[go: up one dir, main page]

CN101518038A - System and method for sharing credentials stored in a credential module of a first device - Google Patents

System and method for sharing credentials stored in a credential module of a first device Download PDF

Info

Publication number
CN101518038A
CN101518038A CNA2007800347161A CN200780034716A CN101518038A CN 101518038 A CN101518038 A CN 101518038A CN A2007800347161 A CNA2007800347161 A CN A2007800347161A CN 200780034716 A CN200780034716 A CN 200780034716A CN 101518038 A CN101518038 A CN 101518038A
Authority
CN
China
Prior art keywords
interface
visit
module
user
secondary device
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CNA2007800347161A
Other languages
Chinese (zh)
Inventor
M·泰歇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Western Digital Israel Ltd
Original Assignee
SanDisk IL Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by SanDisk IL Ltd filed Critical SanDisk IL Ltd
Publication of CN101518038A publication Critical patent/CN101518038A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Telephonic Communication Services (AREA)

Abstract

A primary appliance reversibly engageable with a secondary appliance for sharing credentials, the primary appliance comprising: a credential module configured to enable the primary device to make and receive calls; and an interface with a secondary device, the interface comprising: a physical interface for physically reversibly engaging the primary device and the secondary device; and a conductive interface operable to enable the secondary device to communicate with the credential module once physically engaged. A secondary appliance reversibly engageable with a primary appliance having a credential module that enables the primary appliance to make and receive calls, comprising: a business module configured to be enabled by the credential module; and an interface for a host device, the interface comprising: a physical interface for physically reversibly engaging a secondary device with the primary device; and a conductive interface that enables the secondary device to communicate with the credential module upon physical engagement of the secondary device with the primary device.

Description

共享存储在第一装置的凭证模块中的凭证的系统和方法 System and method for sharing credentials stored in a credential module of a first device

技术领域 technical field

本发明涉及用于共享移动电话、特别是使用SIM(用户身份模块)卡的移动电话中的用户凭证的系统。The invention relates to a system for sharing user credentials in mobile phones, in particular mobile phones using SIM (Subscriber Identity Module) cards.

背景技术 Background technique

移动电话已经成为社会中无处不在的一部分。移动电话通常由为拨出电话和接听电话付费的用户所有。近年来,移动电话添加了很多附加业务。这样的业务包括附加通信选项(例如,发送文本消息、访问因特网、接收广播、以及连接计算机)。Mobile phones have become a ubiquitous part of society. Mobile phones are usually owned by users who pay for outgoing and incoming calls. In recent years, many additional services have been added to mobile phones. Such services include additional communication options (eg, sending text messages, accessing the Internet, receiving broadcasts, and connecting to computers).

其他业务使用通信信道来访问远程业务提供商(例如,银行、贸易商、以及例如提供音乐、视频、铃音以及新闻的内容提供商)并与其交易。也存在一些局限于手机单元的业务(例如,听音乐、观看视频、打游戏、以及管理联系人和日程表)。一些业务使用短距离通信(例如,红外线、蓝牙、或NFC(近距离通信))来支付费用。Other businesses use the communication channel to access and transact with remote service providers such as banks, merchants, and content providers such as providing music, video, ringtones, and news. There are also some services that are limited to the handset unit (eg, listening to music, watching videos, playing games, and managing contacts and calendars). Some services use short-range communication (eg, infrared, Bluetooth, or NFC (Near Field Communication)) to pay for fees.

使用移动电话获取或消费的许多业务都需要订阅并识别用户和/或用户权利。SIM卡是包含用于确定用户的身份和权利的数据的示例性标准模块。通常,SIM卡也携带其他与用户相关的数据(例如,联系人和日程数据库、以及下载的内容)。因此,SIM卡将通过维护用户的凭证(例如,识别用户和/或用户权利的数据)和/或用户拥有的并存储在SIM卡中的内容来将通用装置转换为个性化的装置。Many services acquired or consumed using a mobile phone require a subscription and identification of the user and/or user rights. A SIM card is an exemplary standard module containing data used to determine a user's identity and rights. Typically, the SIM card also carries other user-related data (eg, contacts and calendar databases, and downloaded content). Thus, the SIM card will convert a generic device into a personalized device by maintaining the user's credentials (eg, data identifying the user and/or user rights) and/or content owned by the user and stored in the SIM card.

图1是根据现有技术的典型移动设备的简化示意框图。图1示出了移动设备100(例如智能移动电话)。凭证模块110(例如,SIM卡)是识别用户、他/她的帐户、以及可选地用户可能具有的其他访问权利的模块。凭证模块110也可以存储其他个人数据(例如,联系人列表、日程表、因特网收藏、发送/接收的文本消息、以及由用户所有的内容)。凭证模块110通过设备接口120和模块接口130与设备业务140接口连接。设备业务140表示包括设备100的硬件和软件部件的业务模块,所述设备100的硬件和软件部件提供语音或非语音业务。设备接口120和模块接口130通常是用于操作地将需要适当用户凭证的设备业务140与凭证模块110相连接的传统电接触。Figure 1 is a simplified schematic block diagram of a typical mobile device according to the prior art. Figure 1 shows a mobile device 100 (eg, a smart mobile phone). Credentials module 110 (eg, SIM card) is a module that identifies the user, his/her account, and optionally other access rights the user may have. Credentials module 110 may also store other personal data (eg, contact lists, calendars, Internet favorites, text messages sent/received, and content owned by the user). The credential module 110 interfaces with the device service 140 through the device interface 120 and the module interface 130 . Device service 140 represents a service module comprising hardware and software components of device 100 that provide voice or non-voice services. Device interface 120 and module interface 130 are generally conventional electrical contacts for operatively connecting device services 140 requiring appropriate user credentials with credential module 110 .

