EP1411475A1 - System and method of communication including first and second access point - Google Patents

System and method of communication including first and second access point Download PDF

Info

Publication number
EP1411475A1
EP1411475A1 EP20020257257 EP02257257A EP1411475A1 EP 1411475 A1 EP1411475 A1 EP 1411475A1 EP 20020257257 EP20020257257 EP 20020257257 EP 02257257 A EP02257257 A EP 02257257A EP 1411475 A1 EP1411475 A1 EP 1411475A1
Authority
EP
European Patent Office
Prior art keywords
mobile device
access point
connection
message
access
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP20020257257
Other languages
German (de)
French (fr)
Inventor
Toshio Okochi
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hitachi Ltd
Original Assignee
Hitachi Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hitachi Ltd filed Critical Hitachi Ltd
Priority to EP20020257257 priority Critical patent/EP1411475A1/en
Priority to JP2003105027A priority patent/JP2004140779A/en
Publication of EP1411475A1 publication Critical patent/EP1411475A1/en
Withdrawn legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00896Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys specially adapted for particular uses
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07BTICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
    • G07B15/00Arrangements or apparatus for collecting fares, tolls or entrance fees at one or more control points
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00309Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/27Individual registration on entry or exit involving the use of a pass with central registration
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C2009/00753Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by active electrical keys
    • G07C2009/00769Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by active electrical keys with data transmission performed by wireless means
    • G07C2009/00793Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by active electrical keys with data transmission performed by wireless means by Hertzian waves

