RU2169437C1 - Procedure to gain access to objects for users of telecommunication network - Google Patents

Abstract

FIELD: communication. SUBSTANCE: claim describes procedure making it possible for first mobile user of telecommunication network in which users are identified by operator of this telecommunication network with the aid of personal identification module to give other users of telecommunication network access to objects. Procedure is distinguished by presence of following stages: redundancy by first user of segment of storage in one accessible system of data base from specified telecommunication network in which assemblage of users as minimum can arrange objects, placement by first user of objects in mentioned segment of storage, assignment by first user of authority for access to mentioned objects, sending of request by second user to system of data base, authorization by system of data base of second user to give him access to objects. Information identifying second user kept in personal identification module is used to identify him in system of data base. Response signal is sent to second user by system of data base if his access to objects is authorized. EFFECT: development of procedure in which users can identify themselves with the help of identifying module that can utilize such identification to check authority of access to various objects of contractors. 47 cl, 1 dwg

Description

 The present invention relates to a method for providing users of a telecommunications network access to objects, in particular documents, multimedia objects, application software and / or processes. The present invention relates, in particular, to a method for providing access to objects to mobile users of a network in which users are identified using an identification module, for example using a personal chip card (card with an integrated chip), in particular using a so-called SIM card (from the English. "subscriber identification module", subscriber identity module).

 Telecommunication systems that provide other users with access to data and objects are already known. In these systems, also called polling systems, various service providers can place objects and information in various nodes of the telecommunication network, which then users can access for their part. The Internet is a well-known example of such a system.

 Typically, users connect to a local Internet service provider (a so-called Internet service provider) through a public switched telephone network. As a rule, users are not personally identified by the company owning the telephone network, and only the terminal devices used to calculate the payment for the provision of communication services are subject to identification, regardless of the user. Typically, users to enter the Internet need to inform their ISP of a password for identification, however, many Internet providers do not require absolutely reliable identification. As a result, anonymous and unauthenticated users can use the Internet. In addition, the Internet service provider, as a rule, does not transfer user identifying data to other information providers.

 Since the information identifying Internet users is not absolutely reliable, it cannot be used to verify the access rights of these users to confidential objects, such as personal or business documents. Providers of confidential or paid objects and documents on the Internet typically require users to identify themselves with a password before they are granted access to protected areas of memory. Users in this case are identified directly by the provider (of services or information) and receive several bills for the services provided, namely the first bill from the telephone company for connecting to the Internet provider, the second bill from the Internet provider itself for providing access to the Internet and the third bill from an object provider for accessing the requested objects. This calculation method is quite inconvenient for the user.

 In addition, cellular radio communication networks and other networks are known in which users, often also called subscribers, identify themselves using an identification module, often called a SIM card, in the form of a chip card. The identification of users of these networks by the company-owner of the network (also called the network operator) is quite reliable and reliable and does not depend on the terminal device used. An example of such a network is a GSM cellular communication network (from the English "Global System for Mobile communications", a global system of mobile communications).

 The GSM network was developed primarily for voice exchange between mobile users. However, the means of coordination (interfaces) of GSM networks with other networks, for example, the Internet, are also known and described, in particular, in EP-A1 0841788. Thus, subscribers of a cellular communication network are given the opportunity to access the data that the provider has placed on the host -nodel on the Internet, and receive this data, for example, to mobile terminal devices, in particular to mobile radiotelephones or portable personal computers. The protocol for exchanging data and applications within a cellular communication network was developed in detail, in particular, by the WAP Forum (Wireless Application Protocol, a WAP protocol that is a protocol for wireless access to information and service resources of the Internet directly from mobile phones).

 Subscribers of a cellular communication network, which in this way using their mobile terminal device are connected to the Internet, are identified only within the cellular communication network itself. However, this reliable and reliable identification of users using a chip card cannot be used by providers of objects on the Internet to verify the credentials of these users to access protected objects. In addition, property providers cannot simply bill these users for their access to the specified property.

 Based on the foregoing, the present task was based on the development of such a method for providing users of a telecommunication network with access to objects in which users could identify themselves using an identification module and in which such identification could be used to verify access rights to various objects of various suppliers .

