peT
`INTERNATIONAL APPLICATION PUBLISHED UNDER THE PATENT COOPERATION TREATY (PCT)
`WO 00/14984
`
`WORLD INTELLECTUAL PROPERTY ORGANIZATION
`International Bureau
`
`(51) International Patent Classification 7 :
`H04Q 7/32, H04L 9/00
`
`Al
`
`(11) International Publication Number:
`
`(43) International Publication Date:
`
`16 March 2000 (16.03.00)
`
`(21) International Application Number:
`
`PCT/FI99100713
`
`(22) International Filing Date:
`
`I September 1999 (01.09.99)
`
`(30) Priority Data:
`981902
`
`4 September 1998 (04.09.98)
`
`FI
`
`(71) Applicant (for all designated States except US): SONERA OY
`[FIIFI]; Teollisuuskatu IS, FIN-005IO Helsinki (FI).
`
`(72) Inventor; and
`(75) Inventor/Applicant (for us only): VATANEN, Harri [FIIFI];
`Lepolantie 25 A 3, FIN-00660 Helsinki (FI).
`
`(74) Agent: PAPULA REIN LAHTELA OY; Fredrikinkatu 61 A,
`P.O. Box 981, FIN-OOIOI Helsinki (FI).
`
`(81) Designated States: AE, AL, AM, AT, AU, AZ, BA, BB, BG,
`BR, BY, CA, CH, CN, CR, CU, CZ, DE, DK, DM, EE,
`ES, FI, GB, GD, GE, GH, GM, HR, HU, ID, IL, IN, IS, JP,
`KE, KG, KP, KR, KZ, LC, LK, LR, LS, LT, LU, LV, MD,
`MG, MK, MN, MW, MX, NO, NZ, PL, PT, RO, RU, SD,
`SE, SG, SI, SK, SL, TJ, TM, TR, TT, UA, UG, US, UZ,
`VN, YU, ZA, ZW, ARIPO patent (GH, GM, KE, LS, MW,
`SD, SL, SZ, UG, ZW), Eurasian patent (AM, AZ, BY, KG,
`KZ, MD, RU, TJ, TM), European patent (AT, BE, CH, CY,
`DE, DK, ES, FI, FR, GB, GR, IE, IT, LU, MC, NL, PT,
`SE), OAPI patent (BF, BJ, CF, CG, CI, CM, GA, GN, GW,
`ML, MR, NE, SN, TD, TG).
`
`Published
`With international search report.
`Before the expiration of the time limit for amending the
`claims and to be republished in the event of the receipt of
`amendments.
`In English translation (filed in Finnish).
`
`(54) Title: SECURITY MODULE, SECURITY SYSTEM AND MOBILE STATION
`
`SECURITY MODULE
`r····················· .. ·· .. ················~
`
`IFl
`
`-
`
`-,---
`
`- i -
`
`.............................................. ;
`
`6
`
`7
`
`-
`
`(57) Abstract
`
`The present invention relates to implementing services and devices affording a high level of data security. In particular, the present
`invention relates to a security module, a security system and a mobile station for using these. The invention makes it possible to use standard
`devices easily and without any modifications to implement banking services and other services requiring a high level of data security. In
`the invention, a security module is formed which uses a standardized local interface for the transmission of the messages to be transmitted.
`Messages can be transmitted in real time without any delay caused by the telecommunication network.
`
`Telit Wireless Solutions Inc. and Telit Communications PLC Exh. 1019 p. 1
`
`

