(12) United States Patent
`Ratayczak et al.
`
`USOO6259909B1
`(10) Patent No.:
`US 6,259,909 B1
`(45) Date of Patent:
`Jul. 10, 2001
`
`(54) METHOD FOR SECURING ACCESS TO A
`REMOTE SYSTEM
`(75) Inventors: Georg Ratayczak, Gangelt; Norbert
`Niebert, Aachen, both of (DE)
`(73) Assignee: Telefonaktiebolaget LM Ericsson
`(publ), Stockholm (SE)
`Subject to any disclaimer, the term of this
`patent is extended or adjusted under 35
`U.S.C. 154(b) by O. davs.
`(b) by 0 days
`
`(*) Notice:
`
`(21) Appl. No.: 09/111,868
`(22) Filed:
`Jul. 8, 1998
`(51) Int. Cl." .................................................. H04M 1/66
`(52) U.S. Cl. ........................... 455/411; 455/410; 455/414
`(58) Field of Search ..................................... 455/410, 411,
`455/414; 379/188
`
`(56)
`
`References Cited
`U.S. PATENT DOCUMENTS
`
`2Y- - -a-
`
`:
`
`8 . . . . . . . . . . . . . . . . . . . . . . . . .
`
`4/1998 Weir ..................................... 455/411
`5,745,559
`5,774,525 * 6/1998 Kanevsky et al. ................... 379/188
`5,907,597 * 5/1999 Mark ...................
`... 379/188
`E. : 'g Ewell
`5:
`6,091,946
`7/2000 Ahvenainen et al. ............... 455/411
`6,112,078
`8/2000 Sormunen et al. .................. 455/411
`FOREIGN PATENT DOCUMENTS
`92/04671
`3/1992 (WO).
`* cited by examiner
`Primary Examiner Daniel Hunter
`Assistant Examiner Thuan T. Nguyen
`(74) Attorney, Agent, or Firm-Burns, Doane, Swecker &
`Mathis, L.L.P.
`ABSTRACT
`(57)
`Method for Secure user access to a remote System using a
`communications device. Access to the System is released
`only after the input of valid code words via independent
`communications devices. One of the communications
`devices may be a data processing unit and the Second
`communications device may be a mobile telephone.
`
`5,668,875
`
`9/1997 Brown et al. .......................... 380/23
`
`27 Claims, 2 Drawing Sheets
`
`
`
`
`
`codeword
`VGlid?
`
`codeword
`VGlid?
`
`
`
`PETITIONERS' EXHIBIT 1023
`
`Page 1 of 8
`
`

`

`U.S. Patent
`
`Jul. 10, 2001
`
`Sheet 1 of 2
`
`US 6,259,909 B1
`
`codeword
`volid?
`
`codeword
`VGlid?
`
`
`
`
`
`
`
`Page 2 of 8
`
`

`

`U.S. Patent
`
`Jul. 10, 2001
`
`Sheet 2 of 2
`
`US 6,259,909 B1
`
`
`
`codeword
`volid?
`
`codeword
`valid?
`
`
`
`
`
`
`
`FIG. 8
`PRIOR ART
`
`Page 3 of 8
`
`

