WO2007079792A1 - Procédé et dispositif d'accès, basé sur un réseau de téléphonie mobile, à des contenus mis à disposition dans un réseau de données public et nécessitant une autorisation - Google Patents

Procédé et dispositif d'accès, basé sur un réseau de téléphonie mobile, à des contenus mis à disposition dans un réseau de données public et nécessitant une autorisation Download PDF

Info

Publication number
WO2007079792A1
WO2007079792A1 PCT/EP2006/008871 EP2006008871W WO2007079792A1 WO 2007079792 A1 WO2007079792 A1 WO 2007079792A1 EP 2006008871 W EP2006008871 W EP 2006008871W WO 2007079792 A1 WO2007079792 A1 WO 2007079792A1
Authority
WO
WIPO (PCT)
Prior art keywords
content
user
provider
mobile
network
Prior art date
Application number
PCT/EP2006/008871
Other languages
German (de)
English (en)
Inventor
Heiko Thierbach
Original Assignee
Cyber-Dynamix Gesellschaft Für Systemintegration Gmbh
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Cyber-Dynamix Gesellschaft Für Systemintegration Gmbh filed Critical Cyber-Dynamix Gesellschaft Für Systemintegration Gmbh
Publication of WO2007079792A1 publication Critical patent/WO2007079792A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/12Payment architectures specially adapted for electronic shopping systems
    • G06Q20/123Shopping for digital content
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/12Payment architectures specially adapted for electronic shopping systems
    • G06Q20/123Shopping for digital content
    • G06Q20/1235Shopping for digital content with control of digital rights management [DRM]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/383Anonymous user system
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0892Network architectures or network communication protocols for network security for authentication of entities by using authentication-authorization-accounting [AAA] servers or protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/24Accounting or billing

