EP3643035A1 - Procédé de contrôle de l'obtention par un terminal d'un fichier de configuration - Google Patents
Procédé de contrôle de l'obtention par un terminal d'un fichier de configurationInfo
- Publication number
- EP3643035A1 EP3643035A1 EP18749431.5A EP18749431A EP3643035A1 EP 3643035 A1 EP3643035 A1 EP 3643035A1 EP 18749431 A EP18749431 A EP 18749431A EP 3643035 A1 EP3643035 A1 EP 3643035A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- terminal
- configuration file
- request
- management server
- obtaining
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
Definitions
- the invention relates to the general field of telecommunications.
- Such a configuration file typically comprises the technical elements enabling a user to take advantage of the communication service via his terminal such as, in particular, a login and a password assigned to the user to connect to the communication service, user parameters (ex. address book, telephone number assigned to it, etc.), and technical parameters intended to be implemented by the terminal during a communication service session (eg audio / video codecs, parameters voice over IP, etc.).
- the terminal can be fixed or mobile, hardware or software; it may be for example a smartphone (or “smartphone”), a computer, a digital tablet, or a software application (eg "softphone”) seeking access to a service voice over IP, video service, etc.
- a smartphone or “smartphone”
- a computer or a digital tablet
- a software application eg "softphone” seeking access to a service voice over IP, video service, etc.
- the configuration of a terminal to access a communication service offered by a network is done via the download by the terminal of a configuration file hosted on a remote configuration server (ex. SFST (Secure Shell File Transfer Protocol) or HTTP (HyperText Transfer Protocol) server, using an access address to this file that is configured at the factory in the terminal, this address includes, generically, the address (ex. URL (Uniform Resource Locator)) of the remote server, and the name of the configuration file, which is generated from a technical parameter of the terminal, typically its MAC (Medium Access Control) address.This address is very easy to generate once you know the MAC address of the terminal.
- SFST Secure Shell File Transfer Protocol
- HTTP HyperText Transfer Protocol
- the security measures implemented by the network of Access is usually sufficient to ensure that only a given terminal of a user accesses the configuration file intended for him and no other.
- a first technique may consist in particular of implementing, prior to obtaining the configuration file by the terminal, mutual authentication between the terminal and the communication service provider, via, for example, the TLS protocol.
- TLS Transport Layer Security
- a TLS certificate can be supplied at the factory to the terminal.
- this TLS certificate can be easily extracted from the terminal and thus compromised for use by a malicious third party device.
- a second technique may consist in imposing the entry by the user of the terminal, for example at the start of the terminal and prior to its configuration, an identifier and a password specific to the communication service and the user. This second technique, however, imposes a constraint of use on the user which may be difficult to accept in practice by the latter.
- the invention makes it possible to respond in particular to this need by proposing an automatic configuration mechanism of a terminal which advantageously relies on the existing procedures and reinforces their security via the generation of a secure token specifically for the terminal, triggered as soon as possible. when it is clearly associated with a user, this token used to define a secure address from which the terminal can access its configuration file.
- the invention relates, according to a first aspect, to a method of controlling the obtaining by a terminal of a configuration file enabling it to access a service, this method being intended to be implemented by a server service management and comprising:
- the service is a communication service.
- the invention also relates to a management server of a service, configured to control the obtaining by a terminal of a configuration file allowing it to access the service, the management server comprising:
- An application module of a default configuration according to which the management server rejects any request to obtain a configuration file by a terminal as long as this terminal is not associated with a user in a database the management server;
- Modules activated on receipt of a first request for obtaining the configuration file by a terminal comprising a first access address to the configuration file, and comprising:
- a first verification module configured to check whether the terminal is associated with a user in the database
- Modules activated upon receipt of a second request from the terminal for obtaining the configuration file comprising the second address, and comprising:
- a second verification module configured to check whether the secure token included in the second address included in the second obtaining request is valid
- the terminal attempts a first time to access its configuration file in a conventional manner, by sending a request to the predefined address, "generic" (first address in the sense of the invention) with which it has been previously configured.
- This first predefined address is for example configured with the MAC (Medium Access Control) address of the terminal, as in the current state of the art.
- this first predefined address is closed by default: the management server rejects all access requests to its configuration file formulated by the terminal to this address until it has been declared and associated with a user in the management server database, that is, as long as the management server is not able to ensure the legitimacy of the terminal that sends him a request to obtain a configuration file.
- the management server detects that the terminal is assigned to an identified user in its database, it specifically allocates a secure token from which it advantageously generates a second address, this time specific and therefore also secure that the terminal can then use to access its configuration file.
