WO2011023149A1 - Procédé et système pour l'échange contrôlé de données entre dispositifs de technologie de l'information identifiés - Google Patents

Procédé et système pour l'échange contrôlé de données entre dispositifs de technologie de l'information identifiés Download PDF

Info

Publication number
WO2011023149A1
WO2011023149A1 PCT/DE2009/001195 DE2009001195W WO2011023149A1 WO 2011023149 A1 WO2011023149 A1 WO 2011023149A1 DE 2009001195 W DE2009001195 W DE 2009001195W WO 2011023149 A1 WO2011023149 A1 WO 2011023149A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
key
dial
party
otp
Prior art date
Application number
PCT/DE2009/001195
Other languages
German (de)
English (en)
Inventor
Robert Niggl
Original Assignee
Robert Niggl
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Robert Niggl filed Critical Robert Niggl
Priority to DE112009005190T priority Critical patent/DE112009005190A5/de
Priority to EP09747786A priority patent/EP2471213A1/fr
Priority to PCT/DE2009/001195 priority patent/WO2011023149A1/fr
Publication of WO2011023149A1 publication Critical patent/WO2011023149A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/065Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
    • H04L9/0656Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16HHEALTHCARE INFORMATICS, i.e. INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR THE HANDLING OR PROCESSING OF MEDICAL OR HEALTHCARE DATA
    • G16H10/00ICT specially adapted for the handling or processing of patient-related medical or healthcare data
    • G16H10/60ICT specially adapted for the handling or processing of patient-related medical or healthcare data for patient-specific data, e.g. for electronic patient records
    • G16H10/65ICT specially adapted for the handling or processing of patient-related medical or healthcare data for patient-specific data, e.g. for electronic patient records stored on portable record carriers, e.g. on smartcards, RFID tags or CD
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/14Multichannel or multilink protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/88Medical equipments
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Definitions

