Method for managing media for wireless communication.

[0001] The invention relates to methods and apparatus in the field of wireless communication, in particular the near-field communication (NFC). NFC should be pursuing an abbreviation of the English term Near Field Communication and a designated for the contactless exchange of international transmission standard. Data over short distances of up to 10 cm and a data transmission rate of a maximum of 424 kbit/sec. The invention relates to short-range wireless communication in aspects, however, also other Standards of, or. Bluetooth, [...] Wave gigabit Wireless (Wireless [...]), wireless LAN, wireless USB, infrared, etc.

[0002] NFC-communication links are standardized, short-range links, which is versatile and wide Applying State of the kind. For example, proposed or indeed, any sort of access authorization for checking a be-communication links NFC used, about for ski ticket to ski elevator admission mechanisms , for motor vehicle keys and the corresponding motor vehicle, at doors coworker documents of identificationhotel room key and hotel room or for work timing detection mechanisms in and/or on. But small amounts at corresponding payment appliances and also to pay for for data transmission, about images of a first mobile phone to a second cellular phone, are-Systems interesting NFC.

[0003] A first aspect of the invention relates to service media (as in locks built-in reading or write and read devices (control modules) for access control or prepaid cards- deduction devices , cancellation devices[...] /or etc.) and their management. He is particularly true in the case, in which such a secured connection with a not online and immediately above service media , trusted service (TSM) or another trusted Instance [...] are connected, as that in the access control and in simpler [...]. Write and readers is often the case, because these are designed as stand alone-Appliances as battery-operated.

[0004] The first aspect specifically refers to a method for managing a service medium by an administrative institution, in particular a trusted intermediary ([...] service manager, TSM). This second medium can comprise as a second GU, which is to manage. The second medium has a communication module on.

[0005] A GU-the subsequently discussed and of the TSM are applicable to all aspects properties and definitions of GU, for example, a so-called secure environment the invention-is (English: secure environment (SE); often also the concept Secure-element (SE) in the literature). As chips with CPU and memory and (SE) environments Secure with the standardised safety standards for different applications are available with.

[0006] a (within the meaning of "secure element") SE A their own secure processor and its own secure memory. For example, said secure memory can comprise different parts a SE, about a working memory and a data memory. A SE safety chip formed is typically in the form of a. It is to understand an integrated circuit under secure chip that is, an electronic circuit on a substrate. For example, a monolithic semiconductor substrate having electronic elements and lines is secure chip A. A SE can here of several spaced apart but functionally joined portions or in particular. Parts of the consist safety chip , so as to make it more difficult for unauthorized reading out.

[0007] As an alternative to a dedicated chip can also be constructed as a so-called "trusted zone" a GU, i.e as region of a chip (as comprising at least one CPU core and memory), which corresponds to functionally a SE. In this safe and secure storage means comprises the GU processor means.

[0008] a "trusted zone" can, for example, by a or SE A SIM card be comprised, of a memory card (so-called memory-card, such as a SD card, Micro-SD card or the like) from other electronic devices such as mobile phones or be comprised, watches, RFID cards, RFID readers, keys with microchips, locks, vending machines, payment terminal, portable electronic devices such as [...] and the like be comprised.

[0009] a "trusted zone" can here SE or requirements A the trustworthiness of various known standards or. safety level meet requirements of known. For example, can have a certain so-called [...] a SE (Evaluation Assurance Level). This [...] exist in seven stages (of EAL1 to EAL7). The secure environments for the various aspects of the invention as at least correspond to EAL2, EAL4 EAL3 or at least at least.

[0010] A GU can include, for example, but also at least partially outside a dedicated chips of a SE-or a trusted zone-formed elements. A GU comprise processor means and its own secure memory can more generally safe. For example, said secure memory comprises a GU different parts, about a working memory and a data memory. A GU can consist of a plurality of spaced apart but functionally connected elements in particular, for making it more difficult for unauthorized reading out.

[0011] It are also solutions with virtualized secure environments (as in the context of a "Cloud" solution) possible, wherein such a physically secure environment also is not arranged in the medium and the same safety requirements associated with physically biuniquely corresponds to a medium in a monolithic integrated processor such as the present.

[0012] more generally to be understood as a functional unit is GU A, which is arranged for a manipulation-saferead-protected storing and processing data and therefore functionally a "Secure element" according to NFC-standards and, bspw. Global-platform-specifications, corresponds to. A GU can, therefore, be a functional unit, which is capable, as "Secure element" according to "subscriber identity module" and/or as NFC-standards (Subscriber Identity Module (SIM)) of a mobile terminal in a mobile telephone network to serve.

[0013] as the data stored in the GU are in particular, in the context of an authentication process which identify the medium with regard to another medium (e.g. user medium) the GU (e.g. service medium).

[0014] a ([...] service manager, TSM) is trustworthy Mediators A per se known means in near field communication systems (NFC-Systemen). The TSM is capable, (or, in general, [...]) to manage Secure element, i.e. be described. Firmware can-Updates example ice , change of key, etc. are carried out.

[0015] meet the conditions according to the mentioned as TSM This text NFC-Standard.

[0016] A TSM is designed in such a way that it is capable to a secure transmission of information in a joint venture. Transmission manipulation-protected secured and is designed in this case. You can take place free of physical contact between TSM contact-afflicted or-the more frequent variant and GU. A typical example of a TSM is a provider of a mobile telephony network (mobile network operator mNO), free of physical contact and secured by said mobile telephone network data transmitted in a mobile phone to a joint venture.

[0017] to this end, but said immediate, usually contactless compound to the corresponding medium with the necessary SE, what is not necessarily the case in the cases under consideration.

[0018] For the maintenance of service media -as with GU-the are not on-line, by maintenance arises therefore, in so far as such is at all possible, a high expense. In particular updates of system parameters and/or software (update are) (in particular firmware) and repair expensive, time-consuming and costly, since a trusted maintenance personservice medium should go with special secure means for such a.

