EP2347367A1 - Plate-forme de reseau informatique - Google Patents
Plate-forme de reseau informatiqueInfo
- Publication number
- EP2347367A1 EP2347367A1 EP09747895A EP09747895A EP2347367A1 EP 2347367 A1 EP2347367 A1 EP 2347367A1 EP 09747895 A EP09747895 A EP 09747895A EP 09747895 A EP09747895 A EP 09747895A EP 2347367 A1 EP2347367 A1 EP 2347367A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- application
- information system
- data
- computer network
- users
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Ceased
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6272—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database by registering files or documents with a third party
Definitions
- the present invention relates to a computer network platform whose infrastructure comprises an information system comprising servers and databases, most of which are unstructured, transiting through this network, as well as terminals from which users create , modify or consult the centralized data of this information system.
- Each information system document is identified by its file name and transits into the network and is stored in the same information system as data.
- data is a representation of information in a conventional form intended to facilitate its processing.
- the Internet an international communication network between different entities that are generally distant, such as computers, cameras, printers, servers, and using a communication protocol as a language to communicate,
- the intranet an internal network of a company, which operates on the technological model of the Internet, and - the extranet, zone of a restricted access intranet but accessible from outside the company provided that it has an identifier and a password.
- proxies In addition, currently available tools such as proxies, firewalls or the use of encryption technologies theoretically designed to address these contingencies, and which are supposed to effectively secure access to information system data exchanging between users, represents a significant cost of investment in data security of a company or an individual without offering effective protection. Indeed, these tools do not ensure a physical rupture of the communication protocol between the database and the users.
- the main task of a firewall is to control traffic between different trusted zones by filtering the data flows that pass through it. It operates according to rules pre-established by the network administrator.
- a proxy relays requests between a client and a server. Specifically, the user identifies himself using an identifier and a password, then according to rules also determined in advance by the only network administrator, the user or not passes a screen. fire that filters communications according to the port used.
- the ports can be assimilated to doors associated with a service or a network application and giving access or not to the operating system of the client machine in a client / server model, that is to say giving access or not to the terminals users and at the same time the data they contain. For each port, a number is assigned, this number is coded on 16 bits, which explains that there is a maximum of 65,536 ports (2 16 ) per computer.
- the encryption technologies they only encode the information according to a pre-established algorithm, so it is enough to appropriate the algorithm to decode the information.
- the present invention adopts a new vision of the computer network which instead of being based on the workstation of the user by controlling its actions by the assignment of rights, is based on access to data grouped within a central information system, which makes it much easier to protect.
- a single document is created by a user who places it in the centralized information system. It then assigns usage rights on this document to other users.
- the object of the present invention is to propose a solution that overcomes these drawbacks without affecting the quality of service.
- the present invention essentially relates to a computer network platform for managing and sharing mostly unstructured data transiting through this network and whose infrastructure includes an information system comprising a one or more databases and / or data servers, as well as terminals from which users create, modify or consult the data of the information system, characterized in that the information system comprises unique data intended to be shared, and is isolated from the user terminals by an application that manages the accessibility to the said information system and / or the securing of the unique data it contains by physically breaking the network protocol used for communication between the information system and user terminals.
- This computer network platform enables the centralization of unique data, especially the unstructured data of a company that usually occupies a large space on enterprise servers due to their scattering and duplication.
- Unique data means data that has not been previously duplicated and that is present in the information system, for example in the form of a single document.
- the data security policy is here based on the data itself and not only on their transfer through one or more computer networks.
- This computer network platform also allows secure and easy access to these data by disregarding a three-dimensional architecture formed by the three existing network models and reframing all the security around the data.
- the application could be described as a "dynamic proxy" because it does not have pre-established security rules but on the contrary has security rules established on demand for each document contained in the information system. This leads to a simplification of the architectures thanks to this application interposed between the database of the information system and the terminals of the users wanting to have access to it.
- the communication network uses the TCP / IP protocol suite, that is to say that it is based on the TCP protocol for Transmission Control Protocol and on the Internet protocol. IP for "Internet Protocol”. It is clear that the invention is not limited to these particular types of communication protocols.
