1. Field of the Invention
The invention relates to a method for inserting a service key in a terminal and to devices for carrying out the method.
2. Description of Related Art
A traffic-telematics service center transmits service data to at least one terminal via a private (e.g. mobile radio) or public (e.g. DAB radio, RDS-TMC radio) communication channel. Service data can, for example, be data for traffic information, traffic forecasts, navigation services etc., which is sent one way from the center to the terminal or is transmitted, on request, as two-way dialog between the center and the terminal. Since detecting and processing such data entail costs, it is normally transmitted only to paying subscribers (registered service users). To this end, service data is transmitted from the center to the terminal in encrypted form. To do this, the terminal and the center need to be provided with keys which match one another. For certain applications, it can also be desirable to allow service keys for service data which is registered only for a period of time to expire in the terminal after some time, or it can be desirable for such service keys to be updated. For inserting the keys, therefore, a relatively high level of security is necessary to prevent misuse. Encryption and authentication methods are known from other areas, such as television (pay TV). For encryption and decryption, basically symmetrical methods (using identical encryption and decryption keys) and asymmetrical methods (using matching but different encryption and decryption keys) are known.
The object of the invention is to optimize key-related procedures as easily, efficiently and inexpensively as possible. The object is achieved by the subject-matter of the independent claims.
The invention enables keys to be inserted simply, efficiently and securely. The insertion of new service keys, which may be necessary, for example, when a subscription period has expired for a particular service, is also enabled simply, efficiently and very securely. In this context, the insertion of a new service key does not require the terminal to be taken to a terminal manufacturer""s or service provider""s workshop; instead, according to the invention, a new service key can be inserted via communication channels, such as a fixed telephone network or mobile radio channel, and preferably mobile-radio short message. Communication between a terminal manufacturer and a trust center and/or between a service center (service provider) and a trust center and/or between a terminal manufacturer""s appliances and (when a decryption key is inserted during manufacture) a telematics terminal can also take place via a communication to channel, such as a mobile radio, channel (e.g. mobile-radio short messages).
For a method which can be carried out securely and at the same time efficiently, it is advantageous for key handling to be divided into a plurality of phases. In this case, the first phase corresponds to providing a terminal with a manufacturer-specific key (decoding key). The second phase comprises the insertion of a service key in encrypted form, particularly in asymmetrically encrypted form, from the service center into the terminal using a coding key in the service center and a decoding key in the terminal. The third phase includes, encrypting service data as part of a service and transmitting it between the service for carrying out the method center and the terminal. In one-way operation, the service center sends service data in encrypted form to the terminal, where it is decrypted with the service key, and in two-way operation, it is possible to encrypt requests from a terminal to the service center and/or to encrypt transmitted service data from the service center to the terminal. Encrypting service data with a symmetrical key is particularly advantageous, because it means that relatively large data quantities can be encrypted in real time as part of a service and decrypted in real time at the terminal without excessive complexity. On the other hand, asymmetrical encryption of the service key produces the higher level of security necessary for transmitting it.
In addition, it is particularly advantageous to use, network security mechanisms when inserting a service key from a service center into the terminal, specifically when the service center communicates with the trust center and/or the service center communicates with the terminal. In addition, network security mechanisms can also be used, in particular, if the terminal manufacturer inserts an encryption key into a telematics terminal via a mobile-radio network etc. during ,manufacturing, however, during manufacture, it is also possible to insert an encryption key in the terminal without a mobile-radio channel etc., by installing hardware or software. Network security mechanisms can be authentication checks provided as standard during communication via a mobile-radio network, particularly SMSC addresses, MSISDN PIN numbers, PIN2 numbers etc. in the GSM network or in other networks. The network security mechanisms are then used in addition to other mechanisms, particularly those according to the invention.
The terminal identity number can be any desired number identifying a particular terminal. It can be inserted permanently in the terminal as hardware and/or software, preferably during manufacturing. It is expediently protected against manipulation and/or unauthorized reading.
According to on embodiment of the invention, a terminal can also receive service keys from a plurality of service centers and use them for decrypting the service center respective service data.
The method according to the invention can be implemented in the service center, preferably in the form of a program. Features essential to the invention, such as management of decoding keys and service keys, are provided in the terminal; matching coding keys and decoding keys and possibly also the terminal identity number are handled in a trust center.