WO2002037745A1 - Method for securely transmitting data between two terminals and a corresponding device for carrying out this method - Google Patents

Method for securely transmitting data between two terminals and a corresponding device for carrying out this method Download PDF

Info

Publication number
WO2002037745A1
WO2002037745A1 PCT/DE2001/004167 DE0104167W WO0237745A1 WO 2002037745 A1 WO2002037745 A1 WO 2002037745A1 DE 0104167 W DE0104167 W DE 0104167W WO 0237745 A1 WO0237745 A1 WO 0237745A1
Authority
WO
Grant status
Application
Patent type
Prior art keywords
data
data transmission
transmission network
safety
characterized
Prior art date
Application number
PCT/DE2001/004167
Other languages
German (de)
French (fr)
Inventor
Norbert Frisch
Original Assignee
Siemens Aktiengesellschaft
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/18Network architectures or network communication protocols for network security using different networks or paths for security, e.g. using out of band channels

Abstract

The invention relates to a method for securely transmitting data between two terminals (1, 2), whereby security-relevant data and useful data are transmitted. The security-relevant data is transmitted between the terminals (1, 2) over a first data transmission network (3), and the useful data is transmitted between the terminals (1, 2) over a second data transmission network (4). The invention also relates to a terminal (1, 2) for carrying out this method.

Description

description

A method for secure data transmission between two terminals, and apparatus for carrying out this method

The present invention relates to a method for secure data transmission between two terminals and a device for performing this method.

If data is transferred between two users or their devices via a communications network that is not secure, the data must be encrypted. An example is the data transmission between a 'customer (first participant) and his bank (second participant) over the Internet, the customer has the option to handle banking transactions over the Internet.

But the Internet does not provide secure data transmission, that a third party has the ability to "listen" to the data during the data transfer. In the transmission of security-related data, such as access code, PIN number and account number, thus could take an unauthorized access by a third party on that account. To transfer data containing sensitive data, the data to be transmitted must be encrypted by the sending and decrypted at the receiving.

The same is true for the data transmission, for example via e-mail when it is in the data to be transmitted to confidential data.

For encryption are known two types of methods: symmetric and asymmetric encryption.

In symmetric encryption, the data to be transmitted with a given key (code) are encrypted. The decryption of the data is done by the recipient ω> KJ μ> no Cn Ji o cπ

Figure imgf000004_0001

solved a terminal for performing this method according to the appended claim. 6

According to the present invention, the data transmission for use between two terminals via two sepera- th data transmission networks takes place (first and second data transmission network), being transmitted via the first data transmission network security-related data and the second data transmission system associated payload.

Belong together security-related data and user data are for example data ( "Bank application" as the input described) for performing an application be transmitted between two terminals.

Advantageous embodiments of the present invention are given in the respective subclaims.

So that the sensitive data to unauthorized borrowed inaccessible (ie safe) are transmitted, this data is advantageously transmitted via a secure connection. A secure connection is thereby the public switched telephone network (PSTN, Public Switched Telephone Network in analog or ISDN) method available, which is a circuit-switched data transmission network and a secure point-to-point establishes connection for data transmission between two parties.

Safety-relevant data can be, for example access data, PIN numbers (Personal Identification Number), account numbers, etc., for example, to share access to an account with a bank and allow you to perform banking transactions to this account.

Data that are not safety related (data) may be, for example, text and / or formatting information, etc., which do not include confidential data. For example, a text can be transmitted via the second data transmission network that includes rather than security-relevant data gaps. These gaps are with the safety-related data (confidential data) are transmitted via the first data transmission network completed.

Furthermore, the safety-relevant data may also include scrambling codes with which the user data to be transmitted via the second data transmission system comparable, and be decrypted.

In this case, secret data can, for example, are transmitted PIN numbers and other data that may be making no third party made accessible via the second data transmission network, as this data is encrypted with an encryption code (via another transmission path first data transmission network) is transmitted as the user data (second data transmission network).

The user data having a substantially higher proportion of data to be transmitted comprise usually as the safety-relevant data, further, for example ternet over a non-secure broadband (second) data transmission network to the home, which is a packet-switched data transmission network, transmitted.

With the appropriate request to the security of the security-relevant data can Ü additionally encrypted via the first data transmission network are transmitted.

The separation of the data to be transmitted in security-related data and user data through the means (13, 23) for automatically separating or merging data automatically according to preset criteria. Thus, certain fields can be identified as relevant to safety in a form, for example. Such fields include fields for entering PIN (Personal Identification Number, TAN (transaction number), account number, amount, credentials, etc.

