EP1685472A1 - Procede d'acces a un systeme de traitement de donnees - Google Patents

Procede d'acces a un systeme de traitement de donnees

Info

Publication number
EP1685472A1
EP1685472A1 EP04818823A EP04818823A EP1685472A1 EP 1685472 A1 EP1685472 A1 EP 1685472A1 EP 04818823 A EP04818823 A EP 04818823A EP 04818823 A EP04818823 A EP 04818823A EP 1685472 A1 EP1685472 A1 EP 1685472A1
Authority
EP
European Patent Office
Prior art keywords
data processing
authentication
technician
authentication means
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
EP04818823A
Other languages
German (de)
English (en)
Inventor
Carlos Henrique Arglebe Gilek
Gerd Schmidt
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Siemens AG
Siemens Corp
Original Assignee
Siemens AG
Siemens Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Siemens AG, Siemens Corp filed Critical Siemens AG
Publication of EP1685472A1 publication Critical patent/EP1685472A1/fr
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes

Definitions

  • the invention relates to a method for accessing a data processing system.
  • Data processing units e.g. B. personal computers, computer-controlled devices, servers and the like. , consist. A limited number of users is assigned to each data processing unit. Everyone has the right to prevent unauthorized use of a data processing unit
  • a method is known from DE 101 21 819 A1 in which a doctor only has access to patient-specific data if the doctor has a first chip card assigned to him and the patient present at the same time has a second chip card belonging to him to a doctor's Read in the existing data processing device for authentication.
  • a method for accessing a data processing system which is formed from data processing units networked with one another for data exchange, with the following steps:
  • System technicians only have access to the data processing system after handing over a second authentication means assigned to them.
  • the activation of such an access is documented by generating identification information and displayed on the first data processing unit of the system administrator.
  • a log file which records the activity of the system technician is also generated, by means of which the intervention of the system technician, for example for the system administrator, can be traced. This ensures that data sovereignty is always held by the system administrator.
  • On the basis of the generated log files he can check whether a system technician has accessed data without authorization. In this case, the system administrator can immediately block any further access to the data processing system for the system technician concerned.
  • the proposed method enables access to a data processing system based on the principle of the four-eyes principle. It is particularly advantageous that such access can also take place when the system administrator is aware of it only a system technician works on a data processing unit.
  • a "data processing unit” in the sense of the present invention is a device which, with other devices suitable for data exchange, for
  • Data exchange is connected.
  • Such devices usually have a bidirectional interface for data exchange. It can be a personal computer, computer-controlled systems or devices and the like. act.
  • system administrator is understood to mean a person who has special rights with regard to the care and maintenance of the data processing system.
  • system administrator within the meaning of the present invention has the option of allowing or blocking access to the data processing system. This possibility is assigned to the system administrator in particular by the first authentication means.
  • the second authentication means can be compared by means of the authentication program by accessing a file containing verified second authentication means and, if one of the verified second authentication means matches, corresponding information can be transmitted to the system administrator.
  • a "verified second authentication means" is understood to mean a copy of the second authentication means transferred to the system technician, which is from the System administrator is managed in a file that is only accessible to him.
  • the system administrator transfers a special second authentication means to each system technician. To facilitate the verification of the authenticity of the second
  • Authentication means are stored together in the file. If the authentication program determines that there is an access request based on a second authentication means that is identical to a verified second authentication means, the system administrator is informed of this by means of suitable information.
  • Each of the verified second authentication means contained in the file is advantageously associated with specific identification information. It can be, for example, the name and, if applicable, the affiliation of the system technician to a specific organization. If the second authentication means matches one of the verified second authentication means stored in the file, the system administrator can also be shown the name and organization of the system technician.
  • the first and / or second authentication means is an authentication code that can be transferred to the authentication program, preferably by means of a keyboard provided on a data processing unit.
  • the authentication code in a mobile, with the data processing system for
  • the storage unit can be an authentication card provided with a data carrier.
  • the authentication card can have a storage means, in particular for storing the log file and / or information enabling access to the log file.
  • the information can, for example, be one Act "Link", which can be used to find and open the log file.
  • the access authorization can be activated by the system administrator by manually triggering a function provided for this purpose in the authentication program and only accessible to the system administrator. This ensures that access is only possible with the active consent of the system administrator.
  • the system technician is automatically granted access after an automatic check of the second authentication means. In this case too, in particular a log file is automatically created according to the invention. This enables access to data processing systems, especially in hospitals, which must be kept continuously operational.
  • Data processing unit is manufactured over the Internet or an intranet. This enables the system technician to access a remotely provided second data processing unit. It is therefore possible for someone who is optimally qualified for the respective problem
  • System technicians can access the data processing system at any time, regardless of where they are. This enables malfunctions to be eliminated quickly and effectively. At the same time, the authenticity of the accessing system technician is ensured and his activity is logged. In this case, too, the system technician's access is based on the principle of the four-eyes principle.
  • the special authorization is expediently verified by transferring a third authentication means assigned to the person to the data processing system.
  • the individual with special authorization can, for example, be a doctor.
  • the data can be sensitive personal data, in particular patient data.
  • Fig. 2 shows the essential components of an authentication program.
  • Fig. 1 shows schematically a first data processing unit 1, for. B. a personal computer.
  • the first data processing unit 1 for. B. a personal computer.