[0019] it is the goal of the first aspect of the invention, to create a method and a communication system of the aforementioned type, which at least partially avoids at least a portion of the above mentioned disadvantages.

[0020] The Method according to the first aspect of the invention comprises the following steps:

-Step 1: transmitting a first management information of a administrative institution to a from a first, mobile medium first GU encompassed,

-Step 2:a communication link between a first communication module and the second by the first medium comprised Create communication module,

-Step 3: transmitting a from the first management information derived from the first to the second management information via the communication link to the second and first communication module GU communication module.

[0021] a (here called "second GU") service medium Unless the secure environment has service medium in the second and the to be serviced are the parts of the joint venture, the second management information is transmitted to the second GU finally.

[0022] Heat to respective communication modules can be constituents of the respective [...] or parts thereof, or the communication modules can be separately.

[0023] The administrative institution may in particular be a trusted service manager.

[0024] The communication link is for example a NFC-communication link.

[0025] The second management information from the first management information is derived. The second management information comprises the first management information [...]. In particular, the first and the second management information can be identical. It is also possible that the second management information comprises the first management information. In particular, the first management information can have additional information such as an identification of the the second management information, and optionally second medium to be managed. Even [...] / development the first management information for other types of second management information are conceivable.

[0026] the second management information from the administrative institution the second medium Because (that is, in the example discussed here by the TSM) and the first medium via the first management information gets transmitted, the method can satisfy the above-described tasks. Therefore, thanks to the method described above the second medium is managed by the TSM, without said second medium on-line must be connectable to the TSM.

[0027] The first medium may in particular be capable for peer-to-peer communication via NFC, a mobile device or part of a mobile device and it may, in particular be a mobile telephone.

[0028] Instead of peer-to-peer NFC can also serve to a different communication link, the first management information from the administrative institution to forward to the first medium, as bluetooth, wireless, infrared, etc.

Additionally or alternatively, can be done also the communication link between the first and second medium via a different communication link from NFC, as bluetooth, wireless, infrared, etc. the second medium is arranged provided.

[0029] the method allows therefore, also a second medium having simple mechanism and without on-line-capacity for communication to manage over methods and protocols, as they are well known for the management of SE as in [...].

[0030] From advantage is also, for example, at each setting up a NFC-communication link between the second medium and any first medium there is the possibility, by the first medium to the second medium to forward those second management information. Therefore the Administration may the second by second media about with other interactions between the first and GU the second medium are combined. The Administration may take place, as it were, incidently wherein resulting occasions.

[0031] the following example described For better illustration: in a hotel second media should, which are formed as control modules of door locks, by a TSM with nonsafetyrelated maintenance data (as a text to be displayed on a display adapting a) are provided. The hotel Drops than about one emulated RFID-card of a mobile phone a door key, the mobile telephone can be used as the first medium. The TSM transmitted by the mobile telephone in the first management information included the first function joint venture. During interventions is used as the key for opening the front door of the mobile telephone a NFC-communication link, which in addition to the primary interaction of the mobile telephone with the control module of the door lock, for opening of the door lock, also for the transmission of the maintenance data is used by the transmission of the second management information of the door lock. In this case, the maintenance data are being renewed of the door lock through the mobile phone, wherein these originate from the TSM. On a separate interaction between TSM and second GU or between first and second for the sole purpose of Administration may therefore GU GU be dispensed with. In this way, in the management of second GU saves money in terms of effort and thus time and/or.

[0032] firmware changecontrol module or a change of key according to the invention can, for example, at a action of the also be used, this operation being preferably is not combined with the opening of the door, but by the maintenance operator with a first medium is through-felt.

[0033] Safety is always protected, even when the operator of the locking system (here: the hotel) can exert no complete control over the first medium. The security arises from this that the management information in the secure environment (in the example described, for example, the SIM-card) of the first medium are stored and can be read out from this construction in accordance with not readily.

[0034] 3 of the first aspect of the invention step method described is carried out within the Optionally simultaneously with step 1, or step 3 follows the first step can be carried out immediately after step 1st In other words on-line, i.e. during the communication link between the first and the second medium is made (or of their communication modules).

[0035] In this case serves as a connection point of a compound of the first medium with the second medium, as it were, administrative institution. The management information from the administrative institution via the circuitous route of the first can here the second medium are transmitted at GU, without the management information is stored in the first GU (or the management information can be stored only briefly). The use of the first medium can also be useful or necessary in these [...] GU of the first be, when for writing and/or reading out the second medium is necessary-that is to say, inter alia, a joint venture, when the second medium has a GU, the must be described.

[0036] As alternative optional feature of the process, takes place independently of step 2 and step 3. step 1 in time is realized with the step 1 previously in particular, i.e. the management information is stored in the first medium and later when needed and when the communication link is transferred to the second medium (service medium).

[0037] 2 and 3 takes place independently of step 1 in time step By step, the method is very flexible and versatile applicable. The first management information from the administrative institution at any time can be transmitted to the first medium. This can be implemented at the same time with another interaction between the administrative institution and thus advantageously be combined and first GU. Similarly the second management information can at any time from the first to the second medium are transmitted GU. Also this can be carried out concurrently with another interaction between first GU and second medium or generally between the first medium and the second medium and, consequently, advantageously be combined with.

[0038] In both cases the first medium works-that is, as the mobile telephone-as a kind of "relay". The [...] communication means of the first medium are made as would-taking into account the use of the first used in the security compromises without GU.

[0039] The first aspect of the invention relates in addition to the above-described method also on a communication system for managing of the second medium through the administrative institution. The corresponding communication system here includes the administrative institution (as a TSM), a first medium and a second medium. The mentioned first medium and a first communication module comprises a first GU. The second medium comprises a second communication module and as a second GU. The first is designed in such a way GU that it to a reception of secure data in the form of a first management information from the administrative institution is capable. The first communication module and the second communication module are configured in such a way that it for transmitting and for receiving a signal through a communication link are capable. The first is designed in such a way GU, based on the first management information to map to a transmitting a second management information to the second medium is capable via the NFC-communication link.

