database position), whereby the old codes, if separate rights are to be obtained, are preserved, otherwise (if they do not have a separate Corresponding rights) (eg if the new code is only intended to extend an access period, etc.); e) Option: If step a) is tried several times under the same telephone number T- # without a valid code "KODE_Zahlung" being assigned or assigned to this telephone number T- #, then the server dials this number T- # for a certain time blocked to prevent blocking.
    • 72. Method according to one of features 51 to 71, characterized in that, in cooperation with at or on the terminal (s) via which the data loop DS is closed (client computer CL and / or telephone or mobile phone, etc .) as well as the server connected to the data loop DS, an alienation / encryption of the code (KODE) sent for checking the data loop DS between the sending point and the comparison point of the code with a corresponding regression of the code at the comparison point when sending internally before the alienation / encryption of the code the code sent over the mentioned different data paths (eg telephone and internet) is considered to be the same for both (or all used) data paths, and before the comparison of the code (am Comparison point) is brought by the decryption back to coincident.
    • 73. Method according to one of the preceding features, in particular according to feature 53, according to one of the paragraphs m, n, o, for the purpose of interposing a certification server (eg server II) for determining the delivery, logging and checking of a digital signature in Connection to any other (further) server (eg, server I) that handles the process to which the digital signature is to be delivered via the network to a client CL with the user (eg, a particular document which is to be electronically signed by the user, whereby the user receives or sends the document, eg receives an e-mail or sends a fax, etc., or to control / Registration of a general process, such. At a barrier, opening a lock, etc.), in particular, that said data loop DS is closed via two or more networked servers, or these servers are in the loop (comparable to a ring connection); - That for in conjunction with the on one or to the terminal (s), on which / which the data loop DS is closed (client computer CL and / or telephone or mobile phone, etc.) made data entry and with the on on the Data loop DS switched server alienation / encryption of the data loop conducted test codes (KODES), the Paramter (or the open key) for encrypting the data according to a matching algorithm for alienation or encryption and recovery or decryption of the test code (CODES ) is respectively forwarded via that data path (the ring connection) between the relevant server and the relevant terminal (which is connected to the server via the data loop DS and which is affected by the encryption / decryption), which has a direct connection to the server without this connection must be routed through the other server (s) e.
    • 74. Method according to one of the preceding features, in particular according to feature 53, according to one of the paragraphs m, n, o, for the purpose of interposing a certification server (eg server II) for determining the delivery, logging and checking of a digital signature in Connection to any other (further) server (eg, server I) that handles the process to which the digital signature is to be delivered via the network to a client CL with the user (eg, a particular document which is to be electronically signed by the user, whereby the user receives or sends the document, eg receives an e-mail or sends a FAX, etc., or to control / register a general process, such as e-mail at a gate, opening a lock, etc.), in particular by the following, if appropriate also in the order if required also modified method steps: a) the user selects the certification server (eg Serve r II) via the further data connection (z. B. telephone connection) via his telephone line T- # (or mobile phone) and closes on the Internet access (eg, a WEB page on the client computer CL) said data loop DS to a general server (eg I), which relates to the process to which the digital signature is to be delivered, e.g. B. the document to be signed as a WEB page generated, etc., should receive as an e-mail, or a mechanical access, such as a barrier controls, etc., (see also serial data loop DS = (2) in 1a . 1b , respectively. 7 ); as well as after receipt of a relevant command by the user, which corresponds to the intention to submit a digital signature (eg corresponding click on the WEB page, see "WEBX.com" of the server I), the server I checks whether the Certification Server (Server II) there is an IT connection between Server I and Server II, if not, then it opens, b) the certification server (Server II) sends the terminal to the data loop DS (here mobile phone), in his direct access to Terminal (here via the secure telephone connection T- #) the current input parameters to be used for the encryption of the certificate server (server II) for the purpose of checking the data sent over the data loop DS codes (KODE 2), the certification server (Server II ) on the networking of the certification server (Server II) with the general server (server I) on this back and in addition to the alienation (for the purpose of Verschlü in the terminal of the data loop DS, or mobile phone, in the mobile phone continue the user entered in the phone, only for the certification server (Server II) certain security data (such. Pin number, data from fingerprint, voice, iris, etc.) are added and sent by the mobile phone (in relation to the transmission to the server) continue encrypted via the data loop DS, b1) the direct access for the transfer of input parameters to use for encryption of the data loop DS routed and the certification server (server II) data in the mobile phone via the selected data path used for both the data loop DS closing data channels (here telephone network T- # and IT network) directly (directly ) for the certification server (server II), but not for the general server (server I), which uses the other, via the data loop DS of the mobile's switched data path (via the Internet, or the client computer CL) (see 8th ); c) the certification server (server II) examines the received code using the telephone number T-# obtained under the data loop in the following manner, using the general server (server I which is included in the data loop DS) for finding the further led code (KODE 2) the number T- # the associated telephone connection of this data loop for addressing (synchronization) of the WEB page match ("WEBX.com"), or the session for a by the general server (server I) displayed Document (on "WEBX.com") and the user's telephone number via the phone number T- #, or dialed by mobile phone WEB page (or service support) of the certification server (Server II) is used and the following operations occur: c1) It is checked whether I. Corresponds correctly to the received digital signature of the received telephone number (T #) in the database for the code (KODE 2) and II. The user belongs to the mobile of the telephone number T- # (corresponding to an entered pin Number, a fingerprint voice iris, or other examination of the user), III. Furthermore, using the synchronization between general server (server I) and certification server (server II) mentioned in step c), the document selected by the user via the general server is sent to the certification server (server II).
    • 75. A method according to feature 74, characterized in that prior to the submission of the digital signature on the certification server (server II) in step b, the user is provided the possibility to use a comparison service on the certification server (server II) to which the serving digital signature of the general server (server I) document, which the user has loaded on his client computer CL, with the document which identifies T-# (the general server server I) to the certification server (server II) in accordance with the information in c1, III from the general server (server I) has been sent in order to cancel the delivery of the digital signature upon detection of the mismatch, or to be able to send the signature when the match is found.
    • 76. The method according to feature 75, characterized in that the method step b is extended to supplement the certification server (server II) via the mobile phone further data, which, however, exclusively the general server (server I) are assigned, using said data loop Enter the DS, in the following procedure: the general server (server I) sends the terminal to the data loop DS (here mobile phone), in his direct access to the terminal (here the Internet connection via the client CL) the current input parameters to use for the encryption of from the general server (server I) for the purpose of checking the code sent by the data loop DS (code 1), the general server (server I) via the networking of the certification server (server II) with the general server (server I) receives over this back and that in addition to the alienation (for the purpose of encryption) at the terminal of Datensch DS (or mobile phone) in the mobile phone continues to be added by the user entered into the phone exclusively for the general server (server I) certain data and continue to be encrypted by the phone (in relation to the transmission to the server), the direct access for the transfer of the input parameters to the data in the mobile phone for use in encrypting the data loop DS and related to the general server (server I) concerned data is made about the choice of the data path used for both the data loop DS closing data channels, wherein the selected data path directly (here IT network) directly for the general server (server I), but not for the certification server (server H), which uses the other, via the data loop DS of the mobile's switched data path (here via the telephone network) (see. to 8th ).
    • 77. The method according to any of features 73 to 76, characterized in that the method is simplified in that the user forms the data loop DS twice, once by telephone dialing the general server (server I with data loop 1), the data loop DS then is closed on its WEB page and the server (I) checks the phone number T- # of the user (via CODE 1), and once again by telephone selection of the certification server (server II, with data loop 2), the data loop DS then is closed via the WEB page and the server (II) checks the telephone number T- # of the user (via CODE 2), or optionally the server I, which is integrated into the data loop 2 via its Internet connection IT to the server II, within the data loop 2 also carries out this test (via CODE 1).
    • 78. Method according to one of the features 73 to 77, characterized in that the certification server (server II) is networked to update its files concerning the comparison pattern with a central computer, the comparison pattern in addition to the usual addressing among the personal data (master data) of the relevant Persons can still be addressed under the mobile phone number T # used for the data loop DS when logging.
    • 79. Method according to one of the features 74 to 78, characterized in that via said data loop (via the cell phone or the telephone number T- # of the user) in the transmission of the guided over the loop test codes (KODE) and the data, which the digital signature (signature), or the identification of the user correspond (PIC) to the concerned, stored in the general server document, with the encryption data or signature data further encryption, or check codes that affect the document (eg line-by-line determination of checksums, ditto checksums, etc.), from the general server to the certification server.
    • 80. Method according to one of the preceding features, characterized in that the method is used for determining the connection connections of a telephone connection which is established via the Internet, whereby a further connection (for example a standard connection switched over the dialing network) is used to form the said data loop DS to determine the connections (telephone numbers) of callers and / or called T- # and the data code used for this (KODE) for checking the data loop over the Internet telephone connection is passed.
    • 81. Method according to one of the features 73 to 80, characterized in that the delivery of a digital signature to an electronic message sent by an arbitrary computer (client CL) or to be sent, such as an e-mail or a FAX, etc., as well as proof of sending this message (e-mail, fax, etc.) in the following way: The message (e-mail, FAX, etc.) is sent by the sender using the said data loop DS, possibly in connection with the device for delivering a digital signature (mobile phone) to the certification server (in any form, eg also only as e-mail), from which it will be sent to the addressee in the form specified by the sender (eg as FAX) after receiving the electronic signature for this document, whereby the certification server sends an (possibly encrypted) Copies and archives the copy of the document and / or a copy of the important accompanying data for the document (key, sender, addressee, date, etc.) or, if appropriate, issues the sender an attestation of the process, this certification possibly using the features of a method and an arrangement / device according to any one of features 82 to 93.
    • 82. The method according to one of the features 72 to 81 or in its own application with a Zeritifizierungsserver, characterized in that the certification server (server II) receive the digital signatures and the associated documents and / or their test data, etc., each on an external Chip ( 30 ), which is executed according to the prinizip of a chip card, but from a roll ( 70 ), which a corresponding carrier material ( 10 ) with tear-off labels (self-adhesive paper labels 10 or 11, plastic film, etc.), the device ( 61 ) for coupling the chip (write-read interface with ohmic and / or capacitive contacts 56 , etc.) is supplied.
    • 83. Device for method according to feature 82, characterized in that the chips each (optionally also a thin plastic card or a ceramic plate for reinforcing material) on a paper roll (including thermal paper, etc.), which a self-adhesive layer and a, a label division corresponding Abrißperforation (Punching, etc.), has, in each case provided on each label chip (possibly also chip pair with double backup) are applied.
    • 84. Device for method according to feature 82 or 83, characterized in that the device ( 61 ) with the read / write interface ( 56 ) for the chips ( 30 ) continue to have a printer 114 (eg, thermal printer, or dot matrix printer, etc.) which prints a code corresponding to a document (for example, scanned by an optical hand-held reader and the one on the chip label 11 labeled can be compared).
    • 85. An arrangement according to any one of features 82 to 84, characterized in that the chip label ( 30 . 10 respectively. 11 ) a seal (eg Notarsiegel 20 ) is glued, in which optionally (if the chip 30 via ohmic contacting and not via capacitive contacting for reading), a window ( 22 ) is provided for placing ohmic contacts.
    • 86. Device for method according to feature 85, characterized in that the ohmic contact for reading the on a document on the preferred adhesive strip (or possibly also directly) glued chips by resilient contact pins ( 56 ), which in a cartridge stamp housing ( 50 . 51 ) are housed and by the vertical downward from the user made handle operation ( 50 On the chip) are pressed and housed in the Kassempelstempelgehäuse the electronics with a wireless interface to the interface for a computer (server, reader, etc.), where appropriate, said seal (or label) a mark ( 21 ) for placing the stamp (or see also Mark m for seal and label).
    • 87. Device according to feature 86 or in general application for the reading of a chip card designed according to a chip, characterized in that the attachment of the resilient contact pins with the entire electronics and the battery holder are mounted in the handle, and that the handle by unlocking for the purpose the battery replacement can be deducted.
    • 88. A device according to feature 86 or 87, characterized in that using a comparable mechanism, which in a cartridge stamp generates the rotation of the stamp surface (for receiving the ink) rotates instead of the stamp surface of the rotor of a generator, the energy for reading of the chip and the data to be transmitted, wherein the stator is attached to the linearly moved by the giff movement axis point.
    • 89. Device according to feature 88, characterized in that a permanent magnet rotates, which generates the required voltage on a stator coil attached to the longitudinal guide of the mechanism (as a generator coil), which capacitor (eg gold capacitor, etc.) for generating the Supply voltage charges.
    • 90. Device according to one of the features 86 to 89, characterized in that in addition to the said spring pins for the Kontaktabgriff still a stamp ( 100 ) is provided, which is also linearly moved by the handle movement, said punch fixed (ie, not rotating or with an axis that is driven by the linear movement of the handle, can be rotating).
    • 91. Method according to one of the preceding features for the transmission of a signal corresponding to a digital signature (eg also with integration of said certification server to any other general server), in particular that as another document (or an e-mail, completed form, etc.) an amount shown on the relevant WEB page of the general server must be signed by the user including the certification server for the purpose stated on this WEB page, this amount being then deducted from the telephone charge or another from the user paying fee (Internet access, broadcasting fees, etc.) or from a bank account of the user, etc. is deducted and the nature of the charge z. B. on the certification server can be selected (where it is also registered).
    • 92. A method according to feature 91, or any of the preceding features, wherein a certification server and a general server pass through the user's preferred data loop DS (data loop 2) to the terminal (eg, cell phone) over which the user closes the data loop in particular, that the service to be paid via the general server is described in a document which is transmitted to the certification server when receiving the digital signature (eg via the user's mobile phone), where appropriate the certification server sends another name identifier via the data loop DS, which is checked by the terminal (eg mobile phone) over which the user closes the data loop before it sends the code corresponding to the digital signature to the certification server.
    • 93. Method with the device according to one of the features 81 to 92 or in its own application, characterized in that on the certification server the certified documents are stored in encrypted form, that the key for decrypting the document is assigned to the said document provided with a digital signature ( external) chip is stored (which is located for example on a printed document under a Notarsiegel, etc.) and which via a respective contacting device (see contact stamp) to the certification server directly or via a data network (eg Internet with preferred data loop DS), whereby the user has to enter his authorized signature as a digital signature (eg via a mobile phone and a client CL connection), thereby decrypting the document using the key stored on the (external) chip can be made.
    • 94. Method according to one of the preceding features, in which a data loop DS is formed into a server via a terminal (eg a mobile phone), wherein via the operating function the selection / production of this data loop (also by a client computer which continues to be used CL autonomously sent control signal, etc.) is registered, characterized in that from the beginning of where this data loop is initialized in the terminal (or mobile phone) an expiry time is started, within which the server must send its name identifier to the mobile phone If this is not the case, the phone displays a warning acoustically or visually (in contrast to the positive confirmation when the server is detected).
    • 95. Method according to one of the preceding features, characterized in that the runtime is measured for the code signal transmitted by the server and returned via the data loop DS (as series connection) in order to measure the temporal properties of the connection and (possibly also in conjunction with Other applications) corresponding time compensation measures between the different maturities of different compounds, where appropriate, the timing can also be done on the client CL on the data loop DS as a measured time difference of the duration of a server from these connections to the DS sent codes according to a parallel connection.
    • 96. Device according to one of the features 86 to 90, characterized in that over the linear movement of the handle ( 50 ) a strobe signal is generated (eg detected by two light barriers or capacitive sensors provided in series, other sensors, also by a generator voltage G induced during the linear movement of the handle, etc.), which indicates the operation of the handle downwards and (if necessary after a delay time, etc.) in the electronics initialized a test which tests the contacting of the chip and that initialized by this initialization the connection to the computer (to the interface) and the transmitting part, possibly also the receiving part of the chip is turned on, which otherwise , or upon detection, a linear movement of the handle up, is turned off again.
    • 97. Device according to feature 96, that in battery operation, the relevant sensor for detecting a linear movement of the handle down, is pulsed to standby mode, where the stamp is not operated is to save power, where appropriate, after switching on the electronics (initialization), the sensor (for later detection of the shutdown) constantly (ie not pulsed) is active.
    • 98th feature deleted
    • 99th feature omitted
    • 100th feature deleted
    • 101. Method according to one of the preceding features, or method, in which via a further network (telephone network T- #, mobile phone network T- #, radio network, IT telephone combined with wired trunk T- # a dialer, etc.) in addition is closed to an IT network (or to an alternative network such as intranet, etc.) a data loop DS on the respective terminals of the networks used, by a sent over the data loop DS code (KODE), the assignment of the terminals concerned subscriber lines T- # to any server processes, such as. B. addresses of WEB pages, or even from different server processes to each other, on the port number (eg telephone number T- #) of the relevant other network to make, possibly with different options, In which the coupling is carried out by the client CL made data loop server / terminals (eg, IT, WEB + phone to / from the server) as a series circuit, in which a sent from the server via the data path code (KODE) on the data loop DS (in the case of client CL via its terminals) is routed back to the server via the other data path and the server checks the transmitted code (KODE) with the returned one for consistency, - If necessary, the data loop DS is also made as a parallel connection, in which a code (KODE) transmitted by the server via both data paths is checked via the terminals present at the client CL, wherein the check is performed via a coupling of the data paths (as data loop DS) in one the end devices (eg in a mobile phone, etc.) of the user takes place, - Where appropriate, in both cases series connection and / or parallel circuit further alienation (encryption) and recovery (decryption) of the code (KODE) is preferred to prevent manipulation by attackers, in that the method is used as access protection to computer software of an internal or external server to workstations or client CL computers, wherein in the configuration of the access protection instead of or in addition to a password, a telephone number T- # is configured as access protection, which the used connection (eg telephone connection T- # of a mobile phone) for said data loop DS corresponds, but which of the said generated by the server KODE (monitoring code of the data loop DS) is passed (or must be conducted) so that the access authorization is recognized ,
