DE10237131A1 - Push data identification method for use in a mobile communication network to ensure that MMS messages are provided with an asymmetrically encrypted signature so that an originator can be identified - Google Patents

Abstract

For data source-specific identification of push user data (PNU), which is sent in the multimedia messaging service of a communication network (CN) by a push initiator (PI) via a push proxy gateway (PPG) to at least one communication unit (UA) in the push initiator (PI) and / or in the push proxy gateway (PPG), some or all of the respective push user data (PNU) is signed using an asymmetrical cryptography process.

Description

In communication networks, in particular Radio communication systems, it can happen in practice that on the subscriber device one User messages or data in uncontrollable for the user Way downloaded from a component of the network. Self if a notification message on the subscriber device of the respective user arrives that data or messages on the network side for retrieval are kept ready, it remains too opaque for the user, who is the sender of this notification and the provider of this Data actually is. This makes wrong decisions when downloading data possible by the respective user and there is also the risk of misuse of such notification messages.

The invention is based on the object of demonstrating a way in which it can be ensured for the respective user of a subscriber device of a communication network that push data or push messages provided on the network side come from a data source which is trustworthy for the respective user. This object is achieved with the aid of the following method according to the invention:
Method for data source-specific identification of push payload data in a communication network, which is sent from at least one push initiator via at least one push proxy gateway to at least one push client without being requested to do so by using the push initiator or push Proxy gateway part or all of the push user data can be provided with at least one signature using an asymmetrical cryptography method.

Due to the data source-specific Identification of the respective push message using an asymmetrical Cryptography procedure in the push initiator and / or push proxy gateway it is largely ensured that the communication unit of the respective user selectively only such data or messages are conveyed from a trustworthy, known data source.

The invention further relates to a communication network with at least one device for data source-specific labeling of push messages the inventive method.

The invention and its developments are explained in more detail below with the aid of drawings.

Show it:

1 a schematic representation of a pull mode in the transmission of data between a server and a client,

2 a schematic representation of a push mode in the transmission of data between a server and a push client,

3 a push architecture according to WAP (Wireless Application Protocol), in which push messages are transmitted from a sending unit (= Push Initiator PI) via a push proxy gateway) to a message receiving unit (= Push Client PC),

4 the functionality of the push proxy gateway according to 3 in detail,

5 schematically in a simplified representation an MMS architecture (MMS = Multimedia Messaging Service) according to 3GPP, which is modified to carry out the method according to the invention,

6 an exemplary push message "MMS Notification" in textual coding for notifying a communication unit in a communication network of the presence of retrievable data or messages, in particular multimedia data, on the network side, and

7 . 8th different examples for the push message "MMS Notification" in textual coding 6 with a digital signature for data source-specific identification according to the invention.

Elements with the same function and mode of action are in the 1 8 with the same reference numerals.

1 illustrates schematically the transmission of data DA between a server SV and a client CL in the so-called pull mode, in which this receiving unit CL directs a request signal AF to the server SV. It is only on the basis of this request signal AF that the data or messages are pulled down or transmitted from the server SV to the receiving unit CL (English pull = pull). This pull function is in the 1 designated PLM. In contrast to this, in the so-called push mode, the data or messages DA are transmitted by the server SV without being asked, ie without a network-side request signal, to the receiving unit PC, that is to say pushed on directly or suddenly (push = push, push). This push mode is in the 2 designated PSM. In this way, the pull transactions always originate from the respective client, while the push transactions of data are always initiated by the respective server. Browsing the World Wide Web is a typical example of pull technology. There, entering a URL (URL = Uniform Resource Locator, which corresponds to the address of a memory location or a reference to it) in the browser corresponds to the request signal mentioned above. Such server / client constellations are advantageously part of common communication networks, in particular radio communication systems.