`

`1
`METHOD FOR SECURING ACCESS TO A
`REMOTE SYSTEM
`
`US 6,259,909 B1
`
`The present invention relates to a method for Securing
`access to a System. In particular, the invention relates to a
`method for Securing access to data of a remote System using
`a communications apparatus.
`Because of the increasingly widespread deployment and
`use of data networks, Security aspects are becoming increas
`ingly important in various applications. These may be appli
`cations in which Secret information is transferred between
`data processing devices via a data network, e.g. in electronic
`payments transactions, electronic “shopping” and the like.
`Most importantly, Security requirements include, apart from
`Secure transmission of data via the network, the identifica
`tion of an authorized user. In particular, when an authorized
`user wishes to access, via a publicly accessible data network,
`to a System and/or to data Stored there and associated with
`it, it must be ensured by Specific arrangements, that only the
`authorized user can access associated data.
`For example, the data network can be an internet, com
`prising a large number of computers are connected with each
`other to form a generally accessible network. Since in Such
`a network there are no Secure data transmission lines, other
`ways are required to Secure data and to identify an autho
`rized user.
`In general, a Secure unit requests the input of a code word
`for authenticating a user, thus clearly identifying the user.
`This process of Securing access from a communications
`device to a remote System is generally known. An example
`is shown in FIG. 8. C" marks a communications device, A
`an acceSS device and S' the System. Access from the com
`munications device to the System is cleared as follows: in a
`first Step, a code word is entered at the communications
`device C". It is then transmitted to the access device A where
`it is checked for validity. In case the code word is determined
`to be valid, the access device releases access to the System
`by the communications device C".
`A large number of Such processes, identifying a Sub
`Scriber by means of Such code word, are known. However,
`like the example described above, they do have the disad
`Vantage that the knowledge of the code word allows an
`unauthorized user to, e.g., access data of another user or to
`otherwise take not allowed influence on the System.
`It is therefore object of the invention to provide a method
`for Securing access to data allowing greater Security in
`authenticating an authorized user wishing to acceSS Said
`data.
`This object of the present invention is solved methods
`with the features of claims 1. The method with the features
`of claim 1 advantageously allows the Secure identification of
`a user, by using two individual connections between a first
`and a Second communications device and a determining
`device, in order to transmit a first and a Second code word
`to the determining device for checking.
`The problem of the present invention is furthermore
`solved by a method with the features of patent claim 3. The
`method in accordance with claim 3 permits improved Secu
`rity of access to the System due to the fact that after the
`transmission and checking of a first code word by the
`determining device, a Second code word is transmitted to the
`Second communications device, for input into the first com
`munications device and transmission from the first commu
`nications device and the transmission device for checking.
`In an advantageous embodiment of the invention, a data
`processing device can be used as one of the two communi
`cations devices, connected to the determining device via a
`
`15
`
`25
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`2
`data network. A telephone can be used as the Second
`communications device, connected to the determining
`device via a telephone line.
`The connections can particularly advantageously be
`established via an Internet and/or via a mobile radio net
`work. In this connection it is possible that after establishing
`the connection between the data processing device and the
`determining device and after input of the code word by
`depressing one or more keys on the mobile telephone, access
`to the System and/or to Subscriber data Stored in a data
`memory of the System is released. By use of a mobile
`telephone allocated to a Subscriber, a Secure identification of
`the Subscriber can be carried out.
`In a further advantageous embodiment of the method in
`accordance with the invention, the transmission device may
`generate a code word using a Secret algorithm. The code
`word may be transferred to one of the communications
`devices for input into the other one of the two communica
`tions devices, and for Subsequent retransmission to the
`access device for investigation. This allows a further
`enhanced Security.
`In addition, one of the code words can be used to carry
`out data encoding of data transmitted between one or both of
`the communications devices and the determining device. In
`general, a code word may be derived from predetermined
`Subscriber data, the date or the time. Further, the code word
`may be valid for only one access procedure.
`For the implementation of the method for Securing access
`to a System, advantageously an acceSS device may be used,
`which on the one hand is connected with the System and on
`the other is connected, via Separate communication paths,
`with two communication devices for the transmission of
`code words and for access to the System, preferably a data
`processing unit and a telephone/mobile telephone.
`Further embodiments and advantageous modifications of
`the method become obvious with the Subclaims.
`
`BRIEF DESCRIPTION OF THE FIGURES
`
`FIG. 1 shows a schematic illustration of an embodiment
`of the method in accordance with the invention for Securing
`access to a remote System;
`FIG. 2 shows a flow diagram of the embodiment of the
`method in accordance with the invention of FIG. 1;
`FIG.3 shows a schematic illustration of a further embodi
`ment of the method in accordance with the invention;
`FIG. 4 shows a flow diagram of the embodiment of the
`method in accordance with the invention of FIG. 3;
`FIG. 5 shows a schematic illustration of another embodi
`ment of the method in accordance with the invention;
`FIG. 6 shows a flow diagram of the embodiment of the
`inventive method in accordance with FIG. 5;
`FIG. 7 shows a block diagram of a device for carrying out
`the method in accordance with the invention; and
`FIG. 8 shows a schematic illustration of a known access
`procedure.
`In the following, the invention is described with respect to
`the figures.
`FIG. 1 shows a first embodiment of the method in
`accordance with the invention, wherein individual process
`StepS are illustrated using arrows. FIG. 1 shows first com
`munications device C1, a Second communications device C2
`as well as an access device A and a System S, to which access
`is to be obtained. Further devices, Such as for example
`communications lines, data transmission devices and the
`like are not shown. Reference numerals S11, S12 and S13
`
`Page 4 of 8
`
`