`
`FOR THE PURPOSES OF INFORMATION ONLY
`
`Codes used to identify States party to the PCT on the front pages of pamphlets publishing international applications under the PCT.
`
`AL
`AM
`AT
`AU
`AZ
`BA
`BB
`BE
`BF
`BG
`BJ
`BR
`BY
`CA
`CF
`CG
`CH
`CI
`CM
`CN
`CU
`CZ
`DE
`DK
`EE
`
`Albania
`Annenia
`A~stria
`Australia
`Azerbaijan
`Bosnia and Herzegovina
`Barbados
`Belgium
`Burkina Faso
`Bulgaria
`Benin
`Brazil
`Belarus
`Canada
`Central African Republic
`Congo
`Switzerland
`Cote d'Ivoire
`Cameroon
`China
`Cuba
`Czech Republic
`Gennany
`Denmark
`Estonia
`
`ES
`FI
`FR
`GA
`GB
`GE
`GH
`GN
`GR
`HU
`IE
`IL
`IS
`IT
`JP
`KE
`KG
`KP
`
`KR
`KZ
`LC
`LI
`LK
`LR
`
`Spain
`Finl:,:;;d
`France
`Gabon
`United Kingdom
`Georgia
`Ghana
`Guinea
`Greece
`Hungary
`Ireland
`Israel
`Iceland
`Italy
`Japan
`Kenya
`Kyrgyzstan
`Democratic People's
`Republic of Korea
`Republic of Korea
`Kazakstan
`Saint Lucia
`Liechtenstein
`Sri Lanka
`Liberia
`
`LS
`LT
`LU
`LV
`MC
`MD
`MG
`MK
`
`ML
`MN
`MR
`MW
`MX
`NE
`NL
`NO
`NZ
`PL
`PT
`RO
`RU
`SD
`SE
`SG
`
`Lesotho
`Lithuania
`Luxembourg
`Latvia
`Monaco
`Republic of Moldova
`Madagascar
`The fonner Yugoslav
`Republic of Macedonia
`Mali
`Mongolia
`Mauritania
`Malawi
`Mexico
`Niger
`Netherlands
`Norway
`New Zealand
`Poland
`Portugal
`Romania
`Russian Federation
`Sudan
`Sweden
`Singapore
`
`SI
`SK
`SN
`SZ
`TD
`TG
`TJ
`TM
`TR
`TT
`UA
`UG
`US
`UZ
`VN
`YU
`ZW
`
`Slovenia
`Slovakia
`Senegal
`Swaziland
`Chad
`Togo
`Tajikistan
`Turkmenistan
`Turkey
`Trinidad and Tobago
`Ukraine
`Uganda
`United States of America
`Uzbekistan
`Viet Nam
`Yugoslavia
`Zimbabwe
`
`Telit Wireless Solutions Inc. and Telit Communications PLC Exh. 1019 p. 2
`
`

`
`WO 00/14984
`
`PCTIFI99/00713
`
`SECURITY MODULE, SECURITY SYSTEM AND MOBILE STATION
`
`1
`
`FIELD OF THE INVENTION
`
`The present invention relates to a security
`In particular,
`the invention concerns a new
`5 module.
`and improved security module and a security system for
`processing and transmitting various messages requiring
`a high degree of data security. The
`invention also
`concerns a mobile station utilizing the security mod-
`10 ule.
`
`BACKGROUND OF THE INVENTION
`
`In mobile communication networks, e. g. GSM
`(GSM, Global System for Mobile communica-
`networks
`tions), heavy encryption is used in conj unction with
`the transmission of speech over the radio link between
`the mobile station and
`the base station. Besides
`speech communication, communication using text or data
`messages has increased. With a rising service level,
`services relying on text or data communication have
`gained ground. Text communication can be utilized in
`various service functions,
`in paying
`for services,
`etc.
`
`At present, a source of difficulties In en-
`crypting messages is the fact that,
`in mobile tele(cid:173)
`phones consistent with the current standard concerning
`mobile communication, it is not possible to make any
`changes to facilitate encryption because the user in(cid:173)
`terfaces used
`in
`the
`telephones are manufacturer-
`specific. The only component
`that
`is sufficiently
`standardized and sufficiently open in respect of en(cid:173)
`cryption is the subscriber identity module (SIM)
`Mobile telephones consistent with a current
`mobile communication standard, such as the GSM stan-
`dard, do not directly provide a possibility of en-
`
`15
`
`20
`
`25
`
`30
`
`35
`
`Telit Wireless Solutions Inc. and Telit Communications PLC Exh. 1019 p. 3
`
`

