EP1374531A2 - Procede de transfert securise d'informations - Google Patents

Procede de transfert securise d'informations

Info

Publication number
EP1374531A2
EP1374531A2 EP02724127A EP02724127A EP1374531A2 EP 1374531 A2 EP1374531 A2 EP 1374531A2 EP 02724127 A EP02724127 A EP 02724127A EP 02724127 A EP02724127 A EP 02724127A EP 1374531 A2 EP1374531 A2 EP 1374531A2
Authority
EP
European Patent Office
Prior art keywords
cfl
sessionid
identification
computer device
connection
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP02724127A
Other languages
German (de)
English (en)
Inventor
Walter-Jürgen HOFHEINZ
Dietmar Scharf
Karl-Heinrich V. Stein-Lausnitz
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Siemens AG
Original Assignee
Siemens AG
Siemens Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Siemens AG, Siemens Corp filed Critical Siemens AG
Publication of EP1374531A2 publication Critical patent/EP1374531A2/fr
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Definitions

  • the present invention relates to a method for the secure transmission of information between two terminals according to the preamble of patent claim 1.
  • a transmission device in this sense is, for example, a leased line - that is to say a specially configured physical line connection - or a logical connection - also referred to in the literature as a virutal private network, or VPN for short.
  • a proxy device - also referred to in the literature as a proxy - can be defined in the second unit, via which accesses to the first unit or to a server of the first unit are carried out.
  • the present invention is based on the object of specifying an alternative method by means of which secure external access to data or services of a closed unit can take place.
  • a major advantage of the method according to the invention is that the method can be implemented in already existing systems with little effort.
  • Another advantage of the method according to the invention is that no information about the individual authorized external users has to be stored in the first unit. The administration effort in the unit can thus be greatly reduced.
  • An advantage of embodiments of the invention defined in the subclaims is, inter alia, that the use of the HTTPS protocol (HTTPS: Hypertext Transport Protocol Secure) for data transmission between the individual units involved in the method according to the invention and an additional one Encryption of the data to be transmitted - for example using the known PGP method (PGP: Pretty Good Privacy) - prevents unauthorized access to the transmitted data when transmitted via a public network.
  • HTTPS Hypertext Transport Protocol Secure
  • FIG. 1 shows a block diagram for the schematic representation of the essential functional units involved in the method according to the invention
  • 2 shows a block diagram for the schematic representation of an exemplary message TAN1
  • FIG. 3 a block diagram for the schematic representation of an exemplary confirmation message TAN2.
  • An intranet is understood to mean a local computer network in which access to the (JO ⁇ M K. P 1 P>
  • N P- fl P- PJ [fd Cfl d er ⁇ d P dd ⁇ Q ds: C ⁇ ⁇ P, Cfl * ⁇ dd P P- O cn ⁇ ⁇ 2J P- P 1 dwddd H cn ⁇ rt O ⁇ 1 ⁇ ⁇ rt P,
  • the Internet is again based on the HTTPS protocol.
  • the confirmation message TAN2 is encrypted by the memory module M-STO before it is transmitted.
  • the PGP method is again used as the encryption method.
  • the confirmation message TAN2 is encrypted with a public key assigned to the connection module M-CON.
  • the connection module M-CON can decrypt the received confirmation message TAN2 using a private key assigned to the connection module M-CON.
  • the confirmation message TAN2 comprises two parts.
  • the first part comprises an address information URL with which access to the data or services of the data server S-D can be carried out.
  • the second part corresponds to the message TAN1 or contains an identification SessionID generated by the memory module M-STO and formed by other clear and similar construction principles, which can be clearly assigned to the message TANl generated there by the connection module M-CON.
  • the confirmation message TAN2 could have the following form:
  • the address information URL in the first unit Company-A can be changed as required.
  • Connection module M-CON received a confirmation message TAN2 and decrypted, so in a step S4 by the u> O ) IV) P 1 P 1
  • H- d P- P 1 tr rt ⁇ rt iQ ⁇ P- iQ Pf ⁇ ⁇ ; ⁇ - Cfl ⁇ ⁇ P- C ⁇ ⁇ rt p- et P ⁇ ⁇ - ⁇ dd cn 3 rt P- ⁇ P P. P J P ⁇ ⁇ Q. rt dd rt er P dd P- 0 P- Cd er d ⁇ - d P d

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Computer And Data Communications (AREA)

