Patent Grant
9082055
This application is a U.S. National Phase application under 35 U.S.C. §371 of International Application No. PCT/DE2009/001308, filed on Sep. 17, 2009, and claims benefit to German Patent Application Nos. DE 10 2008 049 736.3, filed on Sep. 30, 2008 and DE 10 2008 053 292.4, filed on Oct. 27, 2008. The International Application was published in German on Apr. 8, 2010 as WO 2010/037361 under PCT Article 21(2).
The present invention relates to a method and to a communication system for the authorization-dependent control of a contactless interface device of a communication device such as, for example, a chip card or a mobile communication system.
Especially since the introduction of the electronic passport based on a chip card, the discussion about the protection of personal data on electronic identification documents has intensified. Security concerns exist particularly with chip cards having contactless interfaces such as, for example, RFID (Radio Frequency Identification) chips. Here, the risk exists that unauthorized parties always have the possibility to read out data via the contactless interface. The concern that data from electronic devices having contactless interfaces could be read out by unauthorized parties exists not only in the case of citizens' authentication cards, national ID cards, the future personal identification cards, but also in the case of communication systems that are implemented, for example, in vehicles.
In an embodiment, the present invention provides a method for the authorization-dependent control of a contactless interface device of a communication device. A user is authenticated to the communication device. The contactless interface device is then deactivated so as to prevent a data transmission via the contactless interface device.
The present invention will be described in even greater detail below based on the exemplary, schematic figure. The invention is not limited to the exemplary embodiment. Other features and advantages of various embodiments of the present invention will become apparent by reading the following detailed description with reference to the attached drawing which illustrates the following:
In an embodiment, the present invention provides a method and a communication system that increase the data security for the use of communication devices having contactless interfaces.
An aspect of the invention is to undertake a measure with which a user can easily but reliably control access to a communication device via a contactless interface device.
This can be achieved in that a communication device, especially a remotely readable chip card, is prevented from transmitting data via a contactless interface device if an authorized user has intentionally deactivated the contactless interface device by performing a deliberate procedure. Therefore, a sort of “suppressing” functionality is implemented in the communication device, preventing an unwanted automatic reading out of data. On the other hand, the communication device can only transmit data via the contactless interface device if the authorized user has previously intentionally activated the contactless interface device by performing a deliberate procedure.
According to an embodiment of the present invention, a method for the authorization-dependent control of a contactless interface device is put forward. First of all, a user authenticates himself to the communication device, for example, using a conventional authentication method. In order to verify such an authorization, the user can be requested to enter a password into the communication device. After successful authentication, the contactless interface device is deactivated in order to prevent data transmission via the contactless interface device. With this method, an authorization-dependent control of an interface is put forward with which the use of the interface is only made possible if the authorized user has released the interface by means of a deliberate procedure.
The communication device can be an identification medium such as, for example, a chip card with an RFID functionality.
According to an advantageous embodiment, the contactless interface device can be logically deactivated in that the deactivation step starts a filtering function. The activated filtering function ensures that only a command to activate the contactless interface device is accepted. All other commands, for example, the command to read out data from the communication device, are denied.
In the context of the present application, the expression “deactivation of the contactless interface device” can refer to any measure that prevents unauthorized persons from reading out data from the communication device via the contactless interface device, which can also have an antenna.
According to another embodiment, the contactless interface device has an antenna that is deactivated during the deactivation step. For example, an appropriate deactivation signal can actuate a switching device that disconnects the antenna, for instance, from the communication device or from a power supply, so that data can neither be received nor transmitted via the antenna. In this case, a controlled physical disconnection of the contactless interface device can be provided. However, it is also possible to establish or interrupt the connection to the antenna by means of software.
In an embodiment, the appropriate deactivation signal for initiating the filtering function and/or for deactivating the antenna can be provided by the communication device itself or by an external device.
In order to reactivate the deactivated contactless interface device, the user once again authenticates himself to the communication device. Now, an activation signal is provided. In response to the activation signal, the filtering function is deactivated, i.e. switched off, and/or the antenna has been activated.
After a deactivation of the filtering function, commands to read out data from the communication device can once again be processed. In order to activate the antenna, for example, the above-mentioned switching device can once again connect the antenna to the communication device or to the power supply so that data can be received and transmitted.
The activation signal can be generated by the communication device itself as well as by an external device. If the antenna is deactivated, the externally generated activation signal is transmitted to the communication device via a contacted interface device. In this case, the signals needed for the authentication can also be transmitted via the contacted interface device.
The external device can be a detection/reading device that controls the activation and deactivation function. Using this detection/reading device, the user can activate or deactivate the interface, whereby he advantageously has to identify himself to the device. The external device can also be a means that the user carries along with himself. For example, it would be conceivable to switch a microswitch by using a magnet that is placed directly onto the communication device.
If the reading out of data from the communication device is blocked only via the filtering function, the externally provided activation signal can also be received via the contactless interface device of the communication device since the antenna continues to be active.
The authentication step can be based on conventional authentication mechanisms comprising, for example, the evaluation of a password, the evaluation of voice signals and/or the evaluation of biometric data.