- the second address depends on the secure token that has been generated specifically by the management server for the terminal: the very way it is generated, from a secure parameter kept secret except the terminal concerned and not from a deterministic parameter such as the MAC address of the terminal, is enough to secure access to the configuration file.
- the invention is therefore very simple to implement.
- the security mechanism proposed by the invention comes in "overlay" of the existing configuration mechanism which consists of the terminal to fetch its configuration file to a predefined address with which it was previously configured.
- the invention does not require any additional configuration of the terminals.
- the second address is provided on the fly to the terminal once it has been checked that it was the terminal concerned by the required configuration file.
- the invention is therefore compatible with any existing industrial solution and does not require any proprietary evolution of the terminals.
- the implementation of the invention is transparent to the users of the terminals.
- the secure token is generated for the terminal if the terminal is associated in the database with a parameter allowing access to the configuration file by the terminal.
- Obtaining a configuration file is necessary when acquiring a new terminal by a user, but it can also be useful during the lifetime of the terminal (for example after a complete reset).
- An additional parameter provided in the database and allowing or not access to the configuration file by the terminal can easily handle such a situation.
- the token generated for a terminal is secure.
- the token can be unpredictably generated. No limitation is attached to how the token is generated unpredictably.
- an Advanced Encryption Standard (AES) symmetric encryption algorithm can be used which, applied to a string containing for example the MAC address of the terminal and a random key, makes it possible to generate a random and unpredictable token.
- AES Advanced Encryption Standard
- the unpredictability of the token also ensures that the second address generated from the token and allowing the terminal to access its configuration file.
- the generated secure token can advantageously be self-contained (or "self-contained” in the sense that it contains various information making it possible to process the request for obtaining the configuration file, for example a reference time, a user ID, etc.
- the secure token generated for the terminal may have a predetermined period of validity.
- the method further comprises following the triggering step, a step of rejecting any new request to obtain the received configuration file comprising the secure token.
- the management server is configured to accept only one access request to the configuration file. Any subsequent request is rejected. This further increases the security of the configuration mechanism implemented.
- a parameter denying the terminal access to the configuration file can be positioned in the database.
- this embodiment makes it possible to guard against attacks that would consist of repeatedly sending the same request to the second address.
- the triggering step comprises a step of sending a message to a reverse proxy server placed between the terminal and the management server, this message comprising an address of a configuration server adapted to generating or hosting the configuration file, this message being able to trigger a redirection by the inverse proxy server of the second obtaining request to the configuration server to make the configuration file available to the terminal.
- the reverse proxy server makes it possible to protect the management server and the configuration server, particularly when the terminal uses an unsecured network, such as the public Internet network, to access its configuration file. It is advantageously in a flow cut between the terminal and the management and configuration servers, and intercepts in this respect in particular all requests issued by the terminal.
- the inverse proxy server also manages access to the configuration file by interacting on the request. the management server, with the configuration server that hosts the terminal configuration file. This avoids direct access to the management server and the configuration server by the terminal, and this in a manner completely transparent to the terminal.
- the use of such a proxy proxy also makes it easy to implement load balancing solutions for the automatic configuration of the terminals: the inverse proxy may, depending on the unavailability of such or such a configuration server, redirect the terminal's request to a more available and less loaded configuration server.
- the triggering step comprises redirecting the second obtaining request to a configuration server adapted to generate or hosting the configuration file to make available to the terminal said configuration file.
- the redirection of the request to the configuration server is performed directly by the management server of the service, without the intervention of the reverse proxy server.
- the security mechanism proposed by the invention is based, as it is clear from the foregoing, on the service management server which implements the control method according to the invention, but also on the terminal and , in some embodiments, on a reverse proxy server located between the terminal and the management server.
- the invention also relates to a method for obtaining by a terminal a configuration file enabling it to access a service, this method comprising:
- the invention also provides a terminal comprising:
- a first transmission module configured to transmit at least a first request for obtaining a configuration file to access a service, said at least one first obtaining request comprising a first access address to the configuration file;
- a second transmission module activated on reception in response to the first request for obtaining a second configuration file access address including a token secure generated for the terminal by a service management server, and configured to issue a second request to obtain the configuration file including the second address;
- a receiving module adapted to receive the configuration file from a configuration server capable of generating or hosting the configuration file.
