KR100899140B1 - Method and device for re-dispatching specifically coded access objects from a server to a mobile terminal device - Google Patents

Abstract

The present invention relates to the field of protected data using specifically coded access objects on mobile terminal devices, and more particularly to a method and server for enabling a user to regain a SCAO of a lost mobile terminal device. will be. The method of the present invention provides the possibility of resending the SCAO from the server to the terminal device via the communication network. The method includes receiving at least one terminal device identification information and / or authentication data at a server and wherein the identification information and / or authentication data are associated with a terminal from which an initial specifically coded access object was previously generated. Determining whether to identify the terminal identification information as one. The method further comprises obtaining, at the server, a particular specifically coded access object that is received according to the received terminal identification information if the received terminal identification information has been identified as a previously generated terminal. By continuing. The method may be terminated by sending the supplementary specifically coded access object to the terminal device 15 via the network, the terminal device having a terminal obtained with the supplementary specifically coded access object. Device identification information.

Description

Method and device for re-dispatching specifically coded access objects from a server to a mobile terminal device}

The present invention relates to the field of protected data using specifically coded access objects (SCAOs) on mobile terminal devices. In particular, the present invention relates to a method for enabling a user to reacquire SCAO of a mobile terminal device in which SCAO is lost.

The use of SCAOs is necessary to enable content providers to control access to digital content or digital objects such as, for example, software programs. Idiomatically this is accomplished by one or more SCAOs needed to use the content (such as music, video or games) on the terminal device. Conventionally, specifically coded digital access objects are transmitted only once from a specifically coded digital access object server to the terminal device. The SCAOs will be needed to avoid the use of memory modules, for example, as known from Game Boy ™ and N-Gage gaming devices. These coded solid implementations can easily be provided with sufficient copy protection to avoid unacceptable radiation. However, a major drawback of these idiomatic strongly-coded memory modules exists in the required sales infrastructure. At present, only some stores can buy N-Gauge game modules. The use of modules significantly increases the cost for a single game, due to warehouse management and retailer surcharges.

Thus, it is desirable to find a way to avoid conventional warehouse management for hardware modules by only storing a plurality of bits and sending some bit sequences directly to the user via the electronic interface and wide area network (WAN). However, this solution implies that the universally applicable program received can be copied a large number of times, which can significantly reduce the benefits of manufacturers of such electronic applications.

The use of digital copy protection, also known as Digital Rights Management (DRM), results in the use of coded digital access objects that restrict the use of certain software to certain devices. In order to receive such a coded digital access object, the user has to pay the provider, so that the entire distribution chain is reduced to a single digital transmission from the provider to the user's terminal. When using habitually coded programs or key-sequences, some content can only be read or executed by a single terminal device.

The particular coded digital access objects may be lost in any way if a data error occurs in the terminal or new firmware is required.

By convention, the user of the terminal device cannot once again request the transmission of a specifically coded digital access object received from a provider without additional payment. Moreover, this is excluded because the publisher conventionally does not permanently store the specifically coded digital access object with device identification information. Once specifically coded digital access objects are downloaded they can be stored on a user storage medium but cannot be stored online under the protection of the copyright issuer. Especially when using a DRM system with multiple coded digital access objects, the storage on the server side significantly increases the consumption of storage resources.

The use of current memory devices allows a user to back up the coded digital access object on a storage medium or on a computer device that is connected, for example, via local wiring or via a local infrared or short-range wireless connection. It is currently envisioned to use one or more specifically coded access objects (SCAOs) to play content (such as music, video, games, software, etc.) on a terminal device.

The fact that the user has to pay for a specifically coded access object (SCAO) indicates that measures should be taken to prevent these SCAOs from being lost or that the user can "move" SCAOs to another device. Indicates that you may want That is, it is desirable to reduce all possible limitations that a user may experience when using SCAOs on a terminal device.

It is desirable to prevent any type of deleting stored SCAOs from causing a loss of ability to play certain content. It is also desirable to prevent the user from losing the ability to play certain content if the device provided with the SCAO is compromised. In particular, it would be desirable to provide a method and apparatus that allow a user to still execute content with SCAO even when the device on which the SCAO was created is no longer available.

According to a first aspect of the present invention there is provided a method for resending a specifically coded access object (SCAO) from a server to a terminal device via a communication network. The method includes receiving at least one terminal device identification and / or authentication data at a server (eg, via the communication network) and accessing the identification information and / or authentication data, initially specifically coded. Determining whether the object SCAO identifies terminal identification information as being associated with a previously created terminal. The method may further comprise recalling the terminal-specifically coded access object, wherein the terminal identification information received is supplementary according to the received device identification information and authentication data if the initial specifically coded access object was identified as a previously generated terminal. Acquiring at a server and transmitting the auxiliary specifically coded access object to the terminal device via the cellular communication network, the terminal having terminal device identification information for which the auxiliary SCAO has been obtained. do.

By receiving at least one terminal equipment identification and / or authentication data at the server, the server can access each data previously stored in connection with these data. The server is envisioned to receive terminal device identification information of a single device or terminal device identification information of two or more different devices. In a simple example, only the single terminal identification information indicating the device address required for the next step of retransmission of the SCAO is received, for example. The terminal device identification information can be used for statistical applications to confirm the usefulness of the method. In one embodiment that does not rely directly on the terminal device identification information, the authentication data may be used to obtain the SCAO (s) of the user. The terminal device identification information may not be necessary in case of simple retransmission of the SCAO to the terminal, but in the case of "dual entries" of user names and passwords or in the case of a deliberately "robbed" login name / password pair. This can be useful to avoid collisions.

The authentication data may include, for example, a user name and password as known from state of the art authentication or authentication procedures.

If each SCAO can be accessed by the received device identification information, it is possible to save the authentication data. In this case the device identification information will be sufficient to obtain the SCAO by recalling a previously generated SCAO stored on the server, filed under the device identification information so that the server can retrieve the SCAO.

The terminal device identification information may be, for example, an international mobile device identification information (IMEI), a subscriber identification member (SIM) code, a device related public key, a unique device key, a telephone number, etc. in the case of a mobile device or a cellular device. It is also possible to implement device identification information as software code in the firmware of the terminal device. Using device identification information in software code in the firmware has the advantage of being able to update or change the device identification information.

