1. Field of the Invention
The present invention relates to a communication card for mobile network devices and a compatible authentication method for users of the mobile network devices. The communication card stores identification data for a user and the identification data includes data for authentication of the at least one user in the network. The communication card can be used in mobile network devices with PC- and/or PCI-card interface.
2. Discussion of the Background
Worldwide at the present time more and more computer and communication systems are being used to obtain or to transmit data via networks, such as, e.g. a LAN (Local Area Network), a WAN (Wide Area Network) or the Internet via, e.g. the public switched telephone network (PSTN) or a mobile radio network (PLMN: Public Land Mobile Network) such as GSM (Global System for Mobile Communication) or UMTS networks (Universal Mobile Telecommunications System) or WLAN (Wireless LAN), etc.
In particular, data which is subject to charges and/or access-controlled, such as multimedia data, are displayed and/or processed and/or made available to other computer systems in a modified form. Coming under multimedia data are, among other things, digital data such as texts, graphics, pictures, animations, video, Quicktime and sound recordings. Also belonging thereto are MPx (MP3) or MPEGx (MPEG7) standards, as they are defined by the Moving Picture Experts Group.
The reliable, unambiguous and, for the user, trouble-free identification and/or authentication of the user is often difficult with the data subject to charges and/or access-controlled, i.e., data requiring protection. In the state of the art, many different methods can be found relating thereto.
A frequently used method, among others, is the entry of a PIN code, i.e., a personal identification number, by the user. The PIN is either checked and verified using locally stored identification data for the user, or is transmitted, e.g. encrypted, over the network to a central unit, which verifies the PIN based on database entries. The method has many known drawbacks, however. On the one hand, it is, for instance, not very user-friendly since the user has to note the PIN, and the PIN has to be entered via input elements such as, e.g. keyboards. The user often has a multiplicity of PINs nowadays for different devices and/or services which he has to note, which makes the whole thing more difficult for him. Moreover, especially with older people or children, it is not guaranteed that they are able to memorize such PINs without any trouble.
Another problem is that the PINs also do not ensure any reliable fraud-resistant authentication of a user. On the one hand, through unprofessional administration by the user, PINs can easily fall into the hands of third parties and then be easily used by them in fraudulent ways. On the other hand, PINs can also be figured out by third parties, captured in the network, by means of slipped-in codes, such as, e.g. trojans/sniffers, or otherwise ascertained fraudulently.
Designated as sniffer is software which can receive and display the data traffic of a network. A sniffer, e.g. the well-known tcpdump, etheral, Ettercap or RFC 1761, has a so-called non-promiscuous mode and a promiscuous mode. In the non-promiscuous mode, the incoming and outgoing data traffic of the own computer is sniffed. In the promiscuous mode, the sniffer collects the entire data traffic at the network interfaces switched in this mode. Thus not only the frames addressed to it, but also those not addressed to it. To what a frame is addressed is determined in Ethernet networks based on the MAC (Media Access Control) address.
Known in the state of the art is the capturing of biometric features and/or the measurement of physical parameters of an individual in order to determine the identity of the respective person or to verify a purported identity. Biometric features (e.g. fingerprints, retina patterns, etc.) are frequently combined with physical parameters (e.g. blood pressure, temperature, etc.) in order to ensure a greater security. Based on such biometric features and/or physical parameters, a multiplicity of increasingly reliable methods have been developed for verification of individuals in one-to-one as well as in one-to-many methods. Biometrics has thus become a powerful tool in the identification or authentication of persons.
Real-time registration (live capturing) of biometric test samples between a user and a biometric system requires a significant storage capacity, computing power and transmission rate in order to be able to carry out the corresponding biometric analysis functions. In addition, the known methods usually call for complicated installation of hardware and/or software components. Especially with mobile network devices, such as laptops, PDAs (Personal Digital Assistants), mobile radio devices, etc., such components are rarely installed since additional components are cumbersome for the portability of the devices.
Moreover, the usual components for capturing biometric features are not adapted for use with very diverse applications. For the above-mentioned reasons, among others, the use of biometric identification with mobile network devices has not prevailed so far. Nevertheless it is clear that with today's demands for security and user-friendliness, owing to the enormously growing use of mobile network devices, in particular in cellular mobile radio systems, such as e.g. with GSM (Global System for Mobile Communications) and/or UMTS (Universal Mobile Telecommunications System) or in the WLAN (Wireless LAN) area, economical portable biometric systems are desirable.
The international patent application WO 98/11750 shows such an authentication method. The mobile communication device includes a scanning unit for capturing fingerprints. They are forwarded from the mobile communication device to a central authentication system, where they are analyzed and compared with database entries. In the central authentication system, each mobile identification number (MIN) is assigned to a fingerprint of the user.
The patent document U.S. Pat. No. 5,546,463 shows a portable device for authentication of a user and for encryption of data connections to a network. The portable device includes a network interface, for example a modem, as well as a communication interface to a computer, for example a PCMCIA interface. By means of stored electronic key, the portable device is authenticated vis-à-vis the network. Optionally, a PIN entered by a user is transmitted to devices of the network for user authentication.
The published German patent application DE 196 48 767 shows an electronic chipcard with a memory for biometric features, with sensors for capturing biometric features and with means for comparing the stored with the captured biometric features. The chipcard is inserted into a reading device, and biometric features of a user are captured. In the case of agreement, the actual chipcard function, for instance an electronic purse or an access key, is released.