WO2020188117A1 - Digital connection system and method - Google Patents

Digital connection system and method Download PDF

Info

Publication number
WO2020188117A1
WO2020188117A1 PCT/EP2020/058019 EP2020058019W WO2020188117A1 WO 2020188117 A1 WO2020188117 A1 WO 2020188117A1 EP 2020058019 W EP2020058019 W EP 2020058019W WO 2020188117 A1 WO2020188117 A1 WO 2020188117A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
connection
connection system
external
internal
Prior art date
Application number
PCT/EP2020/058019
Other languages
French (fr)
Inventor
Nicholas Rose
Original Assignee
IO-CO IP Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by IO-CO IP Limited filed Critical IO-CO IP Limited
Publication of WO2020188117A1 publication Critical patent/WO2020188117A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/15Interconnection of switching modules
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/25Routing or path finding in a switch fabric
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0209Architectural arrangements, e.g. perimeter networks or demilitarized zones
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/02Services making use of location information
    • H04W4/023Services making use of location information using mutual or relative location information between multiple location based services [LBS] targets or of distance thresholds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/20Services signaling; Auxiliary data signalling, i.e. transmitting data via a non-traffic channel
    • H04W4/21Services signaling; Auxiliary data signalling, i.e. transmitting data via a non-traffic channel for social networking applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/2866Architectures; Arrangements
    • H04L67/30Profiles
    • H04L67/306User profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/52Network services specially adapted for the location of the user terminal

Definitions

  • the data that passes through public infrastructure will always be unique and bespoke so if intercepted by an unintended party this data has no value (structure) as it could literally be converted to mean anything. The only place this data can be read and understood is by the intended sender and reader who have been
  • connection system includes a controller such as a state machine or the like that is also inaccessible from the external network acts as an arbiter that controls the connection system and manages passage of data along the segmented data path.
  • the connection system includes an intermediate memory and switching arrangement such that at no time is there a physical data path between an interface to the external network and an interface to the data repository (or other systems on the secure side). Data from the external network is passed, under control of the controller, to the intermediate memory before the data path to the external network is physically disconnected and a data path to the data repository is established.
  • Figure 3 is a schematic diagram illustrating a registration process for a user device.
  • the registration process utilises identifier data 100 that has been communicated over an out of band channel to the user device 60.
  • the communication protocol changes over time.
  • the communication protocol changes after each (or every N where N>1) communication between the user device and a system on the internal network A.
  • the communication protocol may utilise a character set that is substituted for the ASCII character set and is rotated (or otherwise scrambled in some pseudo-random manner) in a way that is defined by the communication protocol. In this way, both the user device 60 and the systems on the internal network know when to change the character set and how to interpret the next message. The same
  • the two devices can then establish a communication session using a communication protocol/system of their choice (email, SMS, video, VOIP etc using a direct peer-to-peer connection or some intermediate service.
  • a communication protocol/system of their choice email, SMS, video, VOIP etc using a direct peer-to-peer connection or some intermediate service.
  • the data repository 50 provides a secure store of data that the user wishes to selectively disclose to other parties.
  • the data may be that which would typically be provided to a social network and the connection system 10 and data repository provides an alternative data store for the social network and/or an alternative social network.
  • the user of device 60 may, for example be a close "work" persona match to the user of device 80 and this is highlighted in the user interface to both users.
  • Personas and match requests can preferably be defined on demand via the app by users. In a preferred embodiment, they tag information types they wish to match and this is communicated to the data repository 50. Should a match be found, the user can tap on this in the app and request a connection which is then handled in the same manner as described above.
  • the connection system 10 may also store historic geographic location data and provide matches based on someone having previously (or frequently) visiting the area/location.
  • connection system 10 may be provided via the connection system 10 to the app on the user device.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

A digital connection system are disclosed for controlling a data path between an internal network and an external network. The system comprises an external interface configured to communicate with the external network, an intermediate memory, an internal interface connected to the internal network, a switching unit having an external switch between the external interface and the intermediate memory and an internal switch between the internal interface and the intermediate memory, the external switch and the internal switch having opposing states whereby closing one of the external and internal switch opens the other, the switching unit and intermediate memory segmenting the data path between the external interface and the internal interface and a controller. The controller is configured to route data from the external interface to the internal interface via the intermediate memory.

