WO2004107239A1 - Procede pour mettre a disposition et appeler des documents par l'intermediaire d'un reseau informatique - Google Patents

Procede pour mettre a disposition et appeler des documents par l'intermediaire d'un reseau informatique Download PDF

Info

Publication number
WO2004107239A1
WO2004107239A1 PCT/DE2004/001071 DE2004001071W WO2004107239A1 WO 2004107239 A1 WO2004107239 A1 WO 2004107239A1 DE 2004001071 W DE2004001071 W DE 2004001071W WO 2004107239 A1 WO2004107239 A1 WO 2004107239A1
Authority
WO
WIPO (PCT)
Prior art keywords
document
server
client
fragment
fragments
Prior art date
Application number
PCT/DE2004/001071
Other languages
German (de)
English (en)
Inventor
Laszlo Hasenau
Original Assignee
Laszlo Hasenau
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Laszlo Hasenau filed Critical Laszlo Hasenau
Publication of WO2004107239A1 publication Critical patent/WO2004107239A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • G06F16/955Retrieval from the web using information identifiers, e.g. uniform resource locators [URL]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/93Document management systems

Definitions

  • the invention relates to a method for providing and retrieving documents over a computer network.
  • Access data but of course not data from other patients. Developments are currently going towards the fact that patient-relevant data are stored on an extended patient card. These can be examination results or x-rays, for example. Another option is to use the patient card as an access key, the examination results such as X-ray images can also be provided by a server via a computer network. A particular security problem here is the transmission of the data from the server to the patient or the doctor who is querying the data.
  • Cryptographic methods for encrypting electronic data are known.
  • the sender and receiver have the same key. This key is used on the sender side for encryption and on the receiver side for decryption.
  • the secure and secret transmission of this key is a difficult problem, which is why asymmetric methods are usually used for the distribution of symmetrical keys, in which each user has a key pair that consists of a private and a public key.
  • the private key is only known to the owner.
  • the public key is accessible to everyone.
  • the two keys are inverse to each other, which means that data that was encrypted with one part of the key pair can only be decrypted with the other part. It is essential that the public key can be assigned to its owner, which is regulated by so-called certificates.
  • a data processing system for processing patient data which includes person-identifying data of a particular patient and associated health data, with a central office that contains a database storing health data, and with end devices that work with the central office to retrieve health data from the database and / or for reading health data into the central database.
  • the main idea is that the health data is stored in the central database without being assigned to the person and data, the health data record of a respective patient being assigned a data record identification code, the input of which is necessary to call up the health data record.
  • the data record identification code comprises a patient card code stored on an electronic patient card and a patient identification code to be entered by the patient.
  • DE 196 29 856 A1 discloses a method and a system for the secure transmission and storage of information that can be protected, in particular patient information, using a patient card.
  • the data stored on the patient card is protected by cryptographic methods. Only the same patient card can decrypt the data once a doctor has authenticated himself and the patient has given his consent. All the information the patient card needs to decide whether the doctor is authenticated and the keys to protect the administrative data and random keys are included in the chip.
  • the patient data can be freely transferred to any storage medium.
  • the chip controls both access to the data and the encryption and decryption functions. Random keys, which are encrypted with the data, ensure that each record remains separate from the other and that only authorized people can access it.
  • Each patient card has its own set of keys.
  • the system / method according to the invention is not only directed to patient data, but can also be applied to all data worthy of protection to which a restricted access right is to be granted.
  • the object of the invention is to provide a method for providing and retrieving documents via a computer network, in which encryption of the transmitted data is not necessary and without compatible cryptographic methods being used on the part of the sender and recipient.
  • the method claimed in claim 1 solves this task in the first step by dividing a document stored on a server into a plurality of fragments. For documents with multiple pages, each page of this document is divided into a large number of fragments. Each of these fragments is stored unencrypted on the server and has a long and cryptic fragment address within the permissible norms.
  • the invention is to be understood as a character string comprising up to 63 characters for a domain or subdomain (between two periods) and up to 255 characters for domain names and up to 2,083 characters as URL entry in a browser. These values are based on the maximum character lengths possible at the time of filing the patent application, which depend on the server software and browser used. Basically, the aim is to use the maximum available length of a character string.
  • the respective fragment addresses contain no reference to further fragments of the same document. This means that the document or a page of the document can only be fully merged if all fragment addresses are known. Furthermore, it must be possible to assemble the fragments into the original documents like a puzzle on the client system.
  • the individual fragments must be assembled according to a very specific scheme, which is referred to as a mask in the context of the invention. Every document or every page of a document has a unique mask that is assigned a long and cryptic mask address. Only when the mask address is known can the individual fragments be called up via the computer network. In a way, the mask is a master key that is part of a URL (Uniform Resource Locator).
  • URL Uniform Resource Locator
  • the mask address is entered into a query program on the client side, in particular an Internet browser, this is followed by the respective fragment address of the associated document or the associated page of a document, the mask address and several fragment addresses, preferably all fragment addresses, having to be entered first. results in a complete URL that enables the document to be retrieved from the server.