通常,移动设备可以被连接到另一装置以扩展设备的功能性。例如,移动电话可以连接到汽车适配器以通过无需手的通信来提供更加安全的驾驶;移动电话可以连接到桌子支架以提供更好的音质以及更方便的耳机;移动电话可以连接到个人计算机用于同步联系人、日程表、以及文件;或者移动电话可以连接到蓝牙耳机来提供无需手的移动通信。Often, a mobile device can be connected to another device to extend the functionality of the device. For example, a mobile phone can be connected to a car adapter to provide safer driving through hands-free communication; a mobile phone can be connected to a table stand to provide better sound quality and a more convenient headset; Synchronize contacts, calendars, and files; or a mobile phone can be connected to a Bluetooth headset to provide hands-free mobile communication.

图2是根据现有技术的连接到配件的典型移动设备的简化示意框图。移动设备100’包括用于通过设备接口162操作地连接到配件160的配件接口150。配件160提供由配件业务164表示的改进的或额外的业务。配件接口150和设备接口162是逻辑、电的、和/或物理接口(例如,插口-插座连接、支架、和蓝牙连接),其可操作地将设备100’连接到配件160。当前配件局限于使用在包含SIM卡的设备上可用的与SIM相关的业务,其可以被设备的性能或特征所限制。Fig. 2 is a simplified schematic block diagram of a typical mobile device connected to an accessory according to the prior art. Mobile device 100' includes accessory interface 150 for operative connection to accessory 160 via device interface 162. Accessory 160 provides improved or additional services represented by accessory services 164 . Accessory interface 150 and device interface 162 are logical, electrical, and/or physical interfaces (e.g., socket-to-socket connections, cradles, and Bluetooth connections) that operably connect device 100′ to accessory 160. Current accessories are limited to the use of SIM-related services available on the device containing the SIM card, which may be limited by the capabilities or features of the device.

移动设备的用户可以经常将SIM卡从一个设备移动到另一设备,从而在个性化并激活第二设备的同时使第一设备失去个性并使第一设备无效。图3A是根据现有技术的两种典型移动设备的简化示意框图。图3A示出了提供相似或不同的设备业务140A和设备业务140B的第一设备100A和第二设备100B。模块转移操作A是手动过程,其允许用户选择性地将凭证模块110插入第一设备100A或第二设备100B中,从而在选择性地个性化并激活当前设备的同时使另一设备无效。通过模块转移操作A将凭证模块110从第一设备100A移动到第二设备100B被认为是不方便的任务。Users of mobile devices may frequently move SIM cards from one device to another, depersonalizing and deactivating a first device while personalizing and activating a second device. Fig. 3A is a simplified schematic block diagram of two typical mobile devices according to the prior art. FIG. 3A shows a first device 100A and a second device 100B providing similar or different device services 140A and 140B. Module transfer operation A is a manual process that allows a user to selectively insert a credential module 110 into either the first device 100A or the second device 100B, thereby deactivating the other device while selectively personalizing and activating the current device. Moving the credential module 110 from the first device 100A to the second device 100B by the module transfer operation A is considered an inconvenient task.

诸如由Carlsson的美国专利第6,868,282号(以下称作Carlsson‘282)中所教导的现有系统,教导了多个方法,用于:第一设备从驻留于该设备中的SIM卡读取用户凭证,并将用户凭证传送到在其中用户凭证被用来获取移动业务的第二设备,该文献的全部内容通过引用结合于此。图3B是从Carlsson‘282的图3改编的两个典型移动设备的简化示意框图。Existing systems, such as that taught in U.S. Patent No. 6,868,282 to Carlsson (hereinafter referred to as Carlsson '282), teach methods for: a first device reading a user from a SIM card resident in the device The entire content of this document is hereby incorporated by reference. Figure 3B is a simplified schematic block diagram of two typical mobile devices adapted from Figure 3 of Carlsson '282.

图3B示出了两个移动设备(例如MS A和MS B)如何彼此通信以访问无论哪个SIM卡(即,SIM卡A和SIM卡B)。由Carlsson ‘282教导的方法受到了限制,这是因为需要由MS A和/或MS B的主CPU(图3B的CPU/MEM)的调解以便处理存储在SIM卡A和/或SIM卡B中的用户凭证的安全交换、以及需要两个设备都运行以便使得一个设备能够使用另一设备的用户凭证。Figure 3B shows how two mobile devices (e.g. MS A and MS B) communicate with each other to access whichever SIM card (i.e. SIM card A and SIM card B). The method taught by Carlsson '282 is limited in that it requires mediation by the main CPU of MS A and/or MS B (CPU/MEM of FIG. 3B ) in order to process the memory stored in SIM card A and/or SIM card B. The secure exchange of user credentials for a device, and the need for both devices to function in order for one device to use the other device's user credentials.

期望携带容纳凭证模块的第一设备的用户通过在不必从第一设备中取出凭证模块的情况下将第一设备的凭证模块耦合到第二设备来操作第二设备。A user desiring to carry a first device housing a credential module operates the second device by coupling the credential module of the first device to the second device without having to remove the credential module from the first device.

