DE19724901A1 - Mobile radio telephone and those with a coupled computer for Internet or network applications and method for operating such a combination of devices - Google Patents

Abstract

A chip card unit (13) pertaining to a mobile radio telephone, for instance, is connected to an interface (12) for a computer via a control unit (11) enabling the mobile radio telephone (10) to operate as a card terminal when coupled to a computer (30). When the computer (30) is connected to a telecommunication network (40), occupation of network services by service providers (50) is also possible. Chip card applications include mutual client-server authentication, verification of access rights, digital signature for sensitive data, generation of keys to encrypt data, proof of ordering, payment from an electronic purse, etc.

Description

The invention relates to arrangements and methods for the groove Lei offered on the Internet or other networks services that place high security requirements.

Cellular phones are essentially for voice transmission used in mobile networks. That in the mobile radio fon integrated so-called SIM module or the integrated Smart card is used to authenticate the mobile phone as a device authorized for mobile communications and contains keys sel for the encryption of the transmitted voice information on or for decrypting the received voice information mation.

Calculator, such as B. personal computers or laptops, the one Fixed line or mobile network connection are able to e.g. B. using http protocol to use Internet applications. For particularly security-related processes, such as. B. at Orders and payments, smart cards are used that via a chip card reader connected to the computer control transactions. The connection with a Mon bilfunknetz can also use a equipped mobile phone take place - one see z. B. "PC Professionell ", March 1994, pages 253-260 or" Cash Flow ", 2/95, pages 140, 141.

Possible applications in connection with a chip card are e.g. B. authentication, generation of digital signatures, Credit / debit card applications, electronic wallet.

A particularly high level of security can be provided by asymmetrical kryp graphic processes can be achieved in which the private  Key is not readable in the chip card and corresponding crypto methods in the chip card not ma can be performed with nipulation. Chip card modules for such applications are available on the market today, e.g. B. the SLE 44CR80S block from Siemens AG.

The object of the invention is to determine the scope of Mo. To extend bilfunkelefons so that in connection with a Computer-secured transactions in the controllable networks possible are.

This is achieved on the one hand according to claim 1 in that the cellular phone is expanded in such a way that it too can also be used as a card terminal for a computer, by the contact unit via a control unit with the Connection interface for the computer can be coupled. To this The other control unit can also be used for mobile communications required components to be connected to further control radio allowations.

Furthermore, the use of such an extended one Mobile telephones according to claim 3 in connection with a Computer that works independently of the radio part of the mobile phone a communication network connected in a known manner is that a mobile phone owner is independent of location any standard computer from personal or public Liche network services such. B. on the Internet who place high demands on security without that these standard devices have smart card readers must have.

Developments of the invention relate to methods for Operating such a combination of devices. These concern u. a. the ready activation of the mobile phone as Card terminal, which in addition to handling network services in encryption or decryption in the usual way conditions in a manner known per se.  

Particular advantages result from the fact that highly sensitive Da ten such. B. the personal PIN number or amounts of money entered on the mobile phone with the keyboard and unlocked selt can be displayed before they are encrypted to the Computers are forwarded. With this, entries about the Computer keyboard avoided, so that viruses in the computer ben can not falsify.

There is also the possibility, advantageously, Kon troll words via the microphone as proof of authorization admit, which is then digitized to a supervisory authority in the Communication network forwarded and with a reference mu be compared. In this way, the identity of a user based on a personal biome trical feature to be verified, what increased security requirements.

Furthermore, data and / or control information from Computer via the connection interface to the memory in Mon bilfunktelefon transferred and stored there. There with it is possible to change or change data on the chip card to save. These data can e.g. B. keys for encryption or decryption or for money trade amount for a cash card. The latter also opens the possibility of a card phone by operating as Telephone incoming impulse charges a debit of each corresponding amount of money.

Details of the invention are based on a in the drawing illustrated embodiment, he closer purifies. Show in detail

Fig. 1 is a schematic overview of a computer with network coupling and connected mobile phone as a card terminal for the use of network services and most

Fig. 2 is a schematic representation of a chip card for various applications.

In the illustration of FIG. 1, a mobile radio telephone 10 is connected via a standard interface 12 , e.g. B. RS232, connected to a computer 30 in the form of a conventional PC. The interface 12 is connected within the mobile radio telephone 10 with a control unit 11, taktiereinheit in further comprising a Kon 13 for the SIM-module / chip card 14/14 a, ei ne display 15, a keyboard 16, a voice and wireless module 17, and a memory 18 is connected. The voice and radio module 17 has access to the mobile radio network 20 in the usual way.

