EP2100428A2 - Procédé et système de lecture de données depuis une mémoire d'un appareil mobile à distance - Google Patents

Procédé et système de lecture de données depuis une mémoire d'un appareil mobile à distance

Info

Publication number
EP2100428A2
EP2100428A2 EP07846762A EP07846762A EP2100428A2 EP 2100428 A2 EP2100428 A2 EP 2100428A2 EP 07846762 A EP07846762 A EP 07846762A EP 07846762 A EP07846762 A EP 07846762A EP 2100428 A2 EP2100428 A2 EP 2100428A2
Authority
EP
European Patent Office
Prior art keywords
server
data
wireless communication
mobile
modem
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP07846762A
Other languages
German (de)
English (en)
Inventor
Matthias Lydike
Bernd Hoeppener
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Efkon GmbH
Original Assignee
Efkon Germany GmbH
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Efkon Germany GmbH filed Critical Efkon Germany GmbH
Publication of EP2100428A2 publication Critical patent/EP2100428A2/fr
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • GPHYSICS
    • G08SIGNALLING
    • G08CTRANSMISSION SYSTEMS FOR MEASURED VALUES, CONTROL OR SIMILAR SIGNALS
    • G08C23/00Non-electrical signal transmission systems, e.g. optical systems
    • G08C23/04Non-electrical signal transmission systems, e.g. optical systems using light waves, e.g. infrared
    • GPHYSICS
    • G08SIGNALLING
    • G08GTRAFFIC CONTROL SYSTEMS
    • G08G1/00Traffic control systems for road vehicles
    • G08G1/20Monitoring the location of vehicles belonging to a group, e.g. fleet of vehicles, countable or determined number of vehicles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0272Virtual private networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys

Definitions

  • the invention relates to a method for reading out data from a memory of a mobile remote device, e.g. dvseckats, by a server, wherein between the server and the device a wireless communication connection is established.
  • the invention relates to a system for reading data from a memory of a mobile remote device, e.g.ffygerats, by a server, as well as the device is assigned a modem for wireless communication.
  • WO 2006/004231 A1 deals with the remote reading of an energy meter, wherein if data is not received, a line connection to a read modem is to be established, an authentication code being provided for this special case. Specifically, however, it is about the use of services of an existing network, especially in a stationary equipment, as opposed to access to individual remote, mobile, passive devices by a central station.
  • EP 1 655 921 A1 it is known from EP 1 655 921 A1, for example. It has become known to subject users of a communication system for network access to authentication so that only authorized subscriber terminals are granted access to the network. Also known per se are VPN connections, see, for example, US 2006/0155822 A1, which generally discloses a VPN connection between a mobile device and an Internet device, which concerns a service network, in which a rights assignment and the use of services stand in the foreground. The problem of reading data, in particular data that can be assigned to different owners, in objects or devices that are mobile and completely passive, is not addressed here.
  • it is intended to allow downloading of authentic data if the object or device containing the data is too far away to reach it directly, or if it is constantly changing its location due to the mobile training. It should also be possible to request and download certain data from different devices, especially on behalf of authorized companies.
  • the invention provides a method and a system for reading out data as stated in the independent claims.
  • Advantageous embodiments and further developments are specified in the dependent claims.
  • data from a mobile remote (vehicle) device can be requested and downloaded from a data station, a server, which can also be mobile, for example, in addition to being stationary.
  • a conventional radio connection in particular via GPRS or GSM, but also an infrared (IR) connection, a wireless LAN connection or the like.
  • IR infrared
  • VPN Virtual Private Network
  • the server After establishing such a communication connection from the server, a VPN (Virtual Private Network) connection between the server and the device is realized, and the corresponding applications are integrated into the connection on the server and on the remote device.
  • the required data can only be downloaded with the appropriate authorization, whereby this data transmission is preferably also carried out under encryption for security reasons.
  • data requested by different companies from a wide range of devices can be requested and downloaded to the server, and the server (or one of several servers operating in the network) can also be made available to various customers for such download services.
  • the authentication using an authentication card is made in a m card reader - after handover, for example, by a customer of the server - is read, so access to certain mobile devices, such as devices in certain Vehicles, in the field, to obtain.
  • the authentication unit it is also possible to connect the authentication unit to a management unit for virtual card images (electronic "authorization cards") and no additional measures are required.
  • virtual card images electronic "authorization cards”
  • the numbers of the devices in the case of mobile phone connections can be public and the access to the data According to the invention, as mentioned, via the authentication, in particular via an authentication card.
  • Dxe invention thus enables the secure reading of data from a memory of a mobile remote device, which is a passive device, with all the necessary steps for reading the data from the side of the server or computer, ie the "terminal", are made
  • Server-side authentication ensures that only permissible access to data in the mobile, passive devices can take place, whereby in the case of data from different owners, authentication also ensures access to only one's own data
  • Service connection and no network connection there are no compulsory ones Service connection and no network connection, and access to signed, protected data in a passive, mobile object in a secure manner, starting from the central data terminal, is made possible.
  • the - known per se - VPN- Connection of meaning.
  • FIG. 1 is a block diagram of a system according to the invention for remote reading of data with a server and a mobile device;
  • FIG. 1 is a block diagram of a system according to the invention for remote reading of data with a server and a mobile device;
  • FIG. 1A schematically shows in a comparable block diagram a system according to the invention modified for the remote reading of data compared with FIG. 1;
  • FIG. 2 schematically shows the connection setup between server and device with establishment of a VPN connection and provision of an authentication and encryption procedure;
  • FIG. 1A schematically shows in a comparable block diagram a system according to the invention modified for the remote reading of data compared with FIG. 1;
  • FIG. 2 schematically shows the connection setup between server and device with establishment of a VPN connection and provision of an authentication and encryption procedure;
  • FIG. 1A schematically shows in a comparable block diagram a system according to the invention modified for the remote reading of data compared with FIG. 1;
  • FIG. 2 schematically shows the connection setup between server and device with establishment of a VPN connection and provision of an authentication and encryption procedure;
  • FIG. 1A schematically shows in a comparable block diagram a system according to the invention modified for the remote reading of data compared with FIG. 1;
  • FIG. 2 schematically shows the connection setup between server and device with establishment of
  • FIG. 3 shows a flow chart for illustrating the basic procedure in the method according to the invention for remote reading of data
  • 4 and 5 are detailed flowcharts to portions in the flowchart of FIG. 3, illustrating the authentication procedure and the data transmission.
  • a server 4 is to be understood only as an example, and that also several servers in the network, possibly in conjunction with a common database 5, as memory where the downloaded data is stored, may be present, and In particular, a plurality of devices 2, for example, several thousand devices 2, may be present.
  • the memory 3 in the respective device 2 can be present in various known embodiments, and the data are written into this memory 3 or read out of the memory 3 with the aid of a processor 6 or the like.
  • the processor 6 (hereinafter referred to simply as ⁇ P 6) is assigned an encryption / decryption unit 7, which may be designed as a separate component and connected to the ⁇ P 6, but which is also formed as a software module in a program memory of the ⁇ P 6 can be.