[0040] In cases, where the second medium ("second GU") and the management information has a GU this concern is designed in such a way the second GU that it is based on the first management information to a receipt of a second management information enables, wherein said second management information from the first to the second in the first medium via the NFC-communication link GU is being submitted GU.

[0041] Such a communication system can therefore the same advantages as the above-described method and shows Run the above-described method on. This applies for all possible combinations of each as optionally described embodiments this method. The are also advantages of the respective described advantages of the method in accordance with communication system applying it.

[0042] Another first aspect a communication medium belongs, which is capable, as a first medium to perform the method described above. In particular, the communications medium is capable, to perform a method comprising the steps of:

-Step 1:a first management information receiving from the administrative institution (100) and transmitted to the first secure environment (III),

-Step 2:a communication link Create between the first medium (101) first communication module included (121) and a communication module (122) of a second medium,

-Step 3: transmitting a from the first management information derived from the first secure environment second management information (111) on the first communication module (121) and via the communication link to the second communication module (122).

[0043] A second aspect of the invention relates to a method for secure transmission of data by a different wireless communication link a NFC-communications link or (bspw. Bluetooth, WLAN or optically via infrared radiation, etc.) from a first medium to a second medium, wherein the first and the second medium are operated actively. The second aspect of the invention also relates to a communication system for secure transmission of data from a first medium to a second by a NFC-communication link medium.

[0044] In State of the kind is used a plurality of different techniques, so as to make the transmission of data by such a communication link more or less safe from unauthorized access, particularly prior to interception and/or manipulation. The degree is the security technology Applied Depending on the rather high or rather low, wherein each technology is connected with specific disadvantages.

[0045] task of the second aspect of the invention is thus, the security of the transmission of data by a NFC-communications link to increase.

[0046] The Method according to the second aspect of the invention comprises the following steps:

-Step 1:a communication link Create between a by the first medium from the second medium and a second communication module included included first communication module,

-Step 2: transfer of the data to be transmitted to the first GU

-Step 3: the encrypting data to be transmitted in the first GU with a in the first stored first key GU,

-Step 4: transfer of the encrypted data to be transmitted from the first on the first communication module and transmitting the encrypted data from the first GU communication module to the second communication module through the communication link.

[0047] 2 and 3 prior to step 1 The steps can, take place simultaneously or subsequently off at least partially.

[0048] Deciphering the data in the second medium can take place in one second the second medium with a second key GU.

[0049] in the protected key previous for communication method the can (first key, possibly second key) of GU an administrative institution, as a TSM [...] be written into the corresponding, i.e. is to say, the method can first key by a trusted intermediary of the step of communicating the previously ([...] service manager, TSM) from the first medium to the first secured (GU abbreviated) and optionally the transferring of the second environment encompassed by the TSM comprise encompassed by the second medium to a second GU key.

[0050] This method is used of the secure environment in the corresponding medium the security, as in a mobile phone, for other secure communication method than the map emulation. This may notably include NFC-communication (bspw. Peer-to-peer- [...] -communication), other radio links as bspw. Bluetooth or wireless (e.g., following the IEEE -802,11), or infrared, etc. be done. The encryption is not in itself safe active communication module such as Bluetooth or similar from the delegated to the safe GU. The communication module itself knows then the key not, and this can therefore even for a abuse from the first medium (bspw. Mobile telephone) are fetched.

[0051] Even the persons, the the communication module Setup, do not come to the key. The method ensures that the use of less safe communication channels for the safer communication.

[0052] Because via a trusted service the GU, in particular a TSM with the first key can be provided (and, if necessary, a second key), the first and the second key can be transmitted securely. By the first (and optionally the second) key never leave the corresponding GU is well protected and the se GU, a high safety is ensured.

[0053] The data to be transmitted from the first medium by means of a further key of the above process as unencrypted or are according to transmitted encrypted GU first. At first GU the encrypted data to be transmitted, using the first key to be and transmitted to the first communication module. The first communication module transmits the encrypted data to be transmitted to the second communication module and consequently, to the second medium. In the second medium-as optionally the adhesive in the second GU-the encrypted using the second key and Decrypting data to be transmitted are encrypted or unencrypted by means of a further key thereafter the second medium available.

[0054] The first and second key are correlated with each other. In other words for the encryption decryption can be used in the first known methods and the GU. The first and second key can also be different from each other (symmetrical encryption) or identical, for various wireless data transmission method is known as the se, in particular also an asymmetrical encryption is possible. The specificity of the method is that the first and, if necessary, the second medium is available a particularly secure storage of the respective key, by, the encryption and optionally the decryption takes place also in the respective GU. This brings an additional security in particular in the use of a not sure stored first medium in connection with se little secure communication channels.

[0055] This encryption and decryption the same procedure as above is in particular associable with all other methods, and in particular to operate to secure the communication link. The communication link can therefore, for example, are operated with a high level of security, and a first encryption authentication process according to known methods such as a. The Method according to the second aspect of the invention allows therefore, in addition to this first encryption to encrypt the data to be sent in addition, at a higher level, by a second encryption by the data to be sent, i.e. the encryption in the first in accordance with the second aspect and the decryption in the second GU GU the invention, additionally may be encrypted. These results in an additional security and thus fulfills the formulated task.

[0056] Optionally the secure transmission of data by a communication link allows the method both from the first medium to the second medium from the second medium to the first medium as well as by analog steps.

[0057] In other words not only for secure transmission of data the method may from the first to the second medium, but also through corresponding steps in the other direction, i.e. bidirectionally arrival.