Re-issuing or re-sending or resending SCAO by determining whether the identification information and / or authentication data identifies the terminal identification information as being associated with a previously generated terminal, the initial specifically coded access object (SCAO). It is guaranteed that the user (or terminal) requesting for example has one type of authorization or justification for accessing the server's database, for example. In the following, the expression "initial SCAO" is used for an access object received at the server, stored at the server or previously created at the server, i.e., indicating an SCAO not created in connection with the method. The expression supplementary SCAO is used to refer to the SCAO that is retrieved or generated during the method of the present invention and to be transmitted to the terminal device via the communication network.

After verification of the identification information and / or authentication data, the server obtains an auxiliary SCAO according to the received device identification information and authentication data. This is done only if the terminal identification information identifies the terminal as a terminal previously generated by the SCAO. The use or execution of content (such as games, music or video files) on the terminal requires the presence of at least one SCAO on the device. The SCAO may be used as a digital rights management (DRM) object. The SCAO may be coded according to the public key of the terminal device. Execution of content may be performed by a decoding process of the specifically public key coded access object with the public key of the terminal device.

It will be noted that the verified identification information and / or authentication data may be associated with another device or the same device from which the server obtains the auxiliary SCAO. In other words, in one case the obtained assisted SCAO is substantially the same as the initial SCAO. If the initial SCAO was previously stored in the case of only one received device identification information, it is sufficient to simply retrieve the initial SCAO (or a copy of the SCAO) as the auxiliary SCAO. An online backup of the SCAO can be stored on the server while the device is still intact and the backup can be stored on a secure server with at least terminal device identification and additional data.

It is also envisioned to receive two different device identification information. In the case of using two different devices, one terminal identification information will be used to indicate that the user or device has already achieved / acquired SCAO and also wants to use the feature of this access object on another terminal with the second terminal identification information. Can be. In this case, the user requests the issuance of a second (secondary) SCAO specifically coded according to the identification information of the second terminal. This implementation represents a kind of "good faith factory-supplied copy of SCAO." In this case, the SCAO provider has no possibility to guarantee that no remaining copies of the "early SCAO" exist, ie this service is "two for one price" service. It is guaranteed that no secondary or dual use of SCAO can occur only if the device on which the initial specifically coded access object (SCAO) was created is destroyed. However, the number of accidents in which the terminal device is actually destroyed (and the device identification information is still available) is negligibly small compared to the number of terminal devices exchanged or newly purchased. The server may receive terminal identification information and authentication of two different devices to "copy" or "send" the digitally coded access object from one terminal device to another terminal device.

Finally, the obtained assisted SCAO is transmitted to the terminal device having the terminal device identification information from which the assisted SCAO was obtained.

In any case, the auxiliary SCAO is sent to the terminal device from which the SCAO was created. Since the initial terminal is no longer available, the present invention provides a supplemental SCAO as the possibility of executing or using some content on another terminal device or as a substitute for the lost if the user loses the possibility of executing or using the content. Try to send.

Using the present invention the user no longer relies on a single terminal to execute any content and the user no longer has to worry about backing up the SCAOs. In addition, the user can also use other terminals, for example, to execute content using different SCAOs provided by the provider. It will be noted that it is envisaged to include a SCAO coded according to some device identification information and according to a SIM-number. The use of dual SCAOs can greatly simplify any authentication and authorization procedures, for example if SIM-card identification or device identification is sufficient to require a new SCAO. In this scenario the user can change the terminal or SIM card without losing the possibility of executing any content.

In an exemplary embodiment the method further comprises storing the initial SCAO in a previous step at the server. In this embodiment it is not necessary for the server to obtain the initial SCAO. For example, it is envisioned that the server acquires the initial SCAO from another (eg DRM) server indirectly from an access server or directly from terminals. By storing the initial SCAO in a previous step it is ensured that the server already has one or (all) initial SCAO (s) available. The server acts as a kind of early SCAO backup server. By storing the initial SCAOs, there is no need for the user to provide distributed backups. In other words, this implementation simplifies the use of early SCAOs on terminal devices by providing a kind of information recovery service. This embodiment discloses a mechanism for backing up a specifically coded access object (SCAO) that is requested online in the home of the issuer of the SCAO.

In an exemplary embodiment the initial SCAO is stored after initial creation of the initial SCAO. That is, for example, the digital rights management server stores a copy of each generated and assigned SCAO sent directly to the user terminal in the server's database or for example a specific (external) backup server. This embodiment represents a direct approach by collecting all available initial SCAOs when all available initial SCAOs are generated. By collecting and storing all generated initial SCAOs, it can be ensured that each user who has lost his initial SCAO for some reason can easily and quickly recover his initial SCAO. The server represents a kind of general purpose (or auxiliary) SCAO database. It may be envisaged to store the SCAO in uncoded form as an uncoded access object on a secure server. Backup of the uncoded access object enables the backup server to provide a SCAO coded according to data of another terminal device.

In another exemplary embodiment of the invention the initial SCAO is stored after receipt of the initial SCAO from a terminal device during online access. This approach represents a sort of "post" early (or auxiliary) SCAO collector trying to collect all the initial SCAOs that are accessible by, for example, a game server or the like. In particular, it is envisioned to collect initial and auxiliary SCAOs. This can help to implement a wide database with the available SCAOs and repetitive user identification information (user name and password) device identification information (eg IMEI) or subscriber identification information (SIM-card codes). have. In the case of a large database, access to the database may be restricted to prevent code principles from being obtained from the database by applying correlation analysis. The limit on the database may be implemented by a limit on the number of initial SCAOs accessible per time period (eg 10 per day).

This may be accomplished by an online application requiring one of the SCAOs for execution of the online application. The provider of the online application may, for example, provide access to the online application after the login procedure. The login procedure may include a username and password and in the case of a mobile cellular terminal device may include identification information of an additional International Mobile Equipment Identification (IMEI) (International Mobile Equipment Identification via GPRS Access). The access procedure or the login procedure may support a rights object acquisition protocol (ROAP) for obtaining access to the SCAOs for acquisition. The backup server can automatically store encrypted SCAOs (with a unique device key) upon online download. The terminal device needs specific keys for the acquisition and decryption of SCAOs, which can be implemented as private / public key pairs for authentication and asymmetric encryption and decryption. The terminal may also support a copyright object acquisition protocol.

The backup server may connect to an online server providing an online access application to terminal devices via a communication network. The user can connect his device to the server using a username, password, IMEI. The user downloads a specifically coded access object (SCAO) from the server (this download can be a complex procedure that is not critical to the backup procedure itself). Downloading SCAOs requires mutual authentication. SCAOs are encrypted before downloading. Encryption takes place with the help of the public key associated with the only terminal device.

