Method for a secure information transfer

US 20040148522A1
Filed: 10/06/2003
Published: 07/29/2004
Est. Priority Date: 04/05/2001
Status: Active Grant

First Claim

Patent Images

1. Method for secure transmission of information between a user device (C) and a central computing device (S-D) located in a self-contained network, characterized in that originating from the user device (C) a request to connect with the central computing device (S-D) is sent to a second computing device (S-Q) not located in the self-contained network, that the second network device (S-Q) transmits a message (TAN1) containing a unique identification (SessionID) to a third computing device (S-Z) located in the self-contained network, that in cases in which the identification (SessionID) is recognized as valid, the third computing device (S-Z) stores the identification (SessionID) in a database (DB) and returns a confirmation message TAN (TAN2) to the second computing device (S-Q), that the user device (C) uses information contained in the confirmation message (TAN2) to initialize a connection with the central computing device (S-D), whereby the connection through the central computing device (S-D) is only accepted in cases in which access by the user device (C) is recognized from the stored identification (SessionID) as authorized.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The method serves for a secure information transfer between a user device (C) and a central computer (S-D), arranged in a closed network. A connection request is signalled to a second computer (R-Q), not arranged in the closed network, from the user device (C), using the central computer (S-D). The second computer (S-Q) then transmits a message (TAN1)—containing an identification (SessionID) to a third computer (S-Z), arranged in the private network. The third computer (S-Z) stores the identification (Session ID) and transmits a verification report (TAN2) containing an access address (URL) for the central computer (S-D) to the second computer (S-Q), which forwards the verification report (TAN2) to the user device (C). The user device (C) then initialises a connection to the central computer (S-D), using the access address (URL), whereby the connection is only accepted by the central computer (S-D) n those cases where the access can be authorised by the stored identification (SessionID).

17 Citations

View as Search Results

14 Claims

1. Method for secure transmission of information between a user device (C) and a central computing device (S-D) located in a self-contained network, characterized in that originating from the user device (C) a request to connect with the central computing device (S-D) is sent to a second computing device (S-Q) not located in the self-contained network, that the second network device (S-Q) transmits a message (TAN1) containing a unique identification (SessionID) to a third computing device (S-Z) located in the self-contained network, that in cases in which the identification (SessionID) is recognized as valid, the third computing device (S-Z) stores the identification (SessionID) in a database (DB) and returns a confirmation message TAN (TAN2) to the second computing device (S-Q), that the user device (C) uses information contained in the confirmation message (TAN2) to initialize a connection with the central computing device (S-D), whereby the connection through the central computing device (S-D) is only accepted in cases in which access by the user device (C) is recognized from the stored identification (SessionID) as authorized.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. Method according to claim 1, characterized in that the confirmation message (TAN2) contains address information (URL) for data access to the central computing device (S-D).
  - 3. Method according to claim 1 or 2, characterized in that the connection request is signaled by a call, originating from a browser B running on the user device (C) to a connection module (M-CON) running on the second computing device (S-Q).
  - 4. Method according to claim 3, characterized in that access to the connection module (M-CON) is only possible for a restricted, authorized group of people.
  - 5. Method in accordance with one of the previous claims characterized in that the second computing device (S-Q) and the user device (C) are located in a further closed network.
  - 6. Method according to claim 3 or 5, characterized in that the connection module (M-CON) transmits the identification (SessionID) to a storage module (M-STO) running on the third computing device, and that in cases in which the identification (SessionID) is recognized as valid, the storage module (M-STO) stores the identification (SessionID) in a database (DB) and returns the confirmation message (TAN2) to the connection module (M-CON).
  - 7. Method according to claim 6, characterized in that data is transmitted between the connection module (M-CON) and the storage module (M-STO) in accordance with the familiar HTTPS protocol (HTTPS:
    - HyperText Transport Protocol Secure).
  - 8. Method according to claim 6 or 7, characterized in that data is transmitted encrypted between the connection module (M-CON) and the storage module (M-STO).
  - 9. 2) Procedure in accordance with one of the claims 2 to 8, characterized in that the address information (URL) controlled by the connection module (M-CON) is displayed as a link to the browser (B).
  - 10. Method according to claim 9, characterized in that when the link is called at a user device (C) a checking module (M-CHE) is executed on the central computing device (S-D) and information containing the identification (SessionID) is automatically transferred to the checking module (M-CHE).
  - 11. Method according to claim 10, characterized in that in cases in which the identification transferred (SessionID) is identified as valid by the identification (SessionID) stored in the database (DB) a connection is established between the browser (B) and the checking module (M-CHE), and in cases in which the identification transferred (SessionID) is identified as invalid, an error message is transmitted by the checking module (M-CHE) to the browser (B)
  - 12. Method according to claim 10 or 11, characterized in that Data is transmitted between the browser (B) and the checking module (M-CHE) in accordance with the HTTPS protocol.
  - 13. Method in accordance with one of the previous claims characterized in that the identification (SessionID) is valid for a limited time.
  - 14. Method in accordance with one of the previous claims characterized in that the identification (SessionID) is only valid for one connection setup.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
IP Edge LLC
Original Assignee
Siemens AG
Inventors
Hofheinz, Walter-J?uuml;rgen, Stein-Lausnitz, Karl-Heinrich V, Scharf, Dietmar

Granted Patent

US 7,966,657 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/201
CPC Class Codes

H04L 9/40 Network security protocols

Method for a secure information transfer

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

17 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Method for a secure information transfer

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

17 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links