Definitions

  • the invention relates to a method and / or a device for mobile network-based access to content required by a provider in a public data network, in particular the Internet, which requires a release.
  • content is to be accessible only to a particular person or age group, for example, members of a professional association or persons above a certain age.
  • a credit card number must be transmitted via the network to the content provider or directly billing information for an invoice must be specified or a personal login is required.
  • a calculation of paid content via the mobile phone bill is possible, in which case the content provider, in turn, must be provided with the necessary data for this purpose.
  • the problem is that in the previous access via a mobile network with the network operator, ie the network operator, a comprehensive hardware must be kept to To ensure the mediation between the different protocols of the mobile network on the one hand and the public data network on the other.
  • the mobile Thus, operators must have a considerable infrastructure of gateways for the protocol implementation, for example, between the GPRS (General Packet Radio Service), the UMTS (Universal Mobile Telecommunication System) and the CSD standard (Circuit Switched Data Standard) on the one hand and the World Wide Web with Internet Protocol on the other side. This is associated with considerable costs for the mobile operators and considerable hardware and maintenance as well as maintenance. Due to these requirements, the services available to the user are restricted to certain content provider offerings.
  • GPRS General Packet Radio Service
  • UMTS Universal Mobile Telecommunication System
  • CSD Circuit Switched Data Standard
  • the invention is therefore based on the object of specifying a method or a device of the aforementioned type, which allows a problem-free and secure access to a wide variety of content requiring content, in addition to the hardware and infrastructure requirements of the mobile network operator in comparison with can be kept low in the prior art.
  • the inventive method thus relates to a very simple regarding the required hardware method for accessing data network content via mobile devices such as mobile phones or the like.
  • Decentralized, as a rule, by several providers, for example, on the Internet content is provided, which may be different formats, such as videos or animations or the like.
  • the method is on the one hand suitable for multimedia content, including graphics, flash programs, music, files in certain portable formats, on the other for subscriptions, event purchasing and pay-per-view concepts.
  • the network structures suitable are GPRS, UMTS and WLAN (Wireless Local Area Network) and DSL networks (Digital Subscriber Line Networks).
  • the user From the request of the content from the provider, which takes place via the user's mobile terminal, to the ultimate access to the content after the final provision by the provider, the user can remain anonymous in the method according to the invention, since the authentication with the aid of the Content provider generated authorization request centrally done by the operator of the mobile network without the user of the mobile network must provide the content provider personal information.
  • the authorization request and the confirmation information messages that may possibly be signed, exchanged between the content provider, a consumer, ie a user of the mobile network, and the mobile operator.
  • Online communication between the content provider and the mobile operator is not required for the basic method, but may be provided for additional verification.
  • the network operator does not need a network communication gateway since he does not need to mediate between the different protocols for the cellular network and the public data network. Required is only one Communication between the user who accesses this on his mobile device such as a mobile phone or PDA or notebook, and the content provider and between the user and the mobile operator. Access to the Internet or other public data network is provided to the user via the mobile network of its network operator. The user initially communicates with the content provider via the Internet in order to obtain information about the content requiring a release or also other free content. If he wants to access such contents requiring a release, then the authorization of this request and the offers of the content provider takes place via a communication between the user and his network operator. Thus, for example, even after an earlier registration of certain groups of people, anonymous access to the specific content requiring a release can be made possible.
  • the communication between the user and the provider or the mobile network operator takes place via -Rechner
  • the provider or network operator for example, as a server or server network, possibly with access to various clients are formed.
  • the content provider is thus faced with a uniform interface. Expenses for the portal management and a special content handling are eliminated as well as platform-related restrictions of the content. All delivery channels are covered, while avoiding dependencies on an operator-side core network, e.g. through access point name strategies.
  • Chargeable content may be offered by the provider as content requiring a release, whereby content purchased by the user is billed by the provider via the operator of the mobile radio network.
  • the billing thus takes place on the part of the content provider with the Netwok operator, so that the user remains anonymous despite the acquisition of a paid content to the content provider.
  • the user does not have to have any security concerns when it comes to buying content, as it is not necessary to For example, to transmit a credit card number to a content provider with whom the user has no experience and which transmission always carries the risk that the number will be intercepted.
  • the user can maintain a contract with the mobile network operator, which provides for the final billing via the network operator a cyclical billing (so-called post-paid contract) or an advance payment of credit (so-called pre-paid contract).