    • 102. Method according to the preamble and / or the characterizing part of feature 101, characterized in that the mobile phone or terminal (also telephone), via which said data loop DS is closed and which can receive an SMS from the server, has a data converter, the SMS received by the server is converted into a serial data signal, which is routed via the coupling (acoustic, infrared, optical, etc.) of the preferred data loop DS via a corresponding terminal (eg client CL) of the networks used.
    • 103. Method according to feature 102, characterized in that the method proceeds in the following steps: a) the server calls on request (eg, by input via a client CL or a workstation) to the user who wants to form the data loop DS on his mobile phone (or terminal, telephone, etc.) and sends to the mobile or terminal SMS, possibly for this initialization (as an option) by the user a password must be entered; b) the user, using the function mentioned in feature 102, forms the data loop DS by sending the data serially converted by the SMS through said coupling or formation of the data loop DS to the server (optionally) using encryption / Decoding the code, c) the server checks the data generated by him and the data loop led code (KODE) and possibly also on the data loop, or continue via the phone (or terminal) entered data (personal data of the user, such as voice profile, fingerprint, iris Image acquisition, etc.), which may also be encrypted with the code (KODE) passed over the data loop, d) the server recognizes all the data it has received about the data loop as correct, then it uses the recognized network connection (phone number T- # of the mobile phone, etc.) for the intended purpose (access detection, assignment of data or other Server processes, etc.).
    • 104. A method according to feature 103, characterized in that the SMS sent to the user's terminal or mobile phone contains a message indicating to the user the use of the received SMS to form the data loop DS, the server communicating to this SMS still adds the check code (KODE), optionally separated by a control character sequence, and further optionally recognizes a code or control character (sender telephone number, etc.), which recognizes the SMS as a code used for the preferred data loop DS, this code ( CODE) as text does not display (option), or possibly an encryption before the forwarding over the coupling interface of the data interface carries out (option).
    • 105. Method according to one of the preceding features (possibly also only according to the preamble thereof), in particular in that the following method is used for the purpose of checking a fingerprint: - It is used a camera optics shallow depth of field, The fingerprint picked up via the camera (from the finger) is picked up by the recording optics at different distances from the finger, the shots being in different positions (eg from the inside to the outside, etc.) Due to the small depth of field and the curvature of the finger .) have different sharp and blurred image areas, - It is the change in distance, or the distance of the finger relative to the receiving optics measured and compared with the sharp or blurred areas of the image so that it can be concluded that the curvature of the finger, - the curvature of the finger is taken into account in the evaluation of the fingerprints.
    • 106. Arrangement for performing a method according to feature 105, characterized in that a movable against the receiving optics (sliding) transparent support surface is provided for the respective finger, via which the fingerprint is recorded and that the displacement of the surface is measured by a sensor ( Eddy current sensor, or optical gap measurement, reflection measurement, etc.).
    • 107. Arrangement according to feature 106, characterized in that a mirror system, the optics, which receives the fingerprint, is passed to the receiving surface of a camera already present recording chips, wherein by cover slide either the image of the fingerprint or a picture taken on the camera optics on the image capture chip only (by darkening the other image) is projected.
    • 108. A method according to feature 105, optionally arranged according to feature 106, characterized in that the server transmits to the mobile an instruction (eg via the display) which indicates to the user whether he (slowly) tightens his finger or less more firmly to the receiving surface (against their spring travel) has to push, the server (this obtained via the measured displacement) movements together with the resulting over the image blur test and thus composed over several images only at different points sharp image parts, on the one hand On the other hand, to check the fingerprints, to verify the authenticity that the fingerprint is entered on a real finger and in real time (in accordance with the instructions given by the server).
    • 109. Arrangement for recording an iris on a mobile phone with a digital camera, in particular with an optical system to enlarge an image section by changing the distance between the lens and the image-taking surface, especially through a small mirror in which the user can see himself in a small image section, wherein the user holds the phone so that his eye is visible in the mirror, wherein the mirror is adjusted so that the image detail displayed in the center of the mirror is taken enlarged by the camera to record the iris as a camera image.
    • 110. Arrangement for recording an iris on a mobile phone with a digital camera, in particular in that the server sends a message to the mobile phone, which indicates to the user when he should wink with his eyes, so that the server the authenticity of the test in addition to the stored image pattern can be verified by Measuring the reaction time from the time of issuing the visually and / or acoustically issued request to the authenticity of detecting the movement documented via a video recording of the user, - and continue to determine via an image analysis, whether the video image, the movements seamlessly, - As well as the usual evaluation with respect to the recognition file by image analysis of the characteristics of the iris are made.
    • 111. Arrangement according to one of the features 105 to 110, or for an image acquisition for scanning / Eigabe personal characteristics for a method according to one of the features 101 to 104 (possibly even only after the preamble), in particular, that the chip used for image acquisition , or video recording, from which features for the recognition of the user's personal data are to be extracted (the image data being transmitted to the server or a server for checking), said code sent via the preferred data loop DS for encryption of the data output from the chip used directly or in further connection with open key transmitted via one of said networks, wherein the encrypted image data are already directly read out of the chip in order to avoid the injection of incorrect image data and by the one used for the encryption (eg as a parameter) , generated by the server and over the data loop sent code (KODE), which may continue to be encrypted (sent by the server), safe is made that the image data at this time where the server receives, are actually taken up by the chip (for image capture).
    • 112. Method according to one of the preceding features, in particular according to the preamble of feature 101, with a chip for a respective terminal via which the data loop DS is closed (eg a chip card read / write device networked with an IT network) and via which particular data is input (for example the chip or microcontroller of the device via which the interface to the chip of the chip card is produced), in particular in that the chip sends the said code, which has been sent via the preferred data loop DS, for encryption from the Chip output data is used directly or in further connection with over one of the said networks transmitted open key, wherein the encrypted data are already read directly from the chip to avoid the feeding of false data (including signatures, etc.) and by the for the encryption (eg as parameter) used by the server and code (KODE) sent over the data loop, which may continue to be encrypted (sent by the server), ensures that the data has actually been generated by the chip at this point in time where the server receives it.
    • 113. The method according to feature 101 or only according to the preamble of feature 101, wherein a mobile phone on request by the user, for. B. by entering a name or a password, or directly a telephone number T- #, from a server in question (for example, the page for logging on the client computer CL or a workstation represents) an SMS is sent immediately especially in that the SMS generated by the server, or sent (possibly encrypted sent) code number KODE corresponds and is taken over the WEB camera of the client computer CL in the client computer as an image and the server is transmitted, optionally in the client Computer CL via an appropriate software (eg Java applet, etc.) is a alienation, or encryption of the code before returning to the server (which is decrypted in the server before the code comparison again).
    • 114. The method according to feature 102 or 103 or feature 113, characterized in that the sending of the SMS from the server a time-out is started after its expiry of the transfer of the data contained in the SMS sent by the server code KODE in the data loop DS (or for evaluation by the server) is no longer possible.
    • 115. Method according to one of the preceding features, in particular (also) according to the (standalone) preamble of feature 101, characterized in that said paramters ($ S1, $ S2 ... $ Sn) for the in the terminals (z. B. Cell) each made encryption of the data loop DS sent and used to identify the loop code (KODE's), each via the other data channel, as that over which the code (KODE) is transmitted (eg server via IT → Client CL via DS Connection → Mobile → T- # → Server as one direction, or server via T- # → Mobile phone via DS coupling → Client CL → Server as another direction, ditto possibly vice versa).
    • 116. The method according to feature 115, characterized in that said paramters ($ S1, $ S2 ... $ Sn) for the in the terminals (eg mobile phone) each made encryption of the data loop DS sent and for identification The code used in the loop (KODE's) still contain encrypted information, which includes the assignment of codeblocks (characters, etc.) concerning the parameter ($ S1, $ S2 ... $ Sn) transmitted to the identification of the loop (from the server send out) code elements (KODEs) (wordwise, also bitwise, etc.).
    • 117. The method according to feature 115 or 116, characterized in that said paramters ($ S1, $ S2 ... $ Sn) for the in the terminals (eg mobile phone) each made encryption of the data loop DS sent and codes used to identify the loop (KODE's) further contain encrypted information, which the assignment of the parameter blocks ($ S1, $ S2 ... $ Sn) corresponding codeblocks (characters, etc.) to the respective current direction of transmission of the identification the code used (sent by the server) code elements (KODE's) control (wordwise, also bitwise, etc.) the respective terminals (eg mobile phone and client CL) show, or (in accordance with the server with control), where optionally at full duplex in the non-indicated direction, a dummy code (dummy code) may continue to be transmitted (which is not rated) to fool an attacker.
    • 118. Method according to one of the features 115 to 117, characterized in that the said parameters ($ S1, $ S2 ... $ Sn) continue to be used for the encryption carried out in the terminals (eg mobile phone) as well as possibly in the server Contain (encrypted) control information indicating whether they have been generated in the server or in one of the terminals according to a predetermined algorithm (possibly also at times that are determined by random generator) self-sufficient, so that using this control information, the others in the data loop DS provided devices (or even server, etc.) on it and can address the associated decryption algorithms.
    • 119. The method according to one of the features 115 to 118, characterized in that said paramters ($ S1, $ S2 ... $ Sn) for the in the terminals (eg mobile phone) and possibly in the server made encryption alternately via different data paths of the data loop DS (telephone connection T #, ditto IT connection or intranet connection, etc.) the respective devices located in the data loop DS (terminals such as mobile phone, telephone, client CL, server, also several networked servers, etc.) be sent and decoded according to a secret protocol (for individual recognition of $ S1, $ S2 ... $ Sn, etc.)
    • 120. Method according to one of the preceding features, characterized in that a cell phone used for the formation of the data loop or a similar device, etc. with one or more of said inputs of personal user features such as fingerprint recognition, iris recognition, voice recognition, etc., whose Data is secured by the preferred measures within the preferred data loop DAS, used as a passport or passport (driver's license, etc.).
    • 121. Headphones for a mobile phone or for general use, characterized in that the headphones are fixed directly inside or on extended earmuffs of a headband.
    • 122. headband with headphones by feature 121, characterized in that an RF interface to the power supply (amplifier) of the headphones is provided, said interface (with battery holder) is fixed to the rear center of the headband.
    • 123. Feature omitted.
    • 124. Feature deleted.
    • 125th Feature deleted.
    • 126th Feature deleted.
    • 127th feature deleted.
    • 128th Feature deleted.
    • 129. Feature deleted.
    • 130th Feature deleted.
    • 131. Method according to one of the preceding features, or method, in which via a further network (telephone network T- #, mobile phone network T- #, radio network, IT telephone combined with wired trunk T- # a dialer, etc.) in addition is closed to an IT network (or to an alternative network such as intranet, etc.) a data loop DS on the respective terminals of the networks used, by a sent over the data loop DS code (KODE), the assignment of the terminals concerned subscriber lines T- # to any server processes, such as. B. addresses of WEB pages, or even from different server processes to each other, on the port number (eg telephone number T- #) of the relevant other network to make, possibly with different options, In which the coupling is carried out by the client CL made data loop server / terminals (eg, IT, WEB + phone to / from the server) as a series circuit, in which a sent from the server via the data path code (KODE) on the data loop DS (in the case of client CL via its terminals) is routed back to the server via the other data path and the server checks the transmitted code (KODE) with the returned one for consistency, - If necessary, the data loop DS is also made as a parallel connection, in which a code (KODE) transmitted by the server via both data paths is checked via the terminals present at the client CL, wherein the check is performed via a coupling of the data paths (as data loop DS) in one the end devices (eg in a mobile phone, etc.) of the user takes place, - Where appropriate, in both cases series connection and / or parallel circuit further alienation (encryption) and recovery (decryption) of the code (KODE) is preferred to prevent manipulation by attackers, in that the method is used as access protection to computer software of an internal or external server to workstations or client CL computers, wherein in the configuration of the access protection instead of or in addition to a password, a telephone number T- # is configured as access protection, which the used connection (eg telephone connection T- # of a mobile phone) for said data loop DS, via which said, generated by the server KODE (monitoring code of the data loop DS) is passed (or must be conducted) so that the access authorization is detected ,
    • 132. Method according to the preamble and / or the characterizing part of feature 131, characterized in that the mobile phone or terminal (also telephone), via which said data loop DS is closed and which can receive an SMS from the server, has a data converter, the SMS received by the server is converted into a serial data signal, which is routed via the coupling (acoustic, infrared, optical, etc.) of the preferred data loop DS via a corresponding terminal (eg client CL) of the networks used.
    • 133. A method according to feature 132, characterized in that the method proceeds in the following steps: e) the server calls on request (eg, by input via a client CL or a workstation) the user who wants to form the data loop DS via his mobile phone (or terminal, telephone, etc.) and sends to the mobile or terminal SMS, possibly for this initialization (as an option) by the user a password must be entered; f) the user, using the function mentioned in feature 132, forms the data loop DS by sending the data serially converted by the SMS through the said coupling or formation of the data loop DS to the server (optionally) using encryption / Decryption of the code, g) the server checks the data generated by him and the data loop conducted code (KODE) and possibly also on the data loop, or continue on the phone (or terminal) entered data (personal data of the user, such as voice profile , Fingerprint, iris image recording, etc.), which are optionally also encrypted with the code (code) passed over the data loop, h) the server recognizes all data that it has received about the data loop as correct, then it uses the recognized network connection (Tel. Number T- # of the mobile phone, etc.) for the intended purpose (access detection, assignment of data or even to their server processes, etc.).
    • 134. A method according to feature 133, characterized in that the SMS sent to the terminal, or to the user's mobile phone contains a message indicating to the user the use of the received SMS to form the data loop DS, the server to this SMS still adds the check code (KODE), optionally separated by a control character sequence, and further optionally recognizes a code or control character (sender telephone number, etc.), which recognizes the SMS as a code used for the preferred data loop DS, this code ( CODE) as text does not display (option), or if necessary an encryption before the forwarding over the coupling interface of the data interface carries out with (option).
    • 135. Method according to one of the preceding features (possibly also only according to the preamble thereto, in particular by the fact that the following method is used for the purpose of checking a fingerprint: - It is used a camera optics shallow depth of field, The fingerprint picked up via the camera (from the finger) is picked up by the recording optics at different distances from the finger, the shots being in different positions (eg from the inside to the outside, etc.) Due to the small depth of field and the curvature of the finger .) have different sharp and blurred image areas, - It is the change in distance, or the distance of the finger relative to the receiving optics measured and compared with the sharp or blurred areas of the image so that it can be concluded that the curvature of the finger, - the curvature of the finger is taken into account in the evaluation of the fingerprints.
    • 136. Arrangement for carrying out a method according to feature 135, characterized in that a movable against the receiving optics (sliding) transparent support surface is provided for the respective finger, via which the fingerprint is recorded and that the displacement of the surface is measured by a sensor ( Eddy current sensor, or optical gap measurement, reflection measurement, etc.).
    • 137. Arrangement according to feature 136, characterized in that a mirror system, the optics, which receives the fingerprint, is passed to the receiving surface of a camera already existing recording chips, wherein by cover slide either the image of the fingerprint or a picture taken on the camera optics on the image capture chip only (by darkening the other image) is projected.
    • 138. A method according to feature 135, optionally arranged according to feature 136, characterized in that the server transmits to the mobile an instruction (eg via the display) which indicates to the user whether he (slowly) tightens his finger or less more firmly to the receiving surface (against their spring travel) has to push, the server (this obtained via the measured displacement) movements together with the resulting over the image blur test and thus composed over several images only at different points sharp image parts, on the one hand On the other hand, to check the fingerprints, to verify the authenticity that the fingerprint is entered on a real finger and in real time (in accordance with the instructions given by the server).
    • 139. Arrangement for recording an iris on a mobile phone with a digital camera, in particular with an optical system to enlarge an image section by changing the distance between the lens and the image-taking surface, especially through a small mirror in which the user can see himself in a small image section, wherein the user holds the phone so that his eye is visible in the mirror, wherein the mirror is adjusted so that the image detail displayed in the center of the mirror is taken enlarged by the camera to record the iris as a camera image.
    • 140. Arrangement for recording an iris on a mobile phone with a digital camera, in particular in that the server sends a message to the mobile phone, which indicates to the user when he should wink with his eyes, so that the server the authenticity of the test in addition to the stored image sample by measuring: - the reaction time from the time the visually and / or acoustically issued prompt is issued to the authenticity of detecting the movement documented via a video capture of the user, - and further determines, via an image analysis, whether the video image has the movements - pass over the usual evaluation with respect to the recognition file by image analysis of the characteristics of the iris.