  • the method according to the invention it is possible, for example, to carry important medical data without any technical obstacles on any device connected to the computer network, in particular to the Internet can be called up in any web browser as a URL entry and displayed decrypted on the web browser, regardless of where the server and the client are located.
  • the decrypted document can then be displayed on a conventional output device. This can be, for example, a printout of a printer or a representation on a monitor.
  • the downloaded document or the page of a document can be transferred to a separate database in order to process the data further.
  • the mask address is the key to the correct URL. Even if an unauthorized person manages to find out the mask address despite using the long and cryptic mask address, it is still necessary to enter all fragment addresses, which should also be as long and cryptic as possible, in the correct order in order to display the document correctly bring. The longer and more cryptic the mask address, and the fragment addresses of the URL, the more difficult it is to find the correct URL via a request from a domain name server.
  • the length of a URL can be a maximum of 63 characters. With just 55 characters and the use of the numbers 0 - 9 and the letters A to Z and the hyphen, i.e.
  • the documents are stored anonymously on the server. This means that in particular personal data, such as laboratory values, are saved without reference to the patient. Since only the beneficiary, i.e. For example, if the patient has the correct URL, the anonymized data can be clearly assigned to the authorized person.
  • the fragments are advantageously components of a graphic reproducing a page of the document, which is displayed to the client (claim 3).
  • the fragments are arranged in rows and columns in accordance with the features of patent claim 4.
  • As many fragments as possible should be the same size.
  • the same size in the sense of claim 6 can relate to the spatial extent of a fragment in the sense of a section of a page.
  • the the same size can also mean that each fragment has the same amount of data, so that there are a large number of files of the same size on the server. This ensures that individual fragments cannot be assigned to a specific document based on their data volume.
  • the graphic is divided into several overlapping levels, each level representing a fragment. Again, all fragments should be the same size if possible. The size can be related to the data volume of each fragment as well as to the spatial extent of a level. Of course, a partial overlap of the levels is also possible.
  • the server blocks access by a client if the client repeatedly tries to call up a faulty URL on the server. Such failed attempts can on the one hand be attributed to incorrect information on the part of the client, but also to a possible attack on the server. In this case, it is expedient to exclude the client or clearly identifiable network subscribers from access to the server.
  • the fragment addresses and the mask address can basically be entered manually using an input device such as a keyboard. However, it is advisable to save the URL based on its length and the most cryptic letters and strings on a data carrier that is owned by the authorized person and is used by him, e.g. is carried with him.
  • This can be an insurance card, for example, on which the URL or several URLs are stored.
  • FIG. 1 shows how a request from a client 1 via a computer network 2 in the form of the Internet to a server 3 connected to the Internet 2 is judged.
  • the request is checked to determine which security level I to III exists.
  • Security level I means that each document stored on the server 3 has a long and cryptic address in the form of a URL, which is stored on the server 3 in accordance with the specifications for URLs. If the correct URL has been entered, the entire document is picked up and output to client 1.
  • Security level II means that every page of the document has a long and cryptic domain name. If the URL is entered correctly, the page is loaded directly from the server 3 and transferred to the client 1, where the page can then be displayed in full.
  • Security level III means that every object in the document is given a long and cryptic file name.
  • An object in the sense of the invention is to be understood in particular as a unit that cannot be assigned to a person, such as an X-ray image without a name or anonymized laboratory values of a patient.
  • security level IV the document to be called up is divided into individual fragments, in particular each page of the document is divided into individual fragments, which can only be reassembled into the original document or the original page with the knowledge of a mask. Therefore, if security level IV is present, the necessary mask is first loaded from the server 3 by entering the correct URL. The fragments belonging to the mask are then loaded by the server 3 and output to the client 1. This process is repeated until all fragments have been transferred to client 1 and the document or the page of the document is shown in full. The server 3 is then available for the next request. An important step in checking the correct URL is that the server's system logs whether a URL has been entered incorrectly. In this In the event of repeated incorrect entries, the unauthorized user, who is understood as the attacker of the system, can be blocked.
  • FIG. 2 illustrates how a URL 6 is entered in client 1 in input window 4 of a web browser 5.
  • a mask address 8 is transferred from a portable data memory 7, for example a magnetic optical or magneto-optical data carrier (for example a floppy disk or CD), into the input window 4.
  • a portable data memory 7 for example a magnetic optical or magneto-optical data carrier (for example a floppy disk or CD)
  • FIG. 2 illustrates how a URL 6 is entered in client 1 in input window 4 of a web browser 5.
  • a mask address 8 is transferred from a portable data memory 7, for example a magnetic optical or magneto-optical data carrier (for example a floppy disk or CD), into the input window 4.
  • a portable data memory 7 for example a magnetic optical or magneto-optical data carrier (for example a floppy disk or CD)
  • FIG. 2 illustrates how a URL 6 is entered in client 1 in input window 4 of a web browser 5.
  • a mask address 8 is transferred from a portable
  • the fragments 9a-13a are arranged in rows 14 and columns 15, the individual fragments 9a-13a having the same size and being part of a graphic.
  • the fragments 9a-13a are combined to form an overall image within the mask 16 formed from rows 14 and columns 15.
  • the individual fragments 9a-13a can, for example, be components of a graphic in GIF format.