Description

Digital Connection System and Method
Field of the Invention
The present invention relates to a digital connection system and method that is particularly applicable for securing trusted connections between computing devices.
Background to the Invention
People and systems connect in many ways. In the digital world, there are many different digital mechanisms to establish that connection. Some of these are low-level and establish parameters such as protocols, clock synchronisation, data rate and the like. Others may operate at a higher level and be concerned with establishing encryption keys for use in securing the information communicated.
A precursor to these, and something that is often ignored is the initial connection establishment - this typically requires an exchange of information such that parties can identify each other and decide whether to establish a connection to each other. It also requires a network address for each party so that network routing and the like can be handled.
There are increasingly becoming situations where trust over identity of the recipient and/or trust as to the integrity of the communication channel is important.
Where the network is a private network, there is a degree of trust that can be implied. As a general rule the network will be managed, and only genuine users/devices will be allowed to access it. However, most communications use, or route at least in part, public data communications networks. An inherent limitation in public data communications networks is that the configuration and management of the data communications network is not within the user's control and furthermore is typically provided as a transparent service (so the end users have no idea where their data is being routed, who is listening etc). Where connections extend beyond a controlled environment, or take place entirely in the wild with both parties accessing public networks, WiFi hotspots and the like, there are many technical and social-engineering vulnerabilities that can be exposed.
While mobile telephony data communications networks can generally be attributed with a limited level of trust because they are regulated and controlled (and so can be trusted to at least a limited extent), not all devices have the capability to connect directly to such networks. Furthermore, the data charges made by providers of such networks has caused users to look for ways of reducing costs. Most computing devices today can connect to local wireless (WiFi) networks and many users choose to rely on public WiFi networks and hotspots in order to access the internet and communicate with other users or services. However, there is little if any regulation or control over such networks and their providers. Furthermore, the technology underlying WiFi is much easier to exploit and establish spoofed hotspots or monitor data communications over these networks.
While there are many mechanisms for securing communications between digital systems once connected, the initial establishment of the connection itself can be the subject of security vulnerabilities and other risks. How do you identify the recipient you wish to connect with? How do you minimise the chance of eavesdropping, an imposter pretending to be the recipient or simply someone/some system you have mistaken to be the recipient? Often, a leap of faith that is required for the originating user in the hope that an accidental connection to the wrong person (or one to an imposter) comes to light before it can be exploited. Virtual private networks (VPNs) are one example that utilises encryption to establish an encrypted communication tunnel through a (potentially public) data communications network. However, a pre-requisite for encryption is that there is already a connection and there is some shared secret between the parties to enable them to successfully encrypt and decrypt the communications. There still remain potential vulnerabilities/attacks, particularly at or arising from the connection stage.
In an attempt to address this, some social media platforms require you to use their specific connection protocol. This often requires a connection request and acceptance before more substantive communication takes place. Often, it will require the originator and recipient to maintain a profile in the social network with information that enables the parties to check each other before establishing a connection.
However, information privacy is a sensitive subject with many users wishing to avoid publishing great levels of detail about themselves. While many social networks offer public and private profile options (with private being limited to those people you are connected to, for example), the degree of control over information being disclosed is often crude and limited and the fact that the information is still on the social network's system remains a risk in the event of a security breach.
Privacy and security are no longer guaranteed when we use the internet. In most cases, we have to agree to relinquish some of our privacy rights to use online products and services. Apps, websites and businesses are tracking, monitoring and observing our interactions online and most have business models, products and revenue streams built around this data. This has left users paranoid, feeling they no longer have control over their own data or privacy, unclear on what they have agreed to and what their personal information is being used for.
Statement of Invention
According to an aspect of the present invention, there is provided a connection system as claimed in claim 1 or the method of claim 7.
Embodiments of the present invention are directed to systems and methods in which a segmented data path divides an external,
uncontrolled, network from a secure data repository. Data in the data repository is available for use in establishing connections between devices in the external network but is not itself accessible from the external network due to the segmented data path.
Embodiments of the present invention enable secure and bespoke communication channels for data transfer between two devices. In one embodiment, a communication management system uses the connection system to secure communications with clients. A secure channel is established between the communication management system and each client. Should one client wish to communicate with another, a request is sent to the communication management system, which acts as a trusted intermediary and provides the two clients (via their respective secure communication channels) with communication parameters for establishing a secure channel between them (this does not need to use the connection system). Data passing between the communication management system and each client is preferably encrypted. Data passing between the two clients is also preferably encrypted. Mutual trust of the communication management system and the ability of the connection system to impair spoofing provides an assurance of trust and legitimacy to clients so that a user of a client receiving a connection request from another client via the communication management system will be able to rely on the requesting client being who they say they are and also that the cryptography used to establish the connection between clients will not pass across public infrastructure in a form that could be intercepted and used.
The establishment of an initial communication channel between a client and the communication management system is preferably done using data that is shared out of band. In one embodiment, a printed 2D or 3D image is provided to the client from the communication management system and the client device's camera is used to capture communication parameters (such as encryption keys, a one-time pad etc) to be used when communicating with the communication management system for the first time (having provided the printed image, the communication management system knows these and it can be treated as a symmetric encryption scheme). In this manner, even the initial establishment of a connection via the connection system is done using data that is
