[go: up one dir, main page]

WO2002028030A2 - Connection between a terminal and a mobile part - Google Patents

Connection between a terminal and a mobile part Download PDF

Info

Publication number
WO2002028030A2
WO2002028030A2 PCT/DE2001/003459 DE0103459W WO0228030A2 WO 2002028030 A2 WO2002028030 A2 WO 2002028030A2 DE 0103459 W DE0103459 W DE 0103459W WO 0228030 A2 WO0228030 A2 WO 0228030A2
Authority
WO
WIPO (PCT)
Prior art keywords
terminal
connection
control unit
identification signal
search query
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/DE2001/003459
Other languages
German (de)
French (fr)
Other versions
WO2002028030A3 (en
Inventor
Albert Honecker
Roland MÄSING
Gerhard Siemens
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Siemens AG
Siemens Corp
Original Assignee
Siemens AG
Siemens Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Siemens AG, Siemens Corp filed Critical Siemens AG
Publication of WO2002028030A2 publication Critical patent/WO2002028030A2/en
Anticipated expiration legal-status Critical
Publication of WO2002028030A3 publication Critical patent/WO2002028030A3/en
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/327Short range or proximity payments by means of M-devices
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F19/00Complete banking systems; Coded card-freed arrangements adapted for dispensing or receiving monies or the like and posting such transactions to existing accounts, e.g. automatic teller machines
    • G07F19/20Automatic teller machines [ATMs]
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F19/00Complete banking systems; Coded card-freed arrangements adapted for dispensing or receiving monies or the like and posting such transactions to existing accounts, e.g. automatic teller machines
    • G07F19/20Automatic teller machines [ATMs]
    • G07F19/201Accessories of ATMs
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0492Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload by using a location-limited connection, e.g. near-field communication or limited proximity of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/04Protocols specially adapted for terminals or networks with limited capabilities; specially adapted for terminal portability
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/51Discovery or management thereof, e.g. service location protocol [SLP] or web services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/50Secure pairing of devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/30Definitions, standards or architectural aspects of layered protocol stacks
    • H04L69/32Architecture of open systems interconnection [OSI] 7-layer type protocol stacks, e.g. the interfaces between the data link level and the physical level
    • H04L69/322Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions
    • H04L69/329Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions in the application layer [OSI layer 7]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M1/00Substation equipment, e.g. for use by subscribers
    • H04M1/72Mobile telephones; Cordless telephones, i.e. devices for establishing wireless links to base stations without route selection
    • H04M1/724User interfaces specially adapted for cordless or mobile telephones
    • H04M1/72403User interfaces specially adapted for cordless or mobile telephones with means for local support of applications that increase the functionality
    • H04M1/72409User interfaces specially adapted for cordless or mobile telephones with means for local support of applications that increase the functionality by interfacing with external accessories
    • H04M1/72412User interfaces specially adapted for cordless or mobile telephones with means for local support of applications that increase the functionality by interfacing with external accessories using two-way short-range wireless interfaces
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/80Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/10Connection setup
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/26Network addressing or numbering for mobility support
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/02Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
    • H04W84/10Small scale networks; Flat hierarchical networks