Notification of the encrypted and downloaded copies of the SCAOs or even the download of the SCAOs is sent to the backup server. The backup server manages all SCAOs of the user of the terminal device. Each user (or terminal) is explicitly defined by a username, password, IMEI, or even by the unique public device key itself. The server may check the validity of the received SCAOs. Since each SCAO is encrypted and stored on the backup server, there is no need for additional security barriers.

Once the user of the terminal wants to download a backup of his SCAOs, the user must log in to the backup server and is granted access to his backup account by checking the username, password, IMEI or even unique public device key.

The backup method can be implemented as an automatic backup procedure during online download of acquired SCAOs (eg, using assignment based on username, password, IMEI). The backup method may be implemented as a user interactive backup. In this case the user must log in to the online server and send his encrypted SCAOs (e.g. using a username, password, IMEI) to his online backup server.

The initial SCAO may be received after the server has sent a request to send an initial request to a connected terminal. That is, it is envisioned to implement a request from the server to the terminal device for delivering the initial SCAOs stored on the terminal device together with identification information of the terminal and / or user / subscriber.

In another exemplary embodiment, the step of obtaining the auxiliary SCAO at the server is performed by retrieving a previously stored initial SCAO. In other words, the auxiliary SCAO is the same as the initial SCAO. This scenario represents a kind of server provided backup copy or backup recovery procedure for terminal devices.

The specifically coded access objects (SCAOs) stored on the server are in particular encrypted with, for example, the unique mobile identification information or device key. For this reason the SCAOs can only be used on a single device. This particularity may allow the operator of the server to allow unrestricted access to all database content since only these terminals can use the SCAOs as the backups can only be used by a dedicated device due to encryption. Once the device fails, the backup will not be available because the backup cannot be used by the exchanged device because the new device will have a different set of device identifications with different unique private / public keys for encryption and decryption. to be. The SCAOs of the failed device do not match the SCAOs of the new device.

This embodiment discloses a solution that allows a user to recover (lost or deleted) SCAO of the device. This is accomplished by a mechanism for backing up the required SCAO online under the protection of the issuer of the SCAO.

In another exemplary embodiment of the present invention, two terminal device identification information are received, that is, first device identification information and second device identification information. In the case of two different received device identifications, acquiring the SCAO at the server is assisted by decoding the previously stored initial SCAO according to the received first device identification and according to the received second device identification. This is done by creating a SCAO. The secondary SCAO is coded for transmission to the device with the received second device identification.

This implementation represents an extension of the remote backup server to the scenario that allows a user to "transmit" the initial SCAO from the first terminal to the second device with the second device identification. This is accomplished according to the present exemplary embodiment by the reception of the first device identification information and the second device identification information (and eventually authorization data). The first device identification information is used to determine the previously stored initial SCAO. This SCAO is then decoded according to the first device identification to obtain an uncoded or universal access object. This obtained uncoded access object can be used as the basis for an unlimited number of SCAOs, so that the server must be thoroughly protected against unwanted data access. The obtained uncoded access object is used to generate an auxiliary SCAO coded according to the device identification of the second device. That is, the user provides the device identification information of the first device and the device identification information of the second device to request a new auxiliary SCAO for the second device. In this embodiment, the initial SCAO is retrieved from the server according to the identification data of the first device.

According to another exemplary embodiment of the method of the present invention, two terminal device identification information, first device identification information and second device identification information are received at the server via the communication network. In this embodiment further initial specifically coded access object (SCAO) is received at the server via the communication network, the SCAO is coded according to the first device identification information. In the present embodiment, the step of acquiring the subsidiary SCAO at the server may be performed by decoding the received initial SCAO according to the received first device identification information and for transmitting according to the received second device identification information. This is done by creating an auxiliary SCAO.

An embodiment of the method may be performed without any need to have previously stored initial SCAOs. This feature also provides the possibility for the user to "copy" the digital coded access object several times, e.g. 2, 3 or 5 times, for example to enable some kind of "controlled" or slightly limited copy protection. Can be interpreted as. This allows, for example, a user of some content on the first terminal device to execute content with the new SCAO on the second terminal device. It may also be envisioned to implement a "universal" coded access object that does not require any specifically coded device identification information to grant universal access to the contents without any limitation. However, implementations of universal access code have inherent features that will be disclosed before it is desired to waive restrictions on the execution of the content that require the SCAO for execution.

This embodiment is provided for storing SCAOs of users. The SCAOs may be stored globally in an online repository (backup server) and / or on the user's premises. The backup server may be accessed by the user via online access while private backups may be stored on a local PC, MMC or some other storage medium. The stored SCAOs are used as a backup and encrypted. The backup is necessary if the SCAO in the device is damaged or if the device fails, i.e. the private backup becomes inaccessible.

A unique private decryption key and a unique public encryption key for each terminal to be stored globally inside the central server are needed for the terminal device. These private and public keys may be implemented by a personal terminal device key and a unique public device key. The encryption method can be standardized. The certificate type may be X.509, for example. The central server is a global database accessible from different sites and must be kept secret or at least very strongly protected. Moreover, the private and public keys must be sent to terminal devices during production and labeled or strongly-coded. The user can create a backup of his SCAOs in his own home. The backup is encrypted with the unique public terminal device key. The security requirements of the central server are very high. Access to the central server should not be possible by any hacker or by any unauthorized person.

Using a service point with a link to the backup server and the central server may be implemented. These links can be used to download the dedicated user's specifically coded access objects (SCAOs) and update the user's online account and repository (backup server) in the case of an exchange of terminal devices.

The central server stores important data of each generated terminal device (at least of a single terminal device manufacturer). The data file of each terminal device stored on the central server includes the unique personal terminal device key, the unique public device key (e.g. signed terminal certificate), the identifiers of the public keys (e.g. certificate identifier of X.509) Serial number) and possibly other X.509 parameters and unique terminal device identification information (e.g. IMEI).

The complete data file of a particular terminal device can be clearly identified by one of the above indicated items of the data file.

The following data items of each terminal device specific data files stored on the central server, i.e. the unique personal terminal device key and the unique public device key and (e.g., the serial number of the key identifier for example X.509 and other Additional coding parameters (such as X.509 parameters) must be provided by the manufacturer or required from the manufacturer of the terminal devices.

The manufacturer of the terminal device should provide the unique terminal device identification information (eg the IMEI) to the central server.

