WO2003030571A1 - Method and system for delivering confidential information - Google Patents

Method and system for delivering confidential information Download PDF

Info

Publication number
WO2003030571A1
WO2003030571A1 PCT/CA2002/001493 CA0201493W WO03030571A1 WO 2003030571 A1 WO2003030571 A1 WO 2003030571A1 CA 0201493 W CA0201493 W CA 0201493W WO 03030571 A1 WO03030571 A1 WO 03030571A1
Authority
WO
WIPO (PCT)
Prior art keywords
information
subscriber
application provider
requested
approval
Prior art date
Application number
PCT/CA2002/001493
Other languages
French (fr)
Inventor
Thomas J. Mullen
Original Assignee
Wmode Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wmode Inc. filed Critical Wmode Inc.
Publication of WO2003030571A1 publication Critical patent/WO2003030571A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M15/00Arrangements for metering, time-control or time indication ; Metering, charging or billing arrangements for voice wireline or wireless communications, e.g. VoIP
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/2866Architectures; Arrangements
    • H04L67/30Profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/51Discovery or management thereof, e.g. service location protocol [SLP] or web services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/52Network services specially adapted for the location of the user terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/30Definitions, standards or architectural aspects of layered protocol stacks
    • H04L69/32Architecture of open systems interconnection [OSI] 7-layer type protocol stacks, e.g. the interfaces between the data link level and the physical level
    • H04L69/322Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions
    • H04L69/329Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions in the application layer [OSI layer 7]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M15/00Arrangements for metering, time-control or time indication ; Metering, charging or billing arrangements for voice wireline or wireless communications, e.g. VoIP
    • H04M15/48Secure or trusted billing, e.g. trusted elements or encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M15/00Arrangements for metering, time-control or time indication ; Metering, charging or billing arrangements for voice wireline or wireless communications, e.g. VoIP
    • H04M15/51Arrangements for metering, time-control or time indication ; Metering, charging or billing arrangements for voice wireline or wireless communications, e.g. VoIP for resellers, retailers or service providers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M15/00Arrangements for metering, time-control or time indication ; Metering, charging or billing arrangements for voice wireline or wireless communications, e.g. VoIP
    • H04M15/70Administration or customization aspects; Counter-checking correct charges
    • H04M15/73Validating charges
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/24Accounting or billing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/104Grouping of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M2215/00Metering arrangements; Time controlling arrangements; Time indicating arrangements
    • H04M2215/01Details of billing arrangements
    • H04M2215/0156Secure and trusted billing, e.g. trusted elements, encryption, digital signature, codes or double check mechanisms to secure billing calculation and information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M2215/00Metering arrangements; Time controlling arrangements; Time indicating arrangements
    • H04M2215/20Technology dependant metering
    • H04M2215/2026Wireless network, e.g. GSM, PCS, TACS
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M2215/00Metering arrangements; Time controlling arrangements; Time indicating arrangements
    • H04M2215/22Bandwidth or usage-sensitve billing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M2215/00Metering arrangements; Time controlling arrangements; Time indicating arrangements
    • H04M2215/32Involving wireless systems
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M2215/00Metering arrangements; Time controlling arrangements; Time indicating arrangements
    • H04M2215/54Resellers-retail or service providers billing, e.g. agreements with telephone service operator, activation, charging/recharging of accounts
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M2215/00Metering arrangements; Time controlling arrangements; Time indicating arrangements
    • H04M2215/70Administration aspects, modify settings or limits or counter-check correct charges
    • H04M2215/7072Validate charges
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/18Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data