  • the user may, in particular after the generation of the authorization request, explain the acceptance of the access to the content of the provider, in particular on an acceptance page transmitted by the mobile radio operator.
  • the mobile user thus asks the content provider for certain content with the aid of his notebook or another mobile terminal, whereupon the latter offers the content to the customer by means of an authorization request.
  • This can be done, for example, via the definition of a parameter set directed to the network operator.
  • the network operator creates an "Acceptance Page," which allows the user to confirm the desired access that requires sharing, giving the user the opportunity to review the triggered issue how certain costs are pointed out.
  • the provider of the contents advantageously has a public key and / or an identification code provided by the operator of the mobile radio network, in particular a public key and / or identification code transmitted by means of a data connection and / or a data medium.
  • a public key and / or identification code transmitted by means of a data connection and / or a data medium.
  • collaboration between a particular content provider and a network operator is initiated by the network operator generating a keypair using, for example, the asymmetric RSA crypto process named after the mathematician Rivest, Shamir, and Adleman, followed by the public key distributed to the content providers with whom collaboration is planned.
  • This allows the appropriate content providers to encrypt messages with the public key of the network operator.
  • certain identifica- Onscodes be distributed for example via secure data connections or storage media such as CD-ROMs to a number of providers.
  • the provider of the content can generate a session depending on the request of the content by the user of the mobile network and / or the user's terminal parameters such as a session identifier and / or a content identifier and / or a price for a paid content and / or a Timestamp and / or a reference to an authorization object of the operator of the mobile network, in particular a content-related URL, provide, in particular as part of the authorization request.
  • the content provider creates its offer, for example, by defining a parameter set within an HTTP post-action (Hypertext Transfer Protocol post-action), which, for example, refers to an authorization object in the form of a Uniform Resource Locator (URL) of the network Operator shows.
  • HTTP post-action Hypertext Transfer Protocol post-action
  • This may include other information such as a price for a paid content, the associated advertising, a timestamp, a validity and a session ID or even a service ID, a content ID and more for the release of the content and for securing this Release necessary or helpful information to be included.
  • the parameters can at least partially be stored by the provider in the session context and / or in a database. This refers to all available types of storage, for example to the storage on certain media, if they can be provided sufficiently fast for a retrieval. It is crucial that the parameters can be retrieved immediately if the confirmation information of the network operator is available.
  • the provider of the content or of the content can use at least one parameter for checking the confirmation information transmitted by the user's mobile terminal. If necessary, the entire parameter set can be modified by the content provider itself in the session context or stored in a database and used completely for later validation of the authorization response of the network operator. If necessary, this can be validated with a signature and thus the answer can be checked. For example, the content provider can subsequently check whether the confirmation information received from the network operator by the user of the mobile terminal correctly reproduces his identification code, the identification code of the service or the name of the service or a URL or the price, include the currency, a timestamp and, if appropriate, ISO-compliant date and time information for the course of service use in the correct form. Likewise, a session identifier (session ID) can be checked.
  • session ID session ID
  • the operator of the mobile radio network can generate a session and / or check the authenticity of the user, in particular by determining the call number of the mobile terminal, possibly via the internet protocol based on the IP address, and / or a content identifier and / or store a price and / or a time stamp and / or include an authorization object, in particular a content-related URL, in the session context and / or generate an acceptance request for the user for the access requiring access.
  • the mobile network operator established a session with the user, determined for example via the Internet Protocol IP the phone number of the user, the MSISDN (Mobile Subscriber Integrated Digital Services Network Number) stores, for example, the content ID, the price of the service requested by the user and the like ,
  • a confirmation page can also be generated as a confirmation page for the user.
  • the content URL can be included in the session context and after a confirmation of acceptance by the user the session can be checked again and the session context can be retrieved.
  • the authenticity of the user is determined by the network operator prior to the authorization of the service requested by the user User checks.
  • the RADIUS ba ⁇ k this MSISDN of the mobile user and its currently assigned IP address is deposited.
  • the authorization object of the network operator checks the transmitted parameters of the provider's service for plausibility and validity and considers these for later processing in the session context.
  • a content repository is used to reconcile the information. If there are deviations between the information received and that deposited with the network operator for the content provider or user, the authorization process is aborted with an error message to the user.