`
`WO 00/14984
`
`peT IFI99/00713
`
`2
`
`5
`
`10
`
`15
`
`crypting text communication via mobile stations. Text
`communication can be used to implement services, such
`as bank services, which require a high level of data
`security. However, services requiring a high level of
`data security cannot become popular before sufficient
`encryption of message communication is possible.
`A further problem with the use of a mobile
`communication network is that the message transmission
`services implemented in it are not necessarily real-
`time services and
`the
`transmission of messages may
`take
`time. This may be a problem e. g. when a user
`wants to pay for his/her shopping at the cash register
`of a store. In this situation, even a slight delay in
`message
`transmission will significantly retard ~he
`execution of the payment transaction. At present, no
`part of the mobile communication standard supports lo(cid:173)
`cal communication between a mobile station and a cash
`register terminal.
`A group of the world's leading enterprises in
`telecommunication and information
`technology has de(cid:173)
`veloped a technology that makes it possible to estab(cid:173)
`lish a wireless connection between a mobile telephone
`and e.g. a portable computer. This technology is des(cid:173)
`ignated as "Bluetooth" and it is based on short-range
`radio
`technology, which can be used to interconnect
`many types of terminals. A more detailed description
`of this technology can be found e.g. on the WWW page
`www.bluetooth.com.
`The Bluetooth technology enables devices to
`be interconnected via a short-range radio link. By us(cid:173)
`ing the Bluetooth technology, it is possible to estab(cid:173)
`lish a connection e.g. between a mobile station and a
`portable computer without cumbersome cabling. Print(cid:173)
`ers, work stations,
`telefax devices, keyboards and
`35 virtually any digital apparatus may be parts of a Blu(cid:173)
`etooth system or network. The technology forms a uni(cid:173)
`versal bridge to existing data networks and peripher-
`
`20
`
`25
`
`30
`
`Telit Wireless Solutions Inc. and Telit Communications PLC Exh. 1019 p. 4
`
`

`
`WO 00/14984
`
`PCTIFI99/00713
`
`3
`
`5
`
`10
`
`small private
`forming
`for
`als and provides means
`groups via interconnected devices without a fixed net(cid:173)
`work
`infrastructure.
`In addition,
`encryption
`and
`authentication can be used in the communication be-
`tween the devices, e.g. so that only a given user's
`mobile
`telephone may be used
`in connection with a
`given portable computer.
`Previously known is also a smart card that
`enables reliable personal authentication and genuine
`signature. Its sphere of application is unlimited. Ex(cid:173)
`amples of possible applications are a national elec(cid:173)
`tronic identity card (EID), encryption of files, tele(cid:173)
`communication and electronic mail, a means for signing
`documents, an electronic currency , driver's license,
`15 ballot, and so on.
`Al though the smart card can be used in the
`ways described above,
`the problem remains
`that
`the
`smart card still requires a separate reading device
`for communicating with the smart card. Moreover,
`the
`smart card alone is incapable of communicating over
`any telecommunication network, which means that updat(cid:173)
`ing information e.g. using short messages is impossi(cid:173)
`ble.
`
`20
`
`25
`
`30
`
`35
`
`In addition, even if it were possible to con-
`nect a mobile station locally to a cash register ter(cid:173)
`minal using Bluetooth technology and thus utilize the
`mobile station as a payment instrument, there is still
`the problem of encrypted and secure data communication
`needed for payment transactions.
`In prior art, no general-purpose security
`module is known which could be connected to different
`cash register and automated systems, mobile stations
`or other portable devices and which would be able to
`safely communicate e.g. with a host device on the one
`hand and a service provider's device on the other hand
`utilizing e.g. the Bluetooth technology using encryp-
`
`Telit Wireless Solutions Inc. and Telit Communications PLC Exh. 1019 p. 5
`
`