 Another objective of the invention is to develop such a method that could be used by mobile users who are not associated with a permanent node in a telecommunication network. Mobile users in the context of the present invention are called users who can connect to the telecommunications network at various nodes and whose identification does not depend on geographical location. As an example of mobile users, digital cellular network subscribers, users of fixed-line communication networks and high-frequency communication networks using power lines can be mentioned, and users in such networks can be identified personally and independently of the terminal device used using the identification module.

 Another objective of the invention is to develop such a method in which the suppliers of objects could be identified using the identification module, to ensure the possibility of their reliable identification and so that they themselves can decide on the issue of allowing access to stored data.

 Authority for accessing objects provided by the object provider can be issued in the name of a specific user or to the owner of the token. In the first case, only those users whose name or identification data are contained in the list compiled by the supplier have access to the relevant objects. In the second case, in order to gain access, users must purchase a token transferred from one person to another. These markers contain, for example, an electronic key to the relevant documents and can also be sold or transferred. Thus, the copyright of a document, such as text or a multimedia document, can also be sold.

 The tasks are solved by the proposed method of providing users of a telecommunications network with access to objects that allow the first mobile user of a telecommunications network, in which users are identified by the operator of this telecommunications network using a personal identification module, to provide other users of the telecommunications network with access to objects. According to the invention, the method is characterized by the presence of the following stages: reservation by the first user of a memory area in one database system accessible from the indicated telecommunication network, in which at least a plurality of users can place objects, placement by the first user of objects in the indicated memory area, assignment of access rights to the first user to to the specified objects, sending a second user a request to the database system, checking the database system’s credentials of the second user user to access objects, while identifying the second user in the database system, the information that identifies him is stored in his personal identification module and sending a response from the database system to the second user if he has authority to gain access to the objects.

 According to the invention, the database system is distributed among various host nodes accessible from a telecommunication network.

 Preferably, the telecommunications network is a digital cellular communication network.

 It is also preferable that the telecommunications network is a digital high-frequency communication network over power lines (RF communication network over power lines).

 It is also preferred that the telecommunication network is a digital telephone network in which user identification is carried out independently of the terminal device used by means of a chip card.

 In accordance with the invention, the database system should be connected using a transmission control protocol / Internet protocol channel (TCP / IP channel) for transmitting data with a telecommunication network.

 In accordance with the invention, requests from users and responses from the database system are converted into a direct Internet access interface (PDI interface) providing a connection between a telecommunication network and a TCP / IP data transmission channel.

 Users according to the proposed method do not require obtaining authority to access certain public objects.

 It is important to note that users grant access to certain objects to only a limited number of predefined users (a closed group of users), and that users provide access to certain objects only to themselves.

 Users can also grant access to certain objects only to owners of a certain marker, which contains an electronic key, and after accessing the corresponding objects, the marker is canceled.

 In this case, the marker is canceled only when the database system receives confirmation from the requesting user that he has fully received the relevant objects.

 In accordance with the invention, user identification in the database system is additionally carried out by entering a password that is requested by the user administrator, the password being requested by the application in the user identification module.

 In accordance with the invention, user identification in the database system is additionally carried out using an electronic key stored in the memory of their identification module.

 Preferably, the identifying information is an international mobile subscriber identity code (IMSI identifier).

 Identification information may be contained in a network application in an identification module.

 It must be emphasized that in accordance with the invention, the electronic key is issued by a trusted third party.

 According to the invention, at least in some messages exchanged between the user and the database system, a digital signature is affixed.

 It is advisable that the completeness of at least some of the transmitted requests and / or objects is checked using an electronic key.

 A personal configuration may be stored in the database system for at least some users.

 At the same time, personal configurations contain user-preferred parameters for using the database system, and personal configurations indicate preferred user requests in the form of electronic bookmarks.

 In accordance with the invention, for the reservation of a memory area, the identification of users-owners of objects can be carried out using an identification module, and the reserved areas of memory can be leased to users-owners of objects.

 It should be noted that according to the method according to the invention, the fee charged for rented areas (440) of memory depends on the amount of data stored in them and on the duration of storage.

