[go: up one dir, main page]

WO2002037745A1 - Procede de transmission protegee de donnees entre deux terminaux et dispositif approprie pour mettre ledit procede en oeuvre - Google Patents

Procede de transmission protegee de donnees entre deux terminaux et dispositif approprie pour mettre ledit procede en oeuvre Download PDF

Info

Publication number
WO2002037745A1
WO2002037745A1 PCT/DE2001/004167 DE0104167W WO0237745A1 WO 2002037745 A1 WO2002037745 A1 WO 2002037745A1 DE 0104167 W DE0104167 W DE 0104167W WO 0237745 A1 WO0237745 A1 WO 0237745A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
data transmission
security
transmission network
relevant
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/DE2001/004167
Other languages
German (de)
English (en)
Inventor
Norbert Frisch
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Siemens AG
Siemens Corp
Original Assignee
Siemens AG
Siemens Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Siemens AG, Siemens Corp filed Critical Siemens AG
Publication of WO2002037745A1 publication Critical patent/WO2002037745A1/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/18Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels

Definitions

  • the present invention relates to a method for secure data transmission between two terminals and a device for performing this method.
  • data is transmitted between two participants or their terminals via a data transmission network that is not secure, the data must be encrypted.
  • One example is, handling communications between a 'customer (first participant) and his bank (second participant) over the Internet, the customer has the option via the Internet banking.
  • the Internet does not offer secure data transmission, i.e. a third party has the option of "listening" to the data during data transmission.
  • security-relevant data such as Access code, PIN number and account number
  • the data to be transmitted must be encrypted by the sending and decrypted again when received.
  • the data transmission for an application takes place between two terminals via two separate data transmission networks (first and second data transmission networks), security-relevant data being transmitted via the first data transmission network and associated user data being transmitted via the second data transmission network.
  • Security-related data and user data are e.g. Data that is transmitted between two terminals for the purpose of executing an application (e.g. the "banking application” described at the beginning).
  • an application e.g. the "banking application” described at the beginning.
  • a secure connection is provided by the public telephone network (PSTN, Public Switched Telephone Network using the analog or ISDN method), which is a circuit-switched data transmission network and establishes a secure point-to-point connection for data transmission between two subscribers.
  • PSTN Public Switched Telephone Network using the analog or ISDN method
  • Security-relevant data can e.g. Access data, PIN numbers (Personal Identification Number), account numbers, etc., which, for example, allow access to an account with a bank and enable banking transactions to be carried out on this account.
  • PIN numbers Personal Identification Number
  • account numbers etc.
  • Data that are not security-relevant can be, for example, text and / or formatting information, etc. that do not contain confidential data.
  • text can be transmitted via the second data transmission network that contains gaps instead of security-relevant data. These gaps are filled with the security-relevant data (confidential data) that are transmitted via the first data transmission network.
  • the security-relevant data can also contain encryption codes with which the user data which are transmitted via the second data transmission network are encrypted or decrypted.
  • secret data such as PIN numbers and other data that may not be made accessible to third parties are transmitted via the second data transmission network, since these data are encrypted with an encryption code that transmits via a different transmission path (first data transmission network) than the user data (second data transmission network) becomes.
  • the user data which usually make up a significantly larger proportion of the data to be transmitted than the security-relevant data, are still transmitted via a non-secure broadband (second) data transmission network, e.g. transmitted to the Internet, which is a packet-switched data transmission network.
  • second data transmission network e.g. transmitted to the Internet, which is a packet-switched data transmission network.
  • the security-relevant data can also be transmitted in encrypted form over the first data transmission network.
  • the data (to be transmitted) is separated into security-relevant data and user data by means (13, 23) for automatically separating or merging data automatically according to preset criteria.
  • certain fields in a form can be marked as security-relevant.
  • Such fields are, for example Fields for entering PIN (Personal Identification Number, TAN (transaction number), account number, amount, access data, etc.
  • a further possibility of carrying out the separation of the data according to the invention consists in generally classifying all the numbers that occur as security-relevant and transmitting them over the first data transmission network.
  • encryption data for encrypting or decrypting the user data can also be transmitted via the first data transmission network.
  • the encryption data (codes) are thus defined as security-relevant and transmitted via the first data transmission network. All other data, including access data, PIN numbers, etc., since they are encrypted, are defined as user data and are accordingly transmitted via the second data transmission network.