unintelligible if intercepted. Alternatively, as discussed below, the user could join the communication management system through other ways - e.g. a standalone trusted biometric reader or other security device. For example, a user could be supplied (preferably out of band) with a pin to generate a passcode (as is used with banking login), or uniquely
generated code / QR code which is entered on the user's device.
Alternatively, users could join the system through a standalone booth where user data can be safely entered onto the system (potentially including biometric data) and passed through private infrastructure.
Unique biometric data for a user-linked security device can then be used from then as authentication to enter the network.
In embodiments, the data that passes through public infrastructure (such as the internet) will always be unique and bespoke so if intercepted by an unintended party this data has no value (structure) as it could literally be converted to mean anything. The only place this data can be read and understood is by the intended sender and reader who have been
provided/agreed in advance how this data should be processed by means of cryptographic keys, a one-time pad or the like.
As the communication management system is partitioned from the public infrastructure via the connection system which creates a switchable air- gap, data on the connection parameters that have been provided to clients and also data on the clients themselves (which can be used for guided matching etc) is in an offline server.
Data held centrally is secure behind the connection system and allows establishment of a system with a position of trust - it can make
introductions and connections using the data without the parties sharing the data with the system needing to be concerned as to data security - due to the connection system the data is not viewable or accessible online.
Preferably, the connection system includes a controller such as a state machine or the like that is also inaccessible from the external network acts as an arbiter that controls the connection system and manages passage of data along the segmented data path. The connection system includes an intermediate memory and switching arrangement such that at no time is there a physical data path between an interface to the external network and an interface to the data repository (or other systems on the secure side). Data from the external network is passed, under control of the controller, to the intermediate memory before the data path to the external network is physically disconnected and a data path to the data repository is established.
Embodiments of the present invention seek to enable establishment of a digital communication session or the making of a new connection online to be as private as holding a face-to-face conversation with someone in the same private room, with no doubts or fears. In preferred
embodiments, each interaction is initiated through the connection system. This minimises the opportunity for man-in-the-middle attacks as each user device is independently and securely connected to the connection system. The user device has authentication credentials established as part of registration with the connection system making impersonation very difficult and insertion as a man-in-the-middle near impossible due to the need to satisfy both the user device and connection system for authentication.
Preferably, the secure data repository stores data on the users preferably also on their devices. This data can be exploited in a form of blind or semi-blind connection service. A user may give the connection system permission to disclose its existence to other users matching
predetermined parameters or thresholds including proximity, interests, field of business and the like. The connection system (typically a server sitting with the secure data repository on the internal side of the
connection system to ensure data security) matches users based on their set parameters and alerts the user via an interface on the user device (the alert being a communication session established using the connection system) of matches. For example, two users whose respective devices were detected to be at an event or in a particular city may be offered the opportunity to connect based on mutual interests and proximity. Once both parties accept a connection via a separate secure communication with the connection system, information on their respective identities may optionally be pushed to the user devices and/or a digital communication session may be established between the two devices as discussed below.
Preferably, a bespoke digital language that is created uniquely for the parties as part of the connection (at which stage the parties are left to communicate over whatever channel they see fit using the bespoke language and the connection system takes no further part). Preferably, the bespoke digital language changes for every new connection made. Alternatively or in addition, the bespoke digital language could be derived from aspects of each user's biometric data that is party to the connection.
It will be appreciated that although the embodiments set out below primarily focus on establishing trusted connections between two users that once connected can communicate securely over an untrusted network, it will be appreciated that there are many uses for the
connection system including client-server (with the server being in the trusted network or taking the place of one of the users) or indeed any other types of data transfer. Additionally, the user devices need not be mobile devices and for that matter need not even be "user" devices (in the sense of a PC, smartphone etc.), they could also be computer-based machinery, autonomous vehicles, in-home devices or other nodes in a data communications network.
One potential use for the connection system is set out below which is for proximity-based matching of users based on user profiles and the establishment of trusted connections between those users. For example, the system may be operating in a conference, city or the like and offer to connect a user with similar interests. The system may also be used to match supply and demand, able to match a user looking for a specialist in a particular field with such a specialist. In preferred embodiments, matching is done on a blind or semi-blind basis in that user
information/needs/preferences is shared only with the system at the internal network which does the matching and makes suggested
connections based on matches it finds without revealing the other user's details. Should a suggested match be accepted, the system can then approach the other user. All of this is done in the context of a trusted connection system and on the basis that personal information is protected in the internal network and not shared without prior approval. It will be appreciated that there are many other uses for the connection system ranging from establishing connections in data communications right the way up to more complex use cases such as the proximity example above.
Brief Description of the Drawings
Embodiments of the present invention will now be described by way of example only with reference to the accompanying drawings in which: Figure 1 is a schematic diagram of a digital connection system according to an embodiment;
Figure 2 is a schematic diagram of the digital connection system in a second state;
Figure 3 is a schematic diagram illustrating establishment of a connection and subsequent communication session between two devices in the external network;
Figure 4 is and illustration of aspects of a coding scheme that may be used in embodiments;