According to another aspect of the present invention there is provided a method for resending a SCAO from a server to a terminal device in a system comprising a server and a terminal connected via a communication network. The method includes transmitting at least one terminal device identification information and / or authentication data from the terminal device to the server (eg, via the communication network) and at the server the at least one terminal device identification information and the Receiving authentication data. The method proceeds to determining whether the identification information or authentication data identifies the terminal identification information received as being associated with a terminal previously generated by the SCAO. The method may further include, if the received terminal identification information initially identifies a terminal previously generated by a specifically coded access object (SCAO), supplementing the auxiliary SCAO with the received device identification information and authentication data at the server. It further comprises the step of obtaining. The method includes transmitting the auxiliary SCAO to the terminal device via the communication network, the terminal device including the terminal device identification information from which the auxiliary SCAO is obtained and receiving the auxiliary SCAO. And storing in the terminal device.

By transmitting at least one terminal device identification and / or authentication data from the terminal device (eg, via the communication network) to the server, the user of the terminal device can access the data stored on the server (e.g. SCAO). Identification information and authorization for access may be provided to the server. In the previous step this transfer can also be used to transfer an (initial) SCAO already present (eg as authentication data) to the server in a kind of external backup procedure. After the previous transmission, the server can function as an external backup storage device to store the received (initial) SCAO. It can also be envisioned that the server receives the initial SCAOs, for example from a digital rights server in a previous step. It is also contemplated that the server actively searches for devices in the communication network to retrieve (initial) SCAOs from devices in the communication network. It is also envisioned to use game servers of, for example, online games played over the communication network to retrieve terminal identifications and pairs of SCAOs for storage on the server. The stored pairs of terminal identification information and SCAOs enable simple reacquisition of SCAOs to be lost.

The at least one terminal device identification information and the authentication data transmitted are received at the server. After reception it is determined at the server whether the identification information / authentication data identifies the received terminal identification information as relating to a terminal in which the initial SCAO was previously created or stored. If it is determined that an initial SCAO was previously generated for one of the received terminal identification information, the user can (again) obtain the SCAO.

An auxiliary SCAO is obtained at the server if the initial SCAO was previously generated for a terminal device with identification information as received. The supplemental specific access object may be the same as the previously stored initial access object or may be specifically created according to the received terminal device identification information. It is expected that the initial SCAO is retrieved and transmitted to the terminal as an auxiliary SCAO only when single terminal identification information is received. If the received terminal identification data identifies two different terminal devices (eg, with an initial SCAO), it is expected that the first device identification information provides proof of access authorization. In this case, the supplementary specifically coded access object (SCAO) may be created for the terminal with the second device identification, ie the supplementary SCAO is different from the initial SCAO. In this embodiment the auxiliary generated access object following the "decoding" of the initial coded access object (depending on the identification information of the first device) and the recoding of the decoded initial SCAO for the auxiliary SCAO. Can be generated.

It should be noted that uncoding of the initial SCAO can be saved if the original general purpose (ie unspecified / uncoded) access object is available at the server. It is also contemplated to apply a "reverse uncoding process" to check the authenticity of the received initial SCAO. The "reverse uncoding process" will include coding the universal access object according to the identification information of the first device and comparing the received initial SCAO with the newly generated SCAO. This is particularly applicable when asymmetric coding algorithms are applied, for example, which require much more effort to decode the initial SCAO than coding other SCAOs from the universal access code.

The auxiliary SCAO is sent to the terminal to enable execution or use of content by transmitting the obtained auxiliary SCAO to the terminal device having the terminal device identification information obtained by the auxiliary SCAO via the communication network. Delivered or delivered to the user.

By receiving the auxiliary SCAO and storing it in the terminal device, a user can execute or use the content. It is also possible for the user to store the received auxiliary SCAO in a backup storage device in order to prevent the user from having to use the service again in the event of a memory or software failure of the terminal device, for example.

In another exemplary embodiment the method further comprises storing the initial SCAO on a user memory device operably connected to the terminal device.

This feature represents the initial SCAO's personal backup procedure. This backup can also be used to reload the initial SCAO in case of memory failure or unintentional deletion of the initial SCAO at the terminal device. This feature is useful if the terminal is compromised and the initial SCAO can be used as proof of purchase of the SCAO.

In another exemplary embodiment the method further comprises storing identification information of the terminal with the initial specifically coded access object (SCAO) on the user memory device. This exemplary embodiment allows a user to simplify access to the secondary SCAO when the terminal device is destroyed. This is especially true if the terminal device identification information of the first terminal device is not accessible, for example because the device and / or additional device identification information are lost (as may be provided in the manual of the first terminal). useful. The storage space required for storing the identification information data on the terminal is compared with the very low available storage elements.

In another exemplary embodiment of the invention the communication network is a cellular communication network and the terminal device is a mobile cellular terminal of the cellular communication network. That is, the present invention may relate to a system for providing computer programs to terminal devices such as, for example, a mobile phone or a mobile phone capable communication device. The invention can also be used to deliver SCAO to video game capable cellular telephones.

According to another aspect of the present invention there is provided a software tool comprising program code means for performing the method of the preceding description when the program product is run on a computer or network device.

According to another aspect of the invention a computer program product downloadable from a server for performing the method of the preceding description, comprising program code means for performing all steps of the previous methods when the program is run on a computer or network device. This is provided.

According to another aspect of the invention there is provided a computer program product comprising program code means stored on a computer readable medium for carrying out the methods of the preceding description when the program product is run on a computer or network device. .

According to another aspect of the present invention, a computer data signal is provided. The computer data signal represents a program representing a program that causes the computer to perform the steps of the methods included in the previous description when the computer program product is executed on a computer or network device.

According to another exemplary embodiment of the present invention, there is provided a network server connected to a communication network for resending the SCAO from a server to a terminal device via a communication network. The network server comprises an interface to the communication network, an authentication means, an auxiliary SCAO obtaining means and at least one storage device.

An interface to a communication network for receiving at least one terminal device identification, initial SCAOs, and authentication data is provided. In other words, the interface is for receiving data from a terminal device that cannot actually access any content because of a missing specifically coded access object (SCAO). The interface is also provided for transmitting the newly created auxiliary access object to the requesting device. The interface is also configured to transmit the acquired auxiliary SCAOs to the terminal devices from which the auxiliary SCAOs have been obtained via the communication network.

