Method for a secure information transfer

US 7,966,657 B2
Filed: 04/03/2002
Issued: 06/21/2011
Est. Priority Date: 04/05/2001
Status: Expired due to Fees

First Claim

Patent Images

1. A method for connecting a user device located in a first intranet and a data server located in a second intranet, comprising:

sending a request from the user device located in the first intranet to a first computing device located in the first intranet to connect with the data server located in the second intranet;

generating, by a connection module of the first computing device, a unique session identification for a subsequent connection setup between the user device and the data server, the unique session identification being valid for only one connection setup;

transmitting from the first computing device to a second computing device located in the second intranet a request message containing an identification of the first intranet company and the unique session identification;

validating the unique session identification at the second intranet;

after validating the unique session identification, storing in a database located in the second intranet, via a storage module of the second computing device, the unique session identification, and sending, via the second computing device, a confirmation message to the connection module of the first computing device, wherein said confirmation message comprises address information related to the data server;

sending said address information and the unique session identification from the connection module of the first computing device to the user device;

initializing a connection to the data server by the user device, using said address information and the unique session identification;

before accepting the connection, performing an authorization check by the data server, the authorization check being performed by comparing the unique session identification received from the user device with the unique session identification stored in the database; and

accepting the connection between the data server and the user device if access by the user device is recognized through said authorization check.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of securely transmitting information between a user device and a central computing device, located in a self-contained network. The method includes: sending a request from the user device to a second computing device located outside of the self-contained network to connect with the central computing device; transmitting from the second network device to a third computing device located in the self-contained network a message containing a unique identification; storing in a database, via the third computing device, the unique identification when the identification is validated, and sending, via the third computing device, a confirmation message to the second computing device; and initializing a connection with the central computing device through the user device, using information contained in the confirmation message to initialize a connection with the central computing device, and the connection through the central computing device is accepted when access by the user device is authorized.

Citations

15 Claims

1. A method for connecting a user device located in a first intranet and a data server located in a second intranet, comprising:
- sending a request from the user device located in the first intranet to a first computing device located in the first intranet to connect with the data server located in the second intranet;
  
  generating, by a connection module of the first computing device, a unique session identification for a subsequent connection setup between the user device and the data server, the unique session identification being valid for only one connection setup;
  
  transmitting from the first computing device to a second computing device located in the second intranet a request message containing an identification of the first intranet company and the unique session identification;
  
  validating the unique session identification at the second intranet;
  
  after validating the unique session identification, storing in a database located in the second intranet, via a storage module of the second computing device, the unique session identification, and sending, via the second computing device, a confirmation message to the connection module of the first computing device, wherein said confirmation message comprises address information related to the data server;
  
  sending said address information and the unique session identification from the connection module of the first computing device to the user device;
  
  initializing a connection to the data server by the user device, using said address information and the unique session identification;
  
  before accepting the connection, performing an authorization check by the data server, the authorization check being performed by comparing the unique session identification received from the user device with the unique session identification stored in the database; and
  
  accepting the connection between the data server and the user device if access by the user device is recognized through said authorization check.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method according to claim 1, further comprising signaling a connection request from a browser call of the user device, to the connection module of the first computing device.
  - 3. The method according to claim 2, wherein access to the connection module is limited to authorized individuals.
  - 4. The method according to claim 2, wherein:
    - the unique session identification is transmitted to the storage module of the second computing device via the connection module;
      
      the validated session identification is stored in the database via the storage module; and
      
      the confirmation message is sent to the connection module of the first computing device.
  - 5. The method according to claim 4, further comprising transmitting data between the connection module and the storage module in accordance with the HTTPS protocol.
  - 6. The method according to claim 4, further comprising transmitting encrypted data between the connection module and the storage module.
  - 7. The method according to claim 2, further comprising displaying address information controlled by the connection module as a link to the browser.
  - 8. The method according to claim 7, further comprising executing a checking module on the data server, when the user device requests to connect, and automatically transferring the unique session identification to the checking module.
  - 9. The method according to claim 8, further comprising:
    - establishing, when access by the user device is recognized through the unique session identification stored in the database, a connection between the browser and the checking module; and
      