[0058] Another optional feature comprises the first and/or second key at least two Sub Keys, wherein step comprises communicating the first key in the optionally exported previously and/or said second key is effected by transmitting of a plurality of partial keys.

[0059] The use of several partial keys for a key safety additionally increased. Also the transmission may be phased the subkey. Alternatively, a key, however, can also consist of a unit and are transmitted as a unit (in other words not key shares).

[0060] The communication system according to the second aspect of the invention serves therefore a secure transmission of data from a first medium to a second by a NFC-communication link comprises a first medium and a second medium and medium. The first medium here includes a first secure environment (GU abbreviated) and a first communication module. The second medium comprises a second communication module and as a second GU. The first and the second communication module are configured in such a way that it for transmitting and for receiving data by an, in particular, wireless communication link (NFC, bluetooth, etc.) between the first and the second communication module are capable. The those second GU are designed in such a way and, if necessary, first that they are capable to store per of a key. Whereas is formed is such the first GU that it, on the one hand, and, on the other hand, for storing a first key using the first key is capable of encrypting data.

[0061] the second medium (called "second GU") a Provided has GU, this is preferably designed so that it, on the one hand, and, on the other hand, for decrypting [...] second key for storing data using the second key is capable. As a further feature is the the communication system then designed in such a way that by the first medium to the second medium in the first data to be transmitted, using the first key encrypted GU, thereafter transmitted from the first communication module to the second communication module using the second key and finally from the second GU Decrypting.

[0062] In particular, for receiving data by a trusted intermediary the GU can / ([...] service manager, TSM abbreviated) be in place, and can be used for communicating the first or second key [...].

[0063] Such a communication system can therefore perform the same process described above and has the advantages, such as described above according to second aspect of the second aspect on method. This applies for all possible combinations of each as optionally described embodiments this method. The are also advantages of the respective described advantages of the method in accordance with communication system applying it.

[0064] Still on the second aspect a communication medium belongs, including means, as a first communication medium to perform a method in accordance with the second aspect.

[0065] In particular such a communication medium has a communication module and is capable in and a GU, to perform a method comprising the steps of:

-Step 1: the communication link between the communication module and a communication module of another medium Create,

-Step 2: transfer of the data to be transmitted to the first secure environment,

-Step 3: the encrypting data to be transmitted in the first secure environment having a key stored in the secure environment,

-Step 4: transmitting the encrypted data from the first communication module to the second communication module through the communication link.

[0066] A third aspect of the invention relates, in particular, to passive-operated via NFC Media and write and reading operations.

[0067] From the State of the type is well known that [...] -tags (RFID tags are also to be expected in mobile telephones to emulated) and other passive-operated media are for a variety of purposes, including as a prepaid cards, tickets etc. Write and Reads scorn a trusted device must, in particular a trusted service managers are carried out. The for read processes necessary key must not be present in a unsecured region write and, because otherwise simply abuses can be driven.

[0068] However, it would be desirable, when the user of access control, value cards-, ticket systems etc. simply certain less protected data stored on a credit card such as a credit Export could, as with a mobile telephone. Also for certain write processes of not safety-related data can be provided directly by a user a need.

[0069] It is therefore up to the third aspect of the invention is a method and a system for reading and writing data from or on media, in particular media passive-operated, to make available, which allows easier for people to access certain data.

[0070] This problem is solved by a method for passing a write and/or- reading process , using a first, actively operated medium, on or from a passively operated second medium, wherein the first medium (GU) has a secured environment, comprising the steps of:

-Zur-provided-authorities of a write and/or in the secure environment read applet ,

-Zur-provided-locations an application outside the secured environment,

-Transmitting a write and/or read command by the application to the applet,

-Of the write and reacting/or read command in a write and/or read signal by the applet, and

-Transmitting said write and/or read signal to the passive-operated second medium.

[0071] The write and/or read signal corresponds to the standard is operated according to the the second medium ; (e.g. ISO 14443) as it may be constructed according to a standard. They replace the writing process writes from or is beginning a data exchange in this, in which the desired to be read data to be transmitted to the first medium. The implementation of the write and/or read process due to the write and/or read signal in the passively operated second medium or between the first and second medium occurs, thus as is known in the art and is not explained here in more detail.

[0072] a program or program part "applet" is understood here in general Under, which an application program (an application) for carrying out one or more specific tasks serves. The term "applet" is therefore not to be understood as restricted to a particular programming language.

[0073] The application may, in particular in the first medium, but possibly also be installed outside the secured environment. Alternatively, it can also be installed outside of the first medium and the a communications module of the first medium-directly drive Applet-via.

[0074] The second medium in relation to the first medium can be an external medium, as a [...] -day. Then the transmission is transmitting the write and/or read signal include of the write and/or read signal to the sub-steps of a communications module of the first medium and communicating the write and/or read signal by the communication module to the second medium.

[0075] Alternatively, the second medium from the first medium to be different also only functionally, by the secure environment of the first medium by it as a RFID card is emulated. In this case the transmission is of the write and/or read signal to the second medium inside the GU be a process.

[0076] Due to this procedure it is now possible that non-safety-related data such as a credit stored on the second medium can be read out by the user, as by its mobile telephone. If the prepaid card a physical value card (in particular in the form of a radio frequency identification tag) is, the user must hold to his mobile telephone and for this purpose only the value card may represent the relevant application Run, whereupon the mobile telephone the credit. If the second medium in the secure environment a (as on the SIM-card) is Emulated medium, can take place at any time by the corresponding application the selection process. This comfort gain results for the user a considerable; false reservations are also possible and the like immediately recognisable. Analog applies, of course, in other applications and for non-safety-related write processes as prepaid cards.