`

`US 6,259,909 B1
`
`1O
`
`25
`
`35
`
`40
`
`15
`
`3
`denoting the arrows illustrate process Steps which are carried
`out Successively in the embodiment of the method in accor
`dance with the invention.
`FIG. 2 shows a flow diagram of the embodiment shown
`in FIG. 1 to further clarify the process in accordance with the
`invention for Securing access to a remote System.
`In the following, Steps for executing the procedure in
`accordance with FIGS. 1 and 2 will be described. At first, the
`step denoted S11 is carried out. In step S11, a first connec
`tion is established from the communications device C1 to an
`access device A and, besides identifying a user, a first code
`word is transmitted from the first communications device C1
`to the access device A. The first code word is received by the
`access device A and it is compared with authentication data
`Stored in access device A. The comparison can be a known
`procedure for the verification of a transmitted code word.
`For example, in access device A, a copy of the first code
`word could be stored and it could be determined by
`comparison, whether the code word which was transmitted
`is the requisite code word. It could also be determined by a
`mathematical operation whether the first code word is
`correct, by checking a particular relationship to the authen
`tication data which are Stored in acceSS device A. If the first
`code word is determined as being incorrect, the execution of
`the proceSS proceeds to the end point of the flow diagram
`shown in FIG. 2. If the first code word is found to be correct,
`the proceSS moves on to a step S12.
`In Step S12, a connection is established from the Second
`communications device C2 to acceSS device A. A Second
`code word is transmitted via this connection to the acceSS
`device. This Second transmitted code word is received at the
`access device and is authenticated, as was already described
`in Step S11. The code word can be a fixed Sequence of Signs,
`which identify the user and a code portion which is known
`only to the user. But identification of the user may also be
`carried out in a differently. If no user assigned code word has
`been transmitted, the process moves on to the end point
`shown in the flow diagram of FIG. 2. If the second code
`word is determined to be correct, the proceSS moves on to
`step S13.
`In step S13, access to the system S is released by the
`access device A from one or both of the communications
`devices C1, C2. This access to system S may be such that
`data can be transferred to System S and/or data can be
`retrieved from system S via one or both of the communi
`cations devices C1, C2. In addition, it is possible that the
`authorized user can trigger certain functions of the System S
`via one or both of the communications devices C1, C2. In
`the embodiment described, proceSS Steps are carried out in
`sequence, preferably in the sequence S11-S13. However,
`modifications of this Sequence or partial Steps are possible.
`AS in the case of a device described in more detail later
`with reference to FIG. 7, in a second embodiment a data
`processing unit can be used as the first communications
`device C1 and wherein the connection between this data
`processing unit and the access device A is established via a
`data processing network.
`The data processing unit may be constituted by a personal
`computer available on the market, which is equipped with a
`60
`Suitable modem. The connection between the personal com
`puter and the acceSS device A may be established via a data
`network, for example the Internet. The provision of a
`connection from a computer via an internet to the acceSS
`device A, which may also be constituted by a computer or
`a Server, optionally with Special functions and features, is
`well known and will not be further explained at this point.
`
`45
`
`50
`
`55
`
`65
`
`4
`In addition, in the Second embodiment, the Second commu
`nications device C2 may be constituted by a telephone and
`the connection between the telephone and the acceSS device
`A may be established via a telephone network. In this
`connection, the telephone network may preferably be a
`mobile radio network or a conventional fixed telephone
`network and/or PSTN.
`Thereby it is possible that the connections between the
`first and/or Second communications devices C1, C2 and the
`acceSS device A may be established via Separate communi
`cations routes independent from each other.
`Furthermore, in the second embodiment, the system S to
`be accessed, may be a mobile radio network and/or a
`memory device of the mobile radio network, in which
`Specific Subscriber-related data are Stored, but in particular a
`telephone network in accordance with the GSM standard. In
`case of a GSM network, the acceSS device may advanta
`geously be an expansion of the HLR (home location
`register) which forms a unit with a server of the worldwide
`web (WWW) and/or of the Internet. In this embodiment,
`access is advantageously controlled to the HLR (home
`location register) by the access device A. In thie HLR
`register, Subscriber-specific data are Stored, for example for
`Services Such as forwarding of calls or other configuration
`settings which concern the Subscriber. The above described
`embodiment enables a Subscriber a Secure access to the
`communication network or to Subscriber data associated
`with him stored in the HLR register.
`Therefore the user may alter in a particularly convenient
`way, for example, configuration Settings, activate certain
`Services and deactivate them and may retrieve, change or
`Store information and data. The communication between the
`user and the System, necessary for transmission of the code
`words, may be carried out, inter alia, via USSD
`(unstructured Supplementary Service data).
`Access to subscriber-specific data stored in the HLR
`register in this embodiment may be carried out as follows
`when relying on the method in accordance with the inven
`tion shown in FIGS. 1 and 2.
`A Subscriber wishing access to the Subscriber data in the
`HLR register associated with him, establishes a connection
`between a data processing unit constituting one of the
`communications devices and which is connected by the
`internet (WWW client) to access device A. In this case, this
`is an internet Server forming a unit with an expansion of the
`HLR. Authentication of the user and/or Subscriber is carried
`out by the transmission and validation of the first code word
`in step S11, shown in FIGS. 1 and 2, to access device A.
`Here, the communication between the data processing unit
`and the access device A may be performed in accordance
`with a so-called TCP/IP protocol.
`If the access device A determines the user as being
`authorized, acceSS device Aawaits an input of a Second code
`word via a Second communications device, in this case the
`mobile telephone or a fixed network telephone (step S12). In
`further embodiments, access device A may transmit a
`request for an input of the Second code word (step 12) via an
`interface to the GSM network of the mobile telephone or of
`a fixed network telephone. The input of the code word may
`be carried out using a telephone keyboard by pressing a
`Single key, for example the call demand key, or by pressing
`a Sequence of keys.
`After authorization of the second code word and therefore
`of the Subscriber at access device A, the acceSS device allows
`access to system S (step S13 in FIGS. 1 and 2).
`This may be access to Subscriber-specific data Stored in
`the memory device of the HLR register or it may be an
`
`Page 5 of 8
`
`