`
`WO 00/14984
`
`peT IFI99/00713
`
`4
`
`5
`
`tion so as to meet the high data security requirements
`imposed by banks and authorities.
`invention is to
`The obj ect of
`the present
`eliminate the problems referred to above.
`A specific object of the invention is to dis(cid:173)
`close a new
`type of general-purpose security module
`which can be used in many kinds of application envi(cid:173)
`ronments for establishing an encrypted and secure lo(cid:173)
`cal connection. A further obj ect of the invention is
`to disclose a security system which provides means for
`encrypted data communication between user and service
`provider.
`A further object of the invention is to dis(cid:173)
`close a new type of mobile station which can be used
`for local communication with a service provider's ter(cid:173)
`minal at a high level of data security. Using this so(cid:173)
`lution together with the security module, it is possi(cid:173)
`ble to implement a general-purpose security apparatus
`which can be connected and used in any environment.
`An additional obj ect of the invention is to
`disclose a device the manufacturer of which can be di(cid:173)
`rectly certified as a so-called reliable third party.
`This obviates the need to have an encryption property
`separately added by a reliable third party to a device
`25 manufactured by a given manufacturer, such as a mobile
`telephone manufacturer.
`
`10
`
`15
`
`20
`
`BRIEF DESCRIPTION OF THE INVENTION
`
`security
`a
`invention concerns
`The present
`30 module comprising connection means for connecting the
`security module to a terminal, such as a mobile sta(cid:173)
`tion, cash register terminal, on-line banking termi(cid:173)
`nal, portable computer, telephone or any corresponding
`terminal. The security module is intended to be a gen-
`eral-purpose module to be connected to telecommunica(cid:173)
`tion networks and
`telecommunication
`terminals which
`will make it possible to implement the required en-
`
`35
`
`Telit Wireless Solutions Inc. and Telit Communications PLC Exh. 1019 p. 6
`
`

`
`WO 00114984
`
`PCTIFI99/00713
`
`5
`
`5
`
`15
`
`20
`
`cryption operations for the implementation of applica(cid:173)
`tions requiring a high level of data security.
`According to the invention, the security mod(cid:173)
`ule comprises encryption means for encrypting elec-
`tronic data transfer effected via the security module,
`decrypting encrypted information and for implementing
`an electronic signature. The encryption means prefera(cid:173)
`bly comprise a processor which encrypts, decrypts and
`implements an electronic signature. In addition, said
`10 means comprise a memory connected to the processor for
`the storage of the keys and parameters it needs.
`Further, according to the invention, the se(cid:173)
`curi ty module comprises a first connection interface
`for connecting the security module to an external de-
`vice for electronic data transfer and a power source
`for supplying power to power consuming security module
`components,
`i. e.
`the processor and
`the memory. The
`power source may also be replaced by the power source
`of the host device to which
`the security module is
`connected, by supplying power to the security module
`directly from the host device. The connection inter(cid:173)
`face can be implemented using e.g. Bluetooth technol(cid:173)
`ogy, which is a
`technology known
`in itself and the
`standardization of which has not yet been completed.
`25 Anyway, we shall not describe it here as it is previ(cid:173)
`ously known.
`In addition, the security module may comprise
`a smart card unit arranged to
`implement smart card
`functions with
`the security module. The smart card
`uni t can use the connection interface for communica(cid:173)
`tion with external devices, such as cash register ter(cid:173)
`minals, on-line banking terminals and equivalent to
`use and download electronic money. Thus, the invention
`makes the use of a smart card easier and more attrac-
`tive to the client and the user.
`integrated e. g.
`The security module can be
`with the power source of a mobile station,
`in which
`
`30
`
`35
`
`Telit Wireless Solutions Inc. and Telit Communications PLC Exh. 1019 p. 7
`
`