- the invention relates to a method of processing requests for obtaining by a terminal of a configuration file to access a service, this method being intended to be implemented by a reverse proxy server placed between the terminal and a service management server, the method comprising:
- a second step of redirecting a second request from the terminal for obtaining the configuration file comprising a second configuration file access address provided by the management server to the terminal by the intermediate of the reverse proxy server and including a secure token generated by the management server for the terminal.
- the invention also proposes a reverse proxy server placed between a terminal and a management server of a service, this inverse proxy server comprising:
- a first redirection module configured to redirect to the management server at least a first request from a terminal for obtaining a configuration file intended to enable said terminal to access the service, said at least a first request for access to the service; obtaining comprising a first access address to the configuration file; and a second redirection module, configured to redirect to the management server a second request from the terminal for obtaining the configuration file, said second obtaining request comprising a second configuration file access address provided by the server; management server to the terminal through the reverse proxy server and including a secure token generated by the management server for the terminal.
- the inverse proxy server is configured to manage two separate access addresses to the configuration file of the terminal, and redirect the requests relating to these two addresses to the service management server.
- the method of processing comprises a third step of redirecting the second obtaining request to a configuration server adapted to generate or hosting the configuration file, said third redirection step being triggered following reception. a message from the management server triggering provision of the terminal of the configuration file and including a configuration server address.
- This third redirection step is totally transparent for the terminal.
- the server further comprises a third redirection module configured to redirect the second obtaining request to a configuration server adapted to generate or hosting the configuration file, this third redirection module being activated on receiving a message from the management server triggering provision of the terminal of the configuration file and including an address of the configuration server.
- the invention also aims at a system for controlling the obtaining of a configuration file by a terminal for accessing a service, said system comprising:
- a service management server according to the invention.
- An inverse proxy server according to the invention placed between the terminal and the management server;
- a configuration server capable of generating or hosting the configuration file, and configured to supply the configuration file to the terminal on receipt of a message from the management server or the inverse proxy server.
- the terminal, the inverse proxy server, the processing method, the method of obtaining and the system according to the invention have advantages similar to those described above for the control method and the management server according to the invention.
- the different steps of the control method, and / or the method of obtaining and / or the processing method are determined by instructions of computer programs.
- the invention also relates to a computer program on an information medium, this program being capable of being implemented in a management server or more generally in a computer, this program comprising instructions adapted to the implementing the steps of a control method as described above.
- the invention also relates to a computer program on an information medium, this program being capable of being implemented in a terminal or more generally in a computer, this program comprising instructions adapted to the implementation of the steps a method of obtaining as described above.
- the invention also relates to a computer program on an information medium, this program being capable of being implemented in a reverse proxy server or more generally in a computer, this program comprising instructions adapted to the implementation steps of a method of treatment as described above.
- Each of the aforementioned programs can use any programming language, and be in the form of source code, object code, or intermediate code between source code and object code, such as in a partially compiled form, or in any what other form is desirable.
- the invention also relates to a computer readable information or recording medium, and comprising instructions of a computer program as mentioned above.
- the information or recording medium may be any entity or device capable of storing the program.
- the medium may comprise storage means, such as a ROM, for example a CD ROM or a microelectronic circuit ROM, or a magnetic recording medium, for example a floppy disk or a disk. hard.
- the information or recording medium may be a transmissible medium such as an electrical or optical signal, which may be conveyed via an electrical or optical cable, by radio or by other means.
- the program according to the invention can be downloaded in particular on an Internet type network.
- the information or recording medium may be an integrated circuit in which the program is incorporated, the circuit being adapted to execute or to be used in the execution of the method in question.
- control method the processing method, the method of obtaining, the management server, the terminal, the inverse proxy server and the system according to the invention in combination all or some of the aforementioned features.
- FIG. 1 shows, in its environment, a control system according to the invention
- FIG. 2 schematically illustrates the hardware architecture of the various elements of the control system represented in FIG. 1;
- FIG. 3 represents, in the form of a flow diagram, the different steps of a control method, a processing method and a method of obtaining according to the invention as they are implemented respectively.
- FIG. 1 represents, in its environment, a control system 1 according to the invention, in a particular embodiment.
- the service is a communication service.
- the control system 1 is adapted to securely frame the automatic configuration of a terminal 2 of a user U, in accordance with the invention, and more particularly to control the obtaining of by this terminal 2 of a configuration file CFG2 allowing it to access a communication service S.
- the service S is for example here a telephone service or voice over IP provided by a service provider 3.
