Method and system architecture for secure communication between two entities connected to an internet network comprising a wireless transmission segment

US 7,275,262 B1
Filed: 05/22/2000
Issued: 09/25/2007
Est. Priority Date: 05/25/2000
Status: Expired due to Term

First Claim

Patent Images

1. A method for secure communication between first and second entities interconnected via an internet network, said entities being associated with respective first and second processing systems connected to said internet network, said first system operating in client mode and said second system operating in server mode, said method comprising:

assigning respective permanent internet addresses to said first and second entities,making at least one application, located in said second system, accessible to said first entity,receiving an application request at the second system,selectively recognizing said application request as belonging to one of a first and a second application interface communication protocol, said first application interface communication protocol associated with a first server of the second system and said second application interface communication protocol associated with a second server of the second system,providing said application request recognized as belonging to the first application interface communication protocol to the first server of the second system,providing said application request recognized as belonging to the second application interface communication protocol to the second server of the second system,converting, using a web server application interface portion of the second server, said application request recognized as belonging to the second application interface communication protocol to the first application interface communication protocol,encrypting data exchanged between said first and second entities in conformity with a desired security protocol, wherein said first and second systems include including a communication protocol stack having at least one layer which allows for said encrypting step to be performed and said second entity hosting a WAP gateway utilizing the web server application interface said second system is being configured to communicate, via the web server application interface adapter, directly with a first type of WAP application and via a web container and at least one specific application program interface with a servlet WAP application, andperforming a conversion to or from HTTP using a WAP gateway function included in the second system.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for providing secure communication between first and second systems connected to the internet includes assigning respective permanent internet addresses to first and second entities associated with the systems, making at least one application located in a server of said second system accessible to the first entity, and encrypting data exchanged between the first and second entities in conformity with a desired security protocol. The first and second systems each include a communication protocol stack having at least one layer which allows for the encrypting step to be performed. Through this method, a user in the first system can directly address an application hosted by the second system without using or even knowing the name of the host system. The entity in the first system may be a wireless unit operating, for example, in GSM and the entity in the second system may be a server in an intranet. To enable conversion to take place between the wireless application and internet standards, the server in the second system is preferably equipped with WAP and WEB servers and associated conversion units.

Citations

18 Claims

1. A method for secure communication between first and second entities interconnected via an internet network, said entities being associated with respective first and second processing systems connected to said internet network, said first system operating in client mode and said second system operating in server mode, said method comprising:
- assigning respective permanent internet addresses to said first and second entities,making at least one application, located in said second system, accessible to said first entity,receiving an application request at the second system,selectively recognizing said application request as belonging to one of a first and a second application interface communication protocol, said first application interface communication protocol associated with a first server of the second system and said second application interface communication protocol associated with a second server of the second system,providing said application request recognized as belonging to the first application interface communication protocol to the first server of the second system,providing said application request recognized as belonging to the second application interface communication protocol to the second server of the second system,converting, using a web server application interface portion of the second server, said application request recognized as belonging to the second application interface communication protocol to the first application interface communication protocol,encrypting data exchanged between said first and second entities in conformity with a desired security protocol, wherein said first and second systems include including a communication protocol stack having at least one layer which allows for said encrypting step to be performed and said second entity hosting a WAP gateway utilizing the web server application interface said second system is being configured to communicate, via the web server application interface adapter, directly with a first type of WAP application and via a web container and at least one specific application program interface with a servlet WAP application, andperforming a conversion to or from HTTP using a WAP gateway function included in the second system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. A method according to claim 1, wherein said permanent IP addresses assigned to said first and second entities conform to an IPV6 Internet address protocol.
  - 3. A method according to claim 2, wherein communications through said internet network take place in conformity with an IPV4 Internet address protocol, and wherein said method further comprises:
    - executing, in at least one of said first and second systems, an address conversion step which includes converting said IPV4 internet address protocol to said IPV6 internet address protocol.
  - 4. A method according to claim 1, wherein said encrypting step is performed in conformity with an IPSec protocol in tunnel mode, in order to obtain secure data exchanges between said first and second entities, and wherein said IPSec protocol is used with an EPS mechanism for authenticating information sources.
  - 5. A method according to claim 4, wherein said first entity is a user of said first system, wherein said method further includes a step for authenticating said user, and wherein said permanent IP address assigned to said first entity is used to identify said user.
  - 6. A method according to claim 5, wherein communications through said network take place in data packet mode, and wherein said permanent IP address identifying said user is present in encrypted form in conformity with said IPSec protocol, in each of said data packets.
  - 7. A method according to claim 1, wherein said first system is connected to a wireless transmission segment,wherein communications between said first system and said second system take place in conformity with a WAP protocol, andwherein said second system includes a WAP server and a unified interface between said WAP server and at least one application, said at least one application being located in said second system and being accessible by said first entity, andwherein said WAP server is integrated into said second system as a web server.
  - 8. A method according to claim 7, wherein said second system includes an additional module for performing two-way interface adaptation of structures, which makes it possible to support application interfaces used by web servers.
  - 9. A method according to claim 7, wherein said first system includes a WAP browser.
  - 10. A method according to claim 1, wherein said first system includes a mobile system,wherein said method further includes assigning to said first system a temporary address, and initiating a dialog between said first system and a home agent connected to said internet network to correlate said permanent address assigned to said first entity with said temporary address, in conformity with said IPV6 protocol.