  • Another task of the operator of the mobile network is to check whether the credit of the mobile user or the agreed payment method sufficient to use the requested content service can. If the result of the check is positive, for example, an HTML page is generated based on the transmitted parameters, which informs the user about the details of the content or service requiring the release and asks him to explain the acceptance.
  • a PIN Personal Identification Number
  • the authorization process of the content is initiated at the network operator. This can be done, for example, by the user pressing a corresponding "Submif" button, possibly with a customized text specification.
  • the operator of the mobile radio network can then check the session and / or access the session context and / or generate and / or transmit further and / or further confirmation information, in particular an authorization token, depending on the acceptance of the access requiring access by the user / or a signed authorization token and / or a confirmation page.
  • an authorization token for example, it is possible for the mobile user to choose the service offer of the content provider for a paid service accepted by the authorization object of the network operator, a digital signature is generated. This can be permanently stored together with the parameters already stored in the session context and possibly also the MSISDN of the mobile user as a data record at the mobile network operator.
  • a confirmation page which contains, for example, the original session ID of the content provider, a token and the operator ID, that is to say the name of the authorizing mobile network operator, can be transmitted to the mobile user or his mobile terminal digital signature is used, a so-called signed "trusted token", ie a defined and related set of information is transmitted, which is considered in terms of the signature as trusted.
  • the parameters included in the original authorization request are digitally signed, which can be done by the non-public RSA key of the mobile network operator or another encryption mechanism.
  • Such a signature may include the hash value of the transfer parameters, which may then be validated by the content provider by means of the public key data stored by its page.
  • the confirmation page is reconfirmed by the mobile user using a "Submit" button that can be appropriately texted, and then the session ID, trusted token, and operator ID are sent to the content provider
  • the URL to the requested content is called.
  • the parameter transfer is URL-coded.
  • the provider may verify an authorization token as part of the verification of the submitted verification information.
  • the content provider receives an HTTP request that includes the session ID and a "trusted token" as the POST body of the corresponding HTTP request method, which allows the content provider to match the initial parameters of the initial one Inquiry of the mobile user from the session context associated with this session ID, after which he can use the "trusted token” to determine the authenticity and thus the validity of the request.
  • This is preferably done by using a public key of the Network Operators the digital signature in the form of the "trusted token” is validated or verified together with or against the original parameters.
  • the authorization object of the network operator responds directly to the confirmation page, the value of the token determined from the repository and this is re-signed.
  • the session ID in this case corresponds to the current session of the content provider who submitted the offer to the user.
  • the authorization object checks whether a certain validity date set for the end of the usage period has already been reached or exceeded. If the request is made outside the validity period, it will be treated as new as described above.
  • the length of the key used in the method of the invention should not be less than 2048 bits, with the public and private keys conveniently separated and separately stored. Only the public key is usually distributed to the multiple content providers.
  • the content provider has the option of creating billing lists for paid content based on the authorization responses and assigning them to a network operator.
  • the lists preferably contain at least a timestamp, the session ID used, a content ID and the price.
  • This makes it possible for the mobile network operator to allocate to database entries or repository entries, which form the basis of billing based on their own entries. An assignment to the individual customers or users is possible via the MSISDN.
  • the data sets of the mobile network operator form the basis for billing with the content provider.
  • the user remains anonymous to the content provider.
  • the communication between the mobile terminal of the user and the provider of the content and / or the communication between the mobile terminal of the user and the operator of the mobile network can be based on the WWW protocol HTTP.
  • the hypertext transfer protocol available on the World Wide Web is expediently used.
  • the language HTML in particular in the form of parameters in HTML and / or as a web service call an HTML page, and / or on the SOAP based web service calls, in particular from an application and / or an API and / or HTML pages.
  • the transmission of information can thus take place, for example, via parameters in the hypertext markup language (HTML), which are embedded accordingly.
  • a mobile telephone and / or a PDA and / or a notebook can be used as the mobile terminal.
  • a PDA refers to a so-called personal digital assistant, so a small handheld computer.
  • the listing of the mobile terminals is not to be understood as conclusive, only decisive is that access to a mobile network of the mobile network operator is such that access to a public data network for retrieving Internet-based offers or mobile network-based and other data network offers is possible.
  • the mobile device can also be used as a combination a notebook or laptop with a mobile phone that makes the connection to the mobile network to be trained.
  • a protocol is thus made available with the method according to the invention which makes it possible to access or acquire contents requiring release with mobile devices and devices such as mobile phones and the like.