 Users in accordance with the proposed method reserve memory areas and place objects in these memory areas via the Internet.

 It is advisable to use the WAP protocol, which is a protocol for wireless access to information and service resources of the Internet directly from mobile phones, for exchanging data between terminal devices and the database system and for the menu structure.

 In accordance with the proposed method, at least some objects are documents, or multimedia objects, or applications that can be run by second users.

 The invention provides that when processing at least some requests a certain amount is charged, a message is prepared with at least one indication of this amount and sent to the billing center in the telecommunication network, while the billing center also charges users for the traffic in this telecommunication network, and the billing center writes the user this amount in the debit.

 Moreover, at least some amounts are automatically debited from the previously deposited amount in the user identification module, and at least some amounts, together with the account for using telecommunication network services, are included in the account for the second users.

 In accordance with the invention, first users can set the expiration date for the storage of objects, after which these objects can no longer be accessed.

 In addition, first users can set the time interval for storing objects during which these objects can be accessed.

 According to the invention, at least some of the first users may provide a certain quality of service for the stored objects.

 At the same time, at least some second users can specify in a personal configuration information about a certain quality of service with which these users can receive these objects.

 Moreover, information on the quality of services contains information about the minimum bandwidth for the transmission of objects, as well as information about the maximum transmission time of the object.

 Moreover, the quality of service information contains information about the preferred transmission channel.

 Preferably, the objects are stored in a directory at least partially determined by the database administrator, while at least some of the objects are search engines that index and / or catalog other objects to enable them to be searched.

 According to the invention, the personal configuration contains data about the terminal device used by the second user.

 The invention also enables at least some of the requested objects to be transferred to another device via a Bluetooth interface.

 Below the invention is explained in more detail by describing an example of one of the variants of its implementation with reference to the accompanying drawing, in which in the form of a block diagram presents the most important components of a telecommunication system for implementing the method.

 This drawing schematically shows a user terminal 1 that can be used in a telecommunications network 2. Such a terminal 1 can be, for example, a digital mobile radio device (MU), for example, a mobile radiotelephone or laptop / laptop type personal computer palmtop ", which, for example, can be used in a GSM network 20 or in a UMTS network. The terminal device 1 can also be the terminal device of high-frequency communication networks over power lines (RF communication over power lines) (PLC networks from the English "Power Line Communications"), which can be connected to other terminal devices through the power network of telecommunication network 2. In In one embodiment, the terminal device 1 is a conventional terminal device in a network with fixed lines, for example, a telephone, a fax machine, a television receiver, a radio receiver or a central digital broadcast receiver (digital broadcast receiver), or a sleepy computer with a modem equipped with a chip card reader.

 The terminal device in this example has an identification module 10 (described in more detail below), data processing means 11 (for example, a processor with corresponding storage means), input means 12, for example a keyboard, microphone, pen or mouse, as well as a display device 13, for example liquid crystal display and / or speaker. Preferably, the terminal device 1 further comprises a wireless interface 14 with which it can be connected to other devices 6 in the same room. Such a wireless interface 14 may be, for example, an infrared interface, for example, according to the lrdA protocol (developed by the Infrared Data Association, IRDA), or preferably a radio interface according to Bluetooth specifications. Another device 6 may serve, for example, to expand the capabilities of a typically portable terminal device 1 for inputting, displaying, or storing information. This device 6 can be, for example, a personal computer that has great capabilities for storing and processing information, a device for visual display of information, such as a monitor, projector, television receiver or printer, or a receiving device, for example a personal computer with an Internet connection , DEM receiver, etc. The data transmission between the terminal device 1 and the peripheral device 6 is preferably bi-directional.

 The data processing means 11 preferably have hardware components, as well as software modules, for example a WAP module ("Wireless Application Protocol"), capable of receiving and transmitting data according to the WAP protocol.

 Other components in the terminal 1 may also be, for example, a GPS receiver not shown (from the Global Positionning System, global satellite positioning system receiver), or another positioning device with which the geographical location of the terminal can be established.