Definitions

  • the present invention relates generally to the delivery of confidential information. More particularly, the present invention relates to a trusted party holding confidential information that is released to application providers upon authorisation of a user.
  • the area of mobile internet services is an emerging area of information service delivery. It is now possible to provide services to consumers via a wireless device that are appropriate for their locations. This is accomplished by using the cellular infrastructure to determine the location of the subscriber using such technologies such as the global position system or signal triangulation. This information, along with other confidential information such as billing address and user name, can then made available to application providers who ultimately provide the location based service. This leads to a problem of protecting the privacy, of the consumer and only releasing his location to services to which he has subscribed, purchased or otherwise authorised. Additionally, the subscriber should be informed that a service he is about to access requires the release of confidential information. The subscriber should also have the option to accept or reject the request to release information.
  • a method of providing subscriber information about a subscriber to an application provider from an information gateway in a wireless network receives, from the application provider, a request for subscriber information.
  • the second step at least a portion of the requested subscriber information is determined to require subscriber approval prior to release to the application provider.
  • approval from the subscriber for the release of the requested subscriber information is requested.
  • the requested subscriber information is provided to the application provider from the information gateway upon receiving the subscriber approval.
  • the subscriber information is selected from a list including geographic location of the subscriber, billing account information, and subscriber address information.
  • An embodiment of the first aspect of the present invention includes determining that the requested subscriber information does not require subscriber approval prior to release to the application provider and providing the requested subscriber information to the application provider.
  • the step of determining that the requested subscriber information does not require subscriber approval includes querying an application provider database to determine if the application provider is pre-approved to have access to the requested subscriber information.
  • the step of determining that the requested subscriber information does not require subscriber approval includes querying a subscriber information database to determine if the application provider has pre-approved the release of the requested subscriber information.
  • the step of requesting includes transmitting a request for non-repudiable subscriber authorisation for the release of the requested subscriber information, where transmitting the request for non-repudiable subscriber authorisation optionally includes establishing a secure data channel.
  • the step of providing the requested subscriber information to the application provider includes encrypting the requested subscriber information prior to transmission to the application provider.
  • a subscriber information system for providing subscriber information to an application provider in response to a received request.
  • the subscriber information system comprises a subscriber information database and an information access gateway.
  • the subscriber information database is for storing subscriber information.
  • the information access gateway is in a wireless network and is for requesting and receiving user approval for the release of information to the application provider, and for providing information stored in the subscriber information database to the application provider in response to the request upon receiving the subscriber approval.
  • the information gateway includes means for determining pre-approval of information release from the subscriber information database if the subscriber has pre- approved the release of the requested information to the requesting application provider.
  • the means for determining pre-approval of information release can include a subscriber pre-approval database for storing the information pre-approved for release to application providers specified by the subscriber and an application provider database for storing information about the indicating subscriber information that can be released an application provider without subscriber approval.
  • a non-repudiation centre operatively connected to the information gateway, for providing a channel to the subscriber through which non- repudiable approval for release of subscriber information can be received.
  • the subscriber information database contains information indicating that the requested information requires subscriber approval prior to each transmission, information indicating subscriber information never requires subscriber approval, and information indicating which subscriber information requires subscriber approval when the subscriber first subscribes to a service offered by the application provider.
  • a method of delivering confidential information to an application provider through an information gateway on a digital wireless network In a first step, a request for confidential information pertaining the a subscriber from the application provider is received. In a second step the requested confidential information is segregated into approved for transmission and non- approved for transmission sets. In a third step a request is made through a non-repudiation centre, that the user of the digital wireless device authorise the release of the non-approved information. In a fourth step authorisation from the user of the digital wireless device to release the non-approved information is received through the non-repudiation centre. In a final step the requested confidential information is provided to the application provider.
  • the confidential information is selected from a list including geographic location of the subscriber, billing account information, and subscriber address information.
  • the step of segregating the requested confidential information includes examining a subscriber information database to determine if a subscription with the application provider exists.
  • the step of segregating the requested confidential information includes examining digital wireless network preferences, the subscriber information database and an application provider database.
  • Figure 1 is an illustration of the system of the present invention
  • Figure 2 is a flow chart illustrating a method of the present invention.
  • the present invention provides a method and system for obtaining non- repudiable authorisation for providing confidential information about a digital wireless subscriber to an application provider.
  • a digital wireless device 100 such as a digital cellular phone, that is assumed to have a user.
  • Application provider (AP) 104 provides a service to the user but requires the release of subscriber information to deliver service.
  • AP 104 may be on the public Internet or a private network.
  • the subscriber information requested by AP 104 is confidential, and includes billing or geographic information, but in other cases the information is non-confidential, where reference is made to confidential information it should be understood that confidential information is a subset of the subscriber information.
  • Digital wireless network 102 is a wireless network operator that delivers data and information services to digital wireless device 100.
  • Digital wireless network 102 includes of a number of elements as illustrated. Included in the elements are a digital wireless network preferences database 106 which contains a definition of carrier policies regarding release of confidential and subscriber information related to digital wireless device 100. For example, digital wireless network preferences database 106 may assign each piece of confidential information a status of "never release” or "subscriber approve". "Never release” indicates that AP 104 never has access to the specific data. "Subscriber approve” indicates that the subscriber must approve the release of the confidential data to AP 104 prior to the information being delivered.
  • an application provider database 108 Associated with the network preferences database 106 is an application provider database 108 containing the information that digital wireless network 102 requires to allow AP 104 to deliver a service.
  • the subscriber information database 110 includes information associated with the digital wireless device 100 including subscriber preferences which define policies to be followed regarding release of confidential information associated with the digital wireless device 100.
  • subscriber preferences which define policies to be followed regarding release of confidential information associated with the digital wireless device 100.
  • the user of digital wireless device 100 will place limits on the information that is releasable to AP 104. For example, for each piece of subscriber information the user may specify "never release”, “release on subscription purchase”, “requires approval on subscription purchase” or “requires approval on each access”.
  • a "never release” status indicates that the user would never approve the release of specific information.
  • “Release on subscription purchase” indicates digital wireless network 102 should release the confidential information to APs from whom the user has purchased a service and this release of confidential information does not require specific user approval.
  • “Requires approval on subscription purchase” indicates that the user must approve the release of the specific information, preferably through a non-repudiation technique, at the time a subscription is purchased.
  • “Requires approval on each access” indicates that user must be informed each time the confidential information is requested.
  • the above description of the subscriber preferences is indicative of the types of algorithms that can be used to restrict the releases of confidential information. One skilled in the art could devise a number to extensions to the algorithms that enhance the capabilities of the subscriber to control the release of confidential information.
  • Other information that may be contained in the subscriber information database includes subscription information.
  • the subscription information includes a summary of the services to which the subscriber has subscribed. For each subscription, a list of the confidential information which the subscriber has approved release to AP 104 is maintained. The subscription information may also contain data such as subscription duration; number of uses permitted and cost of access. Associated with subscriber information database 100 is a confidential information database 112. Confidential information database 112 contains information about the user of digital wireless device 100, such as accounting information, and may include geographic information. It is the information in the confidential information database 112 that AP 104 requests from digital wireless network 102.
  • Geographic information may be provided through a number of techniques known to those skilled in the art, such that a system requesting the geographic information queries confidential information database 112 as it would for information in any other database field. In practice, this information is dynamic in nature, and is not stored in the database 112. Instead the geographic location of a mobile subscriber is computed in response to a request. Techniques for seamlessly presenting real time data in response to a database query are well known in the art, and a reference to location information being stored in a database should be understood to include such embodiments.