11. A system architecture for secure communication between first and second entities interconnected via an internet network, said entities respectively being associated with first and second data processing systems within a set of distributed systems connected to said internet network, said first system operating in client mode and said second system operating in server mode, said first and second entities being associated with permanent internet addresses, comprising:
- at least one application included in said second system, said at least one application being accessible by said first entity;
  
  first and second communication protocol stacks respectively included in said first and second systems,a first application interface communication protocol associated with a first server of the second system,a second application interface communication protocol associated with a second server of the second system,said second server comprising a web server application interface portion configured to convert an application request belonging to the second application interface communication protocol to the first application interface communication protocol,each of said first and second communication protocol stacks comprising at least one address layer using a respective one of said permanent TP addresses and a logical layer for encrypting, in end-to-end mode in conformity with a given security protocol, data exchanged between said first and second entities and said second entity hosting a WAP gateway utilizing the web server application interface adapter and the server included in said second system being configured to communicate, via the web server application interface adapter, directly with a first type of WAP application and via a web container and at least one specific application program interface with a servlet WAP application, anda WAP gateway function included in the second system to perform a conversion to or from HTTP.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
- - 12. An architecture according to claim 11, wherein said address layer conforms to an IPV6 protocol.
  - 13. An architecture according to claim 12, wherein said internet network conveys data packets in conformity with an IPV4 protocol,wherein each of said first and second communication protocol stacks includes a first address layer in the IPV6 protocol and a second address layer in the IPV4 protocol from which IPV6-compatible addresses are derived, in order to obtain exchanges in tunnel mode, andwherein said logical layer in each of said first and second communication protocol stacks encrypts data packets exchanged between said first and second entities.
  - 14. An architecture according to claim 11, wherein said logical layer in each of said first and second communication protocol stacks conforms to an EPSec protocol in tunnel mode, in order to obtain secure data exchanges between said interconnected first and second entities, and wherein said IPSec protocol is used with an EPS mechanism for identifying information sources.
  - 15. An architecture according to claim 11,wherein said first system is connected to a wireless transmission segment,communications between said first system and said second system take place in conformity with a WAP protocol,said second system includes at least a first module constituting a WAP server and a second module forming a unified interface between said WAP server and said at least one application, andsaid WAP server is integrated into said second system as a web server.
  - 16. An architecture according to claim 15, wherein said second system includes at least one additional module for two-way conversion of data packets of structures in conformity with web or WAP protocols.
  - 17. An architecture according to claim 15, wherein said first system is a mobile telephone terminal operating in a GSM standard, said mobile telephone terminal including a WAP type browser constituting a client and a display screen for displaying pages in WML-type language.
  - 18. An architecture according to claim 15,wherein said first system is a mobile telephone terminal operating in a GPRS standard, andwherein said mobile telephone includes an Internet browser constituting a client and a display screen for displaying pages in WML-type language.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bull Sas (Atos SE)
Original Assignee
Bull Sas (Atos SE)
Inventors
Habert, Michel
Primary Examiner(s)
Moazzami; Nasser
Assistant Examiner(s)
SHIFERAW, ELENI A

Application Number

US10/048,057
Time in Patent Office

2,682 Days
Field of Search

713/201, 713/153, 713/168, 726/14, 726/26
US Class Current

726/26
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/164   at the network layer

H04L 67/02   based on web technology, e....

H04L 67/04   specially adapted for termi...

H04L 69/329   in the application layer [O...

H04W 8/26   Network addressing or numbe...

H04W 80/04   Network layer protocols, e....

Method and system architecture for secure communication between two entities connected to an internet network comprising a wireless transmission segment

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system architecture for secure communication between two entities connected to an internet network comprising a wireless transmission segment

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links