Abstract: The present invention is directed to a method for preventing a relay attack between a mobile phone and a starting device of an automobile, which allows to prevent stealing a vehicle. According to the invention, very specific movement profiles of an authorized driver or user are recognized and thereby it is prevented that an unauthorized user starts the vehicle and then steals it, in various application scenarios. This is based, among other things, on the underlying hardware components' sensor technology used. Further, the invention relates to an analogously arranged system arrangement and to a computer program product with control commands which implement the method or operate the system arrangement.

Abstract: A method for checking the validity of a ticket involves transferring information from a control entity to a mobile device. A code is computed on the basis of this information, of a derived key and of a property individual for the mobile device, the code being subsequently checked by the control entity.

Abstract: The present invention is directed to a method for preventing a relay attack between a mobile phone and a starting device of an automobile, which allows to prevent stealing a vehicle. According to the invention, very specific movement profiles of an authorized driver or user are recognized and thereby it is prevented that an unauthorized user starts the vehicle and then steals it, in various application scenarios. This is based, among other things, on the underlying hardware components' sensor technology used. Further, the invention relates to an analogously arranged system arrangement and to a computer program product with control commands which implement the method or operate the system arrangement.

Abstract: A PKI key pair comprising a private key and a public key is arranged for the end device. The public key is stored at the communication partner. The communication partner is arranged to provide a session key, encrypt data using the session key, encrypt the session key using the public key and convey the encrypted data to the end device. The communication system is further characterized in that it comprises a server system, remote from the mobile end device, in which the private key is stored in a secure environment. For this, the communication partner is furthermore arranged to transmit the encrypted session key to the server system. Moreover, the server system is arranged to decrypt the session key for the end device with the private key and to transmit it in decrypted form to the end device for decrypting the data.

Abstract: Microprocessor system that is implemented or can be implemented in a mobile terminal and comprises: a normal operating system designed to generate and maintain a non-secure runtime environment and a security operating system designed to generate and maintain a secured runtime environment, and an operating system interface between the normal operating system and the security operating system, said operating interface being designed to control communication between the non-secure runtime environment and the secured runtime environment on the operating system level, and at least one filter interface that is designed to securely control communication between the non-secure runtime environment and a secured runtime environment on a level different from the operating system level.

Abstract: A method for checking the validity of a ticket involves transferring information from a control entity to a mobile device. A code is computed on the basis of this information, of a derived key and of a property individual for the mobile device, the code being subsequently checked by the control entity.

Abstract: The invention provides a method for securely inputting an access code to an input interface of a mobile end device. During an input time period covering the process of inputting the access code, at least one or some sensors of the end device that are uninvolved in the input of the access code, said sensors being respectively arranged for capturing sensor variables by sensor, are hindered from capturing and/or passing on the respective sensor variable. Possible sensors are acceleration sensors or a digital camera. The method prevents the access code from being spied out by means of the deactivated sensors.

Abstract: A PKI key pair comprising a private key and a public key is arranged for the end device. The public key is stored at the communication partner. The communication partner is arranged to provide a session key, encrypt data using the session key, encrypt the session key using the public key and convey the encrypted data to the end device. The communication system is further characterized in that it comprises a server system, remote from the mobile end device, in which the private key is stored in a secure environment. For this, the communication partner is furthermore arranged to transmit the encrypted session key to the server system. Moreover, the server system is arranged to decrypt the session key for the end device with the private key and to transmit it in decrypted form to the end device for decrypting the data.

Abstract: A method for operating a communication system comprises a transponder having at least one antenna, in particular in the form of a portable data carrier, and a reading device having at least one antenna. The reading device is configured to exchange data with the transponder. An exchange of data between the transponder and the reading device is possible within a predetermined range. A measurement and evaluation is effected of the time of a command transmitted from the reading device to the transponder and the receipt of a corresponding response of the transponder by the reading device. In so doing, a processing is effected of a card-individual length of time T_icc, wherein the card-individual length of time T_icc specifies how long the transponder takes for the receipt and the processing of a command received from the reading device and the sending of a corresponding response.

Abstract: The invention provides a method for securely inputting an access code to an input interface of a mobile end device. During an input time period covering the process of inputting the access code, at least one or some sensors of the end device that are uninvolved in the input of the access code, said sensors being respectively arranged for capturing sensor variables by sensor, are hindered from capturing and/or passing on the respective sensor variable. Possible sensors are acceleration sensors or a digital camera. The method prevents the access code from being spied out by means of the deactivated sensors.

Abstract: A method for operating a communication system comprises a transponder having at least one antenna, in particular in the form of a portable data carrier, and a reading device having at least one antenna. The reading device is configured to exchange data with the transponder. An exchange of data between the transponder and the reading device is possible within a predetermined range. A measurement and evaluation is effected of the time of a command transmitted from the reading device to the transponder and the receipt of a corresponding response of the transponder by the reading device. In so doing, a processing is effected of a card-individual length of time T_icc, wherein the card-individual length of time T_icc specifies how long the transponder takes for the receipt and the processing of a command received from the reading device and the sending of a corresponding response.

Abstract: The invention describes a method for accessing a portable storage data carrier (10) having a controller (12) for managing a standardized storage element (14) and having an additional module (16), wherein a data block is transferred to the storage data carrier (10) in a first transmission protocol. The data block comprises routing information and application data, whereby the routing information contains an identifier which can be detected by the controller (12). Furthermore, it is determined whether a data block received on the storage data carrier (10) contains routing information. The data block is relayed to a storage area (18) of the storage element (14), said storage area being hidden to a terminal (50), when the data block comprises routing information and the routing information comprises, besides the identifier contained therein, at least one further, predetermined parameter indicating the access to the hidden storage area (18).

Abstract: Microprocessor system that is implemented or can be implemented in a mobile terminal and comprises: a normal operating system designed to generate and maintain a non-secure runtime environment and a security operating system designed to generate and maintain a secured runtime environment, and an operating system interface between the normal operating system and the security operating system, said operating interface being designed to control communication between the non-secure runtime environment and the secured runtime environment on the operating system level, and at least one filter interface that is designed to securely control communication between the non-secure runtime environment and a secured runtime environment on a level different from the operating system level.

Abstract: The invention describes a method for accessing a portable storage data carrier (10) having a controller (12) for managing a standardized storage element (14) and having an additional module (16), wherein a data block is transferred to the storage data carrier (10) in a first transmission protocol. The data block comprises routing information and application data, whereby the routing information contains an identifier which can be detected by the controller (12). Furthermore, it is determined whether a data block received on the storage data carrier (10) contains routing information. The data block is relayed to a storage area (18) of the storage element (14), said storage area being hidden to a terminal (50), when the data block comprises routing information and the routing information comprises, besides the identifier contained therein, at least one further, predetermined parameter indicating the access to the hidden storage area (18).

Abstract: A method is described for identifying and initializing digitized biometric features to provide encryption or coding of secret data.