The authentication means are provided for authenticating terminal device identification information and / or authentication data connected to and received from the interface. The authentication means is configured to determine whether the identification information or authentication data identifies terminal identification information as associated with a terminal from which an initial SCAO was previously created or issued. The authentication may for example be based on some identification information of the terminal device and / or some public terminal device key and the initial SCAO. It is also contemplated to use vendor authentication at the discretion of the providers of the SCAOs. In this case, the employee may act as a certification authority to obtain a supplementary SCAO.

The auxiliary SCAO obtaining means is connected to the authentication means and is configured to obtain auxiliary SCAOs according to the received device identification and authentication data in case of positive authentication of the received data by the authentication means. The acquiring means may acquire the auxiliary SCAO by searching each initial SCAO according to the device identification information, the user identification information or the public terminal key. The obtaining means may obtain an auxiliary SCAO by decoding the received initial SCAO and the received device identification information (or for example a specific public terminal key).

The at least one connected storage device is connected to the authentication means to inspect the received authentication data and the received device identification information. The storage device may also be provided for storing a number of different acquired auxiliary SCAOs. The storage device may also be provided for storing a number of different initial SCAOs for retrieval. It is also envisioned to implement a storage device for storing accounting data in order to obtain the statistical data required to evaluate whether the provided service is actually accepted and required.

In another exemplary embodiment of the invention the communication network is a cellular communication network. That is, the network server is a server of a cellular network, and the interface is an interface to the cellular communication network configured to receive at least one terminal device identification information of a mobile cellular terminal device. That is, the present invention may relate to a server configured to provide SCAO for computer programs in mobile cellular terminal devices, such as mobile phones or mobile phone capable communication devices, for example. The invention can also be used to deliver SCAO to video game capable cellular telephones.

Hereinafter, the present invention will be described in detail with reference to the accompanying drawings.

1 is a flowchart of a publishing procedure and backup implementation for a specifically coded access object (SCAO) of conventional art.

2 is an example of a reissue procedure of SCAO in accordance with an embodiment of the present invention.

3 illustrates another example of reissuance of SCAO in accordance with another embodiment of the present invention.

4 illustrates an embodiment of the present invention for copying an initial SCAO to another terminal device.

Figure 5 illustrates an embodiment of the present invention of a combined reissue and copy procedure of SCAO.

6 illustrates another implementation of a method for reissuing SCAOs to another terminal device.

7 illustrates one embodiment of a network server for reissue and / or copy of SCAOs.

In the detailed description that follows, the same components are provided with the same reference numerals, regardless of whether the same components are shown in other embodiments of the present invention. In order to clearly and concisely explain the present invention, the drawings are not necessarily to scale, and certain features may be shown in somewhat schematic form.

1 is a flow chart of issuance or dispatch for SCAO by conventional techniques and the creation of a private backup of the SCAO. The background of the present invention is to provide the ability to play or use certain content on a terminal device, such as a mobile cellular terminal device, without having to use memory modules, for example, as known from CD players, small mobile electronic gaming devices, and the like. Exist in the way. This is accomplished according to the state of the art by the use of SCAOs. The SCAOs may be delivered via a communication network, such as a cellular communication network. In the drawings the terminal device is implemented as a mobile cellular terminal device without limiting the scope of the claims and the communication network is implemented as a cellular communication network.

The expression "specifically" indicates that the specifically coded access object (SCAO) only permits the execution or use of certain content on a particular identified terminal. The expression "coded" indicates the need to code the SCAO to prevent the user from copying or applying the SCAO to any terminal device, which deceives the execution protection provided by the SCAO. The expression " access " in the SCAO refers to the SCAO's task of granting access or the possibility to run or use some content on a cellular terminal device. Finally, the expression "object" of SCAO basically represents the unrestricted form of SCAO. The object may be part of an executable program, and the object may also be a major component necessary to execute, play or use certain files. It is also contemplated to use a specific content descrambling code. It can be envisioned to provide access to certain types of files or filenames. It may be envisioned to use combined content and device specific code to grant access to certain content on a certain terminal. It is possible to use a fixed private / public key pair for generating the SCAO, the private key can be wired at the terminal device, and the "public key" is only accessible by the generators of the SCAO. In the case of an asymmetric coding procedure, the public key can be issued to all software developers.

In the standard SCAO approach, the user requires the issuance of SCAO by transmission 22 from his terminal device 4 to the digital rights management (DRB) server 14 via the cellular network 10.

In the following, the DRM server 14 generates SCAO and transmits the generated SCAO to the terminal 4 via the cellular network (24). The process may use different additional transmissions, including, for example, information about the payment process, additional device specific information such as device identification information, transmission of a public terminal key to the DRM server 14, payment data, and the like. . These additional transmissions may include, for example, multiple transmissions exchanging data between a terminal, a provider of the communication network 10, different payment centers and the DRM server 14.

It is not possible for the current user to back up the received SCAO. However, in the case of an interchangeable memory device having respective contents, for example, the SCAO may also be stored in the memory device.

Users have to pay a significant amount of money, for example, to receive the SCAO for accessing complex terminal device games. In the event of a software error, malfunction or destruction of the terminal device, it can happen that the SCAOs can be lost, causing inconvenience to the user.

Even if the specifically coded access object (SCAO) is stored on an interchangeable memory module, for example, this will not contribute to enabling the execution of the contents on the mobile terminal, because the specificity of the SCAO This is because the content is prevented from running on another terminal device.

There is no option for the current user to save SCAO on any backup medium. However, in the case of complex and extensive content, the way of storing many different programs requires the use of interchangeable memory modules (although no strongly-coded programs are provided).

2 is an example of a reissue procedure of SCAO in accordance with an embodiment of the present invention. The initial steps 22 and 24 for requesting and delivering the SCAO from the DRM server 14 via the cellular network 10 are the same as the steps of FIG. The user connects to the DRM server 14 with his terminal device 4 using identification information, for example a user name, password, public device key and / or IMEI. The DRM server 14 generates a SCAO according to the received device identification information. The coding or generation of the SCAOs is complex but not critical to the backup procedure itself. Downloading the SCAOs requires mutual authentication. The SCAOs are encrypted before downloading. Encryption can be implemented, for example, using a unique terminal device related public key.