Definitions

  • This invention relates to a method of communicating, and to a system including first and second access points.
  • a method of communicating comprising maintaining a connection between a mobile device and at least one network of one or more networks via a first access point, sending from the mobile device to a network server via the first access point a request for connection to another access point, at the network server, obtaining approval for connection request, and sending a connection grant signal to the mobile device via an access point forming part of the same network as the first access point, sending from the mobile device a message comprising the connection grant signal or a signal derived therefrom to a second access point of the one or more networks, and allowing communication between the mobile device and the second access point if the message sent therebetween is determined to be the same as an expected message.
  • the second access point is associated with a ticket gate, in which case, the 'allowing communication' step involves granting access to the gate, using 'ticket grant' and 'gate open request' signals for example.
  • the 'connection grant signal' would be sent to the mobile device via the first access point, but the sending of this signal via another access point forming part of the same network as the first access point is not precluded.
  • One of the access points might include a smartcard reader, in which case a smartcard included with the mobile device could be authenticated using a challenge and response procedure.
  • connection grant signal includes a cryptographic key.
  • at least part of the message sent from the mobile device to the second access point could be encrypted using the cryptographic key.
  • Such can provide an efficient and effective way of making communications between the mobile device and the access points secure, and provides a means by which the sender of a signal can be verified.
  • Digitally signing the connection grant signal provides a means by which the sender can be authenticated and by which it can verified that the message has not been changed in any way since transmission by the sender. Corresponding advantages ensue if the message sent from the mobile device to the second access point is digitally signed.
  • a system comprising a mobile device, first and second access points to one or more networks, and a network server connected to each of the one or more networks, the mobile device being arranged to maintain a connection with one of the networks via the first access point, to send via the first access point a request for connection to another access point, the network server being arranged, in response to the request for connection, to obtain approval for the connection request and to send a connection grant signal to the mobile device via an access point forming part of the network as the first access point, the mobile device being arranged to send a message comprising the connection grant signal or a signal derived therefrom to the second access point, and the system being arranged to allow the mobile device access to the second access point if the message is determined to be the same as an expected message.
  • the network server is arranged for associating a timeout period with the connection request approval, and the system is arranged for disallowing the mobile device access to the second access point if access is not allowed prior to expiry of the timeout period. This can prevent the system being negatively affected by the support of requests which are not followed through.
  • the second access point is associated with a ticket gate, which is controlled to be opened if the message is determined to be the same as the expected message.
  • the system may comprise a ticketing server responsive to the request for connection to another access point for initiating a ticketing transaction, and for providing approval for the connection request, which in the embodiment is made as a gate open request.
  • the ticketing server could be responsive to the mobile device being allowed access to the second access point, which in the embodiment is by way of causing a gate to be opened, for completing the ticketing transaction.
  • This has the advantage that the ticketing transaction is only completed if the 'ticket' is actually used by the holder of the mobile device. Such could prevent ticket transactions being made by accident.
  • this feature allows a system to ticket automatically - i.e. to commence a ticketing transaction when a holder of a mobile device is detected entering a railway station, for example, and to complete the transaction when the mobile device passes through the gates, either at the source or the destination station, potentially without any input from the holder of the mobile device via a user interface.
  • the network server could be arranged to include a cryptographic key with the connection grant signal, in which case the mobile device preferably is arranged to encrypt the message sent to the second access point with the cryptographic key. This has security advantages.
  • connection grant signal is digitally signed, and preferably the message sent from the mobile device to the second access point is digitally signed.
  • Digital signing has advantages in that the sender can be authenticated and it can be verified that no change to the transmitted message has been made.
  • a system 10 comprising generally a mobile device 11, which in this embodiment is a mobile telephone handset, a first access point 12 which is a wireless local area network (WLAN) to a first network and a contactless smartcard reader/writer 13, which is connected to a ticket gate 14.
  • the first access point 12 and the smartcard reader 13 both are connected by respective wired and encrypted lines to a ticket server 15, which in turn is connected to an authentication server 16, which may be local or remote to the ticketing server 15.
  • the mobile device 11 is shown in more detail in Figure 2.
  • the mobile device includes a central processing unit (CPU) 20, which is connected via respective buses 21, 22 to each of a smartcard reader/writer interface 23 and a WLAN interface 24.
  • the smartcard 25 is removable from the mobile device 11, and preferably exists in the form of a subscriber identity module (SIM) card.
  • SIM subscriber identity module
  • the smartcard 25 has stored thereon a unique ID and a unique secret key.
  • the smartcard 25 is removably connected via a wired port thereof to the smartcard interface 23.
  • the smartcard 25 also includes a wireless port, using which it can communicate with the smartcard reader/writer 13 of the ticket gate 14 and with other smartcard reader/writers.
  • the WLAN interface 24 is connectable in a wireless fashion to the WLAN access point 12, and to other access points. Operation will now be described with reference to Figure 3, which shows signalling between the mobile device 11, the ticketing server 15 and the ticket gate 14.
  • operation of the ticket gate 14 by the mobile device 11 starts at step 30 by authenticating the smartcard 25 of the mobile device 11.
  • references to the mobile device 11 may be references to the smartcard 25.
  • a communication path between the mobile device 11 and the ticketing server 102 is firstly set-up, unless one is already set-up, via the WLAN access point 12. If necessary, the mobile device 11 is authenticated as being genuine in any convenient manner, such as by using the authentication process of Figure 5 described below, with reference to the authentication server 16 and maybe also to a remote, backend server (not shown). Once the mobile device 11 is authenticated, it may remain connected to the WLAN via the access point 12.
  • the mobile device 11 signals to the ticketing server 15 that access to the gate 14 is required.
  • a ticketing transaction then occurs.
  • the exact nature of the ticketing transaction step 32 is not important to this invention. It may be carried out in any suitable manner, such as in the manner described in European Patent Application No. 01305772.4.
  • Each of the steps 30 to 32 involves communication between the mobile device 11 and the ticketing server, and any other servers, only via the WLAN access point 12.
  • the transaction is made without commitment at this stage, for example by calculating the payment required but without making the payment. This makes rollback or payment refund unnecessary should the ticket not be used
  • the ticketing transaction at step 32 produces a secret transaction ID signal, or 'ticket ID' signal which links the mobile device 11 to the ticket for which purchase was arranged.
  • This secret transaction ID is sent from the ticketing server 15 to the mobile device 11 as part of a 'ticket grant' signal at step 33 via the WLAN access point 12.
  • the same secret transaction ID is sent to the ticket gate 14 by the ticketing server 15 as part of a 'ticket notice' signal at step 34.
  • the mobile device 11 may still be a significant distance from the ticket gate 14.
  • the ticketing transaction is mostly complete.
  • the mobile device 11 On arrival at the ticket gate 14, the mobile device 11 is placed within range of the smartcard reader/writer 13. Following detecting that communication between the mobile device 11 and the smartcard reader/writer is possible, the mobile device sends a 'gate open request' signal at step 35 to the smartcard reader/writer, which includes a request to open the gate and includes a copy of the secret transaction ID. This signal is received at the ticket gate 14, where it is compared with the secret transaction ID received at step 34. Once the secret transaction IDs are determined to be the same, the ticket gate 14 sends at step 36 a signal to the ticketing server 15 that the transaction is complete, in response to which the ticketing server completes the transaction. The ticket gate 14 also sends to the mobile device 11 a confirmation signal indicating that the transaction is complete, as well as opening the gate to allow the holder of the mobile device through.
  • a timeout period is associated with the generation by the authentication server 16 of the secret transaction ID. If the timeout period is exceeded without the mobile device 11 reaching the ticket gate 14, the validity of the secret transaction ID expires and the transaction is not completed.
  • FIG 4 shows the information included in the 'ticket gate', 'gate open request' and 'ticket notice' signals.
  • the ticket grant signal is shown comprising message type, ticket ID (secret transaction ID), Ktg, Kt, lifetime and message authentication code fields.
  • the message authentication code ensures the authenticity of the ticket grant signal and ensures the identity of the ticketing server.
  • the lifetime field identifies the timeout period.
  • Ktg is subsequently used for encryption.
  • Kt is used to generate the message authentication code. Any convenient method, such as DES or AES, could be used for encryption.
  • Any suitable method such as MD-5 or SHA-1, could be used.
  • the gate open request signal includes message type , ticket ID and message authentication code fields, from which the ticket gate can ensure that the signal is from the correct mobile device.
  • the message authentication code is generated using Kt, received as part of the ticket grant signal.
  • the gate open request signal is encrypted using Ktg.
  • the ticket notice signal includes the same fields as the ticket grant signal, although the message authentication code field can be omitted if the security of the communication path is guaranteed in another way.
  • the signalling and encryption scheme used allows the mobile device 11 to ensure the identity of the ticketing server and to authenticate the message sent thereby. Furthermore, and maybe more importantly, the gate open request signal can be authenticated by the ticket gate as having originated from the mobile device and as uniquely identifying the ticket ID signal.
  • FIG. 5 shows in detail the authentication step 30 of Figure 3.
  • the operation 30 starts at step 301, then at step 302 the mobile device 11 establishes a link layer wireless connection with the access point 12 of the WLAN.