- a configuration file CFG2 making it possible to access such a communication service typically groups together the technical elements enabling the user U to take advantage of the communication service S via his terminal 2, such as in particular a login and a password. pass assigned to the user U to connect to the communication service S, user parameters (eg his address book, the telephone number assigned to him to communicate on the service S, SIP password (Session Initiation Protocol), etc.), as well as technical parameters intended to be implemented by the terminal 2 during a session of the communication service S (eg audio / video codecs, voice over IP parameters, etc.) . It can also contain software or firmwares useful for the benefit of the communication service S.
- the terminal 2 applies the technical elements contained in the configuration file CFG2 during its sessions. use of the communication service S.
- obtaining a configuration file is necessary when a user acquires a new terminal, but it may also be necessary during the lifetime of the terminal (for example after a complete reset of the terminal). this one).
- control system 1 To frame the configuration of the terminal 2 to enable it to access the communication service S, the control system 1 is based, in the embodiment described here, on an architecture comprising various entities, namely:
- a management server 4 of the communication service S in accordance with the invention, and associated with a database 5, comprising activation data of the service S such as, for example, the users of the service, their telephone numbers; and the terminals associated with them (identified for example via their MAC address), etc. ;
- a reverse proxy server 7 (also commonly called “reverse proxy"), in accordance with the invention, placed in a flow cut between the terminal 2 and the management server 4 on the one hand, and between the terminal 2 and the server configuration 5 on the other hand.
- a reverse proxy server is conventionally used in computer networks to secure access from outside and in particular from the public Internet network to one or more servers located in an "internal" network. Any message coming from outside and intended for a server of the internal network protected by the inverse proxy server transits through it, which then redirects to the server of the internal network concerned.
- the inverse proxy server 7 protects access to the management server 4 and the configuration server 6. It intercepts all the requests sent by the terminal 2 to the management server 4 in particular, and redirects them to this one. In addition, in the embodiment described here, the inverse proxy server 7 also acts as an intermediary between the management server 4 and the configuration server 6 as further detailed.
- the terminal 2, the management server 4 and the inverse proxy server 7 all have the hardware architecture of a computer 8 as shown schematically and generically in FIG.
- the computer 8 comprises in particular a processor 9, a read-only memory 10, a random access memory 11, a non-volatile memory 12 and communication means 13 on one or more communication networks interconnecting the terminal 2, the management server 4 , the configuration server 6 and the inverse proxy server 7.
- the terminal 2, the management server 4, the configuration server 6 and the inverse proxy server 7 communicate with each other by using the http protocol or the HTTPS protocol (between the terminal 2 and the inverse proxy server 7), so that the communication means 13 comprise an http and / or HTTPS protocol stack.
- any other type of protocol making it possible to access a resource identified by an address can be used by the terminal 2, the server management 4, the configuration server 6 and the reverse proxy server 7, such as FTP (File Transfer Protocol).
- FTP File Transfer Protocol
- the ROM 10 of the computer 8 constitutes a recording medium or information according to the invention, readable by the processor 9 and on which is recorded a computer program according to the invention, referenced generically in Figure 2 by PROG.
- This PROG computer program differs depending on the entity in the ROM from which it is stored.
- the computer program is a PROG4 program comprising instructions for executing a control method according to the invention of obtaining by the terminal 2 configuration file CFG2 allowing it to access the communication service S.
- This program PROG4 defines, through its instructions, functional modules of the management server 4 which s' press on and / or control the hardware elements 9-13 of the computer 8 described previously, and which include in particular here as illustrated in FIG.
- An application module 4A with a default configuration DEF according to which the management server 4 rejects any request to obtain a configuration file by a received terminal until it is associated with a user in its database 5;
- 4B-4D modules activated on receipt of a request for obtaining by a terminal (for example by the terminal 2) of a configuration file allowing access to the service S, this request called “first request of obtaining "comprising a first URL1 access address to the configuration file.
- These modules are more particularly:
- a first verification module 4B configured to check if the terminal at the origin of the first request is associated with a user in the database 5; and o a generation module 4C of a secure token (or token) for the terminal (referenced by TOK2 for the terminal 2); and
- the generation module 4C and the transmission module 4D are activated if the first verification module 4B determines that the terminal is associated with a user in the database 5;
- Modules 4E and 4F activated on receipt of a second request from the terminal for obtaining the configuration file comprising the second URL2. These modules 4E and 4F are more particularly:
- a second verification module 4E configured to check whether the secure token included in the second address included in the second obtaining request is valid
- a triggering module 4F configured to trigger a provision of the terminal of the configuration file, this 4F module being activated if the second verification module 4E determines that the token is valid.
