EP2338253A1 - A method for secure communication - Google Patents

A method for secure communication

Info

Publication number
EP2338253A1
EP2338253A1 EP09813314A EP09813314A EP2338253A1 EP 2338253 A1 EP2338253 A1 EP 2338253A1 EP 09813314 A EP09813314 A EP 09813314A EP 09813314 A EP09813314 A EP 09813314A EP 2338253 A1 EP2338253 A1 EP 2338253A1
Authority
EP
European Patent Office
Prior art keywords
data packet
communication
predetermined
communication equipments
binary representations
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP09813314A
Other languages
German (de)
French (fr)
Other versions
EP2338253A4 (en
Inventor
Per Kinnander
Per STACKEGÅRD
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Security Alliance Stockholm AB
Original Assignee
Security Alliance Stockholm AB
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Security Alliance Stockholm AB filed Critical Security Alliance Stockholm AB
Publication of EP2338253A1 publication Critical patent/EP2338253A1/en
Publication of EP2338253A4 publication Critical patent/EP2338253A4/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G09EDUCATION; CRYPTOGRAPHY; DISPLAY; ADVERTISING; SEALS
    • G09CCIPHERING OR DECIPHERING APPARATUS FOR CRYPTOGRAPHIC OR OTHER PURPOSES INVOLVING THE NEED FOR SECRECY
    • G09C1/00Apparatus or methods whereby a given sequence of signs, e.g. an intelligible text, is transformed into an unintelligible sequence of signs by transposing the signs or groups of signs or by replacing them by others according to a predetermined system
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/12Transmitting and receiving encryption devices synchronised or initially set up in a particular manner
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/30Compression, e.g. Merkle-Damgard construction

Definitions

  • the present invention relates to a method for electronic communication between at least two communication equipments.
  • An object of the invention is to decrease risks of harmful software code being given access to a communication equipment so that it causes damage. This object is attained by a method for electronic communication between at least two communication equipments, characterized by the steps of
  • correlation information that is accessible to the communication equipments and correlates predetermined expressions, for usage in messages in communication sessions between the communication equipments, using predetermined binary representations, and
  • the method allows secure electronic communication between communication equipments, which may be any type of equipments for electronic communication and processing of data, e.g., computers, systems of computers, handheld units such as mobile telephones, etc.
  • the predetermined binary representations may be common uncrypted representations of respective of the predetermined expressions, e.g., by means of ASCII (American Standard Code for Information Interchange).
  • the correlation information may contain an encryptation step from the predetermined expressions to the binary representations and vice versa.
  • the predetermined expressions are preferably words or designations used in messages between the communication equipments. For instance, where one of the communication equipments is used by a person who is a member of a police squad, the predetermined expressions "50", “100”, “150”, “north”, “south”, “west”, “east”, “threat”, may be used in messages between the communication equipments, and the message "threat 100 west” means that there is a threat 100 m away in the westward direction.
  • Each one of the predetermined expressions can be correlated with one respective of the predetermined binary representations. Alternatively, at least some of the predetermined binary representations can be correlated with combinations of two or more of the predetermined expressions.
  • data packets sent between the communication equipments may contain one or more of the predetermined binary representations.
  • the compared part is preferably a "payload" comprised by the data packet, i.e., a content or message conveyed by the data packet, except from data relating to the control of the communication.
  • a communication protocol e.g., IP (Internet Protocol)
  • IP Internet Protocol
  • the predetermined expressions are used in messages between the communication equipments, i.e., between users of the communication equipments, and check of the presence of the binary representations for these expressions is included in the sending of the messages, checking of the proper message is included in a validation process for the authenticity thereof.
  • the invention provides, by a check of contents of communication messages, a secure electronic communication, wherein the risk of foreign harmful software code, such as so- called viruses, worms, etc., entering and disturbing or damaging any of the communication equipments is reduced.
  • the data packet is not allowed continued access to a communication session with another of the communication equipments.
  • the prevention of continued access may be provided by deleting the data packet, or by storing the data packet in a way that makes that access to the communication session is prevented.
  • Embodiments of the invention comprises the steps of creating, in a sending from the communication equipments, a message that contains at least one of the predetermined expressions, of selecting, by means of the correlation information, at least one of the binary representations that is correlated with at least one of the at least one predetermined expression of the message, of creating at least one data packet, each one of which comprises at least one of the selected binary representations, and of sending the data packet to another one of the communication equipments.
  • the binary representations have a common predetermined length.
  • Said length may be relatively small, e.g., 1 kB, which is considerably smaller than the length of usually occurring harmful software code, such as data viruses.
  • the length of at least a part of the received data packet can be compared with the common predetermined length of the binary representations. If these lengths do not correspond, continued access for data packet of the communication session can be prevented.
  • said receipt of the data packet is effected via a validation port in the communication equipment, the step of comparing at least a part of the received data packet with the predetermined binary representations being made on all data packets received in of the validation port.
  • the validation port may be arranged to receive only one packet at a time.
  • FIG. 1 schematically shows two communication equipments arranged to communicate with each other via a data network.
  • Fig. 1 schematically shows two communication equipments 1 arranged to communicate with each other via a data network 2 by means of IP.
  • Each one of the communication equipments 1 comprise a storage memory 11 and is arranged to store correlation information 12 in said same memory.
  • the correlation information 12 contains predetermined expressions 121 for usage in messages in communication sessions between the communication equipments 1.
  • the correlation information 12 correlates, e.g., by means of ASCII, the predetermined expressions 121 with predetermined binary representations 122. (In Fig. 1, there are shown fictitious binary numbers that do not correspond with ASCII.)
  • the communication equipments 1 are arranged to create a message that contains at least one of the predetermined expressions 121, to select, by means of the correlation information 12, at least one of the binary representations 122 that is correlated with the predetermined expression 121 in the message, and to create a data packet 3 that comprises the selected binary representation 122 as well as send the data packet 3 to the other communication equipment by means of IP.
  • the data packet contains, in addition to the binary representation 122, also a header 31 according to TCP/IP.
  • the communication equipments 1 comprise a validation port 13 having a data storage and a processor, which validation port 13 is arranged to receive the data packet 3, and compare the binary representation 122 in the data packet 3 with the predetermined binary representations 122 in the storage memory 11 of the receiving communication unit 1. If it is clear that correspondence exists between one of the stored predetermined binary representations 122 and the predetermined binary representation 122 in the received data packet 3, the data packet is allowed continued access to the communication session between the communication equipments 1 , otherwise not. In the latter case, the data packet is deleted from the data storage of the validation port 13.