  • Data processing unit 1 is part of a first networked data processing system D1, which as further data processing units z. B. comprises computer-controlled devices 2 or other personal computers 3.
  • the first data processing unit 1 is assigned to a system administrator 4, who has data sovereignty over the first data processing system D1.
  • the system administrator 4 is particularly authorized to assign roles and rights to 5 users of the first data processing system D1 by means of a first program. Such roles and rights only allow the respective user access to the data necessary for his work area. The users can access such data at any time, ie even if the system administrator 4 is not logged into the first data processing system D1.
  • the first data processing system D1 is connected to a second data processing system D2 of a service organization via a data line 7 secured by a firewall 6. The connection can be established, for example, via the Internet or an intranet.
  • the second data processing system D2 comprises a second data processing unit 7, e.g. B. a personal computer, which is assigned to a system technician 8.
  • the system administrator 4 has a first memory card 9 for his authentication, on which a first authentication code is stored.
  • the first authentication code can be provided for reading out by means of a suitable reading device of the first data processing system D1.
  • the system technician 8 has a second memory card 10 for his authentication, on which a second authentication code is stored.
  • the second authentication code can be read out by means of a suitable reading device and made accessible to the first data processing system D1.
  • the reading unit for reading out the second memory card 10 does not necessarily have to be part of the first data processing system D1. It can also be part of the second data processing system D2. In this case, the authenticity of the second authentication code can be verified by means of a second one in the second
  • Data processing system D2 provided program 11 are checked before trying to access the first data processing system D1.
  • the function of the device is as follows:
  • an IT manager 12 responsible for the first data processing system D1 and a service organization or the system technician 8 conclude a service contract. After the conclusion of such a service contract, the system technician receives 8 from the IT manager 12 a second memory card 10 on which the second authentication code is stored.
  • the system administrator 4 requests a call or email
  • Service from the service technician 8. This can be a service that can be carried out by the second data processing unit 7.
  • the service technician 8 transfers the second memory card 10 to one at the second
  • the second authentication code authenticating the service technician 8 is transmitted to the second program 11 within the second data processing system D2.
  • the second authentication code is checked. If the second program 11 recognizes the second authentication code as authentic, a connection to the first data processing system D1 is established via the data line 7.
  • the desired access is checked by means of the first program 5. For this purpose, it is first checked whether the first memory card 9 in a reader, for. B. in the first data processing unit 1 is inserted. If this is not the case, access by the system technician 8 is not made possible. If access to the first authentication code stored on the first memory card 9 is possible for the authentication of the system administrator 4, the second authentication code is compared with a plurality of second authentication codes stored in a file. If the second authentication code is recognized as not authentic, access for the system technician 8 is not made possible. If the second authentication code is recognized as authentic, a protocol function is triggered. At the same time, the system technician 8 has access to the first
  • Data processing system Dl Data processing system Dl. As long as the service technician 8 accesses the first data processing system Dl all changes, additions and the like to the database of the first data processing system Dl are logged. As soon as the system technician 8 has completed his work and logged out, the log file is closed.
  • the log file advantageously also contains the following information:
  • the system administrator uses the telephone call or e-mail to request a service from the service technician 8, which is to be carried out on site. It can be z. B. an exchange of a module with an X-ray computer tomograph in a hospital. In this case, the service technician 8 logs on to a suitable one
  • system administrator 4 can carry out the activity of the
  • Interrupt system technician 8 by giving access to the first data processing system D1 by interrupting the Access to the first authentication code is interrupted. That can e.g. B. done by the system administrator 4 taking the first memory card 9 out of the reader in question. In contrast to conventional methods, the system administrator 4 always retains data sovereignty according to the method according to the invention. In addition, the automatic logging function makes it possible to understand all the activities of the system technician 8. In the event of misuse, further access by the system administrator 8 to the first data processing system D1 can easily be blocked. All that needs to be done is to remove or change the relevant second authentication code stored in the file.
  • the system technician 8 can only access the database of the first data processing system D1 according to the dual control principle, ie. H. Such access is always under the control of the system administrator 4. In this respect, unauthorized access by the system technician 8 to personal data in need of protection, e.g. B. patient data are prevented.
  • Fig. 2 shows schematically the essential components of the first program 5.
  • Uli is a first
  • User interface for access from the first data processing system DI and with UI2 a second user interface for access e.g. B. on the data line 7.
  • An access module 13 enables or blocks access for a system technician 8 to the first one
  • the access module 13 manages and compares in particular authentication codes.
  • the first program can advantageously have 5 further modules, which in particular maintenance and / or Facilitate repair work on the first data processing system Dl. So z. B. a localization module 14 can be provided, with which it can be determined on which data processing unit a qualified system technician 8 is currently working and possibly can be called up.
  • the logging module 15 logs the activity of the system technician 8.
  • the logging module 15 in particular creates log files and stores them at a predetermined location.
  • An anonymization module 16 is used in particular to anonymize sensitive personal data. So z. B. patient names can be replaced by codes to a system technician 8 according to the
  • Auxiliary modules 17, 18 provide a description of the functions of the first program 5 that are necessary for the system administrator 4 and the system technician 8.
  • a modality module 19 enables data exchange, e.g. B. with computer-controlled devices, such as X-ray computer tomographs, etc.
  • an IT system module 20 enables data exchange with databases, etc.
  • An operating system module 21 creates the necessary conditions for a correct integration of the first program 5 into the operating system used in each case.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Computer And Data Communications (AREA)
  • Medical Treatment And Welfare Office Work (AREA)
  • Storage Device Security (AREA)