`
`WOOOll4984
`
`peT IFI99/00713
`
`6
`
`5
`
`10
`
`15
`
`case the security module preferably comprises a frame
`fitted to correspond to the shapes of e.g. the power
`source of the mobile station and a connector attached
`to the frame and used to connect the security module
`electrically to the mobile station in place of its
`power source.
`In this case,
`the security module is
`connected to the mobile station in order to supply
`power to it and to implement communication by means of
`the mobile station. The security module can now be op-
`erated using the keypad of the mobile station.
`The invention also concerns a security system
`comprising a service provider's terminal, such as an
`on-line banking terminal, cash register, vending ma(cid:173)
`chine or equivalent, and a service user's termina-l,
`such as a mobile station. In the system, the terminals
`are electrically interconnected via a preselected com(cid:173)
`munication link, e.g. using the Bluetooth technology.
`According to the invention, the security sys(cid:173)
`tem comprises a first security module connected to the
`service provider's terminal and a second security mod(cid:173)
`ule connected to the service user's terminal. By means
`of the security modules, the communication between the
`terminals
`is encrypted and decrypted. The security
`modules preferably comprise encryption means, a first
`interface and a power source, as described above in
`conjunction with the security module.
`The security system may also comprise a serv(cid:173)
`ice provider's server electrically connected to
`the
`service provider's
`terminal. This connection can be
`established via a telecommunication network, such as a
`GSM network or some other suitable network. The first
`security module can be further connected via the tele(cid:173)
`communication network to the service provider's termi(cid:173)
`nal
`to update
`functions executed via
`the service
`35 user's terminal and to save them to the server. This
`refers to so-called clearing functions used to trans-
`
`20
`
`25
`
`30
`
`Telit Wireless Solutions Inc. and Telit Communications PLC Exh. 1019 p. 8
`
`

`
`W000l14984
`
`peT /FI99/00713
`
`7
`
`fer electronic money paid for services or shopping by
`the service user to the service provider's account.
`The invention also concerns a mobile station,
`which here means a terminal known in itself, compris-
`ing a keypad, a display, a
`radio unit and a power
`source. A preferred example of this kind of mobile
`station is a GSM-compatible
`terminal or GSM mobile
`telephone
`(GSM, Global Standard for Mobile Communica(cid:173)
`tion) .
`
`the mobile sta-
`According to the invention,
`tion comprises a security module integrated with the
`power source and comprising encryption means and a
`first connection interface, as described above in con(cid:173)
`junction with the security module. The security mod~le
`is preferably arranged to process information trans(cid:173)
`mitted by the mobile station over a telecommunication
`network and/or via a local communication interface of
`the mobile station. The security module may communi(cid:173)
`cate with the mobile station and/or external terminal
`by using Bluetooth technology.
`As compared with prior art, the present in(cid:173)
`vention has the advantage that existing mobile tele(cid:173)
`phones currently used need not necessarily be modified
`in any way in order to use them for secure communica-
`tion. A further advantage of the invention is that the
`security module is a general-purpose device which can
`be connected to almost any terminal in which encrypted
`data transfer is needed.
`In addition, the invention makes it possible
`to implement secure systems which can be used by serv(cid:173)
`ice providers
`to provide services requiring a high
`level of data security, such as on-line banking serv(cid:173)
`ices.
`
`5
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35 LIST OF ILLUSTRATIONS
`
`the invention will be de(cid:173)
`In the following,
`scribed by the aid of preferred examples of its em-
`
`Telit Wireless Solutions Inc. and Telit Communications PLC Exh. 1019 p. 9
`
`

`
`WO 00114984
`
`peT IFI99/00713
`
`8
`
`bodiments with reference to the attached drawing,
`which
`
`in
`
`Fig. 1 presents a security module according
`to the present invention,
`Fig. 2 presents a preferred security system
`according to the present invention; and
`Fig. 3 presents a preferred mobile station
`according to the present invention comprising an inte(cid:173)
`grated security module as provided by the invention.
`
`DETAILED DESCRIPTION OF THE INVENTION
`
`5
`
`10
`
`20
`
`25
`
`The security module presented in Fig. 1 com(cid:173)
`prises connection means 1 for connecting the security
`module to a terminal SP, MS. The terminal may be a IDO-
`15 bile station, a cash register terminal, an on-line
`banking terminal or any corresponding device used to
`implement applications requiring a high level of data
`security. Moreover,
`the security module comprises en(cid:173)
`cryption means 2 for encrypting electronic data trans-
`fer in the security module, decrypting encrypted in(cid:173)
`formation and generating an electronic signature when
`required.
`interface or
`local network
`implement a
`To
`the security module further comprises a
`equivalent,
`first connection interface IFI allowing the security
`module to be connected to a terminal e.g. via a radio
`link for electronic data transfer. In conjunction with
`the connection interface it is possible to provide a
`so-called Bluetooth component, as presented in Fig. 1,
`for implementing the actions required by the technol(cid:173)
`ogy in question. The security module is also provided
`with a power source 3, which may be a chargeable accu(cid:173)
`mulator, a mains transformer or equivalent, for sup(cid:173)
`plying power to the security module components that
`need electric power.
`The encryption means presented in Fig. 1 fur(cid:173)
`ther comprise a processor 4, which can be designed and
`
`30
`
`35
`
`Telit Wireless Solutions Inc. and Telit Communications PLC Exh. 1019 p. 10
`
`