发明内容 Contents of the invention

本发明的目的在于提供用于共享移动电话、特别是使用SIM卡的移动电话中的用户凭证的系统。The object of the present invention is to provide a system for sharing user credentials in mobile phones, in particular mobile phones using SIM cards.

为了清楚的目的,术语“设备”在此使用被特别限定为用于表示为用户服务的设备,并且被用户或其他个体所有。因此,第一设备可以是例如由用户所拥有的蜂窝手机,而第二设备可以是例如由用户所拥有的汽车电话,或用户可用的公共电话。For purposes of clarity, the term "device" as used herein is specifically defined to mean a device serving a user and owned by the user or other individual. Thus, the first device may be, for example, a cellular handset owned by the user, and the second device may be, for example, a car phone owned by the user, or a public telephone available to the user.

本发明的优选实施例寻求提供一种系统,用于物理地将第一设备与第二设备物理地接合,然后可操作地将第二设备连接到驻留于第一设备中的凭证模块,而不必物理地从第一设备中移除凭证模块。Preferred embodiments of the present invention seek to provide a system for physically engaging a first device with a second device and then operatively connecting the second device to a credential module residing in the first device, while It is not necessary to physically remove the credential module from the first device.

因此,根据本发明,首次提供了一种共享凭证的系统,该系统包括:(a)包括凭证模块的主设备,该主设备可操作地使用凭证模块拨打电话和接听电话;以及(b)至少一个次设备,被配置为:(i)物理地与主设备接合,从而建立与配置模块的接口;以及(ii)在通过接口使用凭证模块来提供业务。Therefore, according to the present invention, for the first time there is provided a system for sharing credentials, the system comprising: (a) a master device including a credential module operable to make and receive calls using the credential module; and (b) at least A secondary device configured to: (i) physically interface with the primary device to establish an interface with the configuration module; and (ii) provide services using the credential module through the interface.

优选地,该接口是导电的。Preferably, the interface is electrically conductive.

优选地,该接口是短距离非接触接口。Preferably, the interface is a short range contactless interface.

最优选地,短距离非接触接口使用从包括ISO 14443技术、NFC技术、蓝牙技术、红外技术和声学接口技术的组中选择的至少一种通信技术。Most preferably, the short-range contactless interface uses at least one communication technology selected from the group consisting of ISO 14443 technology, NFC technology, Bluetooth technology, infrared technology and acoustic interface technology.

优选地,所述业务包括从如下组中选出的至少一种业务,所述组包括使能电话、发送文本消息、提供用户身份、提供操作者数据库中的订阅记录的身份、提供允许所述用户访问信用帐户的数据、提供允许所述用户访问银行帐户的数据、提供对电子钱包的访问、提供对所述用户的联系人数据库的访问、提供对所述用户的日程表数据库的访问、提供对所述用户所拥有的内容的访问、提供对铃音的访问、提供对音乐的访问、提供对视频的访问、以及提供DRM访问码。Preferably, said service comprises at least one service selected from the group consisting of enabling telephony, sending text messages, providing user identity, providing identity of a subscription record in an operator database, providing permission to said User access to credit account data, providing data allowing said user to access bank accounts, providing access to electronic wallets, providing access to said user's contacts database, providing access to said user's calendar database, providing Access to content owned by the user, provides access to ringtones, provides access to music, provides access to videos, and provides DRM access codes.

根据本发明,首次提供了一种主设备,其能够与次设备可逆地接合用于共享凭证,该主设备包括:(a)凭证模块,被配置为使该主设备能够拨打和接听电话;以及(b)与次设备的接口,该接口包括:(i)物理接口,能够物理地可逆地将主设备与次设备接合;以及(ii)导电接口,可操作地使次设备在被物理接合时能够与凭证模块通信。According to the present invention, for the first time there is provided a primary device reversibly engageable with a secondary device for sharing credentials, the primary device comprising: (a) a credential module configured to enable the primary device to make and receive calls; and (b) an interface with the secondary device, the interface comprising: (i) a physical interface capable of physically reversibly engaging the primary device with the secondary device; and (ii) a conductive interface operable to enable the secondary device to Ability to communicate with credential modules.

根据本发明,首次提供了一种次设备,其能够与主设备可逆地接合用于共享凭证,该主设备具有使该主设备能够拨打和接听电话的凭证模块,该次设备包括:(a)业务模块,被配置为由凭证模块使能;以及(b)用于主设备的接口,该接口包括(i)物理接口,能够物理地可逆地将次设备与主设备接合;以及(ii)导电接口,可操作地使次设备在次设备与主设备物理接合时能够与凭证模块通信。According to the present invention, for the first time there is provided a secondary device reversibly engageable for sharing credentials with a primary device having a credential module enabling the primary device to make and receive calls, the secondary device comprising: (a) a business module configured to be enabled by the credential module; and (b) an interface for the primary device comprising (i) a physical interface capable of physically reversibly engaging the secondary device with the primary device; and (ii) a conductive An interface operable to enable the secondary device to communicate with the credential module when the secondary device is physically engaged with the primary device.

