WO2003034630A2 - Method and device for data exchange between a client and an internet server - Google Patents
Method and device for data exchange between a client and an internet server Download PDFInfo
- Publication number
- WO2003034630A2 WO2003034630A2 PCT/EP2002/011457 EP0211457W WO03034630A2 WO 2003034630 A2 WO2003034630 A2 WO 2003034630A2 EP 0211457 W EP0211457 W EP 0211457W WO 03034630 A2 WO03034630 A2 WO 03034630A2
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- server
- data
- client
- interserv
- internal
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0209—Architectural arrangements, e.g. perimeter networks or demilitarized zones
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
Definitions
- the subject matter of the invention relates to a method and to a device for the secure exchange of data between a client and a server of an Internet.
- the Internet for example the World Wide Web, has developed into a new information and business medium.
- the user of the Internet can do almost all business on the Internet.
- the procurement of information and data from the Internet also plays an important role.
- Such an exchange usually takes place via identification of the client and the server by means of appropriate codes.
- a method for transmitting digital data by means of a computer-aided communication system is known.
- Clients data receivers
- an information transmitter and a data server are connected to the communication system, the client being assigned a receiver-specific first code and the data transmitter being assigned a transmitter-specific second code, an individual third code being assigned to the amount of data to be transmitted, and at least one of the first, second or third codes is assigned by the server and at least one of these partial codes is stored in an operating system of the recipient's file.
- a firewall also has the function of protecting against third-party access to the client via the Internet. For example, the firewall compares, for example, the IP address of the computer from which a received data packet originates, with a list of allowed senders whose data can pass through.
- a problem with a firewall is that it always has to be maintained to ensure that no access to the client is achieved from the outside.
- Another problem with a firewall is that it involves considerable investment costs if a high security standard is required. This is particularly necessary if significant personal and / or business information is stored on the client.
- the data requested by the client are obtained from the Internet by querying the Internet via an external computer that has no physical connection to the client.
- the data obtained from the Internet are stored on a storage medium and transported from the external server to the client with the aid of the storage medium, which can be a floppy disk, for example.
- This procedure represents a secure isolation of the client from attacks via the Internet.
- the effort is not insignificant. This grows the more, the more clients have to be served by an external server.
- the present invention is based on the objective of specifying a method and a device as well as a computer program product by means of which a high security level of the client against attacks from the Internet is achieved.
- the method according to the invention for exchanging data between a client and a server of an Internet is distinguished in that data, which can also be a request, is sent from a client to an internal server.
- This data is forwarded from the internal server to an external server via a secure connection between the internal and the external server.
- the external server communicates with an Internet server and exchanges data with it.
- the data transmitted from the Internet server to the external server is sent to the internal server via a secure connection and made available to the client.
- This procedure according to the invention ensures secure access for a client to data stored on the Internet. What is special about this procedure is that the client is physically separated from the Internet. This means that no access of any kind to the client can take place directly from the Internet. All requests from the client to the Internet are directed to the internal server. These requests are securely transmitted from the internal server to the external server preferably using a non-transparent, secured protocol.
- the external server forward the data, in particular the requests, in an anonymized form to the Internet server. This procedure should ensure that the client is not recognizable as such on the Internet.
- the new data which are transmitted from the Internet server to the external server, be compared with test data and only the data which deliver a positive test result are forwarded to the internal server.
- This check can be, for example Act check for possible viruses attached to the data.
- the IP address of the Internet server can also be checked.
- each client is connected to an internal server and each client is assigned a receiver-specific code that is assigned by the internal server.
- the receiver-specific code can be used to assign different priorities to the individual clients, so that the queries are processed in accordance with the priority of the clients.
- the individual clients can also receive different access authorizations. These access authorizations can be stored in encrypted form in the recipient-specific code.
- the intranet can, for example, be an intranet of a public institution.
- the intranet can also be a VPN (Virtual Personal Network), for example.
- a method procedure is preferred in which the data are embedded in a program.
- the data is migrated with the program so that increased system security is achieved.
- the secure connection is preferably achieved by encrypting at least the data.
