WO2007096249A1 - Procédé pour identifier de manière sûre la fin d'une session utilisateur - Google Patents

Procédé pour identifier de manière sûre la fin d'une session utilisateur Download PDF

Info

Publication number
WO2007096249A1
WO2007096249A1 PCT/EP2007/051178 EP2007051178W WO2007096249A1 WO 2007096249 A1 WO2007096249 A1 WO 2007096249A1 EP 2007051178 W EP2007051178 W EP 2007051178W WO 2007096249 A1 WO2007096249 A1 WO 2007096249A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
internet gateway
http
authentication
session
Prior art date
Application number
PCT/EP2007/051178
Other languages
German (de)
English (en)
Inventor
Rainer Falk
Wolfgang BÜCKER
Torsten Waldeck
Original Assignee
Siemens Home And Office Communication Devices Gmbh & Co. Kg
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Siemens Home And Office Communication Devices Gmbh & Co. Kg filed Critical Siemens Home And Office Communication Devices Gmbh & Co. Kg
Publication of WO2007096249A1 publication Critical patent/WO2007096249A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/108Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0884Network architectures or network communication protocols for network security for authentication of entities by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W74/00Wireless channel access
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/30Connection release
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/16Gateway arrangements

Definitions

  • the invention relates to a method for the secure detection of the end of a user session according to the preamble of the single claim.
  • a so-called Internet gateway such as a so- ⁇ -called WLAN (Engl. Wireless L_ocal Area Network) Access Point or wireless access point or a so-called ADSL (ger .: Asymmetric Digital Subscriber Line) modem
  • WLAN Wireless L_ocal Area Network
  • ADSL European Subscriber Line
  • the custom Internet access restrictions are enforced, must authenticate a respective user and then correctly assign the data traffic to a respective authenticated user to each respective authenticated user.
  • the end of a user session is recognized in different ways.
  • a user session is assigned an absolute session duration length, during which the user session is considered completed (absolute timeout).
  • a user enters a so-called logout (logout from the user session). In this case, the end of the relevant user session has been deliberately initiated or enforced.
  • the data traffic that belongs to a specific user can generally be assigned to this user only through "weak” and non-unique methods.
  • the problem here is in particular the processing of the so-called MAC (Media Access Control) and / or IP ( ⁇ nternet-p_rotocol) - address.
  • the predetermined maximum time period until a user inactivity is tolerated, on the one hand to be as short as possible, so that the end ei ⁇ ner relevant user session as accurately as possible with an actual past user session activity to ⁇ coincides, that is, the end of the user session as soon as possible to the last session activity is detected, but on the other hand, a user does not immediately authenticate again against the Internet gateway or login there, just because he has a short Pau ⁇ has inserted.
  • the exactness of the recognition of the termination of an active user session of a specific user should not depend on the specific user concerned always checking his user session in active mode by a logout, that is, by a specific logoff, explicitly ended.
  • the aforementioned problems are particularly relevant when one and the same client device connected to the Internet gateway is used alternately by different users.
  • a single so-called personal computer (PC) or a a so-called notebook as a client device in turn be used by the individual family members, and, at least here for the present example case, the individual family members are assigned different rights of use.
  • a subsequent family member may continue the user session of the previous active family member, with the rights that the previous active family member also has if the subsequent Fa ⁇ milien go not.
  • the children of a family could access web pages, but only the parents have the rights to access them. For children, this access is blocked if they log on using the same computer but with their own ID. The children would then be able to access the way pages when the parents, in the belief that they are going to resume the user session immediately, interrupt the user session and then stop the user session immediately. Then the end of the user session, the parents do not time, for example because of too However, large time constant for a tolerated inactivity ⁇ close enough recognized the children instead of their parents can lead to which is still in action user session on and, for example, access the web pages mentioned above.
  • HTTP coockies to track a user's surfing behavior towards a specific web server and to pre-allocate the user name of a user in question for future registration.
  • Session Tracking "known. The latter is also known under the title: "Remember-Login-Name”.
  • Authentication method is used, for example, in the already available broadband router: D-Link DFL-700 Network Security Firewall.
  • the subsequent network or data traffic which is mainly not addressed to the Internet gateway itself, but is only transported via this to another network area, the respectively authenticated associated users assign For example, the following properties are evaluated by the relevant Internet gateway: Client MAC and / or IP address;
  • SSL / TLS session for HTTPS network traffic to the access point.
  • Web browsers are computer programs for viewing web pages on the Internet. In addition to HTML pages, they can display various other types of documents.
  • HTTP Hypertext Transfer P j otocol
  • HTTPS HTTPS stands for Hypertext Transfer Pjotocol Secure (HTTPS) and is a network protocol that enables a secure HTTP connection between computers.
  • TLS is T_ransport L_ayer ⁇ Security and is a pro ⁇ Protocol for encrypting data transmissions on the Internet.
  • SSL SSL stands for Secure ⁇ Sockets L_ayer or Secure Server L_ine and stands for a network protocol for the secure transmission, inter alia, of Internet pages.
  • HTML Hypertext Markup L_anguage
  • HTML is a docu ⁇ tenformat on the Awarding of hypertext on the World Wide Web. It is a markup language for describing information in hypertexts.
  • Cookie A cookie is a short entry in a mostly small database on a computer and is used for the exchange information between computer programs or the time-limited archiving of information.
  • HTTP cookie An HTTP cookie is information that a web browser sends, which the browser then sends back to later users for access to the same web server.
  • MAC Media Access Control.
