Method and transaction interface for secure data exchange between distinguishable networks

US 20070067837A1
Filed: 09/15/2006
Published: 03/22/2007
Est. Priority Date: 10/30/1999
Status: Active Grant

First Claim

Patent Images

1-29. -29. (canceled)

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one embodiment, the present invention includes a method for secure data exchange between an external network and an internal network (1 and 2) via a transaction interface (3), in which an external user can undertake predetermined data transactions within the internal network (2). An interface server (7) and interface memory (11) may be coupled between an external network and an internal network. The present invention discloses security techniquest that may be used, including encryption, request processing, and checking. In one embodiment, a first firewall is coupled between the external network and the interface server and a second firewall is coupled between the interface server and the internal network.

88 Citations

View as Search Results

75 Claims

1-29. -29. (canceled)

30. A method of secure data exchange comprising:
- receiving a request from an external network in a first interface server;
  
  comparing the request with a set of permissible requests;
  
  storing the request in an interface memory coupled to the first interface server;
  
  checking the interface memory exclusively from an internal server; and
  
  processing the request in the internal server, wherein the request is processed if the request matches one of the permissible requests and the request is not processed if it does not match one of the permissible requests.
- View Dependent Claims (31, 32, 33, 34, 35, 36, 37, 38, 39, 40)
- - 31. The method of claim 30 wherein the permissible requests have a predefined form and the received request is verified for compliance with the predefined form.
  - 32. The method of claim 30 wherein the request is received in the first interface server through a firewall.
  - 33. The method of claim 30 wherein the first interface server is coupled to the internal server through a firewall.
  - 34. The method of claim 30 wherein communication between the internal server and the first interface server is unidirectional such that calls into the first interface server are only accepted from the internal server and calls into the internal server from the first interface server are not possible.
  - 35. The method of claim 30 further comprising:
    - generating a processing result in the internal server;
      
      sending the result to the first interface server; and
      
      determining if the result corresponds to the request.
  - 36. The method of claim 30 further comprising verifying the semantics of the request.
  - 37. The method of claim 36 further comprising processing the request in the internal server if the semantics are verified.
  - 38. The method of claim 30 further comprising authenticating the request and processing the request if the request has been authenticated.
  - 39. The method of claim 30 wherein the internal server checks the interface memory at regular intervals.
  - 40. The method of claim 30 wherein the interface memory is scaled based on traffic.

41. A method of secure data exchange comprising:
- receiving a request in a first interface server;
  
  verifying the request;
  
  storing the request in memory if the request is verified;
  
  querying the memory using an internal server; and
  
  sending the request to the internal server when the request is detected.
- View Dependent Claims (42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57)
- - 42. The method of claim 41 wherein the memory is queried exclusively from the internal server.
  - 43. The method of claim 42 wherein the memory is queried at a defined frequency.
  - 44. The method of claim 41 further comprising:
    - processing the request in the internal server, and in accordance therewith, generating a result;
      
      sending the result from the internal server to the first interface server, and determining if the result corresponds to the request.
  - 45. The method of claim 44 further comprising encrypting the result before sending the result to the first interface server.
  - 46. The method of claim 41 wherein communication between the internal server and the first interface server is unidirectional such that calls into the first interface server are only accepted from the internal server and calls into the internal server from the first interface server are not possible.
  - 47. The method of claim 41 further comprising encrypting the request before sending the request to the internal server.
  - 48. The method of claim 47 wherein encrypting is synchronous.
  - 49. The method of claim 47 wherein encrypting is asynchronous.
  - 50. The method of claim 47 wherein encrypting uses a key that expires after a period of time.
  - 51. The method of claim 47 wherein encrypting uses a key that is continuously varied.
  - 52. The method of claim 47 wherein encrypting uses a key that has an individually configurable life so that a narrow time corridor for secure data exchange is opened upon allocation of the key.
  - 53. The method of claim 47 further comprising decrypting the request on the internal server.
  - 54. The method of claim 41 wherein the request is sent to the internal server if the request corresponds to a predetermined transaction.
  - 55. The method of claim 41 wherein verifying the request comprises verifying the semantics of the request.
  - 56. The method of claim 41 wherein the request is received in the first interface server through a firewall.
  - 57. The method of claim 41 wherein the request is sent from the first interface server to the internal server through a firewall.

58. A method of secure data exchange comprising:
- receiving a user-ID and a first password in a first computer system;
  
  sending the received user-ID to a second computer system through a first firewall;
  
  accessing a second password in the second computer system using the user-ID;
  
  encrypting the user-ID in the second computer system using the second password to produce an encrypted user-ID;
  
  sending the second encrypted user-ID to the first computer system through the first firewall;
  
  decrypting the encrypted user-ID using the first password to produce a first result; and
  
  comparing the first result to the received user-ID, wherein processing is enabled if the first result matches the received user-ID.
- View Dependent Claims (59, 60, 61)
- - 59. The method of claim 58 wherein communication between the first computer system and the second computer system is unidirectional.
  - 60. The method of claim 58 wherein the user-ID and password are received from an external network through a second firewall.
  - 61. The method of claim 58 wherein the user-ID and password are stored in an interface memory, and the interface memory is queried exclusively by the second computer system.

62. A secure data exchange system comprising:
- a first interface server;
  
  an interface memory coupled to the first interface server;
  
  a first firewall coupled between the first interface server and an external network;
  
  s second firewall coupled between the first interface server and an internal network.
- View Dependent Claims (63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73)
- - 63. The system of claim 62 wherein communication between the internal server and the first interface server is unidirectional.
  - 64. The system of claim 63 wherein calls into the first interface server are only accepted from the internal server and calls into the internal server from the first interface server are not possible.
  - 65. The system of claim 62 wherein a request is received in the first interface server through the first firewall and the semantics of the request are verified.
  - 66. The system of claim 65 wherein the request is stored in the interface memory if the request is verified.
  - 67. The system of claim 66 wherein the request is stored in the interface memory in encrypted form.
  - 68. The system of claim 62 wherein the interface memory is interrogated exclusively from the internal network for requests received from the external network.
  - 69. The system of claim 62 further comprising a second server coupled to the first interface server, wherein the second server converts requests received from the external network and forwards the results to the first interface server.
  - 70. The system of claim 69 wherein the second server is a web server.
  - 71. The system of claim 69 wherein the second server sends a confirmation of receipt of requests.
  - 72. The system of claim 62 further comprising a load control module for scaling the interface memory based on traffic.
  - 73. The system of claim 62 further comprising a logging module for logging transactions in the first interface server.

74. A method of secure data exchange comprising:
- means for receiving a request from an external network in a neutral zone;
  
  means for comparing the request with a set of permissible requests;
  
  means for storing the request in the neutral zone;
  
  means for checking for stored requests exclusively from an internal network; and
  
  means for processing the request in the internal network.
- View Dependent Claims (75)
- - 75. The system of claim 74 further comprising means for authenticating requests received from the external network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SAP SE
Original Assignee
SAP AG (SAP SE)
Inventors
Schuster, Wolfgang

Granted Patent

US 7,865,939 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/11
CPC Class Codes

H04L 2463/102   applying security measure f...

H04L 63/0209   Architectural arrangements,...

H04L 63/029   Firewall traversal, e.g. tu...

Method and transaction interface for secure data exchange between distinguishable networks

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

88 Citations

75 Claims

Specification

Solutions

Use Cases

Quick Links

Method and transaction interface for secure data exchange between distinguishable networks

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

88 Citations

75 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links