  • Information access gateway 114 provides AP 104 with information from the confidential information database 112.
  • Information access gateway 114 optionally has a secure and authenticated communications channel with AP 104, and only releases information from the confidential information database 112 upon receiving instruction to do so from the user of digital wireless device 100.
  • the non-repudiation centre 116 obtains non-repudiable user authorisation for the release of subscriber information from the confidential information database 112. Optionally, prior to seeking approval, the non-repudiation centre informs the user of digital wireless device 100 of the confidential information that will be released.
  • Non- repudiable proof of the authorisation can be obtained by the digital wireless network 102 in a number of ways that are known to one of skill in the art.
  • the identity of a device acting on digital wireless network 102 is authenticated at the beginning of the interaction between digital wireless network 102 and digital wireless device 100, making the collection of identity information in the approval process a simple task.
  • the non-repudiation centre 116 can optionally interact with the subscriber information database 110 to update the information containing subscription information related to AP 104.
  • the non-repudiation centre can interact with AP 104 and digital wireless device 100, not solely for obtaining non-repudiable authorisation for the transfer of confidential information, but could also be used to obtain non-repudiable authorisation for transactions such as the purchase of services from AP 104.
  • the combination of transaction authentication and obtaining authorisation for transferring information to the AP 104 could be combined in a single prompt to the digital wireless device 100, as will be explained below.
  • the system as described above provides the ability to obtain authorisation from the user of digital wireless device 100 for transfers of subscriber information to an application provider 104.
  • a detailed description of the method is presented below, but an overview of the method immediately follows.
  • the digital wireless network 102 classifies subscriber information into a number of categories, as does the user of the digital wireless device 100.
  • AP 104 typically requests a subset of the subscriber information maintained by the digital wireless network 102 in the confidential information database 112.
  • the user of the digital wireless device 100 must agree.
  • the information requested may have been classified by the user into one of several levels that detail the security required prior to releasing each piece of subscriber information.
  • the user may specify that certain pieces of information are to never be released, other pieces can be released to a select group of APs, still other pieces of information are to be released only after being approved, and the balance of the information can be released to anyone.
  • the first time that the request is made by AP 104 the information that must be authorised is released only after getting non-repudiable authorisation, and depending upon the profile in the subscriber information database 110 the authorisation to release the subscriber information to AP 104 automatically is stored.
  • AP 104 requests the subscriber information.
  • the request for information by AP 104 is then compared to the digital wireless network preferences 106 and the subscription information stored in the subscriber information database 110.
  • authorisation for transmitting subscriber information may be avoided.
  • AP 104 makes its request to the information access gateway 114, which checks the digital wireless network preferences 106 and the subscriber information data base 110 and then sends the authorised information. If some of the information that AP 104 requires is not releasable without authorisation from the digital wireless device 100, the information access gateway 114 requests authorisation for the release of the subscriber information through non-repudiation centre 116.
  • the system of the present invention is used in the following method to provide subscriber information to AP 104 after obtaining non-repudiable proof of permission.
  • Digital wireless device 100 connects to AP 104 through digital wireless network 102 as shown in flow 150.
  • the connection between digital wireless device 100 and AP 104 provides AP 104 with a unique client identifier (client id) that is used to identify the digital wireless device 100.
  • client id client identifier
  • AP 104 After receiving a connection from the digital wireless device 100, AP 104 receives a request for a subscription service (also flow 150) and determines that it requires subscriber information associated with the digital wireless device 100.
  • AP 104 determines it must charge the user of digital wireless device 100 for the requested subscription service and subscriber information must also be released to successfully deliver the service.
  • AP 104 forwards the non repudiation centre 116 a transaction request, as shown in flow 152.
  • the transaction request may include a service purchase price, client ID and a specification of required subscriber information along with other information.
  • the non- repudiation centre 116 may access the application provider database 108 to obtain service purchase price, subscriber information required to deliver the service and other data regarding AP 104.
  • Non-repudiation centre 116 examines the subscriber information required by AP 104, and then examines the digital wireless network preferences 106, flow 154, and the subscriber information database 110, flow 158, to determine if the user of digital wireless device 100 must approve the release of the requested subscriber information. Additionally, the purchase amount may require user approval and the generation of non-repudiation audit information. Either the purchase amount or the nature of the subscriber information required may trigger the need to get non-repudiation evidence from the user regarding the transaction.
  • the digital wireless network 102 and non-repudiation centre 116 may use an authentication and non-repudiation technology such as secret PIN, PKI document signing, user identification and password combination, basic authentication, digest authentication or a simple Yes/No prompt to accomplish user approval of charge and/or subscriber information release.
  • Non-repudiation centre 116 forwards digital wireless device 100 an approval request such as "Approve monthly subscription charge of $1 to your phone bill and the release of your location to Yellow Pages Directory Services?" as shown in flow 158.
  • Digital wireless device 100 transmits an approval response appropriate to the non- repudiation technology being employed as shown in flow 160.
  • non-repudiation centre 116 Upon receipt of approval response 160, non-repudiation centre 116 creates a record of the subscription purchase and subscriber information approved for release to AP 104 in subscriber information database 110, flow 162. A transaction and access response is then sent to AP 104, as shown by flow 164, to indicate subscription has been created; payment for the service approved by the digital wireless network 102 and the client id is authentic. Information access gateway 114 then releases the subscriber information to AP 104, as shown in flow 166.
  • digital wireless device 100 initiates a service request to AP 104 and provides a client id, as shown by flow 168.
  • AP 104 forwards the client id and requested subscriber information to information access gateway 114 as a subscriber information access request, flow 170.
  • Information access gateway 114 accesses subscriber information database 110 , flow 172, to determine if AP 104 has a subscription with the specified client id. If no record of the subscription is found then there is no proof that AP 104 has authorised access to the subscriber information associated with the client id and immediate access is denied, not shown, causing AP 104 to interact with non-repudiation centre 116 as previously described.
  • information access gateway 114 examines digital wireless network preferences 106, subscriber information database 110, and application provider database 108, flows 176 178 and 180, to determine if the requested subscriber information should be released and if subscriber must approve the release.
  • information access gateway 114 may initiate a sequence to obtain non-repudiation evidence from the user before subscriber information can be released, as described above.
  • Information access gateway 114 retrieves the subscriber information and only returns subscriber information that is approved for release, as shown in flow 182.
  • Information access gateway 114 then updates subscriber subscriptions in the subscriber information database 110 to reflect the fact that subscriber information has been provided to AP 104 and that subscription service has been accessed. Subscriber information response 182 is generated and returned to AP 104 who in turn delivers service to digital wireless device, as shown in flow 184.
  • the system and method of the present invention provide means for delivering subscriber information to an application provider through an information access gateway after securing non-repudiable authorisation for the transmission of the subscriber information from the user of the digital wireless device, with whom the information is associated.
  • FIG. 2 illustrates a method of the present invention.
  • Digital wireless network 102 receives an information request from an application provider, such as AP 104, in step 200.
  • the information request is divided into data sets representing which data has been pre-approved for release, and which data is unapproved for release in step 202.
  • a request is transmitted to the user in step 204 to seek user approval for the release of the information in the unapproved data set.
  • step 206 a determination is made of whether or not approval for the release of the unapproved data has been received. If approval has been received the unapproved data set is transmitted to the application provider in step 208. Upon completion of step 208, or if the user has not provided approval in step 206, the pre-approved data set is transmitted in step 210.
  • the data is divided into pre-approved and unapproved data sets based on information associated with each of the data elements requested by the application provider and stored in a confidential information database.
  • the information associated with data in the confidential information database that determines whether or not a data element is considered pre-approved or not can be set to as value so that a select group of application providers can access certain data elements, while other application providers require user approval for access to the same data elements.
  • all the data elements in the confidential information database require user approval and authentication for release.
  • the determination that a particular requested information element is either pre- approved for transmission to an application provider, or requires approval prior to transmission, is affected by a number of factors that will be well understood by one skilled in the art.
  • One of these factors is that certain information, such as the physical location of a subscriber, may be readily available during certain times, but requires approval in other time blocks.
  • the location of a user may be made available to an application provider during the business day, but may require the approval of the subscriber during evenings and weekends, when the subscriber is not expected to be available for employment related functions.
  • the location of a subscriber may determine that various pieces of information are either accessible to application providers or require approval, for example a subscriber may be willing to freely provide their location to application providers in a particular city, but want to restrict that information when travelling.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