  • this method can be dispensed with complex hardware structures in the mobile network operators, especially on complex designed gateways.
  • Tokens can only be reproduced in the asynchronous RSA method if the attacker gains possession of the secret, non-public key. However, this is usually effectively avoided by adhering to the retention rules.
  • the content user remains anonymous to the content provider. Identification is not possible because no personal information, such as the MSISDN, or recurring information such as fixed IDs or the like is transmitted to the content provider.
  • the information relevant for the content is held by the provider of the content and is not bound to the possibly transmitted "trusted token", so that the content provider can detect tampering and, if necessary, prevent the delivery of the content Content Provider compared with the authorization records of the mobile network operator, so that false data can be detected and sorted out.
  • the method according to the invention provides a very secure method of obtaining content from a public data network with the aid of a mobile radio network.
  • Authorization tokens and further confirmation information can be compared, for example via a signature process.
  • the authorization system of the mobile network operator can only be reached within the GPRS or UMTS network of the same and has no access from the Internet himself, so that attacks are unlikely.
  • SIM Subscriber Identity Module
  • the invention relates to a device for mobile radio network-based access to in a public data network, in particular the Internet, of a Provider provided, a release-requiring content and, where appropriate, billing access, comprising at least one mobile terminal of a user of the mobile network and each computer facilities on the part of the provider of the content and the operator of the mobile network, designed to carry out the method described above.
  • the device With the device according to the invention, it is thus possible to obtain or acquire content that is linked to payment or whose acquisition is restricted to certain groups of persons or requires registration, for example, without the content provider being able to assign the concrete retrieval of the content to a specific user , It is not necessary to provide credit card data and the like, with the hitherto necessary gateways for switching between the core system of the mobile radio operator and the World Wide Web no longer being necessary.
  • the basic components of the device so the mobile device and the computing devices and the communication and information paths are designed so that the above-described protocol method can run with this hardware.
  • the content provider offers via its computer device, for example, Internet content such as news, ringtones and the like.
  • the user has a mobile terminal with access to the mobile network of the mobile network operator and consumes mobile network or Internet-based offers, in which, in the event that a payment is required prepaid credit or billing contracts exist.
  • the mobile network operator has the infrastructure for the authentication, authorization and billing of mobile services to the customer and for the provision of additional services such as geo-position data, messaging services and various media services, etc.
  • the mobile network operator's computer also has a connection RADIUS database, which allows the identification of the user.
  • an authorization handler the logging and reporting, a service handler, optionally a statistics handler, the administration, a security handler, an error handler, a presentation handler, the customer service, a revenue handler, monitoring and, if necessary, a business process handler.
  • FIG. 3 is a flowchart of the autoring of a user.
  • FIG. 5 shows a flow chart of the validation of a digital signature in a method according to the invention.
  • FIG. 1 shows a sketch of the structure of a device 1 according to the invention.
  • the computer device 4 being the computer device of the operator of the mobile radio network while the computer device 5 is assigned to a content provider
  • the illustration of the device 1 according to the invention in each case shows a mobile end device 2, a computer device 4 and a further computer device 5.
  • further mobile devices 2 not shown here, which belong to other users 3 of the mobile radio network, are generally present, wherein the Users 3 have access to content. Content providers with their own computer facilities 5 access.
  • the mobile terminals 2 may also be approved for different mobile network operators or some terminals may be operated in other mobile networks, so that in this case several computing devices 4 are present.
  • the communication between the mobile terminal 2 and the computer device 4 of the operator of the mobile network via the mobile network 6, only for the communication between the mobile terminal 2 and the computer device 5 of the content provider is accessed on the Internet 7 as a public data network.
  • the communication between the mobile terminal 2 and the operator of the mobile network with the computer device 4 takes place in the embodiment either via HTTP or as a web service call.
  • the communication between the content provider and the user 3 takes place via the computer device 5 and the mobile terminal 2 by means of HTTP, the information being transmitted via parameters in HTML.
  • An authorization of the requests of the user of the mobile terminal 2 takes place with the aid of tokens, which are digitally signed by the computer device 4 of the mobile network operator and transmitted via the mobile terminal 2 to the content provider, so that its computer device 5 has the option of Validate the signature. This enables secure content delivery and later secure billing.
  • FIG. 2 shows the communication relationships in a method according to the invention.
  • the box 8 symbolizes a user, the box 9 the content provider and the box 10 the mobile network operator.
  • the mobile network operator Prior to the query of the content by the user represented by box 8, the mobile network operator 'distributes a public key to the content provider with box 9.