  • the mobile device 11 requests authentication of its smartcard 25, so that it can make a ticketing transaction and subsequently gain access through the ticket gate 14. This involves the sending of a signal to the ticketing server 15, via the access point 12, and the forwarding of this to the authentication server 16.
  • the mobile device 11 then, at step 34, waits to receive a 'challenge' signal, proceeding to step 305 only once a challenge signal has been received from the authentication server 16 via the ticketing server 15.
  • the ticketing server 15 also at this time receives an expected response signal from the authentication server 16.
  • the mobile device On receipt of the challenge signal, the mobile device sends at step 305 an encryption request to the smartcard 25, which then starts at step 306.
  • the mobile device 11 sends the challenge signal to the smartcard 25 at step 307, where it is received at step 308.
  • the challenge signal is encrypted at step 309 using a secret key unique to the smartcard 25, and the encrypted challenge signal is sent from the smartcard 25 to the mobile device 11 at step 310, when it is read into the mobile device at step 311.
  • the encrypted challenge signal is then forwarded to the ticketing server 15 at step 312, where it is checked that it is the same as an expected response (encrypted challenge signal) before an acknowledgement is set to the mobile device 11.
  • the ticketing server 12 by sending the acknowledgement signal, grants the mobile device 11 permission to start the ticketing transaction 32.
  • the holder of the mobile device 11 is the holder of a season ticket, which enables him or her to travel at any time of day and any number of times on a predetermined route and between certain dates.
  • the season ticket is stored as a unique identification number on the mobile device 11.
  • the mobile device 11 moves within range of the WLAN access point 12, authentication occurs using the ticketing server 15 and the authentication server 16. Then, the mobile device 11 automatically (i.e. without any user input) sends a request to the ticketing server 15 for access, and includes with the request the unique identification number of the season ticket.
  • the ticketing server 15 determines that the season ticket is within its valid date range and determines that geographical restrictions and any other restrictions are not exceeded, then grants authority by sending a secret transaction signal to the mobile device 11 and to the ticket gate 14.
  • the ticketing transaction step 32 includes the running of a software program on the mobile device 11 which allows the user thereof to select a destination and a ticket type.
  • the mobile device 11 then sends information about the required ticket to the ticketing server 15, which arranges for payment to be made, such as by deducting the credit card of the user, as appropriate.
  • the mobile device 11 and the ticket gate 14 are sent the secret transaction ID signal.
  • the ticketing transaction step 32 includes the mere clearance of the holder of the mobile device 11 to enter the ticket gate 14.
  • the ticket transaction is completed only when it is detected that the user is leaving the railway network, when the start and end stations is known. Preferably, access to an exit gate of a destination station is dependent on an appropriate payment being made.
  • FIG. 6 A second embodiment is shown in Figures 6 and 7.
  • a system 10 comprising generally a mobile device 41, a WLAN access point 42 forming part of a WLAN network, a Bluetooth access point 43, a network access server (NAS) 44, and an authentication server 45.
  • Each of the WLAN and Bluetooth access points 42, 43 are connected by respective wired connections 46, 47 to the NAS 44.
  • the authentication server 45 is connected to the NAS 44 by a further wired connection 48 which is appropriate to the distance between the two servers (they may be local to each other or they may be remote).
  • one or more other networks are connected to the wired connection 48.
  • the NAS 44 manages data traffic between the mobile device 41 and any of the networks connected to the NAS.
  • the mobile device 41 includes a CPU 49, which is connected to a Bluetooth interface via a first connector 51, and is connected to a WLAN interface 52 via a second connector 53.
  • the mobile device is provided with a multimodal wireless network interface, which is controlled using a software radio system.
  • Operation of the system 40 is as follows. When the mobile device 41 moves within range of the WLAN access point 42, communication with the WLAN can begin. Once communication does begin, authentication of the mobile device 41 on the WLAN takes place in any convenient manner, such as by using an operation similar to that described above with reference to Figure 5.
  • the mobile device 41 uses its already established connection with the WLAN access point 42.
  • the mobile device 41 sends a connection request via its WLAN interface 52 to the WLAN access point 42, which forwards the connection request to the NAS 44.
  • the NAS 44 then makes a decision as to whether or not the mobile device 41 is to be granted access to the Bluetooth access point 43. This decision is made either on the basis of a policy set by the NAS 44 itself, or on the basis of a policy set by the authentication server 45 and communicated to the NAS at the time that the mobile device was authenticated onto the WLAN. If access is granted, the NAS 44 sends a grant message, preferably using a temporal session key, to the mobile device 41 via the WLAN access point 42.
  • the mobile device 41 Once the mobile device 41 moves within range of the Bluetooth access point 43, communication with it can begin. To gain access, the mobile device 41 transmits the grant message that it received via the WLAN access point 42 to the Bluetooth access point 43, from where it is forwarded to the NAS 44. Then, the NAS 44 determines whether the device requesting access to the Bluetooth access point 43 is the mobile device 41 with which the NAS is in contact via the WLAN, and refuses or grants access as appropriate, without reference to the authentication server 45.
  • FIG 8 shows in detail the signalling used to effect the operation described above.
  • the mobile device 41 commences in communication with the WLAN access point 42.
  • MAC (medium access control) layer connectivity with the bluetooth access point 43 is then detected at 60.
  • the mobile device 41 determines whether initiation of handover to the bluetooth access point 43 is required. This decision may be made on the basis of a policy set within the mobile device 41, or according to a network administration policy set by the network.
  • a handover request is sent at 61 to the WLAN access point 42 using the already established connection. This handover request is then forwarded at 62 to the NAS 44, which determines from network policy whether handover is to be allowed.
  • the NAS sends a grant handover signal at 63a to the WLAN access point 42, which forwards it onto the mobile device 41 at 63b.
  • the handover grant message is shown in Figure 9, including message ID, session ID, Ktg, Kt and message authentication code fields. These fields contain data which is used in a corresponding way to the data ticket grant signal of Figure 4.
  • the NAS 44 also sends to the bluetooth access point 43 at 64a a notify handover message including the same message authentication code as that included in the handover grant message.
  • the notify handover message (shown in Figure 9) instructs the bluetooth access point 43 to accept any connection request from the mobile device 41.
  • the message authentication code in the notify handover message can be omitted if security is guaranteed by another method.
  • the mobile device 41 sends at 65 a connection request message to the bluetooth access point 43.
  • the connection request message includes message type, session ID, random number and message authentication fields.
  • the connection request message is encrypted using Kt.
  • the random number field is filled with a number generated at random within the mobile device 41.
  • the message authentication code allows the bluetooth access point 43 to determine that the originator of the signal is indeed the mobile device 41.
  • the random number is included so that the mobile device 41 can verify the bluetooth access point using a challenge and response operation.
  • Mutual authentication of the mobile device 41 and the bluetooth access point 43 is carried out at 66.
  • the bluetooth access point 43 forwards the connection request message received from the mobile device 41 to the NAS 44 at 67.
  • the NAS sends a connection acknowledgement signal at 68 to the bluetooth access point 43, which sends at 69 a connection acknowledgement message to the mobile device 41.
  • This procedure enables rapid mutual authentication of a mobile device and an access point. Authentication is seen to be critical for security when operating in wireless networks.
  • the NAS 44 assigns to the bluetooth interface included in the mobile device 41 an IP address the same as the IP address used in the WLAN connection.
  • This enables higher layer communication software such as TCP (transmission control protocol) to maintain its connection during handover, i.e. the same connection is used before and after handover, allowing seamless roaming over multiple networks.
  • Handover from the bluetooth access point 43 to the WLAN access point may occur using the same procedure, although references to the access points are reversed.
  • FIG. 6 and 7 may have application in an office building, where the mobile device 41 is held by an employee.
  • a WLAN may allow the mobile device 41 access to a computer network, allowing the mobile device access to databases and/or programs associated therewith.
  • Areas of the office building which are security sensitive may be equipped with Bluetooth access points 43, which are configured to allow access only to authorised persons.
  • access to a holder of the mobile device 41 to the sensitive areas can be granted with authentication granted over the WLAN.
  • access may be granted without the need for further recourse to the authentication server 45.
  • a Bluetooth access point 43 may be provided at the building's entrance.
  • Authentication of the mobile device 41 is performed by the NAS 44 and the authentication server 45 with communication occurring via the Bluetooth access point 43.
  • a request to access the WLAN is then transmitted via the Bluetooth access point 43, and a grant message then sent via Bluetooth to the WLAN access point 42 for verification by the NAS 44 without recourse to the authentication server 45.
  • the mobile device 41 is granted access to the WLAN with the authentication process achieved via the Bluetooth access point 43.
  • a different access control policy may be applied by the NAS 44 depending on the access point 42, 43 via which the mobile device 41 first established communication with the NAS. Delegating access control to the NAS 44 can reduce network traffic, as well as the time taken to respond to access requests.
  • Figures 6 and 7 may be used in a ticketing system, such as a railway station environment with ticket gates as described in relation to Figure 1 above.
  • the ticket gates are each provided with a short-range Bluetooth access point, instead of a contactless smartcard reader.
  • a mobile device for operation with such a system is shown in Figure 10.
  • the mobile device 70 includes a CPU 71 connected to each of a smartcard 72, a bluetooth interface 73 and a WLAN interface 73. Briefly, operation begins with authentication of the smartcard 72, and thus the mobile device 70, on a WLAN using the WLAN interface 74. The procedure is similar to that shown in and described with reference to Figure 3. Communication of a gate open request signal involves passing the signal from the smartcard 72 via the CPU 71 and the bluetooth interface 73 to the bluetooth access point at the ticket gate.
  • any connections or networks are useable with the invention, such as an infra-red connection or the fixed wireless networks of GSM or UTMS, for example.
  • one of the connections could be a wired connection, for example to a LAN.
  • the 'message authentication code' fields include a digital signature, preferably prepared using a private-public key algorithm.