Figure 5 shows various views of an example card bearing a 3D structure used in an out of band registration process according to an embodiment; Figure 6a-6c are schematic diagrams illustrating use of the digital connection system 10 to establish a connection and subsequent
communication session between two devices 60, 70 in the external network B;
Figure 7 is a schematic diagram illustrating use of an embodiment in guided connections according to an embodiment of the present invention; Figure 8 is an illustration of a user interface of an embodiment.
Detailed Description
Figures 1 and 2 are schematic diagrams of a digital connection system according to an embodiment. The digital connection system 10 controls a data path between an internal network A and an external network B. The system 10 includes an external interface 21 configured to communicate with the external network B, an intermediate memory 23 for storing data communications as they pass through the connection system 10 and an internal interface 23 connected to the internal network A.
The digital connection system 10 also includes a switching unit 30 having : an external switch 31 between the external interface 21 and the
intermediate memory 22; and,
an internal switch 32 between the internal interface 23 and the
intermediate memory 22.
The external switch 31 and the internal switch 32 have opposing states such that closing one of the external 31 and internal 32 switch opens the other. The switching unit 30 and the intermediate memory 22 segment the data path between the external interface 21 and the internal interface 23 so that there is no direct connection possible between the external interface 21 and the internal interface 23.
The digital connection system also includes a controller 40. The
controller 40 is configured to route data from the external interface 21 to the internal interface 23 via the intermediate memory 22 by:
1) switching the switching unit 30 to close the external switch 31 (thus opening the internal switch 32) to establish a data path from the external interface 21 to the intermediate memory 22 (as shown in Figure 1);
ii) routing the data to the intermediate memory 22 where it is temporarily queued;
iii) switching the switching unit 30 to close the internal switch 23 (and thus open the external switch 21) and establish a data path from the intermediate memory 22 to the internal interface 23 (as shown in Figure
2) ; iv) routing the data in the intermediate memory 22 to the internal interface 23 for onward communication to the internal network A.
It will be appreciated that the connection system operates in the same manner but in reverse for communications from the internal network A to the external network B. Preferably, although not essentially, the intermediate memory 22 is emptied before data is allowed to flow in the reverse direction. Optionally, separate queues may be maintained in the intermediate memory 22 for data flows in the forward and reverse directions. Alternatively, the controller may rely on a flag to mark the flow of data while it is in the intermediate memory 22. In another alternative, there may be parallel (or multiple parallel) connection systems facilitating multiple parallel (unidirectional or bidirectional) data flows at any one time.
Preferably, the connection system 10 only takes part in establishment of connections - once the parties have agreed to connect, a seed for secure communications is provided to the parties to the communication by the connection system as described below. The seed enables secure communication without involvement of the connection system 10. While it will be appreciated that the connection system is scalable to handle substantial numbers of substantially simultaneous connection
communications, as communications themselves do not route through the connection system the data overhead involved in a connection
communication is low and therefore the overall bandwidth needed to be provided by the connection system is also low. As a result, high volumes of connection communications can be processed by a limited number of switching units 30 and intermediate memories 22.
Figure 3 is a schematic diagram illustrating a registration process for a user device. Preferably, the registration process utilises identifier data 100 that has been communicated over an out of band channel to the user device 60.
An example of the out of band communication of identifier data is set out below with reference to Figure 5.
Preferably, a client is executed on the user device 60 that processes the identifier data and handles communications with the connection system 10. A first subset 100a of the identifier data 100 is extracted from the identifier data 100 and is communicated to the connection system 10 by the user device 60 while a second subset 100b is retained (preferably securely) by the user device 60. Optionally, the first subset of identifier data 100a is linked to an identifier of the user device 60 (such as an IMSI of a mobile phone). Preferably, the first and second subsets are selected so as not to be identical. The identifier may be communicated to the server 150 and also included in subsequent communications to confirm the mobile device originating the communication.
The first subset 100a is routed via the switching unit 30 to a server 150 on the internal network A to create a user record. The user record is stored in a data repository 50. Parameters for a communication protocol 110 are generated from the first subset 100a and these are stored in the data repository 50 and also communicated via the connection system 10 to the user device. The connection parameters 110, in combination with the second subset 100b define the communications protocol via which the user device 60 and the server 150 (or other devices on the internal network A) communicate.
Preferably, the communication protocol changes over time. Preferably, the communication protocol changes after each (or every N where N>1) communication between the user device and a system on the internal network A. For example, the communication protocol may utilise a character set that is substituted for the ASCII character set and is rotated (or otherwise scrambled in some pseudo-random manner) in a way that is defined by the communication protocol. In this way, both the user device 60 and the systems on the internal network know when to change the character set and how to interpret the next message. The same
character set may be used by both ends or it may be that they use different character sets (separate character sets avoids having to manage the situation where both sides trigger a character set change when overlapping messages are sent, one or more in each direction).
In the above example, the communication parameters may define how the character set is rotated or changes and how often while the character set itself may be (or be defined by) the second subset 100b.
Once the communication protocol is established, the user device 60 and systems in the secure network A can communicate, for example by substituting characters in the messages with those from the character set as shown in Figure 4a. Once the trigger condition to change the character set is reached, both sides use the communication protocol to determine the next character set modifying the current one as is shown in Figure 4b.
The registration provides the user device with connection parameters that define a substantially bespoke communication protocol for
communications between the user device and the secure network. At least some of the communication protocol is formed from information that is never communicated between the user device and secure network via the connection system 10. Therefore, an eavesdropper cannot determine the communications protocol from this information alone.