In addition, the DRM server sends (26) the SCAO or a copy of the SCAOs to backup server 12. That is, a copy of each generated SCAO is provided to the backup server 12 together with identification information of the terminal where the SCAO is generated. The SCAOs are stored proactively in the backup server together with identification information of the terminal in which the SCAO is generated. If the SCAO or the terminal 4 is not lost or damaged, the following steps will not occur. If it can be expected that the last terminal of a series will become obsolete, it may be implemented to provide a data overflow or “aging algorithm” to delete the stored data, for example after a 20 year time period. The backup server manages all the SCAOs of the terminal device or the user of the terminal device. Each user (or terminal device) is clearly defined by username, password, IMEI or even unique public device key. The server (backup server) checks the validity of the received SCAOs.

The main advantage of this embodiment lies in the fact that the user can reacquire the SCAO already acquired by the user. In particular, the use of SCAOs does not open new possibilities for users to copy software at will, because the data stored on the backup server 12 is actually coded and the terminal on which the specifically coded access object (SCAO) has been created. This is because it cannot be used on any other terminal device other than the device. Thus, the backup server 12 cannot offer any possibility to deceive the copy protection provided by the DRM server 14. Since each SCAO is encrypted and stored on the backup server, there is no need for an additional security barrier on the backup server.

When the SCAO is deleted on the terminal 4, a request 32 for retransmission of the SCAO from the backup server 12 to the terminal 4 is sent. Since the backup server stores a huge amount of different SCAO coded for a huge amount of different terminals, the request 32 must include terminal identification information so that the server can find a suitable SCAO. It may also be envisaged to transmit identification information of the contents requesting the SCAO for execution in the request 32. The server 12 may determine the desired SCAO and may retransmit or reissue 36 the SCAO to the terminal device 4 via the cellular communication network.

Once the user of the terminal wants to download a backup of his SCAO the user must log in to the backup server and be granted access to his backup account by checking the username, password, IMEI or even unique public device key.

3 illustrates another example of reissuance of SCAO in accordance with another embodiment of the present invention. The initial steps 22, 24 of acquiring the SCAO at the terminal device 4 from the DRM server 14 via the cellular communication network 10 are similar to the steps of FIGS. 1 and 2. In contrast to FIGS. 1 and 2, the backup server 12 is not directly connected to the terminal device.

The SCAO and device identification information (e.g. user name, password and / or IMEI) in FIG. 3 are transmitted from the terminal device 4 to an access server implemented as game server 16 in FIG. This transmission may be implemented to prove that the identified terminal device is capable of participating in an online game, for example, as being capable of executing respective game software.

In contrast to the conventional approach, the game server 16 sends a copy of the received SCAO to the backup server 12 along with the received device identification information (26). As shown in FIG. 2, the backup server 12 stores the SCAO together with the device identification information.

The basic elements of FIGS. 2 and 3 are very similar, the difference being that the backup server 12 receives the SCAO from the terminal 4 via the cellular communication network 10 and the game server 16. to be. In addition, the terminal 4 communicates indirectly with the backup server 12 via the games server 16 via the transmissions 33, 34. The connection between the game server 16 and the backup server 12 may be implemented via a direct wired connection or by another communication network. It is envisioned to provide a direct connection between the terminal device 4 and the backup server 12 via the cellular network as shown in FIG. 2.

4 illustrates an embodiment of the present invention for copying an initial SCAO to another terminal device. The initial steps of acquiring the SCAO are the same as those disclosed in Figs. In Fig. 4 the backup of the SCAO is stored in the memory device 2 of the first terminal 4, for example in the form of a private backup. It is anticipated that the user would like to play or use some content on another terminal device obtained by the user. Due to the peculiarity of the SCAO (for example because the devices have different private keys for decoding the SCAO) this is not possible.

In this scenario, the user directly transmits the SCAO from the first terminal to the second terminal (40). The user may also transfer the SCAO from the first terminal to the second terminal using interchangeable memory device “private backup” 2 (eg, by exchanging “private backup” (2) modules). ).

It is also possible to implement 40 transmitting the device identification information directly from the first device to the second terminal or send the device identification information from the first terminal device to the second device via a "private backup" (2) module. It is envisioned to implement (41, 44). For example, the transfer from the first device to the second device can do this.

In a next step, the second terminal transmits (42) device identification information of the second device via the cellular communication network (10) and device identification information of the first device (specifically for the first device). The initial SCAO (coded) is sent to the DRM server 14 (46). In FIG. 4 it is anticipated that the DRM server 14 may access the uncoded access object or at least decode the initial SCAO received from the first device. It is also envisioned that the DRM server 14 can access stored data of the first device (eg based on the IMEI of the first device). The DRM server 14 may decrypt the initial SCAO received according to the data of the first terminal 4 retrieved from the DRM server 14. This step requires that the DRM server 14 can access all the data necessary to decrypt (or encrypt) the SCAO of the first terminal 4. The ability to decrypt this SCAO implies that this data must be protected against unauthorized access. Using the personal device key of the first device can perform decryption of the initial SCAO. Subsequently, the uncoded access object may be recoded into an auxiliary specifically coded access object (SCAO) specifically coded according to the data of the second terminal device 6. Using the public device key of the second device may generate the auxiliary SCAO. This step is not important because the personal device key of the second device is not required.

Finally, the newly created auxiliary SCAO will be transmitted 48 to the second terminal 6 via the cellular communication network 10. The received auxiliary SCAO may be sent from the second terminal device 6 to the interchangeable memory device "private backup" 2.

This represents a kind of auxiliary SCAO transmission from the first terminal device 4 to the second terminal device 6.

When the content requiring the auxiliary SCAO is installed in the second terminal 6, the second terminal 6 may execute or use this content.

It is envisioned to ensure that the contents can no longer be run on the first device. This can be accomplished by ensuring that all possible existing copies of the initial SCAO are actually deleted. However, if there is a problem with the second terminal 6 and the user can keep his first terminal 4 as a substitute, the user must move the SCAO again.

Figure 5 illustrates an embodiment of the present invention of a combined reissue and copy procedure of SCAO. The illustrated embodiment represents a kind of combination of the methods of FIGS. 3 and 4, wherein the method of FIG. 4 is used to provide a copy of the initial SCAO to backup server 12 via game server 16. In FIG. 5 a user is expected to have an account on the game server, for example including a username and password. Steps 22, 24, 25 and 26 are already disclosed in FIG.

In a subsequent step, the user logs in to the game server 16 using the second terminal 6 (52). The login procedure includes the transmission of a username and password pair and device identification information of the second device. The game server 16 can recognize that the device has changed via the device identification and that the previously received initial SCAO cannot be used on the second device 6 to play some content. can do.