  • the present invention relates to a method and a system for the controlled secure partial or complete remote data transmission (EDI) between identified IT systems, which are hereinafter referred to as carrier systems and their entirety ensemble, in particular with a method whose data flow is controlled by means of checkpoints ,
  • EDI controlled secure partial or complete remote data transmission
  • Computer system ⁇ hereafter referred to as data pool; o 'leads to a second party - hereinafter referred to as "inspection body" - which is anonymous by design with respect to R;
  • Transmission path to the control point redirects -following
  • o is first calculated ⁇ or ⁇ 'with the coupling signals ⁇ , ⁇ '; o obtains the coupling signal D via dial-up access to the data pool with an indication of R, P and authorizes for an identifier j;
  • the system has at least one central memory (hereafter
  • Called data pool with an extended storage capacity, which is used as an intermediate storage by means of EDI by carrier systems of the ensemble.
  • the system has at least one checkpoint.
  • the central memory can be used as a key register and
  • control data can still be chosen so that even one
  • the system therefore provides in particular a technology alternative to egk.
  • X is transferred from the source system i to the target system j, as well as a technical specification of the sections;
  • Fig. 2 a diversion of the direct connection
  • FIG. 3 shows a block diagram of the transmission links with a distribution of
  • 4 is a block diagram of the transmission bits / auxiliary data for example 1;
  • Fig. 5 is a block diagram of the transmission / auxiliary data of Example-2;
  • Fig. 6 is a block diagram of the transmission / auxiliary data of Example-3;
  • Fig. 7 a schematic representation of the structure of the architecture of a
  • Encryption techniques are hereafter referred to as tuples (*, **, ⁇ ), where * is the encryption operator, ** the decryption operator, and ⁇ the set of allowed key pairs.
  • the encryption then takes place by selection / calculation of a permissible key pair (S 5 S '), so that
  • ⁇ Encryption is done bit by bit by linking each bit of X to a random bit that is used only for that bit, i. the key S must therefore be at least as long as X, must be generated randomly and may only be used for X.
  • the link can be e.g. via the XOR comparison - known in mathematics as addition in the body
  • the central patient file of the egk is not OPT-encrypted; their encrypted
  • the source text X is encrypted with the auxiliary key (X * H).
  • An exchange procedure is formally understood as a tuple (X, i, j) (called transaction), where X is any data (called primary data) and i, j indices of carrier systems of the ensemble with i ⁇ j (i is called source system index, j target system index):
  • Read X is transferred from E_i (source system) to EJ (target system).
  • Each transaction is assigned ancillary auxiliary data h (X, i j) (called secondary data of the transaction), which are formally defined below.
  • any further data can be transferred in a transaction (tertiary data of the transaction). They are represented in the formal representation by the ellipsis ....
  • X are arbitrary data that can be reconstructed according to the method with h (X, i, j) according to the method, wherein the data h (X, i, j) are to be transmitted according to the method.
  • the ensemble of the delivery systems is extended by a central storage (hereinafter referred to as data pool) which can be addressed via EDI (for example, https).
  • EDI central storage
  • the carrier systems can store or retrieve certain auxiliary data in the data pool (see below).
  • auxiliary data in the data pool.
  • Control bodies either pass on their data unchanged or not at all, whereby they can freely decide on the forwarding.
  • Control posts can be used by persons with appropriate technical devices for
  • Data transmission e.g., telephone
  • technical elements e.g., telephone
  • control posts can be formally understood as “black box” relay elements.
  • the entire system with its elements and connections corresponds to a "circuit” that implements (X, i, j).
  • the "switching logic” generates auxiliary data for X in the source system and then processes them in such a way that X can be reconstructed in the target system.
  • the protection claim covers every form of packet formation which is technically suitable for data transmission on the respective sub-route.
  • Fig. 1 shows transmission links to the transaction (X, i, j), as well as a technical
  • paper can also be used as a data carrier on the control routes in addition to data transmission by telephone or online.
  • control line2 ⁇ There must always be control line2 ⁇ direct connection, i. Two separate transmission paths or media are used.
  • a section T is technically divided into several (parallel) sections and the T-data are distributed arbitrarily on these routes.
  • the direct connection E_i -> EJ can also be diverted via the control point, i. be substituted by a dial-up E_i -> checkpoint -> EJ:
  • control route 2 ⁇ direct diversion 2 is assumed, ie also in Divert case, two separate transmission paths are used and it will be transmitted on at least one transmission path data via dial-up.
  • Direct diversion 1 control section 1 permissible.
  • Fig. 2 shows a diversion of the direct connection.
  • the protection claim covers every protocol that is suitable for the partial routes to the EDI.
  • the protection claim covers every additional encryption of the data.
  • Each transaction is subdivided into phases with corresponding tasks (defined via corresponding auxiliary data and processing logics), which are described below.
  • the task j in phase i is referred to below as Pi-j.
  • Claim The task numbering in a phase should not specify an order. Be aware of any order that is compatible with the auxiliary data or its associated (functionally specified) processing logic.
  • Phase-1 of (X, i »j) Initialization in E i
  • the protection claim covers every password formation, especially composite
  • the protection claim covers every checkpoint selection.
  • f_l f_l (ß, ß ')
  • f_2 f_2 (ß, ß')
  • Result is a key register, i. via ß, ß 'and D finally keys can be calculated.
  • the target system can not pair (provided that ß 1 can not be calculated from ß: see examples) ,
  • the invention can be configured to accommodate both OTP and "small" ⁇ 'sizes that would be suitable for telephonic transmission.
  • control bodies are the data subjects.
  • source systems assign a "pairing password" P ', so that the target system can be sure that the checkpoint is authorized (P always backs up only the
  • ß ' (i, t, P, P', R_2) is on control line 1 by paper and on Kontrollrank2 per Telephone transfer.
  • FIG. 4 shows an overview of the following exemplary embodiment-1
  • R is an anonymous reference
  • the direct message (ß) is initially anonymous and does not allow pool access alone, as the reference is incomplete (R_2 is missing) and the password (P) is missing.
  • the ß'-data can be generated before the ß-data.
  • a patient may be given a small "ß 1 - slip" (also with barcodes) during the visit or when leaving the hospital:
  • the source system does not need to have X at this point in time, nor the target system , ie with the "ß 1 - slip” the patient draws only a "number" - as if he were queuing up!
  • Randomized quantities (B, Q) can apparently be mixed arbitrarily. It is therefore easy to specify efficient mixing methods such that, without knowledge of P ', the value B from D can no longer be efficiently calculated out, that is to say, without any knowledge of P'. As a result, 3 ways are effectively crossed.
  • example-2 is a refinement of example 1:
  • 5 shows an overview of the following exemplary embodiment-2.
  • Example 3 is a refinement of Example 2:
  • Control points are identified (for example via e-mail addresses).
  • H'_k could then be deposited on a chip card or printed out as a barcode.
  • FIG. 6 shows an overview of exemplary embodiment-3 Architecture of launchers
  • Fig. 7 shows an architecture scheme of the present inventive system 1, or the carrier systems.
  • the subsystem that performs the coupling is called the coupling unit.
  • Process-specific subsystems can be implemented as hardware or software components, or via a system of such components that are linked accordingly (shown graphically by a circular border below).
  • non-process specific subsystems e.g. the crypto unit for key generation and encryption / decryption are only outlined (indicated graphically by dashed border)!