- the device according to the invention contains at least the following components: a client, an internal server, a communication link between client and internal server, an external server, a secure communication link between internal and external server, a server of an Internet as well as a communication link between server and external server.
- a computer program product is proposed which is stored in the internal memory of a digital computer, containing at least parts of the software code for executing the method according to one of claims 1 to 5, when the product is executed on the computer.
- FIG. 1 shows schematically a first exemplary embodiment of the invention
- Figure 2 shows a second embodiment of the invention
- Figure 3 shows a third embodiment of the invention.
- a first exemplary embodiment of the invention is shown schematically in the figure.
- the client C1 is connected to an internal server Interserv via a communication link.
- the data connection D which is, for example, a query, is transmitted to the internal server InterServ through the communication connection 1.
- the internal server InterServ is connected to an external server ExterServ via a secure communication link 2.
- the data D is forwarded from the internal server InterServ to the external server ExterServ via a non-transparent, secure protocol.
- the data is forwarded from the external server ExterServ to a server SERV on the Internet.
- the server SERV of the Internet is connected to the external server ExterServ via a communication link 3.
- the server SERV of the Internet delivers new data D to the external one
- FIG. 2 shows schematically a second embodiment of the invention.
- the basic structure of the method and the device as shown in FIG. 2 essentially corresponds to the structure of the method and the device according to FIG. 1.
- the schematic representation of the invention according to FIG. 2 shows that several clients C1, C2 have an intranet form, which is connected to the internal server Interserv via a communication link 1.
- a secure communication link 2 is provided between the internal server and the external server.
- the query on the Internet is carried out via the external server, which is connected to the internal server.
- the internal server makes the data coming from the Internet available to the individual clients C1, C2.
- FIG. 3 A further exemplary embodiment is shown in FIG. 3.
- the basic structure of this embodiment corresponds to the structure and functioning of the device according to FIGS. 1 and 2.
- the internal server is Interserv with several intranets that can hold different numbers of clients , connected. Furthermore, the internal server can be connected to a single client.
- the invention proposes secure access from an intranet to data stored on the Internet.
Abstract
Description
Claims
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
AU2002337157A AU2002337157A1 (en) | 2001-10-12 | 2002-10-14 | Method and device for data exchange between a client and an internet server |
EP02772377A EP1435162A2 (en) | 2001-10-12 | 2002-10-14 | Method and device for data exchange between a client and an internet server |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
DE10150224.9 | 2001-10-12 | ||
DE10150224 | 2001-10-12 |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2003034630A2 true WO2003034630A2 (en) | 2003-04-24 |
WO2003034630A3 WO2003034630A3 (en) | 2003-10-09 |
Family
ID=7702194
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/EP2002/011457 WO2003034630A2 (en) | 2001-10-12 | 2002-10-14 | Method and device for data exchange between a client and an internet server |
Country Status (4)
Country | Link |
---|---|
EP (1) | EP1435162A2 (en) |
AU (1) | AU2002337157A1 (en) |
DE (1) | DE10247874B4 (en) |
WO (1) | WO2003034630A2 (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE102014119515A1 (en) * | 2014-12-23 | 2016-06-23 | Endress + Hauser Wetzer Gmbh + Co Kg | Method for operating a field device and arrangement comprising a field device |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6067620A (en) * | 1996-07-30 | 2000-05-23 | Holden; James M. | Stand alone security device for computer networks |
US6081900A (en) * | 1999-03-16 | 2000-06-27 | Novell, Inc. | Secure intranet access |
-
2002
- 2002-10-14 EP EP02772377A patent/EP1435162A2/en not_active Withdrawn