  • the mobile user 8 asks a content from the provider, for which he uses his mobile device.
  • the query of the content remains anonymous.
  • the content provider places a session, delivers a content ID and transmits further parameters such as the price, a time stamp and a content URL in order to offer the user the content secured via an authorization request.
  • the corresponding data are transmitted as part of the authorization request to the mobile terminal of the user, here represented by the box 12.
  • the authorization request is forwarded to the mobile network operator via the mobile terminal, as indicated by box 13.
  • the mobile network operator generates a session and checks the authenticity of the mobile user based on the client ID address using a query from a database in which the MSISDN is stored for the mobile user and his currently assigned IP address.
  • the mobile network operator stores the content ID, the price and the URL and, if necessary, further parameters.
  • an acceptance page is generated, which is transmitted to the mobile user.
  • the mobile user wants to purchase or obtain the content at the specified conditions, he / she declares his acceptance, which in turn is forwarded to the mobile network operator, who receives it as shown here by box 14.
  • the mobile network operator checks the session and accesses the session context.
  • the mobile network operator also creates a token that serves the content auto-negotiation process.
  • the token is digitally signed to become a "trusted token.”
  • a confirmation page is created for the user, followed by the user with the associated box 12, requesting content from the content provider, represented by box 15.
  • the content provider receives the signed token in accordance with box 15, which he then validates with the aid of the public key he has in. After a successful validation, the content provider delivers the content to the user.
  • billing of the content between the content provider and the mobile network operator for which the mobile user at the mobile network operator has a credit balance or a contractual billing that allows this type of billing.
  • the user is anonymous throughout the process, so there is a high level of security.
  • FIG. 3 shows a flowchart of the authorization of a user.
  • step N1 first of all a request is received by the operator of the mobile radio network with which the authenticity check of the user required prior to the authorization of a service is triggered.
  • the mobile network operator determined in step N2 the phone number of the mobile user (MSISDN) from the RADIUS database.
  • step N3 after determining the MSISDN using the IP address, the parameters of the authorization request relayed by the content provider are determined. These parameters are checked for plausibility and validity in step N4, after the authentication has been successfully completed in step N2.
  • the parameters are also kept for later processing in the session context.
  • This data is compared with a content repository, whereby in the case where the data deviates from those stored by the operator of the mobile radio network, the authorization process is aborted with an error message, here the generation of an error page according to step N5.
  • step N6 a credit check is performed for the user of the mobile network, wherein in the event that the user has only insufficient credit, which does not allow to access the desired, in this case paid content, according to step N5 an error page is generated, which indicates the credit problem. If there is insufficient credit, the authorization process will also be aborted.
  • step N7 the parameters are stored in the session context, after which an acceptance page is created for the user in step N8, where the user again receives the important information concerning the desired content access in a presentation and can confirm this. This is how the authen- tion with information of the user about the details of the desired service and obtaining the consent of the user regarding the subsequent content acquisition to be carried out in the sequence.
  • Fig. 4 shows a flowchart of the authorization of a content.
  • the authorization of the content is initiated in step C1 with a request, this can be done by an operation, for example, a "Submif button in an acceptance page shown to the user.
  • step C2 the acceptance by the user is checked, and in the event that a user aborts is detected, a page indicating that cancellation is made in step C3, whereupon the process is aborted.
  • step C6 If the acceptance is positively checked by the user according to step C2, a signature is created after step C4, and in step C5 data is stored in such a way that the digital signature generated in step C4 together with those in the session Context held parameters and the MSISDN is permanently stored as a record at the operator of the mobile network. Finally, in step C6, a confirmation page is created for the user.
  • the confirmation page according to step C6 includes the content provider's session information and the content provider's signature.
  • FIG. 5 shows a flow chart of the validation of a digital signature in a method according to the invention.
  • the content provider receives a request in accordance with step V1, which is transmitted via the mobile terminal of the user and contains the session ID and a "trusted token.”
  • the request according to step V1 is configured as an HTTP request the content provider in step V2 the session ID, from which he can use the session context to find the parameters of the original request from his stored data in step V3.
  • the operator of the mobile network and performs a verification of the signature in step V5, using the public key of the network operator is used.
  • Step V6 created a corresponding information page for the user, which indicates that due to the error occurred delivery of the content is not possible.
  • the content is delivered according to step V7.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Business, Economics & Management (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Accounting & Taxation (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Finance (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)