According to an embodiment of the present invention, a communication system is created for the authorization-dependent control of a contactless interface device of a communication device. The communication device has a contactless interface device, a device for authenticating a user, and a control device. The control device is configured in such a way that, after successful authentication, it controls the deactivation of the contactless interface device in order to prevent data transmission via the contactless data interface device.
In order to deactivate the contactless interface device, according to an embodiment, the control device can initiate a program that, for example, performs a filtering function that only accepts a command to activate the contactless interface device. All other commands, especially the command to read out data from the communication device, are denied.
If the contactless interface device has an antenna, the deactivation can also be carried out in that the control device controls the deactivation of the antenna.
The communication device can have a contacted interface device for receiving authentication signals and/or an activation command. In this case, the control device can be configured in such a way that, in response to an activation command received via the contacted interface device, it generates a control signal to activate the antenna. Moreover, the control device can be configured in such a way that, in response to an activation command received via the contacted interface device, it supplies a control signal to switch off the filtering function.
Preferably, the communication device is a portable data carrier such as, for example, a chip card.
Optionally, the communication device 100 can have a contacted interface 10 for contacted data transmission. In order for the user to be able to authenticate himself to the communication device 100, the communication device 100 itself can have means with which a password can be entered, a microphone with which voice signals can be input and/or a biometric sensor 50 with which fingerprints can be identified. The signals needed for the authentication, however, can also be transmitted to the communication device 100 from outside, for example, by means of a terminal (not shown here). The terminal can be configured as a detection/reading device.
The communication device 100 is controlled by a programmable microprocessor 30 that is connected to the described components. If voice signals are entered via a microphone at the communication device, the communication device 100 has a voice analyzer that compares the entered voice signals to stored voice samples. However, it is also conceivable for the authentication to be initiated at a terminal into which the communication device 100 can be inserted. The data needed for the authentication can be transmitted to the communication device 100 either via the contacted interface 10 or via the contactless interface 20.
The mode of operation of the communication device 100 is explained in greater detail, for example, on the basis of an electronic identification card.
The user of the electronic identification card 100 would like to prevent unauthorized persons from being able to read data out of the memory unit 40 via the contactless interface 20 and the antenna 25. For this purpose, the user can utilize a terminal into which the electronic identification card 100 can be inserted. The terminal is configured in such a way that a user can enter the command “deactivation of the contactless interface device”. After the command has been entered, the user is prompted by the terminal to prove his authorization. For this purpose, the user can, for example, enter his password on the keyboard of the terminal. The password can be transmitted to the communication device 100 via the contactless interface device 20, 25 or via the contacted interface 10. The microprocessor 30 compares the entered password to a stored password. According to the example of an embodiment, after successful authentication, the microprocessor 30 generates a deactivation signal that deactivates the contactless interface 20 and/or the antenna 25. As an alternative, the microprocessor 30 can also be instructed to generate a deactivation signal via a deactivation command at the terminal.
For example, a program as well as an autonomous operating system can be stored in the communication device 100. In this case, the contactless interface 20 can also be deactivated in that the deactivation signal supplied by the microprocessor 30 initiates a filtering function. The activated filtering function has the task of denying all commands except for the command “activation of the contactless interface”. This ensures that, for example, a command “reading out of data” that has been received at the contactless interface 20 is not accepted. It should be pointed out that the filtering function can be a constituent of the contactless interface 20.
In order to deactivate the antenna 25, the deactivation signal supplied by the microprocessor 30 can actuate a switching element such as, for example, a semiconductor switch. The switching element can be arranged between the antenna 25 and the contactless interface 20. It is also conceivable for the antenna 25 to be connected via the switching element to a power supply. If the switching element is opened, either the contactless interface 20 is disconnected from the antenna 25, or else the antenna 25 is disconnected from the power supply. In both cases, data can no longer be transmitted via the contactless interface 20.
Thus, by performing a deliberate procedure, users themselves decide whether and when they will permit access to their electronic identification card 100.
A user can permit access to the communication device 100 via the contactless interface device.
For this purpose, the user can once again go to a terminal into which he inserts the communication device 100. The antenna 25 of the contactless interface device has been deactivated so that the terminal can only communicate with the communication device 100 via the contacted interface 10.
According to an example of an embodiment, the following procedure now takes place:
First of all, the user initiates the procedure “activation of the contactless interface”. Then the user is prompted to authenticate himself. For purposes of authentication, the user can, for example, enter a password at the terminal or can have a fingerprint generated by means of a biometric sensor. The data needed for the authentication is subsequently transmitted to the microprocessor 30 via the contacted interface 10. In response to the received authentication data, the microprocessor 30 carries out an authentication procedure. After successful authentication, the user gives the command “activation of the contactless interface”. In response to the activation command, the microprocessor 30 generates a control signal that closes the switching element so that the antenna 25 is once again supplied with power. From this time forward, the contactless interface device is activated.
If the filtering function was switched on in addition or as an alternative, the microprocessor 30, in response to the activation command, generates a control signal that switches off the filtering function and thus releases the contactless interface device.
The microprocessor 30 can also actuate the antenna 25 activation and/or switch off the filtering function directly, i.e. without a separate activation command being entered.