 The user of the terminal device 1 is identified in the network 2 by means of an identification module 10, for example, a chip card inserted in the terminal device. Such identification cards are already common, in particular, in GSM cellular telephone networks and are also used in decoders for receiving paid TV channels and in various information computing (computer) networks. The identification card 10 preferably has a processor not shown, for example a microprocessor with built-in memory, as well as contact pads not shown for connecting the card to a terminal device.

 The identification data 102, which uniquely characterizes the user in the telecommunication network 2, is stored in the protected area of the memory card 10. Such data is known, for example, in GSM networks under the name IMSI (from the English. "International Mobile Subscriber Identity", code for the international identification of mobile subscribers ) As described in more detail below, such an identifier is used according to the invention and to identify users in the database system 4.

 As an identification, in one embodiment of the present invention, it is possible to use a network application in a chip card with Java support, in particular a Java application, for example, with GSM functions. Due to this, the proposed method can also be implemented using a card with Java support.

 In addition, the identification card 10 preferably has means 100 for encrypting and creating a digital signature (signature), allowing you to sign and encrypt messages transmitted over the network 2 and authenticate them. For this purpose, the TTP method (from the English "Trusted Third Party", trusted third party) described in PCT / CH90 / 00096 is preferably used. This method ensures the confidentiality, authentication and indisputability of the source of information, data integrity and authentication of the corresponding sender.

 In addition, SQL client 101 is preferably integrated into the card 10 as a software application (from the English "Structured Query Language", structured query language). Card-integrated SQL clients are already offered by Centura. Due to this, as described below, in the telecommunication network, data can be exchanged using the SQL protocol between the SQL client 101 in the card and the external SQL database server. However, according to the invention, instead of or in addition to the SQL-language, other query languages can be used to process information in databases.

 In the preferred embodiment, map 10 has Java support, and the SQL client is SQL JDBC, i.e. SQL-client with the ability to communicate with the database based on Java-applications (from the English. "Java Database Connectivity").

 The terminal device 1 using the identification module 10 can be registered in the network 2, for example in a cellular communication network 20, for communication with other terminal devices in this network. Network 2 preferably has a Subscriber Credential Register (ORE) 22, in which user-related information is stored, in particular the billing address and the current location of the terminal device in the network. When a user turns on his terminal device or enters the network with his help, he is identified by ORE 22 based on his identification data 102. For traffic, i.e. for connections that the user establishes in network 2, or for using additional services in the network, settlement (clearing) center 21 (billing server) charges a fee either in the form of writing off a certain amount from an unapproved cash account in card 10 (prepayment), or later this the amount is included in the monthly invoice issued to the user (post-payment).

 In a preferred embodiment, the user can, using his terminal device, register in other networks served by other operators. Known roaming methods are used for this purpose. Such methods, which is their advantage, provide users with the opportunity to register and connect using an ID card 10 also to networks of a different type, for example, using the same card and corresponding terminal devices, connect to a GSM network operating in the range of 900, 1800 or 1900 MHz, or to the HF communication network via power lines (in a PLC network). However, invoices are issued to the user always by the settlement center of the operator of the network of which he is a subscriber.

 Using the appropriate interface 3 direct Internet access (PDI) network 2 is connected to the network 5 of the Internet. This interface 3 allows you to send messages in both directions between network 2 and the Internet. Thus, a user connected to the network 2, with the help of his terminal device 1 can also prepare, send and receive messages by e-mail or remotely download data from the WEB server 51 or from databases 50 (databases) on the Internet. For this purpose, the WAP protocol is preferably used.

 On the Internet 5, the mobile user is anonymous, or at most he can be identified by his easily forged email address. Therefore, access to protected or paid applications or objects on the Internet is possible only with the help of additional end-to-end encryption methods. The calculation for gaining access to such applications in this case is usually carried out by the service provider 50, 51, to whom the requesting user gives his credit card number. The user is billed for each service rendered to him, which is relatively inconvenient, and especially when a lot of small amounts are received from various service providers. In addition, in most cases, users and owners of objects do not know each other, as a result of which the latter are practically unable to verify the solvency of users.