优选地,业务模块包括从如下组中选出的至少一种业务,所述组包括使能电话、发送文本消息、提供用户身份、提供操作者数据库中的订阅记录的身份、提供允许所述用户访问信用帐户的数据、提供允许所述用户访问银行帐户的数据、提供对电子钱包的访问、提供对所述用户的联系人数据库的访问、提供对所述用户的日程表数据库的访问、提供对所述用户所拥有的内容的访问、提供对铃音的访问、提供对音乐的访问、提供对视频的访问、以及提供DRM访问码。Preferably, the service module comprises at least one service selected from the group consisting of enabling telephony, sending text messages, providing user identity, providing identity of subscription record in operator database, providing permission for said user access to credit account data, provide data allowing said user to access bank accounts, provide access to electronic wallets, provide access to said user's contact database, provide access to said user's calendar database, provide access to Access to content owned by the user, provides access to ringtones, provides access to music, provides access to videos, and provides DRM access codes.

由下面的具体描述和示例,这些和其他实施例都是显而易见的。These and other embodiments are apparent from the following detailed description and examples.

附图说明 Description of drawings

在此仅通过示例的方式,参考附图描述本发明,附图中:The invention is herein described, by way of example only, with reference to the accompanying drawings, in which:

图1是根据现有技术的典型移动设备的简化示意框图;Figure 1 is a simplified schematic block diagram of a typical mobile device according to the prior art;

图2是根据现有技术的连接到配件的典型移动设备的简化示意框图;Figure 2 is a simplified schematic block diagram of a typical mobile device connected to an accessory according to the prior art;

图3A是根据现有技术的两个典型移动设备的简化示意框图;Figure 3A is a simplified schematic block diagram of two typical mobile devices according to the prior art;

图3B是从图3的Carlsson‘282改编的两个典型移动设备的简化示意框图;Figure 3B is a simplified schematic block diagram of two typical mobile devices adapted from Carlsson '282 of Figure 3;

图4是根据本发明的优选实施例的两个移动设备的简化示意框图;Figure 4 is a simplified schematic block diagram of two mobile devices according to a preferred embodiment of the present invention;

图5A是根据本发明的优选实施例的实现图4的连接B和C的示例性替换的简化示意框图;Figure 5A is a simplified schematic block diagram of an exemplary alternative to implementing connections B and C of Figure 4 in accordance with a preferred embodiment of the present invention;

图5B是根据本发明的另一优选实施例的实现图4的连接B和C的示例性替换的简化示意框图;Figure 5B is a simplified schematic block diagram of an exemplary alternative to implementing connections B and C of Figure 4 according to another preferred embodiment of the present invention;

图5C是根据本发明的优选实施例的图5B的实施例的示例性替换的简化示意框图;Figure 5C is a simplified schematic block diagram of an exemplary alternative to the embodiment of Figure 5B in accordance with a preferred embodiment of the present invention;

图5D是根据本发明的优选实施例的图5C的实施例的示例性替换的简化示意框图;Figure 5D is a simplified schematic block diagram of an exemplary alternative to the embodiment of Figure 5C in accordance with a preferred embodiment of the present invention;

图6是根据本发明的优选实施例的凭证共享系统的操作的简化流程图。Figure 6 is a simplified flowchart of the operation of the credential sharing system in accordance with a preferred embodiment of the present invention.

具体实施方式 Detailed ways

本发明涉及用于在移动电话特别是使用SIM卡的移动电话中共享用户凭证的系统。参考下面的描述和附图,可以更好地理解根据本发明的在移动电话中共享用户凭证的原理和操作。The invention relates to a system for sharing user credentials in mobile phones, in particular mobile phones using SIM cards. The principles and operation of sharing user credentials in mobile phones according to the present invention may be better understood with reference to the following description and accompanying drawings.

现在参考附图,图4是根据本发明的优选实施例的两个移动设备的简化示意框图。第一设备200A(例如,蜂窝电话)物理地与第二设备200B接合。在此使用表述“物理接合”表示第一设备200A的本体插入到第二设备200B的本体内、或机械地连接到第二设备200B的本体,从而第一设备200A和第二设备200B暂时作为一个单一的集成单元。例如,第一设备200A可以插入到第二设备200B的插槽、或插入形成部分第二设备200B或连接到第二设备200B的支架。Referring now to the drawings, FIG. 4 is a simplified schematic block diagram of two mobile devices in accordance with a preferred embodiment of the present invention. A first device 200A (eg, a cell phone) is physically engaged with a second device 200B. The expression "physical engagement" is used herein to mean that the body of the first device 200A is inserted into the body of the second device 200B, or is mechanically connected to the body of the second device 200B, so that the first device 200A and the second device 200B temporarily act as one. single integrated unit. For example, the first device 200A may be inserted into a slot of the second device 200B, or into a stand forming part of or connected to the second device 200B.

存储在凭证模块210中的用户凭证包括,例如:特定于用户的数据(例如,用户的身份、以及在操作者数据库中的订阅记录的身份);允许用户访问信用帐户或银行帐户的数据;“电子钱包”;用户的联系人和日程表数据库;用户所拥有的内容(例如,下载的铃音、音乐、和视频);以及在数字权限管理(DRM)机制下存取数字保护的内容所需的代码。User credentials stored in credential module 210 include, for example: data specific to the user (e.g., the identity of the user, and the identity of the subscription record in the operator database); data allowing the user to access credit or bank accounts;" "e-wallets"; the user's contacts and calendar databases; content owned by the user (e.g., downloaded ring tones, music, and videos); and the content required to access digitally protected content under digital rights management (DRM) mechanisms code.

