Method enabling secure access by a station to at least one server, and device using same
First Claim
1. A process for protecting accesses, through a network, to at least one application server, an access originating from a user station, using a multisession, multiport telecommunication protocol to establish an application session between the user station and an application server, said process comprising the steps of:
- interposing a security processor between the user station and the application server;
transmitting, from the user station towards the application server, an access request for establishing an application session with the application server;
establishing, between the user station and the security processor, a security session for running in parallel with the requested application session;
defining a security script for the parallel security session among a plurality of scripts;
providing the user station with access to the application server, under the control of the security processor running the parallel security session and using the defined security script, for establishing the requested application session in parallel with the security session; and
cyclically initiating security sessions as security checks on the application session.
2 Assignments
0 Petitions
Accused Products
Abstract
A process for protecting accesses to at least one server (30) is characterized in that it makes it possible to protect accesses originating from user stations (2) whose destination is at least one application server through a network (42) using a multisession, multiport telecommunication protocol, said process consisting of a step for the systematic establishment of a parallel security session between the user station (2) and a security processor (1) interposed between the user station to be protected during application sessions and the server or servers (30) to be protected and a step for the cyclic initiation of security sessions.
-
Citations
38 Claims
-
1. A process for protecting accesses, through a network, to at least one application server, an access originating from a user station, using a multisession, multiport telecommunication protocol to establish an application session between the user station and an application server, said process comprising the steps of:
-
interposing a security processor between the user station and the application server;
transmitting, from the user station towards the application server, an access request for establishing an application session with the application server;
establishing, between the user station and the security processor, a security session for running in parallel with the requested application session;
defining a security script for the parallel security session among a plurality of scripts;
providing the user station with access to the application server, under the control of the security processor running the parallel security session and using the defined security script, for establishing the requested application session in parallel with the security session; and
cyclically initiating security sessions as security checks on the application session. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
transmitting by the user station through the network a source IP address and at least one port number associated with the application requested by the user station;
searching by the security processor for a security script associated with the requested application;
establishing the security session between the security processor and the user station;
searching by the security processor in a local file of the processor for a name and address of a at least one remote server used for the requested application and choosing a remote server from the at least one remote servers found; and
opening a connection with the chosen remote server by communicating an IP address and a port number.
-
-
3. The process for protecting accesses to at least one application server according to claim 2, wherein the security script associated with the requested application comprises directly establishing a link between the user station and the remote server chosen by the security processor.
-
4. The process for protecting accesses to at least one application server according to claim 1, wherein the defined security script stored in a table, makes possible a step of selecting at least one function from a group of security functions comprising user authentication, user identification, verification of user rights, certification, encryption key calculation, signature calculation, and verification of user profiles, wherein said at least one selected function provides selective access to the requested application session.
-
5. The process for protecting accesses to at least one application server according to claim 2, wherein the security processor stores a journal in a memory comprising at least two information elements selected from the group comprising sequential connection number, connection dates and beginning and end times, the source IP address and the at least one port number, an identifier of a security object user, name of the remote server chosen, the IP address and the port number, and execution rules.
-
6. The process for protecting accesses to at least one application server according to claim 2, wherein the security processor stores in a table of a memory a list of at least three information elements selected from the group comprising a list of applications processed by the processor, operations to be executed as a function of connection type, the plurality of security scripts, access rights of users as defined by a black list, a white list and a subscriber list, and schedules for authorizing access to remote servers.
-
7. The process for protecting accesses to at least one application server according to claim 3, wherein the security processor stores a journal in a memory comprising at least two information elements selected from the group comprising sequential connection number, connection dates and beginning and end times, the source IP address and the at least one port number, an identifier of a security object used, name of the remote server chosen, the destination IP address and the port number, and execution rules.
-
8. The process for protecting accesses to at least one application server according to claim 4, wherein the security processor stores a journal in a memory comprising at least two information elements selected from the group comprising sequential connection number, connection dates and beginning and end times, the source IP address and the at least one port number, an identifier of a security object used, name of the remote server chosen, the IP address and the port number, and execution rules.
-
9. The process for protecting accesses to at least one application server according to claim 3, wherein the security processor stores in a second table of a memory a list of at least three information elements selected from a group comprising a list of applications processed by the processor, operations to be executed as a function of connection type, the plurality of security scripts, access rights of users as defined by a black list, a white list and a subscriber list, and schedules for authorizing access to remote servers.
-
10. The process for protecting accesses to at least one application server according to claim 4, wherein the security processor stores in a second table of a memory a list of at least three information elements selected from the group comprising a list of applications processed by the processor, operations to be executed as a function of connection type, the plurality of security scripts, access rights of users as defined by a black list, a white list and a subscriber list, and schedules for authorizing access to remote servers.