- the computer program is a program PROG2 comprising instructions for the execution of a method of obtaining according to the invention by the terminal 2 of the configuration file CFG2 allowing it to access to the communication service S.
- This program PROG2 defines, by means of its instructions, functional modules of the terminal 2 which rely on and / or control the hardware elements 9-13 of the computer 8 described above, and which include in particular here as illustrated in FIG.
- a first transmission module 2A configured to transmit at least a first request for obtaining a configuration file to access a communication service, said at least one first obtaining request comprising the first URL access address1 ;
- a second transmission module 2B activated on reception in response to the first request for obtaining the second URL2 access address including the TOK secure token generated for the terminal by the management server 4, the second module of emission 2B being configured to issue a second request to obtain the configuration file including the second address URL2;
- a reception module 2C adapted to receive the configuration file CFG2 from the configuration server 6.
- the computer program is a program PROG7 comprising instructions for the execution of a processing method according to the invention requests to obtain the configuration file CFG2 transmitted by the terminal 2 to be able to access the communication service S.
- This program PROG7 defines, by means of its instructions, functional modules of the inverse proxy server 7 which rely on and / or control the hardware elements 9-13 of the computer 8 described above, and which include in particular here as illustrated in FIG.
- a first redirection module 7A configured to redirect to the management server 4 the obtaining requests (first obtaining requests in the sense of the invention) sent by the terminal 2 and comprising the first access address URL1;
- a second redirection module 7B configured to redirect to the management server 4 the obtaining requests (second obtaining requests in the sense of the invention) sent by the terminal 2 and comprising the second URL2 access address.
- the program PROG7 also defines by means of its instructions a third redirection module 7C configured to redirect a second obtaining request received from the terminal 2 to the configuration server 6 on receipt of the data. a message from the management server 4 triggering a provision of the terminal 2 of the configuration file CFG2.
- FIG. 3 represents, in the form of a flow diagram, the main steps implemented, in accordance with the invention, by the terminal 2 and by the control system 1, to secure the automatic configuration of the terminal 2 in order to enable it to access to the communication service S offered by the service provider 3.
- These steps include the steps of the control method implemented by the management server 4 of the communication service S, the steps of the processing method implemented by the inverse proxy server 7, and the steps of the obtaining method implemented by the terminal 2.
- This first address URL1 is an access address to the configuration file CFG2 of the terminal 2 within the meaning of the invention. It is predefined generically as in the state of the art, that is to say from a "static" reachability address of the configuration server 6 and the MAC address of the terminal 2, noted here. @ MAC2.
- the first access address URL1 thus makes it possible to access the configuration server 6 which hosts or generates the configuration files making it possible to access the service S, and to identify on this server the configuration file CFG2 which is adapted to the terminal 2 and its user U (typically which is adapted to the capabilities of the terminal 2, the options subscribed if necessary by the user U as part of the service S, etc.).
- a first request REQ1 for obtaining the configuration file of the terminal 2 on the first predefined address URL1 with which it was configured at the factory is for example a HTTPS request sent on the URL address1 configured with the address of the configuration server 6 and the @ MAC2 address of the terminal 2.
- the request REQ1 is intercepted by the inverse proxy server 7, which is configured to redirect, through its first redirection module 4A, the requests comprising the URL1 to the management server 4 (step E20).
- the management server 4 is configured by default with a rule DEF according to which it rejects any request to obtain by a terminal of a received configuration file (a fortiori, a request for obtaining including the first address URL1 ) as long as this terminal is not associated with a user in its database 5. In other words, access to the configuration is closed to the terminals as they are not declared to the database 5.
- This default configuration DEF is applied by the application module 4A of the management server 4.
- the management server 4 Upon receipt of the request REQ1, the management server 4 thus verifies, through its first verification module 4B, whether the terminal 2 at the origin of the request REQ1 is identified in its database 5 and associated with a user (step E30). It uses for this purpose the address @ MAC2 of the terminal 2, present in a standard way in the request REQ1. As a variant, another identifier of the terminal 2 may be used as long as it corresponds to the identifiers used to inform the database 5 or is linked to such an identifier.
- the management server 4 rejects the REQ1 request from Terminal 2, by example by sending a Forbidden http 403 response message (step E40). This message passes through the inverse proxy server 7 which relays it to the terminal 2 (step E50).
- the rejection of the request REQ1 can be done via the sending to the terminal 2 of a predefined configuration file making it possible to display on the terminal 2 a message inviting it to configure its communication service S and to declare its terminal 2 to the service provider 3, via for example an administration portal provided for this purpose.
