SECURE COMMUNICATION OF SENSITIVE DATA IN A WIRELESS TELEPHONE SYSTEM
TECHNICAL FIELD
This invention relates to communicating secure data, and more particularly to communicating secure data in a wireless telephone system.
BACKGROUND Wireless telephone systems today use radio frequency signals, which are electromagnetic waves, to transmit and receive signals, representing sounds (audio), to and from a base station, which in turn conveys the signals typically over wires (optical or copper) to and through the telephone network. Because the radio frequency signals are not transmitted over a telephone wire, wireless telephones are not tied to a location and are sometimes referred to as mobile phones. However, a person with a receiver that is compatible with the wireless phone signals, can receive and decode the radio frequency signals and eavesdrop on a conversation associated with a mobile phone.
Certain wireless telephones are also equipped to send and receive digital data, to browse web pages from a network, such as the Internet. The mobile phones then transmit data requests for the web pages to the base station, which in turn transmits the requests over a network to a web site associated with the web page. The web site transmits the web page over the network to the base station, which then transmits the page to the wireless telephone using radio frequency signals. An eavesdropper with a compatible receiver can not only view the web pages sent to the wireless telephone, by receiving and decoding the radio frequency signals, but can also receive and decode data sent by or to the base station. Consequently, secure data, such as credit card information, is seldom transmitted from the wireless telephone system to the base station, and transactions or exchanges of secure information do not occur without concern of interception.
- I -
SUMMARY
The invention relates to methods and apparatus for ensuring the security of sensitive data in a wireless telephone system. The method features, at a server, receiving secure data over a secure computer network, storing the received secure data in the system, transmitting a user ID, associated with the secured data, to the user over the secure computer network, receiving an identifier associated with a wireless telephone used by the user when the user ID is received from the wireless telephone, and storing the identifier in association with the secure data. In a particular application, after receiving the user ID from the wireless telephone, the wireless telephone is directed to authenticate the user of the wireless telephone and, if the user is successfully authenticated, then receiving and storing the identifier of the wireless telephone and associating the stored secured data with the identifier associated with the wireless telephone.
In a particular embodiment of the invention, the method further features receiving a request for a web page from the wireless telephone, retrieving the web page from a remote location over a secure network (which may or may not be the same secure network previously noted), determining whether the web page contains a request for the stored secured data, and if the web page contains such a request, directing the wireless telephone to authenticate the operator of the wireless telephone. If the operator is successfully authenticated, the method retrieves stored secure data and transmits that secure data to a designated remote location over a secure communications path. Otherwise, if the web page does not contain a request for the secure data, the method transmits the web page to the wireless telephone without further action.
In yet another aspect of the invention, once the method transmits the user ID to the user, the method waits a predetermined time period within which time it either receives the user ID and telephone identifier or the user ID and associated secure data are discarded.
In other aspects, the invention relates to a system for reading a computer readable medium which stores machine-executable instructions, the instructions causing the system to receive secure data over a secure computer network, store the received secure data in the system, transmit a user ID, associated with the secure data, to the user over the secure
computer network, receive an identifier associated with a wireless telephone used by the user when the user ID is received from the wireless telephone, and store the identifier in association with the secure data. In a particular application, after receiving the user ID from the wireless telephone, the instructions cause the system to direct the wireless telephone to authenticate the user of the wireless telephone and, if the user is successfully authenticated, to receive and store the identifier of the wireless telephone and associate the store secure data with the identifier associated with the wireless telephone.
Accordingly, the method and apparatus of the invention provide for a secure method of and apparatus for transmitting sensitive and proprietary information to a web page site when contact with the site is made from a wireless telephone. The secure data is never sent
"in the clear" over an insecure line. Accordingly, the likelihood of interception and theft is substantially reduced. Furthermore, the method and apparatus provide a convenient and easily implemented system.
The details of one or more embodiments of the invention are set forth in the accompa- nying drawings and the description below. Other features, objects, and advantages of the invention will be apparent from the description and drawings, and from the claims.