Abstract

Le procédé de la présente invention permet un transfert sécurisé d'informations entre un dispositif utilisateur (C) et un dispositif informatique central (S-D), situé dans un réseau fermé. Selon cette invention, une demande de connexion au dispositif informatique central (S-D) émanant du dispositif utilisateur (C) est signalée à un deuxième dispositif informatique (S-Q) se trouvant en dehors du réseau fermé. Ce deuxième dispositif informatique (S-Q) transmet ensuite un message (TAN1), contenant une identification (SessionID), à un troisième dispositif informatique (S-Z) situé dans un réseau privé. Ce troisième dispositif informatique (S-Z) mémorise cette identification (SessionID) et transmet un message de confirmation (TAN2), contenant une adresse d'accès (URL) pour le dispositif informatique central (S-D), au deuxième dispositif informatique (S-Q), qui transmet ce message de confirmation (TAN2) au dispositif utilisateur (C). Ce dispositif utilisateur (C) initialise ensuite, à l'aide de l'adresse d'accès (URL), une connexion avec le dispositif informatique central (S-D), cette connexion étant acceptée par ce dispositif informatique central (S-D) seulement si l'accès au moyen de l'identification mémorisée (SessionID) est reconnu comme autorisé.
EP02724127A 2001-04-05 2002-04-03 Procede de transfert securise d'informations Withdrawn EP1374531A2 (fr)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
DE10117033 2001-04-05
DE10117033 2001-04-05
PCT/DE2002/001211 WO2002082768A2 (fr) 2001-04-05 2002-04-03 Procede de transfert securise d'informations

Publications (1)

Publication Number Publication Date
EP1374531A2 true EP1374531A2 (fr) 2004-01-02

Family

ID=7680533

Family Applications (1)

Application Number Title Priority Date Filing Date
EP02724127A Withdrawn EP1374531A2 (fr) 2001-04-05 2002-04-03 Procede de transfert securise d'informations

Country Status (3)

Country Link
US (1) US7966657B2 (fr)
EP (1) EP1374531A2 (fr)
WO (1) WO2002082768A2 (fr)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070006294A1 (en) * 2005-06-30 2007-01-04 Hunter G K Secure flow control for a data flow in a computer and data flow in a computer network
CA2694286A1 (fr) 2007-07-23 2009-01-29 Asius Technologies, Llc Coupleur de transduction acoustique diaphonique et ecouteur bouton
CA2637179A1 (fr) * 2008-07-30 2010-01-30 John H. Dunstan Dispositif et systeme permettant de valider et d'exploiter la selection, les ventes et la distribution de billets de loterie et d'autres processus de billets
US8959650B1 (en) * 2012-06-29 2015-02-17 Emc Corporation Validating association of client devices with sessions

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1998058473A2 (fr) * 1997-06-18 1998-12-23 Alfred Nickles Procede et systeme de securite pour reseau et integration dudit systeme dans un reseau existant

Family Cites Families (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5812819A (en) * 1995-06-05 1998-09-22 Shiva Corporation Remote access apparatus and method which allow dynamic internet protocol (IP) address management
US7137006B1 (en) * 1999-09-24 2006-11-14 Citicorp Development Center, Inc. Method and system for single sign-on user access to multiple web servers
US6064656A (en) 1997-10-31 2000-05-16 Sun Microsystems, Inc. Distributed system and method for controlling access control to network resources
US6230002B1 (en) * 1997-11-19 2001-05-08 Telefonaktiebolaget L M Ericsson (Publ) Method, and associated apparatus, for selectively permitting access by a mobile terminal to a packet data network
US6065120A (en) * 1997-12-09 2000-05-16 Phone.Com, Inc. Method and system for self-provisioning a rendezvous to ensure secure access to information in a database from multiple devices
JPH11261731A (ja) * 1998-03-13 1999-09-24 Nec Corp 移動通信システム、移動通信システムにおける接続方法及びこれが書き込まれた記憶媒体
US6614774B1 (en) * 1998-12-04 2003-09-02 Lucent Technologies Inc. Method and system for providing wireless mobile server and peer-to-peer services with dynamic DNS update
US6081900A (en) * 1999-03-16 2000-06-27 Novell, Inc. Secure intranet access
GB2357226B (en) * 1999-12-08 2003-07-16 Hewlett Packard Co Security protocol
US7024692B1 (en) * 2000-01-21 2006-04-04 Unisys Corporation Non pre-authenticated kerberos logon via asynchronous message mechanism
JP4060021B2 (ja) * 2000-02-21 2008-03-12 富士通株式会社 移動通信サービス提供システム、および移動通信サービス提供方法
JP3427816B2 (ja) * 2000-03-31 2003-07-22 日本電気株式会社 移動通信システムおよび移動通信方法
JP3526435B2 (ja) * 2000-06-08 2004-05-17 株式会社東芝 ネットワークシステム
US7185360B1 (en) * 2000-08-01 2007-02-27 Hereuare Communications, Inc. System for distributed network authentication and access control
US7114080B2 (en) * 2000-12-14 2006-09-26 Matsushita Electric Industrial Co., Ltd. Architecture for secure remote access and transmission using a generalized password scheme with biometric features
US6978376B2 (en) * 2000-12-15 2005-12-20 Authentica, Inc. Information security architecture for encrypting documents for remote access while maintaining access control
US7251824B2 (en) * 2000-12-19 2007-07-31 Intel Corporation Accessing a private network