In the specifications WAP-250, Push Architectural Overview, Version 03-Ju1y-2001, WAP-247, Push Access Protocol, Version 29-April-2001 and WAP-235, Push Over The Air Protocol, version 25-April-2001 of the WAP forum (WAP = Wireless Access Protocol) define the push procedure for the transfer of data between a server and a client , which is located on a mobile terminal, in particular a radio communication device. In the terminology of the WAP forum, the respective server, ie generally considered the network component that provides the user data to be transmitted and possibly additional control commands (for example on the type of delivery of the user data in push mode), is referred to as a so-called push initiator. It sends the user data (possibly including the additional control commands) to at least one push proxy gateway, which adapts the user data sent by it to the different protocols of the deeper protocol layers of the respective receiving communication unit. In other words, this means that such a gateway assumes an interface function for the transmission connection between the respective server and its associated receiving units receiving push messages. Furthermore, such a push proxy gateway also evaluates any existing control commands for the delivery of the user data in push mode and controls the correct execution of the user data transmission between the push proxy gateway and the respectively assigned push client, ie the respective receiving unit of the push messages or push data sent. This push functionality of a push proxy gateway can expediently be integrated into a conventional, "normal" WAP gateway. Alternatively, however, it is also possible to provide two separate functional units, namely WAP gateway and push proxy gateway, with a clear division of tasks in the respective communication network.

3 illustrates a schematic representation of a push architecture in WAP for distributing push messages in a radio communication network. A push initiator PI sends push messages PNA, which in addition to push user data PNU contain control information, via at least one transmission path UP1 to an assigned push proxy gateway PPG, which transmits the further delivery of the push user data PNU in push mode executes and monitors at least one transmission path UP2 to a push client PC. A large number of push clients can be connected to the push proxy gateway PPG. These are in the drawing for the sake of simplicity 3 been left out. The so-called WAP PAP protocol (PAP = Push Access Protocol) is used between the push initiator PI and the push proxy gateway PPG when transmitting the push messages PNA. It is based on known standard Internet protocols such as HTTP (HTTP = Hypertext Transfer Protocol). Detailed information on the WAP PAP protocol is given in particular in the specification WAP-247, Push Access Protocol, version 29-April-2001. Details of the HTTP protocol can be found, for example, in the specification RFC 2616, Hypertext Transfer Protocol - HTTP / 1.1; June 1999. Any additional control commands associated with the push messages are preferably expressed in XML syntax (XML = Extensible Markup Language). The push proxy gateway PPG transmits the push user data PNU, taking into account these control commands from the push initiator PI, to the communication unit or the client PC in the subscriber device of the respective recipient. In particular, the WAP-Push OTA protocol (OTA = Over The Air) is used between the push proxy gateway PPG and the push client PC. Further details are given in the specification WAP-235, Push Over The Air Protocol, version 25-April-2001.

In the 3 the interface in the transmission connection UP1 between the push initiator PI and the push proxy gateway PPG, which is based on the WAP PAP protocol, is designated SB. The interface for the transmission of the push user data PNU between the push proxy gateway PPG and the push client PC with the aid of the push OTA protocol OTAP is in the 3 indicated by the reference symbol SA. In a radio communication network such as, for example, according to the UMTS standard, the interface SA in particular also comprises at least one air interface between a base station sending push user data and one or more radio communication devices in their radio cell.

4 illustrates schematically how push user data PNU through a WAP gateway WRPG with integrated push proxy gateway functionality to the lower protocol layers of the two interfaces SA and SB from 3 , namely in detail to the WAP OTA protocol OTAP for the interface SA and the WAP push access protocol PAP for the interface SB, for format adaptation. In the 4 the push initiator PI is provided as the sending communication unit of the server SV. As the receiving communication unit, the push client PC is preferably part of a radio communication device, in particular a mobile terminal device UE, such as a mobile radio telephone. The push initiator PI of the server SV makes the push messages PNA to be sent conform to the WAP PAP protocol PAP by transferring them to its lower transmission protocol layers LLB. The push messages PNA modified in this way via the interface SB are evaluated by the lower layers LLB of the WAP-PAP protocol in the WAP gateway WAPG and, with the help of the gateway WRPG, to the lower layers LLA of the WAP-OTA protocol OTAP Format adapted. In this way, the push client PC in the user equipment UE can With the help of the lower protocol layers LLA and its WAP-OTA protocol OTAP, the received push user data PNU can be correctly received and evaluated.