A further possibility to carry out the separation of the data according to the invention, is generally classify all occurring numbers as safety relevant, and to transmit via the first data transmission network.

As already described, and encryption for data encryption and decryption of user data can be transmitted via the first data transmission network. Thus, the encryption data (codes) can be defined as a safety-relevant and transferred via the first data transmission network. All connections whose data including access data, PIN numbers, etc., are, as they are encrypted, defined as user data and transmitted accordingly via the second data transmission network.

The advantage of the present invention is particularly easy handling for the user of a secure data transmission. Furthermore, the security of data transmission through the simultaneous use of two data transmission networks is increased, in particular with the use of the public telephone network which provides a secure point-to-point connection, the first data transmission network.

The present invention is explained below based on preferred embodiments with reference to the accompanying drawings, in which:

Fig. 1 is a schematic representation of a data transmission between two terminals according to the invention using the process according to the invention, Fig. 2 is a schematic representation of the data transmission according to the invention in the xDSL transmission system, and

Fig. 3 is a schematic representation of the data transmission according to the invention on different approaches to data transmission networks.

Referring to Fig. 1, the operation of the present invention on the basis of a "bank application" will hereinafter be explained in more detail, showing an exemplary data transmission between a customer and his bank takes place.

The customer provides it with its PC (terminal 1) via the Internet (IP, the second data transmission network 4) connects fertil with the bank server (terminal 2) ago.

According to the present invention are to increase security during the data transmission at the same time two data transmission networks (first and second data transmission network 3, 4) used for data transmission. Uses the Internet mass data (user data) is transmitted that do not contain security-relevant information, such as text, research matierungs- and layout information.

Over the public switched telephone network security-related data is transmitted, such as access codes, PIN numbers, account numbers, etc. for access to that account. Furthermore, the security-relevant data can also encryption data (encryption key) for encryption and decryption of user data that are transmitted via the second data communications network include.

If a secure connection between two terminals 1 and 2 (for example, PC a customer with the bank's computer) may be constructed so is by the respective means 13, 23 for automatically separating or merging of data in addition to data transmission over the Internet a connection via the pub- fentliche telephone network constructed; the respective connections are made by means of the first and second interfaces 11, 21 and 12, 22 The device 13, 23 for automatically separating or merging data includes a corresponding application software that sierungsaufgaben the necessary signaling for setting up, controlling and terminating the connections performs. This application software performs a merge from the safety-related data and user data when sending a separation and when receiving.

To the separated data is added by the application software for sending information including a reconstruction sequence or a reconstruction algorithm. On the basis of this order (in the simplest case, a numbering of data packets) and this algorithm 23 are assembled the data back into the proper sequence for automatically separating or merging data by the receiving means 13. Optionally, the user data input by the receiving device 13, decrypted for automatically separating or merging data 23rd

Referring to Fig. 2, the implementation of the present invention in xDSL transmission method (x digi tal Subscriber Line) is explained below.

In xDSL transmission method, the data transmission takes place in different frequency bands. The transmission of the (safety) data network through the public telephony 3 (PSTN) in the POTS (Plain Old Telephone Service) and ISDN (Integrated Services Digital Network) are transmitted, (of the terminals 1, 2 in a deep relatively transmit small) frequency band (for example, 0 to 32 kHz). The data over the Internet 4 (IP) are transmitted are transmitted in a wider lying above 32 kHz frequency band from the terminals 1; 2. The data transfer of both frequency bands takes place from and to the terminals 1, 2 via a physical line.

In the example of FIG. 2, the object of the first and second interfaces 11, 21 and 12, 22 of the respective terminals 1, 2 is, therefore, to transform the safety-related data and the user data for transmission in the appropriate frequency bands (in this figure by the gravure or represented by the Hochpaßsymbol to send), and the data of a common physical cable. When receiving data separation of the frequency bands by the respective first and second 11, 21 and 12, 22 interface is reversed. The processing of the data as already described with reference to Fig. 1, based on the respective device 13, 23 for automatically separating or merging of data.

The data are transmitted via a physical line in different frequency bands must be allocated to ship via different transmission networks on these networks. For receiving the data is in turn transmitted via a line in different frequency bands to the terminal.

These objects are or xDSL Merger by so-called xDSL splitter (in Fig. 2 with the reference numerals 5 and 6 hereinafter) performed depending on whether the data is sent or received.