`

`US 6,259,909 B1
`
`15
`
`25
`
`35
`
`40
`
`S
`activation or deactivation of certain Services. After acceSS
`has been granted, one of the two communications devices
`C1, C2, i.e. the data processing unit or the telephone or both,
`may actually be used for accessing the System.
`By means of this procedure, for example a Selective
`access of a particular Subscriber of a mobile radio network
`to data assigned to this Subscriber may be made allowed.
`Preferably, by this proceeding, acceSS is granted only to
`Subscriber-specific data and Services which assigned to a
`specific Subscriber. For example, in a GSM network, the
`identity of the Specific mobile telephone used by a particular
`user is permanently known, and therefore a fraudulent
`authentication of a particular Subscriber may not be per
`formed using any other communications device.
`By the input of at least one further code word via one of
`the communications devices C1, C2 and by transmission of
`this at least one further code word to access device A,
`expanded access to the System or to Subscriber data Stored in
`the memory device of the HLR register may be allowed.
`In FIG. 3, a third embodiment of the method in accor
`dance with the invention for Securing access to a remote
`system is shown will be described. As already shown in the
`first embodiment of FIG. 1, a first communications device
`C1, a Second communications device C2, an acceSS device
`A and a System S are illustrated. In addition, arrows repre
`senting individual process steps are denoted by S31 to S35.
`The process Steps are preferably carried out Successively in
`the sequence S31 to S35. However, modifications of this
`Sequence or of partial StepS are possible.
`FIG. 4 shows a flow diagram of the embodiment in FIG.
`3 to further outline the embodiment of the invention.
`In the following, the process steps of FIGS. 3 and 4 will
`be described in more detail. In a first step S31, a commu
`nication is established between the first communications
`device C1 and the access device A and, apart from a user
`identification, a first code word is transmitted to acceSS
`device A. The acceSS device compares the first code word
`with Stored authentication data. This may be done similar to
`the authentication procedure already described with respect
`to example of embodiment 1. If the code word is not
`recognized as correct, the process ends, as shown in FIG. 4.
`Otherwise, the Sequence of StepS proceeds to Step S32.
`In step S32, a second code word is transmitted from
`access device A to the communications device C1, e.g., for
`display. This Second code word may be a predetermined
`code word or it may be generated by acceSS device A using
`a Secret algorithm. For example, the Second code word may
`be derived from subscriber-specific identification data and/
`or the time and/or the date. Thereby it becomes possible that
`this Second code word or another code word generated by
`access device A is only valid for one access. In addition, the
`Second or another code word may be used for data encoding
`a data transmission between the first or the Second commu
`nications device C1, C2 and the acceSS device A.
`In a step S33 the second code word is transmitted from the
`first communications device C1 to the Second communica
`tions device C2. This may be done by a read out operation
`from the first communications device C1 and an input
`operation at the Second communications device C2 or by
`another form of data transmission.
`After input of the Second code word at the Second
`communications device C2, in a Step S34 the Second code
`word is transmitted to the acceSS device A and is authenti
`cated there in accordance with the authentication proceSS
`which was described above. If the second code word trans
`mitted to the access device is determined to be incorrect, the