DESCRIPTION OF DRAWINGS
FIG 1 is a block diagram of a wireless telephone system;
FIG 2 is a flow chart of the process implemented by a celco server of the wireless telephone system to associate a wireless phone with secure data;
FIG 3 is an example of a web page presented by the celco server of FIG. 1 to collect the secure data from a user;
FIG 4 is an example of a web page presented by the celco server of FIG 1 directing the user to call a particular number using the wireless phone; and FIG. 5 is a flow chart of the process implemented by the celco server of FIG.1 to provide the secure data to the remote server of FIG 1.
Like reference symbols in the various drawings indicate like elements.
DETAILED DESCRIPTION
Referring to FIG 1, a wireless telephone system 10, in this embodiment, includes at least one wireless phone 12 that is equipped to browse web pages 14. An operator of the
wireless phone 12 can transmit insecure data 16, such as requests for web pages 14 from the wireless phone. Transmissions to and from the wireless phone are currently transmitted using wireless signals, for example, radio frequency signals, through the atmosphere to a base station 18, which in turn conveys the transmission over a celco network 20, such as an intranet provided by a wireless telephone service provider, to a celco server 22 provided, for example, by the wireless telephone service provider. In other embodiments of the invention, other wireless transmission media could be use, such as for example infrared, optical, or microwave transmission. The celco server 22 retrieves web pages 14 from a remote server 26 over a secure internet connection 27 for transmission to the operator of the wireless phone (through celco local network 20 and the wireless link to the phone 12) and provides the web pages 14 to the wireless phone 12. The celco server 22 also provides celco web pages 28 to a client computer, such as client computer 30, and receives secure data 24 from the client computer 30 as will be described below.
An eavesdropper can receive the wireless signals using a receiver that is compatible with the wireless telephone 12 and view the web pages 14 and insecure data 16 transmitted between the wireless phone 12 and the base station 18. As will be described in greater detail below, the celco server 22 selectively stores secure data 24 in association with each wireless phone 12. When the remote server 26 requests the secure data 24, the celco server 22 will provide the requested secure data 24 to the remote server 26, under certain authorized conditions, thereby avoiding the transmission of that secure data 24 over the insecure wireless connection between the wireless phone 12 and the base station 18.
Referring to Fig. 2, in a particular embodiment of the operation of the invention, the celco server 22 receives a request, for example, from a client computer, for the celco to store secure data in its data storage or database. The secure data can be, for example, security passwords, credit card information, financial data, etc. This is indicated at 100. The requests can also come from other than a client computer so long as the request is preferably placed on a secure network or other secure communications channel between the user and the celco server. In response, the celco server after receipt of the secure data as indicated at step 120, generates a user ID in association with the secure data (step 120) and transmits that user ID to the user over a secure communications link such as the network 27. The user is also
instructed to call the celco server using the wireless telephone. Upon making the phone call, the user is instructed to enter the user ID for identification purposes. This is indicated at 130. In a typical environment, when the celco server sends the user ID to a client or user, it also initializes a timer, at 140. When the user thereafter calls from the wireless telephone, and sends its user ID, the celco is checking, continuously, to see if a call is received corresponding to that user ID (at 150) and if no call is received, it checks (at 160) to see whether the timer value exceeds a predetermined threshold value. If the threshold value is not exceeded, and if no call has been received, then the system returns to checking for a received call at 150. Otherwise, the celco server discards the user ID as well as the secured data previously sent by the user. This is indicated at 170.
If the wireless call is received within the time period allowed (the "threshold value"), in a particular preferred embodiment of the invention, the celco server requests authentication from the user, at 180. If the authentication received by the user is successful, at 190, the celco server then requests the user ID at 200 and checks that the user ID is correct at 210. If either the user ID is incorrect or authentication fails, the celco server discards the secure data as well as the associated user ID, but only if the threshold value of the timer has been exceeded. Note that without the user ED, there is no identification of which secure data to discard and therefore it is impossible for the celco server to identify the data to discard prior to the expiration of the threshold value which can be, for example, at least 5 or 10 minutes, or longer.