- step E60 he provides during this declaration a user identifier and an identifier of his terminal 2 , here the MAC @ MAC2 address of the terminal 2.
- a user identifier and an identifier of his terminal 2 here the MAC @ MAC2 address of the terminal 2.
- Alternatively, another type of identifier can be envisaged since it allows to identify and recognize the terminal 2 from its requests.
- This event triggers an update of the database 5 of the management server 4 (step E70); more precisely, following this declaration, the terminal 2 is associated, via its MAC @ MAC2 address, with the user U who has registered with the service provider 3 to benefit from the communication service S. This update triggers the regeneration of a SIP password for the terminal 2.
- the user U is prompted to restart his terminal 2 to begin his configuration in order to access the communication service S.
- the terminal 2 sends via its transmitting module 2A and its communication means 13, a new request for obtaining REQ1 'of its configuration file.
- This request REQ1 ' is a first request within the meaning of the invention.
- the request REQ1 ' is intercepted by the inverse proxy server 7 which, via its redirection module 7A, redirects it to the management server 4 (step E100).
- the management server 4 On receiving the request REQ1 ', the management server 4 checks, through its first verification module 4B, if the terminal 2 at the origin of the request REQ1' is identified in its database 5 and associated to a user (step E110). It uses for this purpose the address @ MAC2 of the terminal 2, contained in the request REQ1 '.
- the terminal 2 is registered in the database 5 in association with the user U.
- the verification module 4B thus determines, during its interrogation of the base 5, the terminal 2 is associated with a user (U) in the database 5 and can be configured.
- the management server 4 through its generation module 4C, then generates a TOK2 secure token for the terminal 2 (step E120).
- a token is in the form of a character string having a predefined dimension. This dimension may vary typically between 50 and 300 characters depending on the implementations. However, these values are given for illustrative purposes only and are not limiting in themselves.
- the generation module 4C uses, for example, the AES encryption algorithm, applied to a string of characters consisting of the MAC @ MAC2 address of the terminal 2 and a random event which may include a time stamp ( or "timestamp" in English) to ensure the uniqueness of the generated token and prevent its reuse.
- the AES encryption algorithm applied to a string of characters consisting of the MAC @ MAC2 address of the terminal 2 and a random event which may include a time stamp ( or "timestamp" in English) to ensure the uniqueness of the generated token and prevent its reuse.
- the secure token thus generated is advantageously random and unpredictable. It is dedicated to terminal 2 and only to this terminal. For example :
- TOK2 'EkRooesmoe56razazeg87ARu ii prea pr'
- the management server 4 stores it in its database 5, in association with the identifier @ MAC2 of the terminal 2. In the embodiment described here, it allocates the TOK2 token a limited, predefined validity period (for example 1h). ).
- the token TOK2 can be stored in another storage space than the database 5 in association with the address @ MAC2 of the terminal 2, for example in the non-volatile memory 12 of the management server 4.
- the management server 4 stores only the hazard that made it possible to generate the token TOK2 in association with the address @ MAC2, the token TOK2 being able to be easily regenerated from this randomness.
- This URL2 address is here of the following form:
- the second address URL2 is for example:
- URL2 https: //configuration.serviceS.com/EkRooesmoe56razazeg87ARuiipreapr/@MAC2.cfg
- the management server 4 via its 4D transmission module and its communication means 13, sends the second URL2 address thus generated to destination of the terminal 2, in a response message http 200 to its request REQ1 '(step E130).
- the address URL2 is a second access address to the configuration file of the terminal 2 within the meaning of the invention.
- TOK2 passes through the inverse proxy server 7, which relays it to the terminal 2 (step E140).
- the reception of the second URL2 triggers the sending by the terminal 2 via its second transmission module 2B and its communication means 13, a new request to obtain REQ2 of its configuration file, this time including the URL2 and token TOK2 included in this address (step E150).
- the REQ2 request is for example here a GET request on the URL2 address.
- the REQ2 request is intercepted by the inverse proxy server 7, which upon detection of the URL2 addresses it via its second redirection module 7A to the management server 4 (step El 60).
- the management server 4 On receipt of the REQ2 request, the management server 4, via its second verification module 4E, extracts the TOK2 token from the URL2 address. Then the verification module 4E interrogates the database 5 to check the validity of the TOK2 token, ie if it exists, is well associated with the terminal 2 (that is to say at its MAC @ MAC2 address present in the URL2), and is valid (step E170). It is assumed here that the tokens that are no longer valid are deleted from the database 5.