`process moves on to END, as shown in the flow diagram of
`FIG. 4.
`
`45
`
`50
`
`55
`
`60
`
`65
`
`6
`If the code word is recognized as being valid, in step S35
`acceSS from one of the communications devices C1, C2 to
`System S is granted, as it was described above in more detail
`with reference to the first or second embodiment. In a
`modification of this third embodiment, it is possible that
`after transmission of a first code word from the communi
`cations device C1 and thereafter of a second code word from
`communications device C2 to acceSS device A, a third code
`word is transmitted from acceSS device A to the communi
`cations device C1 and from there to communications device
`C2, and is then transferred by communications device C2 to
`acceSS device A for authentication.
`AS with respect to the Second embodiment, and also with
`respect to FIG. 7, in order to realize the inventive
`proceeding, the communications device C1 may be a data
`processing unit connected with access device A via the
`internet, and the communications device C2 may be a
`telephone and/or a mobile telephone, connected to access
`device Avia a fixed telephone network and/or a mobile radio
`network. AS was described in the embodiment, in this case,
`code words may be transmitted by the telephone by activat
`ing a sequence of telephone keys or a separate telephone
`key, Such as, for example, the call connection key.
`Attention is drawn to the fact that in other examples of
`embodiments, the communications device C1 may be a
`telephone/mobile telephone and/or the communications
`device C2 may be a data processing unit. In addition, the
`Second code word which is transmitted from acceSS device
`A to communications device C1 may be generated by acceSS
`device A, for example using Subscriber-specific identifica
`tion data and/or the time and/or the date. Thus it is possible
`that this Second code word, or another code word generated
`by access device A, is valid only for one access Session.
`Furthermore, one of the code words transmitted may be used
`for data encoding in a data transmission between the first or
`the Second communications devices C1, C2 and the access
`device A. This may improve the Security of access to the
`System. Preferably, the Second code word generated by
`acceSS device A would be used for Such data encoding.
`By inputting of at least one further code word via one of
`the communications devices C1, C2 and by transmission of
`this at least one further code word to acceSS device A,
`expanded access to the System or to other data Stored in the
`memory device of the System may be released.
`FIG. 5 describes a further embodiment for a realization of
`the method in accordance with the invention for Secure
`access to a remote System. AS has already been described
`with respect to the embodiments 1 and 3, FIG. 5 schemati
`cally illustrates a first communications device C1, a Second
`communications device C2, an acceSS device A and a System
`S. To further outline the procedure and their realization,
`process steps S51 to S55 are denote arrows. FIG. 6 shows a
`flow diagram for further explaining the drawing shown in
`FIG. 5.
`Below the realization of the method in accordance with
`the invention for Secure acceSS by a user to the remote
`system S is described with regard to FIGS. 5 and 6.
`In process step S51, as in steps S11 and S31, a first
`connection is established between a first communications
`device C1 an acceSS device A, and, apart from a user
`identification, a first code word is transmitted from the first
`communications device C1 to access device A where it is
`authenticated. If the transmitted code word is found to be
`invalid, the process moves on to the end point of the flow
`diagram shown in FIG. 6. If the code word is found to be
`valid, the process moves on to step S52.
`
`Page 6 of 8
`
`