Abstract

Procédé d'accès, basé sur un réseau de téléphonie mobile, à des contenus mis à disposition par un fournisseur dans un réseau de données public et nécessitant une autorisation, qui comprend les étapes suivantes : demande anonyme d'un contenu auprès du fournisseur de la part d'un utilisateur du réseau de téléphonie mobile via au moins un terminal mobile à l'aide duquel une liaison est établie avec le réseau de données public et un dispositif de calcul du côté du fournisseur, production, en fonction de la demande de l'utilisateur, d'une demande d'autorisation par le fournisseur du contenu pour l'utilisateur du réseau de téléphonie mobile, qui est transmise via le terminal mobile de l'utilisateur à un dispositif de calcul d'un opérateur du réseau de téléphonie mobile, établissement d'informations de confirmation en fonction d'une vérification de la demande d'autorisation, transmission de ces informations au terminal mobile de l'utilisateur par le dispositif de calcul de l'opérateur du réseau de téléphonie mobile et mise à disposition du contenu par le fournisseur à l'intention de l'utilisateur en fonction d'une vérification des informations de confirmation transmises au fournisseur par le terminal mobile de l'utilisateur.
PCT/EP2006/008871 2005-12-22 2006-09-12 Procédé et dispositif d'accès, basé sur un réseau de téléphonie mobile, à des contenus mis à disposition dans un réseau de données public et nécessitant une autorisation WO2007079792A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE102005062061A DE102005062061B4 (de) 2005-12-22 2005-12-22 Verfahren und Vorrichtung zum mobilfunknetzbasierten Zugriff auf in einem öffentlichen Datennetz bereitgestellten und eine Freigabe erfordernden Inhalten
DE102005062061.2 2005-12-22

Publications (1)

Publication Number Publication Date
WO2007079792A1 true WO2007079792A1 (fr) 2007-07-19

Family

ID=37730383

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2006/008871 WO2007079792A1 (fr) 2005-12-22 2006-09-12 Procédé et dispositif d'accès, basé sur un réseau de téléphonie mobile, à des contenus mis à disposition dans un réseau de données public et nécessitant une autorisation

Country Status (2)

Country Link
DE (1) DE102005062061B4 (fr)
WO (1) WO2007079792A1 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2010135964A1 (fr) * 2009-05-23 2010-12-02 华为终端有限公司 Procédé, dispositif et système pour vérification de contenu
AT517151B1 (de) * 2015-04-24 2017-11-15 Alexandra Hermann Ba Verfahren zur Autorisierung des Zugriffs auf anonymisiert gespeicherte Daten

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2372344A (en) * 2001-02-17 2002-08-21 Hewlett Packard Co System for the anonymous purchase of products or services online
EP1256864A1 (fr) * 2001-05-09 2002-11-13 IP-Control GmbH Réseau de compensation pour le contrôle de sessions internet anonymes payantes
EP1492306A2 (fr) * 2003-06-26 2004-12-29 Vodafone Group PLC Système et méthode pour accès anonyme à une adresse Internet, et module pour le système

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
AU3952400A (en) * 1999-04-22 2000-11-10 Cloakware Corporation Delegation billing
EP1388107A1 (fr) * 2001-05-11 2004-02-11 Swisscom Mobile AG Procede d'emission par un consommateur d'une demande anonyme a destination d'un fournisseur de contenu ou de services par l'intermediaire d'un reseau de telecommunication
FR2844943B1 (fr) * 2002-09-24 2005-01-14 Radiotelephone Sfr Procede de production d'un premier identifiant isolant un utilisateur se connectant a un reseau telematique