    • 141. Arrangement according to one of the features 135 to 140, or for image acquisition for scanning / Eigabe personal characteristics for a method according to one of the features 131 to 134 (possibly even only after the preamble), characterized in particular that the chip used for image acquisition , or video recording, from which features for the recognition of the user's personal data are to be extracted (the image data being transmitted to the server or a server for checking), said code sent via the preferred data loop DS for encryption of the data output from the chip used directly or in further connection with open key transmitted via one of said networks, wherein the encrypted image data are already directly read out of the chip in order to avoid the injection of incorrect image data and by the one used for the encryption (eg as a parameter) , generated by the server and over the data loop sent code (KODE), which may continue to be encrypted (sent by the server), it is ensured that the image data at this time, where the server receives, are actually taken up by the chip (for image capture).
    • 142. Method according to one of the preceding features, in particular according to the preamble of feature 131, with a chip for a respective terminal via which the data loop DS is closed (eg a chip card read / write device networked with an IT network) and via which particular data is input (for example, the chip or microcontroller of the device, but the interface to the chip of the chip card is made), in particular that the chip said code sent over the preferred data loop DS for encryption of the Chip output data is used directly or in further connection with over one of the said networks transmitted open key, wherein the encrypted data are already read directly from the chip to avoid the feeding of false data (including signatures, etc.) and by the for the encryption (eg as parameter) used by the server and code (KODE) sent over the data loop, which may continue to be encrypted (sent by the server), ensures that the data has actually been generated by the chip at this point in time where the server receives it.
    • 143. Method according to feature 131 or even only according to the preamble of feature 131, wherein a mobile phone on request by the user, for. B. by entering a name or a password, or directly a telephone number T- #, from a server in question (for example, the page for logging on the client computer CL or a workstation represents) an SMS is sent immediately especially in that the SMS generated by the server, or sent (possibly encrypted sent) code number KODE corresponds and is taken over the WEB camera of the client computer CL in the client computer as an image and the server is transmitted, optionally in the client Computer CL via an appropriate software (eg Java applet, etc.) is a alienation, or encryption of the code before returning to the server (which is decrypted in the server before the code comparison again).
    • 144. Method according to feature 132 or 133 or by feature 143, characterized in that with the sending of the SMS from the server a time-out is started, after their expiry, the transfer of the data contained in the SMS sent by the server code KODE in the data loop DS (or for evaluation by the server) is no longer possible.
    • 145. Method according to one of the preceding features, in particular (also) according to the (stand-alone) preamble of feature 131, characterized in that said paramters ($ S1, $ S2 ... $ Sn) for the in the terminals (z. B. Cell) each made encryption of the data loop DS sent and used to identify the loop code (KODE's), each via the other data channel, as that over which the code (KODE) is transmitted (eg server via IT → Client CL via DS Connection → Mobile → T- # → Server as one direction, or server via T- # → Mobile phone via DS coupling → Client CL → Server as another direction, ditto possibly vice versa).
    • 146. Method according to feature 145, characterized in that said paramters ($ S1, $ S2 ... $ Sn) for the encryption of the data loop DS sent in the terminals (eg mobile phone) and for identification The loop still used codes (KODE's) contain encrypted information which controls the allocation of codeblocks (characters, etc.) relating to the parameters transmitted ($ S1, $ S2 ... $ Sn) to the code elements (KODEs) used by the identification of the loop (sent by the server) , also bitwise, etc.).
    • 147. A method according to feature 145 or 146, characterized in that said paramters ($ S1, $ S2 ... $ Sn) for the in the terminals (eg mobile phone) each made encryption of the data loop DS sent and codes used to identify the loop (KODE's) further contain encrypted information, which the assignment of the parameter blocks ($ S1, $ S2 ... $ Sn) corresponding codeblocks (characters, etc.) to the respective current direction of transmission of the identification the code used (sent by the server) code elements (KODE's) control (wordwise, also bitwise, etc.) the respective terminals (eg mobile phone and client CL) show, or (in accordance with the server with control), where optionally at full duplex in the non-indicated direction, a dummy code (dummy code) may continue to be transmitted (which is not rated) to fool an attacker.
    • 148. Method according to one of the features 145 to 147, characterized in that the said parameters ($ S1, $ S2 ... $ Sn) continue to be used for the encryption carried out in the terminals (eg mobile phone) and possibly also in the server Contain (encrypted) control information indicating whether they have been generated in the server or in one of the terminals according to a predetermined algorithm (possibly also at times that are determined by random generator) self-sufficient, so that using this control information, the others in the data loop DS provided devices (or even server, etc.) on it and can address the associated decryption algorithms
    • 149. Method according to one of the features 145 to 148, characterized in that the said parameters ($ S1, $ S2 ... $ Sn) alternate for the encryption carried out in the terminals (eg mobile phone) and optionally in the server via different data paths of the data loop DS (telephone connection T #, ditto IT connection or intranet connection, etc.) the respective devices located in the data loop DS (terminals such as mobile phone, telephone, client CL, server, also several networked servers, etc. ) and decoded according to a secret protocol (for individual recognition of $ S1, $ S2 ... $ Sn, etc.)
    • 150. The method according to one of the preceding features, characterized in that a cell phone used for the formation of the data loop or a similar device, etc. with one or more of said inputs of personal user features such as fingerprint recognition, iris recognition, voice recognition, etc., whose Data is secured by the preferred measures within the preferred data loop DAS, used as a passport or passport (driver's license, etc.).
    • 151. Method according to one of the preceding features or according to the preamble of feature 131, characterized in that the running time of the user (or client CL) through a corresponding coupling between the respective terminals (eg client computer CL and telephone, or mobile phone or possibly between two mobile phones, etc.) closed data path is measured over the Koppelweg and is evaluated as a criterion, whether in this Koppelweg an unauthorized intermediary network is located (the server then breaks off, if so).
    • 152. Method according to feature 151, characterized in that a) the measurement of the transit time takes place with a time measuring device provided in the data receiver (E), based on a time known to the data receiver (E) when the signal is sent by the data transmitter (S), b) or the measurement of the transit time with a time transmitter provided in the data transmitter (S) takes place, based on an acknowledgment signal, which the data receiver (E) transmits on receipt of the signal to the data transmitter (S).
    • 153. Method according to feature 152, feature a, characterized in that the clock of the data transmitter (S) by a from the data receiver (E) via the bidirectional data path of the coupling path (or the coupling path) to the data transmitter (S) sent out set signal coincident with the clock of the data receiver (E) is set, whereby, due to the duration of the coupling path (or the coupling path), the clock of the data receiver (E) then proceeds to the clock of the data transmitter (S) and that via a protocol agreement in Data transmitter (S) and in the data receiver (E) a time is agreed to the data transmitter (S) to the data receiver (E) sends a measuring signal (or data) whose time of arrival at the data receiver (K) in the data receiver (E) based on the previously agreed by protocol dispatch time of the data transmitter (S) as the transit time for the round trip of the data over the coupling path (or the coupling path) is measured.
    • 154. Method according to feature 152, feature b, in particular in that the data receiver (E) sends the data transmitter (S) an acknowledgment signal via the coupling path (or via the coupling path) upon arrival of the data, by means of which one in the data transmitter (S) made timing, with respect to the acknowledgment signal, the transit time for the outward and return path of the data over the coupling path (or the coupling path) measures.
    • 155. Headphones for a mobile phone or for general use, in particular in that the headphones are fixed directly inside or on extended earmuffs of a headband.
    • 156. Headband with headphones according to feature 151, characterized in that an RF interface to the power supply (amplifier) of the headphones is provided, this interface (with battery holder) is fixed to the rear center of the headband.
    • 157. Feature deleted.
    • 158. Feature omitted.
    • 159. Feature deleted.
    • 160th Feature deleted.
    • 161. Method according to one of the preceding features, or method, in which via a further network (telephone network T- #, mobile phone network T- #, radio network, IT telephone combined with wired trunk T- # a dialer, etc.) in addition is closed to an IT network (or to an alternative network such as intranet, etc.) a data loop DS on the respective terminals of the networks used, by a sent over the data loop DS code (KODE), the assignment of the terminals concerned subscriber lines T- # to any server processes, such as. B. addresses of WEB pages, or even from different server processes to each other, on the port number (eg telephone number T- #) of the relevant other network to make, possibly with different options, In which the coupling is carried out by the client CL made data loop server / terminals (eg, IT, WEB + phone to / from the server) as a series circuit, in which a sent from the server via the data path code (KODE) on the data loop DS (in the case of client CL via its terminals) is routed back to the server via the other data path and the server checks the transmitted code (KODE) with the returned one for consistency, - If necessary, the data loop DS is also made as a parallel connection, in which a code (KODE) transmitted by the server via both data paths is checked via the terminals present at the client CL, wherein the check is performed via a coupling of the data paths (as data loop DS) in one the end devices (eg in a mobile phone, etc.) of the user takes place, - Where appropriate, in both cases series connection and / or parallel circuit further alienation (encryption) and recovery (decryption) of the code (KODE) is preferred to prevent manipulation by attackers, in that the method is used as access protection to computer software of an internal or external server to workstations or client CL computers, wherein in the configuration of the access protection instead of or in addition to a password, a telephone number T- # is configured as access protection, which the used connection (eg telephone connection T- # of a mobile phone) for said data loop DS, via which said, generated by the server KODE (monitoring code of the data loop DS) is passed (or must be conducted) so that the access authorization is detected ,
    • 162. Method according to the preamble and / or the characterizing part of feature 161, characterized in that the mobile phone or terminal (also telephone), via which said data loop DS is closed and which can receive an SMS from the server, has a data converter, the SMS received by the server is converted into a serial data signal, which is routed via the coupling (acoustic, infrared, optical, etc.) of the preferred data loop DS via a corresponding terminal (eg client CL) of the networks used.
    • 163. Method according to feature 162, characterized in that the method proceeds in the following steps: i) the server calls on request (eg by input via a client CL or a workstation) to the user who wants to form the data loop DS via his mobile phone (or terminal, telephone, etc.) and sends to the mobile or terminal SMS, possibly for this initialization (as an option) by the user a password must be entered; j) the user, using the function mentioned in feature 162, forms the data loop DS by sending the data serially converted by the SMS through said coupling or forming the data loop DS to the server (optionally) using encryption / Decoding the code, k) the server checks the data generated by him and the data loop led code (KODE) and possibly also on the data loop, or continue on the phone (or terminal) entered data (personal data of the user, such as voice profile, fingerprint, iris Image acquisition, etc.), which may also be encrypted with the code (KODE) passed over the data loop, l) the server recognizes all the data it has received via the data loop as correct, then it uses the recognized network connection (phone number T- # of the mobile phone, etc.) for the intended purpose (access detection, assignment of data or other Server processes, etc.).
    • 164. A method according to feature 163, characterized in that the SMS sent to the terminal, or to the user's mobile phone contains a message that the user the use of the obtained SMS to form the data loop indicates DS, wherein the server adds to this SMS nor the check code (KODE), optionally separated by a control character sequence, and further, if any recognizing a character or control character (also sender phone number, etc.), which the SMS as reveals a code used for the preferred data loop DS, does not display this code (KODE) as text (option), or optionally performs encryption before forwarding via the interface interface of the data interface (option).
    • 165. Method according to one of the preceding features (possibly also only according to the preamble thereof), in particular in that the following method is used for the purpose of checking a fingerprint: - It is used a camera optics shallow depth of field, The fingerprint picked up via the camera (from the finger) is picked up by the recording optics at different distances from the finger, the shots being in different positions (eg from the inside to the outside, etc.) Due to the small depth of field and the curvature of the finger .) have different sharp and blurred image areas, - It is the change in distance, or the distance of the finger relative to the receiving optics measured and compared with the sharp or blurred areas of the image so that it can be concluded that the curvature of the finger, - the curvature of the finger is taken into account in the evaluation of the fingerprints.
    • 166. Arrangement for performing a method according to feature 165, characterized in that a movable against the receiving optics (sliding) transparent support surface is provided for the respective finger over which the fingerprint is recorded and that the displacement of the surface is measured by a sensor ( Eddy current sensor, or optical gap measurement, reflection measurement, etc.).
    • 167. Arrangement according to feature 166, characterized in that a mirror system, the optics, which receives the fingerprint, is directed to the receiving surface of a camera already existing recording chips, wherein by cover slide either the image of the fingerprint or a picture taken on the camera optics on the image capture chip only (by darkening the other image) is projected.
    • 168. A method according to feature 165, optionally arranged according to feature 166, characterized in that the server transmits to the mobile phone an instruction (eg via the display) which indicates to the user whether he (slowly) tightens his finger or less more firmly to the receiving surface (against their spring travel) has to push, the server (this obtained via the measured displacement) movements together with the resulting over the image blur test and thus composed over several images only at different points sharp image parts, on the one hand On the other hand, to check the fingerprints, to verify the authenticity that the fingerprint is entered on a real finger and in authenticity (to the instructions given by the server).
    • 169. Arrangement for recording an iris on a mobile phone with a digital camera, in particular with an optical system, by enlarging the distance between the objective and the image recording area, enlarging an image section, in particular by means of a small mirror in which the user can see himself in a small image section, wherein the user holds the phone so that his eye is visible in the mirror, wherein the mirror is adjusted so that the image detail displayed in the center of the mirror is taken enlarged by the camera to record the iris as a camera image.
    • 170. Arrangement for recording an iris on a mobile phone with a digital camera, in particular in that the server sends a message to the mobile phone, which indicates to the user when he should wink with his eyes, so that the server the authenticity of the test in addition to the stored image pattern can be verified by Measuring the reaction time from the time the visually and / or acoustically issued prompt is issued to the real-time detection of the movement documented via a user's video recording; - and continues to discover via an image analysis, oh in the video image seamlessly transition the movements, - As well as the usual evaluation with respect to the recognition file by image analysis of the characteristics of the iris are made.
    • 171. Arrangement according to one of the features 165 to 170, or for an image acquisition for scanning / personal characteristics of a method according to one of the features 161 to 164 (possibly even only after the preamble thereof), in particular in that the chip used for image acquisition , or video recording, from which features for the recognition of the user's personal data are to be extracted (the image data being transmitted to the server or a server for checking), said code sent via the preferred data loop DS for encryption of the data output from the chip is used directly or in further connection with open key transmitted via one of said networks, wherein the encrypted image data is already directly available The chip is read in order to avoid the injection of incorrect image data and by the used for the encryption (eg as a parameter), generated by the server and sent over the data loop code (KODE), which is possibly still encrypted (sent by the server) , It is ensured that the image data at this time, where the server receives, are actually picked up by the chip (for image capture).
    • 172. Method according to one of the preceding features, in particular according to the preamble of feature 161, with a chip for a respective terminal via which the data loop DS is closed (eg a chip card read / write device networked with an IT network) and via which particular data is input (for example the chip or microcontroller of the device via which the interface to the chip of the chip card is produced), in particular in that the chip sends the said code, which has been sent via the preferred data loop DS, for encryption from the Chip output data is used directly or in further connection with over one of the said networks transmitted open key, wherein the encrypted data are already read directly from the chip to avoid the feeding of false data (including signatures, etc.) and by the for the encryption (eg as parameter) used by the server and code (KODE) sent over the data loop, which may continue to be encrypted (sent by the server), ensures that the data has actually been generated by the chip at this point in time where the server receives it.
    • 173. Method according to feature 161 or even only according to the preamble of feature 161, wherein a mobile phone on request by the user, for. B. by entering a name or a password, or directly a telephone number T- #, from a server in question (for example, the page for logging on the client computer CL or a workstation represents) an SMS is sent immediately especially in that the SMS generated by the server, or sent (possibly encrypted sent) code number KODE corresponds and is taken over the WEB camera of the client computer CL in the client computer as an image and the server is transmitted, optionally in the client Computer CL via an appropriate software (eg Java applet, etc.) is a alienation, or encryption of the code before returning to the server (which is decrypted in the server before the code comparison again).
    • 174. Method according to feature 162 or 163 or by feature 173, characterized in that with the sending of the SMS from the server a time-out is started, after their expiry, the transfer of the data contained in the SMS sent by the server code KODE in the data loop DS (or for evaluation by the server) is no longer possible.
    • 175. Method according to one of the preceding features, in particular (also) according to the (standalone) preamble of feature 161, characterized in that said paramters ($ S1, $ S2 ... $ Sn) for the in the terminals (z. B. Cell) each carried out encryption of the data loop DS sent and used to identify the loop codes (KODE's), each via the other data channel than that, but which the code (KODE) is transmitted (eg server via IT → Client CL via DS Connection → Mobile → T- # → Server as one direction, or server via T- # → Mobile phone via DS coupling → Client CL → Server as another direction, ditto possibly vice versa).
    • 176. Method according to feature 175, characterized in that said paramters ($ S1, $ S2 ... $ Sn) for the encryption of the data loop DS sent in the terminals (eg mobile phone) and for identification The code used in the loop (KODE's) still contain encrypted information, which includes the assignment of codeblocks (characters, etc.) concerning the parameter ($ S1, $ S2 ... $ Sn) transmitted to the identification of the loop (from the server send out) code elements (KODEs) (wordwise, also bitwise, etc.).
    • 177. Method according to feature 175 or 176, characterized in that said paramters ($ S1, $ S2 ... $ Sn) for the encryption of the data loop DS sent in the terminals (eg mobile phone) and respectively codes used to identify the loop (KODE's) further contain encrypted information, which the assignment of the parameter blocks ($ S1, $ S2 ... $ Sn) corresponding codeblocks (characters, etc.) to the respective current direction of transmission of the identification the code used (sent by the server) code elements (KODE's) control (wordwise, also bitwise, etc.) the respective terminals (eg mobile phone and client CL) show, or (in accordance with the server with control), where optionally at full duplex in the non-indicated direction, a dummy code (dummy code) may continue to be transmitted (which is not rated) to fool an attacker.