  • the advantage of the present invention is the particularly simple handling for the users of a secure data transmission. Furthermore, the security of the data transmission is increased by the simultaneous use of two data transmission networks, in particular with the use of the public telephone network, which provides a secure point-to-point connection, as the first data transmission network.
  • 1 is a schematic representation of a data transmission between two terminals according to the invention using the method according to the invention
  • 2 shows a schematic representation of the data transmission according to the invention in the xDSL transmission system
  • FIG. 3 shows a schematic representation of the data transmission according to the invention via different accesses to the data transmission networks.
  • the customer uses his PC (terminal 1) to connect to the bank computer (terminal 2) via the Internet (IP, second data transmission network 4).
  • IP Internet
  • two data transmission networks are used for data transmission at the same time in order to increase the security during data transmission.
  • Mass data user data
  • any safety-relevant information such as e.g. Text, formatting and layout information.
  • Security-relevant data is transmitted via the public telephone network, e.g. Access codes, PIN numbers, account numbers, etc. for access to the respective account.
  • the security-relevant data can also contain encryption data (encryption code) for encrypting or decrypting the user data which are transmitted via the second data transmission network.
  • the respective device 13, 23 for automatically separating or merging data in addition to data transmission over the Internet, establishes a connection via the public public telephone network established; the respective connections are made by means of the first and second interfaces 11, 21 and 12, 22.
  • the device 13, 23 for the automatic separation or merging of data contains an appropriate application software which performs the necessary signaling tasks for setting up, controlling and dismantling the Connections. This application software also separates the transmission of safety-related data and user data when receiving.
  • the receiving device 13, 23 for automatically separating or merging data assembles the data again in the correct order. If necessary, the user data are also decrypted by the receiving device 13, 23 for the automatic separation or merging of data.
  • data is transmitted in different frequency bands.
  • the transmission of the (security-relevant) data which are transmitted over the public telephone network 3 (PSTN) in the POTS (Piain Old Telephone Service) or ISDN (Integrated Services Digital Network), are carried out by the terminals 1, 2 in a deep (relative small) frequency band (for example 0 to 32 kHz).
  • PSTN public telephone network 3
  • POTS Peain Old Telephone Service
  • ISDN Integrated Services Digital Network
  • the task of the first and second interfaces 11, 21 and 12, 22 of the respective terminals 1, 2 is therefore to transform the security-relevant data and the useful data for transmission into the corresponding frequency bands (in this figure by the Low or represented by the high-pass symbol) and to send the data on a common physical line.
  • the frequency bands are separated by the respective first or second 11, 21 or 12, 22 interface.
  • the data are processed using the respective device 13, 23 for automatically separating or merging data.
  • the data that are transmitted over a physical line in different frequency bands must be distributed over these networks for transmission over the different transmission networks.
  • the data are in turn transmitted to the terminal in different frequency bands via a line.
  • xDSL splitters or xDSL mergers (designated by the reference numerals 5 and 6 in FIG. 2), depending on whether the data is sent or received.
  • These xDSL splitters / mergers are physically in front of the exchange; but they can also be part of the exchange.
  • To send data they divide the data according to the frequency band and send the data via the corresponding data transmission network.
  • For receiving, the data from the respective data transmission networks are transformed into the corresponding frequency bands and transmitted to the respective terminal 1, 2.
  • the data transmission according to the invention with any access to the Internet and to the public telephone network is explained with reference to FIG. 3.
  • the access of the terminals 1, 2 to the Internet can e.g. via a so-called powerline, i.e. via power cable or another broadband cable (e.g. TV cable).
  • the terminals 1, 2 must have corresponding second interfaces 12 and 22.
  • a connection is established between the respective devices 13, 23 for automatically separating or merging data via the first interfaces 11, 21.
  • access from terminal 1 to the public telephone network follows via a mobile radio interface (GSM) and from terminal 2 via the fixed network.
  • GSM mobile radio interface
  • the present invention finds application wherever secure data transmission, i.e. a data transfer that is to be protected against unauthorized access takes place.
  • the present invention can also be used for handling all types of business (e.g. B2B, business-to-business) via the Internet.
  • the essential business data e.g. also contain a so-called digital signature for authenticity certification, automatically transmitted via the secure telephone network.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