 According to the invention, network 2 is also connected to the database system 4, the maintenance of which is carried out, for example, by the operator of network 2 and / or one or more organizations associated with it. The communication between the network 2 and the database system 4 is preferably carried out through the aforementioned PDI interface 3 and the data transmission channel 49, for example, via the TCP / IP channel (from the English "Transmission Control Protocol / Internet Protocol", transmission control protocol / Internet protocol ), a channel with asynchronous data transfer (ADF), or an XDSL channel, and optionally through a so-called firewall 40 (firewall). The TCP / IP channel and firewall 40 are preferably controlled by the operator of network 2 and / or system 5, and therefore, the connection is not established via the public Internet 5.

 The database system consists of one or preferably several distributed databases 44 (host nodes or machines), which can be located in different geographical locations. The entire database, in particular the placement of objects in the host machines and, if necessary, replication rights, is managed by a regular database administrator 42. Such a database administrator may, for example, have a regular SQL server 42, preferably a server with Java-DBC support. The user administrator 43, which consists of a software module, manages the rights of various users.

 To provide other users of the telecommunication network with access to objects, the user must first reserve an area 440 in the database system 4. To this end, he must register on network 2 and send, for example, using the WAR protocol and / or SQL protocol, a message to the database system. According to the invention, the user administrator 43 identifies such a user using the identification data 102 transmitted from his identification module 10. In the case of the GSM network 20, for example, IMSI authentication or the identification information contained in the network application, which is stored in the user SIM card 10, transmitted over network 2 and secure channel 3, 49, 40 to the database system. The user can then place data and objects in this reserved area 440.

 Preferably, the reserved memory areas in the database system are leased to the user. The amount accrued in this case depends, for example, on the amount of the reserved or actually used memory area and on the duration of use of such an area. Other parameters, such as, for example, information about a particular required quality of service, may also affect the amount of the charge. The details of the accrued amounts are preferably periodically determined by the administrator of 43 users, compiled into a message and delivered via the data channel 49 and the user's home network 2 to the billing center 21. For this purpose, for example, processes that are already used for CDR transmission (from English "Call Details Records", records of details of telephone calls) when roaming between two cellular communication networks. Network applications, for example, a Java application, can also be used for settlements in various networks 2. In this case, the amount for using the database is simply included in the normal bill to the tenant user for using the network, or it is billed separately or debited to his map.

 Offeror, i.e. a tenant user offering access to information stored in a database may determine various permissions 441 to gain access to stored objects. So, for example, some objects can be private, and in this case only the user himself can have access to these objects. In such a private area, he can, for example, place objects and documents for which there is no space on his identification card 10. He can also use this area, for example, to back up from certain areas of the memory of his card, in particular for copying to system 4 of a database of telephone numbers stored in his card and related information. In this private area, he can save objects in the same way as in his card 10 or in his terminal device 1.

 Other objects may be available, for example, only for a certain group of other users (closed user group). Such objects may include, for example, office documents and applications for internal use. Eligible Users, i.e. users with the right to access such information can be named by name, in which case only the users indicated in the list of the owner of the object can have access to these objects, or the owners of certain transferred tokens can be such authorized users, and in this last one In this case, only those users who previously purchased the appropriate marker can access these objects once. Such markers contain, for example, an electronic key necessary for reading information related to objects. After successful access to the relevant objects, the used marker is erased or canceled. In this way, for example, sales of objects, in particular text documents, computer programs or multimedia objects, can be carried out.

 Obviously, other objects can be made publicly available, in which case any user can access these objects without special permissions.

 A user who wants to access objects stored in system 4 of the database must first establish communication with this system. For this purpose, the user uses a terminal device 1 with an identification module 10, preferably a terminal WAP-compatible device and / or module. The user is identified in the network 2 and in the database system 4 using the corresponding identification data stored in his identification module. In a preferred embodiment, its identifier is also controlled by the TTP server 41, which verifies the electronic signature generated by the encryption means 100. Such an electronic signature can be requested either every time, or only for access to certain objects, for example, only if the provider-owner of the object requires it. To gain access, for example, to certain objects or address areas of the database, the user administrator, the owner of the object or the corresponding program in its identification module may also require a password.