Abstract

L'invention concerne un procédé d'accès à un système de traitement de données (D1) formé d'unités de traitement de données (1, 2, 3) mises en réseau pour l'échange de données. L'invention vise à permettre l'accès d'un technicien système (8) à des données protégées, exclusivement selon le principe des quatre yeux. A cet effet, un élément d'authentification est respectivement affecté à l'administrateur système (4) et au technicien système (8).
EP04818823A 2003-11-19 2004-11-09 Procede d'acces a un systeme de traitement de donnees Ceased EP1685472A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE10353966A DE10353966A1 (de) 2003-11-19 2003-11-19 Verfahren zum Zugriff auf eine Datenverarbeitungsanlage
PCT/EP2004/052890 WO2005050418A1 (fr) 2003-11-19 2004-11-09 Procede d'acces a un systeme de traitement de donnees

Publications (1)

Publication Number Publication Date
EP1685472A1 true EP1685472A1 (fr) 2006-08-02

Family

ID=34609105

Family Applications (1)

Application Number Title Priority Date Filing Date
EP04818823A Ceased EP1685472A1 (fr) 2003-11-19 2004-11-09 Procede d'acces a un systeme de traitement de donnees

Country Status (5)

Country Link
US (1) US7624430B2 (fr)
EP (1) EP1685472A1 (fr)
CN (1) CN1882898A (fr)
DE (1) DE10353966A1 (fr)
WO (1) WO2005050418A1 (fr)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8978104B1 (en) 2008-07-23 2015-03-10 United Services Automobile Association (Usaa) Access control center workflow and approval
US8707397B1 (en) 2008-09-10 2014-04-22 United Services Automobile Association Access control center auto launch
US8850525B1 (en) 2008-09-17 2014-09-30 United Services Automobile Association (Usaa) Access control center auto configuration
DE102010048894B4 (de) * 2010-06-04 2015-07-16 Insys Microelectronics Gmbh Verfahren und System zum Erzeugen einer Zugangsberechtigung in einer zugangsbeschränkten elektronisch angesteuerten Einrichtung
US9578005B2 (en) * 2013-10-01 2017-02-21 Robert K Lemaster Authentication server enhancements
US9961059B2 (en) 2014-07-10 2018-05-01 Red Hat Israel, Ltd. Authenticator plugin interface