Definitions

  • the invention relates to the establishment of a near field connection between a control unit and a terminal, in particular a self-service terminal of a bank, savings bank or the like according to the preamble of claim 1 and claim 8.
  • a final identification signal called the link key in the Bluetooth standard, is calculated for the closed connection and the data transmission encrypted therein.
  • Such a method is complex and requires the user to enter a read PIN, what takes a lot of time and the risk of incorrect entries.
  • the user To establish the connection, the user must also first make a selection from all devices that can be reached in the near field, called BT devices in the Bluetooth standard. If, for example, a counter hall is full of people, the respective operating parts, such as cell phones, of these people as well as the terminals are displayed to the respective user. This is the
  • the invention is based on the problem of making the connection establishment safer, simpler and faster for the user.
  • the user no longer has to display all devices in his vicinity that are ready to receive, but instead selects, for example, only the class of networked devices (WEB class or WAP class), which would display the networked terminals, but not the cell phones of the bystanders.
  • WEB class or WAP class the class of networked devices
  • the customer would then only be shown three ATMs, for example, between which he could then choose.
  • each device has a fixed identification (similar to a car identification).
  • This identification includes a unique device address and a classification in a device class.
  • Bluetooth differentiates between different device classes, such as B. audio devices, telephony devices, information (WEB, WAP) devices etc.
  • the selection is only possible within the machine if desired, without networked computers of any other type being displayed, as in the WEB class, for example. This reduces the number of devices displayed under the desired selection, thus further accelerating the selection.
  • an identification signal for the establishment of a closed connection is permanently assigned when the first connection is established, the user does not need to enter a PIN or the like again to establish a connection later, but instead is authorized via its identification signal, called the link key in the Bluetooth standard.
  • the link key that was assigned for the first connection establishment must be available both in the control panel and in the machine.
  • the control panel it is usually stored and made available in the machine via a network.
  • connection establishment it is advantageously possible to classify a later connection establishment as the first connection establishment, in order to be able to use an automated teller machine even after a defect in the cell phone or other telecommunication device.
  • FIG. 2 shows a flow chart of the method according to the invention for establishing a connection.
  • the arrangement 1 shows a network of three terminals 2, 3, 4 and a server 5.
  • a user (not shown) carries a telecommunication device 6 with him, for example a cell phone, via radio contact 7, 8, 9, 10 in optionally connect to one of the terminals 2, 3, 4 and the server 5.
  • the terminals 2, 3, 4 are designed, for example, as ATMs or also as vending machines or other service terminals and can be arranged, for example, in bank premises. In many cases, there will only be one terminal 2, 3, 4 in the close range (radius around 10 m to 20 m), but often several terminals 2, 3, 4 are also available for establishing a radio connection 7, 8, 9, 10 stand.
  • a near-field standard whose range does not exceed the above-mentioned radius is preferably used as the radio standard.
  • the Bluetooth standard is recommended here, which provides for a numbering of each device participating in the standard and an identification made possible via it.
  • Other standards are also possible.
  • connection 7, 8, 9 between the control unit 6 and one of the terminals 2, 3, 4 or the server 5 as a secure, closed connection.
  • no third party can intervene in this connection 7, 8, 9, 10. This avoids the so-called "man in the middle” problem.
  • a prerequisite for such a connection is “unity” between the respective terminal 2, 3, 4 or the server 5 as a distributor between the terminals 2, 3, 4 on the one hand and the telecommunication device 6 on the other.
  • a device class with which a connection is desired for example the “WEB” class or the class
  • WAP the search for devices of this class started.
  • all devices 2, 3, 4, 5 of this device class that are within range - here the networked devices, i.e. not the cell phones of other customers - are transmitted to the control unit 6 and the display 11 shows the Users displayed.
  • the name, symbol, color or similar identification (“user-friendly na e ') is transmitted to the display 11 of the control unit 6, which facilitates the assignment to the device to be selected in each case.
  • the user makes the selection from the devices displayed (machine interface: MMI) or that the server 5 automatically assigns a free terminal 2, 3, 4 to the user.
  • the fourth step is automated, namely the request of the control unit 6 (Service discovery protocol: SDP) for the WAP capability of the assigned or selected terminals 2, 3, 4 and for the selection of a channel for the data transmission.
  • SDP Service discovery protocol
  • a query is then carried out automatically in the fifth step as to whether this is the first connection establishment with the operating part 6 present here on the one hand and the specified terminal 2 or the network from the server 5 and the terminals 2, 3, 4 or the network of all machines that are networked with this server 5 are, for example devices from other branches.
  • a number signal is developed between the terminal and the control unit in such a way that the terminal 2 or the network generates a random number and then sends it to the control unit 6.
  • This then prompts the user to enter a PIN.
  • This PIN appears on the display 12 of the terminal 2 and is then to be entered by the user via the keyboard of the control unit, which then sends the PIN to the terminal 2.
  • the terminal 2 and the control unit 6 are then both assigned a so-called key, with the aid of which an intermediate result is calculated independently of the terminal and control unit and compared with one another. If the intermediate result matches, a final identification signal, called the link key in the Bluetooth standard, is calculated for the closed connection and the data transmission encrypted therein. This link key does not need to be registered by the user because it is saved automatically in the control panel.
  • the secure connection is established and the actual data transfer, such as the request for cash payment by entering the EC PIN number, can begin.
  • the link key is stored in the control unit 6, for example on the SIM card, when the first connection is established with the terminal 2 or with the network in which it is integrated, so that the cumbersome procedure after the assignment of a link key for each subsequent connection establishment can be omitted and the secure connection can start directly with the individually encrypted data transmission. If the answer to the first connection is answered in the negative, you can proceed automatically to a security query in which the user is given the opportunity to determine a new identifier despite the link key having been received and stored in the device, for example if the control panel is in Is repair or for other reasons.
  • Transmitters and receivers installed in motor vehicles, for example to enable a drive in banking.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Computing Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Finance (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Strategic Management (AREA)
  • Medical Informatics (AREA)
  • General Business, Economics & Management (AREA)
  • General Health & Medical Sciences (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Small-Scale Networks (AREA)

Abstract

The invention relates to a method for setting up a near field connection between an operating device and a terminal, especially a self-service terminal of a bank, savings bank or the like, whereby the operating device for accepting a connection, carries out a search inquiry for appropriate communications partners. The inventive method is characterized in that the search inquiry can be limited to a class of devices. Alternatively or additionally, while securing the connection as to prevent a third part from entering by means of an identification signal, which is exchanged between the terminal and the operating device, said identification signal is allocated to the operating device during a first near field connection between a terminal and said operating device, and the identification signal is permanently available for additional secured near field connections.

Description

Beschreibungdescription

Verbindung zwischen einem Terminal und einem MobilteilConnection between a terminal and a handset

Die Erfindung betrifft den Aufbau einer Nahfeldverbindung zwischen einem Bedienteil und einem Terminal, insbesondere einem Selbstbedienungsterminal einer Bank, Sparkasse oder dergleichen nach dem Oberbegriff des Anspruchs 1 sowie des Anspruchs 8.The invention relates to the establishment of a near field connection between a control unit and a terminal, in particular a self-service terminal of a bank, savings bank or the like according to the preamble of claim 1 and claim 8.