  • MAC is factory communication a term from the network ⁇ and describes a network protocol.
  • MAC address The MAC address (Media Access Control, also known as LAN address, Ethernet ID or Apple Airport ID) is the hardware address of all network devices used to uniquely identify the device in the network.
  • IP Internet P_rotocol.
  • IP refers to a protocol in network technology.
  • IP Address An IP address (Internet Protocol address) is a date that a logical addressing of devices (hosts) in IP networks such as the Internet, he ⁇ laubt. A host (for example, computer, router, printer, IP phone) will have at least one IP address unique in its subnet at a time. This allows IP addresses to communicate with each other on the network.
  • URL Uniform Resource Locator. URLs identify a resource through its primary access mechanism, often http or ftp, and the location of the resource on computer networks.
  • the object of the present invention is, starting from a method of the type mentioned, to provide a method for the secure detection of the end of a user session with the advantages of being automatically executable and suitable for the home.
  • the user authentication carried out for the first time by a user of the client device in question takes place between the relevant client device and the Internet gateway by HTTP or HTML (HTTP basic, Di ⁇ gest-Authentication, HTML form-based authentication), that is, to a web server on the Internet gateway.
  • HTTP HyperText Transfer Protocol
  • HTML HyperText Transfer Protocol basic, Di ⁇ gest-Authentication, HTML form-based authentication
  • the web server installs corresponding status information (HTTP cookie) on the client device.
  • the Internet gateway grants access to said specific user or its client device which corresponds to the authorizations of the authenticated user of the particular user in question (firewall, packet filter).
  • a first time counter expires regarding a tolerated user inactivity and / or an absolute session duration length for a current user session
  • an HTTP re-direct to an HTTP page on the Internet gateway.
  • the client device sends the installed status information (HTTP cookie) to the Internet gateway.
  • the Internet Gateway checks the sent status information. In a positi ⁇ ven check result then sends the Internet gateway another HTTP Re-Direct, now on the originally from the client device nally requested web page. In the case of a negative verification result, the Internet gateway requires a renewed user authentication as initially.
  • the Internet gateway uses both time counters for detecting the time period of the user's current non-use of the user session and time counters for recognizing the achievement or overrunning of an absolute session duration length. More preferably, the Internet gateway uses two values each for both the tolerated inactivity counter and the absolute session duration length counter.
  • the respective kür ⁇ zere value indicates that the method described above for immediate re-authentication is allowed without user intervention, and is therefore to be performed without user intervention. However, if the longer-lasting timer value has expired, a new, complete user
  • At least the first time counters can be set relatively short because the automatic re-authentication is carried out for a user without additional expenditure.
  • the current Anwen is if the message sent during the re- authentication status information to the user session is part of another user, ⁇ the session associated with that other users and enforced also associated with that user permission from that date.
  • the longer-lasting but not the traffic that authentication Re is not suitable for that is, all traffic except HTTP Request, continues to be assigned to the respective authenticated user and enforced its corresponding authorizations. Only when the prolonged time counter is running strig ⁇ , the permissions are enforced, the gel ⁇ th, as long as a user is not authenticated.
  • the communication to the Internet gateway includes special protocols such as HTTPS, ie HTTP over SSL / TLS instead of unsecured HTTP, then instead of or in addition to the Cockie-based status information, the special protocol session can also be used, for example SSL / TSL session, to be evaluated as status information.
  • the method according to the invention improves the recognition of a continuing or terminated user session for network traffic via an Internet gateway. This it is, ⁇ enough by the evaluation is combined a reliable, definitively attributable to the user relevant criterion for traffic to the Internet gateway with the Auswer ⁇ processing of less reliable criteria such as client IP / MAC address for traffic which is not directed to the Inter ⁇ net gateway. This combined, improved recognition is transparent to the user. He noted gege ⁇ appropriate, only a slight delay action in traffic.
  • the invention allows, for the short duration periods, ie for non-usage time sequences, small values to ver ⁇ call without the user through frequent to bother re-authentications. This will make the end of a user session more accurate and reliable.
  • the long-lasting time counters would be set to very large values, for example
  • the new user can only do so for a relatively short time, namely, until the next re-authentication based on the absolute session duration length Continue to use the session of the previous user.
  • Figure 1 shows a known deployment scenario for an Internet access
  • Figure 2 is a schematic flow of a known HTTP re-Direct process
  • FIGS 3 and 4 a schematic flow of an Internet connection according to the invention.
  • FIG. 1 is a notebook (wireless client) via a
  • the Internet gateway which establishes the actual In ⁇ ternet connection, ver ⁇ connected with the Internet (Internet).
  • the Internet gateway which in the present exemplary embodiment, as stated, is a WLAN access point, could for example also be realized by an ADSL modem operating in accordance with the Ethernet standard.
  • the notebook is just on the Internet page: wvjw. googl e. com, switched on.
  • FIG. 2 shows a schematic representation of a message flow diagram. It shows the basic processes for an Internet re-direction on a login page of a gateway.
  • the Internet gateway functions for a user, for example, as a wireless access point through which he can ⁇ fen zugrei on the Internet.
  • Such Internet re-directions are used by Freenet, for example, to force users who want to dial into the Internet into the Freenet home page instead of the home page they want to dial in to.
  • the Internet re-directions are used to force customers to a vor ⁇ given welcome page on which, for example, freely available local information is displayed. Such local information may, for example, concern information about airports or restaurant menus.