-
11. The process for protecting accesses to at least one application server according to claim 5, wherein the security processor stores in a second table of a memory a list of at least three information elements selected from the group comprising a list of applications processed by the processor, operations to be executed as a function of connection type, the plurality of security scripts, access rights of users as defined by a black list, a white list and a subscriber list, and schedules for authorizing access to remote servers.
-
12. The process for protecting accesses to at least one application server according claim 3, additionally comprising the step of installing security software in the security processor, wherein an installer defines, in an initialization file a security delay which allows the security processor to close a security connection established with the user station if there has been no application connection since the defined security delay, and an inactivity delay which allows the processor to close the security connection and an application connection established with the user station if there have been no data exchanges in the application connection since the defined inactivity delay.
-
13. The process for protecting accesses to at least one application server according claim 4, further comprising installing security software in the security processor, wherein an installer defines, in an initialization file a security delay which allows the security processor to close a security connection established with the user station if there has been no application connection since the defined security delay, and an inactivity delay which allows the processor to close the security connection and an application connection established with a the user station if there have been no data exchanges in the application connection since the defined inactivity delay.
-
14. The process for protecting accesses to at least one application server according claim 5, further comprising installing security software in the security processor, wherein an installer defines, in an initialization file a security delay which allows the security processor to close a security connection established with the user station if there has been no application connection since the defined security delay, and an inactivity delay which allows the processor to close the security connection and an application connection established with the user station if there have been no data exchanges in the application connection since the defined inactivity delay.
-
15. A process for protecting accesses originating from a user station whose destination is at least one application server through a network using a multisession, multiport telecommunication protocol, said process comprising:
-
systematically establishing a parallel security session between the user station and a security processor interposed between the user station to be protected during application sessions and the at least one application server; and
cyclically initiating security sessions, wherein a security script of the parallel security session is defined among a plurality of scripts;
wherein the step of systematically establishing a security session comprises;
transmitting by the station through the network of a source IP address and at least one port number associated with the application requested by the station;
searching by the security processor for the security script associated with the application;
establishing the security session between the security processor and the station;
searching by the security processor in a local file of the processor for the name and address of a remote server used for the application; and
opening a connection with the at least one remote server by communicating an IP address and a port number, wherein the security processor stores in a second table of a memory a list of at least three information elements including the applications processed by the processor, the operations to be executed as a function of the connection type, the security scripts to be implemented, the access rights of the users as defined by a black list, a white list and a subscriber list, and the schedules for the authorization of access to the remote servers.
-
-
16. A process for protecting accesses originating from a user station whose destination is at least one application server through a network using a multisession, multiport telecommunication protocol, said process comprising:
-
systematically establishing a parallel security session between the user station and a security processor interposed between the user station to be protected during application sessions and the at least one application server; and
cyclically initiating security sessions, wherein a security script of the parallel security session is defined among a plurality of scripts, wherein the security script associated with an application comprises the step of directly establishing the link between the station and the remote server chosen by the security processor.
-
-
17. A process for protecting accesses originating from a user station whose destination is at least one application server through a network using a multisession, multiport telecommunication protocol, said process comprising:
-
systematically establishing a parallel security session between the user station and a security processor interposed between the user station to be protected during application sessions and the at least one application server; and
cyclically initiating security sessions, wherein a security script of the parallel security session is defined among a plurality of scripts;
wherein the step of systematically establishing a security session comprises;
transmitting by the station through the network of a source IP address and at least one port number associated with the application requested by the station;
searching by the security processor for the security script associated with the application;
establishing the security session between the security processor and the station;
searching by the security processor in a local file of the processor for the name and address of a remote server used for the application; and
opening a connection with the at least one remote server by communicating an IP address and a port number, wherein the security script to be implemented, defined in a stored table, makes possible a choice of at least one security function selected from a group of security functions including user authentication, user identification, verification of the user'"'"'s rights, certification, encryption key calculation, signature calculation, verification of user profiles, said at least one security function to provide selective access to applications requested from the server.
-
-
18. A process for protecting accesses originating from a user station whose destination is at least one application server through a network using a multisession, multiport telecommunication protocol, said process comprising:
-
systematically establishing a parallel security session between the user station and a security processor interposed between the user station to be protected during application sessions and the at least one application server; and
cyclically initiating security sessions, wherein a security script of the parallel security session is defined among a plurality of scripts;
wherein the step of systematically establishing a security session comprises;
transmitting by the station through the network of a source IP address and at least one port number associated with the application requested by the station;
searching by the security processor for the security script associated with the application;
establishing the security session between the security processor and the station;
searching by the security processor in a local file of the processor for the name and address of a remote server used for the application; and
opening a connection with the at least one remote server by communicating an IP address and a port number, wherein the security processor stores a journal in a memory comprising at least two information elements including a sequential connection number, the connection dates and beginning and end times, the source IP address and at least one port number, the identifier of the security object used, the name of the remote server chosen, the destination IP address and port number, and the execution rules.