Abstract

L'invention concerne un système configurable (1) qui permet l'échange sûr et, en particulier, inviolable de données quelconques dans un ensemble de systèmes identifiés de technologie de l'information (systèmes porteurs de l'ensemble) au moyen d'au moins une mémoire centrale et par le biais de points de contrôle. Pour un choix approprié des grandeurs de réglage, le système est caractérisé en ce que des procédés de chiffrement sûrs (méthode du carnet de clés à usage unique) sont mis en oeuvre, en ce que la part principale de la transmission de données se fait par télétransmission de données et en ce que les points de contrôle conservent toutefois le pouvoir de décision final, garanti techniquement, en ce qui concerne l'échange de leurs données.
PCT/DE2009/001195 2009-08-30 2009-08-30 Procédé et système pour l'échange contrôlé de données entre dispositifs de technologie de l'information identifiés WO2011023149A1 (fr)

Priority Applications (3)

Application Number Priority Date Filing Date Title
DE112009005190T DE112009005190A5 (de) 2009-08-30 2009-08-30 Verfahren und system zum kontrollierten datenaustausch zwischen identifizierten it-einrichtungen
EP09747786A EP2471213A1 (fr) 2009-08-30 2009-08-30 Procédé et système pour l'échange contrôlé de données entre dispositifs de technologie de l'information identifiés
PCT/DE2009/001195 WO2011023149A1 (fr) 2009-08-30 2009-08-30 Procédé et système pour l'échange contrôlé de données entre dispositifs de technologie de l'information identifiés

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/DE2009/001195 WO2011023149A1 (fr) 2009-08-30 2009-08-30 Procédé et système pour l'échange contrôlé de données entre dispositifs de technologie de l'information identifiés

Publications (1)

Publication Number Publication Date
WO2011023149A1 true WO2011023149A1 (fr) 2011-03-03

Family

ID=42144829

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/DE2009/001195 WO2011023149A1 (fr) 2009-08-30 2009-08-30 Procédé et système pour l'échange contrôlé de données entre dispositifs de technologie de l'information identifiés

Country Status (3)

Country Link
EP (1) EP2471213A1 (fr)
DE (1) DE112009005190A5 (fr)
WO (1) WO2011023149A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115470912A (zh) * 2022-03-16 2022-12-13 合肥本源量子计算科技有限责任公司 一种量子任务的处理装置、方法及量子计算机

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2000018078A1 (fr) * 1998-09-17 2000-03-30 Sopuch David J Procede d'echange de messages securises utilisant des intermediaires
US20020120874A1 (en) * 2000-12-22 2002-08-29 Li Shu Method and system for secure exchange of messages
US20030149869A1 (en) * 2002-02-01 2003-08-07 Paul Gleichauf Method and system for securely storing and trasmitting data by applying a one-time pad
US20080165972A1 (en) * 2007-01-08 2008-07-10 I-Fax.Com Inc. Method and system for encrypted email communication

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2000018078A1 (fr) * 1998-09-17 2000-03-30 Sopuch David J Procede d'echange de messages securises utilisant des intermediaires
US20020120874A1 (en) * 2000-12-22 2002-08-29 Li Shu Method and system for secure exchange of messages
US20030149869A1 (en) * 2002-02-01 2003-08-07 Paul Gleichauf Method and system for securely storing and trasmitting data by applying a one-time pad
US20080165972A1 (en) * 2007-01-08 2008-07-10 I-Fax.Com Inc. Method and system for encrypted email communication