L'invention concerne un procédé de transmission de données entre deux terminaux (1, 2), selon lequel des données relevant de la sécurité et des données utiles sont transmises. Les données relevant de la sécurité sont transmises par l'intermédiaire d'un premier réseau de transmission de données (3) et les données utiles sont transmises par l'intermédiaire d'un second réseau de transmission de données (4) entre les terminaux (1, 2). L'invention concerne en outre un terminal (1, 2) permettant de mettre ledit procédé en oeuvre.
PCT/DE2001/004167 2000-11-06 2001-11-06 Procede de transmission protegee de donnees entre deux terminaux et dispositif approprie pour mettre ledit procede en oeuvre Ceased WO2002037745A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE10054941.1 2000-11-06
DE2000154941 DE10054941A1 (de) 2000-11-06 2000-11-06 Verfahren zur sicheren Datenübertrgung zwischen zwei Endgeräten und Vorrichtung zur Durchführung dieses Verfahrens

Publications (1)

Publication Number Publication Date
WO2002037745A1 true WO2002037745A1 (fr) 2002-05-10

Family

ID=7662290

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/DE2001/004167 Ceased WO2002037745A1 (fr) 2000-11-06 2001-11-06 Procede de transmission protegee de donnees entre deux terminaux et dispositif approprie pour mettre ledit procede en oeuvre

Country Status (2)

Country Link
DE (1) DE10054941A1 (fr)
WO (1) WO2002037745A1 (fr)

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2380108A (en) * 2001-08-07 2003-03-26 Hewlett Packard Co Server system with segregated management LAN and payload LAN
WO2004004204A1 (fr) * 2002-06-28 2004-01-08 Motorola, Inc., A Corporation Of The State Of Delaware Procede et systeme d'authentification d'un composant par un vehicule
EP1406464A1 (fr) * 2002-09-25 2004-04-07 Siemens Aktiengesellschaft Procédé et terminal de communication pour l'établissement sécurisé d'une connexion de communication
WO2005020534A1 (fr) * 2003-08-13 2005-03-03 Siemens Aktiengesellschaft Procede et dispositif pour transmettre des informations de securite et des informations utiles par l'intermediaire de liaisons securisees separees
US7010682B2 (en) 2002-06-28 2006-03-07 Motorola, Inc. Method and system for vehicle authentication of a component
GB2419785A (en) * 2004-10-27 2006-05-03 Roke Manor Research Ensuring the integrity of data by transmitting over at least two separate paths and comparing each reception to determine reliability
US7127611B2 (en) 2002-06-28 2006-10-24 Motorola, Inc. Method and system for vehicle authentication of a component class
US7131005B2 (en) 2002-06-28 2006-10-31 Motorola, Inc. Method and system for component authentication of a vehicle
US7137001B2 (en) 2002-06-28 2006-11-14 Motorola, Inc. Authentication of vehicle components
US7181615B2 (en) 2002-06-28 2007-02-20 Motorola, Inc. Method and system for vehicle authentication of a remote access device
US7228420B2 (en) 2002-06-28 2007-06-05 Temic Automotive Of North America, Inc. Method and system for technician authentication of a vehicle
US7325135B2 (en) 2002-06-28 2008-01-29 Temic Automotive Of North America, Inc. Method and system for authorizing reconfiguration of a vehicle
US7549046B2 (en) 2002-06-28 2009-06-16 Temic Automotive Of North America, Inc. Method and system for vehicle authorization of a service technician
US7600114B2 (en) 2002-06-28 2009-10-06 Temic Automotive Of North America, Inc. Method and system for vehicle authentication of another vehicle