凭证模块210优选地是安全芯片(例如SIM卡),其通过防止篡改的物理结构和数字密码术来保护内容。凭证模块210使用现有的已知技术来使能设备200A的操作。通过提供身份、代码、以及操作参数来使能设备200A的操作。凭证模块210可以包括用于执行密码操作(例如,加密方案、挑战-应答程序、数字签名、以及口令产生过程)的微处理器。The credential module 210 is preferably a security chip (such as a SIM card) that protects content through a tamper-resistant physical structure and digital cryptography. Credential module 210 enables operation of device 200A using existing known techniques. Operation of device 200A is enabled by providing the identity, code, and operating parameters. Credentials module 210 may include a microprocessor for performing cryptographic operations (eg, encryption schemes, challenge-response procedures, digital signatures, and password generation processes).

凭证模块210通过设备接口220和模块接口230A可操作地连接到设备业务240A。如上所述的,设备接口220和模块接口230A包括:机械、电气、和逻辑连接。设备接口220和模块接口230A可以例如分别基于定义在ISO 7816标准下的卡和读卡器接口。第一设备200A包括用于提供设备业务240A(例如,用于使能电话、文本消息、存储以及多媒体的业务模块)的硬件和软件。至少一些设备业务240A需要访问和使用凭证模块210中的用户凭证。Credential module 210 is operatively connected to device service 240A through device interface 220 and module interface 230A. As noted above, device interface 220 and module interface 230A include mechanical, electrical, and logical connections. The device interface 220 and the module interface 230A may for example be based on card and reader interfaces respectively defined under the ISO 7816 standard. The first device 200A includes hardware and software for providing device services 240A (eg, service modules for enabling telephony, text messaging, storage, and multimedia). At least some device services 240A require access to and use of user credentials in credential module 210 .

以类似的方式,第二设备200B包括凭证模块210’、设备接口220’、模块接口230B、以及设备业务240B。设备业务240B可以类似于和/或不同于设备业务240A。例如,第二设备200B可以是高功率的不需手的汽车电话,其集成有用于基于订阅的广播的数字无线电接收机。在这样的示例中,设备业务240B包括用于蜂窝电话和数字无线电接收机的硬件和软件,蜂窝电话和数字无线电接收机都需要凭证模块210’的存在用于操作。In a similar manner, the second device 200B includes a credential module 210', a device interface 220', a module interface 230B, and a device service 240B. Device business 240B may be similar to and/or different from device business 240A. For example, the second device 200B may be a high powered hands-free car phone integrated with a digital radio receiver for subscription-based broadcasting. In such an example, device business 240B includes hardware and software for cellular telephones and digital radio receivers, both of which require the presence of credential module 210' for operation.

根据本发明的优选实施例,第一设备200A可以与第二设备200B物理地接合,使设备业务240B能够使用第一设备200A的凭证模块210。物理接合可以通过模块接口230B经由连接B到设备接口220、或经由连接C到模块接口230A的直接连接形成。这将在下面参考图5A-D更具体地描述。因此,当第一设备200A与第二设备200B物理地接合时,第二设备200B使用第一设备200A的凭证模块210来操作。According to a preferred embodiment of the present invention, the first device 200A can be physically bonded to the second device 200B, enabling the device service 240B to use the credential module 210 of the first device 200A. A physical bond may be formed by direct connection of module interface 230B to device interface 220 via connection B, or to module interface 230A via connection C. This will be described in more detail below with reference to Figures 5A-D. Thus, when the first device 200A is physically engaged with the second device 200B, the second device 200B operates using the credential module 210 of the first device 200A.

与图3A的现有技术相比,在第二设备220B使用凭证模块210时,第一设备200A优选地被关闭(即不运行)。因此,在第二设备200B和凭证模块210之间进行连接,而在第二设备220B和第一设备200A之间不进行连接。In contrast to the prior art of FIG. 3A , while the credential module 210 is being used by the second device 220B, the first device 200A is preferably turned off (ie not running). Thus, a connection is made between the second device 200B and the credential module 210, but not between the second device 220B and the first device 200A.

在相对于第一设备220A和第二设备200B所述的操作模式中,第二设备200B使用来自第一设备200A的凭证模块210的用户凭证,该相对于第一设备220A和第二设备200B所述的操作模式不必然地排除现有技术的传统模式(即,图3A的模块转移操作A)。在这样的现有技术的操作模式中,凭证模块210’从第一设备200A中移除,并插入第二设备200B中,而不是将第一设备200A连接到第二设备200B。In the mode of operation described with respect to the first device 220A and the second device 200B, the second device 200B uses user credentials from the credential module 210 of the first device 200A, which are described with respect to the first device 220A and the second device 200B. The described mode of operation does not necessarily exclude the conventional mode of the prior art (ie, module transfer operation A of FIG. 3A ). In such a prior art mode of operation, the credential module 210' is removed from the first device 200A and inserted into the second device 200B, rather than connecting the first device 200A to the second device 200B.