    • 178. Method according to one of the features 175 to 177, characterized in that the said parameters ($ S1, $ S2 ... $ Sn) continue to be used for the encryption carried out in the terminals (eg mobile phone) and optionally in the server Contain (encrypted) control information indicating whether they have been generated in the server or in one of the terminals according to a predetermined algorithm (possibly also at times that are determined by random number generator) self-sufficient, under Using this control information set the other provided in the data loop DS devices (or servers, etc.) and can address the associated decryption algorithms.
    • 179. Method according to one of the features 175 to 178, characterized in that the said parameters ($ S1, $ S2 ... $ Sn) alternate for the encryption carried out in the terminals (eg mobile phone) and optionally in the server via different data paths of the data loop DS (telephone connection T #, ditto IT connection or intranet connection, etc.) the respective devices located in the data loop DS (terminals such as mobile phone, telephone, client CL, server, also several networked servers, etc. ) and decoded according to a secret protocol (for individual recognition of $ S1, $ S2 ... $ Sn, etc.)
    • 180. Method according to one of the preceding features, characterized in that a cell phone used for the formation of the data loop or a similar device, etc. with one or more of said inputs of personal user features such as fingerprint recognition, iris recognition, voice recognition, etc., whose Data is secured by the preferred measures within the preferred data loop DAS, used as a passport or passport (driver's license, etc.).
    • 181. Method according to one of the preceding features or according to the preamble of feature 161, characterized in that the running time of the user (or client CL) through a corresponding coupling between the respective terminals (eg client computer CL and telephone, or mobile phone or possibly between two mobile phones, etc.) closed data path is measured over the Koppelweg and is evaluated as a criterion, whether in this Koppelweg an unauthorized intermediary network is located (the server then breaks off, if so).
    • 182. Method according to feature 181, characterized in that a) the measurement of the transit time takes place with a time measuring device provided in the data receiver (E), based on a time known to the data receiver (E) when the signal is sent by the data transmitter (S), b) or the measurement of the transit time with a time transmitter provided in the data transmitter (S) takes place, based on an acknowledgment signal, which the data receiver (E) transmits on receipt of the signal to the data transmitter (S).
    • 183. Method according to feature 182, feature a, characterized in that the clock of the data transmitter (S) by a from the data receiver (E) via the bidirectional data path of the coupling path (or the coupling path) to the data transmitter (S) sent out set signal coincident with the clock of the data receiver (E) is set, whereby, due to the duration of the coupling path (or the coupling path), the clock of the data receiver (E) then proceeds to the clock of the data transmitter (S) and that via a protocol agreement in Data transmitter (S) and in the data receiver (E) a time is agreed at which the data transmitter (S) to the data receiver (E) sends a measuring signal (or data) whose time of arrival at the data receiver (E) in the data receiver (E) based on the previously agreed by protocol dispatch time of the data transmitter (S) as the transit time for the round trip of the data over the coupling path (or the coupling path) is measured.
    • 184. Method according to feature 182, feature b, in particular in that the data receiver (E) sends the data transmitter (S) an acknowledgment signal via the coupling path (or via the coupling path) upon arrival of the data, by means of which one in the data transmitter (S) made timing, with respect to the acknowledgment signal, the transit time for the outward and return path of the data over the coupling path (or the coupling path) measures.
    • 185. Method according to one of the preceding features or according to the preamble of feature 161, wherein several (eg two servers) are networked via IT and in each case one server with one of the terminals used for forming the data loop DS (on the user side) directly is connected, in particular, that via one of the terminals (ditto both, etc.) is a data input, which evaluates one of the (two) server (I), while this server but no access to the port number of the relevant, to identify the user (within the data loop DS) has the other (second) server (II), but access to the port number (of the network used for the identification, eg mobile phone network) of the relevant, to identify the user (within the Data loop DS) used, but has no access to the other data (the first server I), which are not intended for him, the server (II), wel has the access to the port number of the device in question to identify the user, via its network connection (eg. B. IT network) to the first server (I) using a temporarily assigned address (instead of the telephone number), the monitoring of the port number of the device (or user) made access to the first server (I), and that the Assigning the temporarily assigned address via the two servers common code recognition (KODE) of the guided over the data loop DS codes.
    • 186. Method according to one of the preceding features, wherein two (or more) networked servers (I, II, III) enter the data loop DS for determining the assignment to a relevant network (eg telephone network) used to identify the user are included and the assignment is over issued and checked codes (KODE) corresponding to the identification number (eg the telephone number of the connection in the network used for the identification or telephone network), or method according to feature 185, in particular, a) that when scanning the Data loop for the assignment of the identification numbers (or telephone numbers) of the network used for the identification, or telephone network is synchronized to the respective tested KODE, Server I Server II, b) or that when scanning the data loop for the assignment of identification numbers (or Telephone numbers) of the network or telephone network used for the identification is synchronized to the respective tested CODE, server II of server I.
    • 187. Method according to feature 186, characterized in that the following method steps are carried out: Server I selects the clients CL to be checked (cl_1..., Cl_n) in succession, and for each dialing, all current connections T- # (T1... Tn) are used by server II (or possibly telephone server III). scanned to find the pairs (KODE / T- #) by the server II, whereby of course server II must send a random code to it and must check the data loop DS obtained back, - Server II (or possibly telephone server III) dials the current connections T- # (T1 ... Tn) in sequence and for each dial by server I to be tested clients CL (cl_1 ... cl_n) the Row after scan to find the pairs (KODE / T- #) through the server II, whereby of course server II must send a random code to each and must check the data returned via the data loop DS back.
    • 188. Method according to one of the preceding features, or method according to the preamble of feature 161, characterized in that said code comparison on the user side in one of the terminals used for the coupling of the data loop DS (eg mobile phone, or client computer CL , etc.) and that the comparison result is communicated (possibly encrypted) to the relevant server which has generated the code signal relating to the comparison
    • 189. Method according to one of the preceding features, or method according to the preamble of feature 161, characterized in that the coupling of the data loop DS on the user side (between the relevant terminals, eg between a mobile phone and a client computer CL) Interposition of a further device, which performs (possibly further) data encryption of the looped through the coupling interface data is carried out.
    • 190. The method according to feature 189, characterized in that the for the intermediate circuit, or for (further) data encryption looped through the coupling interface data, a high frequency (possibly converter) interface is used, via which the data from a terminal (z. B. mobile) in the (possibly further) data encryption of the device connected between and from this to another terminal (eg., Client computer CL), possibly also in the opposite direction, or bidirectional, are passed.
    • 191. A method according to feature 189 or feature 190, characterized in that is used as a device between a clock or a piece of jewelry.
    • 192. Method via which the access number (eg telephone number) of a terminal (eg a mobile phone) connected to a further network (eg telephone network) or else directly through a protected network access, etc., logging in the user is in the network (for example, using a mobile phone with the telephone number as a condition for logging in), in particular that the specified when logging (eg., In a WEB page) by a particular server phone number of User, optionally (as an option) or in combination with other associated with the phone number (eg via the phone) personal data of the user (such as a voice analysis, etc.) as added by the server additional data in the down loaded file, whereby the downloaded file, when playing back with a relevant playback device (MP3 player, CD, DVD, etc.), the data contained in it and added by the server (markers, adre ssen, etc.) are used as a test template for a possibility of reproducing the file (for checking the telephone number of the user, optionally as an option or in combination with other data linked to the telephone number), whereby the data added by the server (markings, addresses, etc .) the reproduction of the data is protected and the data is reproduced by the device only if, by a cell phone via an appropriate interface (to the player) transmitted data encoding, according to the phone number of the terminal or mobile phone used when loading the file is initialized, or if necessary, the mobile phone to initialize the playback device can also directly contain (z. MP3 player).
    • 193. A method according to feature 192, characterized in that the method is used for any data reproduction or processing device (visual files, acoustic files, text files, programs, etc.).
    • 194. Headphones for a mobile phone or for general use, in particular in that the headphones are fixed directly inside or on extended earmuffs of a headband.
    • 195. headband with headphones by feature 194, characterized in that an RF interface to the power supply (amplifier) of the headphones is provided, said interface (with battery holder) is fixed to the rear center of the headband.
    • 196th feature deleted
    • 197th Feature deleted
    • 198th Feature deleted
    • 199th Feature deleted
    • 200th Feature deleted
    • 201. Method according to one of the preceding features, or a method for detecting the interconnection of two or more database events, which relate to input and / or output of data from not directly networked terminals using a method according to feature 201 for detecting or establishing a network connection with a server networked computer, or terminal, in particular a mobile phone, in which the server emits a code which by temporarily coupling the not directly networked terminals (eg acoustically, or by infrared, or even inductive or capacitive, etc.) is sent from the server to one of the temporarily coupled terminals and routed back to the server via the other terminal, whereby a data loop is formed via the respective terminals in order to compare the transmitted code with the returned code an existing assignment of database events or v verreibaren processes verifiable, wherein the mutually attributable to a data input and / or output database events may affect the same database or different databases, and / or methods for linking two server processes (but may also run on the same server) with a temporary for telecommunication purposes prepared telephone connection as a data loop via a mobile phone, via which one from the server to the phone and back to the server via a relevant terminal (as an interface to the phone) is passed and verifies the recognition of the code, the phone number of the cell phone used in the data loop is, wherein the assignment of said data input to and / or output of data related database events, or the said server processes via the phone number of the mobile phone connection takes place, as they are for the production of said, the terminal concerned Datenc loop was used during the temporary coupling, and that for the purpose of this assignment all currently sent by the server in question and returned via said data loop code pairs are compared with each other, wherein a pair of comparison of two signals each from a sent and one received back over the data loop Code signal exists, wherein the corresponding respective matching matching signals corresponding communication channels (Internet addresses and telephone numbers) are also recognized as belonging to each other; and / or methods in which the allocation relates to an event relating to an input and / or output of data assigned to the same database, through the terminal loop (a temporary coupling) using the mobile used to form the data loop the code emitted by the server and returned back to the code, an acknowledgment signal (corresponding to an acknowledgment signal) is generated, wherein the cell-related connection, or the telephone number under which the connection is made to form the data loop, as an access code for generating the Confirmation signal (by the server) is used; and / or methods in which the allocation relates to an input relating to an input and / or output of data associated with different databases, that via the data terminal relating to the terminal (a temporary coupling) using the cell phone used to form the data loop by the sent by the server and returned back code by assigning this code as a key for the data access of the different databases the data of the databases relating to the key to a data set, or to a related data group are linked and upon agreement of the code, an acknowledgment signal (corresponding to an acknowledgment signal ), wherein the connection associated with the mobile telephone, or the telephone number under which the connection is established to form the data loop, is used as a connection code for the linking of the respective data of the different databases and as an access code for generating the acknowledgment signal (by the server); and / or methods wherein two mobile phones are coupled to each other by an assigned over the phones and generated by the servers and / or tested code the assignment of the mobile phone numbers, including the data about the respective server processes transmitted via the mobile phone (recognizing the mobile as a pair belonging together); especially by the features of one of the following features.
    • 202. A method according to feature 201, characterized in that in particular a conference circuit is used for said further connection (eg telephone connection T- #) over which the preferred data loop DS is formed to identify a subscriber, in addition to that over the preferred data loop DS transmitted code, which z over the regular data network. B. Internet (IT), as well as the preferred further network for identification (eg telephone network T- #) between two endpoints (E1, 2 and E3) of this network is transmitted, the simultaneous connection of the telephone line T- # ( with the endpoint E3) of the user (client CL, for generating the data loop DS) to two (further) endpoints E1 and E2, at one or more of the relevant server (with which the user communicates or users communicate), to enable.
    • 203. Method according to feature 201 or 202, characterized in that the (SERVER, 1 ) or the (server 1, server 2, 2 ), which form the said two (further) end points E1 and E2 of the preferred further network for identification (eg telephone network T- #), or feed their code for checking the identification or establishment of an assignment in this network (or optionally from this network in the reverse direction), use a fundamental, from both endpoints E1, or E2 (or their coding / decoding device, such as server software, or hardware, etc.) understood discrimination coding (see f1, f2 for E1, or code 1, ditto f3, f4 for E2, or code 2), it being possible to make a distinction as to which end point by means of this distinguishing coding, the telephone signal / mobile signal looped through the user's telephone connection T- # (end point E3) / Connection point E1 or E2 of a server ( 1 ), and / or optionally which server (E1, E2 with Server I and Server II in 2 ) a corresponding code signal (code 1, code 2) is assigned.
    • 204. Method according to one of features 201 to feature 203, for the purpose of assigning two or more client users to a common server process or two server processes to be linked together ( 1 ), in particular that said two endpoints E1, E2 of said telephone network T- # (or a comparable network), or the conference call, which with the end point E3 to the client CL (or user) each have a switched connection have a server (SERVER, 1 ), or relate to a server process that serves several users (see user 1, user 2), or their clients CL (each at E3), and that the conference on the one hand for each of the users (see user 1, user 2 ), or their clients CL (each at E3), the preferred data loop DS with the code assigned to each user (code 1 for user 1, dito code 2 for user 2) (each closed on the client side CL via the Internet connection IT) and on the other hand, each user, or its client CL, or its data loop DS (at its respective E3 connection) not directly via the Internet connection IT his data loop DS, but via the Internet connection IT at the / other users (s) via the data loop (respectively) can hear over the conference code transmitted by this feature of the conference, each user, or their clients CL, respectively on her e data loop DS the codes of the other user (which are each transmitted via the data loop DS) can listen in and thus the server (SERVER) via each of the data loops DS all connected users, or clients CL, all codes (see. Code 1, code 2, 1 ) and that the codes obtained for a conferencing connection established over several subscribers (eg code 1 · code 2 via DS of user 1, dito code 2 · code 2 via DS of user 2), the desired link to a common Is derived server process switched subscriber (possibly using the independently tested on each user side on the data loop DS phone number).
    • 205. A method according to feature 204, characterized in that said networking of a server-controlled program involving several subscribers via their telephone numbers (T-# 1, T-# 2) is used to transmit in one over the Internet or a similar structure (also possibly over the mobile) running game, in which one participant solicits another to play, a percentage of the amount paid by the enlisted player as play money, on the play money account of the player who has recruited the player as Credit is booked.
    • 206. A method according to any one of features 201 through feature 203, for the purpose of associating two server processes without suspecting that the servers would need to be networked via an Internet connection ( 2 ), characterized in that of the two end points E1, or E2 said telephone network T- # (or a comparable network), or the conference, which with the end point E3 to the client CL (or user) each one switched Have connection, each endpoint (E1, dito E2), each one of several servers (server I with E1, dito server II with E2) is turned on (or dialed), which have no connection to each other via the Internet (or. each server (here server I and server II) each having a self-sufficient (Internet) connection to a common for all (here both servers I and II) server (client CL) (E3) and that the conference call of said telephone network T- # (optionally alternatively alternatively) on the one hand on the client side CL forms a data loop DS respectively to the server (here Server I and Server II), on the other hand, the user, or its client CL, or its data loop DS (E3 port) the not directly on the respective current Internet connection IT his data loop DS, but on the conference (each) transmitted code of the other server can listen and thus each respective server (from Server I or Server II) each all Codes (see code 1, code 2, 2 ) and that the codes obtained for a conferencing connection made over several servers (eg code 1 via code 2 of the user for server I, same code 2 code 1 via user DS for server II) provide the desired link The data entered for different servers or server processes for the activated user ( 2 ) is derived (optionally using the independently tested in one of the two servers over the data loop DS phone number).
    • 207. A method according to feature 206, for an application in which the user enters the data (possibly also anonymously!) In a server (server I) (ditto possibly gets displayed, calculated and output, etc.) and another server II, where the user identifies himself by using the preferred data loop DS over another network (eg mobile phone), whereby the two servers (server I and server II) can only be used over this further network (eg telephone, mobile phone network) ) are directly networked with each other and the user (client CL) in each case have a customary data network connection (Internet, intranet, etc.), especially in that the following method steps are carried out: a) calling the said server I (eg WEB page WEB 1) and dialing the telephone connection (Dito mobile phone, etc.) of the server (I), with disconnected numbers identification of the call and production of the relevant data loop DS, via the server I sends its code (code 1); b) calling the named server II (eg WEB-WEB 2) and entering the telephone number of the telephone connection (ditto mobile, etc.) of the server (II) with subsequent callback (call!) by the server (II) using the telephone number indicated in the WEB page WEB 2 as well as producing the relevant data loop DS, via which the server II sends its code (code 2) and identifies the subscriber (user) via this check code (by the called telephone number); c) Via said conference circuit connection, the data loop DS to the server II also receives the code (code 1) sent out by server 1, server II sending this code (code 1) as another address to its own transmitted code (code 2) as the address added and the test result of the identification of the user (the client CL, or another cell phone, etc.) this code (code 2) as a key data added (possibly encrypted, and / or digitally signed); d) The named server I assigns the data contained in the (code 2) of the server 2 under the provided address (code 1) to the code (code 1) of the server (I) entered by the user (eg via the Internet) Data, wherein the further contained in the code 2 of the server 2 check result in the processing of the data in the server I is taken into account.
    • 208. Method according to feature 203, characterized in that said distinguishing coding, which end point / connection point E1 or E2 of a server ( 1 ), and / or optionally which server (E1, E2 with Server I and Server II in 2 ) is assigned to a respective code signal (code 1, code 2), by selecting the frequencies, over which, the log. 0 and log. 1 identification states of the respective code signals (code 1, code 2) are transmitted.