The game server transmits device identification information or login data of the first terminal 4 and the second terminal 6 to the enhanced backup server 18 (53). The enhanced backup server 18 decodes and supplements the initial SCAOs and the ability of the backup server 12 of FIGS. 2 and 3 to externally store initial specifically coded access objects (SCAOs). Combine the ability of the DRM server 14 of FIG. 4 to recode them.

The enhanced backup server 18 can access the stored initial SCAO coded according to the first terminal device 4 and can decrypt it into an uncoded access object. The enhanced backup server 18 may recode the uncoded access object coded according to the identification data of the second terminal device 6 into an auxiliary SCAO. This enhanced backup server 18 stores the newly created auxiliary SCAO in combination with the device identification data of the second device 6.

The newly created auxiliary SCAO is then sent 54 to the game server 16. The game server then sends 56 the secondary SCAO to the second terminal device 6 via the cellular network 10.

That is, it is only necessary to log in to the game server with a new terminal in order to obtain an auxiliary SCAO for the new device in FIG.

6 illustrates another implementation of a method for reissuing SCAOs to another terminal device. Initial steps of acquiring SCAO are the same as those disclosed in FIGS. In Fig. 7, the backup copy of the SCAO is stored in the backup server of the first terminal 4, for example in the form of a private backup (not shown). It is anticipated that the first terminal device 4 will be destroyed when the line of the first terminal device is interrupted. Following the destruction of the first terminal device the user wants to play or use the content on the other (secondary) terminal device 6 he has obtained (indicated by the transition from the interrupted line to the continuous line). Due to the specificity of the SCAO it is not possible to use SCAOs stored on interchangeable memory modules that are not destroyed in the second terminal device 6.

The user thus carries (100) and goes to service point 15 the available backups of the earlier SCAOs on his failed device and backup medium such as a memory card and / or a floppy disk. The operator of the service point 15 establishes access to the management server 13 and transmits identification information (eg IMEI) of the failed first device 4 to the management server 13.

The software in the management server 13 requests 104 all stored data from the central server 17 (based on the IMEI (of the failed first terminal 4)). The central server 17 transmits all the required data to the management server 13 (106).

In a next step the management server 13 is configured to initially store all initially stored on the backup server 12 (based on the IMEI and / or certificate of the failed first terminal 4, for example a personal device key). Require coded access objects (SCAOs) (108, 110). The management server 13 requires the operator at the service point 15 to copy 112, 113 all data of private backups such as memory cards and floppy disks to the management server 13.

The management server 13 sends all the data from the backup server 12 (ie the initial SCAOs) and the transmitted private to identify the user's uncoded access objects assigned to the failed first terminal 4. Decode or decode backup 112 and 113 data. The decryption can be performed because the central server 17 has transmitted the private key of the failed first terminal 4 to the management server 13.

In addition, all data from the backup server 12 (i.e. the management server 13) may be identified in the protected central server 17 to identify the user's uncoded access objects assigned to the failed first terminal 4. It is envisioned to transmit all data to the central server for decryption or decoding of the initial SCAOs) and transmitted private backups 112 and 113 data. Since the management server 13 transmits the SCAOs of the failed first terminal 4 to the central server 17, the decryption can be performed in the central server 17.

The central management server also decrypts and decodes the private backups 112 and 113 data and all data for identifying uncoded access objects of a user assigned to the failed first terminal 4. It is envisioned to transmit all data to the server 17. The central server 17 can access the (ie the initial) SCAOs of the failed device directly from the backup server 12. All decoding can be done at the protected central server 17 and no private key needs to be transmitted from the protected central server 17. The central server 17 then recodes the (secondary) SCAOs according to the public key of the second device and sends it directly to the backup server 12 to the second terminal or the management server 13. Can be.

The management server 13 may send a notification of all available initial SCAO of the user (only for information) to the operator of the service point via a window on the display of the service point 15 (not shown). Not).

Subsequent to the identification of all initial SCAOs of the failed first terminal 4 by the management server 13 a request to transmit 114 the IMEI number of the new second terminal 6 is provided to the service point 15. Is sent to the operator. The IMEI of the second device is linked with the new private / public terminal device key.

The information stored in the backup server is updated based on the new IMEI number of the second terminal 6 (116). The update procedure in particular involves specifically encrypting access objects that are not recoded with a new public key associated with the second terminal device 6. This encryption results in auxiliary SCAOs (ie SCAOs for the second device).

The newly encrypted secondary SCAOs will be sent to the backup server (in combination with the old username, old password, new IMEI) (116) (and can be encrypted with the new public device key).

The operator of the service point 15 will be required to insert the user's SIM card (subscriber identification member) into the second terminal device 6.

Finally, the user must log in to the backup server 12 with the second terminal device 6 (the user can be assisted by the operator). In detail, the user establishes an online connection to the backup server 12 via the cellular communication network 10 (120) and registers (ie logs in) a user name and password. By selecting a backup menu (in the background process) the IMEI and / or the public device key or certificate may be required and sent to the backup server 12. Finally, the encrypted auxiliary specifically coded access objects (SCAOs) are downloaded 22 to the second terminal device 6. And the download of the auxiliary SCAOs is complete.

In the last step (not shown), contents (eg corresponding to a game title) requiring execution of the auxiliary SCAOs can be transmitted and installed in the second terminal 6.

7 illustrates one embodiment of a network server for reissue and / or copy of SCAOs. The network server is implemented as a backup server 12 for resending SCAOs from the server to the mobile terminal device via a cellular communication network 10.

The backup server 12 includes a cellular communication network interface 60 for exchanging data with terminal devices (not shown) via the cellular communication network. The backup server 12 may receive terminal device identification information, initial SCAOs, and authentication data through the interface 60. The interface 60 is further configured to transmit the supplementary SCAO obtained through the cellular communication network 10 to a terminal device having the terminal device identification information from which the supplementary SCAO is obtained. The SCAOs, the device identifications, the personal device keys or the uncoded access objects can be sent via a secure memory card or sent online via a GPRS connection. Thus, the interface device must include, for example, GPRS capabilities.

The terminal device further comprises authentication means 76 connected to the interface for authenticating the received terminal device identification information and / or authentication data. The authentication means 76 is connected to at least the terminal identification information storage device 80 and the code identification information storage device 82 so as to perform authentication procedures. The authentication means 76 is further configured to determine whether the identification information or authentication data received as initially associated with a terminal for which a specifically coded access object (SCAO) was previously generated identifies the terminal identification information. .

