WO2005112495A1 - Radiotéléphone mobile - Google Patents

Radiotéléphone mobile Download PDF

Info

Publication number
WO2005112495A1
WO2005112495A1 PCT/EP2005/005009 EP2005005009W WO2005112495A1 WO 2005112495 A1 WO2005112495 A1 WO 2005112495A1 EP 2005005009 W EP2005005009 W EP 2005005009W WO 2005112495 A1 WO2005112495 A1 WO 2005112495A1
Authority
WO
WIPO (PCT)
Prior art keywords
security module
mobile telephone
external device
interface
data
Prior art date
Application number
PCT/EP2005/005009
Other languages
German (de)
English (en)
Inventor
Klaus Finkenzeller
Christoph Schiller
Original Assignee
Giesecke & Devrient Gmbh
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Giesecke & Devrient Gmbh filed Critical Giesecke & Devrient Gmbh
Publication of WO2005112495A1 publication Critical patent/WO2005112495A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/606Protecting data by securing the transmission between two devices or processes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • G06Q20/3229Use of the SIM of a M-device as secure element
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/326Payment applications installed on the mobile devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/36Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/02Terminal devices

Definitions

  • the invention relates to a Mobilfunktelef on. Furthermore, the invention relates to a method for data transmission between a security module of a mobile phone and an external device.
  • Mobile phones generally have a security module, with the help of which a proof of access to a mobile network can be provided.
  • the security module also serves to store telephone numbers and short messages and is usually one
  • Chip card formed.
  • the connection to the mobile network which is also referred to as an air interface
  • an administration of the The required data transfer between the background system and the security module via the air interface is made possible by the fact that the data to be transmitted are packed in short messages
  • the short message is received by the mobile phone and forwarded to the security module
  • the security module interprets the short message and extracts it, for example, from the mobile phone a command. After the command has been processed, the security module packages the determined answer into a short message which is forwarded to the mobile telephone and transmitted by the latter via the mobile network to the background system.
  • the invention has for its object to provide a mobile phone with a security module in addition to the phone application further applications.
  • the mobile radio telephone according to the invention has an air interface for communication via a mobile radio network, at least one further interface for communication with an external device and a security module for proof of access authorization to the mobile radio network.
  • the security module has at least one storage location whose contents can be determined and changed from outside the security module.
  • the peculiarity of the mobile telephone according to the invention is that a functionality for carrying out a data transfer from the security module to the external device is provided according to which data is written by the security module into the storage space and the content of the storage space is read out via the further interface from the external device and / or a functionality for carrying out a data transfer from the external device is provided to the security module, according to the data from the external device via the additional interface are written into the memory and the contents of the memory space is read by the security module.
  • the invention has the advantage that a transparent communication between the external device and the security module of the mobile telephone is possible.
  • the mobile telephone is opened many new applications, the applications are each carried out in particular by the security module and the mobile phone is used as a secure terminal.
  • the transmitted data formally the outer format of a data type, which is intended for the space provided. In terms of content, however, the data differs from the intended data type.
  • the transferred data can be commands and / or answers to commands.
  • the commands are processed in particular by the security module.
  • an authentication of the external device and / or the security module can be carried out. Since an au- Thentization is a prerequisite for many applications, thus laying the foundation for a variety of uses of the mobile phone according to the invention.
  • an application for activating access to a building, a vehicle or a device can be implemented.
  • the activation of the access preferably takes place via the further interface.
  • the access rights can be managed via the air interface. This has the advantage that the access control can be operated very economically and a very fast updating of the access rights with little effort is possible.
  • an online application can be implemented in which a connection to a service provider is established both via the air interface and via the further interface.
  • the connection can be established via the further interface via an insecure network, in particular via the Internet. This means that over an insecure connection a service can be claimed or a purchase can be made and over a secure connection personal data can be transmitted or a payment can be made.
  • an electronic purse is implemented in the mobile phone according to the invention.
  • the settlement of a payment transaction with the electronic exchange can take place via the further interface.
  • the settlement of a charging process of the electronic exchange preferably takes place via the air interface.
  • the mobile telephone according to the invention is preferably designed so that at least one application is implemented in the security module and / or executed by the security module.
  • the further interface of the mobile radio telephone according to the invention can be designed, for example, as an infrared interface, Bluetooth interface, USB interface or RS232 interface. This means that, in principle, any interface in addition to the air interface can be used within the scope of the invention.
  • the inventive method relates to the implementation of a data transmission between a security module of a mobile phone and an external device.
  • the mobile telephone has an air interface for communication via a mobile network and at least one further interface for communication with the external device.
  • the security module has at least one storage location whose contents can be determined and changed from outside the security module.
  • the peculiarity of the method according to the invention is that for a data transfer from the security module to the external device, data from the security module are written into the memory space and the content of the memory location is read out via the further interface from the external device and / or for data transmission from the external device to the security module, data from the external device is written into the memory space via the further interface and the content of the memory location is read out by the security module.
  • the external device is in each case placed in a waiting state for the time which is expected to be required for processing the data transmitted to the security module.
  • FIG. 1 shows an embodiment of an inventively designed mobile phone in a schematic representation
  • Fig. 2 is an illustration of possible operations during communication between the external device and the security module of the mobile telephone and
  • Fig. 3 is a schematic representation of the communication paths in an application of the invention as part of a payment process on the Internet.
  • Fig. 1 shows an embodiment of an inventively designed mobile phone 1 in a schematic representation.
  • the mobile telephone 1 has an electronic system 2, which is preferably designed as a microprocessor and in which, for example, an operating system for operating the mobile radio telephone 1 is implemented.
  • the electronics 2 includes a plurality of interfaces for internal and external communication, wherein in Fig. 1, an air interface 3 and an infrared interface 4 are shown.
  • the air interface 3 is used for communication via a mobile radio network.