    • 209. Method according to feature 203, characterized in that said distinguishing coding, which endpoint / connection point E1 or E2 of a server ( 1 ), and / or optionally which server (E1, E2 with Server I and Server II in 2 ) a relevant code signal (code 1, code 2) is assigned by an addressed format (eg also handshake, half-duplex, etc.).
    • 210. The method according to one of the features 202 to 209, characterized in that the synchronization for the change, or for the initialization of the servers (Server I, Server II, 2 ) or the server (SERVER, 1 ) transmitted code signals (code 1, code 2) by the time of establishing the connection (eg., The telephone dialing the server) of the conference call.
    • 211. Method according to one of the preceding features, characterized in that the method is used for checking telephone connections made via Internet telephony.
    • 212. Method according to one of the preceding features, characterized in that the preferred conference circuit is used with the involvement of Internet telephony.
    • 213. Method according to one of the features 201 to 240, or according to the preamble of the feature 201, characterized especially that in the formation of the data loop DS instead of the client (CL) connection to the server, another cell phone connection (telephone network connection) is used. A method according to feature 213, or a method according to any one of the preceding features, comprising two mobile phones for establishing the coupling of the preferred data loop DS, wherein the cell phones include a GPS coordinate acquisition system or a comparable system, also called a vehicle registration system, etc., having a data connection to the Cell phone, etc. is provided, in particular, that in the formation of the data loop (and tested with the test code phone numbers of mobile phones) as associated input data, the GPS coordinates and or the km state of a vehicle to the (or s.den) server concerned this process is carried out at two different locations and the distance (possibly according to a street plan) is determined for this telephone number combination of the mobile phone concerned, optionally one of the cell phone's (or both) send samples for this purpose to the server ( or the entered km state is used, et c.), and that on the data link of the mobile phones to the server, the personal data on the phone number of mobile phones are recorded and evaluated (to give the driver the necessary security for persons identification, if the passenger is adequately insured, etc.).
    • 215. A method according to feature 214, characterized in that, instead of or in addition to the GPS data, the km meters transmit via a radio interface to the mobile phone (eg the driver) the km state for determining the route, in which case optionally the GPS coordinate detection system can be waived.
    • 216. An arrangement for carrying out the method, according to one of the features 214 or 215, in particular by an acoustic coupling device, which is installed under the exterior mirror of a vehicle (see. 3 ), wherein the cell phone in question is held against the outside mirror.
    • 217. Arrangement for carrying out the method according to one of the features 214 to 216, in particular by means of an infrared interface, which is installed under the mirrored glass under a small (non-mirrored) window of the exterior mirror of a vehicle (cf. 3 ), wherein the cell phone in question is held against the outside mirror.
    • 218. Feature deleted.
    • 219. Feature deleted.
    • 220th Feature deleted.
    • 221. Method according to one of the preceding features, or a method for detecting the interconnection of two or more database events, which concern input and / or output of data from non-directly networked terminals using a method for detecting or establishing a network connection with a server networked computer, or terminal, in particular a mobile phone, in which the server emits a code which by temporary coupling of not directly networked terminals (eg acoustically, or by infrared, or even inductive or capacitive, optical, or via HF, etc.) is sent from the server to one of the temporarily coupled terminals and routed back to the server via the other terminal, whereby a data loop is formed through the respective terminals to compare the transmitted code with the returned code an existing assignment of the database events or to verify or locate processes comparable to such events, wherein the processes to be associated with one another may relate to inputting and / or outputting data relating to database events to the same database or different databases, and / or methods for linking two server processes (which, however, may also run on the same server) can) with a temporarily produced for coding purposes telephone connection as a data loop on a mobile phone, via which one of the server to the phone and back to the server on a particular device (as an interface to the mobile phone) is passed and on the detection of the code, the phone number in the data loop used cell phone is checked, and / or method for linking two server processes (but may also run on the same server) with a temporarily produced for coding telephone connection (landline) as Datenschl eife via a landline telephone, via which one from the server to the mobile phone and back to the server on a particular terminal (as an interface to the phone) is passed and the recognition of the code, the phone number of the phone used in the data loop is checked, the assignment said database events relating to an input and / or output of data, or said server processes via the telephone number of the mobile telephone connection (or Telephone connection), as was used for the production of said terminal data loop during the temporary coupling, and that for the purpose of this assignment, all currently sent by the server concerned and returned via said data loop DS code signals are compared in pairs, wherein a pair of comparison of two signals each consisting of a sent and a data loop back on the received code signal, the respective respective matching matching signals corresponding communication channels (Internet addresses and telephone numbers) are also recognized as belonging to each other; and / or method in which the association relates to an event relating to an input and / or output of data which is assigned to the same database as that relating to the terminals Data loop (a temporary coupling) using the cell phone used to form the data loop generated by the code sent by the server and returned back in accordance with the code, an acknowledgment signal (corresponding to a receipt signal), wherein the cell (or telephone) associated connection or the telephone number under which the connection is made to form the data loop is used as the access code for generating the acknowledgment signal (by the server); and / or method in which the allocation relates to an input relating to an input and / or output of data, which is assigned to different databases, that over the terminal data loop (a temporary coupling) using the cell phone used to form the data loop (or Telephone) by the code sent by the server and returned back by assigning this code as a key for the data access of the different databases, the key data of the databases to a record, or to a related data group are linked and upon agreement of the code, a confirmation signal (According to an acknowledgment signal) is generated, wherein the cell phone (or telephone) associated connection, or the telephone number under which the connection is made to form the data loop, as a connection code for the combination of the respective data of unterschiedl used as an access code to generate the acknowledgment signal (by the server); and / or method, wherein two mobile phones are coupled by a transmitted over the phones and generated by the servers and / or tested code, the assignment of mobile phone numbers, including the data transmitted via the mobile phone data to the relevant server processes (as the mobile as related Recognizing a couple); especially by the features of one of the following features.
    • 222. Method according to feature 221, characterized in that the coupling of the data loop DS between client and telephone, or mobile phone is made within the same device, z. As a telephone or mobile phone, by the property of a conference call, in which a connection to several participants (eg., Two) is simultaneously possible, and via these participants, the data loop DS is formed.
    • 223. A method according to feature 221 or 222, wherein a conference call is used for said further connection (eg telephone connection T- #) over which the preferred data loop DS is formed to identify a subscriber, - the code transmitted via the preferred data loop DS, from a telephone connection (T # _S1) served by a server (S1) via the data loop DS at the user, or via its telephone connection (T # _user) to another telephone connection (T # _S2), which is also served either by this server (S1) or by another server (S2), the telephone or mobile telephone of the user of the telephone connection having a switching device for direct formation of the data loop (eg according to a conventional conference circuit, in particular by linking the input data of the mobile phone to the code and by inputting these three terminal numbers (T #) _user T # _S1, T # _S2), which are used for the conference call (server 1 with T # _S1 ← → T # _user T ← → T # _S2 with server 2, or possibly also with server 1).
    • 224. A method according to feature 222 or 223, characterized in that said assignment of the data relates to a payment transaction, wherein the one telephone number (T # _S1) served by a server (eg S1) concerns an account management for debiting the amount and the further telephone number (T # _S2) served by another server (S2) or optionally by the same server (S1) concerns an account management for crediting the amount.
    • 225. Method according to one of the features 222 to 224, characterized in that via the telephone connections (server 1 with T # _S1 ← → T # _user ← → T # _S2 with server 2, or possibly also with server 1) the telephone number of relevant connections, if any, by the caller for testing the connections, further data (for checking the identity of the user, such as pin code, voice sample, fingerprint, iris recognition, etc.). on the user side, or at the telephone connection (T # _user) of the user (or in the mobile phone, etc.) be added.
    • 226. Method according to one of the features 222 to 225, characterized in that on the user side or at the telephone connection (T # _user) of the user (or in the mobile phone, etc.) (eg generated by the server and at Recovered) code for checking the connections is encrypted.
    • 227. Method according to one of the features 222 to 226, characterized in that on the user side or at the telephone connection (T # _user) of the user (or in the mobile phone, etc.) (eg generated by the server and at Back tested) code for testing the connections another test code is added according to a digital signature that on the server side, the server that sends the code and checks on return, the server the sent code internally in the server also with the (the User corresponding) digital signature, and that the signature code used for the internal digital signature, via the telephone number of the user (T # _user) or, where appropriate, his other personal information, addressed, wherein the check of the returned code in the server on a) It is the on the user side (in the phone or mobile phone) provided with the digital signature and received back in the server with the code generated internally in the server and internally with the (the user, or his terminal) B) it is checked for authenticity by directly comparing the codes provided on the user side (in the telephone or mobile phone) with the digital signature and the code internally provided in the server with the digital signature; c) where (possibly ) in the phone or mobile phone (before the digital signature) is an encryption of the code, and at back the code is decrypted in the server.
    • 228. The method according to one of the features 222 to 227, characterized in that said conference circuit in addition to the looped through by the user connection (server 1 with T # _S1 ← → T # _user T ← → T # _S2 with server 2, or optionally even with server 1) still has a direct connection between the servers (S1, S2) served connection connections (if separate server S1 us S2 are used), where appropriate, this additional telephone connection of the conference call can also be made via the Internet between the servers.
    • 229. Method according to one of the features 221 or 222 to 228, with a radio or TV set as further data input into the preferred data loop DS, characterized in that further, the test code added data via an acoustic coupling to the radio or TV set or via an optical coupling to the screen of the TV set in the device used to form the data loop DS terminal (phone, mobile phone, etc.) can be entered.
    • 230. A method according to any one of features 221 or 222 to 228, each including a cell phone for closing the preferred data loop for use as a co-ordinator and billing person, the cell phone having a GPS system for interfacing with the location of the further cell phone user ( as a passenger) relative to that of the driver (or his cell phone) is detected, characterized in that the between the cell phone's (the driver and, for example, on the roadside waiting rider) closed data loop DS via an RF transmission line (eg B. blue tooth, etc.) takes place, characterized in particular that a power measurement on the receiving side is made via this RF transmission line between the mobile phones, the respective received power received in calibration steps on the GPS system, the distance determination of the distance between the relevant mobile phone is assigned and that the constant continuous monitoring of this distance (when approaching the two cell phone's) you The stronger reception power of the mobile phone or phones concerned takes place in order to indicate the approach.
    • 231. Method according to feature 230, characterized in that a) an RF connection between the mobile's with an RF power that maintains the connection during the formation of the data loop DS (within the possible range), b) another RF connection between the mobile's with an RF power that is controlled during the formation of the data loop DS so that the connection in each successive measuring cycles just tears off (each new), or the received carrier a minimum (as Limit value), the GPS data being calibrated as corner points at this break-off limit of the connection or at this limit value, in order to determine the distance between these corner points exclusively via the HF distance between the two mobile phones.
    • 232. Feature omitted
    • 233. Feature deleted
    • 234. Feature deleted
    • 235. Feature omitted
    • 236. Feature deleted
    • 237. Feature deleted
    • 239. Feature deleted
    • 239. Feature deleted
    • 240th Feature deleted
    • 241. Method according to one of the preceding features, or method which forms a data loop DS using the temporary coupling of two mobile phones (acoustically or by infrared, etc.) communicating with one or even two servers or computers of the network , wherein via this coupling a test code is passed, which is generated by the server via the data connection (data loop DS) to a mobile phone, and passed back via the data connection (data loop DS) of the server or another server to the other phone of the test code for testing being, being through Determining the phone numbers of the cell phone's assignment to the data entered via the mobile phone is made, and the data to be assigned, which are supplied by the mobile phone with the test code to the servers or the server, an authentication of the user belongs, also a position transmission (GPS Data) and / or km state of a vehicle guided by the user of the mobile phone, in particular that upon detection of a valid assignment of two mobile phones by the server, which are initialized by arranged in the vehicles detection systems for querying addresses (RFID) chips of packets, or optionally synchronized, such that in each case a vehicle belonging (encoded by a vehicle address taken into account by the recognition systems), the packets stored in the vehicle are detected, and that these data are transmitted to the server belonging to the coupling process (DS) of the mobile phone.
    • 242. Method according to feature 241, characterized in that the (RFID) detection system accommodated in the vehicle communicates directly with the server via an interface provided in the vehicle, the further assignment to the vehicle being made via a vehicle address sent to the relevant mobile telephone.
    • 243. Method according to feature 241, characterized in that the (RFID) detection system housed in the vehicle communicates with the server via an RF interface to the mobile phone, or the mobile phone transmits the relevant data of the recognition system to the server, whereby a data sent via the mobile phone in question Vehicle address makes the further assignment to the vehicle.
    • 244. Method according to one of the features 241 to 243, characterized in that from the data sent to the server in the vehicle-mounted (RFID) recognition systems, which leads to data coupling (DS) of the mobile's or identification of the user, each associated removal and / or payload of the corresponding (RFID marked) packages is determined.
    • 245. Method according to one of the features 241 to 244, characterized in that also the payment and / or acknowledgment of the receipt of the packages by the preferential coupling system (DS) according to said mobile phone's is made, wherein the mobile phone a Barkodeleser or a reader for the Address code of the (RFID) chips has.
    • 246. Feature deleted
    • 247. Feature deleted
    • 248. Feature omitted
    • 249. Feature omitted
    • 250th feature omitted
    • 251. Method according to one of the preceding features, or method relating to a fully automatic recognition and address assignment of a subscriber of any first network (eg Internet, mobile phone network, etc.) with short-term use of a further subscriber line of a second network (eg. Landline telephone, mobile phone, or another mobile phone, etc.), or for special cases also the same network (eg telephone number of an Internet telephony, etc.), wherein the participants of the first network does not have to have a fixed access address, d. H. an address which can be assigned temporarily differently on the Internet only for each session, and the second network via its connection number (eg mobile number), etc., which forms the address assigned on the Internet, and further using the temporary coupling of two mobile phones (acoustically or by infrared, etc.), which communicate with one or with two servers, or computers of the network, a data loop DS is formed, via this coupling a test code is passed from the Server is generated via the data connection to a mobile phone, and is returned via the data connection of the server or another server to the other mobile phone of the test code for testing (series connection). Where if a separate server is used for each cell phone, the server loop through the code via the Internet or possibly via a conference call the cell phone. Furthermore, the code can be encrypted in the relevant mobile phone or a mobile phone. Or a method is provided in which the code from two sides (via the second mobile phone) is forwarded to a cell phone (parallel connection) and the comparison is done on the phone, and by determining the phone numbers, the cell phone's assignment to the on the phone's data entered (see the pre-applications cited in the description), and or using the temporary coupling of a mobile phone (acoustically or by infrared, etc.) with a WEB page, wherein the cell phone and the WB page with one or two servers, or computers of the network communicate, a data loop DS is formed , wherein via this coupling a test code is passed, which is generated by the server via the data connection to a mobile phone, and via the data connection of the server or another server to the other cell phone of the test code is passed back for testing (series connection). Where if a separate server is used for each cell phone, the server loop through the code via the Internet or possibly via a conference call the cell phone. Furthermore, the code can be encrypted in the relevant mobile phone or a mobile phone. Or a method is provided in which the code from two sides (via the second mobile phone) is forwarded to a cell phone (parallel connection) and the comparison is done on the phone, and by determining the phone numbers, the cell phone's assignment to the on the phone's data entered (see the pre-applications cited in the description), especially in that the process is repeated within two successive processes and the same code or a code pair defined by the server is used to detect the coupling, this code not being reused for other purposes within a period of time within which the recognition process is valid, and in that the server recognizes a related pair of terminals involved in the code coupling by recognizing the code which has been repeatedly received or the code associated with a code pair which is or are returned to the server independently of one another (in the case of intermittent network connection).
    • 252. Method according to one of the preceding features, characterized in that at the client directly via one of the terminals used for forming the data loop (computer, mobile phone, landline telephone, etc., in any combination) or via an interposed third-party device ( 300 ), a PAD (digitizing writing surface) whose data pad directly manipulates the random code (KODE) transmitted via the data loop DS, or another random code (KODEn) according to a secret algorithm, wherein in the server by an inverse application of the algorithm (at known KODEn) decode the data of the pad to recognize a signature made on the pad during code transfer KODEn.
    • 253. Method according to feature 252, characterized in that in the CODES manipulated by the data of the PAD (digitizing writing surface) according to the signature made on the PAD, in addition to the code of the data loop DS generated by the server, a code is added as well the code manipulated by the data of the PAD (digitizing writing surface) resulting from the digital signature to a data document affected by the formation of the data loop DS (eg hash code).
    • 254. A method according to feature 19, paragraph a, characterized in that an audio signal production or audio signal reserve is used, which varies the reproduction speed controlled by control variable, without changing the pitch, using the above-mentioned feature (a), the playback speed of the audio signal is controlled so that between the signal frequencies used for the character encoding, or even a frequency spectrum each time periods also correspond to the coding of the code signal (KODE) with, where appropriate also be provided switching-algebraic expressions of existing or non-existing frequencies of a frequency spectrum in the coding can (option).