Abstract

The invention comprises a method for electronic communication between at least two communication equipments (1), characterized by the steps of - storing correlation information (12) that is accessible to the communication equipments (1) and correlates predetermined expressions (121), for usage in messages in communication sessions between the communication equipments (1), with predetermined binary representations (122), and - receiving, in one of the communication equipments (1), a data packet (3), and comparing at least a part of the received data packet (3) with the predetermined binary representations (122).

Description

A method for secure communication
TECHNICAL FIELD
The present invention relates to a method for electronic communication between at least two communication equipments.
BACKGROUND
In security activities and crisis management of areas having objects that are vital for essential public functions, such as power stations and airports, or in areas where sabotage or terrorist actions could cause great damage, it is important that information can be gathered in a reliable way, that it can be presented to actors involved in the security activities so that it forms proper data for rapid decisions, as well as that the same actors can exchange relevant information while maintaining information security and secrecy.
It is a great problem for IT systems that are connected to networks that harmful software code, such as viruses, and unauthorized penetration may occur. Known solutions to protection against such presence of are often expensive and complicated and the remaining risk is occasionally judged to be so serious that the systems are not allowed be connected to a network and particularly not to the Internet. This applies particularly to security systems that contain delicate information and that have to be reliable in operation. On the other hand, it is often required that such systems have to be connected to networks, for practical reasons the Internet, to allow high accessibility for other systems and actors.
ABSTRACT
An object of the invention is to decrease risks of harmful software code being given access to a communication equipment so that it causes damage. This object is attained by a method for electronic communication between at least two communication equipments, characterized by the steps of
- storing correlation information that is accessible to the communication equipments and correlates predetermined expressions, for usage in messages in communication sessions between the communication equipments, using predetermined binary representations, and
- receiving, in one of the communication equipments, a data packet, and comparing at least a part of the received data packet with the predetermined binary representations.
The method allows secure electronic communication between communication equipments, which may be any type of equipments for electronic communication and processing of data, e.g., computers, systems of computers, handheld units such as mobile telephones, etc.
The predetermined binary representations may be common uncrypted representations of respective of the predetermined expressions, e.g., by means of ASCII (American Standard Code for Information Interchange). Alternatively, the correlation information may contain an encryptation step from the predetermined expressions to the binary representations and vice versa.
The predetermined expressions are preferably words or designations used in messages between the communication equipments. For instance, where one of the communication equipments is used by a person who is a member of a police squad, the predetermined expressions "50", "100", "150", "north", "south", "west", "east", "threat", may be used in messages between the communication equipments, and the message "threat 100 west" means that there is a threat 100 m away in the westward direction. Each one of the predetermined expressions can be correlated with one respective of the predetermined binary representations. Alternatively, at least some of the predetermined binary representations can be correlated with combinations of two or more of the predetermined expressions. Furthermore, data packets sent between the communication equipments may contain one or more of the predetermined binary representations.
If only a part of the data packet is compared with the predetermined binary representations, the compared part is preferably a "payload" comprised by the data packet, i.e., a content or message conveyed by the data packet, except from data relating to the control of the communication. When the data packet is sent by means of a communication protocol, e.g., IP (Internet Protocol), it contains, except from such a payload, also a header according to IP.