Figure 6a-6c are schematic diagrams illustrating use of the digital connection system 10 to establish a connection and subsequent
communication session between two devices 60, 70 in the external network B. In this embodiment, a first user device 60 wishes to connect to a second user device 70. Both user devices are registered with the digital connection system 10.
The first user device connects over the external network B to the external interface 21. It sends a connection request * to the external interface including authentication data (established previously as part of the registration of the user device to the digital connection system 10) and also an identifier for the second user device 70 (or its user). This is shown in Figure 6a.
The connection request * is detected at the external interface 21 by the controller. If the external switch 31 is not in a closed position, the controller causes it to close and causes the connection request * to be stored in the queue of the intermediate memory 22 as shown in Figure 3b.
The controller then causes the internal switch 32 to close and then causes the connection request * to be moved to the internal interface 23 as shown in Figure 6c.
A processor (not shown) or alternatively the controller 40 then cause the connection request * to be processed. A seed is generated for the connection and an address for the second user device 70 on the external network B is obtained from the data repository 50. The seed is
communicated to the first 60 and second 70 user devices by the reverse route through the digital connection system 10 (starting from the internal interface 23 and routing to the external interface 21 via the intermediate memory 22). Upon receipt of the seed and each other's addresses on the external network B, the two devices can then establish a communication session using a communication protocol/system of their choice (email, SMS, video, VOIP etc using a direct peer-to-peer connection or some intermediate service.
The seed preferably is a small dataset for example it may be a character set that uses native character sets (or a subset) of the devices but in a random order. Such a character set would require as little as 12-60k in a communication. Communications between the devices can in this example use the character set as a one-time-pad to encode and decode
communications between the devices. The communications themselves would then be communicated in a conventional way dependent on the service/protocol used.
It will be appreciated that the switching unit 30 may be formed in a number of ways. The external switch and the internal switch may include or be solid-state devices, electronic, mechanical or electro-mechanical.
The passage of data through the switching unit (and intermediate memory) may be managed by the controller 40 or the switching unit 30 may have its own control unit that manages the low level operations of actually closing/opening the switches 21, 23 and movement of data queued at an interface to the intermediate memory (or from the
intermediate memory to the interface). In such an arrangement, the controller of the switching unit 30 may, for example, be a state machine that causes switching of the switches and passage of queued data from the intermediate memory 22 to the connected interface (and vice versa passage of data queued at connected interface to the intermediate memory). Activation of switching may be based on some clock based timing scheme, on demand on detection of data queued at an interface or the intermediate memory or some other scheme.
The switching unit 30 can be formed using many different technologies. For example, it may be an electronic and/or electromechanical and/or mechanical device that is controlled or configured to operate in the above sequence, thus ensuring a state mode is created that can never allow a state where there is direct digital connection between the outside world (including client devices) and the server 150 or other assets on the other side of the connection system 10. The components used for the
connection system 10 could include digital logic gates (diodes or
transistors), solid state or electromechanically relays etc. Various queuing and sequencing approaches can also be applied. For example, the connection system 10 may include a digital time clock/sequencer that only allows one side to connect on odd clock count and the other side on even. Preferably, the connection system includes a controller such as a firmware or hardware processor to control operation of the connection system. Preferably, the controller is independent and inaccessible to both the server 150 side components and also those including the client devices on the open network.
Embodiments and technologies used to implement them may depend on the desired throughput of the connection system 10. In the examples presented here, communications after connection/introduction are performed independently of the connection system 10. In such systems, the bandwidth of messages across the connection system 10 (which are predominantly the connection requests) is relatively low.
One embodiment of the connection system 10 may use single logic gates or solid state relay on each individual track across a data bus. Once a predefined data set is received (filling up the bus) the input bus would then disconnect, at this point the output data bus would connect and allow data set to be sent onto the next processor and or storage unit.
Assuming a single character is lByte and a standard PCI Express interface bus running at 2.5gb/s is used as the backbone of the switching unit 30 to handle the transfer between the external switched area and the internal switched area (the online and off line), 2,500,000,000 characters per second could be transferred into/off of the bus. In such a system, throughput would be 1,250,000,000 characters per second. Switching time of the two switches also needs to be accounted potentially requiring around 20ms.
Multiple channels and/or multiple connection systems can be used to enable the system to scale as needed. It will also be appreciated that communications themselves take place outside of the connection system and any minor latency introduced by the connection system itself during connection negotiation will be negligible and not noticed.
As discussed above, there is preferably a registration system in which a user device forms a trust relationship with the connection system 10.
There are many ways in which this can be established. However, in one embodiment a physically encoded identifier is provided. The physical encoding is preferably in the form of a 3D structure. Figure 5 illustrates an example of a possible 3D structure in which the identifier is encoded within a 3D structure that is printed or otherwise formed. It may also be a pre-existing 3D structure that has been analysed using some process that is repeatable such that multiple parties can produce the same data from the structure. It will also be appreciated that the item need not be 3D and could be 2D or some other form (such as a video), for example.
In a preferred embodiment, the structure is a face. Leveraging face detection technologies now available through smart-phones, the smart phone's API is accessed to "read" the face and obtain the identifier. It will be appreciated that the face need not have any link to the user and could be artificially/randomly created. It will also be appreciated that the identifier does not need to be created for a specific user - registration is a user initiated activity and the connection system does not need to know in advance who is registering. A user obtains the 3D structure, reads it using an app or other functionality with their device and obtains the identifier (which will typically be a random identifier of 100 Mb). This identifier then enables the user to create a unique account with the data repository by submitting a registration request via the connection system 10.