Claims (82)

  1. Method a) for the purpose of the secure detection and / or checking and / or assignment of subscriber lines at message links and / or subscriber addresses concerning these message links, with respect to an addressee and / or to a sender of data and / or with respect to authenticity of data and / or the allocation of data, b) with terminals, each having a, the type of connection of a respective terminal corresponding message connection to a, the respective terminal respectively associated device, the communication link of the respective terminal respectively providing means, each Terminal communicates with its respective associated device and the, the communication link of the terminals providing institutions are networked together, this networking is done via locally separate devices or within a common device, wherein c) said networking the establishment of a communication link between the facilities providing the communication link of the terminals, characterized in that d) a data loop DS is formed via the said communication links associated with the terminals via said networking of the facilities providing the communication link of the terminals on the terminal side d1) a data transmission carried out under the terminals ( 1a ) and / or d2) a data check carried out on the terminals ( 1b ) is made within this network, wherein e) within the said network, a CODE is generated, which is supplied to the terminals via the data loop DS ( 1b ) and / or via the terminals ( 1a ) and is incorporated in the transmission protocol of the communication link and for the purpose of its recognition according to the criteria, e1) whether the code has changed in transmission over the respective communication links, and / or e2) if the code is in transmission over the respective ones Message connections in accordance with a rule, as amended according to a formula or an encryption algorithm, and / or e3) if the code corresponds to a further code belonging to this code as it changes when it is detected at a terminal corresponding to the message connection by means of an evaluator means in the data path and associated with the generation of said CODE, - which performs the said recognition and / or verification and / or assignment - is checked to perform said detection and / or verification and / or or assignment of the participants conclusions and / or subscriber addresses relating to an addressee and / or to a sender of data and / or relating to the authenticity of data and / or the assignment of data relating to these subscriber lines.
  2. Method according to claim 1, characterized in that said data loop DS is formed via or through a connection by means of a galvanic connection or a wireless connection, hereinafter referred to as signal coupling, between or on terminals respectively used by the same user, with reference to FIG a subscriber connection or a connection address established via the terminals and associated with the same user, and / or the authenticity of data routed via this subscriber connection is checked by the evaluation of the KODE with respect to said application or the allocation of data is undertaken.
  3. Method according to claim 1, characterized in that said data loop DS is formed via or through a connection by means of a galvanic connection or, hereinafter referred to as signal coupling, between or on terminals which are each used by different users, with respect to the data connections, subscriber lines or connection addresses and / or the authenticity of data routed via these subscriber lines are checked by means of the evaluation of the KODE with respect to said application or the assignment of data is made via the terminals, respectively.
  4. Method a) for the purpose of the secure detection and / or checking and / or assignment of subscriber lines at message links and / or subscriber addresses concerning these message links, with respect to an addressee and / or to a sender of data and / or with respect to authenticity data and / or the assignment of data, as well as for the purpose of secure detection, and / or the checking of the real-time authenticity of an event occurring at a subscriber and / or at a device having a communication link with the subscriber, transmitted via a communication link, and event data to be assigned to this event by a receiving device receiving this data, b) with terminals which each have a message connection corresponding to the type of connection of a respective terminal to a respective terminal belonging to the respective terminal, b each terminal having its respective associated device communicates and which, the communication link of the terminal providing devices are networked with each other, said networking via locally separate devices or within a common device, wherein furthermore b1) a terminal has or is networked with an event data generation device that performs real-time detection of an event, b2) and / or a device networked with a terminal via a communication link, has an event data generation device; is networked with one, which performs a real-time detection of an event, wherein c) made under the, providing the communication link of the terminals providing facilities networking, the production of a Nachrichtenve between these facilities, characterized in that d) a data loop DS is formed via the above-mentioned, in each case the associated message links a data loop DS via said networking of the message connection of the terminals providing facilities, wherein on the terminal side d1) a data transmission made under the terminals ( 1a ) and / or d2) a data check carried out on the terminals ( 1b ) is carried out within this network, wherein e) within the said network, a CODE is generated which is supplied to the terminals via the data loop DS ( 1b ) and / or via the terminals ( 1a ) and is incorporated in the transmission protocol of the communication link and for the purpose of its recognition according to the criteria, e1) whether the code has changed in transmission over the respective communication links, and / or e2) if the code is in transmission over the respective ones Message connections in accordance with a rule, as amended according to a formula or an encryption algorithm, and / or e3) if the code corresponds to a further code belonging to this code as it changes when it is detected at a terminal corresponding to the message connection by means of an evaluator means in the data path and associated with the generation of said CODE, - which performs the said recognition and / or verification and / or assignment - is checked to perform said detection and / or verification and / or or assignment of the participants and / or to obtain subscriber addresses relating to an addressee and / or to a sender of data and / or in relation to the authenticity of data and / or the allocation of data, wherein f) the via the said data loop DS coded and tested in an evaluator KODE directly or via a code corresponding to this CODE, is linked in the said device for the generation of event data with these event data and / or is involved in the generation of the event data in these data, whereby the by the event, which is transmitted via the data loop, in its transmission time or in its transmission time range, as it corresponds to the event data associated with this CODE of the device which generates this event data, with respect to the authenticity associated with this event for the time determination of the event i the aforementioned KODE verification by the checking device of the receiving device receiving the event data is detected or the lack of authenticity is detected in case of non-compliance.
  5. A method according to claim 4, characterized in that said data loop DS is formed via or through a connection by means of a galvanic connection or a wireless connection, hereinafter referred to as signal coupling, between or at terminals each used by the same user, with respect to an authenticity of a data-presented event, the data of which is routed via this communication link, is checked by said evaluation of the CODE by means of a message connection established via the terminals and assigned to the same user.
  6. A method according to claim 4, characterized in that said data loop DS is formed via or through a connection by a galvanic connection or, hereinafter called signal coupling, between or on terminals each used by different users, with respect to authenticity of an event represented by data, the data of which is routed through these communication links, is checked by said evaluation of the KODE via the message connections established by the terminals and assigned to these different users.
  7. Process according to any one of Claims 1 to 3 and 4 to 6, characterized in that the process according to any one of Claims 1 to 3 and the process according to one of Claims 4 to 6 are used together in combination, where appropriate for those indicated for the processes different uses with respect to the use of said test of said KODE, different KODEs (see CODES 1 and 2) are used.
  8. Method according to one of Claims 1 to 7, characterized in that said networking of a device providing the message connection of a respective terminal takes place with the involvement of one or more networked servers, or in that the device providing the message connection of a respective terminal is replaced by one or more Server are realized.
  9. Method according to one of claims 1 to 8, characterized in that i. the method for calling a WEB page or establishing an addressing or equivalent subscriber or Internet connection, at one of said terminals, which is included in said data path of a data loop DS, - hereinafter referred to as the first terminal (CL) - , ii. the call of said WEB page or the production of the said subscriber or Internet connection via another terminal takes place, which is included in said data path of the data loop DS, - hereinafter referred to as second terminal (T- #) -, wherein iii. this second terminal (T- #) has a subscriber access of a communication link via which said KODE is forwarded to that terminal (T- #), iv. said CODE a telephone number, and / or a connection address for an Internet telephony, and / or an Internet address, and / or an address for an Internet access, and / or a WEB page name and / or a WEBSITE address , and / or a server address, and / or a radio channel, and / or a comparable coding for a connection of a subscriber connection point or a subscriber name for the general connection of a data stream or data streams, or in the said KODE such a name is included, hereinafter referred to as in the code contained coding of the (relevant) subscriber line -, where v. said CODE via said data transfer performed on the terminal side among the terminals ( 1a ) is transmitted from said second terminal (T- #) to said first terminal (CL), vi. said first terminal (CL) through this KODE, via a program installed on the first terminal (CL) (software "plug-in"), selects or addresses the coding of the subscriber line contained in that CODE through the subscriber or internet connection to be established through it Establish communication for this terminal (CL) and / or to call the WEB page mentioned, vii. wherein each terminal (CL, or T- #) affected by the connection establishment by the said CODE communicates with the respectively assigned device via its communication link, and the server processes associated with the terminals via this communication, which relate to each communication for each terminal, are assigned to each other, as well as via the networking of the terminals of the terminal related data traffic of this assignment proceeds accordingly.
  10. Method according to one of claims 4 to 8, characterized in that said event is the sender-side emergence of event data as i. during a manual or visual or auditory or sensory input by a user, and / or ii. in an image acquisition by an image recording device for the purpose of a real-time transmission of an image or video and / or iii. in the voice recording by a voice recording device for the purpose of a real-time transmission of a spoken word and / or iv. in the handwritten input of lines on a these lines in data transcribing writing board (PAD), incurred and sent to a receiving device concerns.
  11. Method according to one of Claims 1 to 10, characterized in that the said KODE, which is routed within the network of the data loop DS, passes through one of the devices or devices within the network of the data loop DS during the KODE KODE exam known algorithm is manipulated, and in the above-mentioned examination of the KODEs this manipulation is taken into account.
  12. Method according to Claims 1 to 11, characterized in that said KODE, which is routed via the data loop DS, is connected to one or both of the terminals on the terminal side and / or to a third party device (2) inserted in a signal coupling of the terminals. 300 . 3 . 33 ) is manipulated or further encrypted according to an algorithm, wherein in the said examination of the KODEs this manipulation or further encryption is taken into account.
  13. Method according to one of Claims 1 to 12, characterized in that the method is used for checking and / or assigning the association of data with a sender and / or addressee.
  14. Method according to one of Claims 1 to 13, characterized in that the transit time of the terminal devices, via which the data loop DS is networked, associated communication links which connect to said, the communication link of a respective terminal via said networking provisioning devices with their further networking of the connections affected by the data traffic is measured by a time measurement existing in these devices and / or in the terminals, i. wherein the start of a respective time measurement and the data associated with this starting time, whose time of their arrival at a subscriber is measured in each case takes place through an understanding of the protocol within the data traffic, ii. wherein the measured transit times are taken into account for a valid assignment of the CODE elements relating to said test to the original COD.
  15. Method according to one of Claims 1 to 14, characterized in that the data loop DS is formed over more than two networks and is defined by appropriate control characters, time slots for the transmission of the data of different subscribers by protocol.
  16. Method according to one of Claims 1 to 15, characterized in that the KODE routed via the networking of the data loop DS is composed of individual KODE elements or blocks which participate in the data loop DS via the respective network connections corresponding to the type of connection of the terminals Terminals are distributed and transmitted to the terminals and / or via the terminals, for decryption and / or encryption and / or manipulation of the KODEs, all of these KODE elements, or blocks are included in the said examination of the KODEs ( 29 ).
  17. Method according to Claim 16, characterized in that data is transmitted in the bidirectional direction over the said data loop (DS) for the purpose of transmitting encryption algorithms, a respective terminal involved in the encryption of the data relating to the CODE and / or an optionally further in a signal coupling of the terminals located third device of the located in the data loop DS terminals and / or third-party devices its algorithms for the encryption and / or a change of encryption from the network of a respective other terminal via the signal coupling relates.
  18. Method according to one of claims 4 to 17, characterized in that i. said generation of event data in one of the terminals or in a third party device connected to a signal coupling of a terminal ( 300 . 19b ) takes place, via which the data loop DS is formed with said terminals via said signal coupling, ii. in which the terminal or third party device ( 300 ) generated event data with the associated KODE, or the event data with a KODE formed from said KODE and the event data - hereinafter referred to as Prüf KODE - are sent to a receiving side, iii. wherein a receiving side receives the event data generated in the terminal with the associated check KODE and directly or via a device connected to the receiving side, the check KODes performs the real-time evidence for the emergence of data as they originated at the terminal on the transmitting side as an event are to recognize, iv. wherein the receiving side or a device in communication with the receiving side has generated the check KODE used at the respective terminal or data for forming this check KODEs.
  19. Method according to one of Claims 1 to 18, characterized in that the said device providing the message connection of a terminal or a device which is further networked with this device is one or more networked servers.
  20. Method according to one of Claims 1 to 19, characterized in that the said evaluation, which is located in the data path of the data transmission and is associated with the generation of said KODE, - which comprises said detection and / or checking and / or Assignment of addresses and / or data makes - takes place in a device providing the communication link of a terminal device or in a further networked with this device means and there performs the said evaluation [(1) = (2)? in 1a ].
  21. Method according to one of Claims 1 to 19, characterized in that the said evaluation, which is in the data path of the data transmission and associated with the generation of said KODE, - which comprises the aforesaid recognition and / or checking and / or assignment of addresses and / or data - takes place in one of the terminals or in a device which is further networked with this terminal and carries out the said evaluation there [(1) = (2)? in 1b ].
  22. Method according to claim 20 and claim 21, characterized in that both of the methods mentioned in claims 20 and 21 are used.
  23. Method according to one of claims 4 to 22, characterized in that i. said event data generation apparatus performing real-time detection of an event is a writing table - hereinafter referred to as PAD - in which the coordinate points (pad) of handwritten line trains are detected as line coordinate data in real time and from a transmission device of the PAD or a device having a data connection with the PAD is transmitted via a relevant communication link to a receiving device as event data in real time, ii. wherein the said KODE (KODEn) or data for forming this KODE generated by the KODE generation in the data path and supplied to the receiving device as source code is supplied to the transmitter via said data loop DS, iii. wherein the transmitting means receiving the transmission data from said PAD during the real-time generation of the line coordinates corresponding to a handwritten line, the KODE obtained via the data loop DS or a CODE produced from this CODE into the line coordinate data of the PAD (pad) by a corresponding link (Neuer_KODE = f (KODEn · pad)) and / or the line coordinate data with said KODE form a new KODE for said test and this data via the said communication link by the transmitting device as event data be sent to said receiving device, iv. wherein in the receiving device, which receives the line coordinates data of the handwritten lines PAD on the PAD with the linked therein KODE as transmitted event data, a linking rule of the corresponding algorithm for linking the event data (pad) and said KODE, the input lettering of the PAD corresponding event data, as well as the KODE incorporated into the data or linked to the data are extracted as real-time (KODEn) to the event data, this KODE must correspond directly or via an algorithm (KODE_dig) the origin KODE or must contain the originating KODE to a valid Real-time detection of the writing process carried out on the transmitter side on the PAD with the data associated with the writing process (pad) on the receiving side, this origin CODE of said data path being in the KODE generation directly or via a Verschlüs matching algorithm.
  24. A method according to claim 23, characterized in that said writing board, or PAD, supplies to the line coordinate data of a handwritten line the data corresponding to the coordinates data of the pen as data corresponding to the line trains in addition to the coordinates data of the train these data, together with the coordinates of the trace data as a function of time, are sent to the receiving side with the CODE included in the data, where, together with said real-time pattern matching pad (pad), to verify a signature (pad) made on the PAD; to be used with.
  25. Method according to one of claims 4 to 22, characterized in that i. said device for generating event data which performs a real-time detection of an event, an image capture is electronics, such as a digital camera or video camera, or an image capture chip or a fingerprint sensor, hereinafter referred to as camera, which is a real-time recording of the Real-time event takes place whose image data from a transmitting device of the camera or a camera connected to the device having a data connection via the relevant communication link to a receiving device as event data in real time, ii. wherein said KODE generated by the KODE generation in the data path and known to the receiving device as the source code is supplied to the KODE for forming this KODE, to the transmitting device via said data loop DS, iii. wherein the transmitting device, which receives the transmission data from said camera, during the real-time image recording integrates the KODE obtained via the data loop DS or a KODE resulting from this code into the received image data by means of a corresponding link, and / or the image data form a new CODE for said test with said CODE and send said data via the said communication link to said receiving means as event data by said sending means; iv. wherein in the receiving device, which receives the camera recorded image data with the associated therein KODE as transmitted data, a linking rule of the corresponding algorithm for linking the event data and the said KODE, the image recording corresponding event data as well as in the data integrated or with The KODE associated with the data is extracted as a real-time record of the event data, which KODE must correspond directly or through an algorithm to the source KODE or contain the source KODE to provide valid real-time evidence for the process of real-time image capture with the image-capture related data on the KODE Receive receiving side, this origin has to CODE of said data path in the KODE generation directly or via an encryption algorithm to match.
  26. Method according to one of claims 4 to 22, characterized in that i. said event data generation apparatus which performs a real-time event detection, a speech signal recording of a speech signal spoken by the user in real time and recorded on the user side, the recorded speech signal corresponding to the real time event whose speech signal data is from a speech signal Transmission device of the voice signal recording device or a device having a data connection with the voice signal recording device via the relevant communication link to a receiving device are transmitted as event data in real time, ii. wherein said KODE generated by the KODE generation in the data path and known to the receiving device as the source code is supplied to the KODE for forming this KODE, to the transmitting device via said data loop DS, iii. the transmitting device receiving the transmission data from said voice signal recording device, while the real-time voice signal recording incorporates the CODE obtained via the data loop DS or a CODE resulting from this CODE into the received voice signal data by a corresponding link, and / or the voice signal data with said CODE form a new CODE for said test and this data is sent via said communication link by the transmitting device as event data to said receiving device, iv. wherein in the receiving device, which receives the voice signal data recorded with the voice signal recording device with the associated KODE as transmitted data, the linking rule of the corresponding algorithm for linking the event data and the said KODE, the speech signal recording corresponding event data and the integrated into the data or CODE linked to the data is extracted as a real-time record of the event data, which code must correspond directly or through an algorithm to the source CODE or contain the source CODE to provide valid real-time evidence for the real-time speech signal recording operation with the data associated with the speech signal recording to receive on the receiving side, which origin KODE has to correspond to said KODE generation in the data path directly or via an encryption algorithm, v. wherein the speech signal data obtained in the receiver means are used for voice recognition and / or must correspond to a textual content previously communicated with the CODE to the device for generating event data and acoustically and / or visually transmitted to the user, said test using a corresponding speech signal recognition for the implementation of the speech signal is in a text and this text has to correspond to the specification of the text content.
  27. A method according to any one of claims 4 to 26, wherein said means for generating event data which performs a real-time detection of an event and sends the detected event data to a receiving means via a transmitting means comprises: a) a general data input means for a real-time input of event data by a user, b) and / or a detection device, as specified in claims 23, 24, 25, 26, for a real-time detection of an event with a generation of event data temporally corresponding to this event, characterized in that i. said event data generation apparatus further outputs and provides visually or acoustically displayed commands as an event instructions to the user of the device to which the user provides input of data and / or other special contribution to the input and / or capture of event data to make these commands in real time, ii. whereby data is generated by said receiving device or by a device networked with the receiving device, which data is sent to said device for the generation of event data and corresponds to the commands visually or acoustically displayed on this device as event instructions and to the device produce, iii. further wherein said KODE generated by the KODE generation in the data path and known to the receiving device as source code, or data for forming this KODE, is supplied to the transmitting device via said data loop DS, iv. wherein on the said data input device or detection device for a real-time input and / or detection of an event, the event data to be generated is visually or acoustically displayed as event instructions to the user and the user following these commands to input corresponding data into the data input device or detection device and / or special involvement to generate and / or capture real-time event data in accordance with these instructions, manually and / or audibly and / or visually and / or sensory, such as via a keyboard, and / or a writing tablet (PAD ), - and / or by a fingerprint sensor, - and / or with the face in front of a camera, - and / or a change of the distance of an object to the lens of a camera, - and / or Nachsprechen a visually or acoustically displayed text, - and / or any other input of event data or Mitwi tion for inputting event data, and that data is sent to the said receiving device as event data associated with the given event instruction, v. further wherein the transmitting device, - which receives the KODE known to the receiving device as the source code or data for forming this KODE via said data loop DS - during said real-time generation of the event data the KODE received via the data loop DS or one from this KODE according to a rule resulting CODE in the data generated in the said generation of the event data by a corresponding link binds, and / or these data with said CODE form a new CODE for the said test and the data thus linked to the KODE via said communication link through the Sending device are sent as event data to said receiving device, vi. wherein in the receiving device, which receives the event data associated with the KODE, via the linking rule of the corresponding algorithm for linking the event data and the said KODE, the data corresponding to the generation of the event data, as entered from a keyboard, and / or data corresponding to the lines written on a writing tablet (PAD) - and / or as entered by a fingerprint sensor, - and / or as they correspond to a face taken by a camera, - and / or like them the change of the distance of an object to the lens of a camera correspond, - and / or as they correspond to the reverberation of a visually or acoustically displayed text, - and / or as they correspond to any other input of event data or participation in the input of event data, and the the code embedded in the data or linked to the data as Real-time detection of the event data extracted, this KODE must correspond directly or via an algorithm to the origin KODE or contain the source code to obtain a valid real-time record for the process of real-time image capture with the, the image acquisition associated data on the receiving side this source code has to correspond to the said KODE generation in the data path directly or via an encryption algorithm, vii. wherein said real-time credential check further comprises a test relating to checking the correspondence of the received event data from the receiving device to the associated command data, the respective event data generated at the event data generation device corresponding to the respective associated event instructions , as have been predetermined by the command data known to the receiving device.
  28. Method according to claim 27, characterized in that i. a camera for capturing the face of the user or details of the face is used as a detection device for the generation of event data, wherein the commands for the event instructions corresponds to a mimic or attitude of his face to be observed by the user, such as winking, or a movement, or comparable, and / or the change of the distance of his face from the lens of the camera said user participation in the input and / or detection of event data in real time to the commands and in the receiving device, the evaluation of the said link through the CODE provided with a real-time proof image data by image analysis of biometric features of the user, such as the iris of the eyes, etc., takes place, in further examination of the image analysis obtained to match that in the receiving device or In a device generated by the receiving device, the command generates data for the event instructions and the above-mentioned check of the KODE for detecting a real-time detection, and / or ii. a device for recording a voice signal for data input is used as a detection device for the generation of event data, wherein the commands for the event instructions corresponds to a text to be nachzusprechenden by the user and in the receiving device, the evaluation of the above-mentioned linkage by said KODE with a Real-time verifying speech signal data by a text recognition and voice recognition of the user is performed to identify the user, further checking for conformity of the recognized text with the command generated in the receiving device or in a device networked with the receiving device data for the event instructions and the aforementioned Check the KODE for real-time detection, and / or iii. a fingerprint sensor with optics is used as a detection device for the generation of event data, wherein the commands for the event instructions relate to the respective distance to be maintained by the user between lens and finger and in the receiving device, the evaluation of the above-mentioned linkage by said KODE image data provided by means of an image analysis to identify the user for significant features, further checking the received image analysis for conformity with the command generated in the receiving device or in a device networked with the receiving device data for the event instructions and said test the KODE for real-time credential detection,
  29. Method according to one of Claims 1 to 28, characterized in that said CODE generated within said network of communications links and routed via said data loop DS and incorporated in the communications protocol of data transmission of the communications link is generated in the device in which said verification of the KODE is made, or is generated in a device that is networked with the device for checking the KODEs.
  30. Method according to one of Claims 1 to 29, characterized in that said CODE generated within said network of communications links and routed via said data loop DS and incorporated into the communications protocol of data transmission of the communications link is randomly generated.
  31. Method according to one of Claims 1 to 30, characterized in that the one terminal (CL or ES in 3 ) associated with each, providing its communication link device (server I or server III in 3 ) is networked via one or more further servers (server II) with that device (server I or server III) to form said data loop DS, which the message connection to the further terminal (ES or CL), via which said data loop DS formed will, ready.
  32. A method according to any one of claims 1 to 31, characterized in that said KODE comprises a code stream, - a KODE string in a data stream - of constantly alternating different KODEs (A, B 29 ) or elements of the code, this code stream being routed bidirectionally in both directions (A, B) via said data loop DS, using both message links, the terminals forming said data loop DS, and said KODE string being the said KODE (KODEn) with which the said links and / or checks and / or encryptions of the KODEs are performed.