  • the infra- Red interface 4 is provided for communication with an external device 5 in the vicinity of the mobile telephone 1.
  • a Bluetooth interface instead of the infrared interface 4 or in addition to the infrared interface 4, a Bluetooth interface, a USB interface, an RS232 interface, etc. may be provided.
  • the mobile telephone 1 to a security module 6, which is formed for example as a smart card and plugged into the mobile phone 1.
  • the security module 6 is also commonly referred to as a Subscriber Identity Module, SIM for short, and is connected to the electronics 2. With the help of the security module 6 can be provided proof of an access authorization to the mobile network.
  • the security module 6 serves as storage for a number of data, such as short messages, party numbers and short numbers.
  • An excerpt from the file system used here is also shown in FIG. 1.
  • the file system has a superordinate directory 7, in which inter alia a subdirectory 8 with the designation "Telecom" is arranged, in the subdirectory 8 a file 9 with the designation "FDN" is among other things contained, in which fixed call numbers are stored.
  • the file 9 is used not only for storing the fixed call numbers, but also for carrying out a bidirectional communication between the external device 5 and the security module 6, which is handled via the infrared interface 4.
  • the data to be transmitted are in each case written by a communication partner to a predetermined location for a fixed call number in the file 9, which is then read by the other communication partner.
  • other files can also be used for the communication, for example the files for storing the short messages or the short numbers. It is important that the used file 9 can be read and written from the external device 5. The exact procedure for the communication according to the invention of the external device 5 with the security module 6 will be explained with reference to FIG. 2.
  • FIG. 2 shows an illustration of possible processes during the communication between the external device 5 and the security module 6 of the mobile telephone 1.
  • a flow chart for the sequence in the security module 6 and on the right side a flow chart for the sequence in the external Device 5 shown.
  • the respective content of the area of the file 9 is shown, at which the data to be transmitted are written.
  • the illustrated procedure refers to the initial phase of mutual authentication between the external device 5 and the security module 6 and is started by the external device 5 with a step Gl, in which the external device 5 packages a command in the record of a party number and so generated data to be transmitted. When used as intended, such a record contains a telephone number and a name.
  • the command GetChipNumber is instead entered in the data record.
  • an identifier of an integrated circuit can be read, which is a part of the security module 6.
  • the content of the file 9 is not affected by the step Gl and still has its previous value, which is not relevant to the invention.
  • Step G is followed by a step G2, in which the data record is transmitted to the infrared interface 4 of the mobile telephone 1 and written into the file 9 by means of a corresponding service command of the infrared interface 4.
  • the command GetChipNumber is now stored.
  • the external device 5 goes in one Step G3 into a wait state for a predetermined time. The contents of the file 9 will not be changed.
  • step S 1 the content of the file 9 is read out.
  • step S2 the command GetChipNumber read out from the file 9 is executed and, as a result, the identifier ChipNumber of the integrated circuit of the security module 6 is determined.
  • step S3 the identifier ChipNumber is written into the file 9, so that in the file 9 from this time the value ChipNumber is stored.
  • step G4 in which the external device 5 reads the file 9 via the infrared interface 4 and thereby obtains knowledge of the identifier ChipNumber.
  • the identifier ChipNumber remains stored in the file 9.
  • step G5 is carried out in which the external device 5 packs a command AskRandom for requesting a random number in a record for a paging number.
  • step G5 is followed by a step G6, in which the external device 5 writes the data record into the file 9 with the command AskRandom via the corresponding service command of the infrared interface 4.
  • the file 9 thus has the command AskRandom.
  • step G6 the external device 5 goes into a wait state for a predetermined time in a step G7.
  • the security module 6 reads out the command AskRandom from the file 9 in a step S4 which is executed after completion of the step G6.
  • step S5 the security module 6 executes the command AskRandom and determines the random number Random.
  • step S5 is followed by a step S6 in which the security module 6 writes the random number Random into the file 9 so that it now contains the random number Random.
  • a step G 8 follows, in which the external device 5 reads out the file 9 and thereby receives the random number Random.
  • the further course of the authentication is carried out with analogous continuation of the procedure described above, d. H.
  • a conventional authentication method is executed between the external device 5 and the security module 6, whereby the data exchange required for this purpose takes place via the infrared interface 4 of the mobile telephone 1 and with the aid of the file 9 of the security module 6.
  • a special command can be provided in the invention, with the important parameters of the infrared interface 4, such as information on the size of the input / output buffer, a maximum processing time, etc. can be requested.
  • the authentication method described above can be used for example for access control of buildings, vehicles or devices.
  • the access to a building can be unlocked via the infrared interface 4 of the mobile radio telephone 1, a vehicle door can be unlocked or an access to a personal computer is made possible and a service can be used by machines or other devices. It is in each case possible to change the access rights of an authorized institution by a communication via the air interface 3 of the mobile phone 1, so that the access rights can be updated very quickly.
  • the invention can also be used to allow fast and secure payment on the Internet. This will be explained in more detail below with reference to FIG. 3.
  • Fig. 3 shows a schematic representation of the communication paths in an application of the invention as part of a payment process on the Internet.
  • the external device 5, with which the security module 6 communicates via the infrared interface 4 of the mobile telephone 1 has an Internet connection.
  • the external device 5 can be designed, for example, as a personal computer connected to the Internet.
  • a service provider 10 to whom the payment is to be made is reachable over both the Internet and the mobile network.
  • the shopping and payment process can, for example, run so that the service provider 10 assigns a temporary identifier and is transmitted via the Internet connection to the external device 5 in order to assign the customer a virtual shopping cart for shopping on the Internet.
  • This temporary identifier is forwarded by the external device 5 via the infrared interface 4 to the mobile phone 1.
  • the temporary identifier is transmitted from the mobile phone 1 together with other data via the air interface 3 in a secure manner to the service provider 10.
  • the procedure according to the invention thus combines a conventional shopping process on the Internet with a payment transaction via a secure connection. This allows reliable protection against manipulation. It also eliminates the need to submit personal information over the Internet. Since the mobile phone 1 is a secure terminal, also eliminates the need to provide an additional terminal specifically for the payment process.
  • the inventively designed mobile phone 1 can continue to be used to pay for small change amounts.
  • a small exchange is implemented in the security module 6, which can be accessed via the infrared interface 4 of the mobile phone 1.
  • the small exchange can be charged.
  • the other applications described above can also be implemented in the security module 6 or executed by the security module 6.