In the embodiment above, when the card is created the parameters it represent are stored in the server 150 or some other system that is behind the connection system 10. The only place that the data exists is on the offline server 150 and on the card. When the card is scanned by the client, a portion of this data is then obtained to determine the connection parameters (in particular the one-time pad to communicate with the server 150). An initial connection is made via the connection system 10 and preferably once a connection is established, the one-time pad is replaced. Rather than specifying each and every future one-time pad, preferably a function is agreed between the client and server 150 that is used to rotate the one-time pad between communications. Preferably each subsequent connection causes a new one-time pad to be created and used specifically for that connection before switching to the next as defined by the function.
In one embodiment, the one-time pad is multi-dimensional. A first substitute character set is used for the first character in a message and the connection parameters provided by the server 150 specify the next substitute character set to be used, a different substitute character set being used for each subsequent character. Substitute character sets may be predefined and stored as lookup tables (so character "a" may map to "$", "b" to "L", etc in one lookup table, "a" to "m", "b" to "2" etc in another...). Alternatively, each of a number of substitute character sets may be defined algorithmically with a parameter defining the particular lookup table to be generated for the next character.
The registration request is handled in much the same way as a connection request discussed above with the exception that it is the identifier (or some derivative of the identifier) that is sent from the user device with the registration request via the switching unit 30 and in return the data repository 50 provides a security profile to the user device. The security profile defines when sending or receiving (zero value public data) how to process the data at either end. This sits on both the user device and the offline server 150 and each know how to convert the received data or data to be sent such that the other party can decipher it but such that it is unintelligible to intermediaries that may intercept it. The security profile establishes the trust relationship and enables the app on the user device and connection system to mutually authenticate each time they exchange data.
When the app on the user device next communicates with the connection system 10, it performs authentication. This may be by use of a unique ID taken from the hardware card discussed above, it may additionally or alternatively use an identifier from the user device such as IMEI number. The user may optionally define a personal number or code that can be shared with the server 150 and used as part of the authentication. As with the one-time pad, the data used for authentication could also be set to be cycled on a pre-agreed basis such as after the nth authentication.
As an alternative to the embodiment of Figure 5, other ways of
establishing the trust relationship are possible. For example, a trusted biometric device such as a vein scanner may be provided in place of the card. Alternatively, a fingerprint scanner, a facial recognition system or some other system or device may be used. It may be that both parties use the same device or communicate through the out of band channel their biometric data (or data or codes derived from it) to establish the trust relationship in a manner similar to that set out above.
Registration system could also be through a booth / registration location / device where users can register to be entered onto the system and a relationship is formed via the user's biometric data (fingerprint, vein, iris, face scan) rather than a card. That unique data would then be securely (preferably out-of-band) transferred to the server 150 and linked to a system profile and encryption protocol for them to use from that point onwards. Through this method, data would then be transferred to the server through private network infrastructure
It will be appreciated that the connection system 10 has many potential uses.
One embodiment that uses the connection system 10 is in guided connections as shown in Figures 7 and 8. In this embodiment, user devices 60-90 obtain their geographical position on a periodic basis. This may be done using geolocation technology built into the user device, signal strength measurement to cellular, WiFi or Bluetooth nodes or in other ways. This is reported to the data repository 50 which compares it to position data on other user devices to determine a relative proximity measure between user devices.
Preferably, the data repository 50 provides a secure store of data that the user wishes to selectively disclose to other parties. For example, the data may be that which would typically be provided to a social network and the connection system 10 and data repository provides an alternative data store for the social network and/or an alternative social network.
Preferably, the data stored by the user in the data repository 50 can be segregated into different, potentially overlapping, personas. Data on a user's job may be categorised in one persona, their personal life in another and family in another. The granularity of this is up to the user.
The data repository (or some secure server or process connected to the data repository) preferably matches users in dependence on proximity and persona data in the data repository. Preferably this is then given a score or other similarity/relevance metric and communicated to the respective users via the app on their user device. An example of an example user interface is shown in Figure 8.
The user of device 60 may, for example be a close "work" persona match to the user of device 80 and this is highlighted in the user interface to both users. Personas and match requests can preferably be defined on demand via the app by users. In a preferred embodiment, they tag information types they wish to match and this is communicated to the data repository 50. Should a match be found, the user can tap on this in the app and request a connection which is then handled in the same manner as described above. In addition to current geography proximity, the connection system 10 may also store historic geographic location data and provide matches based on someone having previously (or frequently) visiting the area/location.
Neither user needs to disclose personal information to each other during this guided connection process - the match is made securely at the data repository and the user is simply given a relevance factor or other measure that guides them on the relevance of the other users in regard to their interests. Preferably, geographic proximity is displayed
separately to relevance factor.
Optionally, information on the user in the data repository 50 is obtained and maintained by a machine learning unit. Information may be extracted from conversations or other free-form inputs with the machine learning unit.
Persona based matching may be performed on demand (for example the user may create a persona on the fly to be matched against and ask for matches in proximity), it may be done based on a schedule or within a time boundary (for example in the case of dating it may only be active during non-working hours) or it may be permanently active and results pushed to the user device whenever a match above a certain threshold is encountered.
In certain fields of use, details on the match may be provided. For example in dating or business networking, number of attributes matched, connections in common etc may be provided via the connection system 10 to the app on the user device.