- the physical disruption of the network protocol is managed by the application which controls two independent and physically separate sub-applications from each of the network connections, concretely one of the so-called inner sub-applications (I). is in permanent relationship with the internal network of the information system, and the other so-called external sub-application (E) is in permanent relationship with the said external network to which are connected all the terminals of the users.
- the passage of data between the two sub-applications that is managed by the application uses the on-the-fly rewrite or parsing technique.
- the editing of the documents contained in the information system is independent of the software or programs installed on the users' terminals.
- This confers an independence of the software of the workstation for a greater user efficiency and makes it possible in particular to users with different software on their workstation and whose formats are not usually compatible with each other, to work on the same document with a different file format on each of their machines.
- the platform frees itself from the content of the workstation of the user terminals.
- the user terminals are only used for their graphical interface and computing capacity, the unique data being stored only in the information system.
- the information system does not contain a workstation.
- Access to the database of the information system is therefore only through the application, direct access is not possible.
- the application is also the only way to directly access the unique data stored in the information system.
- This unique data generates a single document.
- the application is therefore the only one able to manage the contents of the information system.
- the guardian identifies each user: he asks them for the key of the safe of the vault to which they have a right of access, identifies the rights of the user according to the color of the key that is given to him, control (by antivirus) if necessary, the documents brought by a user intended to integrate a safe in the vault. This key can be returned to him in the case of a boot rental by analogy to a space allowance in the information system.
- the guard (application) is the only one to enter the vault (information system), he then takes the key of the user and goes to find the contents of the corresponding safe that is in the vault.
- the guard (application) can only open the vault (s) (files) whose customer has the key (rights) and only those ones.
- the guard (application) then returns the contents of the chests (files) to the user. Depending on the key color that has been given to him, the guardian assigns a right to modify the document or only to consult. Once the task of the user is complete, the guard (application) takes the document that he will recheck (by antivirus) before putting it back into his respective safe inside the vault. The user then leaves the bank with his key and this key can be removed at any time by the user who gave it to him. At no time could the user have direct access to the documents inside the vaults in the vault.
- the protocols and / or services provided by the application are independent of the type of use, such as roaming, mobile, from a fixed station or in public spaces.
- the platform can support all kinds of computer network techniques such as for example wifi TM or 3G. It is understood that these examples are cited here as non-exhaustive and that the use of any other network technique is perfectly conceivable.
- the application uses only open ports by default by an operating system installed on the terminals, preferably only ports 80 for HTTP (HyperText Transfer Protocol),
- Locator of the application.
- the implementation of the application is greatly simplified since it is sufficient to open these three ports on all terminals to be able to communicate with the application. It should be noted that these three ports are by default open regardless of the operating system used on the workstation user terminals, so users can easily communicate with the application while having other open ports necessary for other local applications.
- the information system contains at least one unique document whose viewing rights and / or access and / or modification for / by each user are given by the user who created the document.
- the application manages a temporary storage space, preferably FTP, created in the sub-application (E) when ordering data transfer from a terminal to the application and / or when creation of data directly from the application, and cleared as soon as the data has reached the information system.
- a temporary storage space preferably FTP
- This temporary storage space can be advantageously constituted by an FTP (File Transfer Protocol) cache, capable of storing large volumes of information, the application then taking the information contained in this FTP cache to deposit it in the file. information system by rewriting it on the fly. The information is then accessible only from the application. It is thus protected from the rest of the network.
- FTP File Transfer Protocol
- the temporary storage space is monitored by at least one antivirus but preferably two. This reduces the chances of infection of the database in the information system. This check is carried out systematically when a contributor sends data to the temporary storage space of the application, but of course this does not prevent users from carrying out a control of the data on their computer. working with their own antivirus.
- the application comprises a graphical interface.
- This interface replaces the operating system, is user-friendly, simple and intuitive and does not require any special training for the user.
- the graphical interface of the platform application is in the form of a universal secure data sharing solution with a preferably multilingual workspace and accessible from any of the terminals of the users distributed around the world and connected to the application.