Es ist bekannt, eine derartige Nahfeldverbindung als gesicherte Verbindung aufzubauen, d. h., daß damit während der Datenübertragung zwischen dem Bedienteil und dem Terminal das Einloggen eines Dritten in diese Verbindung („man in the middle attac ") verhindert wird. Hierzu wird beispielsweise bei jedem Verbindungsaufbau zwischen dem Terminal und dem Bedienteil ein Nummernsignal derart entwickelt, daß jedes Termi- nal eine Zufallszahl generiert und dann an das Bedienteil, das einen Verbindungswunsch signalisiert hatte, versendet. Daraufhin gibt dieses an den Benutzer die Aufforderung, eine PIN einzugeben. Diese PIN erscheint auf einem Display des Terminals und ist dann über die Tastatur des Bedienteils vom Benutzer einzugeben. Aus dieser PIN und der zuvor versendeten Zufallszahl errechnen das Terminal und das Bedienteil mittels eines in Bluetooth definierten unumkehrbaren Algorithmus' ein Zwischenergebnis, das vom Bedienteil an das Terminal zurückgeschickt wird. Sofern dasIt is known to set up such a near field connection as a secure connection, i. This prevents a third party from logging into this connection ("man in the middle attac") during data transmission between the control unit and the terminal. For this purpose, for example, each time a connection is established between the terminal and the control unit, a number signal is developed in such a way that that each terminal generates a random number and then sends it to the control unit that signaled a connection request, which then prompts the user to enter a PIN. This PIN appears on a display of the terminal and is then on the keyboard of the From this PIN and the previously sent random number, the terminal and the control unit use an irreversible algorithm defined in Bluetooth to calculate an intermediate result that is sent back to the terminal by the control unit

Zwischenergebnis übereinstimmt, wird daraus eine endgültiges Identifizierungssignal, im Bluetooth- Standard Link key genannt, für die geschlossene Verbindung und die darin verschlüsselte Datenübertragung berechnet.If the intermediate result matches, a final identification signal, called the link key in the Bluetooth standard, is calculated for the closed connection and the data transmission encrypted therein.

Ein derartiges Verfahren ist aufwendig und erfordert vom Benutzer die Eingabe einer abgelesenen PIN, was einen Zeitaufwand und die Gefahr von Fehleingaben mit sich bringt.Such a method is complex and requires the user to enter a read PIN, what takes a lot of time and the risk of incorrect entries.

Zum Aufbau der Verbindung muß der Benutzer zudem zu- nächst unter allen im Nahfeldbereich erreichbaren Geräten, im Bluetooth-Standard BT devices genannt, eine Auswahl treffen. Wenn etwa eine Schalterhalle voll mit Menschen ist, werden die jeweiligen Bedienteile, etwa Handys, dieser Menschen ebenso wie die Terminals dem jeweiligen Benutzer angezeigt. Dadurch ist dieTo establish the connection, the user must also first make a selection from all devices that can be reached in the near field, called BT devices in the Bluetooth standard. If, for example, a counter hall is full of people, the respective operating parts, such as cell phones, of these people as well as the terminals are displayed to the respective user. This is the

Auswahl erschwert, es kann auch hier zu Fehleingaben kommen .Selection difficult, incorrect entries can also occur here.

Der Erfindung liegt das Problem zugrunde, den Verbin- dungsaufbau sicherer, einfacher und schneller für den Benutzer zu gestalten.The invention is based on the problem of making the connection establishment safer, simpler and faster for the user.

Die Erfindung löst dieses Problem durch ein Verfahren mit den Merkmalen des Anspruchs 1 sowie ein Verfahren mit den Merkmalen des Anspruchs 8. Hinsichtlich weiterer vorteilhafter Ausgestaltungen ist auf die Ansprüche 2 bis 7 und 9 bis 11 zu verweisen.The invention solves this problem by a method with the features of claim 1 and a method with the features of claim 8. With regard to further advantageous configurations, reference is made to claims 2 to 7 and 9 to 11.

Mit der erfindungsgemäß auf einzelne Geräteklassen aufgespaltenen Auswahlmöglichkeit braucht sich einWith the selection option according to the invention, which is split up into individual device classes, a need arises

Benutzer nicht mehr alle empfangsbereiten Geräte seines Umkreises anzeigen zu lassen, sondern er wählt beispielsweise nur die Klasse der vernetzten Geräte (WEB-Klasse oder WAP-Klasse) aus, womit die vernetz- ten Terminals angezeigt würden, nicht aber die Handys der Umstehenden. Dann würde der Kunde beispielsweise nur drei Geldautomaten angezeigt bekommen, zwischen denen er dann noch wählen könnte. Es kann auch vorgesehen sein, daß automatisch vom Netz der Automaten eine Auswahl getroffen wird, so daß der Kunde unmittelbar nach seiner Anfrage nach einem Gerät der entsprechenden Klasse ein Terminal zugewiesen bekäme. Dieses ist vorzugsweise optisch auffällig gekennzeichnet und überträgt sein optisches Kennzeichen auf das Display des Bedienteils, wodurch die Zuordnung zum „richtigen"" Terminal einfach ist.The user no longer has to display all devices in his vicinity that are ready to receive, but instead selects, for example, only the class of networked devices (WEB class or WAP class), which would display the networked terminals, but not the cell phones of the bystanders. The customer would then only be shown three ATMs, for example, between which he could then choose. Provision can also be made for a selection to be made automatically by the network of the machines, so that the customer would be assigned a terminal immediately after requesting a device of the corresponding class. This is preferably marked visually and transmits its optical identification to the display of the control unit, which makes the assignment to the “correct” terminal easy.