`
`WO 00/14984
`
`peT IFI99/00713
`
`9
`
`5
`
`and
`functions
`for encryption
`optimized especially
`which encrypts and decrypts and
`implements an elec(cid:173)
`tronic signature, and a memory 5 connected to
`the
`processor for the storage of the keys and parameters
`needed by
`the processor. The personal key security
`module user, parameters of the encryption algorithm
`used and other data needed can be stored in the mem(cid:173)
`ory. A preferred example of the encryption algorithm
`is the RSA method, but other unsymmetrical algorithms
`10 may also be used, depending on the application.
`Furthermore,
`the security module comprises a
`smart card component SC for
`implementing smart card
`functions by means of the security module. The smart
`card component can utilize the other components of t~e
`security module, e.g. the interface IFl for telecommu(cid:173)
`nication connections.
`The processor 4 or the smart card component
`SC of the security module further comprises a clock
`for synchronizing and clocking the functions of the
`security module. The clock is synchronized with the
`clock of the device to which the security module is
`connected. Another possibility is that the clock is
`synchronized with the clock of the Bluetooth system.
`The frame 6 of the security module has been
`fitted to conform to the shapes of the power source of
`a mobile station. In addition, the frame 6 is provided
`with a connector 7 for connecting the security module
`to a mobile station. The power and data communication
`between the security module and the mobile station can
`be connected via the connector 7. In this embodiment,
`the power source of the security module substantially
`corresponds to the power source of the mobile station
`in respect of capacity and is therefore also charge(cid:173)
`able. The security module can be easily connected to
`the mobile station both mechanically and electrically.
`Fig. 2 presents an example of the security
`system of the invention. The security system presented
`
`15
`
`20
`
`25
`
`30
`
`35
`
`Telit Wireless Solutions Inc. and Telit Communications PLC Exh. 1019 p. 11
`
`

`
`WO 00114984
`
`peT IFI99/00713
`
`10
`
`5
`
`10
`
`in Fig. 2 comprises a service provider's terminal SP,
`in this example an on-line banking terminal, and a
`service user's terminal MS,
`in this example a GSM mo(cid:173)
`bile telephone, which are electrically connected to
`each other via a preselected communication link.
`In
`this example,
`the communication
`link is established
`using Bluetooth technology.
`The security system presented in Fig. 2 addi(cid:173)
`tionally comprises a first security module SM1 con-
`nected to the service provider's terminal and a second
`security module SM2 connected to the service user's
`terminal,
`these security modules being arranged
`to
`process
`information transmitted via a
`telecommunica(cid:173)
`tion link between the terminals. Appropriate keys and
`15 other parameters are placed in the memories of the se(cid:173)
`curity modules SM1 and SM2. Public keys can be loaded
`beforehand e. g.
`from special public key servers re(cid:173)
`served for this purpose.
`In addition, the security system presented in
`Fig. 2 comprises a service provider's server
`8. The
`first security module is connected to the service pro(cid:173)
`vider's server 8 via a
`telecommunication network,
`in
`this example a telephone network. Thus, functions exe(cid:173)
`cuted by the service user's terminal can be updated
`and saved to the server. On the other hand, the serv(cid:173)
`ice provider's terminal SP and server 8 may be physi(cid:173)
`cally the same thing.
`Fig. 3 is a diagrammatic representation of a
`preferred mobile station according to the invention.
`The mobile station in Fig. 3 comprises a keypad 9, a
`display 10, a radio unit 11 and a power source 12 and
`naturally other necessary components that are not men(cid:173)
`tioned here. Integrated with the power source 12 is a
`security module SM, which comprises, as above, encryp-
`tion means 2 for encrypting electronic data transfer
`effected via the security module, decrypting encrypted
`information and generating an electronic signature
`
`20
`
`25
`
`30
`
`35
`
`Telit Wireless Solutions Inc. and Telit Communications PLC Exh. 1019 p. 12
`
`