- the graphical interface is multilingual for easier access from anywhere in the world, and it is multi-server, multi-base, multi-site and multi-address book to facilitate the assignment of rights .
- This platform is therefore universal and easily accessible to all potential users.
- an internet browser acts as operating system for the graphical interface.
- the present invention also relates to an assembly comprising a plurality of platforms interconnectables them and with an infrastructure as described above.
- FIG. 1 shows the block diagram of the platform.
- Figure 2 shows an example of application of this platform.
- the users 6 can indifferently connect to the application 3 from the web 4 (World Wide Web) or from the corporate intranet 5 that has an Internet connection using the TCP / IP protocol suite.
- Each of the workstations 8 of these two networks is open on the ports 80, 443 and 21.
- These workstations 8 are connected via the Internet and its suite of TCP / IP protocols to application 3 and in particular to the external subapplication (E) which comprises a network card 9 enabling it to communicate with the user.
- E external subapplication
- an FTP cache 1 1 for temporarily storing data that can occupy a large volume
- the universal sharing solution serving as a graphical interface 10 of the application 3.
- the external sub-application (E) is physically separated from the inner sub-application (I) by a break 12 of the TCP / IP protocol suite.
- the inner sub-application (I) comprises one or more network cards 1 3 which enable it to communicate according to the TCP / IP protocol suite with all the storage resources 14 of the information system 2 via their respective network cards.
- the information system 2 thus contains all the storage resources 14 of the information system 2; these include databases (DATA), and / or local servers that are unitary or grouped together in a computer clean room. However, it does not contain a workstation.
- DATA databases
- FIG. 2 We now consider the concrete case illustrated in Figure 2 where a contributor working from a design office 15 in France wants to create a document 20, but above all wants to share it with its collaborators 16 in China without it scattering in a multitude of files and providing that they can modify it; the various modifications appearing in a single final document 20 contained in the information system 2 managed by the same application 3.
- the contributor 6 has several possibilities: the French contributor connects to the application 3 of the company from the address bar of his Internet browser by entering the address specific to the hosting server of his company or any other hosting server 17, 18 through which he wants to share documents, such as for example the hosting server of Chinese employees, the French contributor is connects to the application 3 through a hypertext link that sent him his company on his mail if it activated the service, the French contributor was created as a contact in the address book of a other user 6, the contributor wishing to share a document then receives an electronic message informing him of this creation as well as a direct link to the application 3 for which he has been assigned.
- the contributor accesses the homepage of the graphical interface 10 of the application 3 offering him the solution of sharing an iversel of the information of the document.
- the administrator of each application can also define the contexts of the application (graphic charts, layouts, page contents, translations, ). The contributor then has the possibility to change the language of the text of the graphical interface 10. In order to access the services of the application
- the next step is to share this document, the contributor assigns the rights of use of this document 20 to other users 6 listed in his address book, such as Chinese collaborators or he will have created or imported in this same address book. It can then assign editing rights to some users, while it only affects viewing rights to others.
- the publication consists in transferring by parsing the information created in the FTP cache 1 1 from the sub-application (E) to a storage area of the information system 2 via the network card 13 of the sub-application. (I).
- This arrangement ensures the physical break 12 of the TCP / IP protocol suite 7 between the information system 2 and the various user terminals 8.
- the application 3 takes the information from (E) to deposit it in (I)
- the information becomes "dead” and not accessible outside the application 3
- the FTP cache 11 is also cleaned by the user.
- application 3 at the time when the application 3 takes the data from (E) to deposit it in (I).
- the French contributor can then disconnect from the application 3. It should be noted that a published document is visible only by the users 6 who have been authorized by the creator of the document 20.
- the Chinese users log in from their workstation 8 to the enterprise application 3 in one of the same ways as for the contributor.
- the user 6 then logs on to his account using an identifier and a password assigned to him by the administrator of this application 3 of the company. Once logged in each user 6 sees the documents for which rights have been given to him and only those.
- the rights for each file appearing in one of these three forms are color-coded to immediately indicate the user's rights to a file.