Landscapes

  • Engineering & Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Data Mining & Analysis (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Business, Economics & Management (AREA)
  • General Business, Economics & Management (AREA)
  • Storage Device Security (AREA)

Abstract

L'invention concerne un procédé pour mettre à disposition et appeler des documents par l'intermédiaire d'un réseau informatique (2). Chaque page d'un document est subdivisée en une pluralité de fragments et enregistrée dans un serveur (3), et peut être appelée par l'intermédiaire d'un réseau informatique (1), notamment par Internet. A chaque fragment est associée une adresse de fragment cryptée univoque, si possible longue, qui peut être appelé par l'intermédiaire du réseau, ladite adresse faisant partie, avec une adresse de masquage, d'une adresse URL (Uniform Resource Locator) unique. Lorsqu'un client saisit cette adresse URL, le document associé ou une page du document associé est transmis(e) et appelé(e) du serveur (3) au client (1).
PCT/DE2004/001071 2003-05-22 2004-05-19 Procede pour mettre a disposition et appeler des documents par l'intermediaire d'un reseau informatique WO2004107239A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE10323755A DE10323755B9 (de) 2003-05-22 2003-05-22 Verfahren zum Bereitstellen und Abrufen von Dokumenten über ein Computer-Netzwerk
DE10323755.0 2003-05-22

Publications (1)

Publication Number Publication Date
WO2004107239A1 true WO2004107239A1 (fr) 2004-12-09

Family

ID=32731185

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/DE2004/001071 WO2004107239A1 (fr) 2003-05-22 2004-05-19 Procede pour mettre a disposition et appeler des documents par l'intermediaire d'un reseau informatique

Country Status (2)