From the computer 30 , only the connection interface 31 for the mobile radio telephone 10 with the responsible driver 32 is shown, as well as a so-called browser 33 and computer applications 34 for the use of network services, for example on the Internet, indicated by the communication network 40 in connection with a corresponding one Provider 50 , e.g. B. in the form of a so-called server.

The applications accessible with the key are stored on the SIM module or the chip card 14 or 14 a. Individual chip cards can be provided for the various applications. But it can also, as Fig. 2 shows, the Mo bilfunk applications for GSM / DCS 141 and the various Internet / network applications 142 , 143 , 14 x with their different keys on a chip card.

Before using one of the network services, a corresponding chip card must be selected and inserted in the contacting unit 13 of the mobile radio telephone 10 coupled to the computer. In addition, the mobile phone 10 as a card terminal via the connection interface 31 driver 32 is to be loaded with the corresponding driver software. This can be done from a floppy disk. However, to exclude tampering with the driver 32 , it is appropriate that the z. B. with a private key of the mobile network operator driver Driver soft ware from a corresponding server on request from the computer 30 from the communication network 40 in the driver 32 is loaded. Thereafter, automatically, a verification of the driver software on the basis of a corresponding and on the smart card 14/14 a in an application such. B. 14 x located public key of the mobile network operator be carried out.

The driver software works appropriately according to one already established standard, such as B. ISO 7816-3 and the determined by the PC / SC workgroup together with Microsoft ICC specification (http //: www.smartcardsys.com)

The network application can be started in the computer 30 , for example by calling the browser 33 and entering a so-called "uniform resource locator" URL. A connection to the service provider 50 is thus established via the network 40 , and the desired services 51 , 52 ,. ., 5 times can be used. The connected mobile radio telephone 10 or the control unit 11 behaves like a usual card terminal. Depending on the provided by the service provider 50 services 51, 52,. ., 5 x are chip card applications 142 , 143 ,. . ., 14 x selectable and executable, e.g. B. for mutual client-server authentication, for veri fication of access rights, for digital signature sensi bler data, for the generation of keys for encrypting data, - for the proof of an order process, for payment from an electronic Stock exchange.

Compared to a conventional chip card reader, the. Invention of additional functions of the mobile radio telephone guarantee a significantly higher level of security:  

Computers connected to the Internet are basically from the Viruses introduced into the Internet exposed. So z. B. a Account transfer amount entered via the computer keyboard will be adulterated by such a virus, be before the transaction with the internet server correctly is closed.

With a mobile phone as a card terminal, this manipulation can be prevented by causing the computer / server application to send sensitive data such. B. transfer amounts, via the keyboard 16 of the cellular phone 10 to enter. This is communicated to the control unit 11 via a code, whereby the data entered can be perceived and checked on the display 15 unencrypted. On the other hand, this data is encrypted or signed 14 times by a chip card application and transferred to the computer 30 or the responsible server for further processing.

In the same way, when entering a personal PIN, which has been requested by a computer / network application, the PIN entered on the keyboard 16 can be encrypted in the chip card before it is forwarded to the computer / network application .

Require applications with the highest security requirements often authentication based on biometric characteristics le. With the invention shown here, this can be fol Realize as follows:

After successful mutual client-server authentication on the basis of asymmetric crypto procedures, an application 5 x asks the user to give a speech test, e.g. B. speak an agreed password three times in succession into the microphone 17 of the mobile radio telephone 10 . The control unit 11 then directs, for example, by a control code transmitted by the application 5 x or by the browser 33 , the digitized voice stream in the form of a bit string to the responsible application, for. B. 5 x, further. This extracts the personal language features from the received bit string and compares them with e.g. B. stored on disk storage 60 reference must 6 x to verify the identity of the user based on his speech samples.

The invention also includes that as part of a computing application 34 from an Internet server in the computer 30 loaded data such. B. phone lists, address lists, order data, price lists, loaded into the memory 18 of the cellphone 10 and can be shown on the display 15 , with the keyboard 16 making a selection possible.

In a further computer application 34 , keyed or spoken, digitized data can be transmitted to the mobile phone 10 in the computer 30 and further processed there or in a network server or called up later or by other persons.

Furthermore, it is possible that - triggered by a computing neranwendung 34-10 programs over the port interface 31/12 into the memory 18 of the mobile phone to be charged, the decoupled in time in the control unit 11 can be made to flow.