Since the predetermined expressions are used in messages between the communication equipments, i.e., between users of the communication equipments, and check of the presence of the binary representations for these expressions is included in the sending of the messages, checking of the proper message is included in a validation process for the authenticity thereof. Thus, the invention provides, by a check of contents of communication messages, a secure electronic communication, wherein the risk of foreign harmful software code, such as so- called viruses, worms, etc., entering and disturbing or damaging any of the communication equipments is reduced.
Thus, if it, after the receipt of the data packet in the communication equipment, is clear that there is no correspondence between at least one of the predetermined binary representations and the part of the received data packet compared with the predetermined binary representations, the data packet is not allowed continued access to a communication session with another of the communication equipments. The prevention of continued access may be provided by deleting the data packet, or by storing the data packet in a way that makes that access to the communication session is prevented.
Embodiments of the invention comprises the steps of creating, in a sending from the communication equipments, a message that contains at least one of the predetermined expressions, of selecting, by means of the correlation information, at least one of the binary representations that is correlated with at least one of the at least one predetermined expression of the message, of creating at least one data packet, each one of which comprises at least one of the selected binary representations, and of sending the data packet to another one of the communication equipments.
In certain embodiments, the binary representations have a common predetermined length. Said length may be relatively small, e.g., 1 kB, which is considerably smaller than the length of usually occurring harmful software code, such as data viruses. Thus, the length of at least a part of the received data packet can be compared with the common predetermined length of the binary representations. If these lengths do not correspond, continued access for data packet of the communication session can be prevented.
Preferably, said receipt of the data packet is effected via a validation port in the communication equipment, the step of comparing at least a part of the received data packet with the predetermined binary representations being made on all data packets received in of the validation port. The validation port may be arranged to receive only one packet at a time.
DESCRIPTION OF THE FIGURE
An embodiment of the invention will be described in more detail below, reference being made to the drawing, in which Fig. 1 schematically shows two communication equipments arranged to communicate with each other via a data network.
DETAILED DESCRIPTION
Fig. 1 schematically shows two communication equipments 1 arranged to communicate with each other via a data network 2 by means of IP. Each one of the communication equipments 1 comprise a storage memory 11 and is arranged to store correlation information 12 in said same memory. The correlation information 12 contains predetermined expressions 121 for usage in messages in communication sessions between the communication equipments 1. The correlation information 12 correlates, e.g., by means of ASCII, the predetermined expressions 121 with predetermined binary representations 122. (In Fig. 1, there are shown fictitious binary numbers that do not correspond with ASCII.)
The communication equipments 1 are arranged to create a message that contains at least one of the predetermined expressions 121, to select, by means of the correlation information 12, at least one of the binary representations 122 that is correlated with the predetermined expression 121 in the message, and to create a data packet 3 that comprises the selected binary representation 122 as well as send the data packet 3 to the other communication equipment by means of IP. In that connection, the data packet contains, in addition to the binary representation 122, also a header 31 according to TCP/IP.
The communication equipments 1 comprise a validation port 13 having a data storage and a processor, which validation port 13 is arranged to receive the data packet 3, and compare the binary representation 122 in the data packet 3 with the predetermined binary representations 122 in the storage memory 11 of the receiving communication unit 1. If it is clear that correspondence exists between one of the stored predetermined binary representations 122 and the predetermined binary representation 122 in the received data packet 3, the data packet is allowed continued access to the communication session between the communication equipments 1 , otherwise not. In the latter case, the data packet is deleted from the data storage of the validation port 13.

