AT504738A1 - PROCESS FOR SAFELY MANAGING AND TRANSMITTING CENTRALLY STORED ELECTRONIC DATA - Google Patents

Description

1 1

• · · · ♦ · · · · · · · · · · · · ··· ···

Method for the secure management and forwarding of centrally stored data

The invention relates to a method of data backup and transmission for the purpose of off-site data storage, in which the data backup takes place in a secure environment and in which the access for storing the data and retrieving the data thereby increased authentication requirements is subject to any action by the entitled party. 10 The data to be backed up are electronic documents, such as invoices, copies of personal documents, certificates, certificates, notices, official documents, insurance policies, contracts, etc., the loss of which means substantial expenditures for revocation and their short-term submission, at least in trustworthy copy form, for 15 the owner is.

To safeguard personal data, various technical methods are available to the owner of the data according to the state of the art. Writing instruments for magnetic, optical and magneto-optical memories are available at low cost. Semiconductor memories are in the form of USB sticks on the market, external hard drives provide storage for several hundred gigabytes. A disadvantage of all of these methods is that the user himself has to ensure that the data is backed up several times and that the data is generally accessible only on site, ie at home, if not constantly a 25 e.g. USB stick with all the valuable and possibly used DVDs is carried. Weakness of the available methods is in any case the limited life span of storage media.

This amounts to self-burned CD and DVD according to the manufacturer for up to 10 years, with imgünstiger storage but under 3 years. The lifespan of 30 hard disks is given as comparable to three years. For BlueRay as the latest technology is still no experience available.

With prolonged storage or operation, semiconductor memory leads to defects in individual memory cells.

A well-remedy is provided by regularly maintained redundancy systems (RAID), which survive the failure and replacement of individual memories (hard disks) without damaging the data, if the defect is detected and the lost data is restored from the redundancy information. This requires regular maintenance and is more suitable for server applications.

Secured storage of contract documents is offered by notaries and the documents produced are saved by notaries. 10 Intemet packages sometimes include a memory area of several Mbytes, neither transmission nor storage of the data is secured.

In e-banking, receipts for the transactions made are available via Internet access, but you can not save your own documents. The data traffic takes place in the Internet with the known TCP / IP protocol, whereby the Internet protocol represents a connectionless transfer protocol, on which the end-to-end transfer control protocol is set up.

The storage of own data of any kind via Internet is known by several providers. Examples include: 20 http://www.backupmystuff.co.uk/, http://www.ibackup.com/ http://www.ironmountain.com/digital/ http://www.flashbackup.com/ http://www.backupdirect.net/ 25 http://www.ampheon.co.uk/ob/defeultasp http://www.xdrive.com/explore/backup.jsp

The offer varies from outsourced file directories to complete online backup, usually multiple access to the data for file sharing is possible. The stored data are not limited in their kind, all PC and mobile phone data, photos, music and other data can be stored against payment via IntemetzugrifF.

The structure of these misses consists of a generally redundant data memory, a control and service point and a 3 • • ···· ···· ···· • • • • • • • ··· • · • • • • • • • • • • • • • ·· ··· ··· After authentication with username and password, unrestricted access to the stored data is then available via a secure connection.

A secure connection is generally an end-to-end encryption, e.g. an encrypted file transfer protocol method, e.g. ftps, https, etc., for the application, in the usual applications a 128-bit SSL encryption is mostly used.

The serious disadvantages of these systems are, on the one hand, the trust in personally unknown Internet companies and, on the other hand, the access method via

Usemame and password that can be spied on by Trojans or by Brute Force attacks, thus providing only limited security. The present invention is based on the object valuable personal data, which are in the process of the invention documents and documents, such as invoices, copies of personal documents, certificates, certificates, notices, official documents, insurance policies, contracts, etc., to keep so that on the one hand the deterioration is reliably prevented. On the other hand, access to the data whose

Use and distribution only with the consent of the owner. Each transmission has to be authorized in detail.

The primary goal is not to create online workgroups with regular shared data access. 25 The procedure is not primarily intended for regular data traffic, ie for the caching of music data, videos, photos, etc, for regular use.

This object is achieved by the method according to claims 1 to 25. 30

The specified procedure is implemented in electronic form digital lockers managed by banks, insurance companies, public or private trusted entities and which, in turn, provide a safe and secure service. «• • • • • • • • • • • • • ······················································································································································ In particular, the method describes the security of access. For the secure transmission of transaction data from the banking system 5 methods with authentication of the connection via user name (user) and password (PIN) and a further, additional authorization of individual transactions by transaction number (TAN) known. These disbursements are provided by the service provider (bank) and expire after use. 10

According to the invention, individual availability margins are now provided for the data transactions. Each number is unique for the storage, reading, changing or sharing of data usable.

The method thus consists of a first step, in which the data-15 transaction numbers (DTAN) are assigned to the authorized persons of the data. These numbers are transmitted according to the prior art by letter or advantageously by other electronic means than via the Internet. 20 As such a suitable electronic medium, the mobile or telephone are available, with the after each transaction is sent a DTAN for further transmissions by SMS to the agreed phone number. 25 Data transaction process via your own data locker: For the storage, reading or editing of data, the authorized user now connects via the Internet to the computer of his locker operator. Trusted sites that have a particular relationship of trust are e.g. Banks, insurance companies, 30 offices and authorities, but also the own company for their employees without the need of virtual tunnels (VPN).

The registration for a secure connection takes place by means of a username and password or by means of electronic certification via secure electronic keys (smart card systems, citizen card, biometric authentication, etc.). 5 ··· · · · · · · · · · ···

This gives the user access to the table of contents of his stored data. The data structure itself can be created in a known hierarchy in directory structures, alternatively, this also 5 parallel data cluster are possible, in which the different types of data are placed back sorted.

To change data in on-line storage, the user prepares the transaction for mm (ie, for example, reading a pdf of the passport copy) and confirms the action with the DTAN. This grants access, the DT AN immediately forfeits and prevents misuse by unauthorized persons.

The DTAN can simply serve as a confirmation key for access (see e-banking), optionally a part or a reference to the current encryption key can be hidden in the DTAN, with which the transmission is additionally secured. 15 An alternative feature of the DTAN is to have the file compressed and encrypted, ready for transmission and unpacking in an electronic folder, but unpacking that requires the DTAN as a key and rendering the file unusable without the DTAN. In order to process or transfer multiple data in a transaction, it may be advantageous to store, read or transfer multiple files together in a virtual data basket.

In a preferred embodiment of the inventive method 25 data are not read or stored but the data should be forwarded to another user.

This forwarding is simply for the purpose of making available for your own purposes or for the third party to read, modify, print or forward the data for the owner of the data. This forwarding is now carried out on all 30 possible methods of passing on TAN, advantageous methods are the forwarding of data transfer transaction numbers (DTTAN) via SMS to the one-time access to this data. The same method is also to grant N-fold access or access in a certain period of time. · · · · · · · · · · · · · · · · · · · · · · · · · · · ♦ # · · 6

Use case for this possibility exists where the owner himself can not execute the data access. Thus, if the user loses his personal documents abroad, he may grant the local authorities or embassy read access to the stored copies of his documents or to copy 5 of the type certificate, registration certificate, etc.

If, in another case, the owner wants to sell a vehicle, he grants the interested party a unique insight into bills for service and repairs and the type certificate. This option is especially interesting for 10 internet purchases without having to send document copies via mail. The recipient is authenticated by the storage manager.

With the aid of the method according to the invention, guarantee cases and the proof of tax returns can also be placed in a preferred manner, if the party providing the guarantee, the tax adviser or the authority can be given access to the on-line copies of the documents.

The permissions for access (modify, print, retrieve, forward) are stored either in the file itself or in a frame or in an authorization file.

The invention will be explained below with reference to concrete embodiments. Reference is made to the drawings, in which Fig. 1 the connection structure underlying the method

2 shows the sequence of a simple data access

3 shows the sequence of an authorized data access by third parties 30.

According to FIG. 1, the connection structure of the method according to the invention consists of a trustworthy point 1, at least its assigned one

···················································································································································································································· 2 and 3, which are regularly synchronized with each other and the connection to the Internet.

Users who wish to use the method of storing, transmitting, reading and / or changing the data log on to the service. Thereafter or at the same time, for the purpose of increased security but in a separate way (ie by letter, SMS, etc.) receive these users Transaktionsnummem. 10 A current data management is now done as follows: About the

Internet or any other communication network connected by means of a secure connection is the first user 6, which optionally has a mobile or fixed phone 7 and has received from the trusted body 1 by means of letter 5 or 8 by electronic means the data transaction number 15 or on the Preservation is prepared

It may be advantageous for the application if the next transaction number is transmitted electronically to confirm the transaction. Thus, abuse can be quickly detected. If authorizations are to be forwarded via the user's own data, in addition to the data transaction via the Internet, the transmission of a locally generated recipient TAN (ETAN) or the request to the trusted authority for the Internet takes place via the Internet or preferably by alternative means 11 Generating this key for the purpose of 25 data transfer or granting of access for third parties.

Also connected via the Internet is the user 9, who also has a (mpbiles) telephone 10 and receives the ETAN 12 or 13 for the 30 access to data of the sender 6 via this or other ways either from the sender or from the trusted body.

Now, if the user 6 wants to read, save, print or modify his own data, then he logs in according to FIG. 2 at the trustworthy point in a registration process 14 with username 29 and password 30 comparable to the e- ··· ···· · ···························································································································································································································· Citizen card) or via biometric authentication.

Then he prepares the transaction in a data manager 15.

After the acknowledgment 16 of the transaction with a valid DT AN 32, the data processing or data transaction 17 is carried out via secure internet connection and optionally additionally encrypted.

In this transaction, the authorization register in which the access rights to the individual files are noted and which is located in a separate area 10 or directly in the data or whose entries are directly linked to the data is created, changed or read, the actual file format is added at the initial backup or is associated but stored separately from it and that contains the privileges of the primary and all other users. For example, the contents of a scanned document 15 can only be stored by authorized agencies in the electronic bank locker, and the owner or other users authorized by him can read or print the file, but can not change it. Thus, a notary or a court can provide certified copies electronically, since only these places have write permission for these files. The method described thus also optionally distinguishes between different data classes that are mapped by the authorization structure. In this way, for example, "official", "private", "passable", "public", etc. data are distinguishable. 25 Thus, the user wants the file containing his birth certificate as electronic

Copy contains, read and print, so he performs the access process as described above and confirms the query with a DTAN 32. Then he is allowed to download the file or the downloadable file is unpackable. 30 If the authorized user wishes to forward this birth certificate to a position for submission, several methods are available in the procedure:

One method is shown in FIG. 3: ································································ 9 ····· ··· ··· f

The user 6 who wants to pass on data logs on to the trusted site 1 with PIN 29 and password 30 or with smartcard 31, 18. Via an electronic access portal, he prepares the forwarding of the data there 19, either by the data is encrypted and moved directly into an inbox of the recipient or copied by - the data marked with sender and recipient and possibly with

Expiration date, etc., moved to a transfer box of the trusted body or copied, or by 10 - the data is encrypted in its own transfer pocket.

The execution of this action is confirmed by the acknowledgment with a DT AN 32 and released for further processing. In order to now authorize the receiver 9 to read or pick up the data, the sender 6 now generates a receiving TAN (ETAN) 11 in operation 21, or causes the generation of an ETAN 12 or 13 at the trusted authority 1. This ETAN transmits 22 of the sender or subsequently the trusted body 1 advantageously via a different path 20 than over the Internet, eg via SMS, to the authorized recipient 9.

After that, the user 6 logs off again, 23.

This receiver 9 can now read the file in its input transfer compartment or, depending on the authorization, change, print or forward it. Alternatively, depending on the transmission method used, the recipient now finds the 25 data in the transfer box of the trusted authority 1 or is authorized to pick up the data from the outgoing mailbox of the sender 6 at the trusted authority 1.

The recipient logs in the sub-process 24 at the trusted site with his Usemamen 29 and his password 30 or with his smart card 31 30, prepares in 25 the data transaction and in 26 acknowledges the transfer or data access depending on the method with its own DTAN or the provided ETAN (12,13). Thereafter, the actual data transaction or access to the data in the mailbox occurs in FIG. After that, user B logs off again. 28. 10 ············································ • • • • • • • • • • ·· ··· ··· ·· Φ

An advantageous application, the process thus finds where important private data must be stored, but occasionally also the access for third parties should be made possible. 5 Mutual encryption may be extended in any form by selecting in the prior art symmetric or asymmetric encryptions that require knowledge of the sender's, recipient's, or both secrets. A packing and unpacking is only possible if the key of the recipient fits the key of the sender.

Advantageously, methods are also applicable that entitle each sender's TAN to send data and each TAN of the recipient to decrypt the data. An essential feature is the decay of the TAN after use in order to ensure data security. 15

In advantageous embodiments, personal data can be securely stored, certified electronic copies of documents can be accessed or access granted (if the pass has been lost on holiday), etc. In contrast to known on-line storage methods, the invention provides In contrast to "e-bill" and the data stores that are available to notaries, it provides a freely accessible storage mechanism for all users and all data types and datasets. 25

Claims (25)

Claims: 10 ························································································································································································································· 1. A method of storing electronic data in the form of documents, images, electronic copies and similar information, in a secure storage medium, capable of transmitting the data via a known type of computer Remote data transmission takes place, characterized in that the access to the storage medium is protected by a combination of user identification and PIN (PIN or password) and for the actual transmission and storage of the data and for the read access a unique, issued by the service provider transaction number is required IS 2. The method according to 1, characterized in that the transaction number is used only once and expires after use. 3. The method according to claim 1, characterized in that a transfer of the data takes place in such a way that with a unique first transaction number of the sender (send TAN) the data are stored in the secure storage medium so that they can only be used once second transaction number (receive TAN) of the recipient can be made readable. 25 4. The method according to claim 1, characterized in that a transfer of the data takes place in such a way that with a einrpalig usable first transaction number of the sender (send TAN) stored in the secure storage medium data are encrypted so that they only with a once usable second transaction number (receive TAN) of the recipient can be made readable. 12 ·······························································································? 5. The method according to 1,3 and 4, characterized in that the second key applies to all data passed. 6. The method according to 1,3 and 4, characterized in that the second 5 key applies only to forwarded data of a particular sender. 7. The method according to 1, characterized in that the permissions for access, modification and storage of a document is granted by a one-time usable key. 10 8. Method according to 1, 2, 3 and 4, characterized in that the various transaction numbers are provided and transmitted on a different route, that is by letter, from the point which manages the data backup. 15 9. The method according to 1 and 2, characterized in that after disclosure of a transaction number certain, thereby marked documents or groups of documents can be read by the recipient of the transaction number, without any other changes can be made. 10. The method according to 1.5 and 6, characterized in that the transaction numbers for the one-time access and disclosure of one or more documents at a third trusted body 25 are deposited. 11. The method according to 1, 5 and 6, characterized in that the transaction number is transmitted for transmission via mobile phone by SMS. 30 12. The method according to 1.5 and 6, characterized in that the transaction number is transmitted for transmission via mobile radio by radio data transmission. 13. The method according to 1,5,6,11 and 12, characterized in that after each successful transaction, another transaction number is transmitted electronically. 5 14. The method according to 1-13, characterized in that the next transmitted transaction number is used to confirm the transaction. 15. The method according to 1-14, characterized in that the 10 transaction number is also the encryption key of the transaction. 16. The method according to 1-14, characterized in that the encryption key of the transaction is calculated from the transaction number. 17. The method according to 1,5,6,9 and 10, characterized in that the data transfer takes place in that the receiver finds the data in its own data compartment in the secure storage medium and open it only with its own, provided by the administrator of the store transaction number can. 20 18. The method according to 1,5,6,9 and 10, characterized in that the data transfer takes place in that the recipient finds the data in a transfer data pocket of the sender in the secure storage medium and this can open 25 only with its own transaction number. 19. The method according to 1, 5, 6, 9 and 10, characterized in that the data transfer takes place in that the recipient finds the data in his data compartment or a transfer data compartment in the secure storage medium and can only open it with a transaction number received from the sender , 20. The method according to 1,5,6,9,10,17,18 and 19, characterized in that the transaction number the password for the decryption of a 14 • ··············· ···· · ··· · # φ «# · packed for transmission, ie compressed file is. 21. Method according to 1-20, characterized in that a plurality of files, even of different file formats, are simultaneously stored, read, changed or transmitted using a single transaction number in a virtual data basket. 22. The method according to 1-19, characterized in that access rights to third parties by sending a transaction number to this to 10 authorized persons and the data are thus clearly addressed, so that they can edit the claimant after registration with the storage manager there. 23. The method according to 1, characterized in that by the authorized 15 authorized by entering his transaction number, a forwarding of data in his own transfer box or in an inbox of a recipient takes place without the receiver needs to retrieve the data a transaction number. 24. Method according to 1,5,6,9, 10,17,18,19 and 20, characterized in that the forwarding of the transaction number via SMS or data radio takes place. 25. Method according to 1-24, characterized in that the data 25 are individually equipped with expiration date and are deleted from this date from the register in the secure memory. 30