A method and system for the delivery of confidential information upon the receipt of non-repudiable authorisation in a wireless environment is described herein.

Description

METHOD AND SYSTEM FOR DELIVERING CONFIDENTIAL INFORMATION
FIELD OF THE INVENTION
The present invention relates generally to the delivery of confidential information. More particularly, the present invention relates to a trusted party holding confidential information that is released to application providers upon authorisation of a user.
BACKGROUND OF THE INVENTION
The area of mobile internet services is an emerging area of information service delivery. It is now possible to provide services to consumers via a wireless device that are appropriate for their locations. This is accomplished by using the cellular infrastructure to determine the location of the subscriber using such technologies such as the global position system or signal triangulation. This information, along with other confidential information such as billing address and user name, can then made available to application providers who ultimately provide the location based service. This leads to a problem of protecting the privacy, of the consumer and only releasing his location to services to which he has subscribed, purchased or otherwise authorised. Additionally, the subscriber should be informed that a service he is about to access requires the release of confidential information. The subscriber should also have the option to accept or reject the request to release information.
It is, therefore, desirable to provide a system and method for the delivery of confidential information from the digital cellular provider to an application provider after obtaining the authorisation, preferably a non-repudiable authorisation, of the user of the digital cellular device.
SUMMARY OF THE INVENTION
It is an object of the present invention to obviate or mitigate at least one disadvantage of prior art confidential information release systems.
In a first aspect of the present invention there is provided a method of providing subscriber information about a subscriber to an application provider from an information gateway in a wireless network. In the first step of the method, the information gateway receives, from the application provider, a request for subscriber information. In the second step, at least a portion of the requested subscriber information is determined to require subscriber approval prior to release to the application provider. In the third step, approval from the subscriber for the release of the requested subscriber information is requested. In the final step of the method, the requested subscriber information is provided to the application provider from the information gateway upon receiving the subscriber approval. In an embodiment of the present aspect of the invention, the subscriber information is selected from a list including geographic location of the subscriber, billing account information, and subscriber address information.
An embodiment of the first aspect of the present invention includes determining that the requested subscriber information does not require subscriber approval prior to release to the application provider and providing the requested subscriber information to the application provider. In an alternate embodiment, the step of determining that the requested subscriber information does not require subscriber approval includes querying an application provider database to determine if the application provider is pre-approved to have access to the requested subscriber information. In another embodiment, the step of determining that the requested subscriber information does not require subscriber approval includes querying a subscriber information database to determine if the application provider has pre-approved the release of the requested subscriber information.
In a further aspect of the present invention the step of requesting includes transmitting a request for non-repudiable subscriber authorisation for the release of the requested subscriber information, where transmitting the request for non-repudiable subscriber authorisation optionally includes establishing a secure data channel. In yet a further embodiment of the present invention, the step of providing the requested subscriber information to the application provider includes encrypting the requested subscriber information prior to transmission to the application provider. In a second aspect of the present invention there is provided a subscriber information system for providing subscriber information to an application provider in response to a received request. The subscriber information system comprises a subscriber information database and an information access gateway. The subscriber information database is for storing subscriber information. The information access gateway is in a wireless network and is for requesting and receiving user approval for the release of information to the application provider, and for providing information stored in the subscriber information database to the application provider in response to the request upon receiving the subscriber approval. In an embodiment of the second aspect of the present invention, the information gateway includes means for determining pre-approval of information release from the subscriber information database if the subscriber has pre- approved the release of the requested information to the requesting application provider. The means for determining pre-approval of information release can include a subscriber pre-approval database for storing the information pre-approved for release to application providers specified by the subscriber and an application provider database for storing information about the indicating subscriber information that can be released an application provider without subscriber approval. In another embodiment of the present aspect of the invention, there is further included a non-repudiation centre, operatively connected to the information gateway, for providing a channel to the subscriber through which non- repudiable approval for release of subscriber information can be received. In various other embodiments, the subscriber information database contains information indicating that the requested information requires subscriber approval prior to each transmission, information indicating subscriber information never requires subscriber approval, and information indicating which subscriber information requires subscriber approval when the subscriber first subscribes to a service offered by the application provider.
In a third embodiment of the present invention, there is provided a method of delivering confidential information to an application provider through an information gateway on a digital wireless network. In a first step, a request for confidential information pertaining the a subscriber from the application provider is received. In a second step the requested confidential information is segregated into approved for transmission and non- approved for transmission sets. In a third step a request is made through a non-repudiation centre, that the user of the digital wireless device authorise the release of the non-approved information. In a fourth step authorisation from the user of the digital wireless device to release the non-approved information is received through the non-repudiation centre. In a final step the requested confidential information is provided to the application provider. In an embodiment of the third aspect of the present invention, the confidential information is selected from a list including geographic location of the subscriber, billing account information, and subscriber address information. In another embodiment of the present invention, the step of segregating the requested confidential information includes examining a subscriber information database to determine if a subscription with the application provider exists. In a further embodiment of the present invention, the step of segregating the requested confidential information includes examining digital wireless network preferences, the subscriber information database and an application provider database.
Other aspects and features of the present invention will become apparent to those ordinarily skilled in the art upon review of the following description of specific embodiments of the invention in conjunction with the accompanying figures.
BRIEF DESCRIPTION OF THE DRAWINGS
Embodiments of the present invention will now be described, by way of example only, with reference to the attached Figures, wherein:
Figure 1 is an illustration of the system of the present invention; and Figure 2 is a flow chart illustrating a method of the present invention.
DETAILED DESCRIPTION
Generally, the present invention provides a method and system for obtaining non- repudiable authorisation for providing confidential information about a digital wireless subscriber to an application provider. One embodiment of the present invention consists of a digital wireless device 100, such as a digital cellular phone, that is assumed to have a user. Application provider (AP) 104 provides a service to the user but requires the release of subscriber information to deliver service. AP 104 may be on the public Internet or a private network. In many instances the subscriber information requested by AP 104 is confidential, and includes billing or geographic information, but in other cases the information is non-confidential, where reference is made to confidential information it should be understood that confidential information is a subset of the subscriber information.