Landscapes

  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Business, Economics & Management (AREA)
  • Finance (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Small-Scale Networks (AREA)

Abstract

A secret transaction identity (ID) signal is sent to mobile device (11) and ticket gate (14) from server (15) through an access point (12). A gate open request signal is sent from mobile device to ticket gate through a smart card reader (13). The secret transaction ID signal and gate open request signal are compared, based on which authentication of user of mobile device is performed. An independent claim is also included for smart card system.

Description

  • This invention relates to a method of communicating, and to a system including first and second access points.
  • It is relatively new for smartcard systems to be used in railway ticketing systems and the like. In most smartcard retail systems, there is sufficient time to arrange for authentication of the smartcard before the transaction is complete, with the authentication process being carried out electronically in a similar manner to that used with credit cards having magnetic data carriers. In railway ticketing systems, however, it is usual for the smartcard reader to be included at a ticket gate or barrier, which makes it inconvenient to perform full authentication of a smartcard before allowing its holder through the gate or barrier. It is an aim of the invention to alleviate this problem.
  • In accordance with a first aspect of the invention, there is provided a method of communicating, the method comprising maintaining a connection between a mobile device and at least one network of one or more networks via a first access point, sending from the mobile device to a network server via the first access point a request for connection to another access point, at the network server, obtaining approval for connection request, and sending a connection grant signal to the mobile device via an access point forming part of the same network as the first access point, sending from the mobile device a message comprising the connection grant signal or a signal derived therefrom to a second access point of the one or more networks, and allowing communication between the mobile device and the second access point if the message sent therebetween is determined to be the same as an expected message.
  • Using this method, it becomes possible to authenticate the mobile device with the second access point with a minimum amount of communication between these devices, the communication required for authentication instead being made with the first access point. Numerous advantages may ensue. For example, given that the mobile device is already in communication with the first access point, access to the second access point can be made quickly and with a relatively small amount of signalling. Reducing the amount of signalling between the mobile device and the second access point can have advantages where bandwidth is limited and/or expensive, or where the range or reliability of service could be insufficient.
  • In one embodiment, the second access point is associated with a ticket gate, in which case, the 'allowing communication' step involves granting access to the gate, using 'ticket grant' and 'gate open request' signals for example.
  • Normally, the 'connection grant signal' would be sent to the mobile device via the first access point, but the sending of this signal via another access point forming part of the same network as the first access point is not precluded.
  • One of the access points might include a smartcard reader, in which case a smartcard included with the mobile device could be authenticated using a challenge and response procedure.
  • Providing the approval for the connection request with a timeout period, after expiry of which the sending of the message from the mobile device to the second access point would not result in the allowing step, has administrative advantages.
  • Preferably the connection grant signal includes a cryptographic key. Here, at least part of the message sent from the mobile device to the second access point could be encrypted using the cryptographic key. Such can provide an efficient and effective way of making communications between the mobile device and the access points secure, and provides a means by which the sender of a signal can be verified. Digitally signing the connection grant signal provides a means by which the sender can be authenticated and by which it can verified that the message has not been changed in any way since transmission by the sender. Corresponding advantages ensue if the message sent from the mobile device to the second access point is digitally signed.
  • In accordance with a second aspect of the invention, there is provided a system comprising a mobile device, first and second access points to one or more networks, and a network server connected to each of the one or more networks, the mobile device being arranged to maintain a connection with one of the networks via the first access point, to send via the first access point a request for connection to another access point, the network server being arranged, in response to the request for connection, to obtain approval for the connection request and to send a connection grant signal to the mobile device via an access point forming part of the network as the first access point, the mobile device being arranged to send a message comprising the connection grant signal or a signal derived therefrom to the second access point, and the system being arranged to allow the mobile device access to the second access point if the message is determined to be the same as an expected message.
  • Preferably the network server is arranged for associating a timeout period with the connection request approval, and the system is arranged for disallowing the mobile device access to the second access point if access is not allowed prior to expiry of the timeout period. This can prevent the system being negatively affected by the support of requests which are not followed through.
  • In a preferred embodiment, the second access point is associated with a ticket gate, which is controlled to be opened if the message is determined to be the same as the expected message. Here, the system may comprise a ticketing server responsive to the request for connection to another access point for initiating a ticketing transaction, and for providing approval for the connection request, which in the embodiment is made as a gate open request.
  • The ticketing server could be responsive to the mobile device being allowed access to the second access point, which in the embodiment is by way of causing a gate to be opened, for completing the ticketing transaction. This has the advantage that the ticketing transaction is only completed if the 'ticket' is actually used by the holder of the mobile device. Such could prevent ticket transactions being made by accident. Also, this feature allows a system to ticket automatically - i.e. to commence a ticketing transaction when a holder of a mobile device is detected entering a railway station, for example, and to complete the transaction when the mobile device passes through the gates, either at the source or the destination station, potentially without any input from the holder of the mobile device via a user interface.
  • The network server could be arranged to include a cryptographic key with the connection grant signal, in which case the mobile device preferably is arranged to encrypt the message sent to the second access point with the cryptographic key. This has security advantages.
  • Preferably the connection grant signal is digitally signed, and preferably the message sent from the mobile device to the second access point is digitally signed. Digital signing has advantages in that the sender can be authenticated and it can be verified that no change to the transmitted message has been made.
  • Embodiments of the invention will now be described, by way of example only, with reference to the accompanying drawings, of which:
  • Figure 1 is a schematic diagram of a system according to one aspect of the invention;
  • Figure 2 is a schematic diagram of a mobile device forming part of the Figure 1 system;
  • Figures 3 and 4 are flow diagrams illustrating operation of the Figure 1 system;
  • Figure 5 is a schematic diagram of an alternative system according to one aspect of the invention; and
  • Figure 6 is a schematic diagram of a mobile device forming part of the Figure 5 system.
  • Referring firstly to Figure 1, a system 10 is shown comprising generally a mobile device 11, which in this embodiment is a mobile telephone handset, a first access point 12 which is a wireless local area network (WLAN) to a first network and a contactless smartcard reader/writer 13, which is connected to a ticket gate 14. The first access point 12 and the smartcard reader 13 both are connected by respective wired and encrypted lines to a ticket server 15, which in turn is connected to an authentication server 16, which may be local or remote to the ticketing server 15. The mobile device 11 is shown in more detail in Figure 2.
  • Referring to Figure 2, the mobile device includes a central processing unit (CPU) 20, which is connected via respective buses 21, 22 to each of a smartcard reader/writer interface 23 and a WLAN interface 24. The smartcard 25 is removable from the mobile device 11, and preferably exists in the form of a subscriber identity module (SIM) card. The smartcard 25 has stored thereon a unique ID and a unique secret key. The smartcard 25 is removably connected via a wired port thereof to the smartcard interface 23. The smartcard 25 also includes a wireless port, using which it can communicate with the smartcard reader/writer 13 of the ticket gate 14 and with other smartcard reader/writers. The WLAN interface 24 is connectable in a wireless fashion to the WLAN access point 12, and to other access points. Operation will now be described with reference to Figure 3, which shows signalling between the mobile device 11, the ticketing server 15 and the ticket gate 14.