[0077] Despite this additional access for the user does not affect the safety of the system and in response to the resulting comfort gain is. The Key for read processes remain inside the GU stored write and, (and not the application itself) are available only to the Applet and will never issued. The Applet

-the is tamper-proof, because it is present-can be programmed in the GU that it only commands for non-safety-related [...]. read processes receives. Optionally it can also be provided, depending on a different security levels that such processes are made with respect to the authentication of the application applet. Thus in the non-secure area of the mobile telephone can be offset by the non-critical processes (and therefore for abuse in principle manipulable) application stored are carried out, while for a trusted Instance more safety-relevant processes the authentication is called for with respect to the applet.

[0078] The Applet itself is not accessible manipulations, since it is stored in the secure environment.

[0079] The third aspect also relates to a communication medium with a secure environment and a communication module, which is installed in the secure environment in which an applet is capable for carrying out the method according to the third aspect and. In particular, the communications medium is capable, perform the following procedure:

-Transmitting a write and/or read command a " application to the applet,

-Of the write and reacting/or read command in a write and/or read signal by the applet, and

-Transmitting said write and/or read signal to a passively operated second medium.

[0080] The third aspect also relates to a system, which has also a communication medium for performing this method is set up and in proximity to said passively Operable second medium, as well as the application (on the first medium or externally continuously).

[0081] First applications of the system and the method are not safety-relevant data from the second medium by said reading out the user.

[0082] Another possible application is the delegation of access rights of a user to the other. With this application-and other comparable use-the applet is (also) carry out a writing process. [...] can be made possible that a user with access to a hotel room its electronic card entry system (physical or emulated) RFID tag to a copied another person, so that this itself also a room keys with the same time constraints as the first person has-, of course, itself.

[0083] the like can also for the transmission of smaller credit or ticket by a user to the other be provided.

[0084] Another application case can the direct generating access badges by means of the first medium (as electronic hotel room keys) be. A guest already notified [...] can, be room has reserved the Request, such an electronic key triggered automatically or manually, the emulated then from the electronic transaction system of the hotel (after successful authentication, in accordance with the standards of the hotel) and made available by the mobile telephone of the user directly with the invented method, on the physical or virtual Writing RFID tag (in the mobile telephone).

[0085] Even hotel surrounding field are conceivable in the other applications, as in the amount limited Payments, for example by writing directly on the [...]room calculation according to includes exposure of the RFID tag (room keys).

[0086] A fourth aspect of the invention pertains to improved NFC-communication link between a first and a second (active) medium, passively operated medium.

[0087] (hardware) is firstly an electronic device under medium to understand, which comprises a data processing means. The as software and/or data processing means can here be constructed as at least one part of the electronic device. Secondly, a medium may also be an emulated medium, i.e. an entity, the properties of an electronic appliance by simulating on a computer system.

[0088] The State of the type has the disadvantage on that in certain situations has an insufficient quality the NFC-communication link. This is the case, for example as a result of maximum design characteristics of the medium or on the basis of a selected mode of operation (smaller induction loop) (as in the case of a mobile telephone with Emulated RFID card, when the mobile telephone is switched off). Even a spatial orientation of the transmitting and/or receiving device or a large distance or a varying distance between the media the quality can affect the NFC-communication link. In particular, the quality can also decrease the NFC-communication link thereby and Cancel the NFC-communication link.

[0089] it is the goal of the fourth aspect of the invention, a method and a device to create (communication medium) of the aforementioned type, which improves the quality of NFC-communication link.

[0090] According to the fourth aspect is provided a method for operating a NFC-communication link between a first medium and a second medium, wherein the first medium and the second medium is actively operated passively (i.e. a passive medium is or as in itself for active operation mode is operated in the card emulation debranching medium), wherein the method comprises sending an interrogation signal from the first medium to the second medium. According to the fourth aspect is now thereby distinguished from the invention that a transmission power, with which the interrogation signal is sent, as a function of a characteristic parameter is adaptively selected for communication.

[0091] The terms are not be interpreted as meaning "interrogation signal" and "response signal" that the communication established from a question and a response is made (necessarily). In general, in the context of establishing a communication link is transmitted the interrogation signal Instead, wherein it the necessary energy for the second, passive-operated medium provides. They replace a response signal and/or a writing process in the context of a selection process in the second medium from; such a communication link can, as in the known per se according to ISO 14443 type will be established. A response signal from a load modulation [...] can consist or in the form of modulated backscattering be returned.

[0092] This parameter can be as the signal quality of the response signal. In this first group of embodiments, therefore, takes the method comprising the steps of:

-Step 1: transmitting an interrogation signal from the first medium to the second medium and receiving a respond signal sent by the first medium from the second medium in response thereto (3),

-Step 2: evaluating a signal quality of the response signal by the first medium (3),

-Step 3: controlling a transmission power of the interrogation signal of the first medium (3) as a function of step 2, wherein a signal power of the interrogation signal is increased, when in step 2 is noted that the response signal is a feedback coding signal from insufficient signal quality.

[0093] Parameter a second group of embodiments are made from the information also can according to (or at least include such information), whether a reading or a writing process is to be triggered. Provided the second medium is to be described, the transmission power is selected to be higher than if only one reading process is to take place.

[0094] According to a third group of embodiments of the fourth aspect may also consist in an identification of the second medium the characteristic parameter or at least have such a. A passive medium falls within the scope of the communication by the active medium are associated with a particular technology and identified simply on the basis of a ID. If as at the beginning according to establish the communication link is noted that the second medium comprises a card emulation mode operated mobile telephone is, the transmission power is selected higher, than when it is a conventional "day" is RFID.

[0095] combinations of these possibilities are readily conceivable, as the choice of the transmission power as a function of the signal quality as both whether a reading or writing process is to take place also thereof, both as a function of the signal quality as the choice of transmission power also thereof is the nature of the second medium, the choice of the transmitted power as a function thereof, whether a reading or a writing process is to be carried out and as a function of the type of the medium, or a combination of all three possibilities.