  • the ⁇ P 6 contains further Also, a corresponding communication module (not illustrated in detail) to the server 4 via an interface 8 and an associated modem 9 for wireless communication, such as a GPRS modem or a wireless LAN modem (W-LAN modem) to communicate.
  • the respective connection establishment over these wireless communication paths takes place from the server 4, which has a corresponding communication modem 10, e.g. a GPRS modem or a wireless LAN modem, with which it is connected via an interface 11.
  • the server 4 contains computer means 12, which may be formed by one or more processors or microcomputers ( ⁇ C), a part of which forms a separate control unit 13, which has an encryption / decryption unit 14 assigned and via a VPN device 15 and the Interface 11 is connected to the modem 10.
  • ⁇ C microcomputers
  • an authentication unit 16 is provided in the computer means 12, which is connected via an interface 17 to a card reader 18 for reading authorization cards 19 which contain a code and which are inserted into the card reader 18.
  • a unit 18 there may also be a management unit for virtual authorization cards (virtual card images).
  • an input unit 20 is provided, in which case also a corresponding authentication procedure is conceivable in order to prove an access authorization for the request of data from the respective device 2.
  • the control unit 13 of the computer means 12 is further connected via an interface 21 to the memory 5.
  • FIG. 1A illustrates a system 1 modified from the system according to FIG. 1 for reading out data from a remote, mobile device 2, for example once again an OBU vehicle device.
  • the system 1 here also has a server 4 for retrieving data from the remote device 2, specifically from its memory 3.
  • the server 4 is preferably designed as a mobile read-out device, and he or she is in principle similar to the server 4 of FIG. 1 formed so that, as far as agreement is given, a re-detailed description may be unnecessary, similar to the case of Device 2.
  • corresponding components of the server 4 as well as the remote device 2 have been given the same reference numbers.
  • the server 4 again has computer means 12 with a control unit 13, a
  • the card reader 18 is integrated in the server 4 in order to be able to insert authorization cards 19 directly into the server 4 and to be able to read from it.
  • a VPN device 15 is also connected to the computer means 13 using a mobile telephone modem, e.g. a GSM modem or a W-LAN modem, generally a modem 10, is connected via an interface 11 to the VPN device 15.
  • a mobile telephone modem e.g. a GSM modem or a W-LAN modem, generally a modem 10.
  • a modem 10 'known per se for infrared communication is also connected to the VPN device 15.
  • the remote device 2 also has an IR modem 9 'with IR transmitting means 22' and IR receiving means 23 ', this IR modem 9' being connected to the processor 6 of the device 2 via the encryption / descrambling unit 7 ,
  • This IR modem 9 ' instead of the wireless modem, wireless modem or mobile modem 9 shown in FIG. 1 or preferably, as shown in Fig. IA, be provided in addition to the latter modem 9 so as to Readout of data on request from the server 4 hm depending on the choice or for more favorable communication conditions either via the W-LAN or mobile phone connection (modems 9, 10) or via the infrared communication connection (modems 9 ', 10') provided.
  • a mobile server 4 it is also expedient to connect this server 4 to the database 5 via a wireless network Network (radio network) to produce, unless the database 5 is integrated into the server 4.
  • a wireless network Network radio network
  • an arrangement of transmitting and receiving radio modems 24 and 25 for the communication between the mobile server 4 and the database 5 is illustrated by dashed lines as an example in Fig. IA.
  • FIG. 3 It is generally shown in FIG. 3 that according to a field 40, if there is a desire for data transmission, a wireless connection to the device 2 is established from the server 4. In accordance with an interrogation field 41, it is then checked whether this wireless connection is established, for example via GSM or GPRS, or else via IR, and if not, return to the initial field 40. However, as soon as the wireless connection is established, it is queried in accordance with a further query field 42 whether there is a legitimate query, ie whether an authentication has been or has been made.
  • the process continues immediately to the end 43 of the process. If, however, in the check according to query field 42, the result is an authorization of the query, then according to a field 44, the VPN connection is established from the server. Following this, in accordance with a field 45, the data is transmitted from the device 2 to the server 4, wherein continuously according to an interrogation field 46 queries whether the data has already been completely transferred. If this is not the case, the data transmission is continued according to box 45. However, when the data has been completely transferred, the end 43 of the process is reached.
  • FIG. 4 illustrates in more detail the process during the authentication, it being assumed that the security modules (crypto-control) of the server 4 and of the terminal 2 each have special keys; the corporate key, along with the terminal (frontend) key, must be a valid pair.
  • the server 4 sends the corporate identifier for authentication purposes, i. an identification of the company for which the data transmission is to be initiated and which is authorized to transmit the data from the respective terminal 2.
  • this corporate identifier is then checked in the device 2, and if the device 2 rejects it, i. the enterprise identifier is not known to the device 2, the transition to the end 43 as described.
  • the device 2 sends back a confirmation message to the server 4, s. Box 52 in Fig. 4.
  • the server 4 provides a VPN key for establishing a VPN connection, s. Field 53, after which the establishment of the VPN connection according to box 54 takes place.
  • the server 4 asks for a list of accessible data; It should be taken into account here that several authorized subscribers are conceivable, to whom data is assigned in each case, but which also have to be protected against each other.
  • the device 2 sends the list of accessible data to the server 4, then the server 4 queries the data for the transmitted list, s. Box 57 in Fig. 5, and according to box 58, the device 2 sends the data and the associated signature, if, as is preferred, the data is already stored in the memory 3 of the device 2 stored.
  • the server 4 is further queried continuously in accordance with query box 59, whether the list end is reached, ie whether all data transfer according to the list were; if not, returns to box 57 to request further data. If, however, a complete transmission of the data according to the list is given, the data transfer is terminated according to field 60, the VPN connection is closed according to field 61 and, finally, according to field 62, the wireless communication connection (GSM, GPRS) is ended, the end step 43 then reached.
  • GSM Global System for Mobile communications