  • Such Internet re-directions are used to allow the user to enter authentication data so that the user can gain access to public internet sites.
  • the Internet Gateway monitors the access requests to port 80 (http).
  • the Internet Gateway intercepts the access request and redirects it to a special login page.
  • a user accesses the http server www. google. com and requests the file located on it: "/ index. html".
  • This access request is intercepted by the Internet Gateway.
  • the Internet gateway sends an HTTP re-direction message: 302 Moved Temporarily, back with the URL address is displayed in the instead vice ⁇ forwards will.
  • this is the login page of the Internet gateway: http: //192.168.0. l / login .html.
  • the wender then requests this login page instead of its original Internet site.
  • the Internet gateway After the user has authenticated, Internet access made by him is no longer intercepted by the Internet gateway. If the user now, for example, the www. google. com server requests, this request is immediately forwarded to the server in question. Preferably, after the authentication has been completed, the user's Internet gateway remembers the originally requested URL address and forwards the user to the corresponding destination address.
  • FIGS. 3 and 4 the re-authentication according to the invention, namely a cookie-based re-authentication, is shown in greater detail.
  • Cookie-based re-authentication can be used in two different ways.
  • the Web browser user profile defines specific Settin ⁇ gen such as so-called bookmarks, and other appli ⁇ the related peculiarities found also lets users related cookies be taken into account. So if the Be ⁇ operating system of a personal computer or used in ⁇ ternet browser already different users are different and have different profiles with each of these users in Connect this knowledge can be used so that an Internet gateway automatically authenticates the currently active user.
  • FIGS. 3 and 4 show in greater detail the re-authentication process according to the invention with reference to a schematic message flow diagram.
  • the figures 3 and 4 are to be understood in such a way that in Figure 4, the figure 3 is continued.
  • FIG. 4 is therefore to be attached to FIG. 3 below FIG.
  • FIGS. 3 and 4 The texts to be taken from FIGS. 3 and 4 are to be regarded as included in the present description. Therefore, they are not ex reproduced again at this point ⁇ plicitly.
  • three paths are arranged side by side, of which the left path is for a user, the middle one for a user-used Internet gateway and the right one for a server on the Internet. In between the corresponding information will be exchanged.
  • the arrow directions indicate the exchange direction. From top to bottom, the time sequence is plotted.
  • the Inter ⁇ net gateway as an access point to the Internet installs a Coockie on the client device, the device of the user in question.
  • the coockie is preferably already set with the first sent HTTP response, namely the sent login page of the access point. This allows the access point to recognize ⁇ when the second message is sent by the user, this message will contain the user name and the user's password, if the client device supports Coopers ckies. Supports client device ckies no Coopers, the access point a long time-out values could USAGE ⁇ , as the re-authentication for the user would not be transparent.
  • Timeout values may relate to both an absolute session duration length and a nonuse time period. In this case, both a short-term value and a long-term value can be taken into account for both positions. If a long-term value is not reached over ⁇ , is again a complete authentication necessary, at which the special user reference data must be entered. However, if only a short-term value has been exceeded, re-authentication based on coockies is accepted.
  • the user accesses an Internet site with a specific URL, for example on the public Internet. For example, he accesses the Internet site http://www.yahoo.com/index.html.
  • the HTTP request to the Internet is caught by the access point.
  • the access point sends a re-direction message (Moved Temporarily) to the user's client device to direct its request to the login page of the access point provided by the access point. If the user requests his access with this login page, then the client device of the user with this request also immediately sends corresponding coockies to the access point. If the access point then accepts the sierende on data supplied Coockies ba ⁇ re-authentication takes place Wiederak ⁇ tivtechnik the blocked because of timing user session.
  • a re-direction message Moved Temporarily
  • the elapsed time counter is reset.
  • the user is sent back a second re-direction message (Moved Temporarily) in which the user is informed that his request is now for the originally requested Internet appearance, in the present case the originally requested URL http://www.yahoo.com/index.html, is diverted.
  • the user can now request this appearance without the request being intercepted by the access point. There now exists ⁇ as a valid user session for the user.
  • the access point In the event that the access point decides on the hand of him in the course of the diversion from the client device sent coockies that re-authentication of the user is not is acceptable, the access point, in its second response to the user, directs the user to the "normal" login page provided for that access so as to allow the user to log in completely.
  • the identification of a previously already authenticated user with reference to a Coockies or with reference to a vormali ⁇ gen SSL / TLS session can also be used to avoid the that a user's user name or user name, his password or password, and so on must enter. If a valid copy or valid SSL / TLS session has been recognized for a user, this information is accepted as a user authentication.
  • the period of validity of such an authentication can be limited in time. After this period of validity, the user must authenticate himself again with his user name and password. Although security is obviously reduced if the password is not entered as well. Nevertheless, it is user-friendly and can be accepted if this simplification is combined with automatic re-direction to the currently requested URL destination.
  • the value or meaning stored in the mailing is in a form that can not be decrypted by any of the various users.
  • One way is to store a supposedly random value ("nonce"). In any case, you should not save the user name, a user ID or a session counter. Such information could be determined.
  • the password should not be saved because it would be decipherably transmitted each time an Internet page is accessed on the access point. In addition, it would be stored in decipherable manner on the personal computer.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