For next generation mobile radio systems (e.g. 2.5G and 3G), such as UMTS (UMTS = Universal Mobile Telecommunications System), a multimedia-capable variant of a mobile messaging service is currently being standardized, the so-called MMS service (MMS = Multimedia Messaging Service). Details of this are detailed in the specifications 3GPP T5 22.140 version 5.2.0, Release 5; Third Generation Partnership Project; Technical Specification Group Services and System Aspects; Multimedia messaging service (MMS); Service aspects; Stage 1 , as well as in 3GPP TS 23.140 version 5.3.0, release 5 ; Third Generation Partnership Project; Technical Specification Group Terminals; Multimedia messaging service (MMS); Functional description; Stage 2 played. Messages with multimedia content are only briefly called MMs (MM = Multimedia Message; MMs = Multimedia Messages (plural)) in the following to better differentiate them from the text messages of the SMS (Short Message Service). In contrast to SMS (SMS = Short Message Service), there is no restriction to pure text content. Explicit information about the SMS can be found in the specification 3GPP TS 23.040 version 5.2.0, release 5 ; Third Generation Partnership Project; Technical Specification Group Terminals; Technical Realization of the Short Message Service (SMS) made. In contrast to SMS, with MMS it is advantageously possible to format texts according to the individual taste of the respective user and to embed audio and video content in a message. A multimedia message (MM) can therefore be composed of several multimedia elements of different file types (e.g. audio or still picture) and / or file formats (for still picture e.g. GIF or JPEG).

In 5 the simplified network architecture according to 3GPP for the multimedia messaging service is shown schematically. It includes, for example, two multimedia messaging service relays / servers RSA, RSB of two different multimedia messaging service providers SPA, SPB. The MMS relay / server RSA transmits push user data PNU to the communication units of a large number of subscriber devices, in particular radio communication devices, of the communication network CN, the other components of which in the 5 have been omitted for the sake of clarity. In the 5 for the sake of simplicity of the drawing, only a single subscriber device UA of this group of subscriber devices is shown, which is coupled to the relay / server RSA via an interface MM1. Correspondingly, one or more subscriber devices UB, in particular radio communication devices, are assigned to the second MMS relay / server RSB of the second provider or service provider SPB with the aid of the interface MM1. The two relay / servers RSA, RSB can communicate via a further interface MM4, using the so-called SMTP (Simple Mail Transfer Protocol) in particular in UMTS. A communication unit in the form of a so-called MMS user agent is implemented in the respective subscriber device, such as UA, which is to receive and evaluate the push user data PNU from the MMS relay / server RSA. MMS user agent is understood to be a sequence procedure that implements the multimedia messaging service. This MMS user agent can preferably be provided on a radio communication device, in particular a mobile device, or on an additional device connected to a mobile device, such as a laptop or the like. An MMS relay / server such as RSA is a network element that provides the MMS functionality to the MMS user agents present in the area of responsibility MMSE (MMSE = Multimedia Messaging Service Environment) of the MMS provider such as SPA.

In the multimedia messaging service, the communication unit or the push client of the respective subscriber device receiving the push user data PNU, such as UA in 5 first informed of the arrival of a new multimedia message on the MMS relay / server by the assigned MMS relay / server, such as RSA, by means of a so-called "MMS notification" or request message, which is then kept ready for download. Such an "MMS notification" message contains a reference to the storage space of the multimedia message in the area of responsibility of the respective MMS provider, such as SPA, preferably in the form of a URI (URI = Uniform Resource Identifier). With the help of this reference, the multimedia message can then either immediately in the form of a so-called "immediate retrieval" or delayed in the form of a so-called "deferred retrieval" on the terminal, such as UA in 5 can be downloaded. An "MMS Notification" message can contain a lot of additional information (such as sender, subject, etc.) for a multimedia message, which the MMS user agent of the respective recipient can use as a decision-making aid for the download. The interface MM1 between the MMS Relay / Server RSA and the MMS User Agent of the subscriber device UA in 5 is particularly supported by the WAP specifications WAP-205-MMS Architecture Overview; WAP Multimedia Messaging Service (MMS) Specification Suite 2.0, WAP-206-MMS Client Transaction; WAP Multimedia Messaging Service (MMS) Specification Suite 2.0, WAP-209-MMS Encapsulation; WAP Multimedia Messaging Service (MMS) Specification Suite 2.0 defined in more detail.