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0801479A1 (fr) * 1995-12-29 1997-10-15 AT&T Corp. Système et méthode de sécurité pour réseaux de données
EP0869651A1 (fr) * 1997-04-01 1998-10-07 Telefonaktiebolaget Lm Ericsson Méthode et système pour la transmission sécurisée de données
EP0926611A2 (fr) * 1997-12-23 1999-06-30 AT&T Corp. Procédé de validation de transactions
US6012144A (en) * 1996-10-08 2000-01-04 Pickett; Thomas E. Transaction security method and apparatus

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE3717261A1 (de) * 1987-05-22 1987-11-19 Paul Bamberg Verfahren zur telefonwahl von fernsehdarbietungen
JP3729529B2 (ja) * 1994-10-28 2005-12-21 ソニー株式会社 デイジタル信号送受信システム
US5778173A (en) * 1996-06-12 1998-07-07 At&T Corp. Mechanism for enabling secure electronic transactions on the open internet
US5852653A (en) * 1996-08-23 1998-12-22 Reel; John Steven Communications line security device
DE19846452A1 (de) * 1998-10-08 1999-12-16 Siemens Ag Verfahren zur Kontrolle des Zugriffs auf ein zugriffsbeschränktes System und entsprechendes zugriffsbeschränktes System

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0801479A1 (fr) * 1995-12-29 1997-10-15 AT&T Corp. Système et méthode de sécurité pour réseaux de données
US6012144A (en) * 1996-10-08 2000-01-04 Pickett; Thomas E. Transaction security method and apparatus
EP0869651A1 (fr) * 1997-04-01 1998-10-07 Telefonaktiebolaget Lm Ericsson Méthode et système pour la transmission sécurisée de données
EP0926611A2 (fr) * 1997-12-23 1999-06-30 AT&T Corp. Procédé de validation de transactions

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
BONNEY J C ET AL: "Universal broadband network access device", PARALLEL ARCHITECTURES, ALGORITHMS, AND NETWORKS, 1996. PROCEEDINGS., SECOND INTERNATIONAL SYMPOSIUM ON BEIJING, CHINA 12-14 JUNE 1996, LOS ALAMITOS, CA, USA,IEEE COMPUT. SOC, US, 12 June 1996 (1996-06-12), pages 146 - 153, XP010166771, ISBN: 0-8186-7460-1 *
JACKSON A: "ADSL for high-speed broadband data service", AEROSPACE CONFERENCE, 1998 IEEE SNOWMASS AT ASPEN, CO, USA 21-28 MARCH 1998, NEW YORK, NY, USA,IEEE, US, 21 March 1998 (1998-03-21), pages 451 - 465, XP010286910, ISBN: 0-7803-4311-5 *

Cited By (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2380108B (en) * 2001-08-07 2004-11-17 Hewlett Packard Co Server system with segregated management lan and payload lan
GB2380108A (en) * 2001-08-07 2003-03-26 Hewlett Packard Co Server system with segregated management LAN and payload LAN
US7103654B2 (en) 2001-08-07 2006-09-05 Hewlett-Packard Development Company, L.P. Server system with segregated management LAN and payload LAN
US7228420B2 (en) 2002-06-28 2007-06-05 Temic Automotive Of North America, Inc. Method and system for technician authentication of a vehicle
US7325135B2 (en) 2002-06-28 2008-01-29 Temic Automotive Of North America, Inc. Method and system for authorizing reconfiguration of a vehicle
US7010682B2 (en) 2002-06-28 2006-03-07 Motorola, Inc. Method and system for vehicle authentication of a component
US7600114B2 (en) 2002-06-28 2009-10-06 Temic Automotive Of North America, Inc. Method and system for vehicle authentication of another vehicle
US7549046B2 (en) 2002-06-28 2009-06-16 Temic Automotive Of North America, Inc. Method and system for vehicle authorization of a service technician
US7127611B2 (en) 2002-06-28 2006-10-24 Motorola, Inc. Method and system for vehicle authentication of a component class
US7131005B2 (en) 2002-06-28 2006-10-31 Motorola, Inc. Method and system for component authentication of a vehicle
US7137001B2 (en) 2002-06-28 2006-11-14 Motorola, Inc. Authentication of vehicle components
US7181615B2 (en) 2002-06-28 2007-02-20 Motorola, Inc. Method and system for vehicle authentication of a remote access device
WO2004004204A1 (fr) * 2002-06-28 2004-01-08 Motorola, Inc., A Corporation Of The State Of Delaware Procede et systeme d'authentification d'un composant par un vehicule
EP1406464A1 (fr) * 2002-09-25 2004-04-07 Siemens Aktiengesellschaft Procédé et terminal de communication pour l'établissement sécurisé d'une connexion de communication
WO2005020534A1 (fr) * 2003-08-13 2005-03-03 Siemens Aktiengesellschaft Procede et dispositif pour transmettre des informations de securite et des informations utiles par l'intermediaire de liaisons securisees separees
GB2419785B (en) * 2004-10-27 2007-10-17 Roke Manor Research A method of determining reliability of data
GB2419785A (en) * 2004-10-27 2006-05-03 Roke Manor Research Ensuring the integrity of data by transmitting over at least two separate paths and comparing each reception to determine reliability