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2372344A (en) * 2001-02-17 2002-08-21 Hewlett Packard Co System for the anonymous purchase of products or services online
EP1256864A1 (fr) * 2001-05-09 2002-11-13 IP-Control GmbH Réseau de compensation pour le contrôle de sessions internet anonymes payantes
EP1492306A2 (fr) * 2003-06-26 2004-12-29 Vodafone Group PLC Système et méthode pour accès anonyme à une adresse Internet, et module pour le système

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2010135964A1 (fr) * 2009-05-23 2010-12-02 华为终端有限公司 Procédé, dispositif et système pour vérification de contenu
AT517151B1 (de) * 2015-04-24 2017-11-15 Alexandra Hermann Ba Verfahren zur Autorisierung des Zugriffs auf anonymisiert gespeicherte Daten

Also Published As

Publication number Publication date
DE102005062061B4 (de) 2008-01-10
DE102005062061A1 (de) 2007-06-28

Similar Documents

Publication Publication Date Title
DE60312911T2 (de) System für mobile Authentifizierung mit reduzierten Authentifizierungsverzögerung
WO2000039987A1 (fr) Procede et systeme pour mettre des objets a disposition d'utilisateurs d'un reseau de telecommunication
DE102008035391A1 (de) Verfahren zur Authentifizierung
DE212010000140U1 (de) System für ein virtuelles Sparschwein
EP3295354A1 (fr) Procédé et dispositif d'authentification d'un utilisateur de service pour une prestation de service à fournir
DE60215482T2 (de) Architektur zur bereitstellung von internetdiensten
WO2002095637A2 (fr) Procede pour fournir des services dans un reseau de transmission de donnees et composants associes
EP2575385B1 (fr) Procédé d'initialisation et/ou d'activation d'au moins un compte d'utilisateur, de réalisation d'une transaction, ainsi que terminal
DE10213072A1 (de) Verfahren zum Betrieb eines einem Mobilfunknetz zugeordneten Abrechnungssystems zur Abrechnung einer kostenpflichtigen Benutzung von Daten und Datenübertragungsnetz
DE102018009949A1 (de) Übertragungsverfahren zum flexiblen Übertragen von spezifisch teilbaren elektronischen Münzdatensätzen
DE102005062061B4 (de) Verfahren und Vorrichtung zum mobilfunknetzbasierten Zugriff auf in einem öffentlichen Datennetz bereitgestellten und eine Freigabe erfordernden Inhalten
DE202013007090U1 (de) Serverbasiertes Bezahlsystem
DE10136414A1 (de) Verfahren zum Bezug einer über ein Datennetz angebotenen Leistung
WO2019180152A1 (fr) Procédé automatisé de protection de données électroniques dans le but du traitement des données par une tierce partie avec prise en compte d'une rémunération transparente et ininterruptible
EP1248432B1 (fr) Méthode et système d'interrogation de données de certificat utilisant des références de certificat dynamiques
DE10154546B4 (de) Verfahren zum Zugänglichmachen von Diensten in Telekommunikationsnetzen, zum Beispiel im Internet
DE10149160A1 (de) Kontroll-Server zur Unterstützung der Vergebührung von Diensten
DE102015213602A1 (de) System für den Vertrieb, die Kontrolle sowie die Verteilung kontinuierlicher Datenströme von vernetzten Endgeräten und eine entsprechende Plattform
DE112013002111B4 (de) Managen von sich wiederholenden Zahlungen von mobilen Endstellen
DE112013002121B4 (de) Managen von sich wiederholenden Zahlungen von mobilen Endstellen
WO2022002502A1 (fr) Fourniture d'un service de manière anonyme
DE102011122874B4 (de) Verfahren zum Durchführen einer Transaktion, sowie Endgerät
WO2020224809A1 (fr) Procédé d'authentification d'un utilisateur final vis-à-vis d'un service dépendant
DE102005025489B4 (de) Verfahren und Computerprogramm zum Kontrollieren eines Zugriffs auf einen Informationsinhalt
EP1469658A2 (fr) Procédé de protection contre l'utilisation non autorisée de données sur un terminal mobile

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 06805697

Country of ref document: EP

Kind code of ref document: A1