- Five distinct colors are preferably used to identify the different types of files that are hierarchically ranked in descending order of power on the file:
Abstract
Description
Claims
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FR0805305A FR2936628B1 (fr) | 2008-09-26 | 2008-09-26 | Plate-forme de reseau informatique |
PCT/FR2009/051779 WO2010034928A1 (fr) | 2008-09-26 | 2009-09-22 | Plate-forme de reseau informatique |
Publications (1)
Publication Number | Publication Date |
---|---|
EP2347367A1 true EP2347367A1 (fr) | 2011-07-27 |
Family
ID=40565330
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP09747895A Ceased EP2347367A1 (fr) | 2008-09-26 | 2009-09-22 | Plate-forme de reseau informatique |
Country Status (4)
Country | Link |
---|---|
US (1) | US20110321163A1 (fr) |
EP (1) | EP2347367A1 (fr) |
FR (1) | FR2936628B1 (fr) |
WO (1) | WO2010034928A1 (fr) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20130086467A1 (en) * | 2011-10-03 | 2013-04-04 | Google Inc. | System for sending a file for viewing on a mobile device |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2005085971A1 (fr) * | 2004-03-01 | 2005-09-15 | Qinetiq Limited | Limitation des risques de menace dans des reseaux d'ordinateurs |
Family Cites Families (18)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4558413A (en) * | 1983-11-21 | 1985-12-10 | Xerox Corporation | Software version management system |
GB2272312A (en) * | 1992-11-10 | 1994-05-11 | Ibm | Collaborative working in a network. |
EP0667972B1 (fr) * | 1993-02-26 | 1996-11-06 | Taligent, Inc. | Systeme de travail en collaboration |
EP0622930A3 (fr) * | 1993-03-19 | 1996-06-05 | At & T Global Inf Solution | Partage d'application pour système d'ordinateurs à collaboration. |
US6204847B1 (en) * | 1995-07-17 | 2001-03-20 | Daniel W. Wright | Shared virtual desktop collaborative application system |
US6233600B1 (en) * | 1997-07-15 | 2001-05-15 | Eroom Technology, Inc. | Method and system for providing a networked collaborative work environment |
US6584466B1 (en) * | 1999-04-07 | 2003-06-24 | Critical Path, Inc. | Internet document management system and methods |
AU2000243591A1 (en) * | 2000-01-14 | 2001-07-24 | Critical Path Inc. | Secure management of electronic documents in a networked environment |
JP2002007233A (ja) * | 2000-06-16 | 2002-01-11 | Ionos:Kk | 通信路のスイッチ接続制御装置 |
US20020147607A1 (en) * | 2001-02-14 | 2002-10-10 | Sarvajit Thakur | Automated INS application filing system |
US20040229199A1 (en) * | 2003-04-16 | 2004-11-18 | Measured Progress, Inc. | Computer-based standardized test administration, scoring and analysis system |
US20060010323A1 (en) * | 2004-07-07 | 2006-01-12 | Xerox Corporation | Method for a repository to provide access to a document, and a repository arranged in accordance with the same method |
US20060075391A1 (en) * | 2004-10-05 | 2006-04-06 | Esmonde Laurence G Jr | Distributed scenario generation |
US20060101028A1 (en) * | 2004-10-21 | 2006-05-11 | Banks Lanette E | Method and apparatus for efficient electronic document management |
US20060184784A1 (en) * | 2005-02-16 | 2006-08-17 | Yosi Shani | Method for secure transference of data |
US8868628B2 (en) * | 2005-12-19 | 2014-10-21 | International Business Machines Corporation | Sharing computer data among computers |
US20070255861A1 (en) * | 2006-04-27 | 2007-11-01 | Kain Michael T | System and method for providing dynamic network firewall with default deny |
US20090313113A1 (en) * | 2008-06-13 | 2009-12-17 | Dye Thomas A | Business method and process for commercial establishments to advertise directly into proprietary closed circuit networks |
-
2008
- 2008-09-26 FR FR0805305A patent/FR2936628B1/fr active Active
-
2009
- 2009-09-22 WO PCT/FR2009/051779 patent/WO2010034928A1/fr active Application Filing
- 2009-09-22 EP EP09747895A patent/EP2347367A1/fr not_active Ceased
- 2009-09-22 US US13/121,349 patent/US20110321163A1/en not_active Abandoned