Besonders vorteilhaft läßt sich das Verfahren im Bluetooth-Standard durchführen, bei dem jedes Gerät eine feste Kennzeichnung (ähnlich einem AutoKennzeichen) hat. Diese Kennzeichnung umfaßt eine einmalig vorkommende Geräteadresse sowie eine Einstufung in eine Geräteklasse. Bluetooth unterscheidet verschiedene Geräteklassen, wie z. B. Audio-devices , Telephony-devices, Information (WEB, WAP)-devices etc.The method in the Bluetooth standard can be carried out particularly advantageously, in which each device has a fixed identification (similar to a car identification). This identification includes a unique device address and a classification in a device class. Bluetooth differentiates between different device classes, such as B. audio devices, telephony devices, information (WEB, WAP) devices etc.

Wenn eine Geräteklasse ATM geschaffen ist, ist auf Wunsch die Auswahl nur innerhalb der Automaten möglich, ohne daß, wie etwa in der WEB-Klasse, auch vernetzte Computer anderer Art angezeigt würden. Dadurch ist die Anzahl der unter der gewünschten Auswahl angezeigten Geräte verringert, die Auswahl somit weiter beschleunigt .If an ATM device class is created, the selection is only possible within the machine if desired, without networked computers of any other type being displayed, as in the WEB class, for example. This reduces the number of devices displayed under the desired selection, thus further accelerating the selection.

Wenn, was unabhängig oder in Kombination mit der nach Klassen eingeteilten Auswahl verwirklicht sein kann, ein Identifizierungssignal für den Aufbau einer geschlossenen Verbindung bei einer ersten Verbindungsaufnahme dauerhaft vergeben wird, braucht der Benutzer zum späteren Verbindungsaufbau nicht noch einmal eine PIN oder dergleichen Eingabe durchzuführen, sondern ist über sein Identifizierungssignal, im Bluetooth-Standard Link key genannt, autorisiert.If, independently or in combination with the selection divided into classes, an identification signal for the establishment of a closed connection is permanently assigned when the first connection is established, the user does not need to enter a PIN or the like again to establish a connection later, but instead is authorized via its identification signal, called the link key in the Bluetooth standard.

Hierzu muß der Link key, der für den ersten Verbin- dungsaufbau vergeben wurde, sowohl im Bedienteil als auch im Automaten zur Verfügung stehen. Im Bedienteil wird er üblicherweise abgespeichert, im Automaten ü- ber ein Netzwerk zur Verfügung gestellt.For this, the link key that was assigned for the first connection establishment must be available both in the control panel and in the machine. In the control panel it is usually stored and made available in the machine via a network.

Dadurch wird der Verbindungsaufbau beschleunigt, das lästige Eingeben einer PIN entfällt. Die Sicherheit ist jedoch nicht gefährdet, da im weiteren Verlauf der Verbindung immer noch die Eingabe der Geheimzahl der Scheck- oder Kreditkarte oder dergleichen erforderlich bleibt.This speeds up the connection process and eliminates the hassle of entering a PIN. However, security is not endangered since the secret number of the check or credit card or the like is still required in the further course of the connection.

Es ist vorteilhaft möglich, auch einen späteren Verbindungsaufbau als ersten Verbindungsaufbau einzustufen, um somit etwa auch nach einem Defekt des Handys oder sonstigen Telekommunikationsgeräts mit einen Geldautomaten bedienen zu können.It is advantageously possible to classify a later connection establishment as the first connection establishment, in order to be able to use an automated teller machine even after a defect in the cell phone or other telecommunication device.

Weitere Vorteile und Einzelheiten der Erfindung ergeben sich aus einem in der Zeichnung dargestellten und nachfolgend beschriebenen Ausführungsbeispiel des Ge- genstandes der Erfindung.Further advantages and details of the invention result from an embodiment of the object of the invention shown in the drawing and described below.

In der Zeichnung zeigt:The drawing shows:

Fig. 1 eine schematische Darstellung der am Verbin- dungsaufbau beteiligten Elemente,1 is a schematic representation of the elements involved in establishing the connection,

Fig. 2 einen Ablaufplan des erfindungsgemäßen Verfahrens zum Verbindungsaufbau.2 shows a flow chart of the method according to the invention for establishing a connection.

Die Anordnung 1 gemäß dem Ausführungsbeispiel zeigt ein Netz aus drei Terminals 2, 3, 4 und einem Server 5. Ein Benutzer (nicht eingezeichnet) führt ein Telekommunikationsgerät 6 mit sich, beispielsweise ein Handy, das über Funkkontakt 7, 8, 9, 10 in wahlweise Verbindung mit einem der Terminals 2, 3, 4 sowie dem Server 5 treten kann. Die Terminals 2, 3, 4 sind beispielsweise als Geldautomaten oder auch als Warenautomaten oder sonstige Serviceterminals ausgebildet und können etwa in Bankräumlichkeiten angeordnet sein. In vielen Fällen wird nur ein Terminal 2, 3, 4 im Nahbereich (Umkreis etwa 10 m bis 20 m) vorhanden sein, häufig werden jedoch auch mehrere Terminals 2, 3, 4 zum Aufbau einer Funkverbindung 7, 8, 9, 10 zur Verfügung stehen.The arrangement 1 according to the exemplary embodiment shows a network of three terminals 2, 3, 4 and a server 5. A user (not shown) carries a telecommunication device 6 with him, for example a cell phone, via radio contact 7, 8, 9, 10 in optionally connect to one of the terminals 2, 3, 4 and the server 5. The terminals 2, 3, 4 are designed, for example, as ATMs or also as vending machines or other service terminals and can be arranged, for example, in bank premises. In many cases, there will only be one terminal 2, 3, 4 in the close range (radius around 10 m to 20 m), but often several terminals 2, 3, 4 are also available for establishing a radio connection 7, 8, 9, 10 stand.