[0096] In examples of embodiments of the first group (optionally combined with the second and/the third group) the evaluation can include evaluating a measurable size of the received signal the signal quality, for example about an amplitude and/or frequency of the received electromagnetic radiation (and/or its change), or the testing of a presence of a control signal or the coherence a test statistic. Also possible the measurement is a ratio of a number of transferred information units such as bits or to a defined threshold signal level, include, for example, about a threshold value, or another suitable test. Another, often particularly favorable possibility is to determine (or similar) on the basis of a bit errors check total test.

[0097] Once the evaluation shows that the signal quality is but one of insufficient a NFC-signal Received (as by bit error has or only a part of a "message" was received (premature abort)), in accordance with selected predetermined signal characteristic to a deep/inadequate quality can the NFC-communication link are closed. In response to the determined deep quality of the transmission power of the emitted changes the first medium NFC-communication link from a first to a second transmission power NFC-signal, higher transmission power.

[0098] After a predetermined duration and/or after a terminated process (as the conclusion of an authentication) the first medium changes the transmission power back onto the first, lower transmission power is to save energy is to, or directly into a sleep mode (state of rest or " [...] "-operation; periodic transmission of short signal pulses for determining, whether a passively operated medium in range).

[0099] Such a predetermined duration, if necessary, can be aligned to an average duration of a NFC-communication link, for example, for example, for a defined process of uniform length, about an authorization for door opening or the like. The predetermined duration, however, can also be so selected that a deliberately changes of transmitting power conditionally held time interval a plurality of short, to allow a data transfer.

[0100] Such a predetermined duration in a range of 0.3 to 30 seconds can lie, in particular 0.5 to 15 seconds in a range of. The period may be so selected that at the same time an improvement of the quality of the energy-saving operation of the first medium are made possible and a NFC-communication link.

[0101] according to the fourth aspect of the invention is especially for following Tackling this case of advantage: For battery-operated first media, in locks or mobile devices are installed the as, the transmission power is minimized, so as to take on the currently account. In interplay with passive RFID-cards works the well, also quite well for Java-cards and mobile phones in the emulation mode (map emulation mode) card, when these devices are actively and supplied by battery. Where, however, the mobile telephone is switched off or the battery is empty, the still selection process does work. He works but very poor, because the received power must also serve to ensure, certain basic functions of the the RFID card emulating chips (generally a Secure element (SE), often the SIM-card of the mobile telephone). The range is then extremely short. According to the fourth aspect of the invention by the action for such a case is provided that the transmission power of the interrogation signal increases.

[0102] advantage of this fourth aspect is, therefore that the quality of the feedback coding communication link will be improved, but at the same time no excessively large energy consumption is produced. In media batteries (bspw. Accumulators or non-rechargeable batteries) as energy sources used, which have a limited storage capacity. Therefore it applies, the energy present to use as little as possible. The procedure described above allows, the energy present that make the best use, by a high transmission power is used only when needed. This over-execution by the second, increased transmission power is compared to the consumption (periodic transmission pulses , optionally real-time clock) moderately from the continuous operation. Since typically a large portion of the available energy is consumed in the first medium (Standby-Modus) is in the rest state, a brief increase in the transmission power in the active state are not very strong in comparison with which falls into the weight. The cycle, the batteries have to be changed with the as in locks, will not or at most negligible shorter.

[0103] For example, periodically sends the first medium in a quiescent state with a deep transmission power of signal pulses, to determine is located, whether a second medium (medium in the field) in the field of communications. If that is the case, sends an interrogation signal from the first medium. If the received response signal is a properly readable NFC-signal, this operation is continued until the selection process is terminated. The received response signal Is as NFC-signal recognizable, but insufficiently (as if bit errors are detected), the transmission power is increased. If the received response signal is not recognized as NFC-signal, the first medium is again periodic signal pulses back to the standby operation and sends as.

[0104] The fourth aspect of the invention also relates to an actively operable NFC-apparatus, i.e. a NFC-communication medium for performing the above-described method. The medium comprises a communication module, and is capable of, the communication module adaptively selectable power with a a NFC-interrogation signal, i.e. at least with a first and a second, higher transmission power to send out.

[0105] For example, be feedback coding communications medium capable, an interrogation signal to a second medium to transmit and receive a transmitted response signal in response thereto to control by the first medium from the second medium (3), a signal quality of the response signal as a function of the results of this evaluation and a transmission power of the interrogation signal to evaluate.

[0106] To this end the can comprise the communications medium a control unit, which controls the power. The described device allows, the above-described method of the fourth aspect to apply. Consequently, the device has also the above-described advantages. Also the device can have the above-mentioned optional features also, what is connected with the above-described advantages.

[0108] Other preferred embodiments go from the dependent claims show. It features are combined with the apparatus claims in a general manner of the method claims and vice versa.

[0109] It in a general manner one another are also features of the various aspects of the invention may be combined, i.e. it can be combined with the first aspect as the fourth aspect, such as by using a corresponding to the fourth aspect in a method according to the first aspect service medium furnished; and combinations of both aspects together with the second aspect are conceivable by themselves or per. Continue combinations are combinations of aspects with the third aspect mentioned all aspects of and conceivable.

[0110] For all aspects and embodiments are applications, on the one hand, for example, in the areas of and to find building protectionspace admission authorization , both in private and in semi-public buildings-bspw. Hotels; award of room keys etc. Continue there are applications in the ticketing (ticket control and/or- cancellation charging an electronic ticket on a mobile communications medium, in the range value map systems , but also in the direct communication between mobile devices, as for the exchange of personal information such as addresses, for synchronization, etc.).

[0111] together with the media belongs to the invention also the software, which enables communication media, to execute the method described herein.