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Accounting & Taxation (AREA)
  • General Business, Economics & Management (AREA)
  • Strategic Management (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Finance (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)

Abstract

L'invention concerne un radiotéléphone mobile (1) présentant une interface radio (3) pour assurer une communication par l'intermédiaire d'un réseau de radiotéléphonie mobile, au moins une autre interface (4) pour assurer la communication avec un appareil extérieur (5) et un module de sécurité (6) pour identifier une autorisation d'accès au réseau de radiotéléphonie mobile. Le module de sécurité (6) présente au moins un emplacement de mémorisation (9) dont le contenu peut être détecté et modifié depuis l'extérieur du module de sécurité (6). Le radiotéléphone mobile (1) selon l'invention se caractérise en ce qu'il est prévu une fonctionnalité pour effectuer la transmission de données entre le module de sécurité (6) et l'appareil extérieur (5), d'après laquelle des données sont introduites dans l'emplacement de mémorisation (9) à partir du module de sécurité (6) et le contenu de l'emplacement de mémorisation (9) est sélectionné par l'intermédiaire de l'autre interface (4) par le dispositif extérieur (5) et/ou un fonctionnalité est prévue pour effectuer la transmission de données entre l'appareil extérieur (5) et le module de sécurité (6), d'après laquelle des données provenant de l'appareil extérieur (5) sont introduites dans l'emplacement de mémorisation (9) par l'intermédiaire de l'autre interface (4) et le contenu de l'espace de mémorisation (9) est sélectionné par le module de sécurité (6).
PCT/EP2005/005009 2004-05-10 2005-05-09 Radiotéléphone mobile WO2005112495A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE102004022906.6 2004-05-10
DE102004022906A DE102004022906A1 (de) 2004-05-10 2004-05-10 Mobilfunktelefon

Publications (1)

Publication Number Publication Date
WO2005112495A1 true WO2005112495A1 (fr) 2005-11-24