Digital wireless network 102 is a wireless network operator that delivers data and information services to digital wireless device 100. Digital wireless network 102 includes of a number of elements as illustrated. Included in the elements are a digital wireless network preferences database 106 which contains a definition of carrier policies regarding release of confidential and subscriber information related to digital wireless device 100. For example, digital wireless network preferences database 106 may assign each piece of confidential information a status of "never release" or "subscriber approve". "Never release" indicates that AP 104 never has access to the specific data. "Subscriber approve" indicates that the subscriber must approve the release of the confidential data to AP 104 prior to the information being delivered. Associated with the network preferences database 106 is an application provider database 108 containing the information that digital wireless network 102 requires to allow AP 104 to deliver a service.
Another element in digital wireless network 102 is a subscriber information database 110. The subscriber information database 110 includes information associated with the digital wireless device 100 including subscriber preferences which define policies to be followed regarding release of confidential information associated with the digital wireless device 100. Typically the user of digital wireless device 100 will place limits on the information that is releasable to AP 104. For example, for each piece of subscriber information the user may specify "never release", "release on subscription purchase", "requires approval on subscription purchase" or "requires approval on each access". A "never release" status indicates that the user would never approve the release of specific information. "Release on subscription purchase," indicates digital wireless network 102 should release the confidential information to APs from whom the user has purchased a service and this release of confidential information does not require specific user approval. "Requires approval on subscription purchase," indicates that the user must approve the release of the specific information, preferably through a non-repudiation technique, at the time a subscription is purchased. "Requires approval on each access" indicates that user must be informed each time the confidential information is requested. The above description of the subscriber preferences is indicative of the types of algorithms that can be used to restrict the releases of confidential information. One skilled in the art could devise a number to extensions to the algorithms that enhance the capabilities of the subscriber to control the release of confidential information. Other information that may be contained in the subscriber information database includes subscription information. The subscription information includes a summary of the services to which the subscriber has subscribed. For each subscription, a list of the confidential information which the subscriber has approved release to AP 104 is maintained. The subscription information may also contain data such as subscription duration; number of uses permitted and cost of access. Associated with subscriber information database 100 is a confidential information database 112. Confidential information database 112 contains information about the user of digital wireless device 100, such as accounting information, and may include geographic information. It is the information in the confidential information database 112 that AP 104 requests from digital wireless network 102.
Geographic information may be provided through a number of techniques known to those skilled in the art, such that a system requesting the geographic information queries confidential information database 112 as it would for information in any other database field. In practice, this information is dynamic in nature, and is not stored in the database 112. Instead the geographic location of a mobile subscriber is computed in response to a request. Techniques for seamlessly presenting real time data in response to a database query are well known in the art, and a reference to location information being stored in a database should be understood to include such embodiments.
Information access gateway 114 provides AP 104 with information from the confidential information database 112. Information access gateway 114 optionally has a secure and authenticated communications channel with AP 104, and only releases information from the confidential information database 112 upon receiving instruction to do so from the user of digital wireless device 100.
The non-repudiation centre 116 obtains non-repudiable user authorisation for the release of subscriber information from the confidential information database 112. Optionally, prior to seeking approval, the non-repudiation centre informs the user of digital wireless device 100 of the confidential information that will be released. Non- repudiable proof of the authorisation can be obtained by the digital wireless network 102 in a number of ways that are known to one of skill in the art. The identity of a device acting on digital wireless network 102 is authenticated at the beginning of the interaction between digital wireless network 102 and digital wireless device 100, making the collection of identity information in the approval process a simple task. Additionally, there presently exist methods of authenticating the user of the digital wireless device 100, in addition to simply authenticating the digital wireless device 100, these methods can be employed to provide non-repudiable evidence that the transfer of the confidential information was approved by the user of digital wireless device 100. The non-repudiation centre 116 can optionally interact with the subscriber information database 110 to update the information containing subscription information related to AP 104. In a presently envisioned embodiment the non-repudiation centre can interact with AP 104 and digital wireless device 100, not solely for obtaining non-repudiable authorisation for the transfer of confidential information, but could also be used to obtain non-repudiable authorisation for transactions such as the purchase of services from AP 104. The combination of transaction authentication and obtaining authorisation for transferring information to the AP 104 could be combined in a single prompt to the digital wireless device 100, as will be explained below. The system as described above provides the ability to obtain authorisation from the user of digital wireless device 100 for transfers of subscriber information to an application provider 104. A detailed description of the method is presented below, but an overview of the method immediately follows. As was mentioned earlier, the digital wireless network 102 classifies subscriber information into a number of categories, as does the user of the digital wireless device 100. When the digital wireless device 100 connects to AP 104, for the first time, a profile is established in the subscriber information database 110. AP 104 typically requests a subset of the subscriber information maintained by the digital wireless network 102 in the confidential information database 112. For this information to be transmitted, the user of the digital wireless device 100 must agree. The information requested may have been classified by the user into one of several levels that detail the security required prior to releasing each piece of subscriber information. For example in one embodiment, the user may specify that certain pieces of information are to never be released, other pieces can be released to a select group of APs, still other pieces of information are to be released only after being approved, and the balance of the information can be released to anyone. The first time that the request is made by AP 104, the information that must be authorised is released only after getting non-repudiable authorisation, and depending upon the profile in the subscriber information database 110 the authorisation to release the subscriber information to AP 104 automatically is stored. The next time that the digital wireless device 100 connected to AP 104, AP 104 requests the subscriber information. The request for information by AP 104 is then compared to the digital wireless network preferences 106 and the subscription information stored in the subscriber information database 110. Depending on the levels of security that were established by the digital wireless network preferences 106 and the subscriber information database 110, authorisation for transmitting subscriber information may be avoided. AP 104 makes its request to the information access gateway 114, which checks the digital wireless network preferences 106 and the subscriber information data base 110 and then sends the authorised information. If some of the information that AP 104 requires is not releasable without authorisation from the digital wireless device 100, the information access gateway 114 requests authorisation for the release of the subscriber information through non-repudiation centre 116.