L'invention concerne un procédé pour identifier de manière sûre la fin d'une session utilisateur, ce procédé permettant une nouvelle authentification automatique. L'authentification utilisateur effectuée pour la première fois pour un utilisateur spécifiquement concerné d'un appareil client est exécutée entre l'appareil client correspondant et une passerelle Internet par HTTP ou HTML, c'est-à-dire, par rapport à un serveur Web sur la passerelle Internet. Ce serveur Web installe une information d'état correspondante sur l'appareil client. Lorsque l'authentification a réussi, la passerelle Internet accorde un accès audit utilisateur spécifiquement concerné qui correspond aux droits de cet utilisateur. Lorsqu'un premier compteur horaire comptant une inactivité tolérée de l'utilisateur et/ou une durée de session absolue s'arrête à la fin d'une session utilisateur courante, une redirection HTTP vers une page HTTP est effectuée sur la passerelle Internet lors d'une demande HTTP ultérieure effectuée par l'appareil client dudit utilisateur pour accéder à un serveur Web dans Internet à partir de la passerelle Internet. L'appareil client envoie l'information d'état installée par ledit serveur Web à la passerelle Internet. Cette passerelle Internet vérifie l'information d'état envoyée. Si la vérification est positive, ladite passerelle Internet envoie une redirection HTTP supplémentaire vers la page Web demandée à l'origine par l'appareil client, sinon une nouvelle authentification utilisateur telle que décrite initialement est demandée.
PCT/EP2007/051178 2006-02-20 2007-02-07 Procédé pour identifier de manière sûre la fin d'une session utilisateur WO2007096249A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE102006007793.8 2006-02-20
DE102006007793A DE102006007793B3 (de) 2006-02-20 2006-02-20 Verfahren zum sicheren Erkennen des Endes einer Anwender-Sitzung