`

`7
`In Step S52, by access device A a Second code word is
`generated, for example by means of a Secret algorithm, as
`was already described with respect to the third embodiment,
`or a predetermined value is transmitted as the Second code
`word to the Second communications device C2.
`In a subsequent step S53, the second code word is
`transmitted from the Second communications device C2 to a
`first communications device C1. For this purpose the Second
`communications device C2 may display the Second code
`word for an input into the first communications device C1,
`or it may be transmitted in another way from the Second
`communications device C2 to the first communications
`device C1.
`In a further step S54, the second code word is transmitted
`from the first communications device C1 to acceSS device A
`15
`and is checked there for correctness, as described above. If
`the code word transmitted in step S54 is determined to be
`invalid, the proceSS moves on to the end point of the flow
`diagram shown in FIG. 6.
`If the second code word transmitted in step S54 is found
`to be valid, in Step S35 data access or access to functions of
`the System is released by acceSS device A. This access to data
`or to functions of the System may be carried out, as described
`above, by one of the communications devices C1, C2.
`AS in the examples of embodiments described above, the
`connections between the first communication device C1
`and/or the Second communications device C2 and the acceSS
`device A may be established via Separate communications
`routes independent from each other. Furthermore, as it was
`described with respect to the example of embodiment 2, the
`first communications device C1 may be a data processing
`unit and the connection between access device A and the
`data processing unit may be established via a data proceSS
`ing device network. Preferably, a data processing unit is
`Selected as the first communications device C1 and a mobile
`telephone as the Second communications device.
`In this fourth embodiment, the second code word trans
`mitted to communications device C1 in step S52 may be
`computed using Subscriber-specific data and/or a date and/or
`a time and, in certain cases, it may be valid only for a single
`access Session. In addition, the communications device C2
`may be a telephone or a mobile telephone, and the connec
`tion between communications device C2 and acceSS device
`A may be established via a fixed telephone network and/or
`via a mobile telephone network. Attention is drawn to the
`fact that the communications device C1 may also be a
`telephone or a mobile telephone, and communications
`device C2 may be a data processing unit.
`The transmission of the code words may be carried out as
`was already described in the Second embodiment. The grant
`of access to System S may be Such that a Subscriber can
`access Subscriber data allocated to him, change or Store
`them, or the subscriber may be allowed to activate or
`deactivate certain Services. The Subscriber data are prefer
`ably stored in a home location register (HLR). Should a
`mobile telephone be used as the communications device,
`access to Subscriber data may advantageously be restricted
`to Subscriber data allocated to a Subscriber, to whom the
`used mobile telephone is allocated.
`In addition, one of the transmitted code words may be
`used for data encoding in data transmission between the first
`or Second communications devices C1, C2 and access
`device A. Moreover, after release of data acceSS by the
`access device A at least one further code word may be
`transmitted from one of the communications devices C1, C2
`to access device A, in order to release expanded access to the
`System or to other data which are Stored in the memory
`device.
`
`65
`
`45
`
`50
`
`55
`
`60
`
`US 6,259,909 B1
`
`25
`
`35
`
`40
`
`8
`FIG. 7 shows an embodiment of a device for carrying out
`the method in accordance with the invention. The figure
`shows an acceSS device marked A to control access by a user
`to a remote System S.