Claims

Claims
1. A digital connection system for controlling a data path between an internal network and an external network, the system comprising :
an external interface configured to communicate with the external network;
an intermediate memory;
an internal interface connected to the internal network;
a switching unit having an external switch between the external interface and the intermediate memory and an internal switch between the internal interface and the intermediate memory, the external switch and the internal switch having opposing states whereby closing one of the external and internal switch opens the other, the switching unit and intermediate memory segmenting the data path between the external interface and the internal interface; and,
a controller,
wherein the controller is configured to route data from the external interface to the internal interface via the intermediate memory by switching the switching unit to establish a data path from the external interface to the intermediate memory and to subsequently switch the switching unit to establish a data path from the intermediate memory to the internal interface.
2. The digital connection system of claim 1, wherein the controller is configured to route data from the internal interface to the external interface via the intermediate memory by switching the switching unit to establish a data path from the internal interface to the intermediate memory and to subsequently switch the switching unit to establish a data path from the intermediate memory to the external interface.
3. The digital connection system of claim 1 or 2, wherein the external switch and the internal switch include be electrical, electronic, mechanical and/or solid-state devices.
4. The digital connection system of claim 1 or 2, wherein the external switch and the internal switch comprise electronic or electro-mechanical devices.
5. The digital connection system of any of claims 1-4, further
comprising a data repository connected to the internal interface, the data repository storing data on a user of a first user device and on a user of a second user device the first and second user devices being configured to communicate with the digital connection system via the external interface, wherein the digital connection system is configured to
determine similarity metric between the user of the first device and user of the second device using the data in the data repository and
communicate the similarity metric via the segmented data path to the first user device.
6. The digital connection system of any preceding claim wherein the controller is independent and inaccessible from the internal network and the external network.
7. A digital connection method for controlling a data path between an internal network and an external network using a digital connection system comprising an external interface configured to communicate with the external network, an intermediate memory, an internal interface connected to the internal network, a switching unit having an external switch between the external interface and the intermediate memory and an internal switch between the internal interface and the intermediate memory, the external switch and the internal switch having opposing states whereby closing one of the external and internal switch opens the other, the switching unit and intermediate memory segmenting the data path between the external interface and the internal interface, and a controller, the method comprising :
routing, by the controller, data from the external interface to the internal interface via the intermediate memory by switching the switching unit to establish a data path from the external interface to the intermediate memory and subsequently switching the switching unit to establish a data path from the intermediate memory to the internal interface.
8. The digital connection method of claim 7, further comprising routing, by the controller, data from the internal interface to the external interface via the intermediate memory by switching the switching unit to establish a data path from the internal interface to the intermediate memory and subsequently switching the switching unit to establish a data path from the intermediate memory to the external interface.
9. The digital connection method of claim 7 or 8, further comprising storing, in a data repository, data on a user of a first user device and on a user of a second user device, the first and second user devices being configured to communicate with the digital connection system via the external interface, determining a similarity metric between the user of the first device and user of the second device using the data in the data repository and communicating the similarity metric via the segmented data path to the first user device.
10. A connection system for establishing a trusted digital connection between a first user having a first user device and a second user having a second user device, the connection system comprising a digital connection system as claimed in any of claims 1 to 6, a connection server and a secure data repository, the first and second user devices being on the external network and the connection server and the secure data
repository being part of the internal network, the connection server being configured to communicate separately, each via the digital connection system, with the first user device and second user device establish a communication protocol for direct communication between the first user device and the second user device, direct communication being performed over the external network and without using the digital connection system.
11. The connection system of claim 10, wherein the communication protocol comprises or includes a one-time-pad for encoding and decoding the direct communication.
12. The connection system of claim 10 or 11, wherein the connection server is configured to execute a registration process for a new user device on the external network, the registration process including communicating from the connection server, via an out of band channel that is independent of the digital connection system, identifier data, the new user device being configured by the registration process to execute a client is executed on the new user device that processes the identifier data and established a connection with the connection server via the digital connection system, a first subset of the identifier data being communicated to the connection server and a second subset being retained by the new user device.
13. The connection system of claim 10, 11 or 12, wherein the
connection system is configured to operate a blind connection service, the secure data repository storing data on users and user devices being configured to provide location information via the digital connection system to the connection server, the connection server being configured to match users based on the data in the secure data repository and their respective proximity determined from the location information and upon matching users, provide via a client on the respective user devices notification of the match and an offer of connection, upon acceptance of the offer by both users the connection server being configured to establish the communication protocol for direct communication between the respective user devices.
14. A connection method for establishing a trusted digital connection between a first user having a first user device and a second user having a second user device, using a connection system comprising a digital connection system as claimed in any of claims 1 to 6, a connection server and a secure data repository, the first and second user devices being on the external network and the connection server and the secure data repository being part of the internal network, the method comprising : separately communicating by the connection server, each via the digital connection system, with the first user device and second user device to establish a communication protocol for direct communication between the first user device and the second user device, direct communication being performed over the external network and without using the digital connection system.
15. The connection method of claim 14, further comprising
communicating a one-time-pad, or data defining a one-time pad, to the first and second user devices as part of establishing the communication protocol and using the one time pad by the first a second user devices for encoding and decoding the direct communication.
16. The connection method of claim 14 or 15, wherein the connection server is configured to execute a registration process for a new user device on the external network, the method including communicating from the connection server, via an out of band channel that is
independent of the digital connection system, identifier data, and configuring the new user device by the registration process to execute a client on the new user device that processes the identifier data and establishes a connection with the connection server via the digital connection system, a first subset of the identifier data being
communicated to the connection server and a second subset being retained by the new user device.
17. The connection method of claim 14, 15 or 16, wherein the
connection system is configured to operate a blind connection service, the secure data repository storing data on users and user devices being configured to provide location information via the digital connection system to the connection server, the method further comprising matching users based on the data in the secure data repository and their respective proximity determined from the location information and upon matching users, providing via a client on the respective user devices notification of the match and an offer of connection, wherein upon acceptance of the offer by both users the method further comprising establishing the communication protocol for direct communication between the respective user devices.
PCT/EP2020/058019 2019-03-21 2020-03-23 Digital connection system and method WO2020188117A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
GB1903904.9 2019-03-21
GBGB1903904.9A GB201903904D0 (en) 2019-03-21 2019-03-21 Digital connection system and method