Publications (1)

Publication Number Publication Date
WO2007096249A1 true WO2007096249A1 (fr) 2007-08-30

Family

ID=38038026

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2007/051178 WO2007096249A1 (fr) 2006-02-20 2007-02-07 Procédé pour identifier de manière sûre la fin d'une session utilisateur

Country Status (2)

Country Link
DE (1) DE102006007793B3 (fr)
WO (1) WO2007096249A1 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009115528A3 (fr) * 2008-03-17 2009-12-03 Vodafone Group Plc Arrangements d'autorisation de terminal mobile
US8549605B2 (en) 2011-07-22 2013-10-01 Sony Corporation System and method for automatically establishing new session with interactive service after previous session expiration

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102006051826B3 (de) * 2006-11-03 2008-03-27 Mindlab Gmbh Netzwerk
US20120198539A1 (en) * 2009-08-31 2012-08-02 China Mobile Communications Corporation Service Access Method, System and Device Based on WLAN Access Authentication
DE102021109253B4 (de) 2021-04-13 2022-11-17 Sma Solar Technology Ag Verfahren zum login eines autorisierten nutzers auf ein gerät, insbesondere auf ein gerät für eine energieerzeugungsanlage, und energieerzeugungsanlage mit gerät

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030074580A1 (en) * 2001-03-21 2003-04-17 Knouse Charles W. Access system interface
US20040073660A1 (en) * 2002-10-15 2004-04-15 Toomey Christopher Newell Cross-site timed out authentication management
WO2005011205A1 (fr) * 2003-07-22 2005-02-03 Thomson Licensing S.A. Procede et appareil de gestion d'acces prepaye a un reseau radio

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7941534B2 (en) * 1997-04-14 2011-05-10 Carlos De La Huerga System and method to authenticate users to computer systems
US7769845B2 (en) * 2001-05-04 2010-08-03 Whale Communications Ltd Method and system for terminating an authentication session upon user sign-off
US20050251856A1 (en) * 2004-03-11 2005-11-10 Aep Networks Network access using multiple authentication realms