Claims

1. Method for electronic communication between at least two communication equipments (1), characterized by the steps of - storing correlation information (12) that is accessible to the communication equipments (1) and correlates predetermined expressions (121), for usage in messages in communication sessions between the communication equipments (1), with predetermined binary representations (122), and - receiving, in one of the communication equipments (1), a data packet (3), and comparing at least a part of the received data packet (3) with the predetermined binary representations (122).
2. Method according to claim 1, comprising the steps of creating, in a sending from the communication equipments (1), a message that contains at least one of the predetermined expressions ( 121 ), of selecting, by means of the correlation information (12), at least one of the binary representations (122) that is correlated with at least one of the at least one predetermined expression (121) of the message, of creating at least one data packet (3), each one of which comprises at least one of the selected binary representations (122), and of sending the data packet (3) to another one of the communication equipments (1).
3. Method according to any one of the preceding claims, wherein said receipt of the data packet (3) is effected via a validation port (13) in the communication equipment (1), the step of comparing at least a part of the received data packet (3) with the predetermined binary representations (122) being made on all data packets (3) received in the validation port (13).
EP09813314A 2008-09-15 2009-09-15 A method for secure communication Withdrawn EP2338253A4 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
SE0801971A SE534758C2 (en) 2008-09-15 2008-09-15 Method with predetermined terms for secure electronic communication
PCT/SE2009/051025 WO2010030231A1 (en) 2008-09-15 2009-09-15 A method for secure communication

Publications (2)

Publication Number Publication Date
EP2338253A1 true EP2338253A1 (en) 2011-06-29
EP2338253A4 EP2338253A4 (en) 2013-01-30

Family

ID=42005341

Family Applications (1)

Application Number Title Priority Date Filing Date
EP09813314A Withdrawn EP2338253A4 (en) 2008-09-15 2009-09-15 A method for secure communication

Country Status (3)

Country Link
EP (1) EP2338253A4 (en)
SE (1) SE534758C2 (en)
WO (1) WO2010030231A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
RU2708354C1 (en) * 2018-10-03 2019-12-05 Александр Александрович Бречко Concealed information exchange method

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060098841A1 (en) * 2003-03-11 2006-05-11 Pim Tuyls Method and system for enabling remote message composition

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060098841A1 (en) * 2003-03-11 2006-05-11 Pim Tuyls Method and system for enabling remote message composition

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of WO2010030231A1 *

Also Published As

Publication number Publication date
WO2010030231A1 (en) 2010-03-18
EP2338253A4 (en) 2013-01-30
SE0801971A1 (en) 2010-03-16
SE534758C2 (en) 2011-12-13

Similar Documents

Publication Publication Date Title
RU2754871C2 (en) Methods and device for last mile hyper-protected communication
US8423758B2 (en) Method and apparatus for packet source validation architecture system for enhanced internet security
AU2016266557B2 (en) Secure dynamic communication network and protocol
US8051480B2 (en) System and method for monitoring and analyzing multiple interfaces and multiple protocols
US8191119B2 (en) Method for protecting against denial of service attacks
CN101558599B (en) Client device, mail system, program, and recording medium
CN101444119A (en) System for implementing security police on mobile communication equipment
JP4692776B2 (en) Method for protecting SIP-based applications
CN102761494A (en) IKE (Internet Key Exchange) negotiation processing method and device
CN113746788A (en) Data processing method and device
Castiglione et al. Do you trust your phone?
CN111147524B (en) Message sending end identification method and device and computer readable storage medium
CN105743868B (en) A kind of data collection system and method for supporting encryption and non-encrypted agreement
US10491570B2 (en) Method for transmitting data, method for receiving data, corresponding devices and programs
Shah et al. TCP/IP network protocols—Security threats, flaws and defense methods
CN1996960B (en) A filtering method for instant communication message and instant communication system
US9088595B2 (en) Method and apparatus for packet source validation architecture system for enhanced internet security
EP2338253A1 (en) A method for secure communication
US20140245385A1 (en) Method and apparatus for packet source validation architecture system for enhanced internet security
CN107864136A (en) A kind of stolen method of anti-locking system short message service
CN116418602B (en) Metadata protection anonymous communication method and system based on trusted hardware
EP2109284A1 (en) Protection mechanism against denial-of-service attacks via traffic redirection
CN108632090B (en) Network management method and system
WO2005120004A1 (en) Method for protecting against attacks in a high-speed network
CN114629669A (en) Network anonymous channel construction method

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20110415

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO SE SI SK SM TR

AX Request for extension of the european patent

Extension state: AL BA RS

RIN1 Information on inventor provided before grant (corrected)

Inventor name: STACKEGARD, PER

Inventor name: KINNANDER, PER

RIN1 Information on inventor provided before grant (corrected)

Inventor name: STACKEGARD, PER

Inventor name: KINNANDER, PER

DAX Request for extension of the european patent (deleted)
A4 Supplementary search report drawn up and despatched

Effective date: 20130107

RIC1 Information provided on ipc code assigned before grant

Ipc: H04L 9/32 20060101ALI20121224BHEP

Ipc: H04L 9/12 20060101ALI20121224BHEP

Ipc: G09C 1/00 20060101AFI20121224BHEP

Ipc: G06F 21/00 20130101ALI20121224BHEP

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20130806