The backup server 12 is further provided with a SCAO storage device 84 for storing initial SCAOs and / or auxiliary SCAOs. The SCAO storage device 84 may store initial SCAOs, for example, to determine for which device the SCAO has already been created. The SCAO storage device 84 can also be used to store the generated auxiliary SCAOs (in this case the difference between the secondary and primary SCAOs is blurred).

The backup server is further provided with acquiring means 78 configured to acquire SCAOs. The acquiring means 78 is connected to the authenticating means in order to generate auxiliary SCAOs according to the device identification information. The generation can be performed as shown in the previous specification. The obtaining means 78 is configured to obtain auxiliary SCAOs according to the received device identification information and authentication data. The obtaining means may rely on other external databases to obtain SCAOs by search operations and / or creation operations.

Using the present invention the owner of SCAOs (eg SCAOs of a game) may have an automatic backup of their SCAOs during the download of purchased SCAOs. Stored SCAOs (backups) can be downloaded at any time from the owner. Due to strong encryption of the SCAOs on the backup server, misuse of the backup is unlikely possible.

Using the present invention, the owner of SCAOs (eg, an access object of a computer or an online game) will be able to regain their SCAOs in case of a failed device. Stored SCAOs (backups) can be downloaded at any time from the owner. Due to the strong and specific encryption of the SCAOs on the backup server, misuse of the backup is unlikely possible.

This application contains the description of embodiments and embodiments of the present invention with the aid of examples. Those skilled in the art will appreciate that the invention is not limited to the details of the embodiments set forth above and that the invention may also be embodied in other forms without departing from the features of the invention. The embodiments presented above should be considered illustrative and not restrictive. Thus, the possibility of implementing and using the invention is limited only by the appended claims. Therefore, various options for implementing the invention as determined by the claims, including equivalent embodiments, also fall within the scope of the invention.

Claims (17)

A method for resending a specifically coded access object from a server to a terminal over a communications network, the method comprising: Receiving at least one of at least one terminal device identification and authentication data at a server; Determining whether at least one of the identification information and the authentication data identifies terminal identification information as being associated with a terminal from which an initial specifically coded access object was previously generated; Obtaining, at the server, a secondary specifically coded access object in accordance with the received terminal identification information if the received terminal identification information has been identified as a previously generated terminal. ; And Sending said auxiliary specifically coded access object to said terminal device via said network, said terminal device having terminal device identification information from which said auxiliary specifically coded access object has been obtained; Method comprising a. 2. The method of claim 1, further comprising storing at the server the initial specifically coded access object of a previous step. 3. The method of claim 2, wherein the initial specifically coded access object is stored after initial creation of the initial specifically coded access object. 4. The method of claim 2 or 3, wherein the initial specifically coded access object is stored after receiving the initial specifically coded access object from a terminal device during online access. 4. The method of claim 2 or 3, wherein the step of obtaining the auxiliary specifically coded access object at the server is performed by retrieving the previously stored initial specific coded access object. Way. 4. The method of claim 2 or 3, wherein two terminal device identification information is received, namely the first device identification information and the second device identification information, and the step of obtaining a specifically coded access object at the server further comprises: Decode the previously stored first specifically coded access object according to the first device identification information received, and decode the auxiliary specifically coded access object for transmission according to the received second device identification information. Characterized in that it is carried out by generating. 2. The apparatus of claim 1, wherein two terminal device identification information, namely a first device identification information and a second device identification information, are received, and further initially specific coded access objects are received at the server. Coded access object is coded according to the first device identification information, and obtaining the auxiliary specifically coded access object at the server comprises: receiving the received initial information according to the received first device identification information; And by decoding said specifically coded access object and generating said auxiliary specifically coded access object for transmission in accordance with said received second device identification. A method for resending a specifically coded access object from a server to a terminal in a system comprising a server and a terminal connected via a communication network, the method comprising: Sending at least one terminal device identification information from the terminal device to the server; Sending authentication data to the server; Receiving the at least one terminal device identification and the authentication data at the server; Determining whether the identification information or authentication data identifies the terminal identification information received as being associated with a terminal in which the initial specifically coded access object was previously generated; If the terminal identification information has identified the terminal in which the initial specifically coded access object has been identified as a previously created terminal, the auxiliary specifically coded access object assisted according to the received device identification information and authentication data; Acquiring at the server; Sending, via the communication network, the auxiliary specifically coded access object to the terminal device, the terminal device sending the terminal device identification information from which the auxiliary specifically coded access object was obtained. Providing; And Storing the auxiliary specifically coded access object on the terminal device. 9. The method of any one of claims 1 to 3, 7, and 8, further comprising storing the initial specifically coded access object in a user memory device operably connected to the terminal device. It further comprises a method. 10. The method of claim 9, further comprising storing identification information of the terminal in the user memory device along with the initial specifically coded access object. 9. A method according to any one of claims 1 to 3, 7 and 8, wherein said communication network is a cellular communication network and said terminal device is a mobile cellular terminal of said cellular communication network. Claims 1 to 3, 7 and 8 when the program is run on a controller, processor-based device, computer, microprocessor-based device, terminal, network device, terminal, mobile terminal or mobile communication capable terminal. A computer-readable medium capable of resending a specifically coded access object from a server to a terminal device, comprising program code portions for performing the steps of any one of the preceding claims. delete delete A computer readable medium comprising computer data signals representing carrier instructions and instructions for causing the steps of any one of claims 1 to 3, 7, and 8 to be executed when executed by a processor. A network server for resending a specifically coded access object from a server to a terminal device over a communication network, the network server comprising: An interface to the communication network for receiving at least one terminal device identification, an initial specifically coded access object and authentication data; Authentication means connected to said interface for authenticating at least one of the received terminal device identification and authentication data; Assisted specifically coded access object receiving and obtaining means connected to said authentication means, for generating an assisted specifically coded access object; And At least one storage device connected to said authentication means, The authentication means is configured to determine whether the identification information or authentication data identifies terminal identification information as being associated with a terminal in which an initial specifically coded access object was previously generated, The obtaining means is configured to obtain auxiliary specifically coded access objects according to the received device identification information and authentication data, The storage device is configured to store specifically coded access objects, The interface is configured to transmit, through the communication network, the acquired specific specifically coded access object to the terminal device having the terminal device identification information obtained. Featured network server. 17. The network server of claim 16, wherein the network server is a server of a cellular communication network and the interface is an interface to the cellular communication network configured to receive at least one terminal device identification of a mobile cellular terminal device. .

Images