- the management server 4 via its trigger module 4F, triggers the provision of the terminal 2 of its configuration file CFG2 to access the communication service S (step E180).
- the management server 4 for example sends to the terminal 2 a Forbidden HTTP 403 message as described previously in step E40.
- the provision of the terminal 2 of its configuration file results in the sending by the management server 4 via its trigger module 4F and its communication means 13, a message http 302 to the inverse proxy server 7.
- This message requires the redirection of the REQ2 request sent by the terminal 2 to the configuration server 6 so that the terminal 2 can access its configuration file CFG2. It contains, in the "Location" field of its header, a URL6-CFG2 address comprising a static part corresponding to the reachability address denoted URL6 of the configuration server 6, and a dynamic part corresponding to the MAC @ MAC2 address of the terminal 2.
- the provision of the terminal 2 of its configuration file results in the redirection by the management server 4, via its trigger module 4F and its communication means 13, from the REQ2 request to the server configuration 6 so that it makes available to the terminal 2 its CFG2 configuration file.
- the management server 4 is configured to reject any new receive request received containing the TOK2 secure token allocated to the terminal 2. This step is however optional.
- a parameter indicating whether the obtaining of a configuration file is authorized or not can be recorded in the database 5 in association with the identifier of the terminal 2 and that of the associated user U.
- This parameter can be typically updated manually via a human-machine interface (HMI). If obtaining the configuration file is not allowed, everything happens as if the terminal was not associated with the user.
- Reception by the inverse proxy server 7 of the message http 302 containing the URL6-CFG2 triggers the redirection by the third redirection module 7C of the inverse proxy server 7 of the obtaining request REQ2 of the terminal 2 to the configuration server 6 (step 190).
- this redirection is carried out here by sending by the redirection module 7C, to the configuration server 6, the request REQ2 in which the URL2 has been replaced by the URL6-CFG2 (referenced by REQ2 '(URL6-CFG2) in Figure 3) to obtain the CFG2 configuration file.
- the configuration server 6 Upon receipt of the obtaining request REQ2 ', the configuration server 6 dynamically generates, in a manner known per se, the configuration file CFG2 adapted to the terminal 2 and allowing it to access the communication service S (step E200). To generate such a file, the configuration server 6 has, for example templates ("templates”) or programs pre-generated and pre-registered for different types of terminals. It uses the model or the program corresponding to the terminal 2, as well as the parameters of the user U and the terminal 2.
- templates templates
- programs pre-generated and pre-registered for different types of terminals. It uses the model or the program corresponding to the terminal 2, as well as the parameters of the user U and the terminal 2.
- such a configuration file 2 is generated in advance and hosted by the configuration server 6.
- the configuration server 6 supplies the inverse proxy server 7, in response to the request REQ2, the configuration file CFG2 thus generated, for example in an http 200 OK message (step E210).
- the inverse proxy server 7 transmits the configuration file CFG2 received from the configuration server 6 to the terminal 2 (step E220).
- the terminal 2 Upon receipt of the configuration file CFG2 by its reception module 2C and via its communication means 13, the terminal 2 proceeds to its automatic configuration in a manner known per se (step E230). It is now configured to allow its user U to access the communication service S.
- the service is a communication service.
- the service is not a communication service.
- the service is for example a service in the field of home automation.
- the terminal is a connected object able to communicate with a management server.
- the connected object is for example a room light or a sensor, for example a temperature sensor.
- the connected object is for example initially configured with a first address allowing access to the management server.
- a secure token is generated for this connected object and a second access address to a configuration file including the secure token is transmitted to the connected object.
- the connected object can obtain a configuration file.
- the configuration file contains user-specific settings.
- the configuration file can have one or more parameters specifying the frequency of the data to be traced back to the server. This data is for example chosen according to the preferences of the user.
- the configuration file contains parameters specifying the operating rules of the luminaire, for example operating hours chosen by the user.