`
`WO 00114984
`
`PCTIFI99/00713
`
`11
`
`5
`
`10
`
`15
`
`when required, a first connection interface IF1 for
`connecting the security module to a mobile station MS
`and/or and external device SP to allow electronic data
`transfer.
`The security module SM is preferably arranged
`to process information transmitted by means of the mo(cid:173)
`bile station via a telecommunication network and/or a
`local interface 13 of the mobile station. Thus,
`the
`security module
`is also able
`to utilize
`the data
`transmission properties of the mobile station e. g. in
`such manner that the security module first establishes
`a connection to the mobile station e. g. using Blue(cid:173)
`tooth technology and further to the service provider's
`terminal SP, using the same technology.
`Referring to Fig. 2, a preferred embodiment
`of the use of the security system, security module and
`mobile station will now be described. The user wants
`to load money from his bank account to his electric
`cash device, i.e. mobile station. The user starts the
`20 mobile station e.g. in bank mode, whereupon the secu(cid:173)
`ri ty module is activated and beings contacting other
`devices supporting the Bluetooth technology in the en(cid:173)
`vironment. This can be implemented in the manner de(cid:173)
`scribed in the Bluetooth descriptions. Once the secu-
`rity module SM1 connected to the user's mobile station
`MS and its cash card or smart card component SC detect
`an on-line banking terminal SP,
`they initialize a se(cid:173)
`cure connection with the banking terminal by sending
`their own public key and receiving the bank's public
`key. Thus, the user's security module SM1 and the on(cid:173)
`line banking terminal's security module SM2 are able
`to use encryption when exchanging messages. Using the
`keypad 9 and display 10 of the mobile station MS,
`the
`user gives the amount of money to be loaded, and this
`information is sent in an encrypted form to the bank(cid:173)
`ing terminal SP. After this, the banking terminal asks
`
`25
`
`30
`
`35
`
`Telit Wireless Solutions Inc. and Telit Communications PLC Exh. 1019 p. 13
`
`

`
`WO 00/14984
`
`PCTIFI99/00713
`
`12
`
`5
`
`10
`
`the user to give his electronic signature, which the
`user gives via his security module SMI.
`After the on-line banking terminal SP has ap(cid:173)
`proved the cash load operation, it sends the specified
`sum to the user's smart card SC via the security mod(cid:173)
`ules SMI and SM2 and updates the bank server 8 with
`this transaction. Although not described here, it is
`obvious
`that, with appropriate modifications,
`the
`above-described function can be applied
`in various
`service and vending operations.
`The invention is not restricted to the exam(cid:173)
`ples of its embodiments described above, but many
`variations are possible within the scope of the inven(cid:173)
`tive idea defined in the claims.
`
`Telit Wireless Solutions Inc. and Telit Communications PLC Exh. 1019 p. 14
`
`

`
`WO 00/14984
`
`CLAIMS
`
`peT IFI99/00713
`
`13
`
`means
`minal
`ister
`lent,
`module
`
`connection
`comprising
`1. Security module
`(1) for connecting the security module to a ter(cid:173)
`device (SP), such as a mobile station, cash reg(cid:173)
`terminal, on-line banking
`terminal or equiva(cid:173)
`c h a r act e r i zed
`in that
`the security
`comprises
`for encrypting elec(cid:173)
`(2)
`encryption means
`data transfer effected via the security module,
`tronic
`decrypting encrypted information and
`implementing an
`electronic signature;
`for con(cid:173)
`a first connection interface (IFl)
`necting the security module to an external device to
`allow electronic data transfer, and
`a power source (3) for supplying power to the
`security module components that need power.
`2. Security module as defined
`in claim 1,
`c h a r act e r i zed
`in that the encryption means
`comprise a processor
`(4) which encrypts, decrypts and
`implements an electronic signature, and a memory
`(5)
`connected to the processor for the storage of keys and
`parameters needed by it.
`3. Security module as de fined in claim 1 or
`in that the security mod-
`c h a r act e r i zed
`2,
`ule comprises a smart card component
`(SC) arranged to
`implement smart card functions via the security mod(cid:173)
`ule.
`
`4. Security module as defined in anyone of
`c h a r act e r i zed
`the preceding claims 1
`3,
`in that the first connection interface is implemented
`using Bluetooth technology.
`5. Security module as defined in anyone of
`the preceding claims 1
`4,
`c h a r act e r i zed
`in that the security module comprises a
`frame fitted
`to conform to the shapes of the power source of the a
`mobile station, and a connector
`(7) attached to the
`frame for connecting the security module substantially
`
`5
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`Telit Wireless Solutions Inc. and Telit Communications PLC Exh. 1019 p. 15
`
`

