APPARATUS AND METHOD RELATING TO AUTHORISATION CONTROL
This invention relates to communication equipment and especially equipment of a type requiring a security code to be input for the communication equipment to effect communication of a selected type.
The invention will be described with respect to mobile telephones in one case and smart cards in another, but it is not intended that the concept be so limited.
It is conventional to have an identification module within a mobile telephone which requires a confidential personal identification number to be input by a user to enable access through the mobile phone to a network provider.
This allows a telephone network provider to be sure that use is authorised and that the user can be identified.
There could be value however if authorisation could be available to others other than the network provider.
This is generally commercially very difficult because others may have a different service offering and the network provider may not wish to convey or may not be entitled to convey any confidential information to any third party.
Also, the network provider would not wish to interfere with a third party service provider provided the communication services which are different from those of the third party services are being paid for.
It is irrelevant to the network provider that some other service is not being paid for or is being requested and not authorised.
An object of this invention is to provide an arrangement and method which provides the public with a useful alternative service to that available at the present time.
In accord with this invention there are proposed means to interpose by an "identification member receiving apparatus" means to accept or reject the access to the identification member.
In preference such means to accept or reject are instructed by information either held in a memory of the receiving apparatus or in a remote memory which is accessed by the receiving apparatus when required.
In preference, if the means to accept or reject are held in a local memory, then there is a look up reference so that if a first password is input, then the receiving apparatus will use this to check a status of the identified input by reference to a look up reference in memory and if cleared, transmit a further password to the identification member.
In preference there are, in the receiving apparatus, means to receive an input from a third party which will enable access to an identification member and enable with authorised access a change of a password required for access to the member and its authorisation of other effects.
In an alternative arrangement, in preference, there is provided that there is, within the receiving means, a means which will interrogate a remote data base with a first pass word which will be matched to a status flag and, if accepted, transmit back an approval code which is unique to the identifying member.
By accessing from time to time the identifying member and being able to introduce its own password access into this means that a third party can control access to the benefits of the member.
Such a member, as previously stated could be a sim card for a mobile phone or a smart card which can be used for a multitude of purposes.
The process anticipated is to have a receiver eg a mobile phone with additional logic. A third party has an authorised arrangement with the user of sim card that use of this will be subject to the approval of the third party. Accordingly, there is arranged that a different personal identification number be programmed into the sim card which is either only known to the third party or is embedded electronically so that only machines can "know" and transmit the personal identification number. Then, the user has a different personal identification number which is used to get
into the receiving apparatus but not the member (sim card). This first access then triggers an enquiry either in the receiving apparatus or a remote data base which obtains the further personal identification number for the member only if there is an approved status detected for that first personal identification number.
The invention can reside in an arrangement of the receiving means so structured as to perform the said tasks on receipt of a first enquiry with an identification member which has a detectable personal identification number requirement .
The invention can reside in the method of handling an enquiry for approval which includes the steps of having a first password or personal identification number access requirement that then is checked against an approval flag either internally or remotely, and only if approved will a further personal identification number be used to access the member which personal identification number is not known by the first user.
In a further form the invention can be said to reside in an arrangement by which a third party can effect control of access to an identification member by introducing a different personal identification number into the member which is only known to the third party either directly or indirectly and there are means to effect an interrogation of a status data base when a first personal identification number is input into a receiving apparatus, and only if an approved status is obtained does there result in the further access being effected through the personal identification number which is unknown to the first user.
For a better understanding of this invention it will now be described with reference to a preferred embodiment which shall be described with the assistance of drawings wherein
FIG 1 is a schematic drawing of a mobile phone with a credit card reader integrated therein and also a remote receiver, lookup up table reference system, and transmitter, and
FIG 2 is a flow diagram showing how the steps for the embodiment would be actioned.
Referring in detail to the drawings there is first shown a digital mobile phone 1 of a type having firstly a conventional subscriber identification module which is not specifically shown (but which can also be a universal identification module which enables access through a network provider to a network). As well there is provided a smart card reader 2 with the phone which is arranged to read information from an inserted card 3 which can then be used for a number of purposes to effect payment of accounts, transfer money, and otherwise generally effect money transactions.
However, the problem with an ordinary system is that there is no obviously efficient and safe system that will ensure that an account or access for any purpose is not approved.
This embodiment then provides that there is a first requirement for an input of a code such as a personal identification number whereupon there is logic in the form of a computer with memory in the phone which is arranged to transmit that information to a remote center 4 through network 5. The center 5 includes a receiver 6 with appropriate logic so that a look-up table 7 is consulted when a query is received and if the account has an approved status in the look up table 7 then there is generated a further code which is transmitted back through the network 5 to the phone 1. This further code which is a secret code is not known to the user of the phone and it is such that it will empower the use of the card and whatever functionality is agreed should be available. The secret code can be chosen to indicate different status approvals, for instance it can allow a limit of a size of transaction or it can otherwise inhibit or allow actions as shall be agreed.
Figure 2 illustrates the steps that are used by the respective processors in effecting the method.
Accordingly, there is an input at 8 into the keyboard 9 of the digital phone 10. This is a first code number that is a personal identification number. However, this is for access to a card credit system available through a card reader with the phone and accordingly, there is a logic in the phone to effect a transmission of the information which has been input out through a transmission part 11 of the phonel 0 and a network 12 to a dedicated receiver 13.
This dedicated receiver forms part of a center which has logic that takes an incoming enquiry and then matches this with respect to a look up table 14. Dependent on the status found, there will then be generated a further code in unit 14a which will remain secret to the user which is then returned to a transmitter 15 where it is transmitted to the receiver part 16 of the mobile phone 10. .What then happens is that the logic 17 in the phone then empowers the use of a credit card or smart card information to be used according to the authorisation obtained which will automatically occur..
This invention can be used in a variety of ways including such applications as automatic teller machines, smart card readers or the like.