`The double arrow shown between access device A and
`System S marks a data connection existing between these
`two devices. In the case of a GSM system, the access device
`and the System may communicate with each other within the
`framework of the MAP (mobile application part) protocol.
`E1 shows a mobile telephone. An arrow connects with
`acceSS device A, denoting, e.g., a mobile radio network. In
`addition, FIG. 7 shows a data processing unit D2. A double
`arrow connects with access device A, denoting any data
`connection. E.g., this data connection may be an internet and
`communication may be carried out in accordance with the
`TCP/IP protocol.
`In accordance with a process shown in connection with
`the examples of embodiments 1 to 4 for the authentication
`of a user, in the case of correct input of the code words, the
`acceSS device releases access to the System. Then either by
`the mobile telephone E1 and/or the data processing unit E2
`via the respective connections to the acceSS device, access to
`a System S can be obtained. In the embodiment, Supported
`by a graphic display of the data processing unit E2, the
`subscriber-specific user profile in an HLR of a memory
`device of a mobile radio network, for example a GSM
`network, may be Stored, retrieved or changed. It is further
`more conceivable that other functions of system S may be
`controlled by one of the data processing devices G. In
`addition, by the input of further code words, after connection
`has been established between the devices E1, E2, access to
`further functions of system S or to other subscriber-specific
`data in the subscriber register HLR may be enabled.
`What is claimed is:
`1. A method for Secure user access to a separate System
`having data Stored in a memory device, comprising the
`following Steps:
`establishing a first connection between a first communi
`cations device and an access device and transmission of
`a first code word from the first communications device
`to the access device;
`comparing the first code word with first authentication
`data Stored in the access device;
`establishing a Second connection between a Second com
`munications device and the acceSS device, and trans
`mitting a Second code word form the Second commu
`nications device to the acceSS device;
`comparing the Second code word with Second authenti
`cation data Stored in acceSS device;
`transmitting a third code word from access device to the
`first communications device;
`transmitting the third code word from the first commu
`nications device to the Second communications device;
`transmitting the third code word from the Second com
`munications device to the acceSS device; and
`granting access to the System via at least one of the
`communications devices, given a valid third code word
`and the presence of a predetermined relationship
`between the first and Second code words and the Second
`authentication data Stored in access device.
`2. The method in accordance with claim 1, including
`establishing the first and Second connection via communi
`cations routes independent form each other.
`3. The method in accordance with claim 1, wherein at
`least the first communications device is constituted by a data
`
`Page 7 of 8
`
`

`

`25
`
`9
`processing unit and the connection between the data pro
`cessing unit and the access device is established via a data
`processing device network.
`4. The method in accordance with claim 3, wherein a
`internet is used for the connection between access device
`and the data processing unit.
`5. The method in accordance with claim 1, wherein a
`telephone is used as one of the communications devices and
`the connection between the telephone and acceSS device is
`established via a telephone network.
`6. The method in accordance with claim 5, wherein a
`mobile telephone is used as communications device.
`7. The method in accordance with claim 6, wherein at
`least one of the code words is transmitted by pressing a call
`demand key.
`8. The method in accordance with claim 7, wherein the
`system is a GSM