  33. Method according to one of claims 1 to 32, characterized in that a plurality of networked servers (I, II, III ... in 3 ) which are included in the said interconnection of the data loop DS and in the said test method, use their own CODE (code 1, code 2, code n...) or data for forming this code, this code with different priorities depending on each after application - in each case in the servers, and / or - on the terminal side in a signal coupling of relevant terminals (CL, 300 , ES 3 ; Encryption in 7 ; conference call 9 ; Mobile, client 12c ; 36 . 37 ) or directly in the terminals, by encryption / decryption, according to the application to the servers is manipulated and / or checked and / or generated and / or recognized by testing.
  34. Method according to one of claims 1 to 33, characterized in that the method is used to terminals or terminal interfaces, one of which each have a mobile phone network and the other an Internet access as the communication link of the respective terminal providing device.
  35. Method according to one of Claims 1 to 33, characterized in that the method is used on portable terminals, each of which uses a mobile phone network and / or an Internet access as the device providing the message to the terminal, the formation of a signal link for the production the networking of the data loop DS on the terminal side by an interface for forming a short wireless distance data transmission between the terminals is made by the terminals are held in accordance with this short-distance interface in close proximity to each other.
  36. Method according to one of Claims 35, with the method according to Claim 12, 17 or 18, characterized in that the said third-party device ( 300 ) is integrated into the short-range wireless interface between the terminals ( 5 ).
  37. Method according to one of claims 1 to 36, characterized in that on the terminal side for a short wireless distance data transmission of a signal coupling among the terminals an RF transmitter is used in which using the data coupling produced by the signal coupling a power measurement over the signal path of the signal coupling transmitted RF power is made for the purpose of a distance limitation.
  38. Method according to one of Claims 1 to 36, characterized in that data transmission of a signal coupling of the terminals using an infrared interface is used on the terminal side for a short wireless distance.
  39. The method of claim 1 to 36, characterized in that on the terminal side for a short wireless distance data transmission of a signal coupling of the terminals an acoustic coupling of an audio signal by holding speakers, or earpiece and microphone of the terminals is used.
  40. Method according to one of Claims 1 to 39, characterized in that for the purpose of carrying out said method when used in connection with a message transmission relating to a data signal whose content to be reproduced corresponds to an audio or speech signal, as in the case of transmission a voice signal for a mobile phone, or a comparable data connection -, the integration of said KODE signal in the audio or speech signal corresponding data signal is made by a modulation of the harmonic content of the audio or speech signal, said about this variation of the harmonic content of the audio or Voice signal continues to be transmitted to the transmitted KODE and possibly the KODE associated additional data.
  41. Method according to one of claims 1 to 40, wherein a coupling for signal transmission between the terminals for forming the networking of said data loop DS for a made under the terminals data transmission takes place - hereinafter called signal coupling -, of which each terminal a, the nature of his Connection making corresponding, the terminal each associated message connection to a device providing the communication link providing , via which the data traffic to and / or from the respective terminal to this device, characterized, i. that the terminal, which is to send data to the other terminal in the signal coupling made under the terminals, an optical image field for displaying an image, such as a screen or a display, etc., having, which is present on the device image field for the said signal coupling between the terminals is used on the transmitter side, ii. that the terminal, which is to receive data from the other device in the signal coupling carried out under the terminals, a video image pickup device - hereinafter referred to as a digital camera - has, this digital camera on the device for the said signal coupling between the terminals is used at the receiving end, iii , wherein said signal coupling to form the data loop DS is formed by recording, with the digital camera of the terminal receiving the data passed via the signal coupling, the image of the other device transmitting the signal coupled via the signal coupling on the optical image field becomes, iv. and in that the KODE transmitted via said signal coupling of said data loop DS via said optical image field or the data for forming this KODE is encoded in the transmitter-side imaging by the imaging of the displayed KODE image in the form of a brightness modulation and / or coloring modulation corresponding to the KODE. or are.
  42. A method according to claim 40 or claim 41, characterized in that said transmitter-side modulation for coding or combining said KODE, in claim 40 is said modulation of the harmonic content of an audio or speech signal, or in claim 41 this is a brightness or Farbungs modulation -, according to a serial modulo 2 KODE signal is coded on the transmitter side and is decoded again on the receiving side.
  43. Method according to one of claims 1 to 40, wherein a coupling for signal transmission between said terminals to form the networking of said data loop DS for a made under the terminals data transmission takes place - hereinafter called signal coupling -, of which each terminal one, the Art its connection establishment corresponding to the terminal respectively associated message connection to a device providing the communication link has, via which the data traffic to and / or from the respective terminal to this device, characterized in that one of the terminals, which in the made under the terminals signal coupling Send data to the other terminal, an optical image field for displaying an image - such as a screen or a display, etc. -, having, which is present on the device image field for said signal coupling between the terminals send is used on the side, ii. that the other terminal, which is to receive data from the other device in the signal coupling made under the terminals, an image pickup device - hereinafter referred to as a digital camera - has, this image present on the device for the said signal coupling between the terminals is used at the receiving end, iii , wherein said signal coupling to form the data loop DS is formed by recording, with the digital camera of the terminal receiving the data passed via the signal coupling, the image of the other device transmitting the signal coupled via the signal coupling on the optical image field is, iv. and that the KODE transmitted via said signal coupling of said data loop DS via said optical image field or the data for forming this KODE is encoded by the imaging of the image displayed on the screen of a terminal in the form of a representation of a graphic surface corresponding to the KODE in which a) the image coded in accordance with the representation of a graphical area is transmitted by the device which picks up the image to the device providing the message connection of the terminal for further decoding of the code via said interconnection of the data loop DS, b) or the coded according to the representation of a graphical area in the image code decoded by a device in the image terminal installed software ("plug-in") and to the, the communication link of the terminal providing means for further processing of the method via said network c) or the KODE coded according to the representation of a graphical area in the image is decoded by a software installed in the image receiving terminal ("Plug In") and for establishing a connection via the communication link of the Terminal providing device is used.
  44. Method according to one of Claims 1 to 43, characterized in that the method is used on portable terminals, one or more of which use a radio channel as the terminal's communication link.
  45. Method according to one of Claims 1 to 44, characterized in that the KODE or data for forming this KODE , which is routed via the interconnection of the data loop DS, is provided by the user with a digital signal at one of the terminals or at a device integrated via signal coupling of the terminals Signature, is provided, and wherein the digital signature in both the transmitted over the data loop DS security codes KODE or data for forming this KODE as well as in the, associated with the KODE other data or linked to the KODE event data is involved to be able to assign the authorized signatories to the KODE and to the data in the above evaluation when checking the KODE and when checking the additional data or event data about the signature.
  46. Method according to one of claims 1 to 45, characterized i. that data containing said KODE and further data associated with the KODE and / or event data associated with the KODE are signed using a HASH KODE with a digital signature on a terminal included in said data loop DS or in which further device is included , ii. in order to be able to check the association of transmitted data and / or event data and KODE with regard to the signing subscriber in the above-mentioned evaluation during the check of the KODE.
  47. Method according to one of Claims 1 to 46, characterized in that the said CODE is linked to data of the individual subscribers and / or contains which data correspond to the settlement of a transaction for a cash payment in which these subscribers are involved.
  48. Method according to one of claims 1 to 47, characterized in that the method i. to perform a digitized signature rendered on a writing tablet in real time, and / or ii. to a cash-free payment or order transaction and / or iii. as an access guard for the operation of an electromechanical process, such as the operation of a lock, or cabinet, or the Zapfmöglichkeit the dispensing operation at a gas station -, and / or iv. for signing a document or for general access protection, and / or v. is used for securing access to a general data access, which takes place via one of said terminals.
  49. Method according to one of claims 1 to 48, characterized in that i. the method for verifying the authenticity of a WEB page or an equivalent Internet address, hereinafter called a first terminal (CL), hereinafter referred to as a WEB page, or a server identification, by a telephone number (#) or address of one the terminal side of the data loop DS closing further terminal, - hereinafter called second terminal (T- #) - is used, ii. wherein, when verifying the authenticity of the WEB page, it is checked whether ii1) a device which provides the message connection of the first terminal (WEB side) or a device which is networked with this device via the networking of the data loop DS . 2a ) and / or ii2) a KODE transmitted by the, the communication link of the second terminal (telephone number (#) or by a device networked with this device via the networking of the data loop DS ( 2 B ), both the, the communication link of the first terminal and the, the communication link of the second terminal providing means is known, iii. whereby, on successful checking via the message connection of the second terminal (T- #), the authenticity of the WEB page to be checked is acknowledged to the user ( 2 B iv. wherein the said two terminals (CL, T- #) are two autonomously separated devices or two terminal devices accommodated in a common device ( 2a . 2 B or E3 in 8th ).
  50. Method according to one of claims 1 to 48, characterized in that i. the method for a log-on in a computer or in a network as access protection for, on a terminal, - hereinafter referred to as first terminal (CL) -, called WEB page or equivalent Internet address, hereinafter referred to as WEB page, or as access protection server access , by a telephone number (#) or address of an on the terminal side, the data loop DS closing further terminal, - hereinafter called second terminal (T- #) - used, ii. wherein, in the check of the access protection of the WEB page, it is checked whether ii1) a KODE sent by the device of the first terminal (WEB side) or by a device networked with this device via the networking of the data loop DS (IT, 2a ) and / or ii2) a device which transmits the communication link of the second terminal (telephone number (#) or which is sent by a device connected to this device via the network of the data loop DS ( 2 B ), both the communication link of the first terminal and the device providing the communication of the second terminal are known, iii. wherein, upon successful verification, the device providing the message connection of the first terminal or a device connected to this device allows access to the called WEB page, or a component of the WEB page, iv. wherein the said two terminals (CL, T- #) are two autonomously separated devices or two terminal devices accommodated in a common device ( 2a . 2 B or E3 in 8th ).
  51. Method according to one of claims 1 to 48, characterized in that i. the method for calling a WEB page to be displayed on a terminal, hereinafter referred to as the first terminal (CL), by a telephone number (#) or the address of a further terminal closing the data loop DS on the terminal side, - following second terminal (T- #) ), ii. wherein the subscriber called or addressed via the second terminal (T- #) or a device connected to this subscriber has a CODE or data indicating the address of a WEB page to be addressed via the data loop DS for forming this KODE to the first terminal (CL ), which transmits this KODE, using a switch WEB page or equivalent internet connection to a server to the device providing the message connection or to a device connected to this device, for the KODE to the switch WEB page on that server which addresses the WEB page to be addressed with this CODE, iii. wherein the KODE designating the address of the WEB page to be addressed directly or as data constituting the KODE from the device providing the connection of the second terminal (T- #) or from a device networked to this device via said signal coupling to the first Terminal (CL) for forwarding to the, the connection of the first terminal (CL) providing means is sent via the networking of the data loop DS to the switching WEB page, iv. wherein the switching WEB page accesses a directory in which for each received KODE the WEB page designated by the KODE is stored as a call address of a respective WEB page to be called up, v. wherein the WEB page addressed by the switching WEB side of a respective server is displayed on the first terminal (T- #) at the address of the switching WEB page and thus bypassing the usual addressing of a WEB page via the message connection of the first terminal ( T- #) is called to its messaging device (CL) and the data associated with the KODE WEB page is transferred from the switch WEB page to the WEB page to be invoked respectively, vi. wherein the said two terminals (CL, T- #) are two autonomously separated devices or two terminal devices accommodated in a common device.
  52. Method according to one of Claims 1 to 51, characterized in that one of the said terminals or the said terminals uses an SMS converter which transmits a received SMS message to the interface signal, as is the case for a signal coupling between the terminals for the production of said data loop DS needed, converts.
  53. Method according to one of Claims 1 to 52, characterized in that - the code or data generated within a network of said communications links and routed via one or more data loops DS from respective terminals, from which this CODE is formed, is allocated for the assignment and / or addressing and / or establishing a synchronization of the functionality of several operations running on a server or on several networked servers, - whereby the servers associated with said terminals allocate processes to the data transmitted via the message connections of the terminals by means of this synchronization.
  54. Method according to one of claims 1 to 53, characterized in that i. said KODE, which is routed via one or more data loops DS at one or more subscribers to and / or via respective terminals, for the connection to a subscriber address of a terminal or a device connected to the terminal, such as a connection code of a network address or server address, or a device address, or a telephone number, or a radio channel of any network - over which the actual communication link of one or more unknown participants is established, to a known subscriber address of another terminal or connected to the terminal device, such as a connection code of a network address or server address, or a device address, or a telephone number, or a radio channel of any network - via which an address coding by a known subscriber address designating CODE is used for identifying and / or addressing and / or assignment of the unknown subscriber address is used, ii. wherein said data loop DS (respectively) via a terminal with the known subscriber's address of the terminal or the device connected to the terminal and a terminal with the identifiable and / or to be addressed and / or assigned subscriber address of the terminal or the device connected to the terminal is formed, iii. the subscriber or subscriber address to be identified and / or addressed and / or to be allocated via the said network of the devices respectively providing the communication link of the two terminals and the KODE routed via said data loop DS by the known subscriber address of one in the communication link identified and / or addressed and / or assigned.
  55. Method according to one of claims 1 to 54, characterized in that i. said networking a variety of terminal pairs (user 1, user 2 in 36 ), with which in each case among the terminals a data transmission to form the networking of a data loop (DS) via the terminal networking devices (server in 36 ), ii. wherein via the data loop DS as well as on the terminal side under the terminals respectively made data transmission different KODEs (code 1, code 2 in 36 ) and, with the assistance of these KODEs, the aforesaid recognition and / or verification and / or assignment of subscriber connections to communications links and / or subscriber addresses relating to those communications links, in relation to an addressee and / or to a sender of data and / or in relation the authenticity of data and / or assignment of data to a conference circuit with a plurality of terminal pairs is performed with their communication links to each of the facilities providing the communication links, iii. wherein the, the communication links of the terminal pairs respectively providing devices are interconnected according to each other to the said KODEs via the data loops DS the respective terminals to forward and / or these KODEs from the terminals.
  56. Method according to one of Claims 1 to 55, characterized in that a start time is agreed by means of a protocol agreement between devices located within said network, at which precise time a device sends to another network device, identification data or an identification signal whose Running time is measured from this time from the recognition data or the characteristic receiving device to determine the duration of data or signals of the network and to take into account in the said evaluation of said CODE and / or assignment of said CODE on a time scale.
  57. Method according to one of claims 1 to 56, characterized i. in that the KODE routed via said data loop DS contains data corresponding to the connection number or connection address transmitted by the device providing the message connection of a terminal or data sent by a device networked with this device, ii. this connection number or connection address being used to establish the connection of another terminal connected via the signal coupling of the data loop DS to the device providing the message connection of this terminal or to a device networked with this device, iii. wherein the assignment and / or synchronization of server processes communicating with the terminals, which in each case provide data output to the terminals and / or data transfer from the server via the assignment of the KODE and / or data contained in the KODE as in the evaluation of the KODEs the terminals are concerned.
  58. Method according to one of Claims 1 to 57, characterized in that the server processes and / or associated data transmissions respectively to be allocated to the terminals in each case are functionally connected to one another via the terminal devices participating in said data loop DS, or via one or more further devices are as linked by said transfer of the KODEs within the data loop in the association.
  59. Method according to one of claims 1 to 58, characterized in that the data path of said data loop DS on the terminal side for a data transmission carried out on the terminal side a) under the terminals ( 1a ) and / or b) Data verification performed on the terminals ( 1b ) is established by an automatically controlled terminal connection of a data connection using a corresponding device or arrangement, such as by a semiconductor switch, or a port addressing, or a relay.
  60. Method according to one of Claims 1 to 59, characterized in that at least one of the terminals included in said data loop DS uses the data connection of an Internet telephony as the terminal associated with the terminal in its message traffic with the terminal.
  61. Method according to one of Claims 1 to 60, characterized in that the method for logging in the connection establishment of the connection between the terminal of a user and a subscriber connected to the terminal via a data connection, such as with the terminal of another user and / or the Addressing another device such as the Internet address of data stored on a server - is used.
  62. Method according to one of Claims 4 to 61, characterized in that the method is used during the transmission of the actual data of a terminal, i. wherein the event recognized by the KODE transmitted in its temporal origin via the data loop DS is linked, via its event data corresponding to the event, to the KODE or data to form the KODE during the data connection established via the terminal side for transmission of said KODEs within the data loop DS , ii. whereby the temporal origin of the actual data transferred as communication of a terminal is detected by this combination of the data transmitted via the data loop DS KODE or data transmitted via the data loop DS to form the KODEs by said examination of the KODEs at a test center corresponding to the application.
  63. Method according to one of Claims 4 to 62, characterized in that, during the transmission of the data and / or during the transmission of said event data, said code is constantly changing and is incorporated into the transmitted data or event data.
  64. Method according to one of Claims 1 to 63, - the method for logging in a connection being used, - characterized by the following method steps: i. When using a password for the first time when logging into a secured by a password access security on a terminal with a data connection having device (server) ii. using the transmitted on the terminal side under two terminals to form said data loop DS KODEs and further said password, an assignment of the data loop DS transmitted KODE or the data corresponding to the KODE to the password made by this code the KODE, or the data associated with the CODE is or are deposited at the identification point (server) in relation to the named origin CODE, iii. wherein, for subsequent further log-in processes, instead of a check of the password, a check of the KODEs transmitted via said signal coupling as well as via said data loop DS or data corresponding to this KODE takes place in relation to said source code KODE.
  65. A method according to claim 64, characterized in that the KODE used for the access protection, or data associated with the KODE as he / she is (or is) deposited with respect to an origin CODE at the identification point (server), is further defined by the data loop DS of networking with incorporated facilities is or may be changed.
  66. Method according to one of Claims 1 to 65, characterized in that the formation of the said data loop DS is effected by the data transmission carried out on the terminal side under the terminals ( 1a . 1b . 5 . 12a . 33 ) takes place only for a short time, wherein the actual message transmission between a respective terminal and the terminal in each case associated, the communication link of the respective terminal respectively providing device continues to be beyond the duration takes place, to which the transmission of data of said KODEs has already been completed by the data transmission on the terminal side under the terminals via said data loop DS.
  67. Method according to Claim 66, characterized in that, during the duration of the message transmission via a communication link between a respective terminal and a device assigned to the terminal device providing the message connection of the terminal, the formation of said data loop DS for the transmission of data of said KODEs made by the on the terminal side under the terminals data transmission only in short time intervals, said data loop DS by a provided in the terminals, or in the terminal software controlled on the terminal side always closed only briefly with appropriate interim interruptions and reopened is, while the actual communication link between a respective terminal and the terminal in each case associated, each of the message connection of the relevant terminal setting device is maintained.
  68. Method according to one of Claims 1 to 67, characterized in that a plurality of - a plurality of terminals, - and / or a plurality of servers and / or data processors, - and / or several devices providing the message connection of the terminals, - and / or several KODE generations in the data path, - and / or several evaluators located in the data path for checking the KODES or checking several KODEs assigned to different servers and / or data processing, are provided in a corresponding network, where appropriate also several data loops DS are included in said method via said network ( 8th . 9 ).
  69. Method according to one of claims 1 to 68, characterized in that said KODE generation carried out within said network takes place in one or more servers, which are networked with a device for connection establishment of a respective terminal and / or make this connection.
  70. Apparatus for carrying out a method according to one of claims 1 to 53, characterized in that the method is carried out between two mobile devices connected to a mobile phone network, - which correspond to said terminals and via which a signal coupling is formed for the production of said data loop DS -, Wherein each of the devices having a screen and a camera, said KODE is transmitted by its visual representation on the screen of the one terminal and the recording of this image representation by the camera of the other terminal from one terminal to the other, which corresponds to said signal coupling.
  71. Apparatus for carrying out a method according to one of claims 1 to 53, characterized in that the method is carried out between two devices, one of which has a camera and the other has a screen and these devices correspond to said terminals - said KODE is transmitted by its pictorial representation on the screen of the one terminal and the recording of this image representation by the camera of the other terminal from one terminal to the other terminal, which corresponds to a signal coupling between the terminals for the preparation of said data loop DS.
  72. Device for carrying out a method according to one of Claims 1 to 63, characterized in that of two terminals via which said data loop DS is formed, one is a portable device which is connected to a mobile telephone network and / or to an Internet connection and the other is a stationary device connected to another network corresponding to the device type, the stationary device ( 12a ) has a bearing surface on which the portable device ( 2 ) can be placed to superimpose the built-in devices interfaces to form said data loop DS and produce a signal coupling between the two terminals.
  73. Device for carrying out a method according to one of Claims 1 to 63, characterized in that two devices, by means of which said data loop DS is formed, are both devices of portable devices, which are each connected to a mobile phone network and / or to an Internet connection are, wherein the devices have an interface for forming a wireless data transmission to produce a signal coupling between the two terminals.
  74. Arrangement for carrying out a method according to one of Claims 1 to 63, or Apparatus according to Claim 72 or 73, characterized in that a data connection is formed between the terminals via a wireless near-communication interface present at the terminals in order to establish a signal coupling between the two terminals ,
  75. Apparatus for carrying out a method according to one of claims 1 to 63, characterized in that a) on the terminal side an automatically controlled connection of a data connection using a corresponding device or arrangement, such as by a semiconductor switch, or a port addressing, or a relay -, Is provided, wherein this device or arrangement is located in an external device or within a terminal and, where appropriate, the two terminals that are included in said data loop DS, may also be located in a common device, b) wherein this through an automatically controlled connection established data connection, said on the terminal side b1) made under the terminals data transmission ( 1a ) and / or b2) data verification performed on the terminals ( 1b ) he follows.
  76. Apparatus for performing a method according to any one of claims 4 to 63, wherein said event data correspond to the image or video data taken with a camera, characterized in that the image capture means is a dual objective to transmit a spatial image.
  77. Apparatus for carrying out a method according to claim 12, 17, 18 or 36, characterized in that said third-party device is incorporated in a wristwatch ( 300 ) is installed.
  78. Circuit for carrying out the method according to one of Claims 4 to 63, characterized in that the linking of the said CODE with the event data corresponding to an event in which it originates is carried out in a chip or electronic component, in which said event data is recorded in real-time acquisition an event are generated.
  79. A circuit for carrying out the method according to one of claims 4 to 63, or a circuit according to claim 78, wherein said device for generating event data is an image pickup electronics using an image pickup chip, characterized in that i. the electronics chip, which captures the image data, already has a circuit for encryption, which is coupled to the KODE routed via said data loop DS or to data for forming this KODE, ii. wherein for said linking of the KODE with the image data and / or for the generation of another KODE from the image data and the KODE, the KODE transmitted via the data loop DS and / or further encryption parameters already in this electronics chip with the recorded image data is connectable or are.
  80. Device according to Claim 75, characterized in that the said terminals, with their respective interfaces to the facilities providing the communications of the terminals, are accommodated in a terminal which can be used as a telephonic device together with said automatic switching device, these interfaces having their communications links Pertaining to a telephony communication link and a communications link to the Internet, the automatic interworking device providing said signal coupling between the interface devices.
  81. Apparatus for carrying out a method according to one of Claims 1 to 63, characterized in that the said terminals, which in each case communicate with one another in each case the communication connection of a respective terminal to a respective terminal in its message traffic with the terminal comprising a single terminal, said terminal then having the said terminal equipment corresponding connection properties, as indicated in the preceding claims, to a device providing the communication link of the terminal.
  82. Apparatus for carrying out a method according to one of claims 1 to 63, wherein a mobile phone or a portable device, which has a mobile phone corresponding comparable functions of one of said terminals, characterized in that this cell phone or portable device with an RFID (Radio Frequency Identifier) detector is designed, with the purpose that the user of the mobile phone or the portable device can already monitor a Purchase made, the payment then at the completion of shopping using the mobile phone or portable device by the said method after one of claims 1 to 63 is feasible.
DE102005045947.1A 2004-09-24 2005-09-26 Method for the secure detection and / or checking and / or assignment of subscribers or subscriber addresses in data networks Active DE102005045947B4 (en)