- the configuration file contains coordinates of a mobile phone of the user authorized to communicate with the connected object.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Information Transfer Between Computers (AREA)
Abstract
Description
Claims
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FR1755628A FR3067538A1 (fr) | 2017-06-20 | 2017-06-20 | Procede de controle de l'obtention par un terminal d'un fichier de configuration |
PCT/FR2018/051404 WO2018234662A1 (fr) | 2017-06-20 | 2018-06-14 | Procédé de contrôle de l'obtention par un terminal d'un fichier de configuration |
Publications (1)
Publication Number | Publication Date |
---|---|
EP3643035A1 true EP3643035A1 (fr) | 2020-04-29 |
Family
ID=59811531
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP18749431.5A Pending EP3643035A1 (fr) | 2017-06-20 | 2018-06-14 | Procédé de contrôle de l'obtention par un terminal d'un fichier de configuration |
Country Status (3)
Country | Link |
---|---|
EP (1) | EP3643035A1 (fr) |
FR (1) | FR3067538A1 (fr) |
WO (1) | WO2018234662A1 (fr) |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP6318940B2 (ja) * | 2013-07-30 | 2018-05-09 | 株式会社リコー | サービス提供システム、データ提供方法及びプログラム |
US9426156B2 (en) * | 2013-11-19 | 2016-08-23 | Care Innovations, Llc | System and method for facilitating federated user provisioning through a cloud-based system |
FR3015168A1 (fr) * | 2013-12-12 | 2015-06-19 | Orange | Procede d'authentification par jeton |
-
2017
- 2017-06-20 FR FR1755628A patent/FR3067538A1/fr active Pending
-
2018
- 2018-06-14 WO PCT/FR2018/051404 patent/WO2018234662A1/fr unknown
- 2018-06-14 EP EP18749431.5A patent/EP3643035A1/fr active Pending
Also Published As
Publication number | Publication date |
---|---|
FR3067538A1 (fr) | 2018-12-14 |
WO2018234662A1 (fr) | 2018-12-27 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP2819052B1 (fr) | Procédé et serveur de traitement d'une requête d'accès d'un terminal à une ressource informatique | |
EP3008872B1 (fr) | Procédé d'authentification d'un terminal par une passerelle d'un réseau interne protégé par une entité de sécurisation des accès | |
EP2692089B1 (fr) | Mécanisme de redirection entrante sur un proxy inverse | |
EP3503508A1 (fr) | Procédé de traitement de requêtes et serveur proxy | |
WO2013093314A1 (fr) | Procede d'acces par un terminal de telecommunication a une base de donnees hebergee par une plateforme de services accessible via un reseau de telecommunications | |
WO2020016504A1 (fr) | Dispositifs et procedes de gestion d'un attachement d'un dispositif de communication a un reseau d'un operateur | |
EP3643035A1 (fr) | Procédé de contrôle de l'obtention par un terminal d'un fichier de configuration | |
EP3820112A1 (fr) | Procédé de configuration d accès à un service internet | |
WO2019239029A1 (fr) | Procédé de traitement de messages par un dispositif d'un réseau de voix sur ip | |
EP3149902B1 (fr) | Technique d'obtention d'une politique de routage de requêtes émises par un module logiciel s'exécutant sur un dispositif client | |
WO2023083770A1 (fr) | Procédé de recherche de données sensibles dans au moins un paquet de données, dispositif et système associés | |
WO2023083772A1 (fr) | Procédés de contrôle et de transmission, et entités configurées pour mettre en œuvre ces procédés | |
WO2023083769A1 (fr) | Procédé de traitement d'au moins un paquet de données, dispositif et système associés. | |
WO2023083771A1 (fr) | Procédés de contrôle, de vérification et de configuration, et entités configurées pour mettre en œuvre ces procédés | |
WO2024068722A1 (fr) | Procedes de resolution de nom, de communication, de traitement de messages et serveur, dispositif client et noeud relais correspondants | |
EP4073999A1 (fr) | Procede de traitement de requetes de resolution de nom de domaine | |
EP4158872A1 (fr) | Procede de delegation de la livraison de contenus a un serveur cache | |
FR3076638A1 (fr) | Procede de gestion d'un acces a une page web d'authentification | |
WO2017089710A1 (fr) | Procédé de distribution de droits sur un service et plateforme de service | |
EP3360293A1 (fr) | Moyens de gestion d'accès à des données |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: UNKNOWN |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE |
|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE |
|
17P | Request for examination filed |
Effective date: 20200114 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
AX | Request for extension of the european patent |
Extension state: BA ME |
|
RAP1 | Party data changed (applicant data changed or rights of an application transferred) |
Owner name: ORANGE |
|
DAV | Request for validation of the european patent (deleted) | ||
DAX | Request for extension of the european patent (deleted) | ||
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: EXAMINATION IS IN PROGRESS |
|
17Q | First examination report despatched |
Effective date: 20210428 |
|
RAP3 | Party data changed (applicant data changed or rights of an application transferred) |
Owner name: ORANGE |