If the contactless interface device was not deactivated by means of the antenna 25 but rather only logically via the filtering function, then the command for activation can also be received via the contactless interface device. Subsequently, the command “activation of the contactless interface” is accepted by the filtering function.
In this manner, it is ensured that the communication device 100 can only respond to a reading command if the contactless interface device was first activated by the authorized user by performing a deliberate procedure.
The communication device 100 shown in
It should be pointed out that, through such an authorization concept, various users can be granted the authorization to use the contactless interface of a communication device. In embodiments of the described method and the described communication system, the contactless interface of the communication device 100 can only be used if an appropriate authorization for the activation of this interface has been demonstrated. The user has to permit a utilization of the interface through a deliberately performed procedure, namely, by activating the contactless interface. This means that, in the case of an authorization-controlled contactless interface, the communication device 100 only responds if the interface has first been systematically activated by an authorized user through a deliberate procedure. Accordingly, the security of the reading out of the data is considerably improved. Moreover, unauthorized parties are prevented from reading out data from the communication device 100.
Consequently, a suppressing functionality that can be initiated by the user is implemented in the communication device, whereby an activated suppression, that is to say switched-on suppression, blocks the possibility of remote reading out and thus the response function of the communication device.
While the invention has been described with reference to particular embodiments thereof, it will be understood by those having ordinary skill the art that various changes may be made therein without departing from the scope and spirit of the invention. Further, the present invention is not limited to the embodiments described herein; reference should be had to the appended claims.
| Number | Date | Country | Kind |
|---|---|---|---|
| 10 2008 049 736 | Sep 2008 | DE | national |
| 10 2008 053 292 | Oct 2008 | DE | national |
| Filing Document | Filing Date | Country | Kind | 371c Date |
|---|---|---|---|---|
| PCT/DE2009/001308 | 9/17/2009 | WO | 00 | 6/10/2011 |
| Publishing Document | Publishing Date | Country | Kind |
|---|---|---|---|
| WO2010/037361 | 4/8/2010 | WO | A |
| Number | Name | Date | Kind |
|---|---|---|---|
| 5257412 | Tomioka et al. | Oct 1993 | A |
| 5553299 | McPherson | Sep 1996 | A |
| 5825697 | Gilliam et al. | Oct 1998 | A |
| 5875450 | Reiner et al. | Feb 1999 | A |
| 5943624 | Fox et al. | Aug 1999 | A |
| 6045043 | Bashan et al. | Apr 2000 | A |
| 6161762 | Bashan et al. | Dec 2000 | A |
| 6792536 | Teppler | Sep 2004 | B1 |
| 6839772 | Kowalski et al. | Jan 2005 | B1 |
| 6859650 | Ritter | Feb 2005 | B1 |
| 7110792 | Rosenberg | Sep 2006 | B2 |
| 7163154 | Palmade | Jan 2007 | B2 |
| 7286818 | Rosenberg | Oct 2007 | B2 |
| 7330714 | Rosenberg | Feb 2008 | B2 |
| 7346718 | Sakamura et al. | Mar 2008 | B2 |
| 7641111 | Adams et al. | Jan 2010 | B2 |
| 8109444 | Jain | Feb 2012 | B2 |
| 8331987 | Rosenblatt | Dec 2012 | B2 |
| 8364139 | Rosenblatt | Jan 2013 | B2 |
| 8369846 | Rosenblatt | Feb 2013 | B2 |
| 8401588 | Hameed et al. | Mar 2013 | B2 |
| 8442488 | Kawate | May 2013 | B2 |
| 20030046554 | Leydier | Mar 2003 | A1 |
| 20050059386 | Li | Mar 2005 | A1 |
| 20050075135 | Cromer et al. | Apr 2005 | A1 |
| 20060075124 | Dougherty et al. | Apr 2006 | A1 |
| 20060113381 | Hochstein | Jun 2006 | A1 |
| 20060226951 | Aull et al. | Oct 2006 | A1 |
| 20070023503 | Kang | Feb 2007 | A1 |
| 20070060212 | Shah | Mar 2007 | A1 |
| 20070075140 | Guez | Apr 2007 | A1 |
| 20080028230 | Shatford | Jan 2008 | A1 |
| 20080029608 | Kellum | Feb 2008 | A1 |
| 20080182556 | Kozam | Jul 2008 | A1 |
| 20080274694 | Castell et al. | Nov 2008 | A1 |
| 20090065571 | Jain | Mar 2009 | A1 |
| 20090070272 | Jain | Mar 2009 | A1 |
| 20090070861 | Jain | Mar 2009 | A1 |
| 20090199283 | Jain | Aug 2009 | A1 |
| Number | Date | Country |
|---|---|---|
| 102006020683 | Feb 2007 | DE |
| 102005062131 | Jul 2007 | DE |
| WO 2007044144 | Apr 2007 | WO |
| Entry |
|---|
| Search Report for International Application No. PCT/DE09/01308, mailed on Feb. 19, 2010. |
| Number | Date | Country | |
|---|---|---|---|
| 20110231905 A1 | Sep 2011 | US |