Country Link
DE (1) DE10323755B9 (fr)
WO (1) WO2004107239A1 (fr)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0821326A2 (fr) * 1996-07-24 1998-01-28 International Business Machines Corporation Méthode et système pour la transmission et le stockage sécurisés de données à protéger
WO2000077642A1 (fr) * 1999-06-12 2000-12-21 Tara Chand Singhal Procede et dispositif d'anonymat pour les systemes informatiques et les transactions sur les services
DE10209780A1 (de) * 2001-10-11 2003-04-30 Symbasis Gmbh Datenverarbeitungssystem für Patientendaten

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0821326A2 (fr) * 1996-07-24 1998-01-28 International Business Machines Corporation Méthode et système pour la transmission et le stockage sécurisés de données à protéger
WO2000077642A1 (fr) * 1999-06-12 2000-12-21 Tara Chand Singhal Procede et dispositif d'anonymat pour les systemes informatiques et les transactions sur les services
DE10209780A1 (de) * 2001-10-11 2003-04-30 Symbasis Gmbh Datenverarbeitungssystem für Patientendaten

Also Published As

Publication number Publication date
DE10323755B9 (de) 2006-08-24
DE10323755B3 (de) 2004-08-19

Similar Documents

Publication Publication Date Title
EP2409452B1 (fr) Procédé de fourniture de paires de clefs cryptographiques
DE60029722T2 (de) Verfahren und vorrichtungen zur sicheren verteilung von öffentlichen und privaten schlüsselpaaren
EP3447667B1 (fr) Sécurité cryptographique pour un stockage de données réparti
DE69629857T2 (de) Datenkommunikationssystem unter Verwendung öffentlicher Schlüssel
DE10051571B4 (de) Methode und System zur Unterstützung von Sicherheitsvorgaben unter Verwendung einer Stylesheet-Verarbeitung
EP1108308B1 (fr) Systeme et procede permettant de controler le deroulement d'une session dans les applications en reseau
EP1946481B1 (fr) Dispositif de réalisation d une signature électronique améliorée d un document électronique
EP2340502B1 (fr) Système de traitement de données pour préparer des clés d'autorisation
EP1290530B1 (fr) Chiffrement de donnees a memoriser d'un systeme iv
EP1646988A2 (fr) Portail de protection de produits et procede de controle de l'authenticite de produits
DE102006012311A1 (de) Verfahren und Vorrichtung zur Pseudonymisierung von digitalen Daten
DE10233297A1 (de) Vorrichtung zur digitalen Signatur eines elektronischen Dokuments
DE69737806T2 (de) Datenverschlüsselungsverfahren
WO2003025758A2 (fr) Dispositif et procede pour mettre en place une politique de securite dans un systeme reparti
DE19911176A1 (de) Anonymisierungsverfahren
DE102015103251B4 (de) Verfahren und System zum Verwalten von Nutzerdaten eines Nutzerendgeräts
EP2491513B1 (fr) Procédé et système de fourniture d'objets de données à protection erdm
DE102008042406B4 (de) Verfahren zum sicheren Austausch von Daten
DE10323755B9 (de) Verfahren zum Bereitstellen und Abrufen von Dokumenten über ein Computer-Netzwerk
DE102019109341B4 (de) Verfahren zum sicheren Austausch von verschlüsselten Nachrichten
EP3747151B1 (fr) Procédé pour la génération d'arborescences sans métadonnées
EP3909217A1 (fr) Procédé et système de transmission d'informations
DE102010021655A1 (de) Verfahren zum Bereitstellen von EDRM (Enterprise Digital Rights Management) geschützten Datenobjekten
DE102018126763B4 (de) Kryptographieverfahren
DE102007046102B4 (de) Verfahren zum Schutz vor Veränderung von Daten und zur Authentifizierung des Datensenders bei der Datenübertragung durch Verwendung von Verschlüsselungsverfahren, bei denen mit Kenntnis von verschlüsselten und unverschlüsselten Daten andere Daten nicht mehr als zufällig richtig verschlüsselt werden können.

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
122 Ep: pct application non-entry in european phase