This xDSL Splitter / Merger are physically in front of the central office; but they can also be part of the exchange. For sending data to undertake a breakdown of the data corresponding to the frequency band and send the data on the corresponding data transmission network. For receiving the data from the respective data transmission networks can be transformed into the respective frequency bands and the respective terminal 1 is transmitted. 2 Referring to Fig. 3, the data transmission according to the invention will be explained in any access to the Internet and to the public telephone network.

The access of the terminals 1, 2 to the Internet can, for example, a so-called Powerline, ie via power cable, or other broadband cables (eg cable television). The terminals 1, 2 must have for this purpose corresponding second interfaces 12 and 22nd In the transmission of safety-related data, a connection over the first interface 11, 21 is established between the respective devices 13, 23 for automatically separating or merging of data. In the example shown, the access terminal 1 follows to the public telephone network via a mobile radio interface (GSM) and from terminal 2 via the fixed network.

In this case, any resulting access mixed forms are conceivable, that is, the terminal 1 may have other accesses to the two data transmission networks than the terminal. 2

The present invention are used for all applications where secure data transmission, ie, a data transmission to be protected from unauthorized access takes place.

In addition to the described application to banking transactions, other applications in overall e-commerce and multimedia are conceivable: For example with video-on-demand, can be accessed by a subscriber individually in the movies, the coded data (video) over the Internet are received. The respective participant will receive the currently paid key for decoding this film via the secure public telephone network. The same goes for any image, sound and film transfer. The transfer of user data does not have to follow on the Internet ER- here, it's also any other broadband network possible.

The present invention is also applicable for the handling of all types of transactions (eg, B2B, business to business) over the Internet. Here are transmitted automatically via the secure telephone network key business data, for example, also include a so-called. Digital signature for authenticity certification.

Claims

claims
1. A method for data transmission between two terminals (1, 2), wherein safety-related data and associated user data are transmitted, characterized in that the safety-relevant data via a first data transmission network (3) and the user data via a separate second data transmission network (4) between the terminals (1, 2) are transmitted.
2. The method according to claim 1, characterized gekennzeic net, that the first data transmission network (3) a leitungsvermit- teltes data transmission network and the second data transmission network (4) is a packet-switched data transmission network.
3. The method according to claim 1 or 2, characterized in that the safety-related data and the user data are transmitted at the same time.
4. The method according to claim 1, 2 or 3, characterized in that the safety-related data are access information for a specific application.
5. The method according to any one of claims 1 to 4, characterized in that the safety-related data includes encryption data to encrypt the user data.
6. terminal (1, 2) for performing the method according to egg nem of claims 1 to 5, having a first interface (11, 21) for transmitting data via a first data transmission network (3), a second interface (12, 22) for via data transmission Ü a second data transmission network (4), and means (13, 23) for automatically separating or merging of safety-relevant data of the first data transmission network (3) and user data of the second data transmission network (4) by means of the first and second interface ,
7. Endgrät (1, 2) according to claim 6, characterized in that the means (13, 23) for automatically separating or merging data separation or Zusammenfüh- tion performs according to preset criteria.
8th . Endgrät (1, 2) according to claim 7, characterized in that the means (13, 23) is automatically defined for automatically separating or merging numbers as safety-relevant while defines all the data other than user data.
9. Endgrät (1, 2) according to claim 7, characterized in that means (13, 23) defined for automatically separating or merging data contained in specially marked form fields automatically as a safety-relevant while all data other than user data Are defined.
10. terminal (1, 2) according to one of claims 6 to 9, characterized in that the first interface (11, 21), the data transmission via a circuit-switched data transmission network and the second interface (12, 22), the data transmission over a packet switched data transmission network performs.
PCT/DE2001/004167 2000-11-06 2001-11-06 Method for securely transmitting data between two terminals and a corresponding device for carrying out this method WO2002037745A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
DE10054941.1 2000-11-06
DE2000154941 DE10054941A1 (en) 2000-11-06 2000-11-06 A method of secure Datenübertrgung between two terminals, and apparatus for carrying out this method

Publications (1)

Publication Number Publication Date
WO2002037745A1 true true WO2002037745A1 (en) 2002-05-10

Family

ID=7662290

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/DE2001/004167 WO2002037745A1 (en) 2000-11-06 2001-11-06 Method for securely transmitting data between two terminals and a corresponding device for carrying out this method

Country Status (2)

Country Link
DE (1) DE10054941A1 (en)
WO (1) WO2002037745A1 (en)