  • Referring to Figure 3, operation of the ticket gate 14 by the mobile device 11 starts at step 30 by authenticating the smartcard 25 of the mobile device 11. In this section, references to the mobile device 11 may be references to the smartcard 25.
    A communication path between the mobile device 11 and the ticketing server 102 is firstly set-up, unless one is already set-up, via the WLAN access point 12. If necessary, the mobile device 11 is authenticated as being genuine in any convenient manner, such as by using the authentication process of Figure 5 described below, with reference to the authentication server 16 and maybe also to a remote, backend server (not shown). Once the mobile device 11 is authenticated, it may remain connected to the WLAN via the access point 12.
  • Subsequently, the mobile device 11 signals to the ticketing server 15 that access to the gate 14 is required. This results in the setting up of a session key at step 31 using the Diffie-Hellman key exchange algorithm, for example. At step 32, a ticketing transaction then occurs. The exact nature of the ticketing transaction step 32 is not important to this invention. It may be carried out in any suitable manner, such as in the manner described in European Patent Application No. 01305772.4. Each of the steps 30 to 32 involves communication between the mobile device 11 and the ticketing server, and any other servers, only via the WLAN access point 12. Preferably, the transaction is made without commitment at this stage, for example by calculating the payment required but without making the payment. This makes rollback or payment refund unnecessary should the ticket not be used
  • The ticketing transaction at step 32 produces a secret transaction ID signal, or 'ticket ID' signal which links the mobile device 11 to the ticket for which purchase was arranged. This secret transaction ID is sent from the ticketing server 15 to the mobile device 11 as part of a 'ticket grant' signal at step 33 via the WLAN access point 12. The same secret transaction ID is sent to the ticket gate 14 by the ticketing server 15 as part of a 'ticket notice' signal at step 34. At this point, the mobile device 11 may still be a significant distance from the ticket gate 14. Already, though, the ticketing transaction is mostly complete.
  • On arrival at the ticket gate 14, the mobile device 11 is placed within range of the smartcard reader/writer 13. Following detecting that communication between the mobile device 11 and the smartcard reader/writer is possible, the mobile device sends a 'gate open request' signal at step 35 to the smartcard reader/writer, which includes a request to open the gate and includes a copy of the secret transaction ID. This signal is received at the ticket gate 14, where it is compared with the secret transaction ID received at step 34. Once the secret transaction IDs are determined to be the same, the ticket gate 14 sends at step 36 a signal to the ticketing server 15 that the transaction is complete, in response to which the ticketing server completes the transaction. The ticket gate 14 also sends to the mobile device 11 a confirmation signal indicating that the transaction is complete, as well as opening the gate to allow the holder of the mobile device through.
  • A timeout period is associated with the generation by the authentication server 16 of the secret transaction ID. If the timeout period is exceeded without the mobile device 11 reaching the ticket gate 14, the validity of the secret transaction ID expires and the transaction is not completed.
  • Figure 4 shows the information included in the 'ticket gate', 'gate open request' and 'ticket notice' signals. Referring to Figure 4, the ticket grant signal is shown comprising message type, ticket ID (secret transaction ID), Ktg, Kt, lifetime and message authentication code fields. The message authentication code ensures the authenticity of the ticket grant signal and ensures the identity of the ticketing server. The lifetime field identifies the timeout period. Ktg is subsequently used for encryption. Kt is used to generate the message authentication code. Any convenient method, such as DES or AES, could be used for encryption. For generating the message authentication codes, any suitable method, such as MD-5 or SHA-1, could be used.
  • The gate open request signal includes message type , ticket ID and message authentication code fields, from which the ticket gate can ensure that the signal is from the correct mobile device. The message authentication code is generated using Kt, received as part of the ticket grant signal. The gate open request signal is encrypted using Ktg.
  • The ticket notice signal includes the same fields as the ticket grant signal, although the message authentication code field can be omitted if the security of the communication path is guaranteed in another way.
  • It will be appreciated that authentication of the mobile device 11 and that most of the ticketing transaction was completed before the mobile device became within range of the smartcard reader/writer 13 at the ticket gate 14. This is advantageous since it allows a user through the ticket gate 14 with only a relatively short time period spent obtaining authentication at the gate itself, in spite of complete authorisation of the mobile device 11 being carried out. This might be considered to constitute an instantaneous or rapid transaction at the ticket gate.
  • Also, the signalling and encryption scheme used allows the mobile device 11 to ensure the identity of the ticketing server and to authenticate the message sent thereby. Furthermore, and maybe more importantly, the gate open request signal can be authenticated by the ticket gate as having originated from the mobile device and as uniquely identifying the ticket ID signal.
  • Reference is now made to Figure 5, which shows in detail the authentication step 30 of Figure 3. The operation 30 starts at step 301, then at step 302 the mobile device 11 establishes a link layer wireless connection with the access point 12 of the WLAN. At step 303, the mobile device 11 requests authentication of its smartcard 25, so that it can make a ticketing transaction and subsequently gain access through the ticket gate 14. This involves the sending of a signal to the ticketing server 15, via the access point 12, and the forwarding of this to the authentication server 16. The mobile device 11 then, at step 34, waits to receive a 'challenge' signal, proceeding to step 305 only once a challenge signal has been received from the authentication server 16 via the ticketing server 15. The ticketing server 15 also at this time receives an expected response signal from the authentication server 16.
    On receipt of the challenge signal, the mobile device sends at step 305 an encryption request to the smartcard 25, which then starts at step 306. The mobile device 11 sends the challenge signal to the smartcard 25 at step 307, where it is received at step 308. Here, the challenge signal is encrypted at step 309 using a secret key unique to the smartcard 25, and the encrypted challenge signal is sent from the smartcard 25 to the mobile device 11 at step 310, when it is read into the mobile device at step 311.
  • The encrypted challenge signal is then forwarded to the ticketing server 15 at step 312, where it is checked that it is the same as an expected response (encrypted challenge signal) before an acknowledgement is set to the mobile device 11. The ticketing server 12, by sending the acknowledgement signal, grants the mobile device 11 permission to start the ticketing transaction 32.
  • Some examples of the type of transactions which might occur follow.
  • In one example, the holder of the mobile device 11 is the holder of a season ticket, which enables him or her to travel at any time of day and any number of times on a predetermined route and between certain dates. Here, the season ticket is stored as a unique identification number on the mobile device 11. When the mobile device 11 moves within range of the WLAN access point 12, authentication occurs using the ticketing server 15 and the authentication server 16. Then, the mobile device 11 automatically (i.e. without any user input) sends a request to the ticketing server 15 for access, and includes with the request the unique identification number of the season ticket. The ticketing server 15 determines that the season ticket is within its valid date range and determines that geographical restrictions and any other restrictions are not exceeded, then grants authority by sending a secret transaction signal to the mobile device 11 and to the ticket gate 14.
  • In another example, the ticketing transaction step 32 includes the running of a software program on the mobile device 11 which allows the user thereof to select a destination and a ticket type. The mobile device 11 then sends information about the required ticket to the ticketing server 15, which arranges for payment to be made, such as by deducting the credit card of the user, as appropriate. Once payment has been made, the mobile device 11 and the ticket gate 14 are sent the secret transaction ID signal.
  • In a further example, the ticketing transaction step 32 includes the mere clearance of the holder of the mobile device 11 to enter the ticket gate 14. Here, the ticket transaction is completed only when it is detected that the user is leaving the railway network, when the start and end stations is known. Preferably, access to an exit gate of a destination station is dependent on an appropriate payment being made.