For MMS subscribers with mobile devices The "MMS notifications" are sent to the respective recipient in push mode according to the WAP push protocol (cf. specifications WAP-250, Push Architectural Overview, Version 03-July-2001, WAP-247, Push Access Protocol, Version 29- Rpril-2001, WAP-235, Push Over The Air Protocol, Version 25-April-2001), ie first of all the user data to be transmitted of a notification message "MMS Notification" are preferably wired to the respective MMS Relay / Server as a push initiator Transfer push proxy gateway PPG. This in turn decides, taking into account any requirements of the MMS relay / server in the form of the control commands mentioned above, about the type of further delivery of the notification message "MMS Notification" via the air interface to the push client on the mobile terminal, such as UA in 5 , The interface MM1 in 5 In accordance with the 3GPP MMS architecture, the two interfaces SA and SB for the push functionality correspond to the push architectures of the 3 . 4 ,

An easy way to get the dates of each Notification message "MMS Notification" about the presence of push messages to the to transmit affected receiving subscriber devices consists of that the to be transmitted Data of the "MMS Notification" notification message in a short message or several short messages from the Short Messaging Service (SMS) the terminal of the respective recipient be sent. In other words, at least one short Message is used as a transport container for the delivery of an "MMS Notification "used. A according to WAP-209-MMS encapsulation; WAP multimedia messaging Service (MMS) Specification Suite 2.0 formatted "MMS Notification" notification message in the case of MMS as carrier for the Push functionality with UDH (User Data Headers) - and WSP (Wireless Session Protocol) - Provide header fields and into the 140-byte transport container of the SMS (Skort Message Service) written. A short message (SM) is a total of 160 bytes long, but has a header itself of 20 bytes, so that only 140 bytes per short message as "payload", i.e. Hold for those to be transmitted in push mode Data left stay.

Without security measures would be the Risk of possible abuse. Because the respective recipient of one received and correctly formatted "MMS Notification" message via SMS cannot recognize whether the received data is actually a notification from his MMS provider about a new arrival and multimedia message available for download. The Data received via SMS could but also just be a correctly formatted record, with which is to be simulated with an "MMS Notification" message, and which is actually from another sender (push initiator) than the MMS relay / server actually expected. That other Sender could the URI (i.e. the reference to a storage location, which is actually for the Download of the multimedia message is provided) in a fake Use "MMS Notification" notification message to start the download of unwanted Content such as Advertising on the mobile device of the respective communication network participant initiate. This so-called "spamming" is particularly the case of "immediate retrieval" in the Multimedia Messaging Service (MMS) for the annoying each recipient, because its terminal in this mode automatically the reference in the "MMS Notification" notification message dissolves and the download process to download the multimedia message from the assigned MMS relay / server independent, i.e. initiates without user query.

In order now for the respective user of a subscriber device Communication network ensure that network-provided Data or messages come from a data source that is trustworthy for the respective user, is a data source-specific identification of push user data made that this push payload in Multimedia messaging relay / server or in the push proxy gateway partly or completely with Using an asymmetric cryptography procedure with at least be provided with a signature. This way everyone will Sending a push message, the push user data with a unique Provide an identifier that authenticates the sending relay / server allowed. "MMS Notification" notification messages on the content provided by other providers can already in advance in the respective MMS user agent can be recognized and ignored, resulting in a filtering out or sorting out undesirable Data corresponds. A download of unwanted content from the respective Server is largely avoided.