- 2002-10-14 DE DE10247874.0A patent/DE10247874B4/en not_active Expired - Fee Related
- 2002-10-14 AU AU2002337157A patent/AU2002337157A1/en not_active Abandoned
- 2002-10-14 WO PCT/EP2002/011457 patent/WO2003034630A2/en not_active Application Discontinuation
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6067620A (en) * | 1996-07-30 | 2000-05-23 | Holden; James M. | Stand alone security device for computer networks |
US6081900A (en) * | 1999-03-16 | 2000-06-27 | Novell, Inc. | Secure intranet access |
Also Published As
Publication number | Publication date |
---|---|
WO2003034630A3 (en) | 2003-10-09 |
EP1435162A2 (en) | 2004-07-07 |
DE10247874A1 (en) | 2003-04-17 |
AU2002337157A1 (en) | 2003-04-28 |
DE10247874B4 (en) | 2016-05-19 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP3425865B1 (en) | Method and device for unidirectional transmission of data to a remote application server without feedback | |
DE19740547B4 (en) | Apparatus and method for ensuring secure communication between a requesting entity and a serving entity | |
DE69731965T2 (en) | ACCESS TO COMPUTER EQUIPMENT FROM OUTSIDE THROUGH A FIREWALL | |
DE60133241T2 (en) | MORE APPLICATION SECURITY RELAY | |
DE60200451T2 (en) | Establishing a secure connection to a private corporate network via a public network | |
DE60203433T2 (en) | External access to a secured device in a private network | |
DE69825801T2 (en) | Apparatus and method for enabling equal access control in a network | |
DE69832786T2 (en) | DEVICE AND METHOD FOR IDENTIFYING CLIENTS THAT ACCESS NETWORK SITES | |
DE10025626A1 (en) | Encrypt data to be stored in an IV system | |
DE10116640A1 (en) | Forming long-term relationship between end user system and server involves using token containing identifier(s) for selected server, date-time marker and key for access to memory area | |
EP3245775A1 (en) | One-way coupling device, request unit and method for the feedback-free transmission of data | |
DE102011000876A1 (en) | Network separation | |
EP3105898B1 (en) | Method for communication between secured computer systems as well as computer network infrastructure | |
EP1083722B1 (en) | Method and gateway enabling an end-to-end secured access to WAP-services | |
DE60114186T2 (en) | Message broker | |
DE102004003549A1 (en) | Processing method for a prompt/request message delivered to a message-filtering computer by a mobile telephone (MT) in an MT network handles messages requiring peer-to-peer data files | |
WO2003034630A2 (en) | Method and device for data exchange between a client and an internet server | |
DE60104771T2 (en) | Method and apparatus for asynchronous information transactions | |
EP3376419A1 (en) | System and method for electronically signing a document | |
DE102004004345A1 (en) | System and method for communication between remote objects and local proxies | |
WO1998002991A1 (en) | Key distribution process between two units in an isdn/internet connection | |
EP0825526B1 (en) | Method for supporting interaction between two units | |
DE19645006A1 (en) | Data communication system between computers | |
DE102018118857A1 (en) | Method for the transmission of user data in a network | |
DE10054224C2 (en) | Method for data transmission and / or for the comparison of any data from a wide variety of database systems |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A2 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BY BZ CA CH CN CO CR CU CZ DE DM DZ EC EE ES FI GB GD GE GH HR HU ID IL IN IS JP KE KG KP KR LC LK LR LS LT LU LV MA MD MG MN MW MX MZ NO NZ OM PH PL PT RU SD SE SG SI SK SL TJ TM TN TR TZ UA UG US UZ VC VN YU ZA ZM |
|
AL | Designated countries for regional patents |
Kind code of ref document: A2 Designated state(s): GH GM KE LS MW MZ SD SL SZ UG ZM ZW AM AZ BY KG KZ RU TJ TM AT BE BG CH CY CZ DK EE ES FI FR GB GR IE IT LU MC PT SE SK TR BF BJ CF CG CI GA GN GQ GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
WWE | Wipo information: entry into national phase |
Ref document number: 2002772377 Country of ref document: EP |
|
WWP | Wipo information: published in national office |
Ref document number: 2002772377 Country of ref document: EP |
|
REG | Reference to national code |
Ref country code: DE Ref legal event code: 8642 |
|
NENP | Non-entry into the national phase |
Ref country code: JP |
|
WWW | Wipo information: withdrawn in national office |
Country of ref document: JP |