 In this case, the user requesting access can send a request to system 4 of the database. In the simplest case, such a query can contain only the address of the document in the database system, or it can be a more complex query, for example, an SQL query issued by the SQL client 101, which is recognized and interpreted by the SQL server 42. After that, the SQL server issues a response to the request, which may, for example, consist of a list indicating one or more objects 440 in the database system, and checks whether the already identified user has access to these objects. To this end, he checks the permissions allocated by the owner of the objects for the right of access to these objects.

 If the requesting user has sufficient authority to gain access to the object, the database system gives this user a response that already contains, for example, a copy of the requested object. In this case, the requested object can be viewed, stored or listened to on the user terminal 1 or transmitted via infrared or Bluetooth to another device 6. In the same case, if the user does not have access to these objects, he will preferably receive a message or please enter other identification information, for example, in the form of a password. It is preferable to limit the number of attempts to gain access to the requested objects to a certain number n, for example, 3, and after making n attempts to block the requested access.

 Owners of objects can restrict access to their objects and a certain period. In this case, the database system allows access to these objects only until the specified date, which may be appropriate, for example, for the distribution of tariffs or other time-dependent information. In one embodiment of the invention, it is also possible to indicate a certain time interval with the start and end dates of the access permit.

 As already mentioned above, owners of objects can save, for example, documents and objects in any format, for example, in the form of text documents, still or moving images, sequences of sounds, etc. However, it is also possible to save applications and computer programs in the database that other users can remotely download and run on their computers, while the owners of the objects can allow either one-time or unlimited use of such programs and applications. Owners of objects can also store in the database such objects and data processing applications, the execution of which is launched in the database system. So, for example, the so-called search engines can also be stored in the database, which allow the user to search for other objects in the database system 4 or perform other operations. Applications can also be stored in the database system, for example, the so-called personal agents ("intermediaries"), the parameters of which can be determined by the requesting users themselves in order to perform certain functions.

 The user administrator 43 preferably checks whether the terminal device of the requesting user technically allows the latter to access the requested objects. So, for example, it would be useless to send the user a document that contains only pictures if the terminal device of this user is not able to reproduce these pictures. To this end, the JINI protocol, known for other applications in GSM networks, is preferably used to verify technical compatibility between the user terminal and the requested object.

 The structure of directories (directories) in databases 44 is not critical for the present invention, however, it should provide a quick search for objects stored in these databases. Each object stored in the database preferably has its own address, with certain parts of this address being assigned by the database administrator, while other parts are determined by the providers. Search engines provided by the database administrator 42 and / or the provider help users find the requested objects by indexing or cataloging other objects. Users can preferably also save the address of important documents or other standard queries in the form of so-called electronic bookmarks in their identification modules.

 The user-configured system profile (user parameters or personal configuration) is preferably stored in the database system and managed by the user administrator. In the personal configuration, individual user data is stored, for example, identifying information, a preferred language, a preferred terminal device, etc., or preferred electronic bookmarks. In a preferred embodiment, the user-created personal configuration also contains information about the required quality of services. Due to this possibility, different users can be provided with qualitatively different access to objects, the payment for which, possibly, will be different. The quality of services with respect to a particular object can, for example, be determined by the allocated bandwidth, response time, availability, preferred transmission channel (for example, whether the service is used for paging, email, fax and short messages (the so-called SMS service from the English. "Short Message Service "), USSD or voice channel and / or data channel in the case of GSM cellular communications network 20).

 Similarly, users storing objects in the system 4 of the database and providing other users with access to them can also provide various quality of services for these objects. Owners of objects may, for example, indicate that each user can access certain objects with a maximum bandwidth. Owners of objects when the database system is distributed across several servers can also, for example, require that their objects be stored on servers with higher characteristics, for example, servers with higher speed or with a higher degree of protection.