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030074580A1 (en) * 2001-03-21 2003-04-17 Knouse Charles W. Access system interface
US20040073660A1 (en) * 2002-10-15 2004-04-15 Toomey Christopher Newell Cross-site timed out authentication management
WO2005011205A1 (fr) * 2003-07-22 2005-02-03 Thomson Licensing S.A. Procede et appareil de gestion d'acces prepaye a un reseau radio

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009115528A3 (fr) * 2008-03-17 2009-12-03 Vodafone Group Plc Arrangements d'autorisation de terminal mobile
US9253188B2 (en) 2008-03-17 2016-02-02 Vodafone Group Plc Mobile terminal authorisation arrangements
US8549605B2 (en) 2011-07-22 2013-10-01 Sony Corporation System and method for automatically establishing new session with interactive service after previous session expiration

Also Published As

Publication number Publication date
DE102006007793B3 (de) 2007-05-31

Similar Documents

Publication Publication Date Title
DE69830726T2 (de) Verfahren zum betrieb eines systems von authentifizierungsservern sowie ein solches system
DE60319791T2 (de) Verfahren und Vorrichtung für den Zugang eines Computers zu einem Kommunikationsnetzwerk
DE602004003518T2 (de) Verfahren und System zum legalen Abfangen von Paketvermittlungsnetzwerkdiensten
DE602004003568T2 (de) Netzzugangskontrolle für ein mit einem VPN-Tunnel verbundenes Endgerät
DE60220718T2 (de) Verfahren und system zur sicheren behandlung von elektronischen geschäften im internet
DE602004011689T2 (de) Verfahren und System zur Handhabung der Übermittlung von Inhalten in Kommunikationsnetzen
DE602004010703T2 (de) Eine persistente und zuverlässige sitzung, die neztwerkkomponenten unter verwendung eines verkapselungsprotokolls sicher durchläuft
DE602005000543T2 (de) Ein Verfahren und eine Vorrichtung zur Unterstützung des Umschaltens derselben Sitzung zwischen den Endgeräten eines Endnutzers
DE602004012870T2 (de) Verfahren und system zur benutzerauthentifizierung in einer benutzer-anbieterumgebung
DE112012002729T5 (de) Zero-Sign-On-Authentifizierung
DE60313445T2 (de) Apparat und Methode für eine Authentisierung mit einmaliger Passworteingabe über einen unsicheren Netzwerkzugang
DE60203099T2 (de) Eine Methode, ein Netzwerkszugangsserver, ein Authentifizierungs-, Berechtigungs- und Abrechnungsserver, ein Computerprogram mit Proxyfunktion für Benutzer-Authentifizierung, Berechtigung und Abrechnungsmeldungen über einen Netzwerkszugangsserver
DE60028229T2 (de) Herstellung dynamischer Sitzungen zum Tunnelzugriff in einem Kommunikationsnetzwerk
DE60001832T2 (de) Übertragungsverfahren und vorrichtung
WO2004043045A2 (fr) Procedes de pre-transmission de quantites de donnees structurees entre un dispositif client et un dispositif serveur
CN101212374A (zh) 实现校园网资源远程访问的方法和系统
DE69636945T2 (de) Anordnung für einen Netzzugang über das Telekommunikationsnetzwerk durch einen ferngesteuerten Filter
DE102006007793B3 (de) Verfahren zum sicheren Erkennen des Endes einer Anwender-Sitzung
DE60215482T2 (de) Architektur zur bereitstellung von internetdiensten
DE60130899T2 (de) Wap-sitzung tunneling
DE10025271A1 (de) Verfahren zum Aufbau einer Verbindung zwischen einem Endgerät und einem bedienenden Mobilfunknetz, Mobilfunknetz und Endgerät dafür
EP2215806B1 (fr) Carte à puce internet
DE602004010625T2 (de) Erzwungene verschlüsselung für drahtlose lokale netzwerke
EP2680497A1 (fr) Accès externe à une unité de commande domestique basée sur IP dans un réseau local
DE112004000125T5 (de) Gesichertes Client-Server-Datenübertragungssystem

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 07704432

Country of ref document: EP

Kind code of ref document: A1