[0112] Below the basis of preferred embodiments is invention article , which are represented in the attached drawings, described in detail. It each show schematically:

Fig. 1 a system for improving the quality of a fourth aspect of the invention according to the feedback coding communication link;

2, a flow chart of a method according to the fourth aspect Fig.;

Fig. 3 a communication system for managing the second GU by a TSM according to the first aspect of the invention of the second medium;

A communication system for secure transmission of data by a 4 Fig. NFC-communication link from a first medium to a second medium in accordance with the second aspect of the invention; and

Fig. 5-7 per a communication system according to the third aspect.

[0113] The are used in the drawings and their importance in the listed combined List of References reference symbols. In Figures equal parts are provided with identical reference symbols in principle.

[0114] Fig. show in active 1 3 for carrying out the method according to the fourth aspect NFC-communications medium. The communication medium comprises a communication module 3 2 1 and a control unit (here separately is drawn, but may be realized in the communication module integrated the.). The communication medium can be integrated as in the control of the elements of a door lock [...] , represent a reader/writer for a credit card, for ticket control and/or- cancellation , for charging an electronic ticket on a mobile communications medium or some other apparatus for the communication by NFC be capable of be.

[0115] Fig. 1 also shows a passively operated second medium 10, which as may be in the form of a mobile telephone as passive RFID chip card or but. Also in cases, where the mobile phone is capable in itself for active NFC-communication, a passive operation may be possible (Card emulation mode). Regardless of its physical nature is one of the medium have The second embodiment of the apparatus adapted to function. For example in the application "access control" (the apparatus is integrated in the door lock as control module) may have the function of a passive chip card as the second medium, which is used as a door key.

[0116] "passively" is in this context meant With that the corresponding equipment does not have to use power for the NFC-communication, but can be read out and permits also described. In this function is also referred to as passive NFC-communication partner The transponder, when it relates to the above described manner from the active NFC-communication partner energy.

[0117] in the first medium 1 (feedback coding communication medium 3) The communications module is capable, an interrogation signal to a second, passive medium to transmit and furthermore it can be arranged, if necessary, also be carried out by means of NFC-signals write processes (also in this fourth aspect non-central capability, in a peer-to-peer-mode can, of course, be arranged to communicate).

[0118] Moreover, the communication module is capable of 1, (L = l) to send a feedback coding signal having a first transmission power or to send (L = 2) with a second transmission power.

[0119] 2 shows an exemplary flow chart of a method according to the invention to sort Fig.. In a standby mode with low power consumption is to regularly send inquiry pulses is very short as the communication module to determine, whether a NFC-medium in the reception area.

[0120] Provided a response signal can be interpreted is found, as a response signal of a NFC-medium, the communication module sends an interrogation signal with the normal first transmission power is wholly and cute (L = l). Unless the response signal can be interpreted as NFC-signal (if not, goes back into the standby mode as the first medium) is evaluated according to the invention the signal quality.

[0121] To this end, the control unit is capable of 2, 1 received from the communication module to the predetermined criteria apply NFC-signal. Whether and, if necessary, can be determined by how many check total test , for example, a bit error in the transmission be made. If too many bit errors are detected, the quality is classified as insufficient.

[0122] If Such signal quality is sufficient, the interrogation signal is transmitted to the first transmission power further, until the desired process is completed ("stop"), whereupon the system back into the standby mode as returns ("Periodic signal pulses"). If not, the transmission power is adjusted on the second said interrogation signal, higher value and the process with this carried out (L = 2), until it is terminated ("stop"). Also in this case the system can return after completion of the process in the standby mode.

[0123] It may also be provided that the second transmission power is maintained only during a predetermined time and thereafter again to the first transmit power (provided that the process has not yet been completed and/or the second medium remains in the reception area) is returned.

[0124] Additionally or alternatively it can be provided that a permanently during the read or signal quality control. Write and read process or at least as long as the system sends (broken arrow) is carried out with the first transmission power.

[0125] The first transmission power is normally enough from, about to communicate with possible NFC-communication partners 1 no greater than approximately 10 cm in the usual receiving range of the communication module. The second transmission power by the usual transmission powers is differently from the first transmit power and significantly higher, by at least 50% higher as, and as at least twice as high. The interrogation signals are with both said first with the second transmission power on a by the standard predetermined signal frequency, 13.56 MHz as.

[0126] Fig. 3 shows a communication system for managing a second medium 100 according to the first aspect of the invention by a TSM 102. The second medium comprises a second communication module 102 112 122 and a second and next to the TSM. The communication system 100 comprises GU the second medium comprises a first medium 101 101 102 still. The first medium and a first communication module 111 121 a first GU.

[0127] It is the objective of the embodiment of the process according to the first aspect described here, which here is applied to a device according to the first point, a firmware 112 by the TSM made available (update firmware) to update the second GU. This the TSM shall send the first and thus the first medium 101 a first management information GU III. The first management information is stored in said first GU 111. This first management information comprises, on the one hand, the new firmware version information for the first 111 112 and a those second GU for GU, 112 is determined that this new firmware version for the second GU. Furthermore, the first management information comprises an instruction to the first GU III that the first management information after a transmission of new Firmware Version Deleting GU 112 in the first to the second GU.

[0128] the first communication module 121 a NFC-communication link with a communication partner Provided enters into, will determine an identification of the communication partner from the first GU. The communication partner for the second medium 102 it Where, which is determined for which the new firmware version 112 comprises the second GU, so a second management information 121 111 the first communication module transmits the first GU. The first communication module 122 121 transmitted to this second management information to the second communication module, including the second management information, in turn, transmitted to the second 112 GU. The second management information comprises the new firmware version as well as an instruction for installing the same in the second 112 Following the transmission of the new firmware version in the second GU to the second management information 111 112 deletes the first management information the first GU GU. This is how the new Firmware Version Installing 112 and passes into the second GU by the TSM also there.

[0129] updates the firmware of other components of the second medium can be made (or the loss of a second medium without GU) analogously, wherein then the last step by the transmission "transmitting the management data to the second GU" to the corresponding component is replaced or at a quite of the second communication module Update is omitted.