  • A second embodiment is shown in Figures 6 and 7. Referring firstly to Figure 6, a system 10 is shown comprising generally a mobile device 41, a WLAN access point 42 forming part of a WLAN network, a Bluetooth access point 43, a network access server (NAS) 44, and an authentication server 45. Each of the WLAN and Bluetooth access points 42, 43 are connected by respective wired connections 46, 47 to the NAS 44. The authentication server 45 is connected to the NAS 44 by a further wired connection 48 which is appropriate to the distance between the two servers (they may be local to each other or they may be remote). Optionally, one or more other networks are connected to the wired connection 48. The NAS 44 manages data traffic between the mobile device 41 and any of the networks connected to the NAS. From Figure 6, it can be seen that the mobile device 41 includes a CPU 49, which is connected to a Bluetooth interface via a first connector 51, and is connected to a WLAN interface 52 via a second connector 53. In an alternative embodiment (not shown), the mobile device is provided with a multimodal wireless network interface, which is controlled using a software radio system.
  • Operation of the system 40 is as follows. When the mobile device 41 moves within range of the WLAN access point 42, communication with the WLAN can begin. Once communication does begin, authentication of the mobile device 41 on the WLAN takes place in any convenient manner, such as by using an operation similar to that described above with reference to Figure 5.
  • To commence communication via the Bluetooth access point 43, the mobile device 41 uses its already established connection with the WLAN access point 42. Here, the mobile device 41 sends a connection request via its WLAN interface 52 to the WLAN access point 42, which forwards the connection request to the NAS 44. The NAS 44 then makes a decision as to whether or not the mobile device 41 is to be granted access to the Bluetooth access point 43. This decision is made either on the basis of a policy set by the NAS 44 itself, or on the basis of a policy set by the authentication server 45 and communicated to the NAS at the time that the mobile device was authenticated onto the WLAN. If access is granted, the NAS 44 sends a grant message, preferably using a temporal session key, to the mobile device 41 via the WLAN access point 42.
  • Once the mobile device 41 moves within range of the Bluetooth access point 43, communication with it can begin. To gain access, the mobile device 41 transmits the grant message that it received via the WLAN access point 42 to the Bluetooth access point 43, from where it is forwarded to the NAS 44. Then, the NAS 44 determines whether the device requesting access to the Bluetooth access point 43 is the mobile device 41 with which the NAS is in contact via the WLAN, and refuses or grants access as appropriate, without reference to the authentication server 45.
  • Figure 8 shows in detail the signalling used to effect the operation described above. Referring to Figure 8, the mobile device 41 commences in communication with the WLAN access point 42. MAC (medium access control) layer connectivity with the bluetooth access point 43 is then detected at 60. The mobile device 41 then determines whether initiation of handover to the bluetooth access point 43 is required. This decision may be made on the basis of a policy set within the mobile device 41, or according to a network administration policy set by the network.
    Once a decision to handover has been made, a handover request is sent at 61 to the WLAN access point 42 using the already established connection. This handover request is then forwarded at 62 to the NAS 44, which determines from network policy whether handover is to be allowed. If handover is permitted, the NAS sends a grant handover signal at 63a to the WLAN access point 42, which forwards it onto the mobile device 41 at 63b. The handover grant message is shown in Figure 9, including message ID, session ID, Ktg, Kt and message authentication code fields. These fields contain data which is used in a corresponding way to the data ticket grant signal of Figure 4. The NAS 44 also sends to the bluetooth access point 43 at 64a a notify handover message including the same message authentication code as that included in the handover grant message. The notify handover message (shown in Figure 9) instructs the bluetooth access point 43 to accept any connection request from the mobile device 41. The message authentication code in the notify handover message can be omitted if security is guaranteed by another method.
  • Subsequent to receiving the grant handover signal, the mobile device 41 sends at 65 a connection request message to the bluetooth access point 43. As shown in Figure 9, the connection request message includes message type, session ID, random number and message authentication fields. The connection request message is encrypted using Kt. The random number field is filled with a number generated at random within the mobile device 41. The message authentication code allows the bluetooth access point 43 to determine that the originator of the signal is indeed the mobile device 41. The random number is included so that the mobile device 41 can verify the bluetooth access point using a challenge and response operation. Mutual authentication of the mobile device 41 and the bluetooth access point 43 is carried out at 66. Following authentication, the bluetooth access point 43 forwards the connection request message received from the mobile device 41 to the NAS 44 at 67. In response, the NAS sends a connection acknowledgement signal at 68 to the bluetooth access point 43, which sends at 69 a connection acknowledgement message to the mobile device 41.
  • This procedure enables rapid mutual authentication of a mobile device and an access point. Authentication is seen to be critical for security when operating in wireless networks.
  • After establishing a link layer connection in the described manner, the NAS 44 assigns to the bluetooth interface included in the mobile device 41 an IP address the same as the IP address used in the WLAN connection. This enables higher layer communication software such as TCP (transmission control protocol) to maintain its connection during handover, i.e. the same connection is used before and after handover, allowing seamless roaming over multiple networks. Handover from the bluetooth access point 43 to the WLAN access point may occur using the same procedure, although references to the access points are reversed.
  • The embodiment of Figures 6 and 7 may have application in an office building, where the mobile device 41 is held by an employee. For example, a WLAN may allow the mobile device 41 access to a computer network, allowing the mobile device access to databases and/or programs associated therewith. Areas of the office building which are security sensitive may be equipped with Bluetooth access points 43, which are configured to allow access only to authorised persons. Using this invention, access to a holder of the mobile device 41 to the sensitive areas can be granted with authentication granted over the WLAN. When the mobile device 41 arrives at the relevant Bluetooth access point 43, access may be granted without the need for further recourse to the authentication server 45.
  • It may, in the same application, be desired to disallow access to the office building's WLAN until the holder of a mobile device 41 is within the building. In this case, a Bluetooth access point 43 may be provided at the building's entrance.
  • Authentication of the mobile device 41 is performed by the NAS 44 and the authentication server 45 with communication occurring via the Bluetooth access point 43. A request to access the WLAN is then transmitted via the Bluetooth access point 43, and a grant message then sent via Bluetooth to the WLAN access point 42 for verification by the NAS 44 without recourse to the authentication server 45. Thus, the mobile device 41 is granted access to the WLAN with the authentication process achieved via the Bluetooth access point 43. Here, though, a different access control policy may be applied by the NAS 44 depending on the access point 42, 43 via which the mobile device 41 first established communication with the NAS. Delegating access control to the NAS 44 can reduce network traffic, as well as the time taken to respond to access requests.
  • The embodiment of Figures 6 and 7 may be used in a ticketing system, such as a railway station environment with ticket gates as described in relation to Figure 1 above. Here, though, the ticket gates are each provided with a short-range Bluetooth access point, instead of a contactless smartcard reader. A mobile device for operation with such a system is shown in Figure 10.
  • Referring to Figure 10, the mobile device 70 includes a CPU 71 connected to each of a smartcard 72, a bluetooth interface 73 and a WLAN interface 73. Briefly, operation begins with authentication of the smartcard 72, and thus the mobile device 70, on a WLAN using the WLAN interface 74. The procedure is similar to that shown in and described with reference to Figure 3. Communication of a gate open request signal involves passing the signal from the smartcard 72 via the CPU 71 and the bluetooth interface 73 to the bluetooth access point at the ticket gate. Although the above embodiments utilise communication via Bluetooth, WLAN and smartcard connections or networks, it will be appreciated that any connections or networks are useable with the invention, such as an infra-red connection or the fixed wireless networks of GSM or UTMS, for example. Also, one of the connections could be a wired connection, for example to a LAN.
  • In all of the above embodiments, it will be appreciated that the 'message authentication code' fields include a digital signature, preferably prepared using a private-public key algorithm.