Once the correct authentication and user ID have been provided, the celco, at 220, saves the secure data in association with a telephone ID in its database. The telephone ID is, for example, the Sim card PUC number and telephone ID number which are stored in a unique association, with each wireless telephone. Accordingly, the celco server associates these pieces of data to each other at 222. Thereafter, when that wireless telephone calls the celco server, the identification of the phone is assured and after a dual identification process as described in more detail in Fig. 5, the secure data can be sent to a requesting website. Referring now to Figs. 3 and 4, in a particular embodiment of the invention, the secure data can be entered in a web page provided by the celco server to, for example, a client computer. If the secure data is credit card information, the web page 280 can provide an identification of the credit card number and its type, the name of the credit card holder and
his or her billing address, as well as the expiration date of the credit card. In addition, the data will include the telephone number of the wireless phone to be associated with this credit card number. In response to receiving the completed form, referring to Fig. 5, the celco server provides a telephone number to call, using the wireless telephone, along with a user ID to be provided, at a prompt, during the call. The celco discards the secure data if the call is not received from the wireless phone within a specified time-frame and the user ID is provided.
In operation, referring now to Fig. 5, when the celco server, also designated a proxy server, receives a request for a web page from the wireless phone, as indicated at 300, the celco or proxy server retrieves the web page from a remote server over a secure internet connection (310). A parser, at the celco or proxy server parses the received web page to determine whether that page includes a request for secure data which has previously been stored at the database within the celco server. This is indicated at 320. If secure data is not requested, the proxy server or celco server transmits the received web page to the wireless telephone (at 330).
On the other hand, if the web page does request data which has been stored within the celco database as "secure data", the proxy server or celco server requests authentication from the user of the wireless telephone. This is indicated at 340. If the user is successfully authenticated, by either passwords and/or the telephone ID embedded in the wireless phone (as checked at 340), the celco provides the secure data, after the user authorizes such action, to the remote server. This is indicated at 350, 360. The secure data is then sent, over a secure Internet connection, to the remote user at 370.
If the user decides not to send the secure data from the celco or proxy server, or if the requested data is not stored at the proxy server, it still receives the web page but the proxy server will not provide the secure data to the remote site and the user must either provide it over the insecure wireless communications link or not provide it at all. Further, if the telephone was not successfully authenticated, the proxy server simply transmits the web page to the wireless phone and the wireless phone user is left to deal with the web page as desired. It is also important to note that should the telephone be stolen or otherwise "comprised" and fall into the hands of an unauthorized user, the failure to properly authenticate the phone can be dealt with by the wireless base station operator turning the
phone off and placing it in a locked condition, thereby rendering the phone useless. This built-in protection further advantageously protects the security of any sensitive information stored at the celco.
Further, it is also important to recognize that a single user may have several discrete items of secure data. Thus, in the creation of the database for holding the secured data at the celco, there can be a "wallet" for each user, each wallet having a number of items in it. In a preferred embodiment of the invention, the user is also provided with the flexibility of making the secure information available, selectively, to different devices. Thus, a user using a first wireless device may have access to certain elements in the wallet while a user using a different wireless device, for example a child of the original user, may have access to different elements of the wallet. Further, access may be limited depending upon the information provided to the celco so that secure data can only be sent to, for example, certain classes of recipients, depending upon both the data and the device. In yet other embodiments, provision can be made to enable different users to have different "rights" with regard to various elements in the wallet, even using the same device. This may be accomplished, for example, by using different identifications and/or passwords, in combination with different authentications.
Accordingly, therefore, the secured data is sent to a remote requester, when properly authorized by the user, over a secure network and never over the unsecured wireless network. As a result, therefore, the user can perform various functions such as the purchase of goods and services, the transmittal of sensitive information, etc. without fear of compromising the sensitive information which can include credit card information, personal data, etc.
Although the invention has been described with reference to a particular embodiment, it will be understood that various additions, deletions, and other modifications may be made without departing from the spirit and scope of the invention. Accordingly, other embodiments are within the scope of the following claims.