[0130] Fig. 4 shows a communication system in accordance with the second aspect of the invention and a secure transmission of data by a communication link from a first medium serves to a second medium 201 202. This communication system allows, to apply the method of the second aspect of the invention. 201 202 comprises a first medium and a second medium The communication system. The first medium comprises a first secure environment 201 211 and 221 (GU abbreviated) comprises a first communication module 212 202. The second medium and a second communication module 222 a second GU.

[0131] 221 and 222 are designed in such a way the second communication module communication module The first that it for transmitting and for receiving data by a peer-to-peer NFC-communication link (in the example described here; this can be readily to other communication links as bluetooth, other NFC-communication link, etc. transmitted) between the first and the second communication module 221 222 are capable communication module. 211 and 212 are designed in such a way the second GU GU The first that it for receiving data by a trusted intermediary 200 are capable ([...] service manager, TSM abbreviated).

[0132] The first 211 is capable GU, 231 by the TSM 200 to receive a first key by a mobile telephone network. The 212 is analogous to capable second GU, by a mobile telephone network to receive a second key 200 232 by the TSM. 232 231 and the second key Saving key The first after receiving in the respective GU 211.212.

[0133] The first GU is furthermore designed in such a way that they become an encrypting data using the first key 231 is capable. The encryption of data from the first processor is designed in this case in a 211 241 is included first. And the second GU GU formed in such a way that it to a decryption of data using the second key is capable 232. The decryption of data is designed in this case in a second processor 212 242 comprised from the second GU.

[0134] The described communication system is designed in such a way that by the first medium to the second medium 201 251 201 202 is data to be transmitted as a startup information available to the first medium. After the data to be transmitted securely to the second medium have been transmitted to 202, they are available as a destination information 252 202 the second medium. In accordance with the second application of the procedure This is achieved by a feature of the invention.

[0135] previous , as at a unique Initialization process, the TSM 211 231 200 shall transmit to the first and the second the first key 212 GU GU the second key 232.

[0136] 222 a 221 and the second communication module between the first communication module Once NFC-communication link is made, the communication system is ready for a safe data transmission. The NFC-communication link is already by a first encryption, as according to known to Schema, encrypted.

[0137] The data in the start-up information from the first medium to the second medium 201 251 202 should now be transmitted securely. For that the data to be transmitted are transmitted to the first processor 241 211 and 251 into the first GU. The first processor 231 241 251 these data encrypted using the first key 241 then transmits the encrypted data to processor. The first the first communication module 221, 222 to the second communication module which it passes over the NFC-communication link and thus to the second medium.

[0138] The second communication module 242 222 shall forward the encrypted data to the second processor 242 then decrypts the encrypted data using the processor. The second 232. The decrypted data are transmitted from the second processor second key 242 to a portion of the second medium outside the second 212 and there as decrypted data 202 252 the second medium as GU unencrypted made available. In this way a content of the information to be transferred in the first medium passes 251 201 202 on a particularly secure manner on the second medium, which means that it is available as destination information 252. Even if the secured data should be removed by a manipulation NFC-communication link, these are safer but still additionally encrypted and therefore about an additional step.

[0139] 232 231 and the second key never leave their key The first corresponding GU 211, 212 and are therefore well protected, what increases the safety of the transmission of the information to be transferred. 232 231 and the second key features of this are the first key in a functional relationship, which is specified by the used [...]decoding method.

[0140] as units of 5 is a possibility for the implementation of the third aspect described Fig. the invention. 301 321 311 and a communication module comprises a GU The first medium, which is capable, via a radio link, in particular via NFC, to communicate with other media (in the 5 is shown schematically an associated antenna 324 Fig.). The GU [...] memory means 311 comprises not shown 5 in Fig., 312 is implemented by the inter alia a Applet. This decreases from an application 351, the is arranged outside the GU, write and/or read commands against. Using of a key 313, 311 which also is available only within the GU, the applet can generate a write and/or read signal, which transmits it to the communication module 321.

[0141] Fig. 5 also shows a second medium 302, which is a purely passive RFID-card here. The (with respect to the first medium external) second medium can also be a debranching medium for active operation, in the method described herein is operated passively.

[0142] The second medium has a chip 341 on, are applied in which [...] storage means; 342 schematically illustrates a RFID antenna 5 is also in Fig..

[0143] The method described herein provides that write and/or generated by the applet to the second medium is transmitted by the communication module 321 reading signal, where it triggers the desired write and/or reading process. Physico the signal transmission as can be achieved by using load modulation.

[0144] Fig. 6 shows a variant, in which the process takes place analogous to, wherein the second medium 303 311 Emulated and not a physiological medium is, however, a in the joint venture. For the write and 312 321 controlled by the application or reading process engages in the second medium therefore 303 311 GU Applet to emulated. The communication module 321 is not needed for the process and is optionally, wherein it is generally still be available as communicates, as for applications, where the first medium 303 outwardly.

[0145] The variant 7 differs thereby accordance Fig. that the application 361, the wish to proceed on to the write and/or reading process runs, not on the first medium, but externally. The application can run on a different medium as, as on a mobile (mobile phone, laptop, etc. Tablet-Computers) medium, on a desktop computer, a server, as by a central unit, etc. The first medium can take place via the communication module Communication with 321 or wirelessly or via another channel contact-afflicted ; the corresponding possibilities there are many.

[0146] 7 and 5 are a combination of the concepts of Fig. also conceivable Fig., i.e. the communication an external application with a physical second medium via the applet.

[0147] In the embodiments of the various aspects of the invention can be battery operated actively operated media in particular involve the (Standalone-solutions). This is true both in the mobile devices (mobile phones; according to standard in these is the source of energy, an accumulator) and in the service media , as incorporated in locks. The various aspects of the invention are especially well suited for such Standalone- service media , since they find suitable solutions to their specific problems offer.