图5A是根据本发明的优选实施例的用于实现图4的连接B和C的示例性替换的简化示意框图。在图5A中,凭证模块210’包括夹在上接触面220C和下接触面220C’之间的芯片/本体210C。如图4所示,这样的结构使得能够通过到模块接口230A的、用于第一设备200A的操作的连接C访问凭证模块210’,或通过到模块接口230B的、用于第二设备200B的操作的连接B访问凭证模块210’。第一设备200A和第二设备200B的本体被配置为在第一设备200A与第二设备200B接合时允许接触表面220C’和模块接口230B之间的物理接触。Figure 5A is a simplified schematic block diagram of an exemplary alternative for implementing connections B and C of Figure 4 in accordance with a preferred embodiment of the present invention. In Figure 5A, credential module 210' includes a chip/body 210C sandwiched between an upper contact surface 220C and a lower contact surface 220C'. As shown in FIG. 4, such a structure enables access to the credential module 210' through a connection C to the module interface 230A for the operation of the first device 200A, or through a connection C to the module interface 230B for the operation of the second device 200B. The operating Connection B accesses the credential module 210'. The bodies of the first device 200A and the second device 200B are configured to allow physical contact between the contact surface 220C' and the module interface 230B when the first device 200A and the second device 200B are engaged.

图5B是根据本发明的另一优选实施例的用于实现图4的连接B和C的示例性替换的简化示意框图。在图5B中,凭证模块210”仅具有用于芯片/本体210C的单一接触表面220C”。接触表面220C”物理地连接到第一模块接口230A’,使得能够利用设备业务240A访问凭证模块210”。第一模块接口230A’电连接到第二模块接口230A”,其被配置为当与第一设备200A’物理接合时,与第二设备200B的模块接口230B接口连接,由此使设备业务240B能够通过接触表面220C”、第一模块接口230A’、第二模块接口230A”、和模块接口230B访问凭证模块210”。Figure 5B is a simplified schematic block diagram of an exemplary alternative for implementing connections B and C of Figure 4 according to another preferred embodiment of the present invention. In Figure 5B, the credential module 210" has only a single contact surface 220C" for the chip/body 210C. The contact surface 220C" is physically connected to the first module interface 230A' such that the credential module 210" can be accessed using the device service 240A. First module interface 230A' is electrically connected to second module interface 230A", which is configured to interface with module interface 230B of second device 200B when physically engaged with first device 200A', thereby enabling device services 240B to Credential module 210" is accessed through contact surface 220C", first module interface 230A', second module interface 230A", and module interface 230B.

图5C是根据本发明的优选实施例的图5B的示例性替换的简化示意框图。在图5C中,双面模块接口230A’”将第一设备200A”的凭证模块210”连接到设备业务240A和设备业务240B(通过与模块接口230B的接触)。Figure 5C is a simplified schematic block diagram of an exemplary alternative to Figure 5B in accordance with a preferred embodiment of the present invention. In Figure 5C, double-sided module interface 230A'" connects credential module 210" of first device 200A" to device service 240A and device service 240B (via contact with module interface 230B).

图5D是根据本发明的优选实施例的图5C的示例性替换的简化示意框图。在图5D中,模块接口230A””和模块接口230B’”在将第一设备200A’”的凭证模块210”连接到第二设备200B’”时采用非接触通信机制。由于在凭证模块210”和第二设备200B”之间交换的数据量通常非常小,并且因为第一设备200A’”和第二设备200B’”都由独立的电源自主供电,因此非接触通信机制可以使用任何已知的无线通信技术(例如,ISO 14443、NFC、蓝牙、红外以及声学接口)。Figure 5D is a simplified schematic block diagram of an exemplary alternative to Figure 5C in accordance with a preferred embodiment of the present invention. In FIG. 5D, the module interface 230A"" and the module interface 230B'" employ a contactless communication mechanism when connecting the credential module 210" of the first device 200A'" to the second device 200B'". Since the amount of data exchanged between the credential module 210" and the second device 200B" is usually very small, and because both the first device 200A'" and the second device 200B'" are autonomously powered by independent power sources, the contactless communication mechanism Any known wireless communication technology (eg, ISO 14443, NFC, Bluetooth, infrared, and acoustic interfaces) can be used.

图6是根据本发明的优选实施例的凭证共享系统的操作的简化流程图。图4的部件(以及参考标号)为了更清楚的描述而被包括在描述中。容纳凭证模块210的第一设备200A被用来访问操作所需的用户凭证(步骤400)。然后第一设备200A的操作被终止(步骤410)。然后第一设备200A与第二设备200B物理接合(例如,通过将第一设备200A插入到第二设备200B的插槽或支架中)(步骤420)。Figure 6 is a simplified flowchart of the operation of the credential sharing system in accordance with a preferred embodiment of the present invention. Components (and reference numerals) of FIG. 4 are included in the description for clarity of description. The first device 200A housing the credential module 210 is used to access user credentials required for operation (step 400). Operation of the first device 200A is then terminated (step 410). The first device 200A is then physically engaged with the second device 200B (eg, by inserting the first device 200A into a slot or holder of the second device 200B) (step 420).

如在图5A中的实施例,第一设备200A与第二设备200B的物理连接(步骤420)建立了凭证模块210和第二设备200B之间的直接接触(步骤430)。可替换地,如在图5B-D中的实施例,第一设备200A与第二设备200B的物理连接(步骤420)通过第一设备200A的模块接口230A建立了凭证模块210和第二设备200B之间的间接接触(步骤440)。步骤430和440都使第二设备200B能够与凭证模块210(驻留于第一设备200A中)通信,以接收第二设备200B的操作所需的用户凭证(步骤460)。As in the embodiment in FIG. 5A , physical connection of the first device 200A to the second device 200B (step 420 ) establishes direct contact between the credential module 210 and the second device 200B (step 430 ). Alternatively, as in the embodiment in FIGS. 5B-D , the physical connection (step 420 ) of the first device 200A to the second device 200B establishes the credential module 210 and the second device 200B through the module interface 230A of the first device 200A. Indirect contact between (step 440). Both steps 430 and 440 enable the second device 200B to communicate with the credential module 210 (residing in the first device 200A) to receive user credentials required for operation of the second device 200B (step 460).

应该注意,第二设备200B和凭证模块210之间的通信优选地通过使用标准设备/凭证模块协议来实现,并且优选地在不需要形成部分第一识别200A的任何处理器或通信功能的参与或调解的情况下获得实现。应该理解,在步骤400中由第一设备200A从凭证模块210访问的用户凭证可以与在步骤460中由第二设备200B从凭证模块210中访问的用户凭证相同或不同。在这两种情况下(即步骤400和步骤460),这些用户凭证可以响应于用户选择的特定操作(例如,拨打电话、收听数字无线电广播、以及启动电子银行交易)。It should be noted that communication between the second device 200B and the credential module 210 is preferably effected using standard device/credential module protocols, and preferably without the involvement or involvement of any processor or communication functions forming part of the first identity 200A. Achieved without mediation. It should be understood that the user credentials accessed by the first device 200A from the credential module 210 in step 400 may be the same as or different from the user credentials accessed by the second device 200B from the credential module 210 in step 460 . In both cases (ie, step 400 and step 460), these user credentials may be responsive to specific actions selected by the user (eg, making a phone call, listening to a digital radio broadcast, and initiating an electronic banking transaction).

应该理解,尽管容纳凭证模块210的第一设备200A通常是移动设备(优选地为蜂窝电话),但是,第二设备200B可以是移动或固定装置(例如,另一蜂窝电话、汽车电话机、桌面配件、以及个人计算机)。进一步强调的是,第二设备200B可以包括独立的凭证模块(即,凭证模块210’),和/或被配置为在从第一设备200A移除第一设备200A的凭证模块210后接纳该凭证模块210。It should be understood that while the first device 200A housing the credential module 210 is typically a mobile device (preferably a cell phone), the second device 200B may be a mobile or stationary device (e.g., another cell phone, car phone, desktop accessories, and personal computers). It is further emphasized that the second device 200B may include a separate credential module (i.e., credential module 210'), and/or be configured to accept the credential module 210 of the first device 200A upon removal from the first device 200A. Module 210.

尽管对有限数量的实施例进行了描述,应该理解可以进行本发明的各种改变、修改、和其他应用。While a limited number of embodiments have been described, it should be understood that various changes, modifications, and other applications of the invention may be made.

Claims (13)

1. system that is used for sharing voucher, described system comprises:
(a) main equipment comprises credentials module, and described main equipment uses described credentials module operatively to dial and receive calls; And
(b) at least one secondary device is configured to:
(i) physically engage with described main equipment, thus the interface of foundation and described credentials module; And
(ii) use described credentials module to provide professional by described interface.
2. system according to claim 1, wherein said interface conducts electricity.
3. system according to claim 1, wherein said interface is a short distance noncontact interface.
4. system according to claim 3, wherein said short distance noncontact interface uses at least a communication technology of selecting from the group that comprises ISO 14443 technology, NFC technology, Bluetooth technology, infrared technique and acoustics interfacing.
5. system according to claim 1, wherein said business comprises at least a business of selecting from following group, described group comprises enabled phone, send text message, user identity is provided, the identity of the subscription record in operator's database is provided, the data that allow described user capture house account are provided, the data that allow described user capture bank account are provided, visit to stored value card is provided, visit to described user's contact database is provided, provide described user's schedule access of database, the visit of the content that described user is had is provided, visit to the bell sound is provided, visit to music is provided, visit to video is provided, and provide DRM access code.
6. a main equipment can reversibly engage with secondary device, is used for sharing voucher, and described main equipment comprises:
(a) credentials module is configured to make described main equipment to dial and to receive calls; And
(b) to the interface of described secondary device, described interface comprises:
(i) physical interface is used for physically reversibly engaging described main equipment and described secondary device; And
(ii) conductive interface operatively makes described secondary device communicate by letter with described credentials module by physical engagement the time.
7. a secondary device that is used for sharing voucher can reversibly engage with main equipment, and described main equipment has the credentials module that makes described main equipment dial and to receive calls, and described secondary device comprises:
(a) business module is configured to be enabled by described credentials module; And
(b) be used for the interface of described main equipment, described interface comprises:
(i) physical interface is used for physically reversibly described secondary device being engaged with described main equipment; And
(ii) conductive interface operatively makes described secondary device can communicate by letter with described credentials module during with described main equipment physical engagement at described secondary device.
8. secondary device according to claim 7, wherein said business module comprises at least a business of selecting from following group, described group comprises enabled phone, send text message, user identity is provided, the identity of the subscription record in operator's database is provided, the data that allow described user capture house account are provided, the data that allow described user capture bank account are provided, visit to stored value card is provided, visit to described user's contact database is provided, provide described user's schedule access of database, the visit of the content that described user is had is provided, visit to the bell sound is provided, visit to music is provided, visit to video is provided, and provide DRM access code.
9. method of between first equipment and second equipment, sharing voucher, wherein said first equipment has credentials module, said method comprising the steps of:
(a) optionally operate described first equipment and be used for communicating by letter, thereby make it possible to dial and receive calls with described credentials module;
(b) physically with described first equipment and described second device engagement, thereby described second equipment is connected with described credentials module interface, is used to enable the business of described second equipment.
10. method according to claim 9, wherein said interface connect and comprise that joint electrically contacts.
11. connecting, method according to claim 9, wherein said interface comprise use short distance noncontact interface.
12. method according to claim 11, wherein said short distance noncontact interface uses at least a communication technology of selecting from the group that comprises ISO 14443 technology, NFC technology, Bluetooth technology, infrared technique and acoustics interfacing.
13. method according to claim 9, wherein said business comprises at least a business of selecting from following group, described group comprises enabled phone, send text message, user identity is provided, the identity of the subscription record in operator's database is provided, the data that allow described user capture house account are provided, the data that allow described user capture bank account are provided, visit to stored value card is provided, visit to described user's contact database is provided, provide described user's schedule access of database, the visit of the content that described user is had is provided, visit to the bell sound is provided, visit to music is provided, visit to video is provided, and provide DRM access code.
CNA2007800347161A 2006-08-14 2007-08-12 System and method for sharing credentials stored in a credential module of a first device Pending CN101518038A (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US82225006P 2006-08-14 2006-08-14
US60/822,250 2006-08-14
US11/768,909 2007-06-27
US11/768,910 2007-06-27

