DE10046616A1 - Transaction-oriented method for secure and binding communication of banking data between banking client and server, by authorizing order separately from its transmission - Google Patents

Abstract

A two-layer security architecture is placed above a network layer (A) in a transport layer (B) and securing layer (C). Communication between banking client (1) and banking service (3) is established in the transport layer via a communication server, and in the securing layer (C) direct communication is established between banking client and banking server, on which sensitive data are transmitted securely using a special protocol. An order from client to server is authorized separately from the transmission of the order.

Description

The invention relates to a transaction-oriented method for secure and binding communication of banking-related data between a banking client and a banking server over the Internet.

So-called electronic banking for corporate customers is known. This procedure will characterized by file transfer-oriented communication via public networks, for example X.25 or ISDN. For the authorization of the banking orders a Electronic signature is used, which is based on the security algorithm RSA. There is also the option of multiple signatures for a single banking order to accomplish d. H. A banking order can be authorized by multiple people by Each of these people creates an electronic signature for the same order becomes. However, all signatures for a banking order must be collected in one single file to be transferred to the bank. This means that everyone on a multiple Signature involved persons must use the same customer system. Payment orders are usually generated from an ERP system that is run by an operator is served. The authorization of the payment orders takes place on the other hand, by other people, such as managing directors or authorized officers. This Groups of people generally use different LT systems and do not share necessarily the same TV infrastructure. The disadvantage of this is that separation of the customer systems for the transfer of payment orders to the bank as well as the Authorization with the known method only with restrictions on the Security requirements are possible. If the signatories of operate from different locations, for example branches or branches that can also be located abroad, so there is often no uniform internal network access a central customer system. A distributed electronic signature from the individual people are therefore not feasible. In addition, network Infrastructures based on X.25 and ISDN are expensive and time-consuming Entertainment. Furthermore, the known method cannot for security reasons operated over the Internet. Another disadvantage of the known method consists of the fact that it is based on a file transfer and is therefore not interactive.  

The object of the invention is to provide a method with which one transaction-oriented transmission of orders from one banking client to another Banking server done securely over the internet.

The task is accomplished through a transaction-oriented process with the characteristics of Claim 1 solved. Advantageous developments of the invention are the subject of Dependent claims.

The method according to the invention separates the data transmission from the authorization achieved, the authenticity and integrity of the data at the Transmission can be ensured. A two-tier security architecture is used above the Internet HTTP protocol. The special protocol combines this modern security algorithms for encryption, e.g. RSA or DES, and for the electronic signature, for example hash or RSA, with the interactive online functions of the Internet, for example HTTP or WWW. The Transport layer basically ensures secure data transmission Encryption and an electronic signature. With the electronic Signature is a purely technical signature about which the integrity the data on the Internet is ensured during transmission. On the secured Using the transport layer, banking-related data is transmitted with absolute security. For the authorization of bank orders, for example payment orders, Security orders or letters of credit are opened using a separate key generated a voluntary signature and sent it to the bank.

It is advantageous if the fuse in the data link layer consists of two sub-layers exists, especially for cryptography and a signature. After in the Transport layer a direct connection between the communicating components Banking Client and Banking Server is set up in the data protection layer Transport security a secure end-to-end connection between the banking client and the banking server. By using two sublayers the data during transmission on the Internet and also on the bank's web server protected against unauthorized inspection and manipulation.

It is also advantageous if the application layer in two sub-layers is structured, in particular a base sub-layer and an application sub-layer who are running the special protocol. This separates different ones  Functions possible. In the base sublayer are generally usable Protocol elements defined, in particular the representation of the deliberate electronic Signature for multiple people from different locations submit electronic signature. The individual are above the base sub-layer banking functions defined.

Another advantageous development of the invention provides that the authorization an order from the banking client to the banking server only after the transfer of the Order is made. This offers considerable advantages especially when it comes to the Bank orders are bulk data, such as bulk payments or Mass direct debits. The data transfer from the ERP system can automated without manual intervention, for example at night, and the Authorization can only be achieved after a short interaction with the Bank system to be submitted later. For example, as soon as the signature Beneficiaries on their the following day or after a weekend Workplace.

It is also advantageous if the authorization by several people from from different locations, in particular location-independent and mobile. This is it is possible for banking orders that are authorized by multiple people require that multiple signatures can be transferred accordingly. The transfer of these individual signatures to the bank can be timed and spatially completely separate from each other. In this case one speaks of one distributed electronic signature. The authorization is easily from possible from different locations, but no common internal network infrastructure is required. The electronic signature can also, for example, via a laptop can be made on the go. This is especially for one Managing director important when traveling. The process can also be easily expanded to authorization from new devices, for example a mobile phone or a Handheld.

It is also advantageous if the security level meets the current requirements is adjusted. The highest possible security level is always possible be guaranteed. For example, the RSA key lengths can be increased or the Security algorithms to be replaced by others.  

Further advantageous developments and advantages of the invention are the subject of embodiment described with reference to the drawings. Here show:

Fig. 1 is a schematic representation of a system to which a method of the invention can be carried out,

FIG. 2 is a systematic view of the protocol architecture of an inventive method and

Fig. 3 shows a sequence of a method according to the invention in the application, the security and the transport layer.

In Fig. 1, several banking clients 1 are connected via the Internet 3 to a communication server 4 of a bank. The communication server 4 is connected to a banking server 2 . This banking server 2 is in turn connected to a bank computer 5 and a database 7 . In addition to the banking server 2, the bank computer 5 is additionally connected to the database 7 and a host 6 . In order to ensure the security of the data in the bank, the devices of bank 2 , 4 , 5 , 6 , 7 are protected by a multi-level firewall. A first firewall 8 is installed between the Internet 3 and the communication server 4 and a second firewall 9 is installed between the communication server 4 and the banking server 2 .