Als Funkstandard findet vorzugsweise ein Nahfeldstandard Verwendung, dessen Reichweite den oben genannten Umkreis nicht überschreitet. Insbesondere empfiehlt sich hier der Bluetooth-Standard, der eine Numerierung jedes an dem Standard teilnehmenden Geräts und eine darüber ermöglichte Identifizierung vorsieht. Auch andere Standards sind möglich.A near-field standard whose range does not exceed the above-mentioned radius is preferably used as the radio standard. In particular, the Bluetooth standard is recommended here, which provides for a numbering of each device participating in the standard and an identification made possible via it. Other standards are also possible.

Beim Verbindungsaufbau besteht die Zielsetzung, eine Verbindung 7, 8, 9 zwischen dem Bedienteil 6 und ei- nem der Terminals 2, 3, 4 oder dem Server 5 als gesicherte, abgeschlossene Verbindung aufzubauen. Dadurch kann kein Dritter sich in diese Verbindung 7, 8, 9, 10 einschalten. Das sogenannte „man in the middle'- Problem wird damit umgangen. Voraussetzung für eine derartige Verbindung ist die „Einigkeit' zwischen dem jeweiligen Terminal 2, 3, 4 oder dem Server 5 als Verteiler zwischen den Terminals 2, 3, 4 einerseits und dem Telekommunikationsgerät 6 andererseits.When establishing a connection, the objective is to establish a connection 7, 8, 9 between the control unit 6 and one of the terminals 2, 3, 4 or the server 5 as a secure, closed connection. As a result, no third party can intervene in this connection 7, 8, 9, 10. This avoids the so-called "man in the middle" problem. A prerequisite for such a connection is “unity” between the respective terminal 2, 3, 4 or the server 5 as a distributor between the terminals 2, 3, 4 on the one hand and the telecommunication device 6 on the other.

Zum Aufbau beispielsweise der Verbindung 7 zwischen dem Terminal 2 und dem Bedienteil 6 (Fig. 2) wird erfindungsgemäß im hier geschilderten Bluetooth- Standard zunächst am Bedienteil 6 eine Geräteklasse, mit der eine Verbindung gewünscht ist, beispielsweise die Klasse „WEB' oder die Klasse „WAP', ausgewählt und die Suche (inquiry) nach Geräten (devices) dieser Klasse gestartet. Als Reaktion hierauf werden im zweiten Schritt alle Geräte 2, 3, 4, 5 nur dieser Geräteklasse, die sich in Reichweite befinden - hier der vernetzten Geräte, also nicht etwa die Handys von weiteren Kunden - dem Bedienteil 6 übermittelt und auf dessen Display 11 dem Benutzer angezeigt. Es ist wünschenswert, eine enge Abstufung von Geräteklassen zu haben, beispielsweise eine ATM-Klasse nur für Serviceautomaten, so daß die angezeigte Auswahl von Geräten möglichst klein wird. Damit wird der Verbindungsaufbau beschleunigt. In jedem Fall werden Name, Symbol, Farbe oder dergleichen Kennzeichnung ( „userfriendly na e' ) auf das Display 11 des Bedienteils 6 übermittelt, was die Zuordnung zum jeweils anzuwählenden Gerät erleichtert .To set up, for example, the connection 7 between the terminal 2 and the control unit 6 (FIG. 2), according to the invention, in the Bluetooth standard described here, a device class with which a connection is desired, for example the “WEB” class or the class, is first set on the control unit 6 "WAP" selected and the search for devices of this class started. In response to this, in a second step all devices 2, 3, 4, 5 of this device class that are within range - here the networked devices, i.e. not the cell phones of other customers - are transmitted to the control unit 6 and the display 11 shows the Users displayed. It is desirable to have a narrow gradation of device classes, for example an ATM class only for service machines, so that the displayed selection of devices is as small as possible. This speeds up the connection establishment. In any case, the name, symbol, color or similar identification (“user-friendly na e ') is transmitted to the display 11 of the control unit 6, which facilitates the assignment to the device to be selected in each case.

Es ist möglich, daß im dritten Schritt der Benutzer die Auswahl aus den angezeigten Geräten vornimmt (Man- achine-interface : MMI) oder daß der Server 5 automatisch dem Benutzer ein freies Terminal 2, 3, 4 zuweist .It is possible that in the third step the user makes the selection from the devices displayed (machine interface: MMI) or that the server 5 automatically assigns a free terminal 2, 3, 4 to the user.