Also Published As

Publication number Publication date
DE10054941A1 (de) 2002-05-29

Similar Documents

Publication Publication Date Title
DE69716221T2 (de) Verfahren und vorrichtung zum betrieb eines transaktionsservers in einer privaten datenbankumgebung
DE69903111T2 (de) Gesicherte Übertragung von breitbandigen Daten
DE69827410T2 (de) Datenkommunikation
DE69728991T2 (de) Objektorientierte digitale unterschriften
EP0440914B1 (fr) Procédé d'allocation de données d'information à un expéditeur particulier
DE602004005219T2 (de) Verfahren und einrichtung zur sicherung der inhaltsablieferung über ein kommunikationsnetz über inhaltsschlüssel
DE69730240T2 (de) Authentifizierungsverfahren für zugangskontrollsystem und/oder für zahlungssystem
DE69931344T2 (de) Nachrichtenverarbeitungsverfahren und system in einem telekommunikationssystem
WO2002037745A1 (fr) Procede de transmission protegee de donnees entre deux terminaux et dispositif approprie pour mettre ledit procede en oeuvre
DE69838258T2 (de) Public-Key-Datenübertragungssysteme
DE69925482T2 (de) Verfahren, einrichtung und gerät zur authentifizierung
DE69835670T2 (de) Datenübertragungssystem
DE60202149T2 (de) Verfahren zur kryptographischen authentifizierung
DE10124427A1 (de) System und Verfahren für einen sicheren Vergleich eines gemeinsamen Geheimnisses von Kommunikationsgeräten
EP2098039A1 (fr) Procédé de transfert de messages codés
DE102005040333A1 (de) Verfahren und Vorrichtung zur Erzeugung eines Inhaltdekodierungsschlüssels
EP0740439B1 (fr) Méthode, système et équipement d'abonné pour séparation protégée contre la manipulation des circulations de messages
EP0765550A1 (fr) Dispositif de dechiffrement d'algorithmes de dechiffrement et procede pour le chiffrement et le dechiffrement au moyen d'un tel dispositif
DE19801241C2 (de) Verfahren zur Generierung asymmetrischer Kryptoschlüssel beim Anwender
DE19648824A1 (de) Verfahren zum gesicherten Nachrichtenaustausch bei Massendiensten, sowie Teilnehmereinrichtung und Diensteanbietereinrichtung hierfür
EP1183847B1 (fr) Procede de transmission securisee de donnees protegees
DE10247874B4 (de) Verfahren zum Austausch von Daten zwischen einem Client und einem Server eines Internets
DE19638623A1 (de) Computersystem und Verfahren zur Ausgabe von verschlüsselten Daten
DE60126583T2 (de) Verfahren und Vorrichtung zur automatischen Chiffrierung/Dechiffrierung in einem sicheren Kommunikationssystem
EP0877507B1 (fr) Chiffrage point-à-point

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
122 Ep: pct application non-entry in european phase