Finally, applications / keys - initiated by a computer application 34 - can be changed, deleted or loaded on the chip card itself.

In all cases, the transmission of data, programs or applications between the mobile phone 10 or the smart card 14/14 a, and the computer 30 and the network server may inte gritätsgesichert or be encrypted. The necessary keys are either already stored on the chip card or are previously between computer / network server application and chip card z. B. Ren exchanged after the Diffie-Hellman process. In addition, the mobile radio telephone 10 can be used very generally in an analogous manner for the encryption or decryption of data.

Another embodiment of the invention is the common use of a smart card application in GSM and fixed networks. An example of this is the electronic wallet. You can e.g. Application as an application example 14 x on the inserted card in the mobile phone 10 Chip 14/14 a via a computing / power-on 33/34/5 × charged and later during a GSM phone call, for example. B. be decremented by a pulse sent by the radio switching center at regular intervals - according to the distance-dependent tariffs. Such "prepaid" calls significantly reduce the risk of fraud that mobile operators are exposed to many times today.

Claims (12)

1. Mobile radio telephone ( 10 ) with contacting unit ( 13 ) for a chip card ( 14 , 14 a) as proof of authorization for mobile radio communication and a connection interface ( 12 ) for a computer ( 30 ), characterized in that the contacting unit ( 13 ) via a Control unit ( 11 ) is also coupled to the connection interface ( 12 ) for the computer ( 30 ) and data can be exchanged between a chip card ( 14 , 14 a) and the connection interface ( 12 ) via the control unit ( 11 ). 2. Mobile radio telephone according to claim 1, characterized in that with the control unit ( 11 ) also the other components available for Mo bilfunkverkehr are connected, so that inputs via the keyboard ( 16 ) or the microphone can be stored and forwarded via the connection interface ( 12 ) are or via the connection interface ( 12 ) incoming data can be stored and / or can be shown on the display ( 15 ), where the data to be displayed can be selected by the keyboard ( 16 ). 3. Mobile radio telephone ( 10 ) according to claim 1 or 2 with coupled coupling computer ( 30 ), characterized in that the computer ( 30 ) is connected independently of the mobile radio telephone ( 10 ) to a communication network ( 40 ) and that the mobile radio telephone ( 10 ) can be used as a connected card terminal for the use of network services in the communication network ( 40 ). 4. A method of operating a device combination consisting of a mobile radio telephone ( 10 ) with a coupled computer ( 30 ) according to claim 3, characterized in that before using network services requiring a card terminal, first of all the driver (2) controlling the connection interface ( 31 ) for the mobile radio telephone ( 10 ). 32 ) is loaded with the necessary driver software. 5. The method according to claim 4, characterized in that the driver software is loaded via the communication network ( 40 ) from a server of the mobile network operator on request in the driver ( 32 ) of the computer ( 30 ) and that with the signing of the driver software with a private key in conjunction with the corresponding public key to the smart card (14/14 a) the presence of the unauthorized driver software be automatically checked. 6. The method according to claim 4 or 5, characterized in that after establishing a connection from the computer ( 30 ) via the communication network ( 40 ) to a service provider ( 50 ) in connection with the mobile radio telephone ( 10 ) as card terminal chip card applications can be selected and executed . 7. The method according to claim 6, characterized in that the mobile radio telephone ( 10 ) is used as a card terminal of the computer ( 30 ) for the encryption of sensitive data. 8. The method according to claim 6 and 7, characterized in that required in the context of an ongoing application highly sensitive data such as personal PIN (PIN) or amounts of money on the keyboard ( 16 ) of the mobile phone ( 10 ) and entered by the control unit ( 11 ) in Connection with the Chipkar te ( 14 , 14 a) are encrypted forwarded. 9. The method according to claim 6 or 7, characterized,  that as proof of authorization or for control over the microphone entered control words to the control of the opened application are forwarded so that a Verifi in connection with stored reference samples adornment of the user is feasible. 10. The method according to any one of claims 6 to 9, characterized in that in the context of an application data received from the computer ( 30 ) to the memory ( 18 ) of the mobile phone ( 10 ) are forwarded. 11. The method according to claim 10, characterized in that the data transmitted from the computer ( 30 ) serve to change the data in a chip of the chip card ( 14 , 14 a). 12. The method according to claim 11, characterized in that in a chip card serving as a cash card ( 14 , 14 a) which during a radio connection of the mobile radio telephone ( 10 ) hits a charge impulses debit the corresponding amount of money.