Automatisiert erfolgt der vierte Schritt, nämlich die Anfrage des Bedienteils 6 (Service discovery proto- coll: SDP) nach der WAP-Fähigkeit des zugewiesenen oder ausgesuchten Terminals 2, 3, 4 und nach der Auswahl eines Kanals für die Datenübertragung.The fourth step is automated, namely the request of the control unit 6 (Service discovery protocol: SDP) for the WAP capability of the assigned or selected terminals 2, 3, 4 and for the selection of a channel for the data transmission.

Zum eigentlichen Aufbau der gesicherten Verbindung 3 wird dann im fünften Schritt automatisiert eine Abfrage vorgenommen, ob dies der erste Verbindungsaufbau mit dem hier vorliegenden Bedienteil 6 einerseits und dem konkretisierten Terminal 2 bzw. dem Netz aus dem Server 5 und den Terminals 2, 3, 4 bzw. dem Netz aller Automaten, die mit diesem Server 5 vernetzt sind, also beispielsweise auch Geräten anderer Filialen, ist.For the actual establishment of the secure connection 3, a query is then carried out automatically in the fifth step as to whether this is the first connection establishment with the operating part 6 present here on the one hand and the specified terminal 2 or the network from the server 5 and the terminals 2, 3, 4 or the network of all machines that are networked with this server 5 are, for example devices from other branches.

Wenn ja, wird zwischen dem Terminal und dem Bedien- teil ein Nummernsignal derart entwickelt, daß das Terminal 2 oder das Netz eine Zufallszahl generiert und dann an das Bedienteil 6 versendet. Daraufhin gibt dieses an den Benutzer die Aufforderung, eine PIN einzugeben. Diese PIN erscheint auf dem Display 12 des Terminals 2 und ist dann über die Tastatur des Bedienteils vom Benutzer einzugeben, das daraufhin die PIN an das Terminal 2 sendet. Das Terminal 2 und das Bedienteil 6 erhalten daraufhin beide einen sogenannten Schlüssel zugewiesen, mit deren Hilfe ein Zwischenergebnis unabhängig von Terminal und Bedienteil berechnet und miteinander verglichen wird. Sofern das Zwischenergebnis übereinstimmt, wird daraus eine endgültiges Identifizierungssignal, im Bluetooth-Standard Link key genannt, für die geschlossene Verbindung und die darin verschlüsselte Datenübertragung berechnet. Dieser Link key braucht nicht vom Benutzer registriert zu werden, da seine Speicherung im Bedienteil automatisch erfolgt.If so, a number signal is developed between the terminal and the control unit in such a way that the terminal 2 or the network generates a random number and then sends it to the control unit 6. This then prompts the user to enter a PIN. This PIN appears on the display 12 of the terminal 2 and is then to be entered by the user via the keyboard of the control unit, which then sends the PIN to the terminal 2. The terminal 2 and the control unit 6 are then both assigned a so-called key, with the aid of which an intermediate result is calculated independently of the terminal and control unit and compared with one another. If the intermediate result matches, a final identification signal, called the link key in the Bluetooth standard, is calculated for the closed connection and the data transmission encrypted therein. This link key does not need to be registered by the user because it is saved automatically in the control panel.

Danach ist die gesicherte Verbindung aufgebaut, und die eigentliche Datenübertragung, etwa das Verlangen nach Bargeldauszahlung unter Eingabe der EC-PIN- Nummer kann beginnen.Then the secure connection is established and the actual data transfer, such as the request for cash payment by entering the EC PIN number, can begin.

Erfindungsgemäß wird das Link key im Bedienteil 6, beispielsweise auf der SIM-Karte, beim ersten Verbindungsaufbau mit dem Terminal 2 oder mit dem Netz, in das dieses eingebunden ist, gespeichert, so daß bei jedem weiteren Verbindungsaufbau die umständliche Prozedur nach Vergabe eines Link keys entfallen kann und die gesicherte Verbindung mit der individuell verschlüsselten Datenübertragung direkt starten kann. Wenn also die Frage nach dem ersten Verbindungsaufbau zu verneinen ist, kann automatisiert direkt zu einer Sicherheitsabfrage übergegangen werden, in der der Benutzer trotz bereits einmal erhaltenem und im Gerät gespeicherten Link key die Möglichkeit erhält, eine neue Kennung zu ermitteln, beispielsweise wenn das Bedienteil in Reparatur ist oder aus anderen Gründen.According to the invention, the link key is stored in the control unit 6, for example on the SIM card, when the first connection is established with the terminal 2 or with the network in which it is integrated, so that the cumbersome procedure after the assignment of a link key for each subsequent connection establishment can be omitted and the secure connection can start directly with the individually encrypted data transmission. If the answer to the first connection is answered in the negative, you can proceed automatically to a security query in which the user is given the opportunity to determine a new identifier despite the link key having been received and stored in the device, for example if the control panel is in Is repair or for other reasons.

Sofern diese neue Eingabe eines Link keys gewünscht wird, läuft diese nach dem obigen Verfahren. Ansonsten kann unmittelbar der Datenaustausch gestartet werden .If this new entry of a link key is desired, it works according to the above procedure. Otherwise the data exchange can be started immediately.

Als Bedienteile 6 kommen beispielsweise auch inAs operating parts 6 also come in

Kraftfahrzeuge eingebaute Sende- und Empfangseinrichtungen in Betracht, etwa um ein Drive in banking zu ermögliche . Transmitters and receivers installed in motor vehicles, for example to enable a drive in banking.