 The fee for accessing the requested objects in system 4 of the database in this case can be increased. It was already mentioned above that access to certain objects can only be allowed if the requesting user has acquired the corresponding marker in advance, and these tokens can also be sold again or otherwise sold on the market. However, the fee may also be demanded by the person servicing the database system 4, and using the above mechanism delivered by the settlement center 21 directly to the user. The requested fee may depend on various parameters, for example, on the size of the object (in kilobytes), the type of object, the requested quality of service, the complexity of the request, etc. In addition, the person servicing the database system and the operator (company-owner) of network 2 (in the case of two different organizations) may require a fee for transferring the object to the user's terminal device. The amount requested by the billing center 21 may be debited from the previously deposited amount of money in the user identification module or included in the bill for the use of the telecommunication network that is issued to the user.

 The tenderer (owner of the object) can also demand, using the above mechanism, a certain amount for access to the objects provided by him. The requested amount is assigned at the earliest when placing certain objects or classes of objects. When the user subsequently accesses such objects, this amount is determined by the database administrator, reported to the clearing center 21, set together with the database administrator charged for the use of other services, to the requesting user and recorded on credit to the provider.

 In a preferred embodiment, it is also possible to provide users with access to the system 4 of the database from the Internet 5: either to reserve memory areas for storing objects in them, or to gain access to these objects stored in the database. In this case, the encryption and signing method with direct (two-point) data transfer between users 51 from the Internet and the database system 4 is preferably used, which also allows reliable identification of users from the Internet. For this purpose, for example, the TTR method can be used. However, users from the Internet cannot access expensive objects in system 4 of the database, unless a different payment mechanism is used for this purpose, for example, using a credit card.

Claims (48)