With banking client 1 , an applet runs in a browser, through which communication with communication server 4 is possible. The communication server 4 consists of a web server with integrated servlets for the transmission of the application data secured by a transport lock (see description of FIG. 2) between the banking client 1 and the banking server 2 . The bank computer 5 is the central communication server 4 of the bank. This is responsible for forwarding the banking-related data, for example payment orders, to subordinate host applications and provides information from the host applications, for example account information, for retrieval by the banking client 1 .

In FIG. 2, the protocol architecture of the particular protocol 10 is shown. This is called BCS-WWW. The communication between the banking client 1 , communication server 4 and banking server 2 systems involved is divided into logical layers. The logical layers shown are the network layer A, the transport layer B, the data link layer C and the application layer D. At the level of the network layer A, the HTTP protocol 13 is used for data transmission in the Internet 3 . At this level, TCP / IP 14 is used between Communication Server 4 and Banking Server 2 . In the transport layer B, the communication between the banking client 1 and the banking server 2 is established, wherein the banking client 1 to the server 4 via Communication MWTP 11 and the communication server 4 with the banking server 2 MBRPC 12 communicates. It is thus possible for a secure end-to-end connection to be established between the banking client 1 and the banking server 2 in the security layer C, which stands for the transportation security. This security layer C consists of two sub-layers, a cryptography sub-layer C1 for the encryption of the data and a signature sub-layer C2 for the transmission of the electronic signature or the electronic signatures. As a result, all data are protected against unauthorized access and manipulation during transmission on the Internet 3 and also on the web server in the bank's Communication Server 4 . A cryptographic function 10 a of the special protocol 10 for communication between the banking client 1 and the banking server 2 runs in the cryptography sublayer C1. A signature function 10 b of the special protocol 10 runs in the signature sublayer C2.

Application layer D is also structured in two sub-layers. Protocol elements which can be used in general are defined in a base sublayer D1. In particular, the representation of the voluntary electronic signature for a distributed electronic signature is defined here. Above this base sub-layer D1, the individual banking functions are defined in an application sub-layer D2. Communication between the banking client 1 and banking server 2 in the basic sub-layer D1 takes place via a basic function 10 c of the special protocol 10 . In the application sub-layer D2, application functions 10 d are communicated via the special protocol 10 .

The application data and voluntary electronic signatures are thus communicated above the secured transport layer B. The transport security with encryption and electrical signature is established end-to-end directly between the Banking Client 1 and the Banking Server 2 . The individual layers in banking client 1 , network layer A, transport layer B, data link layer C and application layer D, communicate with each other via API (Application Programming Interface). The same applies to Banking Server 2 . In the communication server 4 , in which only the network layer A and the transport layer B are required for the method according to the invention, these two layers also communicate via API. In Fig. 3 a resulting from the above described protocol architecture of BCS WWW as a special protocol 10 sequence is shown a typical transaction for the relationship between the protocols of the link layer and the transport layer C B. A first request 15 from the banking client 1 to the communication server 4 takes place in the transport layer B using the MWTP 11 protocol. The communication server 4 forwards the first request to the banking server 2 as a second request 16 . MBRPC 12 is used in the transport layer B for this purpose. For a first response 17 from the banking server 2 to the communication server 4 , the MBRPC 12 protocol is again used in the transport layer B. The response is forwarded by the communication server 4 to the banking client 1 as a second response 18 . For this purpose, the MWTP 11 protocol is used in the transport layer B. The special protocol 10 (BCS-VVWW) is used in the data link layer C and in the application layer D for the first request 15 , the second request 16 , the first answer 17 and the second answer 18 .

LIST OF REFERENCE NUMBERS

1

Client server

2

Banking server

3

Internet

4

Communication server

5

bank computer

6

host

7

Database

8th

First firewall

9

Second firewall

10

Special protocol

10

a cryptographic function

10

b Signature function

10

c Basic function

10

d Application function

11

MWTP

12

MBRPC

13

HTTP

14

TCP / IP

15

First request

16

Second request

17

First answer

18

Second answer
A network layer
B transport layer
C Data link layer
C1 cryptography sublayer
C2 signature sublayer
D application layer
D1 base sublayer
D2 application sublayer

Claims (6)

1. Transaction-oriented method for the secure and binding communication of banking-related data between a banking client ( 1 ) and a banking server ( 2 ) via the Internet ( 3 ), characterized in that above the network layer (A) a two-layer security architecture in the transport layer ( B) and the data link layer (C), with communication in the transport layer (B) between the banking client ( 1 ) and banking server ( 3 ) via a communication server ( 4 ) and in the data link layer (C) direct communication between Banking client ( 1 ) and banking server ( 2 ) is established, on which sensitive data is securely transmitted using a special protocol ( 10 ), whereby an authorization of an order from the banking client ( 1 ) to the banking server ( 2 ) is separated from the The order is transferred. 2. The method according to the preceding claim, characterized in that the fuse in the data link layer (C) from two sub-layers (C1, C2), especially for cryptography and a signature. 3. The method according to any one of the preceding claims, characterized in that the application layer (D) is structured in two sub-layers (D1, D2), in particular a base sub-layer (D1) and an application sub-layer (D2) on which the special protocol ( 10 ) running. 4. The method according to any one of the preceding claims, characterized in that the authorization of an order from the banking client ( 1 ) to the banking server ( 2 ) takes place only after the transmission of the order. 5. The method according to any one of the preceding claims, characterized in that  authorization by several people from different locations, in particular regardless of location and mobile. 6. The method according to any one of the preceding claims, characterized in that the security level is adapted to current requirements.