-
-
19. A process for protecting accesses originating from a user station whose destination is at least one application server through a network using a multisession, multiport telecommunication protocol, said process comprising:
-
systematically establishing a parallel security session between the user station and a security processor interposed between the user station to be protected during application sessions and the at least one application server; and
cyclically initiating security sessions, wherein a security script of the parallel security session is defined among a plurality of scripts, wherein the security script to be implemented, defined in a stored table, makes possible the step of selecting at least one function from a group of security functions including data display and capture, source and destination IP address verification, access control by password, and access control by a smart card, wherein said access control makes possible execution of an identification of a cardholder.
-
-
20. A process for protecting accesses originating from a user station whose destination is at least one application server through a network using a multisession, multiport telecommunication protocol, said process comprising:
-
systematically establishing a parallel security session between the user station and a security processor interposed between the user station to be protected during application sessions and the at least one application server; and
cyclically initiating security sessions, wherein a security script of the parallel security session is defined among a plurality of scripts;
wherein the step of systematically establishing a security session comprises;
transmitting by the station through the network of a source IP address and at least one port number associated with the application requested by the station;
searching by the security processor for the security script associated with the application;
establishing the security session between the security processor and the station;
searching by the security processor in a local file of the processor for the name and address of a remote server used for the application and;
opening a connection with the at least one remote server by communicating an IP address and a port number, wherein the security script to be implemented, defined in a stored table, makes possible the step of selecting at least one function from a group of security functions including data display and capture, source and destination IP address verification, access control by password, and access control by a smart card, wherein said access control makes possible execution of an identification of a cardholder.
-
-
21. A process for protecting accesses originating from a user station whose destination is at least one application server through a network using a multisession, multiport telecommunication protocol, said process comprising:
-
systematically establishing a parallel security session between the user station and a security processor interposed between the user station to be protected during application sessions and the at least one application server;
cyclically initiating security sessions, wherein a security script of the parallel security session is defined among a plurality of scripts; and
installing security software in the security processor, wherein an installer defines, in an initialization file a security delay which allows the security processor to close a security connection established with a client station if there has been no application connection since the defined security delay, and an inactivity delay which allows the processor to close the security connection and the application connections established with a client station if there have been no data exchanges in the application connections since the defined inactivity delay.
-
-
22. A process for protecting accesses originating from a user station whose destination is at least one application server through a network using a multisession, multiport telecommunication protocol, said process comprising:
-
systematically establishing a parallel security session between the user station and a security processor interposed between the user station to be protected during application sessions and the at least one application server; and
cyclically initiating security sessions, wherein a security script of the parallel security session is defined among a plurality of scripts;
wherein the step of systematically establishing a security session comprises the following steps;
transmitting by the station through the network of a source IP address and at least one port number associated with the application requested by the station;
searching by the security processor for the security script associated with the application;
establishing the security session between the security processor and the station;
searching by the security processor in a local file of the processor for the name and address of a remote server used for the application;
opening a connection with the at least one remote server by communicating an IP address and a port number; and
installing security software in the security processor, wherein an installer defines, in an initialization file a security delay which allows the security processor to close a security connection established with a client station if there has been no application connection since the defined security delay, and an inactivity delay which allows the processor to close the security connection and the application connections established with a client station if there have been no data exchanges in the application connections since the defined inactivity delay.
-
-
23. A process for protecting accesses originating from a user station whose destination is at least one application server through a network using a multisession, multiport telecommunication protocol, said process comprising:
-
systematically establishing a parallel security session between the user station and a security processor interposed between the user station to be protected during application sessions and the at least one application server;
cyclically initiating security sessions, wherein a security script of the parallel security session is defined among a plurality of scripts, wherein the security processor stores in a second table of a memory a list of at least three information elements including the applications processed by the processor, the operations to be executed as a function of the connection type, the security scripts to be implemented, the access rights of the users as defined by a black list, a white list and a subscriber list, and the schedules for the authorization of access to the remote servers; and
installing security software in the security processor, wherein an installer defines, in an initialization file a security delay which allows the security processor to close a security connection established with a client station if there has been no application connection since the defined security delay, and an inactivity delay which allows the processor to close the security connection and the application connections established with a client station if there have been no data exchanges in the application connections since the defined inactivity delay.
-
-
24. Equipment which enables a process for protecting accesses to at least one application server through a network, resulting from access requests for an application session originating from a user station, using a multisession, multiport telecommunication protocol, said equipment comprising:
-
a user station having security software for managing data exchanges with at least one portable object and at least one portable object reader associated with the user station, and data exchanges with a security processor using a multisession, multiport communication protocol; and
a security processor, comprising a communications controller arranged for controlling a communications establishing device, said security processor being arranged for running, in parallel, two communications sessions with the user station, a first session of said two sessions being a security session used by the communications controller to control a second session of said two sessions, the second session being an application session established by the communications establishing device. - View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38)
-
Specification