 1. A method of providing users of a telecommunication network with access to objects, allowing the first mobile user of a telecommunication network 2, in which users are identified by the operator of this telecommunication network using a personal identification module 10, to provide other users of the telecommunication network with access to objects, characterized by the following stages: the user of the memory area (440) in one system accessible from the indicated telecommunication network 4 databases in which at least a plurality of users can place objects, placement by the first user of objects in the indicated area (440) of memory, assignment by the first user of authority (441) to access the indicated objects, sending by the second user of a request to the database system 4, verification database system 4 authorizes the second user to gain access to objects, while identifying the second user in the database system 4 uses the information identifying him 102 stored in his person tional identification module 10, and sending a reply from the database system 4, the second user in the event of his authority to access the objects.  2. The method according to claim 1, characterized in that the database system 4 is distributed over various host nodes 44 accessible from the telecommunications network 2.  3. The method according to claim 1 or 2, characterized in that the telecommunications network 2 is a digital cellular communication network 20.  4. The method according to claim 1 or 2, characterized in that the telecommunication network 2 is a digital high-frequency communication network over power lines (RF communication network over power lines).  5. The method according to claim 1 or 2, characterized in that the telecommunication network 2 is a digital telephone network in which user identification is carried out independently of the terminal device 1 used using the chip card 10.  6. The method according to any one of claims 1 to 5, characterized in that the database system is connected using a transmission control protocol / Internet protocol channel (TCP / IP channel) for transmitting data with a telecommunication network 2.  7. The method according to any one of claims 1 to 6, characterized in that requests from users and responses from the database system 4 are converted into the Internet direct access interface 3 (PDI interface), which provides a connection between telecommunication network 2 and TCP / IP data channel.  8. The method according to any one of claims 1 to 7, characterized in that users do not require obtaining authority to access certain public objects.  9. The method according to any one of claims 1 to 8, characterized in that users grant access to certain objects to only a limited number of predefined users.  10. The method according to any one of claims 1 to 9, characterized in that users provide access to certain objects only to themselves.  11. The method according to any one of claims 1 to 10, characterized in that users provide access to certain objects only to owners of a certain marker.  12. The method according to claim 11, characterized in that the marker contains an electronic key.  13. The method according to claim 11 or 12, characterized in that after accessing the relevant objects, the marker is canceled.  14. The method according to item 13, wherein the token is canceled only when the database system 4 receives confirmation from the requesting user that he has fully received the relevant objects.  15. The method according to any one of claims 1 to 14, characterized in that the identification of users in the database system 4 is additionally carried out by entering a password.  16. The method according to clause 15, wherein the password is requested by the user administrator.  17. The method according to clause 15, wherein the password is requested by the application in the user identification module 10.  18. The method according to any one of claims 1 to 17, characterized in that the identification of users in the database system 4 is additionally carried out using an electronic key stored in the memory of their identification module 10.  19. The method according to any one of claims 1 to 18, characterized in that the identification information 102 is a code for the international identification of mobile subscribers (IMSI identifier).  20. The method according to any one of claims 1 to 19, characterized in that the identifying information 102 is contained in the network application in the identification module 10.  21. The method according to any one of claims 1 to 20, characterized in that the electronic key is issued by a trusted third party.  22. The method according to any one of claims 1 to 21, characterized in that at least in some messages exchanged by the user and the database system 4, a digital signature is affixed.  23. The method according to any one of claims 1 to 22, characterized in that the completeness of at least some of the transmitted requests and / or objects is checked using an electronic key.  24. The method according to any one of claims 1 to 23, characterized in that a personal configuration is stored in the database system 4 for at least some users.  25. The method according to any one of claims 1 to 24, characterized in that the personal configurations contain user-preferred parameters for using the database system 4.  26. The method according to p. 22 or 23, characterized in that in the personal configurations indicate preferred user requests in the form of electronic bookmarks.  27. The method according to any one of claims 1 to 26, characterized in that, to reserve the area (440) of the memory, the identification of users-owners of objects is carried out using the identification module 10.  28. The method according to item 27, wherein the reserved area (440) memory can be leased to users who own objects.  29. The method according to any one of paragraphs.1 to 28, characterized in that the fee charged for the leased area (440) of memory depends on the amount of data stored in them and on the duration of storage.  30. The method according to any one of claims 1 to 29, characterized in that users reserve memory areas and place objects in these memory areas via the Internet.  31. The method according to any one of claims 1 to 30, characterized in that for the exchange of data between the terminal devices 1 and the database system 4 and the menu structure, the WAP protocol is used, which is a protocol for wireless access to information and service resources of the Internet directly from mobile phones.  32. The method according to any one of claims 1 to 31, characterized in that at least some objects are documents.  33. The method according to any one of claims 1 to 32, characterized in that at least some objects are multimedia objects.  34. The method according to any one of claims 1 to 33, characterized in that at least some of the objects are applications that can be run by second users.  35. The method according to any one of claims 1 to 34, characterized in that when processing at least some requests a certain amount is charged, a message is prepared with at least one indication of this amount and sent to the billing center 21 in the telecommunication network 2, With this, the billing center 21 also charges users for traffic in this telecommunication network 2, and the billing center 21 writes this amount to the user in debit.  36. The method according to claim 35, characterized in that at least some of the amounts are automatically debited from the previously deposited amount in the user identification module.  37. The method according to clause 35 or 36, characterized in that at least some amounts, together with the bill for the use of telecommunication network services, are included in the bill of the second users.  38. The method according to any one of claims 1 to 37, characterized in that the first users can set an expiration date for the storage of objects, after which these objects can no longer be accessed.  39. The method according to any one of claims 1 to 38, characterized in that the first users can set a time interval for storing objects during which these objects can be accessed.  40. The method according to any one of claims 1 to 39, characterized in that at least some of the first users provide a certain quality of service for the stored objects.  41. The method according to any one of claims 1 to 40, characterized in that at least some second users specify in a personal configuration information about a certain quality of service with which these users can receive these objects.  42. The method according to p. 40 or 41, characterized in that the information about the quality of services contains information about the minimum bandwidth for transmitting objects.  43. The method according to any one of paragraphs.40 to 42, characterized in that the information about the quality of services contains information about the maximum transmission time of the object.  44. The method according to any one of paragraphs.40 to 43, characterized in that the information about the quality of services contains information about the preferred transmission channel.  45. The method according to any one of claims 1 to 44, characterized in that the objects are stored in a directory at least partially defined by the administrator 43 of the database.  46. The method according to item 45, wherein that at least some objects are search engines that index and / or catalog other objects to facilitate their search.  47. The method according to any one of claims 1 to 46, characterized in that the personal configuration contains data about the terminal device 10 used by the second user.  48. The method according to any one of claims 1 to 47, characterized in that at least some of the requested objects are transferred to another device 6 via the Bluetooth interface 14, 63.