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2380108A (en) * 2001-08-07 2003-03-26 Hewlett Packard Co Server system with segregated management LAN and payload LAN
WO2004004204A1 (en) * 2002-06-28 2004-01-08 Motorola, Inc., A Corporation Of The State Of Delaware Method and system for vehicle authentication of a component
EP1406464A1 (en) * 2002-09-25 2004-04-07 Siemens Aktiengesellschaft Method and communication device for secure set-up of a communication connection
WO2005020534A1 (en) * 2003-08-13 2005-03-03 Siemens Aktiengesellschaft Method and device for transmitting confidential and useful information y means of separate protected liaisons
US7010682B2 (en) 2002-06-28 2006-03-07 Motorola, Inc. Method and system for vehicle authentication of a component
GB2419785A (en) * 2004-10-27 2006-05-03 Roke Manor Research Ensuring the integrity of data by transmitting over at least two separate paths and comparing each reception to determine reliability
US7127611B2 (en) 2002-06-28 2006-10-24 Motorola, Inc. Method and system for vehicle authentication of a component class
US7131005B2 (en) 2002-06-28 2006-10-31 Motorola, Inc. Method and system for component authentication of a vehicle
US7137001B2 (en) 2002-06-28 2006-11-14 Motorola, Inc. Authentication of vehicle components
US7181615B2 (en) 2002-06-28 2007-02-20 Motorola, Inc. Method and system for vehicle authentication of a remote access device
US7228420B2 (en) 2002-06-28 2007-06-05 Temic Automotive Of North America, Inc. Method and system for technician authentication of a vehicle
US7325135B2 (en) 2002-06-28 2008-01-29 Temic Automotive Of North America, Inc. Method and system for authorizing reconfiguration of a vehicle
US7549046B2 (en) 2002-06-28 2009-06-16 Temic Automotive Of North America, Inc. Method and system for vehicle authorization of a service technician
US7600114B2 (en) 2002-06-28 2009-10-06 Temic Automotive Of North America, Inc. Method and system for vehicle authentication of another vehicle

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0801479A1 (en) * 1995-12-29 1997-10-15 AT&T Corp. Data network security system and method
EP0869651A1 (en) * 1997-04-01 1998-10-07 Telefonaktiebolaget Lm Ericsson A method and apparatus for secure data communication
EP0926611A2 (en) * 1997-12-23 1999-06-30 AT&T Corp. Method for validation of electronic transactions
US6012144A (en) * 1996-10-08 2000-01-04 Pickett; Thomas E. Transaction security method and apparatus

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE3717261A1 (en) * 1987-05-22 1987-11-19 Paul Bamberg Method for selecting television programmes by telephone
JP3729529B2 (en) * 1994-10-28 2005-12-21 ソニー株式会社 Digital signal transmission and reception system
US5778173A (en) * 1996-06-12 1998-07-07 At&T Corp. Mechanism for enabling secure electronic transactions on the open internet
US5852653A (en) * 1996-08-23 1998-12-22 Reel; John Steven Communications line security device
DE19846452A1 (en) * 1998-10-08 1999-12-16 Siemens Ag Access control method for access-restricted system e.g. for mobile radio and pay TV-system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0801479A1 (en) * 1995-12-29 1997-10-15 AT&T Corp. Data network security system and method
US6012144A (en) * 1996-10-08 2000-01-04 Pickett; Thomas E. Transaction security method and apparatus
EP0869651A1 (en) * 1997-04-01 1998-10-07 Telefonaktiebolaget Lm Ericsson A method and apparatus for secure data communication
EP0926611A2 (en) * 1997-12-23 1999-06-30 AT&T Corp. Method for validation of electronic transactions

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
BONNEY J C ET AL: "Universal broadband network access device", PARALLEL ARCHITECTURES, ALGORITHMS, AND NETWORKS, 1996. PROCEEDINGS., SECOND INTERNATIONAL SYMPOSIUM ON BEIJING, CHINA 12-14 JUNE 1996, LOS ALAMITOS, CA, USA,IEEE COMPUT. SOC, US, 12 June 1996 (1996-06-12), pages 146 - 153, XP010166771, ISBN: 0-8186-7460-1 *
JACKSON A: "ADSL for high-speed broadband data service", AEROSPACE CONFERENCE, 1998 IEEE SNOWMASS AT ASPEN, CO, USA 21-28 MARCH 1998, NEW YORK, NY, USA,IEEE, US, 21 March 1998 (1998-03-21), pages 451 - 465, XP010286910, ISBN: 0-7803-4311-5 *