Claims

Patentansprüche claims 1. Verfahren zum Aufbau einer Nahfeldverbindung zwischen einem Bedienteil und einem Terminal, insbeson- dere einem Selbstbedienungs terminal einer Bank, Sparkasse oder dergleichen, wobei das Bedienteil zur Aufnahme einer Verbindung eine Suchabfrage nach geeigneten Kommunikationspartnern durchführt, dadurch gekennzeichnet, daß die Suchabfrage nach Geräte- klassen einschränkbar ist.1. A method for establishing a near-field connection between a control unit and a terminal, in particular a self-service terminal of a bank, savings bank or the like, the control unit carrying out a search query for suitable communication partners for establishing a connection, characterized in that the search query for device is restrictable. 2. Verfahren nach Anspruch 1, dadurch gekennzeichnet, daß die Geräteklassenauswahl in einer Menüführung des Bedienteils implementiert ist.2. The method according to claim 1, characterized in that the device class selection is implemented in a menu navigation of the control panel. 3. Verfahren nach einem der Ansprüche 1 oder 2, dadurch gekennzeichnet, daß als Antwort auf die Suchabfrage alle innerhalb der Reichweite liegenden empfangsbereiten Geräte der gesuchten Geräteklasse dem Bedienteil ausgegeben werden.3. The method according to any one of claims 1 or 2, characterized in that in response to the search query all ready-to-receive devices within the range of the searched device class are output to the control unit. 4. Verfahren nach Anspruch 3, dadurch gekennzeichnet, daß die Ausgabe auf dem Bedienteil unter Übermittlung von auch am Terminal sichtbar angebrach- ten Namen, Markierungen, Symbolen oder dergleichen Identifizierungsmitteln erfolgt.4. The method according to claim 3, characterized in that the output on the control panel takes place by transmitting names, markings, symbols or the like identifying means also visibly attached to the terminal. 5. Verfahren nach einem der Ansprüche 1 bis 4, dadurch gekennzeichnet, daß die Nahfeldverbin- düng im Bluetoothstandard aufgebaut wird5. The method according to any one of claims 1 to 4, characterized in that the near-field connection is established in the Bluetooth standard 6. Verfahren nach Anspruch 5, dadurch gekennzeichnet, daß die Suchabfrage (inquiry) zur Verbindung mit einem Terminal nach den Geräteklassen (Service classes) WAP und WEB durchgeführt wird. 6. The method according to claim 5, characterized in that the search query (inquiry) for connection to a terminal according to the device classes (service classes) WAP and WEB is carried out. 7. Verfahren nach Anspruch 5, dadurch gekennzeichnet, daß die Suchabfrage (inquiry) zur Verbindung mit einem Terminal nach der Geräteklasse7. The method according to claim 5, characterized in that the search query (inquiry) for connection to a terminal according to the device class (Service class) ATM durchgeführt wird.(Service class) ATM is carried out. 8. Verfahren zum Aufbau einer Nahfeldverbindung zwischen einem Bedienteil und einem Terminal, insbesondere einem Selbstbedienungsterminal einer Bank, Sparkasse oder dergleichen, wobei die Nahfeldverbindung als gegen das Zwischentreten eines Dritten gesicherte Verbindung aufgebaut und hierfür das autorisierte Bedienteil über eine zwischen dem Terminal und dem Bedienteil ausgetauschtes Identifizierungssignal erkennbar ist, insbesondere nach einem der Ansprüche 1 bis 7, dadurch gekennzeichnet, daß das Identifizierungssignal bei einer ersten Nahfeldverbindung zwischen einem Terminal und dem Bedienteil an dieses vergeben wird und dauerhaft für weitere Nahfeldverbindungen zur Verfügung steht.8. A method for establishing a near-field connection between a control unit and a terminal, in particular a self-service terminal of a bank, savings bank or the like, the near-field connection being set up as a connection which is secured against the interference of a third party, and for this purpose the authorized control unit is exchanged via a connection between the terminal and the control unit Identification signal is recognizable, in particular according to one of claims 1 to 7, characterized in that the identification signal is assigned to a terminal and the control unit in the case of a first near-field connection and is permanently available for further near-field connections. 9. Verfahren nach Anspruch 8, dadurch gekennzeichnet, daß das Identifizierungssignal ein Nummerncode ist, der bei einer ersten Nahfeldverbindung in einem interaktiven Verfahren zwischen Terminal und Bedienteil vergeben wird.9. The method according to claim 8, characterized in that the identification signal is a number code which is assigned in a first near field connection in an interactive process between the terminal and the control unit. 10. Verfahren nach einem der Ansprüche 8 oder 9, dadurch geken zeichnet, daß das Identifizierungssignal ein im Bluetooth-Standard vergebener Link key ist.10. The method according to any one of claims 8 or 9, characterized in that the identification signal is a link key assigned in the Bluetooth standard. 11. Verfahren nach einem der Ansprüche 8 bis 10, dadurch gekennzeichnet, daß jede Nahfeldverbindung zwischen einem Terminal und dem Bedienteil nach Wahl des Benutzers des Bedienteils wieder als erste Verbindung einstufbar ist und dann mit einer neuen Zuteilung eines dauerhaften Identifizierungssignals einhergeht .11. The method according to any one of claims 8 to 10, characterized in that each near-field connection between a terminal and the control panel can be classified as the first connection again at the choice of the user of the control panel and then with a new one Allocation of a permanent identification signal goes hand in hand. 12. Verfahren nach einem der Ansprüche 8 bis 11, dadurch gekennzeichnet, daß mehrere Terminals miteinander vernetzt sind und das vergebene Identifizierungssignal zwischen jedem im Netz befindlichen Terminal und dem Bedienteil wirksam ist. 12. The method according to any one of claims 8 to 11, characterized in that a plurality of terminals are networked with one another and the assigned identification signal is effective between each terminal located in the network and the control panel.
PCT/DE2001/003459 2000-09-29 2001-09-07 Connection between a terminal and a mobile part Ceased WO2002028030A2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE10048481A DE10048481A1 (en) 2000-09-29 2000-09-29 Connection between a terminal and a handset
DE10048481.6 2000-09-29