Claims (17)

  1. A method of communicating, the method comprising:
    maintaining a connection between a mobile device and at least one network of one or more networks via a first access point;
    sending from the mobile device to a network server via the first access point a request for connection to another access point;
    at the network server, obtaining approval for the connection request, and
    sending a connection grant signal to the mobile device via an access point forming part of the same network as the first access point;
    sending from the mobile device a message comprising the connection grant signal or a signal derived therefrom to a second access point of the one or more networks; and
    allowing communication between the mobile device and the second access point if the message sent therebetween is determined to be the same as an expected message.
  2. A method as claimed in claim 1, in which one of the access points includes a smartcard reader, and a smartcard included with the mobile device is authenticated using a challenge and response procedure.
  3. A method as claimed in either preceding claim, in which the approval for the connection request has associated therewith a timeout period, after expiry of which the sending of the message from the mobile device to the second access point will not result in the allowing step.
  4. A method as claimed in any preceding claim, in which the connection grant signal includes a cryptographic key.
  5. A method as claimed in claim 4, in which at least part of the message sent from the mobile device to the second access point is encrypted using the cryptographic key.
  6. A method as claimed in any preceding claim, in which the connection grant signal is digitally signed.
  7. A method as claimed in any preceding claim, in which the message sent from the mobile device to the second access point is digitally signed.
  8. A system comprising:
    a mobile device;
    first and second access points to one or more networks; and
    a network server connected to each of the one or more networks,
    the mobile device being arranged for maintaining a connection with one of the networks via the first access point, and for sending via the first access point a request for connection to another access point,
    the network server being arranged, in response to the request for connection, for obtaining approval for the connection request and for sending a connection grant signal to the mobile device via an access point forming part of the same network as the first access point,
    the mobile device being arranged for sending a message comprising the connection grant signal or a signal derived therefrom to the second access point, and the system being arranged for allowing the mobile device access to the second access point if the message is determined to be the same as an expected message.
  9. A system as claimed in claim 8, in which one of the access points includes a smartcard reader, and the network server is arranged for authenticating a smartcard included with the mobile device using a challenge and response procedure.
  10. A system as claimed in claim 8 or claim 9, in which the network server is arranged for associating a timeout period with the connection request approval, and the system is arranged for disallowing the mobile device access to the second access point if access is not allowed prior to expiry of the timeout period.
  11. A system as claimed in any of claims 8 to 10, in which the second access point is associated with a ticket gate, which is controlled to be opened if the message is determined to be the same as the expected message.
  12. A system as claimed in claim 11, further comprising a ticketing server responsive to the request for connection to another access point for initiating a ticketing transaction, and for providing approval for the connection request.
  13. A system as claimed in claim 12, in which the ticketing server is responsive to the mobile device being allowed access to the second access point for completing the ticketing transaction.
  14. A system as claimed in any of claims 8 to 13, in which the network server is arranged to include a cryptographic key with the connection grant signal.
  15. A system as claimed in claim 14, in which the mobile device is arranged to encrypt the message sent to the second access point with the cryptographic key.
  16. A system as claimed in any of claims 8 to 15, in which the connection grant signal is digitally signed.
  17. A system as claimed in any of claims 8 to 16, in which the message sent from the mobile device to the second access point is digitally signed.
EP20020257257 2002-10-18 2002-10-18 System and method of communication including first and second access point Withdrawn EP1411475A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
EP20020257257 EP1411475A1 (en) 2002-10-18 2002-10-18 System and method of communication including first and second access point
JP2003105027A JP2004140779A (en) 2002-10-18 2003-04-09 System and communication method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
EP20020257257 EP1411475A1 (en) 2002-10-18 2002-10-18 System and method of communication including first and second access point

Publications (1)

Publication Number Publication Date
EP1411475A1 true EP1411475A1 (en) 2004-04-21

Family

ID=32039218

Family Applications (1)

Application Number Title Priority Date Filing Date
EP20020257257 Withdrawn EP1411475A1 (en) 2002-10-18 2002-10-18 System and method of communication including first and second access point

Country Status (2)

Country Link
EP (1) EP1411475A1 (en)
JP (1) JP2004140779A (en)

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2006082526A1 (en) * 2005-02-03 2006-08-10 France Telecom Method and system for controlling networked wireless locks
EP1703477A1 (en) * 2005-03-14 2006-09-20 NTT DoCoMo, Inc. Mobile terminal and authentication method
EP1752928A1 (en) * 2005-07-28 2007-02-14 Inventio Ag Access control method for an area accessible to persons, in particular for a room closed off by means of a door
EP1857953A1 (en) * 2006-05-16 2007-11-21 EM Microelectronic-Marin SA Method and system for authentication and secure exchange of data between a personalised chip and a dedicated server
EP1965354A1 (en) * 2007-03-02 2008-09-03 Gemmo S.p.A. Service management system and method
FR2914524A1 (en) * 2007-03-29 2008-10-03 France Telecom Heterogeneous telecommunication system for transactional application, has server supporting application component suitable to interact with component installed in table, where component is installed with user entity through terminal
DE102007038948A1 (en) * 2007-08-17 2009-02-26 Josef Koprek Device for guarantee of access control, has near-field-communication reader having processor unit that is data linked with service provider, particularly wireless
DE102009007611A1 (en) * 2009-02-05 2010-08-19 Vodafone Holding Gmbh Method for wireless data communication between communication interface of mobile telephone and remote station, for execution of electronic ticket distribution, involves selecting application according to measure of input of mobile device
US7796012B2 (en) 2005-07-28 2010-09-14 Inventio Ag Method of controlling access to an area accessible by persons, particularly to a space closed by a door
EP2428937A1 (en) * 2009-05-04 2012-03-14 ZTE Corporation Gate control system and mathod of remote unlocking by validated users
US8770476B2 (en) 2005-09-28 2014-07-08 Visa International Service Association Device, system and method for reducing an interaction time for a contactless transaction
DE102015216910A1 (en) * 2015-09-03 2017-03-09 Siemens Aktiengesellschaft A method of operating an access unit by means of a mobile electronic terminal

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2419067A (en) * 2004-10-06 2006-04-12 Sharp Kk Deciding whether to permit a transaction, based on the value of an identifier sent over a communications channel and returned over a secure connection
CN101953210B (en) * 2008-02-18 2012-11-07 株式会社Ntt都科摩 Mobile communication system, position registration method, handover method, exchange station, mobile station, and radio control station
EP3058792B1 (en) * 2013-10-17 2022-08-10 Nayax Ltd. Wireless protocol message conversion method and corresponding device