Abstract

Pour permettre la lecture de données depuis une mémoire d'un appareil mobile (2) à distance, par ex. un appareil mobile de véhicule, par l'intermédiaire d'un serveur (4), une liaison de communication sans fil est établie par le serveur (4), entre lui et l'appareil (2), une vérification d'authentification est ensuite effectuée sur le côté serveur, et une liaison VPN (virtuelle private Netzwerks- / réseau privée virtuelle) est établie depuis le côté du serveur (4), les données étant ensuite lues depuis la mémoire (3) de l'appareil (2), transmises au serveur (4) par la liaison VPN et enregistrées.
EP07846762A 2006-12-01 2007-11-23 Procédé et système de lecture de données depuis une mémoire d'un appareil mobile à distance Withdrawn EP2100428A2 (fr)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
AT0200106A AT504581B1 (de) 2006-12-01 2006-12-01 Verfahren und system zum auslesen von daten aus einem speicher eines fernen geräts durch einen server
AT0081807A AT505078B9 (de) 2006-12-01 2007-05-23 Verfahren und system zum auslesen von daten aus einem speicher eines fernen geräts durch einen server
PCT/EP2007/010161 WO2008064821A2 (fr) 2006-12-01 2007-11-23 Procédé et système de lecture de données depuis une mémoire d'un appareil mobile à distance

Publications (1)

Publication Number Publication Date
EP2100428A2 true EP2100428A2 (fr) 2009-09-16

Family

ID=39494749

Family Applications (1)

Application Number Title Priority Date Filing Date
EP07846762A Withdrawn EP2100428A2 (fr) 2006-12-01 2007-11-23 Procédé et système de lecture de données depuis une mémoire d'un appareil mobile à distance

Country Status (6)

Country Link
US (1) US20100075633A1 (fr)
EP (1) EP2100428A2 (fr)
AT (2) AT504581B1 (fr)
BR (1) BRPI0718934A2 (fr)
RU (1) RU2454819C2 (fr)
WO (1) WO2008064821A2 (fr)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102006048029B4 (de) * 2006-10-09 2008-10-02 Continental Automotive Gmbh Verfahren und Vorrichtung zur Übertragung von Daten zwischen einem Fahrtschreiber und einer Datenverarbeitungseinrichtung
DE102008006840A1 (de) * 2008-01-30 2009-08-13 Continental Automotive Gmbh Datenübertragungsverfahren und Tachographensystem
EP2157551A3 (fr) * 2008-08-21 2013-02-27 NORDSYS GmbH Dispositif de lecture par tachygraphe
DE102008047433A1 (de) * 2008-09-15 2010-03-25 Continental Automotive Gmbh Verfahren zum Freischalten von Funktionen eines Tachographen
EP2189921B1 (fr) * 2008-11-21 2012-05-23 ads-tec GmbH Appareil de diagnostic destiné à la connexion avec un véhicule automobile
WO2012162843A1 (fr) 2011-06-03 2012-12-06 Research In Motion Limted Système et procédé pour accéder à des réseaux privés
DE102014209191A1 (de) * 2014-05-15 2015-12-03 Continental Automotive Gmbh System und Verfahren zum Herunterladen von auf einem Tachografen gespeicherten Daten
DE102022205652B4 (de) 2022-06-02 2024-04-25 Siemens Aktiengesellschaft Drahtlose Bereitstellung von Informationen aus Schalter-Funktionstests

Family Cites Families (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FI102499B1 (fi) * 1997-03-10 1998-12-15 Nokia Telecommunications Oy Kopioitujen SIM-korttien etsintä
DE19844631A1 (de) 1998-09-29 2000-04-06 Gantner Electronic Gmbh Schrun System zur Überwachung, Steuerung, Verfolgung und Handling von Objekten
ES2285812T3 (es) * 1998-11-10 2007-11-16 Aladdin Knowledge Systems Ltd. Metodo de interaccion usuario-ordenador para ser usado por sistemas de ordenador conectables de forma flexible.
AUPP776498A0 (en) 1998-12-17 1999-01-21 Portus Pty Ltd Local and remote monitoring using a standard web browser
WO2001082529A2 (fr) * 2000-04-25 2001-11-01 Captivate Network, Inc. Portail d'informations
US6735324B1 (en) * 2000-07-31 2004-05-11 Digimarc Corporation Digital watermarks and trading cards
US7034683B2 (en) 2000-11-06 2006-04-25 Loran Technologies, Inc. Electronic vehicle product and personnel monitoring
EP3223186B1 (fr) * 2002-07-09 2021-03-31 Smartrac Technology Fletcher, Inc. Système et procédé pour fournir des solutions d'identification sécurisées
US20050174236A1 (en) * 2004-01-29 2005-08-11 Brookner George M. RFID device tracking and information gathering
EP1585257A3 (fr) 2004-03-19 2007-08-01 Iskraemeco, Merjenje in Upravljanje Energije, D.D. Méthode de surveillance, de lecture et de commande à distance des compteurs de consommation intelligents
US7902995B2 (en) * 2004-06-30 2011-03-08 Nuri Telecom Co., Ltd. Remote meter-reading system and method using duplicated data transmission of packet data transmission and circuit data transmission
KR100645512B1 (ko) 2004-09-30 2006-11-15 삼성전자주식회사 통신 시스템에서 네트워크 접속에 대한 사용자 인증 장치및 그 방법
TWI293844B (en) * 2005-01-11 2008-02-21 Ind Tech Res Inst A system and method for performing application layer service authentication and providing secure access to an application server
US8341289B2 (en) * 2005-05-17 2012-12-25 Rajant Corporation System and method for communication in a wireless mobile ad-hoc network