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5610981A (en) 1992-06-04 1997-03-11 Integrated Technologies Of America, Inc. Preboot protection for a data security system with anti-intrusion capability
FR2789536B1 (fr) * 1999-02-08 2001-03-09 Bull Sa Dispositif et procede d'authentification d'un utilisateur a distance
DE10121819A1 (de) * 2001-05-04 2002-11-21 Wolfgang Rosner Verfahren zur kontextspezifischen Remote-Authentifizierung des Datenzugriffs
US7596251B2 (en) * 2003-01-31 2009-09-29 Nexus Biosystems, Inc. Automated sample analysis system and method
US20050055709A1 (en) * 2003-09-05 2005-03-10 Thompson James Alfred Cable network access control solution

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO2005050418A1 *

Also Published As

Publication number Publication date
US7624430B2 (en) 2009-11-24
CN1882898A (zh) 2006-12-20
DE10353966A1 (de) 2005-06-30
WO2005050418A1 (fr) 2005-06-02
US20070150940A1 (en) 2007-06-28

Similar Documents

Publication Publication Date Title
DE69621691T2 (de) Sicherheitsverwaltung für elektronische Datenverarbeitung
DE69731338T2 (de) Verfahren und System zum sicheren Übertragen und Speichern von geschützter Information
DE69832145T2 (de) Fernbeglaubigungssystem
EP1290530B1 (fr) Chiffrement de donnees a memoriser d'un systeme iv
DE102020133597A1 (de) Personalprofile und fingerabdruckauthentifizierung für configuration engineering- und laufzeitanwendungen
DE10065667A1 (de) Verfahren und Vorrichtung zur Gemeinschaftsverwaltung bei einem Vornehmen von Diensten bei entfernten Systemen
DE102014101495B4 (de) Verfahren zum Zugang zu einem physisch abgesicherten Rack sowie Computernetz-Infrastruktur
DE102004048959B4 (de) Informationsverarbeitungsgerät, Beglaubigungsverarbeitungsprogramm und Beglaubigungsspeichergerät
WO2003034294A2 (fr) Systeme de traitement de donnees de patients
EP3471068B1 (fr) Système distribué de génération des données à caractère personnel, procédé et produit programme informatique
DE10311327A1 (de) Nutzer-Objekte zur Authentifizierung der Nutzung medizinischer Daten
DE10156877B4 (de) Verfahren und System zum gesicherten Speichern und Auslesen von Nutzdaten
WO2005050418A1 (fr) Procede d'acces a un systeme de traitement de donnees
DE10307996B4 (de) Verfahren zum Ver- und Entschlüsseln von Daten durch verschiedene Nutzer
EP0950217B1 (fr) Systeme servant a proteger un dispositif de traitement de donnees contre un acces non autorise
DE202021100647U1 (de) Personendatenanonymisierungssystem (PDAS) mit kundenspezifischem Token
DE10347431B4 (de) Fernwartungssystem unter Zugriff auf autorisierungsbedürftige Daten
EP3352142B1 (fr) Système et procédé de déverrouillage d'une serrure d'un système de serrure
DE10209780B4 (de) Datenverarbeitungssystem für Patientendaten
DE10307995B4 (de) Verfahren zum Signieren von Daten
DE102022106241B4 (de) Kontaktlose Identifizierung und Authentifizierung einer Person
EP3471011B1 (fr) Système et procédé de gestion de données à caractère personnel
AT505459B1 (de) Verfahren zur gewährleistung einer sicheren kommunikation zwischen einem terminal und dienste-anbietern in einem netzwerk
WO1996010812A1 (fr) Commande a plusieurs stades d'acces a des cartes de support de donnees
DE10065668A1 (de) Verfahren und Vorrichtung zum sicheren Fernzugriff auf Software bei einer zentralen Dienstanlage

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20060419

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): DE FR GB IT SE

DAX Request for extension of the european patent (deleted)
RBV Designated contracting states (corrected)

Designated state(s): DE FR GB IT SE

17Q First examination report despatched

Effective date: 20071004

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION HAS BEEN REFUSED

18R Application refused

Effective date: 20101114