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0870889A2 (en) * 1997-04-07 1998-10-14 Eaton Corporation Keyless motor vehicle entry and ignition system
US6175922B1 (en) * 1996-12-04 2001-01-16 Esign, Inc. Electronic transaction systems and methods therefor
WO2001040605A1 (en) * 1999-11-30 2001-06-07 Bording Data A/S An electronic key device, a system and a method of managing electronic key information
US6250557B1 (en) * 1998-08-25 2001-06-26 Telefonaktiebolaget Lm Ericsson (Publ) Methods and arrangements for a smart card wallet and uses thereof
WO2001063425A1 (en) * 2000-02-25 2001-08-30 Telefonaktiebolaget Lm Ericsson (Publ) Wireless reservation, check-in, access control, check-out and payment
WO2002049235A1 (en) * 2000-12-12 2002-06-20 Hello-Tech Technologies Ltd. Method and apparatus for secure access to homes, offices, professional buildings and/or remote machinery and equipment

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6175922B1 (en) * 1996-12-04 2001-01-16 Esign, Inc. Electronic transaction systems and methods therefor
EP0870889A2 (en) * 1997-04-07 1998-10-14 Eaton Corporation Keyless motor vehicle entry and ignition system
US6250557B1 (en) * 1998-08-25 2001-06-26 Telefonaktiebolaget Lm Ericsson (Publ) Methods and arrangements for a smart card wallet and uses thereof
WO2001040605A1 (en) * 1999-11-30 2001-06-07 Bording Data A/S An electronic key device, a system and a method of managing electronic key information
WO2001063425A1 (en) * 2000-02-25 2001-08-30 Telefonaktiebolaget Lm Ericsson (Publ) Wireless reservation, check-in, access control, check-out and payment
WO2002049235A1 (en) * 2000-12-12 2002-06-20 Hello-Tech Technologies Ltd. Method and apparatus for secure access to homes, offices, professional buildings and/or remote machinery and equipment

Cited By (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2006082526A1 (en) * 2005-02-03 2006-08-10 France Telecom Method and system for controlling networked wireless locks
EP1703477A1 (en) * 2005-03-14 2006-09-20 NTT DoCoMo, Inc. Mobile terminal and authentication method
US7861293B2 (en) 2005-03-14 2010-12-28 Ntt Docomo, Inc. Mobile terminal and authentication method
EP1752928A1 (en) * 2005-07-28 2007-02-14 Inventio Ag Access control method for an area accessible to persons, in particular for a room closed off by means of a door
US7796012B2 (en) 2005-07-28 2010-09-14 Inventio Ag Method of controlling access to an area accessible by persons, particularly to a space closed by a door
US8770476B2 (en) 2005-09-28 2014-07-08 Visa International Service Association Device, system and method for reducing an interaction time for a contactless transaction
US10043177B2 (en) 2005-09-28 2018-08-07 Visa International Service Association Device, system and method for reducing an interaction time for a contactless transaction
US9613354B2 (en) 2005-09-28 2017-04-04 Visa International Service Association Device, system and method for reducing an interaction time for a contactless transaction
US9330386B2 (en) 2005-09-28 2016-05-03 Visa International Service Association Device, system and method for reducing an interaction time for a contactless transaction
EP1857953A1 (en) * 2006-05-16 2007-11-21 EM Microelectronic-Marin SA Method and system for authentication and secure exchange of data between a personalised chip and a dedicated server
US8566588B2 (en) 2006-05-16 2013-10-22 EM Microelectric-Mann S.A. Method of authentication and secure exchange of data between a personalised chip and a dedicated server, and assembly for implementing the same
EP1965354A1 (en) * 2007-03-02 2008-09-03 Gemmo S.p.A. Service management system and method
FR2914524A1 (en) * 2007-03-29 2008-10-03 France Telecom Heterogeneous telecommunication system for transactional application, has server supporting application component suitable to interact with component installed in table, where component is installed with user entity through terminal
DE102007038948A1 (en) * 2007-08-17 2009-02-26 Josef Koprek Device for guarantee of access control, has near-field-communication reader having processor unit that is data linked with service provider, particularly wireless
DE102009007611A1 (en) * 2009-02-05 2010-08-19 Vodafone Holding Gmbh Method for wireless data communication between communication interface of mobile telephone and remote station, for execution of electronic ticket distribution, involves selecting application according to measure of input of mobile device
DE102009007611B4 (en) 2009-02-05 2019-07-04 Vodafone Holding Gmbh Method and device for contactless communication
EP2428937A4 (en) * 2009-05-04 2014-09-10 Zte Corp Gate control system and mathod of remote unlocking by validated users
US8933777B2 (en) 2009-05-04 2015-01-13 Zte Corporation Gate control system and method of remote unlocking by validated users
EP2428937A1 (en) * 2009-05-04 2012-03-14 ZTE Corporation Gate control system and mathod of remote unlocking by validated users
DE102015216910A1 (en) * 2015-09-03 2017-03-09 Siemens Aktiengesellschaft A method of operating an access unit by means of a mobile electronic terminal

Also Published As

Publication number Publication date
JP2004140779A (en) 2004-05-13

Similar Documents

Publication Publication Date Title
CN100417274C (en) Certificate based authentication authorization accounting scheme for loose coupling interworking
US7108177B2 (en) Proximity validation system and method
EP1430640B1 (en) A method for authenticating a user in a terminal, an authentication system, a terminal, and an authorization device
EP1476980B1 (en) Requesting digital certificates
CN1701561B (en) Authentication system based on address, device thereof, and program
JP4235102B2 (en) Authentication method between portable article for telecommunication and public access terminal
US20170148018A1 (en) Method and system for network communication
US20030084287A1 (en) System and method for upper layer roaming authentication
US20110258443A1 (en) User authentication in a tag-based service
EP1787486B1 (en) Bootstrapping authentication using distinguished random challenges
EP1411475A1 (en) System and method of communication including first and second access point
JP2002058066A (en) Short-range radio access and method for performing short-range radio commercial transaction between hybrid radio terminal and service terminal through interface for corresponding service terminal
JP5206109B2 (en) Entrance / exit management system and wireless communication terminal
JPH0669882A (en) Certifying method for mobile communication system
WO1998037661A1 (en) Apparatus and method for authentification and encryption of a remote terminal over a wireless link
JP2006318489A (en) Method and device for confirming authentication of id of service user
KR20120037380A (en) Method for registering a mobile radio in a mobile radio network
CN102111766A (en) Network accessing method, device and system
US7251731B2 (en) Call set-up from a mobile radio telephone terminal with biometric authentication
CN100407190C (en) Service providing method, system and program
CN106465116A (en) Access control for a wireless network
JP2011118789A (en) Communication device and processing system
US20180322502A1 (en) Data security system using interaction channel code
US11003744B2 (en) Method and system for securing bank account access
CN107786978B (en) NFC authentication system based on quantum encryption

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR IE IT LI LU MC NL PT SE SK TR

AX Request for extension of the european patent

Extension state: AL LT LV MK RO SI

AKX Designation fees paid
17P Request for examination filed

Effective date: 20041013

RBV Designated contracting states (corrected)

Designated state(s): AT BE BG

RBV Designated contracting states (corrected)

Designated state(s): DE FR GB

REG Reference to a national code

Ref country code: DE

Ref legal event code: 8566

17Q First examination report despatched

Effective date: 20060904

17Q First examination report despatched

Effective date: 20060904

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20071127