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2005085971A1 (fr) * | 2004-03-01 | 2005-09-15 | Qinetiq Limited | Limitation des risques de menace dans des reseaux d'ordinateurs |
Non-Patent Citations (1)
Title |
---|
See also references of WO2010034928A1 * |
Also Published As
Publication number | Publication date |
---|---|
WO2010034928A1 (fr) | 2010-04-01 |
FR2936628B1 (fr) | 2011-04-01 |
FR2936628A1 (fr) | 2010-04-02 |
US20110321163A1 (en) | 2011-12-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104767834B (zh) | 用于加速计算环境到远程用户的传送的系统和方法 | |
US20070143357A1 (en) | System and method for efficient replication of and access to application specific environments and data | |
US8595106B2 (en) | System and method for detecting fraudulent financial transactions | |
WO2012069748A1 (fr) | Communication entre deux applications web | |
EP1704700B1 (fr) | Procede et systeme pour l' exploitation d'un reseau informatique destine a la publication de contenu | |
WO2004068817A2 (fr) | Procede et systeme dynamique de securisation d'un reseau de communication au moyen d'agents portables | |
EP2807815B1 (fr) | Système et procédö de controle d'une requête dns | |
US20050033596A1 (en) | Web-accessible, single-tier host-server-side computer programming application and the backend supporting business processes that represent a turnkey solution to "enable the turnkey activation of affordable, private, secure, scalable, sophisticated and extensible hierarchical communication networks for a plurality of American communities comprised of a plurality of members who may use any internet service provider (ISP) and who may use any relevant web browsing client in any relevant PC operating system to access the capability." | |
EP1559258A2 (fr) | Architecture informatique en reseau multi-etages | |
EP2347367A1 (fr) | Plate-forme de reseau informatique | |
EP3549330B1 (fr) | Procédé et système pour réaliser une operation sensible au cours d'une session de communication | |
CN108900543A (zh) | 管理防火墙规则的方法和装置 | |
EP3644146B1 (fr) | Dispositif d'enregistrement d'intrusion informatique | |
FR3093258A1 (fr) | Procede de protection d’un reseau prive d’ordinateurs | |
EP2618285B1 (fr) | Système de réseau informatique sécurisé pour la gestion de données personnelles | |
FR2809255A1 (fr) | Procede et appareil de fourniture et d'administration de services sur le reseau internet | |
EP1834467A1 (fr) | Procede de controle d'acces | |
EP1364324A2 (fr) | Systeme d'accuse de reception automatique de courrier electronique | |
EP2472818B1 (fr) | Procédé de traitement de données pour contrôler l'accès à des contenus sur Internet. | |
FR2835132A1 (fr) | Procede, systeme et dispositif pour securiser l'acces a un serveur | |
Walther et al. | CYA: Securing Exchange Server 2003 and Outlook Web Access | |
Schultz | Sidewinder Security Server 4.0 | |
DiDio | Novell remote security freebie now for sale | |
Paone | GTE security for any ISP | |
WO2013092569A2 (fr) | Procédé de gestion d'un document enrichi |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
17P | Request for examination filed |
Effective date: 20110321 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO SE SI SK SM TR |
|
AX | Request for extension of the european patent |
Extension state: AL BA RS |
|
DAX | Request for extension of the european patent (deleted) | ||
17Q | First examination report despatched |
Effective date: 20121214 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R003 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION HAS BEEN REFUSED |
|
18R | Application refused |
Effective date: 20141120 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R079 Free format text: PREVIOUS MAIN CLASS: G06F0021240000 Ipc: G06F0021000000 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R079 Free format text: PREVIOUS MAIN CLASS: G06F0021240000 Ipc: G06F0021000000 Effective date: 20150504 |