`
`WO 00/14984
`
`PCTIFI99/00713
`
`14
`
`10
`
`15
`
`in the place of the power source of the mobile station
`and supplying power from the power source
`(3)
`to the
`mobile station.
`6 . Security system comprising a service pro-
`5 vider's terminal
`(SP) and a service user's terminal
`(MS)
`electrically
`interconnected via
`a preselected
`communication
`link,
`c h a r act e r i zed
`in
`that
`the security system comprises a first security module
`(SM1) connected to the service provider's terminal and
`a second security module
`(SM2) connected to the serv(cid:173)
`ice user's terminal, said security modules being ar(cid:173)
`ranged to process information transmitted via the com(cid:173)
`munication link between the terminals; and that the
`first and second security modules preferably comprise
`encryption means
`(2)
`for encrypting elec-
`tronic data transfer effected via security module, de(cid:173)
`crypting encrypted
`information and
`implementing an
`electronic signature;
`(IF1)
`a first interface
`security module
`to a
`terminal
`transfer; and
`a power source (3) for supplying power to the
`security module components that need power.
`7. Security system as defined
`in claim 6,
`c h a r act e r i zed
`in that the service provider's
`terminal
`(SP1)
`is an on-line banking terminal, cash
`register, vending machine or equivalent.
`8. Security system as defined in claim 6 or
`c h a r act e r i zed
`in that the service user's
`7,
`terminal
`(SP2) is a mobile station, portable computer
`or equivalent.
`9. Security system as defined in anyone of
`the preceding claims 6
`8,
`c h a r act e r i zed
`in that the security system comprises a service pro-
`35 vider's server (8); and that the first security module
`is connected via the telecommunication network to the
`service provider's server
`(8)
`for updating the func-
`
`for connecting the
`for electronic data
`
`20
`
`25
`
`30
`
`Telit Wireless Solutions Inc. and Telit Communications PLC Exh. 1019 p. 16
`
`

`
`WO 00/14984
`
`PCTIFI99/00713
`
`15
`
`tions executed by the service user's terminal and sav(cid:173)
`ing them to the server.
`10. Mobile station comprising a keypad (9), a
`(10), a radio unit
`(11) and a power source
`display
`c h a r act e r i zed
`in that the mobile sta(cid:173)
`(12) ,
`tion comprises a security module
`(SM)
`integrated with
`the power source and comprising
`for encrypting elec(cid:173)
`encryption means
`(2)
`tronic data transfer effected via the security module,
`decrypting encrypted information and
`implementing an
`electronic signature; and
`for connecting the
`(IF1)
`a first interface
`securi ty module to the mobile station
`(MS) and/or an
`external device
`(SP)
`to allow electronic data trans-
`fer.
`
`5
`
`10
`
`15
`
`20
`
`11. Mobile station as defined in claim 10,
`c h a r act e r i zed
`in that
`the security module
`(SM)
`has been arranged
`to process
`the
`information
`transmitted by means of the mobile station via a tele-
`communication network and/or a local interface (13) of
`the mobile station.
`12. Mobile station as defined in claim 10 or
`in that the security mod-
`c h a r act e r i zed
`11,
`ule (SM) has been arranged to communicate with the mo-
`25 bile station (MS) and/or the service provider's termi(cid:173)
`nal (SP) by using Bluetooth technology.
`
`Telit Wireless So