Publications (2)

Publication Number Publication Date
WO2002028030A2 true WO2002028030A2 (en) 2002-04-04
WO2002028030A3 WO2002028030A3 (en) 2003-08-14

Family

ID=7658216

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/DE2001/003459 Ceased WO2002028030A2 (en) 2000-09-29 2001-09-07 Connection between a terminal and a mobile part

Country Status (2)

Country Link
DE (1) DE10048481A1 (en)
WO (1) WO2002028030A2 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1367797A1 (en) * 2002-05-30 2003-12-03 Nokia Corporation System and method for accessing services
GB2389996A (en) * 2002-05-27 2003-12-24 Nec Corp Portable data terminal with short-range communication function
WO2008039234A1 (en) * 2006-09-29 2008-04-03 Sony Ericsson Mobile Communications Ab Device and method for content searching between peer devices

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102008016986A1 (en) * 2008-04-03 2009-10-08 Giesecke & Devrient Gmbh Display data displaying method for use in communication system, involves transferring display data from portable communication device to stationary communication device by secure communication channel

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE19732574A1 (en) * 1997-07-29 1999-02-04 Inge Hahnel Adjustable radio for search of communication or business partner

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2389996A (en) * 2002-05-27 2003-12-24 Nec Corp Portable data terminal with short-range communication function
GB2389996B (en) * 2002-05-27 2006-06-07 Nec Corp Portable data terminal
US7158755B2 (en) 2002-05-27 2007-01-02 Nec Corporation Portable data terminal
EP1367797A1 (en) * 2002-05-30 2003-12-03 Nokia Corporation System and method for accessing services
WO2008039234A1 (en) * 2006-09-29 2008-04-03 Sony Ericsson Mobile Communications Ab Device and method for content searching between peer devices
US7965981B2 (en) 2006-09-29 2011-06-21 Sony Ericsson Mobile Communications Ab Device and method for content searching between peer devices
US8583038B2 (en) 2006-09-29 2013-11-12 Sony Corporation Device and method for content searching between peer devices

Also Published As

Publication number Publication date
WO2002028030A3 (en) 2003-08-14
DE10048481A1 (en) 2002-05-02

Similar Documents

Publication Publication Date Title
DE60209881T2 (en) METHOD FOR TRANSFERRING A DEVICE IDENTIFIER BLOCK ON A SECOND COMMUNICATION TRACK SEOLED BY THE BLUETOOTH RANGE
EP1240631B1 (en) Payment transaction method and payment transaction system
DE69429379T2 (en) Fraud protection for card transactions
DE69727519T2 (en) Data network with voice control means
DE69521156T2 (en) Method for authenticating a counter terminal in a system for making transfers
EP1240632B1 (en) Payment transaction method and payment transaction system
EP1145200B1 (en) Method and system for transacting payments
DE19722424C5 (en) Method of securing access to a remote system
DE102012109629A1 (en) Mobile multi-mode customer care system
DE19731293A1 (en) Communications centre for data transfer in card-based telecommunications
EP2417550A1 (en) Method for carrying out an application with the aid of a portable data storage medium
DE102007024496A1 (en) Computer process to manage the operation of a commercial laundry for end-users
DE69906206T2 (en) Chip card with access to a remote application, terminal and associated transmission system and method for access to the remote application using this chip card
DE60001661T2 (en) PORTABLE TERMINAL
EP1923844A1 (en) Method for interaction of a bank customer with a cash machine, corresponding mobile in/output device and system for performing such interaction
DE102004044454A1 (en) Portable device for unlocking an access
DE19857210A1 (en) Procedure for activating a SIM card
WO2002028030A2 (en) Connection between a terminal and a mobile part
DE10054633C2 (en) Process and system for controlling access to goods and services
DE19809043A1 (en) Method and device for universal and secure access to telephone networks
WO1998009256A1 (en) Method for the preparation of a chip card application and device for the execution of this method
EP1163807B1 (en) Method for verifying the authentication of a manager application in a telecommunications management network operating system by means of a network element and network element suitable therefor
DE10136414A1 (en) Method for purchasing a service offered via a data network in return for a payment transaction lets a user apply an end user system to order a service from a service provider and link the whole process via a secure user-defined identifier.
EP1115242B1 (en) Authentication of a telecommunication service subscriber by means of a frequently dialled address
DE102006037167A1 (en) Method and system for carrying out a payment transaction with a means of payment

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): CN JP US

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP