EP1374531A2

EP1374531A2 - Method for a secure information transfer

Info

Publication number: EP1374531A2
Application number: EP02724127A
Authority: EP
Inventors: Walter-Jürgen HOFHEINZ; Dietmar Scharf; Karl-Heinrich V. Stein-Lausnitz
Original assignee: Siemens AG
Current assignee: Siemens AG
Priority date: 2001-04-05
Filing date: 2002-04-03
Publication date: 2004-01-02
Also published as: US7966657B2; US20040148522A1; WO2002082768A3; WO2002082768A2

Abstract

The method serves for a secure information transfer between a user device (C) and a central computer (S-D), arranged in a closed network. A connection request is signalled to a second computer (R-Q), not arranged in the closed network, from the user device (C), using the central computer (S-D). The second computer (S-Q) then transmits a message (TAN1) - containing an identification (SessionID) to a third computer (S-Z), arranged in the private network. The third computer (S-Z) stores the identification (Session ID) and transmits a verification report (TAN2) containing an access address (URL) for the central computer (S-D) to the second computer (S-Q), which forwards the verification report (TAN2) to the user device (C). The user device (C) then initialises a connection to the central computer (S-D), using the access address (URL), whereby the connection is only accepted by the central computer (S-D) n those cases where the access can be authorised by the stored identification (SessionID).

Description

description

Procedure for the secure transmission of information

The present invention relates to a method for the secure transmission of information between two terminals according to the preamble of patent claim 1.

Due to the increasing global orientation of companies, the use of telecommunication services is increasing

Transmission of voice and data constantly. As a result, the costs incurred by these telecommunications services are constantly increasing and becoming a significant cost factor for companies looking for ways to reduce these costs. Local and global computer networks, such as an intranet 'or the Internet', offer one way of being able to transmit data inexpensively and worldwide.

When accessing data or services - for example to a server or to an application made available by the server - a first unit - for example a company A - starting from a second unit - for example a company B - or starting from a public one - lent connection - for example from the ^λ Internet '- it is important to be able to prevent unauthorized access to the data or services of the unit. This can be done by an authorization check upstream of the access.

In the case of an authorization check, it is necessary that an authorization administration for the administration of the access rights of the individual users is carried out in the first unit. Such an administration of rights has the disadvantage that the access rights for the external users have to be communicated to the first unit (risk of misuse) and that a user has to log in independently before each access. Furthermore, the rights management uss are continuously updated, which involves a high administrative effort.

For secure access starting from a second unit - for example, starting from a user device in an intranet of company B - there is also the possibility of guiding the access via a transmission device existing between the units. A transmission device in this sense is, for example, a leased line - that is to say a specially configured physical line connection - or a logical connection - also referred to in the literature as a virutal private network, or VPN for short. Alternatively, a proxy device - also referred to in the literature as a proxy - can be defined in the second unit, via which accesses to the first unit or to a server of the first unit are carried out.

However, these solutions have the disadvantage that access to the first unit must always be routed via the leased line, or that access must always take place via the proxy device.

The present invention is based on the object of specifying an alternative method by means of which secure external access to data or services of a closed unit can take place.

The object is achieved on the basis of the features of the preamble of patent claim 1 by its characterizing features.

A major advantage of the method according to the invention is that the method can be implemented in already existing systems with little effort. Another advantage of the method according to the invention is that no information about the individual authorized external users has to be stored in the first unit. The administration effort in the unit can thus be greatly reduced.

Advantageous developments of the invention are specified in the subclaims.

An advantage of embodiments of the invention defined in the subclaims is, inter alia, that the use of the HTTPS protocol (HTTPS: Hypertext Transport Protocol Secure) for data transmission between the individual units involved in the method according to the invention and an additional one Encryption of the data to be transmitted - for example using the known PGP method (PGP: Pretty Good Privacy) - prevents unauthorized access to the transmitted data when transmitted via a public network.

An embodiment of the invention is explained below with reference to the drawing.

It shows:

1 shows a block diagram for the schematic representation of the essential functional units involved in the method according to the invention; 2 shows a block diagram for the schematic representation of an exemplary message TAN1; and FIG. 3: a block diagram for the schematic representation of an exemplary confirmation message TAN2.

1 schematically shows an intranet of a first company-A unit and an intranet of a second company-B unit. The two intranets are connected via the publicly accessible Internet. An intranet is understood to mean a local computer network in which access to the (JO ω M K. P ¹ P>

Ül o Cn o Cn o Cn

K P3 P_ P3 d 3 Cfl r + ω H ω σ Cfl < ^« d Cfl d ≥! ι-3 t__ Φ t_ P P- P- 1 do P φ Φ Φ e rt α öd <l α ιQ H p, P- ω ιp CΛ J φ α Φ d P Φ P- p. P o P- φ rt Φ 1 3 p- Φ

P_ __ ^ 3 __J h- 'o Hi N r +' Cfl PPP fl P d rt PH φ P- rr 3 Ω CΛ φ ω α d P rt j P>P> cn P- P ^J P- • li H <i he rt ιQ φ d Hi Φ & P ¹ rt N

CΛ N O ιQ φ? P P- <φ P- α_ Φ ≥i d ιq CΛ ^ Hi p, J rt α H "Φ P d

P- ^• 3 s:

1 d: s: iQ ι-JP ö d rl- φ H d 1 P ^J d O 1 φ 1 P- P dd P rt d rt P- Φ j er Φ P- Φ P- r + P- Φ rl- H P- σ I- ¹ ri- CΛ O iQ P Φ rt d rt! -> iQ H rt P

P Φ P d fl P- φ (ϊ- er cn d Φ N s; φ P d P "rt P iQ φ §: rt Φ P?

O p. fl P er p- o αi P- 1 d s; φ P- H α H cn P d Φ Φ O d Φ rr Φ d P d g P. M d lO ιQ P- Φ H P, d α 1 d 1 1 P P Φ P- P

O p. P> P d Cfl φ φ P_ P P- Φ Q. φ Φ P- N er Φ CΛ α 1 rt ddt T 0 ⁾ <d rt- Cfl ü_ P, d = d φ N d P- P, rt Φ φ Φ P- rt P- φ Φ d Φ cn

O 05 Φ Hl Φ • Φ α er d H- d Φ d P, ω P- P Cfl P, d P- Φ P- H iQ

P. tr P- Cfl d φ Φ vQ d 3 φ Cfl H P cn <Q iQ Φ rt α t <l • d rt Φ Φ

H CΛ • P- Cfl d P P Cfl P, P- er ω P- φ rt Ω φ. φ rt H Φ tr cn P CΛ Φ Φ φ P- vQ cn 3 ιO Hi o Φ 1 d 3 t Φ P P * i Φ d Φ

• rr 1 3 Cfl P. o r - P- o Φ d P- P- d- P- ö φ Φ rt Cfl P- Cfl: P P- Φ rt d

Φ N Cfl P H d Φ P P- H Φ d H r + • P- P- P- N 3 H d d P, n P-

N I-. N P- fl P- PJ [fd Cfl d er φ d P dd ιQ ds: CΛ Φ P, Cfl * Ö dd P P- O cn Φ α 2J P- P ¹ dwddd H cn Φ rt O Φ 1 Φ Ω rt P,

P- Φ W Φ dd • P ¹ MJ d cn dr iQ p. cn P- P rt P- o α P- ≥i tr Φ Φ O ω rr rt P_ rt P- d £ α Φ ιQ Φ o ιQ d 3 ≥! P s: rt H ddd Ω d

3 P- Cfl iQ P- P- Ö tr d r 1 d P, Cfl d π d- Φ d d Φ Φ P Φ rt P- tr

Φ <! Φ d: φ Hi P Φ lT Φ od <id N P- rt rt P d P- dd N Φ H Φ φ s: P P- H P- Cfl P- Φ H o ιQ Φ Φ P Φ d 3 N t Φ Cfl Φ d P- d P-

P- Hl φ <! rt H i T P P- P ^ cn P 3 Φ er! d ιQ Φ Φ P- H iQ 3 N P P d

PO n Φ P- P <! P 'rr Φ 3 p: p, rt CH PJ PP ιQ P- Φ Φ d α tr Φ φ rr H ιQ Φ rt Φ P rt fl o Ul er P P- P- d Φ rt _^ ddt iQ QP Φ d H iQ • d P- P, ^ i φ α 1 P- d <l Hi rt P- P- d- Ω. φ P Φ rt P-

P_ cr CΛ P- rr o er rl- P- Φ d d P- P Hi P- o Hi P d H) α Φ Φ d P- fl φ rt N d J ^

P- M 1 Cfl P- d P- Φ P P- P- P P- Φ φ d P P P- P P- d Hi d d Φ

P- CS3 rt H) d rt 3 d Φ P d d P P P P- N cn rt Hi P) ^ _ vQ rt

P d • P- CΛ P Φ r + S d φ d α φ d Φ Ω P- cn> <the P- P. N

£ er Φ φ W Φ d 1 o P- iQ Φ d Φ Hi rt d "Φ ^ i d o P rt N P P- s:

Φ Φ P- s P cn d P ts! - o ιQ P n d P rt H α P- Cfl d d P s: 3 Hi

P- ö d P- rr cn ιQ er Φ P o Φ φ P φ d rt Φ P, Hl Hl P P Hi P.

P_ er rr P- P- Cfl Φ PP 3 er 3 d öd P- Φ P- φ d P, 3 d: Φ d cn P ^ d P Φ CΛ O o 3 P- d PP Hi P d, χj φ P , iQ ≤ P i ^ p- Φ Ö> er 1 dd P * ddo tQ dd P d φ er o φ rt P- 55 1 P, d P- rt P- φ φ Q Ml rt Φ Φ PJ P- Φ Φ d Hl i r + P, P s: cn Φ ö N n P, d ω d Φ φ CΛ φ P- H! X

P P- 3 CΛ ö d P- O "5 d- rt- Cfl d Cfl HP s: α rt d H d cn φ rt π_ cd P o Φ d P P- P- d rt Cfl φ tr ¹ d rt Φ d N o iQ α N Cfl rt Ω Φ t__ p iQ tr H Cfl Φ Φ P_ ι-3 d <! d Φ H P- Φ Φ P- d Φ P. Cfl Φ P d rt tr P,

__j cn d Φ Cfl P- f

►§ s d t__ P- & d 3 Cl d d d rt n Φ er X rt P, Φ Φ rt d

P> P- d P O P- d 1 Φ Φ __J P- Φ P- - Φ P, Φ rt φ P- P- Φ

CΛ ιQ 3 HI o P- n P- rf P ¹ P ι-i P CΛ r + öd cn ≥i er d Φ <P- Φ d <Hi d iQ d

<J o P P φ o d Φ rr d n d N P- o P Cfl H Φ d = d

O α P_ P J d ≥i P. d P φ • Hi t 0- P- P rt ≤. H d H d • d d er P H α d M n φ Φ d iQ ö rt Φ d P- i Φ d d N • P- Φ fl P- Φ N Hl P iQ P-

Cfl P. M H- Cfl d 03 d α P- 3 P- Φ d d Φ "3 Φ d s:: 1 rt d

PJ p. d iQ r + rr P- Φ φ rt H- φ ⁾ -i σ ⁴ P- Φ P-- iQ Φ 3 P. tr er S s Φ d Φ P- Φ P- 3 3 rt ö P- P- Φ P - Φ lO d! = R ≥: ddd O: H-

P Φ Φ 1 PP d ιQ PPP d P- Φ P- d Φ Φ P d Ö d P- cn iQ Ω φ ι r P ¹ CΛ P Φ cn Φ NO rt- Φ dd rt Φ 3 dd rt P- iQ Ω Φ tr

PP P- HS Hi ri- φ P s: d P ¹ Φ P- 3 π cn cn N φ tr P P- rt

P d O Φ: l P, Φ d fl P- rt ^ P ¹ _ l iQ Φ d vQ rt <! Ω d

CJ P d P Φ P. α <l P- P- Φ 1 μ- P Ω Φ P- cn d <Φ H cn Φ Φ r d

Ö ^* rr iQ P P- P φ φ 3 rt μ_ι P- CΛ Φ dt P φ 1 od ^* Φ rt 1 P iQ φ Φ dd Φ ded H Φ 1 d φ H Hi 1 3 p, 3 Φ P- Φ P d Hi d P- 1 Φ 1 d φ P rt Φ P ldd P. 1 1 P- 1 ω P- 1 1

CO O for P ¹

Cn o Cn o Cn o Cn rt iQ rt rt Pf rt P- rt Φ CΛ CΛ CΛ rt P- H 3 Q. Cfl 3 rt er Pf <rt rt ^ i o s: 'τ) 3

Φ P- Φ d P- P Φ P Φ P- Φ Φ Ω Φ d 3 d fe Φ Φ Φ P- Φ P. Φ Φ Φ P- P P- Q Φ P- d "3 dd ιQ p ^j er dd cn cn tr P __J P; O P- φ P d LQ P T. P rt rt iQ iQ ^ rt Φ er φ cn cn ω Ξ Ω P> dd cn d er td • d P- I Cfl rt

• cn Φ Φ p: Φ P- P P P- P- d: Φ φ tr £ d, O rt P- μ- S Φ <! Ω

3 P P- PP d Cfl OO cn Φ d P- Φ Φ α Φ CΛ P- P- dd Φ r rt Φ tr d td φ wdd? P P- P- dd cn P- Φ rt Φ P- Φ h- ¹ Φ φ Pi tr φ P- P d

P- PP Φ ö d cn 3 H PJ Φ d P Φ P- dd Ω Cfl P ¹ P- d Φ N d φ Hi d: iQ dddd P σ σ P ^J Φ P d φ d tr Cfl cn? T d P - d Φ P Cfl φ dd Φ P d rt Cd Pf cn cn - Φ Φ d Cfl Φ P- s: P iQ rt P- O: s tr Cfl d rt d fl rt Φ s: üd d NP P- d td tp Φ o Φ rt Cfl iQ ιQ Hi φ P Φ d

C iQ Φ P- P P- rt d Φ α φ NP P- er d P- P- 3 ^ rt Hi P- Φ P ^J P er s: d <! s: d φ iQ P cn cn d Φ s: d XJ rt Φ H cn O o P- Pl φ dd Ω

Φ P3 d φ d iQ Φ P P rt 3 S P- Pi φ l ι P- U Φ d P H __! Φ d d d tr

P! __ PPP: cn d 3 iQ cn φ PP P- 2J ω d 3 2J P- rt d _^ ~. iQ rt __J α P- er P, Φ PV Φ pd: Ω cn P 'α rt Φ T3 Φ φ CΛ P d iQ> τ) cn

1-5 r Φ Φ P- φ d rt d Φ rt Φ tr O P. Φ 3 P- P P- Φ cn 1 • Φ P- Q <P

P • d " _^ Φ P- ιP P- d rt Φ ds: Cfl PP Φ H d cn öd Ω ι-3 TJ Φ cn iQ PJ α ιQ Φ Ω P- d: p- d P- N ddo O Φ cn S ü Cfl tr t_ • • P ddds: tr Φ 3 iQ Cfl Ω ^ Q φ P d iQ P ¹ cn P ^J P- I Cfl P- Ω φ zj H) <d H- Φ d P- ex Cfl Φ P P- Cfl tr tr iQ P- • s: i cn o O Η Φ tr d P ¹ l ^ P Φ iQ α P d LQ P P- P- P rt Φ φ Φ H3 φ er o Φ rt *. d O Φ Φ P tr P

P rt Cfl α φ d φ rt Φ P l- ¹ P fe P m rt P ¹ P- ÖJ Pf ≥i N 3 CΛ 3 Φ P er α cn P- 3 P- • P Φ? T rt 3 __5 iQ hy , ω Φ P- α P- Φ P Ω P- rt Φ P- φ P- Hi O P- PH • P- cn P- POP ¹ P Φ 2j P ¹ φ P- rt • d Hi rt tr rt rt dd

P <. d P- dd ö rt dds: d er td υ_ dd P- P- P ^J * <α φ I d Φ P- Φ Φ d Φ d Hi P- x: & 1 P. Φ H Ö Cfl d cn: φ s: d td P φ P Φ d α Φ d P rt P d P- ¹ rt fl o P- d P- Ω d Ω n P- IO P- d φ er P- rt P- rt Φ α P ^. Φ Ω Φ [I rt φ tr iQ tr cn do P iQ cn P- d P- S d P- PQHO s: Φ S Ω P- Φ d tr er φ Φ P- Φ φ φ φ O P. cn cn rt d φ O 1 Φ Pi d = P- d = P- d 1 tr ιQ rt cn P- P- ιP PH Φ Pl P ^J 3 o 3 p: 3 d 3 P- Cd d P CΛ P- P- cn $ rt Φ P- Pf JJJ α er O rt do φ rt tr rt C ^ m (-> O Φ N P- P Φ er __J P <! i. Φ

P- d CΛ CΛ ≥; CΛ P fl P- Φ P- P o P P- d PNP P- 1 d Φ Φ P> P Φ φ P P- d Q iQ Ω Φ Ω rt rt iQ P- iQ d cn dd P φ d tr Φ N rt P d Cfl P 3 P- cn d cn tr cn P tr P- p: i T rt ^ s: d N Φ P- d 3 l- ¹ d P P- Φ rt rt cn O d 3 P cn d = PO rt Φ Φ P- d CΛ N s: rt tr Pi P- P- 3 φ Ω CΛ P P- S iQ O P- p- Ω P- d P- P- ^ 1 P- P d iQ O d Φ N α P- P- rt Hi Hi tr Ω φ 1 ω α rt O ^ rr iQ rt P- rt d φ Φ £! d Φ Φ Pi. ? cn P- P P- φ P ^J d rt rt CΛ d Cfl P cn α o P- Ω 3 P- P P- P? Cfl d = P- * -__. n

3 d = Cfl o

Φ er Φ d 3 α α P Ω iQ tr Pl rt ^ 3 rt s: P Cfl d Cfl Ω s: -2!

H- CΛ φ CΛ cn LQ P P P H- P. α tr Φ Φ P V P P P P- Φ rt rt ι Cfl tr <! Φ

S CO ö P cυ cn Cfl d 1 d Φ P- d Φ d cn d er rt Ω o P- P- φ Φ Φ P- <1 d 1 3 P- 3 Φ> Φ Φ Φ P o er cn d iQ P- tr d rt O Φ Φ PP Cfl φ do Φ P- Φ O Φ PPH rt 3 g Φ gt? Φ O Φ d P- P- rt 3 s; φ PQ o P- P rt P- d P ^J P- P P- H Φ o § P- rt d CΛ P dd. o Φ cn

≥! d iQ rr d α d d d Φ d P- Φ cn Q. P Φ φ o φ φ d Ω

PJ Φ Φ φ Φ H d Hi vQ Pi d Φ dd O p- α d PJ P Cfl O o P d α P tr t__ P iQ α do Φ o rt d W • P- φ Φ Pi | ι fl er 3 Hl P- Φ cn P- ¹

__j d: öd φ rt * i iQ POP P- rt P φ cn Φ 2J f P- Φ ^• ö er rt d:

M Ω φ d • φ P 3 P 3 Hi P- H- IS Pf S d O P- or d P P Φ l tr d: P P P- Pi <! 1 d cn φ Öd Φ P φ d d P- s • er Cfl

I Cf 1 Φ cn = = rt P PJ cn er rt d rt P- P CΛs: P- d Φ d H Φ> <cn CΛ ffi; φ er er p: d φ Φ P- φ P- P; rt m ^ d. φ α P rt ö P Pf P- Ό PJ P- P

Φ Φ rr cn P d P O rt O rt P Φ o P = P- d α S rt P- s: ö φ P- o φ d rt

P P P- ^ 3 d 3 d Φ d P- rt d fl d Φ P- P- Pi P- p: φ P d •

3 1 iQ pj: Φ iQ P- d O P- 3 P * φ iQ d O P- cn tr ti N er rt α P- = P <* = rt vQ P- PO P- Φ cn ¹ d rt d Φ s: p- d Φ φ

P rt 1 1 P- ^■ 1 P- ö dd rt d P- Pl P rr fl Φ P iQ P-

Cfl 1 1 1 er P 1 1 P- 1 Φ P- Pi Φ cn r 1 1 1 1 1

The Internet is again based on the HTTPS protocol. In addition, the confirmation message TAN2 is encrypted by the memory module M-STO before it is transmitted. The PGP method is again used as the encryption method. Here, the confirmation message TAN2 is encrypted with a public key assigned to the connection module M-CON. The connection module M-CON can decrypt the received confirmation message TAN2 using a private key assigned to the connection module M-CON.

3 shows a schematic illustration of an exemplary confirmation message TAN2. The confirmation message TAN2 comprises two parts. The first part comprises an address information URL with which access to the data or services of the data server S-D can be carried out. The second part corresponds to the message TAN1 or contains an identification SessionID generated by the memory module M-STO and formed by other clear and similar construction principles, which can be clearly assigned to the message TANl generated there by the connection module M-CON. For example, the confirmation message TAN2 could have the following form:

https: // www. firma-a.com/serylet/M-CHE?RequestID=5634636&Comp anyID = firma-a & SessionID = 23497278 & TANCreationTIME = 293478293 &

Because the current address information URL required for access to the data server S-C is transmitted to the connection module M-CON in the confirmation message TAN2, a user does not have to know the address information URL before access. In addition, the address information URL in the first unit Company-A can be changed as required.

Further reference is made to Fig.l. Has the

Connection module M-CON received a confirmation message TAN2 and decrypted, so in a step S4 by the u> O ⁾ IV) P ¹ P ¹

Cπ o cπ o Cn o cn

<cn rt Cfl Cd Pi P- LP d α cn cn 3 Cd rt N d P ≥i P-? rt Pl CΛ Pi rf- φ Pl Öd ≥; er φ Ω Φ rt d P- φ Φ P- Φ Φ: P P- Φ Φ Φ P- d d d Φ μ- P- Φ d Φ P- d Φ tϋ d P-

P tr d Φ P ι rdd Ω tr PP Φ PPP Φ Pi rf P- o? R cn d rt d rt μ- _- "rd er Ω P • * _* tr • <i rt P- d φ d iQ ISI Φ rt d P Cfl iQ • Φ N α

H- d = P- P ¹ tr rt Φ rt iQ Φ P- iQ Pf Φ ≥; μ- Cfl Φ Φ P- CΛ φ rt p- et P Φ μ- Φ dd cn 3 rt P- α P P. P ^J P ι Φ Q. rt dd rt er P dd P- 0 P- Cd er d μ - d P d

P- Cfl • _^ p. o Φ 3 P- Φ td φ rt P Φ P Φ Φ P od φ d Φ Φ d φ iQ d Φ Pl P- d P oα φ φ P- CΛ Φ d Φ N P- d P- 3 d Λ df PPP rt Φ ^ P- cn d P α Φ d tr Ω 1 P- <! rt P φ Ω α rt d Φ Φ ö Ω d 3 O d 3 Q d rt P CΛ N iQ P Pf tr Cd rt φ μ- Pl P tr Φ _"* P ω P Cfl CΛ er tr P Φ PP o fl d Φ Cfl <! Φ d P P. Φ • P Hi O Φ rt ω P- φ cn φ 3 Φ d: P- 3 μ- α

3 iQ P ω Φ Cfl P- P φ d P er μ- H "μ- d cn Ω Ω p. Μ- cn P- P- Q. Pi d Ω do PP cn Φ Hi dd td P-? IQ dd CO tr tr Φ o cn rt 3 P d Φ Hi φ tr α α Φ φ z P- P- H) fl rt cn P- d P rt P ιp P rt cn P d P- cn d P P- rt d Φ rt P- φ O d P- α ιΩ d α rt P- rt d rt O <iQ ddd ^

P ddd φ φ ^ Pi Φ Φ d μ- s; Ω o φ P d Φ Pf Cd d Φ Φ cn Φ Hi φ d 1 cn H 3 P-: P- d tr ddo μ- tr d cn υq d JPP er 3 P cn vP n ö Φ cn d Cd d W rt Φ O <Q d Φ rt 3 Cfl Cfl Φ Φ Cd er Φ o er o is; PPO d cn φ rt P P- d Ω Cfl d O: φ O cn d μ- • P- P- P P- Φ t- ¹ n 3

1 rr tr ^ P iQ φ O Cfl P- rt Hi tr P CΛ Φ d ι P d Ω rt ddd • dd cn μ- o Φ P- Φ P p: ιQ P- P- 3 d φ P iQ <l P d tr μ- tr ¹ P α d P iQ

O d P d P- rt d O ^ r P Pi CO d μ- φ Ω PP Hi O P- α dd: d tr ¹ ^ d Φ

≥! α P Φ P φ d l d P O P- "er Cfl 3 O Ω P tr α P- μ- o Φ Φ d Hi S d μ- Cfl Cfl cn

3 Φ d cn d P er H rt d P- P μ- tr cn Hi rt? Cfl Pi P ιP d 1 ιP d ιP rt d P- P d iQ Φ Φ P CΛ P- Ώ do P do rt P P- Φ cn dot φ Φ Φ d rt rt rt K rt d P Cfl Φ O Φ Φ ddd μ- CΛ P- * Φ rt rt P cd P ι td N cn d ι d α Φ Pl Φ Cfl Cfl d P- P 3 ll Pi 03 1 iQ 3 CΛ μ- P- rt P d cn td d rt Φ Φ α s; cn PJ tr oα Ω P- Cfl d P- Cd rt Cd Φ CTl O rt l 3 3 ≤. tr he P

P. Φ P- πd P Φ tr Pi P- CΛ φ <! rt öd α • d ü d Φ α φ er o P p- p: Φ rt

Φ d P CΛ rr P- rt P- O φ P Φ er P Φ PP φ Cfl P- d P P- d UP μ ^j d -J cn α g 1 • rt P- N d cn P α Φ cn 3 td d rt P- Pl Φ er dd Hl P rt _^ Φ

O: • P- Td * d ιQ P- f cn φ er Φ Cfl P- μ- Cfl Φ Φ P Cd td P rt • P-

CΛ Hi rt P d rt Φ Cd P- μ- 3 μ- Cfl α d iQ P- d φ P o 0) d: P. Φ P- s: d

Hi ö tr O d Φ P O rt d rt P Φ Φ d CΛ d Ώ er P- er d Φ Φ φ Φ d O: rt I d rt s- d Φ α - N P- rt tr s φ d

Φ <o φ Φ cn Φ 1 3 cn

P- d P P rt • P- Pf P d er rt Φ Φ Cd Φ N P φ Ω er P P o Φ Φ Ω CΛ

Ω rt Ω Φ I ≥! P Cd d d Φ Cfl d P d d <P tr d ^ Cd 3 w d P P- tr Φ tr tr d o ^ d CΛ α Φ iQ P C fl rt ιq Φ er P- P Dd P- td P <d Φ P-

Φ P- * P * Φ rt O P- d cn Ό P K φ Φ P P P- d cn d: rt rt Φ φ rt

P Ω P "d N 3 er cn P P er PJ P d P- d P- Pi ι rt φ Φ P 3 Φ

3 tr P- P * cn d Φ P- Φ rt a d d = Φ PJ <! d: o Hi CΛ P, Ω dd Φ Φ P d μ- o Φ φ φ rt P rt P- d Pi Pi μ- d Φ er d Hi 1 d tr dd ω Pi cn CΛ CΛ φ P d P s: d Cfl 3 d rt er d CΛ P Φ Cd d rt ιp * d rt o φ 1 Ω 3 d N P- P- P- NP dd 1 PP ι φ Φ P Cd tr

CΛ d: P cn d P N Ω Φ d iQ d Tj CΛ 3 Φ d d: P μ- C P- d iQ <! P α Öd cn Ω Cfl er α d d s: tr P cn P P 1 P- P Hi er N er cn φ Ω rt φ P μ- P P tr p: Φ <! rt d Φ rt φ 3 3 o ü rt Φ s, ιP rt p tr Pl P d rt φ o

S rr P fl O Φ μ- p. μ- O Hi rt rt Φ α P P- Φ φ P_ Φ Hi rt Cfl s:

1 d = N 3 P- d P Φ rt 3 d π- P,: o: H μ- Cfl α P Φ P- CΛ ιP Cfl cn

CΛ Cfl H P- Ω er P- φ φ P d P er d rt Φ Ω P μ- rt d d 1 φ CΛ μ- Φ

Pl cn P- rt tr α ddd tr P- P- P ^« o Φ d Φ P tr d Φ Φ Φ rt Φ Cd er cn d P o Φ Ω rt Φ Φ PP Ω Φ φ P iQ P Cd cn Φ Hl dd P- P l

P ^« tr Φ PP P- d tsi tr 3 S P- d P d Φ Q rt Pi - ι dd = o Öd s: d φ iQ Φ P dd: μ- Pf P- er φ rt σ P

P- 3 rt 1 d Cfl P. N Φ rt Pf d rt Φ Pf d Ω ιp O: d Cd n φ • P s: d φ d * Ph P- w Φ ω Φ 3

P P. <Φ 1 α tr P ι d P tα d ω P- d rt Φ rt μ- Φ P P rt d P P φ α Φ φ d Φ * Hi P- iQ rt td fl ≥; Φ P s: μ- d rt * d P d rt P cn P d Φ o Pi μ- Φ φ f Ω d d P P- ιp P rt P- P P P- - P-

N 1 Cd rt P Pi Ω

1 3 d P- d tr rt d d P 1 1 μ- o = 1 P o d P P- 1 tr p- 1 d 1 Φ 1 φ 1 d 1 cn d

1 1 1 rt 1 d rt

<55 P Cfl N tr rt Cd S d rt P-. cn Pi <J Cfl H öd ω P P, d rt α- Cd 3 d cn

Φ d d Φ o Φ φ P Φ P 1 Φ Φ φ P- 1 d: Φ Φ d Φ rt er Φ φ Φ er P O: φ p:

P rt rt P 3 P μ- Clf d fl P P P P Cd P P P rt μ- φ Φ 3 d Φ 03 ι rt rt

Pi ON μ- Cfl rt Cfl 03 or 3 er <P 3 d P '> _* •>. P! - ^■ cn N

P P Φ <! rt Φ φ ≥! öd Φ ιO P P. Φ μ- Φ P φ N cn <P- P- tr P- P o P h- CXI PP φ rt d 1 d P- d P d <1 P μ- P- φ P φ Ω P-

P Cfl P P d μ- d <. Pi μ- d Φ öd P d Φ O rt d φ μ- P = P tr φ Ω

Φ P- <rr d Hi P iQ Φ P- 3 d P Ω Φ d CΛ rt PP Φ Hi er P tr d Φ O Φ Cfl 3 PP d rt d μ- ¹ P- tr dd 1 03 s: Ω 03 d P- ιP

P d P- P P- α lO N ι CΛ Φ iQ lO μ- Φ tr Φ P φ dd Φ φ φ cn d P- cn P- 1 Hi CΛ dd Φ Φ φ Pi ESI cn φ PP d rt ^ P 3 P P- rt d μ- φ> Hi 1 d Φ POP P- P- d 3 er Φ ι td <Hl 03 CΛ d P cn d

Φ iQ Φ α Ω CΛ Cd vQ t P <d Φ iQ o N P φ Φ P- Φ ^ 3 d Ω rt

P Φ tr Cd 3 P co P P. φ P- P s: d d d P l rt P μ- φ π ιP ω φ α o iQ tr Φ 5

P "Ϊ Cf d P φ ≥5 P- d. N P- ιP Φ P α 03 rt P i≤; rf Φ α rr rt Ω Φ φ φ P- φ P d Hi s: φ P cn d φ d 3 . μ-

P- Φ Φ ιp tr p- 3 P Cfl rt CΛ rt rt Hi P φ d er 1 P o d rt cn d 3 P φ d Φ rt d p: <1 • N S d P- Φ N l_l- d tr

P- Φ Hi P rt φ φ &> φ Hi P- O Φ P 1 Pi rt d φ P- S d O:

Ω α μ- er Φ Φ P d: cn P d n φ d d s: cn 1 P tr ^ P d φ N μ- Hl öd d P rt P- Hi o d Cfl P d Φ P- o P- φ

Φ rt P s: P ¹ d: Φ cn 3 rt α ≥! P Hl 3 P- P- φ K ts Φ d cn d Φ d cn • rt PP <1 Φ Φ Φ P- 03 td d = h- ¹ P td 1 P ^

O d d d rt Φ Φ O P- s: 1 p cn P- P- tr öd P- rt o

3 rt 1 ι Φ Cd z Ω P d O d φ CΛ P d P P Φ ιP CΛ o N

P- d cn d μ- Φ P- tr Hl Φ er Hl P Pf od tr d O 3 Φ μ- 55 s: φ rt μ- er ιP Φ P φ rt P Φ d Φ d = rt d Cd 3 Hi φ d £ dd Φ P cn N Φ td d α P- tr Pl P- P P- rt P μ- P- ιP cn Cd P-

P s: 3 P- Cfl Φ 55 ιP P P- rsι P rt rt rt Cfl Φ P cn tr

• P- rt d =

P ^J Φ p: d rr dd rt Φ dd P- _l- P Φ Φ er P rt φ <! P Φ er oo

Cfl P δo tr Φ rt Φ d μ- ^ d Φ? dd μ- 3 ^ Φ Φ P o cn d Φ μ ^j Cd Φ φ 3 N d Φ PP Φ cn P- P- Cd d <! φ PP

Cfl P P- d μ- P. d = φ 1 tr P P- Φ d rt er rt ιO P 03 cn φ Cfl rt CΛ td rt 3 φ d Φ Φ 03 P <P rt Pi μ- dd cn N d 3 * d

Φ α Φ P φ • d P- P- tr iQ d <cn 03 d φ rt Hl s: L Φ P μ- φ P d tr μ- φ d rt

P rt Cfl Φ • ^ 1 φ P s: 0) 55 P Φ 1 Φ P <! P P- ¹ P- tr rt

• rt P μ- Cd P d P, μ- P φ dd Φ P öd Φ 1 d tr Ω Φ Φ d Φ Hl PP • μ- P φ P d 3 rt Ω P Cd cn 53 PP tr P- d Cd NP 3 rt Ω d P. Hi N tr P- er Φ N tr d Φ Pi Φ rt rt rt P d tr P Φ Cd tr rt • ^ d φ N Φ Φ P d P rt CΛ Φ rt P Φ

N cn ι P 1 d Φ rt d <α PP <! s: d ι <! ι er N 1 3 rt Φ 3 ^ d φ P Φ> cn P do PP ¹ o Φ cn P Φ P Φ Φ Cd P o μ-

P Φ P- d Φ P ιP P Cfl P ¹ NP P- rt Φ P P- d P ιO 03 s: P Cd

Hi P Hi fl P P rsi d rt d ιP rt φ d Hi φ 1 d P- φ d 3 P

P Pi Hi d <! t he Φ φ ιP Φ Φ N CΛ Hi P P- Φ Ω P- P rt φ p- P- o φ ιP Φ P- Φ μ- p: CΛ d rt 1 PPH tr CΛ 1 Φ dd <Cfl d PP μ - d P dd Φ φ Φ! θ PP er φ S dd O rt ι p- φ O: er iP tr td cn d Φ P- Cfl d 1 • d P _^ 3 cn Hi rr μ- P Φ P- d P Hi Ω P Φ 3 P CΛ μ- h- "d ιP • 1 Hl φ P- the P- dd Cd Φ er 55 tr d P PJ ^ dd

P- ιP Φ P, Cd P ιP P ι Ω tr P P P- d rt Pi <03 o μ-

Ω cn Cfl P td φ CΛ rt fl d Φ tr cn Φ rt cn P φ rt d Φ Φ »d P tr" 3 Ω Cfl P- Φ P- rt cn d cn Φ Φ P- φ O dd N dd P ^ Cfl d 3 Φ

Φ tr cn d P d φ z ιP Ω d P- rt d d Pi Φ iQ o d P P

3 P Hl φ μ- μ- cn tr d cn Φ φ O P CΛ μ- ι 1

P p: Φ z o Cfl td P 3 3 1 Φ d d d O 1 i "φ öd H

P Da rt P- P * μ- o o P?

• α Φ P- O P d d

Φ φ d P- iQ ≥; d _^ Cd P- co Pf P-! P Φ P <ι φ • rt PP d rt rr rt rt d 1 P d Cfl d P Φ Φ l- ¹ 03 Φ μ- d 03 d P

Φ Φ rf n 1 φ I Cfl P P- 1 1 O d 1 P d 1 1 o 1 Cfl cn 05 1 1 1

Claims

claims

1. A method for secure information transmission between a user device (C) and a central computer device (SD) arranged in a closed network, characterized in that, starting from the user device (C), a connection request with the central computer device (SD) to a second one , computer device (SQ) not arranged in the closed network is signaled that the second computer device (SQ) transmits a message (TANl) containing a unique identification (SessionID) to a third computer device (SZ) arranged in the closed network, that in Cases in which the identification (SessionID) is recognized as valid, the third computer device (SZ) stores the identification (SessionID) in a database (DB) and sends a confirmation message (TAN2) back to the second computer device (SQ) that the user device (C) by means of a Best information message (TAN2) initializes a connection to the central computer device (SD), the connection being accepted by the central computer device (SD) only in cases in which the access of the user device (C) by means of the stored identification (SessionID) as is recognized legitimately.

2. The method according to claim 1, characterized in that the confirmation message (TAN2) contains address information (URL) for access to the central computer device (SD).

3. The method according to claim 1 or 2, characterized in that the signaling of the connection request by calling a connection module (M-CON) running on the second computer device (SQ) starting from a browser (B) running on the user device (C) he follows.

4. The method according to claim 3, so that access to the connection module (M-CON) is only possible for a limited, authorized group of people.

5. The method as claimed in one of the preceding claims, that the second computer device (S-Q) and the user device (C) are arranged in a further closed network.

6. The method according to claim 3 or 5, characterized in that the connection module (M-CON) transmits the identification (SessionID) to a running on the third computer device (SZ) memory module (M-STO), and that in cases where the Identification (SessionID) is recognized as valid, the memory module (M-STO) stores the identification (SessionID) in a database (DB) and the confirmation message (TAN2) is transmitted back to the connection module (M-CON).

7. The method according to claim 6, characterized in that data is transmitted between the connection module (M-CON) and the memory module (M-STO) according to the known HTTPS protocol (HTTPS: Hypertext Transport Protocol Secure).

8. The method according to claim 6 or 7, so that a data transmission between the connection module (M-CON) and the memory module (M-STO) takes place in encrypted form.

9. The method according to any one of claims 2 to 8, that the address information (URL) controlled by the connection module (M-CON) is displayed as a link on the browser (B).

10. The method according to claim 9, characterized in that when the link is called up on the user device (C), a checking module (M-CHE) is executed on the central computer device (SD) and automatically the information (SessionID) containing information is sent to the checking module (M-CHE) is transmitted.

11. The method according to claim 10, characterized in that in cases in which the transmitted identification (SessionID) is identified as valid by means of the identification (SessionID) stored in the database (DB), a connection between the browser (B) and the verification module (M-CHE) is set up and that in cases in which the transmitted identification (SessionID) is identified as invalid, an error message is transmitted from the verification module (M-CHE) to the browser (B).

12. The method according to claim 10 or 11, characterized in that a data transmission between the browser (B) and the checking module (M-CHE) takes place according to the HTTPS protocol.

13. The method according to any one of the preceding claims, that the validity of the identification (SessionID) is limited in time.

14. The method according to any one of the preceding claims, that the identification (session ID) is only valid for a connection establishment.