      transmitting to the browser, when access by the user device is identified as invalid, an error message via the checking module.
  - 10. The method according to claim 8, wherein data is transmitted between the browser and the checking module in accordance with the HTTPS protocol.
  - 11. The method according to claim 1, wherein the unique session identification is valid for a limited time.
  - 12. The method according to claim 5, further comprising transmitting encrypted data between the connection module and the storage module.
  - 13. The method according to claim 9, wherein data is transmitted between the browser and the checking module in accordance with the HTTPS protocol.

14. A method for connecting a user device located in a first intranet and a data server located in a second intranet, comprising:
- sending a request from the user device located in the first intranet to a first computing device located in the first intranet to connect with the data server located in the second intranet;
  
  generating, by a connection module of the first computing device, a unique session identification for a subsequent connection setup between the user device and the data server, the unique session identification being valid for only one connection setup, the unique session identification not identifying access rights of an individual user;
  
  transmitting from the first computing device to a second computing device located in the second intranet a request message containing an identification of the first intranet company and the unique session identification;
  
  validating the unique session identification at the second intranet;
  
  after validating the unique session identification, storing in a database located in the second intranet, via a storage module of the second computing device, the unique session identification, and sending, via the second computing device, a confirmation message to the connection module of the first computing device, wherein said confirmation message comprises address information related to the data server;
  
  sending said address information and the unique session identification from the connection module of the first computing device to the user device;
  
  initializing a connection to the data server by the user device, using said address information and the unique session identification;
  
  before accepting the connection, performing an authorization check by the data server, the authorization check being performed by comparing the unique session identification received from the user device with the unique session identification stored in the database; and
  
  accepting the connection between the data server and the user device if access by the user device is recognized through said authorization check.

15. A method for connecting a user device located in a first intranet and a data server located in a second intranet, comprising:
- sending a request from the user device located in the first intranet to a first computing device located in the first intranet to connect with the data server located in the second intranet;
  
  generating by a connection module of the first computing device a unique session identification for a subsequent connection setup between the user device and the data server, the unique session identification being valid for only one connection setup;
  
  transmitting from the first computing device to a second computing device located in the second intranet a request message containing an identification of the first intranet company and the unique session identification;
  
  validating the unique session identification at the second intranet;
  
  after validating the unique session identification, storing in a database located in the second intranet, via a storage module of the second computing device, the unique session identification along with an information about a period of validity expiry of the unique session identification, and sending, via the second computing device, a confirmation message to the connection module of the first computing device, wherein said confirmation message comprises address information related to the data server;
  
  sending said address information and the unique session identification from the connection module of the first computing device to the user device as a link;
  
  activating the link at the user device to thereby initialize a connection to the data server by the user device, using said address information and the unique session identification;
  
  before accepting the connection, performing an authorization check by the data server, the authorization check being performed by comparing the unique session identification received from the user device with the unique session identification stored in the database;
  
  accepting the connection between the data server and the user device if access by the user device is recognized through said authorization check and the period of validity stored in the database indicates that the unique session identification transmitted by the user device has not expired; and
  
  securely transmitting information over the connection between the user device and the data server if the connection was accepted.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
IP Edge LLC
Original Assignee
Siemens AG
Inventors
Stein-Lausnitz, Karl-Heinrich v., Hofheinz, Walter-Jürgen, Scharf, Dietmar
Primary Examiner(s)
Orgad; Edan
Assistant Examiner(s)
Tolentino; Roderick

Application Number

US10/474,052
Publication Number

US 20040148522A1
Time in Patent Office

3,366 Days
Field of Search

709/227, 709/228, 726/4, 726/16, 726/17, 726/21, 713/186
US Class Current

726/17
CPC Class Codes

H04L 9/40 Network security protocols

Method for a secure information transfer

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Method for a secure information transfer

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links