Priority Applications (21)

Application Number Priority Date Filing Date Title
DE102004046413.8 2004-09-24
DE102004046413 2004-09-24
DE102004059168 2004-12-08
DE102004059168.7 2004-12-08
DE102005007379 2005-02-17
DE102005007379.4 2005-02-17
DE102005008086 2005-02-22
DE102005008086.3 2005-02-22
DE102005009367 2005-03-01
DE102005009367.1 2005-03-01
DE102005010414 2005-03-07
DE102005010414.2 2005-03-07
DE102005012989 2005-03-21
DE102005012989.7 2005-03-21
DE102005015619.3 2005-04-05
DE102005015619 2005-04-05
DE102005016304.1 2005-04-09
DE102005016304 2005-04-09
DE102005029025.6 2005-06-22
DE102005029025 2005-06-22
DE102005045947.1A DE102005045947B4 (en) 2004-09-24 2005-09-26 Method for the secure detection and / or checking and / or assignment of subscribers or subscriber addresses in data networks

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
DE102005045947.1A DE102005045947B4 (en) 2004-09-24 2005-09-26 Method for the secure detection and / or checking and / or assignment of subscribers or subscriber addresses in data networks

Publications (2)

Publication Number Publication Date
DE102005045947A1 DE102005045947A1 (en) 2007-06-06
DE102005045947B4 true DE102005045947B4 (en) 2017-11-30

Family

ID=38047413

Family Applications (1)

Application Number Title Priority Date Filing Date
DE102005045947.1A Active DE102005045947B4 (en) 2004-09-24 2005-09-26 Method for the secure detection and / or checking and / or assignment of subscribers or subscriber addresses in data networks

Country Status (1)

Country Link
DE (1) DE102005045947B4 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2000072506A1 (en) * 1999-05-21 2000-11-30 International Business Machines Corporation Method and apparatus for initializing secure communications among, and for exclusively pairing wireless devices
DE19938201A1 (en) * 1999-08-12 2001-02-22 Mannesmann Ag SMS e-commerce
DE10039569C1 (en) * 2000-08-09 2001-12-06 Mannesmann Ag Mobile telephone payment method for goods or services has central transaction number delivery point used to make payment after verification of charge data via customer
DE102004060976A1 (en) * 2004-05-26 2005-12-22 Informatik-Zentrum Bayern, Softwaregesellschaft Der Bayerischen Sparkassen Gmbh & Co. Kg Data communication system e.g. smart card-based HBCI system, has terminal e.g. mobile telephone, generating TAN number from identifying information e.g. order signature identifying information, and transferring number to processing unit

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2000072506A1 (en) * 1999-05-21 2000-11-30 International Business Machines Corporation Method and apparatus for initializing secure communications among, and for exclusively pairing wireless devices
DE19938201A1 (en) * 1999-08-12 2001-02-22 Mannesmann Ag SMS e-commerce
DE10039569C1 (en) * 2000-08-09 2001-12-06 Mannesmann Ag Mobile telephone payment method for goods or services has central transaction number delivery point used to make payment after verification of charge data via customer
DE102004060976A1 (en) * 2004-05-26 2005-12-22 Informatik-Zentrum Bayern, Softwaregesellschaft Der Bayerischen Sparkassen Gmbh & Co. Kg Data communication system e.g. smart card-based HBCI system, has terminal e.g. mobile telephone, generating TAN number from identifying information e.g. order signature identifying information, and transferring number to processing unit

Also Published As

Publication number Publication date
DE102005045947A1 (en) 2007-06-06

Similar Documents

Publication Publication Date Title
US10140606B2 (en) Direct personal mobile device user to service provider secure transaction channel
US20190295353A1 (en) Identification verification system
US20170228973A1 (en) Systems for multiple legal game providers and multiple jurisdictions
US8453223B2 (en) Method, device and system for secure transactions
CN105308522B (en) The safety moving computer and its method of credit card specification
US9231944B2 (en) Method and apparatus for the secure authentication of a web site
US9571208B2 (en) Input/output device, mobile device, and information displaying device
US20140195437A1 (en) Method and apparatus for electronic transactions
EP0431138B1 (en) System for inputting, processing and transmitting information and data
US7119662B1 (en) Service system, information processing system and interrogator
JP4553565B2 (en) Electronic value authentication method, authentication system and device
US7254619B2 (en) Apparatus for outputting individual authentication information connectable to a plurality of terminals through a network
US5771289A (en) Method and apparatus for transmitting electronic data using attached electronic credits to pay for the transmission
CN100588156C (en) Method and apparatus for providing electronic message authentication
US7668777B2 (en) System and method for providing instant-decision, financial network-based payment cards
US7702918B2 (en) Distributed network system using biometric authentication access
US7264152B2 (en) Anonymous transaction authentication
US7481363B2 (en) Smartcard authentication and authorization unit attachable to a PDA, computer, cell phone, or the like
US9147191B2 (en) Mobile application bar code identification method and system
CN1107395C (en) System for varifying use of credit identification card including recording of physical attributes of unauthorized users
CN1155919C (en) Transaction method carried out with a mobile apparatus
US5838812A (en) Tokenless biometric transaction authorization system
US7254560B2 (en) Method and apparatus for an integrated identity security and payment system
US7142091B2 (en) Self-authenticating identification substrate with encoded packet output
US7933840B2 (en) Electronic signature security system

Legal Events

Date Code Title Description
8110 Request for examination paragraph 44
R082 Change of representative

Representative=s name: RAINER ROETHINGER, DE

Representative=s name: RAINER ROETHINGER, 81369 MUENCHEN, DE

R081 Change of applicant/patentee

Owner name: KOLLER, ROMAN, DE

Free format text: FORMER OWNER: KOLLER, ROMAN, 83646 WACKERSBERG, DE

Effective date: 20110803

Owner name: ROMAN KOLLER, DE

Free format text: FORMER OWNER: ROMAN KOLLER, 83646 WACKERSBERG, DE

Effective date: 20110803

R082 Change of representative

Representative=s name: RAINER ROETHINGER, DE

Effective date: 20110803

Representative=s name: RAINER ROETHINGER, 81369 MUENCHEN, DE

Representative=s name: ROETHINGER, RAINER, DIPL.-PHYS.UNIV., DE

Effective date: 20110803

R016 Response to examination communication
R016 Response to examination communication
R016 Response to examination communication
R130 Divisional application to

Ref document number: 102005063650

Country of ref document: DE

Ref document number: 102005063649

Country of ref document: DE

R082 Change of representative

Representative=s name: ROETHINGER, RAINER, DIPL.-PHYS.UNIV., DE

R016 Response to examination communication
R018 Grant decision by examination section/examining division
R020 Patent grant now final