Cited By (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7103654B2 (en) 2001-08-07 2006-09-05 Hewlett-Packard Development Company, L.P. Server system with segregated management LAN and payload LAN
GB2380108A (en) * 2001-08-07 2003-03-26 Hewlett Packard Co Server system with segregated management LAN and payload LAN
GB2380108B (en) * 2001-08-07 2004-11-17 Hewlett Packard Co Server system with segregated management lan and payload lan
US7181615B2 (en) 2002-06-28 2007-02-20 Motorola, Inc. Method and system for vehicle authentication of a remote access device
US7325135B2 (en) 2002-06-28 2008-01-29 Temic Automotive Of North America, Inc. Method and system for authorizing reconfiguration of a vehicle
US7010682B2 (en) 2002-06-28 2006-03-07 Motorola, Inc. Method and system for vehicle authentication of a component
US7228420B2 (en) 2002-06-28 2007-06-05 Temic Automotive Of North America, Inc. Method and system for technician authentication of a vehicle
WO2004004204A1 (en) * 2002-06-28 2004-01-08 Motorola, Inc., A Corporation Of The State Of Delaware Method and system for vehicle authentication of a component
US7549046B2 (en) 2002-06-28 2009-06-16 Temic Automotive Of North America, Inc. Method and system for vehicle authorization of a service technician
US7131005B2 (en) 2002-06-28 2006-10-31 Motorola, Inc. Method and system for component authentication of a vehicle
US7137001B2 (en) 2002-06-28 2006-11-14 Motorola, Inc. Authentication of vehicle components
US7127611B2 (en) 2002-06-28 2006-10-24 Motorola, Inc. Method and system for vehicle authentication of a component class
US7600114B2 (en) 2002-06-28 2009-10-06 Temic Automotive Of North America, Inc. Method and system for vehicle authentication of another vehicle
EP1406464A1 (en) * 2002-09-25 2004-04-07 Siemens Aktiengesellschaft Method and communication device for secure set-up of a communication connection
WO2005020534A1 (en) * 2003-08-13 2005-03-03 Siemens Aktiengesellschaft Method and device for transmitting confidential and useful information y means of separate protected liaisons
GB2419785A (en) * 2004-10-27 2006-05-03 Roke Manor Research Ensuring the integrity of data by transmitting over at least two separate paths and comparing each reception to determine reliability
GB2419785B (en) * 2004-10-27 2007-10-17 Roke Manor Research A method of determining reliability of data

Also Published As

Publication number Publication date Type
DE10054941A1 (en) 2002-05-29 application

Similar Documents

Publication Publication Date Title
Pfitzmann et al. ISDN-M ix es: Untraceable Communication with Very Small Bandwidth Overhead
USRE38070E1 (en) Cryptography system and method for providing cryptographic services for a computer application
US5852665A (en) Internationally regulated system for one to one cryptographic communications with national sovereignty without key escrow
US5341427A (en) Algorithm independent cryptographic key management apparatus
US5230020A (en) Algorithm independent cryptographic key management
US6904521B1 (en) Non-repudiation of e-mail messages
US5696880A (en) Communication system user authentication method
US6904524B1 (en) Method and apparatus for providing human readable signature with digital signature
US6128735A (en) Method and system for securely transferring a data set in a data communications system
US20060262929A1 (en) Method and system for identifying the identity of a user
US5664017A (en) Internationally regulated system for one to one cryptographic communications with national sovereignty without key escrow
US6058187A (en) Secure telecommunications data transmission
US20020087861A1 (en) Methods and systems for authenticating communications
US5475757A (en) Secure data transmission method
US5546463A (en) Pocket encrypting and authenticating communications device
US20080294726A1 (en) Private electronic information exchange
US20050100161A1 (en) Access to encrypted broadcast content
US5960086A (en) Unified end-to-end security methods and systems for operating on insecure networks
US7095851B1 (en) Voice and data encryption method using a cryptographic key split combiner
US20090147958A1 (en) Dynamic, Selective Obfuscation of Information for Multi-Party Transmission
US6529886B1 (en) Authenticating method for an access and/or payment control system
US20030115448A1 (en) Methods and apparatus for securely communicating a message
US7076657B2 (en) Use of short message service (SMS) for secure transactions
US5311596A (en) Continuous authentication using an in-band or out-of-band side channel
US6396929B1 (en) Apparatus, method, and computer program product for high-availability multi-agent cryptographic key recovery

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
122 Ep: pct application non-entry in european phase