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115470912A (zh) * 2022-03-16 2022-12-13 合肥本源量子计算科技有限责任公司 一种量子任务的处理装置、方法及量子计算机
CN115470912B (zh) * 2022-03-16 2024-04-05 本源量子计算科技(合肥)股份有限公司 一种量子任务的处理装置、方法及量子计算机

Also Published As

Publication number Publication date
DE112009005190A5 (de) 2012-06-28
EP2471213A1 (fr) 2012-07-04

Similar Documents

Publication Publication Date Title
DE2855787C2 (de) Nachrichten-Abweichungsüberwachungseinheit für Datenendgeräte
EP3673623B1 (fr) Procédé et système de contrôle pour le contrôle et/ou la surveillance d'appareils
DE60008680T2 (de) Verwaltung eines kryptographischen Schlüssels
WO2016008659A1 (fr) Procédé et dispositif pour la sécurisation d'accès à des portefeuilles dans lesquels sont consignées des crypto-monnaies
EP1180276B1 (fr) Procede de verification de l'integrite et de l'auteur de textes et de codage et decodage de ces textes
EP2863610B1 (fr) Procédé et système inviolables de mise à disposition de plusieurs certificats numériques pour plusieurs clés publiques d'un appareil
DE102009001719A1 (de) Verfahren zur Erzeugung von asymmetrischen kryptografischen Schlüsselpaaren
WO2021170645A1 (fr) Procédé de transmission directe de jeux de données de pièces de monnaie électroniques entre terminaux, système de paiement, système de protection et unité de surveillance
EP3552344B1 (fr) Structure de chaîne de blocs à chaînage bidirectionnel
DE102018009949A1 (de) Übertragungsverfahren zum flexiblen Übertragen von spezifisch teilbaren elektronischen Münzdatensätzen
DE10126138A1 (de) Sabotagesichere und zensurresistente persönliche elektronische Gesundheitsakte
WO2015036190A1 (fr) Procédé et système de sécurisation cryptographique d'un flux prédéfini de traitement d'informations
WO2011023149A1 (fr) Procédé et système pour l'échange contrôlé de données entre dispositifs de technologie de l'information identifiés
WO2023036458A1 (fr) Procédé et système de transaction pour transmettre des jetons dans un système de transaction électronique
DE102008011882B4 (de) Vorrichtung und Verfahren zum kontrollierten Datenaustausch zwischen mindestens zwei Datenträgern
DE102008035923A1 (de) System zum kontrollierten Datenaustausch zwischen identifizierten IT-Einrichtungen
EP3619885B1 (fr) Procédé de gestion de clés asymétrique, basé sur une chaîne de blocs et installation relative à la sécurité
WO2020144123A1 (fr) Procédé et système de transmission d'informations
EP3734486B1 (fr) Procédé exécuté par ordinateur permettant de remplacer une chaîne de données
EP4111347B1 (fr) Procédé de transmission directe d'ensembles de données de pièce de monnaie électronique entre terminaux, système de paiement, système de protection et entité de surveillance
DE102017108128B4 (de) Hardwarebasiertes Sicherheitsmodul
AT517151B1 (de) Verfahren zur Autorisierung des Zugriffs auf anonymisiert gespeicherte Daten
WO2021228797A1 (fr) Concept pour échanger mutuellement des données chiffrées
DE102004038038A1 (de) Datenverarbeitungssystem zur Verwaltung von sensiblen, anonymisierten und/oder pseudonymisierten Patientendaten und Verfahren zu seiner Anwendung
WO2023046317A1 (fr) Unité de gestion de pièces de monnaie et procédé dans une unité de gestion de pièces de monnaie

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 09747786

Country of ref document: EP

Kind code of ref document: A1

WWE Wipo information: entry into national phase

Ref document number: 2009747786

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 1120090051901

Country of ref document: DE

Ref document number: 112009005190

Country of ref document: DE

REG Reference to national code

Ref country code: DE

Ref legal event code: R225

Ref document number: 112009005190

Country of ref document: DE

Effective date: 20120628