Family

ID=34970194

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2005/005009 WO2005112495A1 (fr) 2004-05-10 2005-05-09 Radiotéléphone mobile

Country Status (2)

Country Link
DE (1) DE102004022906A1 (fr)
WO (1) WO2005112495A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1933250A1 (fr) * 2006-12-12 2008-06-18 Gemplus Procédé pour exécuter un programme dans un dispositif électronique portable, dispositif et système électroniques correspondants

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1998027767A1 (fr) * 1996-12-17 1998-06-25 Nokia Mobile Phones Limited Procede pour amener les instructions de commandes d'une carte sim depuis un dispositif externe a une carte sim
US6216014B1 (en) * 1996-05-17 2001-04-10 Gemplus Communication system for managing safely and independently a plurality of applications by each user card and corresponding user card and management method
WO2004002176A1 (fr) * 2002-06-24 2003-12-31 Kabushiki Kaisha Toshiba Authentification simultanee de dispositifs multiples au moyen d'un module sans fil unique d'identite d'abonne

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6216014B1 (en) * 1996-05-17 2001-04-10 Gemplus Communication system for managing safely and independently a plurality of applications by each user card and corresponding user card and management method
WO1998027767A1 (fr) * 1996-12-17 1998-06-25 Nokia Mobile Phones Limited Procede pour amener les instructions de commandes d'une carte sim depuis un dispositif externe a une carte sim
WO2004002176A1 (fr) * 2002-06-24 2003-12-31 Kabushiki Kaisha Toshiba Authentification simultanee de dispositifs multiples au moyen d'un module sans fil unique d'identite d'abonne

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1933250A1 (fr) * 2006-12-12 2008-06-18 Gemplus Procédé pour exécuter un programme dans un dispositif électronique portable, dispositif et système électroniques correspondants
WO2008071530A1 (fr) * 2006-12-12 2008-06-19 Gemalto Sa Procede pour executer un programme dans un dispositif electronique portable, dispositif et systeme electroniques correspondants

Also Published As

Publication number Publication date
DE102004022906A1 (de) 2006-03-23

Similar Documents

Publication Publication Date Title
EP2417550B1 (fr) Procéde d'execution d'une application à l'aide d'un support de données portable
EP2393032B1 (fr) Procédé de sortie d'une application à l'aide d'un support de données portatif
DE69400549T3 (de) IC-Karten-Übertragungssystem
EP3748521B1 (fr) Méthode pour lire les attributs d'un témoin d'identité
DE10296888T5 (de) System und Verfahren zur sicheren Eingabe und Authentifikation von verbraucherzentrierter Information
WO2011088970A1 (fr) Procédé d'exécution d'une transaction entre un support de données portatif et un terminal
DE102004044454A1 (de) Tragbares Gerät zur Freischaltung eines Zugangs
EP1326216A1 (fr) Procédé et dispositif pour paiements électroniques avec des dispositifs de communication portables
EP3271855B1 (fr) Procédé de génération d'un certificat pour un jeton de sécurité
WO2005112495A1 (fr) Radiotéléphone mobile
EP3298526B1 (fr) Procédé de lecture d'attributs à partir d'un jeton d'identification
DE102008047639A1 (de) Verfahren und Vorrichtung zum Zugriff auf ein maschinenlesbares Dokument
DE60116658T2 (de) Datenträger mit zusatzvorrichtung
DE10262183B4 (de) Mobiles Telekommunikationsgerät und Chipkartensystem
AT509336B1 (de) Chipkarte mit autorun-funktion
DE102015006751A1 (de) Verfahren zur Bereitstellung eines persönlichen Identifikationscodes eines Sicherheitsmoduls
DE60205206T2 (de) Verfahren zur Sicherung des Herunterladens von aktiven Daten auf ein Kommunikationsgerät
WO2013127520A1 (fr) Libération de transaction authentifiée
EP3451263A1 (fr) Système de sécurité permettant l'exécution d'une application électronique
EP2840757B1 (fr) Administration individuelle et centrale des cartes de puce
EP3323072B1 (fr) Procédé pour lire des attributs dans un jeton id, jeton id, système informatique de fournisseur d'attribut et système informatique
DE102011112855A1 (de) Verfahren zur elektronischen Durchführung einer Zahlungstransaktion
DE10065067B4 (de) Verfahren zum Verifizieren nutzerspezifischer Informationen in einem Daten- und/oder Kommunikationssystem sowie Daten- und/oder Kommunikationssystem
EP3361436A1 (fr) Procédé d'autorisation d'une transaction
WO2014102017A1 (fr) Procédé de gestion de données

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KM KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NG NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

WWW Wipo information: withdrawn in national office

Country of ref document: DE

122 Ep: pct application non-entry in european phase