Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Having particular address related cryptography
Reexamination Certificate
1999-12-29
2001-05-22
Peeso, Thomas R. (Department: 2132)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Having particular address related cryptography
C713S168000, C713S182000, C380S255000
Reexamination Certificate
active
06237093
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates to a procedure for setting up a secure service connection in a telecommunication system which may, for example, comprise the Internet and a wired telephone network or mobile wireless communication network.
2. Description of the Related Art
The global data network, i.e. the Internet, is based on an open structure that can be joined by practically anyone. Each device present or included in or connected to the network has a unique, individual name, referred to as an Internet name. The data link protocol used for communication over the Internet is TCP/IP (Transmission Control Protocol/Internet Protocol), in which TCP corresponds to OSI (Open System Interconnection architecture) layer
4
and IP corresponds to OSI layer
3
. OSI is a standard that defines the manner in which systems can be openly interconnected. In the OSI model, telecommunication software is divided into sections called layers. The basic principle of this model is that the functions of the layers have been defined but the manner of their implementation has been left open. For each layer, a specific interface has been defined, through which that layer communicates with the layers above and below it. The functions of a layer and those of the layers below it are called services.
A common problem restricting the use of the Internet is that the security of certain network layers consistent with the OSI model has not been standardized or otherwise defined. Therefore, a connection set up via the Internet between two computers or equivalent terminals is unprotected, which means that in principle anyone who is connected to the network can receive and read messages sent between the two computers. Correspondingly, anyone can send messages intended for someone else via a connection between two computers and thus disturb or otherwise impair the security and privacy of users. For example, the secure placing of orders and making of payments for services sold via the Internet is difficult. Likewise, reliable user identification and connection setup are difficult and require special arrangements.
In both wired telephone networks and mobile communication networks, advanced methods for encrypting a telecommunication connection, or at least the data transmitted over the connection, are commonly used. The encryption of radio communication can be regarded as providing a very high level of security, particularly in a mobile or wireless communication network such as a GSM network. Moreover, the GSM network standard allows the transmission of SMS or ESMS messages, so that the information to be encrypted can be enciphered into the message at the transmitting end and deciphered at the receiving end. Such an arrangement provides a very high level of data security. Patent specification WO 94/11849 discloses a mobile communication system in which the user of the system is authenticated locally, whereupon a secure connection is set up to a service provider or a telecommunication server. However, one problem in selling and offering services via a telephone-based network or a mobile communication network is that the service provider has no way to, for example, graphically present or represent the services or products being offered or sold. In addition, the use or ordering of services via a terminal in a telephone network or a mobile communication network, i.e. by wired or wireless telephone, is difficult.
OBJECTS AND SUMMARY OF THE INVENTION
It is accordingly the desideratum of the present invention to eliminate and overcome the aforedescribed problems.
A specific object of the invention is to provide a new type of procedure, in a telecommunication system comprising both a telephone network and a data network, to allow reliable user identification and provide a handy and easy way for the user to order services offered by the network.
A further object of the invention is to provide a procedure by which the user can use or order products and/or services provided via the Internet regardless of the user's location and the nature of the user's terminal device or computer that is connected to the Internet.
These and other objects and features of the invention are implemented in a procedure for setting up a secure service connection in a telecommunication system comprising a first telecommunication network, preferably a data network such as the Internet; a first terminal device, preferably a computer or the like connected to the first telecommunication network; a second telecommunication network, preferably a wired or wireless telephone network and/or mobile communication network; a second terminal device, preferably a telephone or mobile station connected to the second telecommunication network; and a telecommunication server communicating with both the first and second telecommunication networks, the first terminal device being connectable via a first telecommunication connection to the telecommunication server and the second terminal device being connectable to the telecommunication server via a second telecommunication connection.
In accordance with the invention, the unique address of a computer in a data network (such as the Internet), as well as the data needed for verification of information giving the computer access to the services of the telecommunication server, such as the user identifier and password, are transmitted via a telephone or mobile station (i.e. the second terminal device) using the second telecommunication connection. The data thus sent are verified or authenticated at the telecommunication server and, if the first terminal device or its user is determined to have the required right of access to the services of the telecommunication server, a first telecommunication connection from the telecommunication server to the first terminal device is set up based on the verification and the address data received. The access right may also involve or comprise transfer or acknowledgement of a predetermined sum of money, or of an alternate compensation or consideration, that is used to purchase service time at the telecommunication server, or the access right may comprise or consist of a command to open a connection, in which case the command to close the connection is subsequently sent in a corresponding manner via the telephone or mobile station. The unique address may for example be the IP address or the domain name of the computer.
As compared with prior art, the present invention advantageously makes it easy to verify the Internet user's right of access to services offered in the network and to pay for the services and products sold via the Internet. A Further advantage over the prior art is that the user is not tied to a given computer or other corresponding data network terminal because the particular IP address from which the user is currently accessing the network is specified each time that a connection is set up.
In an embodiment of the present invention, the second telecommunication connection to be established via a telephone network is set up as a secure connection in which all data transmitted via the second connection is encrypted using a predetermined encrypting algorithm. Correspondingly, the data transmitted is decrypted in or at the telecommunication server and the data to be transmitted to the telephone is encrypted. Alternatively, the second telecommunication connection may be a message switching connection, preferably an ESMS connection, in which case the connection is used to transmit encrypted message packets containing the above-described address data and access right verification data.
In the same or another embodiment of the invention, a check is periodically carried out at or by the telecommunication server to establish whether the first and/or the second telecommunication connection is active and whether the user has a right of access to the services provided via the telecommunication server. In this case, the payments for the service and connection may be charged based on the duration of the connection.
In acco
Cohen & Pontani, Lieberman & Pavane
Peeso Thomas R.
Sonera Oyj
LandOfFree
Procedure for setting up a secure service connection in a... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Procedure for setting up a secure service connection in a..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Procedure for setting up a secure service connection in a... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2443912