In other words, that the review of the Send a push message by verifying a digital one Signature is made. In addition, the multimedia messaging signs -Relay / Server and / or the downstream push proxy gateway with a private cryptographic key

• a) part of the push user data (for MMS e.g. the reference to the storage space where the data of the push payload are stored) of the respectively sent or to be sent Push message, or
• b) the entire set of push user data (for MMS, for example, the complete "MMS Notification" message) of the respectively sent or the push message to be sent.

The signature generated, in particular in the form of a so-called hash value, is used by the relay / server and / or the push proxy gate way to the end device of the respective recipient in push mode

• a) either (e.g. in a new header field) transmitted within the push user data (e.g. within an "MMS Notification" notification message), or
• b) additionally to the signed "push user data" in a new UDH or WSP header to the end device of the respective recipient transmitted in push mode.

Even then, the public, cryptographic becomes in the terminal key of the asymmetrical cryptography procedure of the MMS provider used to verify the signature supplied in or with the push user data. In this way, a receiver can be checked in the telecommunications terminal whether the data received in push mode is actually from his own MMS provider originate, i.e. the terminal now has practically a reliable one Origin filter functionality. Thus, especially for the case of the "immediate retrieval" of the respective subscriber device, in particular Radio communication device, prevents unwanted Content automatically using untrustworthy URLs (i.e. without asking the user) can be loaded onto the respective end device.

For the reliable check of Push-user data, especially for checking "MMS Notification" messages arriving in push mode, the mechanisms of asymmetric cryptography in Multimedia messaging relay / server and / or push proxy gateway used, to be transmitted in push mode Sign some or all of the user data. The signature of the respective push user data / push message is optionally in the push initiator of the multimedia messaging relay / server or in its assigned Push proxy gateway with a private key from the service provider or network operator, while verification of the signature in the respective telecommunication terminal with the matching public key of the service provider or network operator. This public key can either in an internal memory area of the respective terminal or be stored in an external storage unit that is connected to the end device via cable or can be connected wirelessly.

In an advantageous manner saving the public cryptographic key an intelligent memory card, especially a so-called Smartcard such as a SIM card (SIM = Subscriber Identity Module) or a UICC (UICC = Universal Integrated Circuit Card) with (U) SIM ((UMTS) subscriber identity module) as an external storage unit make that inserted or inserted into the mobile device becomes. There are storage areas on these cards that exclusively can be described or updated by the network operator, and those for the user also has write and read rights. The former Storage areas that are exclusive reserved for the respective network operator are particularly suitable good for saving and subsequent Over-the-air (OTA) updating of public cryptographic Keys. For example, the service provider or network operator this way the key length in easier Way increase to meet new security requirements. According to one expedient design variant an existing application on the SIM card, e.g. the SAT application (SAT = SIM Application Tool Kit) or on the UICC with (U) SIM card such as. CAT (Card Application Tool Kit) or (U) SAT application ((U) SAT = UMTS SIM Application Tool Kit) for verification of the signature who uses push user data.

6 shows an example of an "MMS notification" message in textual coding in the MMS. In the associated binary coding according to WAP-209-MMS encapsulation; WAP Multimedia Messaging Service (MMS) Specification Suite 2.0 gives you a data block of about 100 bytes. If this "MMS notification" message is sent as a push user data via SMS to a recipient, this data block is preceded by a few WSP and UDH header fields with a total length of approximately 35 bytes. The total amount of data to be transferred thus adds up to about 135 bytes in this example, which would not be too much payload for a single short message. For larger amounts of data, in particular of more than 140 bytes, it is advisable to use several short messages in accordance with the specification 3GPP TS 23.040 version 5.2.0, release 5 ; Third Generation Partnership Project; Technical Specification Group Terminals; Technical realization of the Short Message Service (SMS) for transmission of the "MMS Notification" notification message chained together.

The data source-specific identification of the "MMS Notification" notification message in the MMS downloadable Ready-to-collect push messages from the MMS Relay / Server to or several addressed communication units sent from subscriber devices can, expediently in the following four different ways be made:

Example 1:

Only part of the "MMS Notification" notification message is signed using the asymmetric cryptography method. In particular, the reference line to the URI (URI = Uniform Resource Identifier), which designates the link to the storage space with the multimedia message ready, is provided with a signature. The signature preferably follows in the push initiator of the the MMS re-lay / server that holds multimedia messages (MMs = multimedia messages) ready for retrieval by a large number of assigned MMS user agents in subscriber devices of the communication network. The signature is appended to the URI reference as an extension. This is exemplified by the MMS notification message MN1 * from 7 , which has been modified compared to the MMS notification message MN1 in such a way that now in the X-MMS content location line after the URL entry "http://siemens.de/sal/mms-id" a signature in Form of a hash value HW has been added.

So would like an MMS provider such as SPA from 5 in the 6 transmit the "MMS Notification" notification message shown to one of his customers, he signs the entry for security reasons, ie the field value of the header field "X-MMS-Content-Location" http://siemens.de/sal/mms-id with his private cryptographic key. The result of this signature is, for example, a hash value HW which is added as an addition or extension to the previous field value (ie the actual URL) of the header field X-MMS-Content-Location at the end. In the respective receiving terminal, this hash value HW is then first separated from the remaining field value (ie from the actual URI) of the X-MMS content location header field. The signature HW is then verified in the terminal itself using the public cryptographic key of the MMS provider. For this purpose, the public cryptographic key of the MMS provider can be read in, for example, from an external storage unit.

Example 2:

In this exemplary embodiment too, only part of the push useful data is provided with a signature. In particular, only the URL of the respective push message is encoded with a private key in the MMS relay / server. However, in contrast to exemplary embodiment 1, a separate header field for the original MMS notification message MN1, such as MN1 from 6 added. Such an MMS notification message MN1, which additionally has its own field or control line for the signature, such as HW, is in the 8th shown in textual coding and labeled MN1 **. It originates from the original MMS notification message MN1 6 characterized in that a digital signature in the form of a hash value has been added to the MMS Relay / Server in a separate control line X-MMS-Signature. Analogously to the procedure described in exemplary embodiment 1, the signing of the field value of the header field X-MMS-Content-Location generates a hash value HW. However, this is now not appended to the field value of the header value X-MMS-Content-Location, but is instead integrated into the MMS notification notification message in a header field X-MMS-Signature that has been specially defined for this purpose. For the MMS notification message MN1 ** from 8th the header field with the signature is added at the end of the message. However, it can also be expedient to include this header field with the signature elsewhere in the textual coding of the MMS notification message MN1 from 6 insert.

Example 3:

It can also be useful the complete push user data with a signature of an asymmetric cryptography process to provide. Was the push user data an "MMS notification" notification message in the MMS, so the entire "MMS Notification" notification message with the private key of an asymmetrical cryptography process. Here, too, the signature is expediently carried out in the respective MMS Relay / Server. For encryption of the entire push user data, it is advisable to use at least one for the signature To provide a header field that precedes the signed push user data becomes. The push payload itself remains unchanged. Become the respective push useful data in particular by means of an "MMS notification" notification message a hash value is formed as in the first exemplary embodiment HW generated. However, this is now not based on the field value of the X-MMS content location header as in the embodiment 1 attached, and also not in a header field within the push message as in embodiment 2 transported, but in one of the UDH or WSP header fields, the actual push user data, as explained above, prefixed. If necessary, it can also be useful to define extra new UDH or WSP header fields.

Example 4:

Furthermore, it may be expedient to send the respective push message together with control commands from the push initiator of the respective MMS relay / server by means of the WAP PAP to the assigned push proxy gateway for the signature there, ie the signature of the respective push User data only takes place in the push proxy gateway. The push user data itself remain on the interface side of the PAP, ie in the area of the interface SB in accordance with the architecture of the 3 . 4 unchanged. The respective push user data are therefore only signed by the respective push proxy gateway and not by the MMS relay / server sending the push message. For this purpose, additional control commands are expediently provided for the control entity, which is an XML-coded data record which contains the actual push user data are prefixed in the WAP PAP.

In contrast, the signing process with the aid of an asymmetrical cryptography process in the respective MMS relay / server, for example in accordance with the exemplary embodiments 1 with 3 the advantage that there is usually more computing power available than in a gateway and also that via the two interfaces SA, SB from 4 transported push user data can be identified without gaps in terms of data sources. As a result, security gaps are better avoided compared to embodiment 4. This is because the push user data sent via both interfaces SA, SB are provided with a private key of an asymmetrical cryptography method for both interfaces, ie the signature remains unchanged.

Possibly. it can also be useful both in the respective MMS relay / server and asymmetrical cryptography encryption in the respective downstream gateway of push user data.

Due to the data source-specific according to the invention Identification of push user data using an asymmetrical Cryptography method is thus achieved that only authenticated push user data in the subscriber device to be processed while Filtered and discarded push user data from unauthorized senders become. Since only for authenticated push user data in push mode e.g. in the case of one Radio communication network a WSP (Wireless Session Protocol) or HTTP connection (HTTP = Hypertext Transfer Protocol) is an undesirable (Automatic) request for content by unidentifiable Come from third parties, effectively prevented. The respective recipient of Push user data can thus always be certain that only push user data from a trustworthy one Data source can be used to request the content.

Compared to the method according to the invention would be special following transmission option disadvantageous of user data in push mode: would an existing WSP or HTTP connection (WSP - Wireless Session Protocol) according to the specification WAP-230-WSP Wireless Session Protocol Specification, approved version 5-July-2001, (HTTP = Hypertext Transfer Protocol, RFC 2616 "Hypertext Transfer Protocol- HTTP / 1.1"; june 1999) between the respective telecommunications terminal and the assigned MMS relay / server for the transmission of data in the push module would be used first the push proxy gateway initiate the establishment of a WSP or HTTP session by the telecommunications terminal. This would through transmission an SIR (SIR session initiation request) from the push proxy gateway be carried out to the push client on the receiving device again by means of SMS. After receiving the SIR could the push client then uses a WSP or HTTP connection between the telecommunication terminal and the push initiator build up. The WSP and HTTP connections would be somewhat reliable Allow authentication of the push initiator, but would have in particular the disadvantage that for each transmission of user data in the Push mode (for example in the form of an MMS notification) specifically one WSP or HTTP connection would have to be established. This is particularly so in the case of roaming, this usually entails high additional costs for the recipient and therefore generally not acceptable in practice.

The method according to the invention for data-specific In contrast, labeling of push useful data advantageously enables Way that without SIR and subsequent WSP or HTTP connection establishment the respective "MMS notification" notification message in at least one short message together with the signature, in particular the hash value, the asymmetrical cryptography process can be.

Claims (6)

Process for data source specific labeling of Push user data (PNU) in a communication network (CN), the outgoing by at least one push initiator (PI) via at least one push proxy gateway (PPG) to at least one push client (PC) without its previous one Can be sent by push initiator (PI) or in the push proxy gateway (PPG) part or all of the push user data (PNU) using an asymmetric cryptography procedure with at least be provided with a signature (HW). A method according to claim 1, characterized in that the Signature (HW) transmitted within the push user data (PNU) becomes. A method according to claim 1, characterized in that the Signature (HW) additionally transmitted to the push user data (PNU) in at least one separate header field is placed in front of and / or subordinate to the push user data (PNU) becomes. Method according to one of the preceding claims, characterized characterized in that the push user data (PNU) by an "MMS Notification" message (MN1) (MMS = Multimedia Messaging Service) are formed by which is displayed to the communication unit (UA) that a multimedia message is ready for collection on the network side. Method according to one of the preceding claims, characterized in that the communication unit (UA) to which the respective Push user data (PNU) are sent by the respectively assigned push initiator (PI), is used in a subscriber device of a radio communication network. Communication network (CN) with at least one device for data source-specific labeling of push user data (PNU) one of the preceding claims.