The system of the present invention is used in the following method to provide subscriber information to AP 104 after obtaining non-repudiable proof of permission. Digital wireless device 100 connects to AP 104 through digital wireless network 102 as shown in flow 150. The connection between digital wireless device 100 and AP 104 provides AP 104 with a unique client identifier (client id) that is used to identify the digital wireless device 100. After receiving a connection from the digital wireless device 100, AP 104 receives a request for a subscription service (also flow 150) and determines that it requires subscriber information associated with the digital wireless device 100. In the following example the request for subscriber information is paired with a transaction request, though one of skill in the art will recognise that a transaction request can be omitted without deviating from the scope of the present invention. AP 104 determines it must charge the user of digital wireless device 100 for the requested subscription service and subscriber information must also be released to successfully deliver the service. AP 104 forwards the non repudiation centre 116 a transaction request, as shown in flow 152. The transaction request may include a service purchase price, client ID and a specification of required subscriber information along with other information. Alternatively, the non- repudiation centre 116 may access the application provider database 108 to obtain service purchase price, subscriber information required to deliver the service and other data regarding AP 104.
Non-repudiation centre 116 examines the subscriber information required by AP 104, and then examines the digital wireless network preferences 106, flow 154, and the subscriber information database 110, flow 158, to determine if the user of digital wireless device 100 must approve the release of the requested subscriber information. Additionally, the purchase amount may require user approval and the generation of non-repudiation audit information. Either the purchase amount or the nature of the subscriber information required may trigger the need to get non-repudiation evidence from the user regarding the transaction. The digital wireless network 102 and non-repudiation centre 116 may use an authentication and non-repudiation technology such as secret PIN, PKI document signing, user identification and password combination, basic authentication, digest authentication or a simple Yes/No prompt to accomplish user approval of charge and/or subscriber information release. Non-repudiation centre 116 forwards digital wireless device 100 an approval request such as "Approve monthly subscription charge of $1 to your phone bill and the release of your location to Yellow Pages Directory Services?" as shown in flow 158. Digital wireless device 100 transmits an approval response appropriate to the non- repudiation technology being employed as shown in flow 160.
Upon receipt of approval response 160, non-repudiation centre 116 creates a record of the subscription purchase and subscriber information approved for release to AP 104 in subscriber information database 110, flow 162. A transaction and access response is then sent to AP 104, as shown by flow 164, to indicate subscription has been created; payment for the service approved by the digital wireless network 102 and the client id is authentic. Information access gateway 114 then releases the subscriber information to AP 104, as shown in flow 166.
In a subsequent session, digital wireless device 100 initiates a service request to AP 104 and provides a client id, as shown by flow 168. AP 104 forwards the client id and requested subscriber information to information access gateway 114 as a subscriber information access request, flow 170. Information access gateway 114 accesses subscriber information database 110 , flow 172, to determine if AP 104 has a subscription with the specified client id. If no record of the subscription is found then there is no proof that AP 104 has authorised access to the subscriber information associated with the client id and immediate access is denied, not shown, causing AP 104 to interact with non-repudiation centre 116 as previously described. If subscriber information database 110 replies that a subscription does exists, flow 174, information access gateway 114 examines digital wireless network preferences 106, subscriber information database 110, and application provider database 108, flows 176 178 and 180, to determine if the requested subscriber information should be released and if subscriber must approve the release.
If the user of digital wireless device 100 must approve the release then information access gateway 114 may initiate a sequence to obtain non-repudiation evidence from the user before subscriber information can be released, as described above.
Information access gateway 114 retrieves the subscriber information and only returns subscriber information that is approved for release, as shown in flow 182.
Information access gateway 114 then updates subscriber subscriptions in the subscriber information database 110 to reflect the fact that subscriber information has been provided to AP 104 and that subscription service has been accessed. Subscriber information response 182 is generated and returned to AP 104 who in turn delivers service to digital wireless device, as shown in flow 184. Thus, the system and method of the present invention provide means for delivering subscriber information to an application provider through an information access gateway after securing non-repudiable authorisation for the transmission of the subscriber information from the user of the digital wireless device, with whom the information is associated.
Figure 2 illustrates a method of the present invention. Digital wireless network 102 receives an information request from an application provider, such as AP 104, in step 200. The information request is divided into data sets representing which data has been pre-approved for release, and which data is unapproved for release in step 202. A request is transmitted to the user in step 204 to seek user approval for the release of the information in the unapproved data set. In step 206 a determination is made of whether or not approval for the release of the unapproved data has been received. If approval has been received the unapproved data set is transmitted to the application provider in step 208. Upon completion of step 208, or if the user has not provided approval in step 206, the pre-approved data set is transmitted in step 210. In one embodiment of the present invention, the data is divided into pre-approved and unapproved data sets based on information associated with each of the data elements requested by the application provider and stored in a confidential information database. In another embodiment of the present invention, the information associated with data in the confidential information database that determines whether or not a data element is considered pre-approved or not, can be set to as value so that a select group of application providers can access certain data elements, while other application providers require user approval for access to the same data elements. In yet another embodiment of the present invention, all the data elements in the confidential information database require user approval and authentication for release.
The determination that a particular requested information element is either pre- approved for transmission to an application provider, or requires approval prior to transmission, is affected by a number of factors that will be well understood by one skilled in the art. One of these factors is that certain information, such as the physical location of a subscriber, may be readily available during certain times, but requires approval in other time blocks. For example, the location of a user may be made available to an application provider during the business day, but may require the approval of the subscriber during evenings and weekends, when the subscriber is not expected to be available for employment related functions. In another embodiment, the location of a subscriber may determine that various pieces of information are either accessible to application providers or require approval, for example a subscriber may be willing to freely provide their location to application providers in a particular city, but want to restrict that information when travelling.
One of skill in the art will readily appreciate that though the above discussion has been directed to the release of subscriber information in a wireless network, the system and method discussed above can be readily applied to any network environment where there is a centralised system for storing subscriber information. Though it would be preferable that communications with the end user be non-repudiable, it is conceivable that this system can be employed without the implementation of the non-repudiable user connection.
The above-described embodiments of the present invention are intended to be examples only. Alterations, modifications and variations may be effected to the particular embodiments by those of skill in the art without departing from the scope of the invention, which is defined solely by the claims appended hereto.