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO2008064821A2 *

Also Published As

Publication number Publication date
AT504581B1 (de) 2009-03-15
AT505078B1 (de) 2009-06-15
AT504581A1 (de) 2008-06-15
BRPI0718934A2 (pt) 2014-02-04
RU2454819C2 (ru) 2012-06-27
AT505078A1 (de) 2008-10-15
WO2008064821A3 (fr) 2008-10-16
AT505078B9 (de) 2009-08-15
RU2009125000A (ru) 2011-01-10
WO2008064821A2 (fr) 2008-06-05
US20100075633A1 (en) 2010-03-25

Similar Documents

Publication Publication Date Title
AT505078B9 (de) Verfahren und system zum auslesen von daten aus einem speicher eines fernen geräts durch einen server
EP3615371B1 (fr) Procédé permettant d'autoriser en deux étapes une opération de charge au niveau d'une colonne de charge
EP2338255B1 (fr) Méthode, produit logiciel et système d'authentification d'un utilisateur d'un réseau de télécommunication
DE102008000067B4 (de) Verfahren zum Lesen von Attributen aus einem ID-Token
DE102008042262B4 (de) Verfahren zur Speicherung von Daten, Computerprogrammprodukt, ID-Token und Computersystem
EP2415228B1 (fr) Procede de lecture des attributes d'un token utilisant une connexion radio
EP1379935B1 (fr) Procede d'authentification d'un utilisateur au cours de l'acces a un systeme base sur logiciel, par l'intermediaire d'un moyen d'acces
EP1784791A1 (fr) Billet electronique
WO2010145979A1 (fr) Procédé pour l'enregistrement d'un radiotéléphone mobile dans un réseau de radiotéléphonie mobile
DE102009027686A1 (de) Verfahren zum Lesen von Attributen aus einem ID-Token
WO2012041595A2 (fr) Procédé de lecture d'un jeton rfid, carte rfid et appareil électronique
WO2008046575A1 (fr) Procédé pour l'exécution d'une application à l'aide d'un support de données portable
EP2526441A1 (fr) Procédé d'exécution d'une transaction entre un support de données portatif et un terminal
EP2548358B1 (fr) Méthode d'autorisation dynamique d'un dispositif de communication mobile
EP1075161B1 (fr) Procédé et appareils pour le contrôle d'accès d'un utilisateur à partir de son ordinateur vers un ordinateur d'accès
DE10300515A1 (de) Verfahren und Vorrichtung zum Bezahlen in Netzen bei einmaliger Anmeldung
DE102008042582A1 (de) Telekommunikationsverfahren, Computerprogrammprodukt und Computersystem
EP2199944A2 (fr) Procédé d'authentification d'une personne par rapport à une installation de traitement des données électronique à l'aide d'une clé électronique
EP1519603A1 (fr) Méthode d'authentication d'un utilisateur pour un service offert par l'entremise d'un système de communication
DE60021654T2 (de) System und Verfahren zum Bereitstellen von Diensten mit vertrautem Ortindikator, und fahrbares Gerät zur Anzeige von ihnen
DE202004016344U1 (de) Elektronisches Ticket
DE102015209073B4 (de) Verfahren zum Lesen von Attributen aus einem ID-Token
EP4072180A1 (fr) Procédé d'autorisation d'un processus de charge à un point de charge
DE60310872T2 (de) Verfahren zur Verwaltung einer Einstellung eines Gateways von einem Benutzer des Gateways
DE102014209191A1 (de) System und Verfahren zum Herunterladen von auf einem Tachografen gespeicherten Daten

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20090625

AK Designated contracting states

Kind code of ref document: A2

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LI LT LU LV MC MT NL PL PT RO SE SI SK TR

DAX Request for extension of the european patent (deleted)
RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: EFKON AG

17Q First examination report despatched

Effective date: 20120615

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20131203