Publications (1)

Publication Number Publication Date
CN101518038A true CN101518038A (en) 2009-08-26

Family

ID=41040624

Family Applications (1)

Application Number Title Priority Date Filing Date
CNA2007800347161A Pending CN101518038A (en) 2006-08-14 2007-08-12 System and method for sharing credentials stored in a credential module of a first device

Country Status (1)

Country Link
CN (1) CN101518038A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102609635A (en) * 2010-10-14 2012-07-25 佳能株式会社 Information processing apparatus and control method
CN105474600A (en) * 2013-03-15 2016-04-06 谷歌技术控股有限责任公司 Access cloud-based services using a communication device linked to another communication device that stores the required password
WO2019137362A1 (en) * 2018-01-12 2019-07-18 阿里巴巴集团控股有限公司 Electronic certificate transmission method, apparatus and device

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102609635A (en) * 2010-10-14 2012-07-25 佳能株式会社 Information processing apparatus and control method
CN102609635B (en) * 2010-10-14 2015-01-07 佳能株式会社 Information processing apparatus and control method
US9064105B2 (en) 2010-10-14 2015-06-23 Canon Kabushiki Kaisha Information processing apparatus, control method therefor, and program
CN105474600A (en) * 2013-03-15 2016-04-06 谷歌技术控股有限责任公司 Access cloud-based services using a communication device linked to another communication device that stores the required password
US10284493B2 (en) 2013-03-15 2019-05-07 Google Technology Holdings LLC Accessing a cloud-based service using a communication device linked to another communication device via a peer-to-peer ad hoc communication link
US10623332B2 (en) 2013-03-15 2020-04-14 Google Technology Holdings LLC Accessing a cloud-based service using a communication device linked to another communication device via a peer-to-peer ad hoc communication link
CN105474600B (en) * 2013-03-15 2020-06-30 谷歌技术控股有限责任公司 Method, communication apparatus, and storage medium for accessing cloud-based service
WO2019137362A1 (en) * 2018-01-12 2019-07-18 阿里巴巴集团控股有限公司 Electronic certificate transmission method, apparatus and device

Similar Documents

Publication Publication Date Title
US7822439B2 (en) System for sharing credentials
KR100754825B1 (en) Apparatus and method for providing mobile commerce in a mobile terminal
US9231664B2 (en) Near field communication (NFC) method, apparatus, and system employing a wireless-communications capable computing device
US8750928B2 (en) Modular wireless communicator
US8180395B2 (en) Modular wireless communicator
US8782426B2 (en) Security for a personal communication device
US8832815B2 (en) Accessory based data distribution
US20060006230A1 (en) Smart card network interface device
US20120240191A1 (en) Wireless device nearfield security configuration
US8811946B2 (en) Communication apparatus providing communication by using stored identification information
US20180247299A1 (en) Watch with SIM and Web browser
CN101950453A (en) Novel mobile phone payment terminal-based payment method
US10027789B2 (en) Modular wireless communicator
WO2013162876A1 (en) Automatically adjusting country and area codes when doing a business card or telephone number exchange
CN101223798A (en) Retrospective implementation of subscriber identity module capabilities in a security module
US20080039139A1 (en) Method For Sharing Credentials
JP2010525632A (en) Integrated mass storage and subscriber identification module that provides information security based on information in the shim card
US20070160086A1 (en) VoIP phone with a receiving module for receiving data stored in a portable memory device and a VoIP module
KR20080086982A (en) Method and system for content based obligation in electronic device
CN101518038A (en) System and method for sharing credentials stored in a credential module of a first device
KR20100045870A (en) Method and apparatus for managing data using a subscriber identification module
FR2913546A1 (en) METHOD OF EXCHANGING DATA BETWEEN A CONTACTLESS COMMUNICATION TERMINAL AND A MOBILE TELEPHONY TERMINAL.
KR100806186B1 (en) How to initialize key of security domain in smart card and mobile terminal
EP1675076A1 (en) System and related kit for personal authentication and managing data in integrated networks
KR100544061B1 (en) Device and method for transmitting personal information of mobile terminal

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C02 Deemed withdrawal of patent application after publication (patent law 2001)
WD01 Invention patent application deemed withdrawn after publication

Open date: 20090826