Claims

What is claimed is:
1. A method of providing subscriber information about a subscriber to an application provider from an information gateway in a network, comprising: receiving, from the application provider, at the information gateway a request for subscriber information; determining that at least a portion of the requested subscriber information requires subscriber approval prior to release to the application provider; requesting approval from the subscriber for the release of the requested subscriber information; and providing the requested subscriber information to the application provider from the information gateway upon receiving the subscriber approval.
2. The method of claim 1 , wherein the information gateway is in a wireless network.
3. The method of claim 1, further including the step of providing, to the application provider, the portion of the requested subscriber information determined not to require subscriber approval prior to release.
4. The method of claim 1 further including determining that the requested subscriber information does not require subscriber approval prior to release to the application provider; and providing the requested subscriber information to the application provider.
5. The method of claim 1, wherein the subscriber information is selected from a list including geographic location of the subscriber, billing account information, and subscriber address information, subscriber preferences.
6. The method of claim 4, wherein the step of determining that the requested subscriber information does not require subscriber approval includes querying an application provider database to determine if the application provider is pre-approved to have access to the requested subscriber information.
7. The method of claim 6, wherein the step of querying includes determining if the subscriber has purchased a subscription to a service requiring the release of the requested information.
8. The method of claim 4, wherein the step of determining that the requested subscriber information does not require subscriber approval includes querying a subscriber information database to determine if the application provider has pre-approved the release of the requested subscriber information.
9. The method of claim 1, wherein determining that at least a portion of the requested subscriber information requires subscriber approval includes determining at least one of the present time and the geographic location of the subscriber.
10. The method of claim 1, wherein the step of requesting includes transmitting a request for non-repudiable subscriber authorisation for the release of the requested subscriber information.
11. The method of claim 10, wherein transmitting the request for non-repudiable subscriber authorisation includes establishing a secure data channel.
12. The method of claim 1, wherein the step of providing the requested subscriber information to the application provider includes encrypting the requested subscriber information prior to transmission to the application provider.
13. A subscriber information system for providing subscriber information to an application provider in response to a received request, the subscriber information system comprising: a subscriber information database for storing subscriber information; and an information access gateway in a network for requesting and receiving user approval for the release of information to the application provider, and for providing information stored in the subscriber information database to the application provider in response to the request upon receiving the subscriber approval.
14. The subscriber information system of claim 13, wherein the information access gateway is in a wireless network.
15. The subscriber information system of claim 13, wherein the information access gateway includes means for determining pre-approval of information release from the subscriber information database if the subscriber has pre-approved the release of the requested information to the requesting application provider.
16. The subscriber information system of claim 15, wherein the means for determining include a subscriber pre-approval database for storing the information pre-approved for release to application providers specified by the subscriber.
17. The subscriber information system of claim 15, wherein the means for determining include an application provider database for storing information about the indicating subscriber information that can be released to an application provider without subscriber approval.
18. The subscriber information system of claim 13 further including a non-repudiation centre, operatively connected to the information access gateway, for providing a channel to the subscriber through which non-repudiable approval for release of subscriber information can be received.
19. The subscriber information system of claim 13, wherein the subscriber information database contains information indicating that the requested information requires subscriber approval prior to each transmission.
20. The subscriber information system of claim 13, wherein the subscriber information database indicates which subscriber information never requires subscriber approval.
21. The subscriber information system of claim 13, wherein the subscriber information database indicates which subscriber information requires subscriber approval when the subscriber first subscribes to a service offered by the application provider.
22. A method of delivering confidential information to an application provider through an information gateway on a digital wireless network comprising: receiving a request for confidential information pertaining the a subscriber from the application provider; segregating the requested confidential information into approved for transmission and non-approved for transmission sets; requesting, through a non-repudiation centre, that the user of the digital wireless device authorise the release of the non-approved information; receiving, through the non-repudiation centre, authorisation from the user of the digital wireless device to release the non-approved information; and providing, to the application provider, the requested confidential information.
23. The method according to claim 22, wherein the confidential information is selected from a list including geographic location of the subscriber, billing account information, and subscriber address information.
24. The method of claim 22, wherein the step of segregating the requested confidential information includes examining a subscriber information database to determine if a subscription with the application provider exists.
25. The method of claim 22, wherein the step of segregating the requested confidential information includes examining digital wireless network preferences, the subscriber information database and an application provider database.
PCT/CA2002/001493 2001-10-02 2002-10-02 Method and system for delivering confidential information WO2003030571A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CA002358129A CA2358129A1 (en) 2001-10-02 2001-10-02 Method and system for delivering confidential information
CA2,358,129 2001-10-02

Publications (1)

Publication Number Publication Date
WO2003030571A1 true WO2003030571A1 (en) 2003-04-10

Family

ID=4170149

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CA2002/001493 WO2003030571A1 (en) 2001-10-02 2002-10-02 Method and system for delivering confidential information

Country Status (2)

Country Link
CA (1) CA2358129A1 (en)
WO (1) WO2003030571A1 (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2005002177A1 (en) * 2003-06-23 2005-01-06 Nokia Corporation Systems and methods for controlling access to an event
FR2872979A1 (en) * 2004-07-09 2006-01-13 France Telecom ACCESS SYSTEM CONTROLLING INFORMATION CONTAINED IN A TERMINAL
WO2008068566A1 (en) * 2006-12-05 2008-06-12 Nokia Corporation Metadata broker
WO2008154052A1 (en) * 2007-06-15 2008-12-18 Sony Ericsson Mobile Communications Ab Method and apparatus for controlling the transfer of private information in a communication system
WO2019191267A1 (en) * 2018-03-27 2019-10-03 Averon Us, Inc. Using out-of-band mobile device possession attestation to release verified user identity attributes during internet transactions
US10587614B2 (en) 2016-02-03 2020-03-10 Averon Us, Inc. Method and apparatus for facilitating frictionless two-factor authentication