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1998058473A2 (fr) * 1997-06-18 1998-12-23 Alfred Nickles Procede et systeme de securite pour reseau et integration dudit systeme dans un reseau existant

Also Published As

Publication number Publication date
WO2002082768A3 (fr) 2003-02-27
US20040148522A1 (en) 2004-07-29
WO2002082768A2 (fr) 2002-10-17
US7966657B2 (en) 2011-06-21

Similar Documents

Publication Publication Date Title
US6349289B1 (en) Method and system for tracking computer system usage through a remote access security device
EP1326469B1 (fr) Procédé et dispositif pour vérifier l'authenticité d'un fournisseur de service dans un réseau de communications
DE69716221T2 (de) Verfahren und vorrichtung zum betrieb eines transaktionsservers in einer privaten datenbankumgebung
DE69823334T2 (de) Gesichertes paketfunknetzwerk
EP4193567A1 (fr) Procédé pour réaliser l'équipement sécurisé d'un véhicule à l'aide d'un certificat individuel
WO2002037745A1 (fr) Procede de transmission protegee de donnees entre deux terminaux et dispositif approprie pour mettre ledit procede en oeuvre
DE10213072A1 (de) Verfahren zum Betrieb eines einem Mobilfunknetz zugeordneten Abrechnungssystems zur Abrechnung einer kostenpflichtigen Benutzung von Daten und Datenübertragungsnetz
EP1374531A2 (fr) Procede de transfert securise d'informations
DE19911221B4 (de) Verfahren zur Verteilung von Schlüsseln an Teilnehmer von Kommunikationsnetzen
EP2575385A1 (fr) Procédé d'initialisation et/ou d'activation d'au moins un compte d'utilisateur, de réalisation d'une transaction, ainsi que terminal
EP0855069B1 (fr) Procédé de paiement sans espèces pour les services pouvant être commandés à travers un réseau réparti de transmission de données
EP1519603A1 (fr) Méthode d'authentication d'un utilisateur pour un service offert par l'entremise d'un système de communication
WO1999048242A1 (fr) Procede et systeme permettant l'identification fiable et securisee de parties contractantes
DE10154546B4 (de) Verfahren zum Zugänglichmachen von Diensten in Telekommunikationsnetzen, zum Beispiel im Internet
EP1163559B1 (fr) Procede et dispositif permettant de securiser l'acces a un dispositif de traitement de donnees
EP0951771A1 (fr) Procede de livraison de donnees sur autorisation d'un poste de controle
DE10242673B4 (de) Verfahren zur Identifikation eines Benutzers
EP1248432B1 (fr) Méthode et système d'interrogation de données de certificat utilisant des références de certificat dynamiques
DE102005062061B4 (de) Verfahren und Vorrichtung zum mobilfunknetzbasierten Zugriff auf in einem öffentlichen Datennetz bereitgestellten und eine Freigabe erfordernden Inhalten
DE10247874B4 (de) Verfahren zum Austausch von Daten zwischen einem Client und einem Server eines Internets
EP1378843A1 (fr) Méthode et système de traitement de données pour la communication sécurisée entre l' administration et le public
DE102006010821B4 (de) Selbstzielsuchendes Datenübertragungssystem und Verfahren hierzu
DE102005003208A1 (de) Authentisierung eines Benutzers
EP4068720A1 (fr) Procédé d'envoi électronique d'un code d'identification personnel
EP1300794A2 (fr) Serveur de commande pour soutenir la taxation des services

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20030917

AK Designated contracting states

Kind code of ref document: A2

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE TR

17Q First examination report despatched

Effective date: 20070817

RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: SIEMENS AKTIENGESELLSCHAFT

RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: SIEMENS AKTIENGESELLSCHAFT

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20151103