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6151498A (en) * 1998-03-09 2000-11-21 Ericsson Inc. System and method for routing positioning requests based on mobile switching center address
WO2001033936A2 (en) * 1999-10-29 2001-05-17 Privacomp, Inc. System for providing dynamic data informed consent to provide data privacy and security in database systems and in networked communications
WO2001039528A1 (en) * 1999-11-23 2001-05-31 Nokia Corporation Method for enabling a user to be notified of his/her positioning requests
EP1130933A1 (en) * 2000-02-29 2001-09-05 Nokia Corporation Location dependent services

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6151498A (en) * 1998-03-09 2000-11-21 Ericsson Inc. System and method for routing positioning requests based on mobile switching center address
WO2001033936A2 (en) * 1999-10-29 2001-05-17 Privacomp, Inc. System for providing dynamic data informed consent to provide data privacy and security in database systems and in networked communications
WO2001039528A1 (en) * 1999-11-23 2001-05-31 Nokia Corporation Method for enabling a user to be notified of his/her positioning requests
EP1130933A1 (en) * 2000-02-29 2001-09-05 Nokia Corporation Location dependent services

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2005002177A1 (en) * 2003-06-23 2005-01-06 Nokia Corporation Systems and methods for controlling access to an event
FR2872979A1 (en) * 2004-07-09 2006-01-13 France Telecom ACCESS SYSTEM CONTROLLING INFORMATION CONTAINED IN A TERMINAL
WO2006016025A1 (en) * 2004-07-09 2006-02-16 France Telecom System for controlled access to information contained in a terminal un terminal
US8316419B2 (en) 2004-07-09 2012-11-20 France Telecom System for controlled access to information contained in a terminal
KR101054930B1 (en) 2006-12-05 2011-08-05 노키아 코포레이션 Metadata broker
US7908292B2 (en) 2006-12-05 2011-03-15 Nokia Corporation Metadata broker
WO2008068566A1 (en) * 2006-12-05 2008-06-12 Nokia Corporation Metadata broker
US8775469B2 (en) 2006-12-05 2014-07-08 Nokia Corporation Metadata broker
CN106101110A (en) * 2006-12-05 2016-11-09 诺基亚技术有限公司 Metadata Broker
EP3273658A1 (en) * 2006-12-05 2018-01-24 Nokia Technologies Oy Metadata broker
CN106101110B (en) * 2006-12-05 2020-06-23 诺基亚技术有限公司 Metadata broker
WO2008154052A1 (en) * 2007-06-15 2008-12-18 Sony Ericsson Mobile Communications Ab Method and apparatus for controlling the transfer of private information in a communication system
US8040921B2 (en) 2007-06-15 2011-10-18 Sony Ericsson Mobile Communications Ab Method and apparatus for controlling the transfer of private information in a communication system
US10587614B2 (en) 2016-02-03 2020-03-10 Averon Us, Inc. Method and apparatus for facilitating frictionless two-factor authentication
WO2019191267A1 (en) * 2018-03-27 2019-10-03 Averon Us, Inc. Using out-of-band mobile device possession attestation to release verified user identity attributes during internet transactions

Also Published As

Publication number Publication date
CA2358129A1 (en) 2003-04-02

Similar Documents

Publication Publication Date Title
US8359273B2 (en) Secured authentication method for providing services on a data transmisson Network
US6829593B1 (en) Method and system to provide objects, especially documents, multimedia objects, software applications and/or processes to users of a telecommunications network
US7386301B2 (en) Method and apparatus for mobile based access point name (APN) selection
EP1476980B1 (en) Requesting digital certificates
US6223291B1 (en) Secure wireless electronic-commerce system with digital product certificates and digital license certificates
RU2169437C1 (en) Procedure to gain access to objects for users of telecommunication network
EP1027806B1 (en) Procedure for setting up a secure service connection in a telecommunication system
US7139556B2 (en) Provision of location dependent services without revealing the user identity via a mobile telecommunications network
US20010013020A1 (en) Service providing system and method used therefor
US20030078894A1 (en) Over-network resource distribution system and mutual authentication system
WO2000059225A1 (en) Secure wireless electronic-commerce system with wireless network domain
EP1428185A1 (en) A method and network element for paying by a mobile terminal through a communication network
EP1570331A2 (en) Method and system for providing chaining of access rules in a digital rights management system
WO2001031966A1 (en) Method and arrangement relating to positioning
US20230245085A1 (en) Laterpay 5G Secondary Authentication
US7313381B1 (en) Sim based authentication as payment method in public ISP access networks
EP1710969A1 (en) A method and system for enabling a first party to provide a second party with personalized digital content
EP1176844B1 (en) Telecommunication system and method for authenticating information related to a subscriber
US20020165783A1 (en) Accounting in peer-to-peer data communication networks
WO2003030571A1 (en) Method and system for delivering confidential information
US20040143521A1 (en) Method and device for paying for services in networks with a single sign-on
US7127428B2 (en) Dynamic business relationship establishment in a public wireless LAN environment
KR100597273B1 (en) Method and system for connecting internet site using mobile communicating apparatus
JP4245796B2 (en) Distribution server, accounting method
EP1411702A2 (en) Provisions of services via a mobile telecommunications network

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BY BZ CA CH CN CO CR CU CZ DE DM DZ EC EE ES FI GB GD GE GH HR HU ID IL IN IS JP KE KG KP KR LC LK LR LS LT LU LV MA MD MG MN MW MX MZ NO NZ OM PH PL PT RU SD SE SG SI SK SL TJ TM TN TR TZ UA UG US UZ VC VN YU ZA ZM

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ UG ZM ZW AM AZ BY KG KZ RU TJ TM AT BE BG CH CY CZ DK EE ES FI FR GB GR IE IT LU MC PT SE SK TR BF BJ CF CG CI GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP

WWW Wipo information: withdrawn in national office

Country of ref document: JP