Publications (1)

Publication Number Publication Date
WO2020188117A1 true WO2020188117A1 (en) 2020-09-24

Family

ID=66381561

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2020/058019 WO2020188117A1 (en) 2019-03-21 2020-03-23 Digital connection system and method

Country Status (2)

Country Link
GB (1) GB201903904D0 (en)
WO (1) WO2020188117A1 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2008004248A1 (en) * 2006-07-07 2008-01-10 Department Of Space, Isro A system and method for secured data communication in computer networks by phantom connectivity
US20100199083A1 (en) * 2007-06-06 2010-08-05 Airbus Operations Incorporated As a Societe Par Actions Simpl Fiee Onboard access control system for communication from the open domain to the avionics domain
US20140222534A1 (en) * 2006-11-22 2014-08-07 Raj Abhyanker Mobile content creation, sharing, and commerce in a geo-spatial environment
US20180069832A1 (en) * 2006-06-27 2018-03-08 Waterfall Security Solutions Ltd. One Way Secure Link

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180069832A1 (en) * 2006-06-27 2018-03-08 Waterfall Security Solutions Ltd. One Way Secure Link
WO2008004248A1 (en) * 2006-07-07 2008-01-10 Department Of Space, Isro A system and method for secured data communication in computer networks by phantom connectivity
US20140222534A1 (en) * 2006-11-22 2014-08-07 Raj Abhyanker Mobile content creation, sharing, and commerce in a geo-spatial environment
US20100199083A1 (en) * 2007-06-06 2010-08-05 Airbus Operations Incorporated As a Societe Par Actions Simpl Fiee Onboard access control system for communication from the open domain to the avionics domain

Also Published As

Publication number Publication date
GB201903904D0 (en) 2019-05-08

Similar Documents

Publication Publication Date Title
CN106164922B (en) Self-organizing one-time pairing of remote devices using online audio fingerprinting
KR101508360B1 (en) Apparatus and method for transmitting data, and recording medium storing program for executing method of the same in computer
EP3205048B1 (en) Generating a symmetric encryption key
US20170033925A1 (en) Methods and apparatus for implementing a communications system secured using one-time pads
US10291596B2 (en) Installation of a terminal in a secure system
US9444807B2 (en) Secure non-geospatially derived device presence information
US10356090B2 (en) Method and system for establishing a secure communication channel
US20150052361A1 (en) Method for setting up an encrypted connection between two communication appliances following prior key interchange via a shorthaul connection
CN107094156B (en) Secure communication method and system based on P2P mode
US10733309B2 (en) Security through authentication tokens
CN102404337A (en) Data encryption method and device
WO2016056988A1 (en) Mutual authentication
CN108206738B (en) Quantum key output method and system
Di Pietro et al. A two-factor mobile authentication scheme for secure financial transactions
US12003502B2 (en) Method, apparatus, and computer program product for secure two-factor authentication
CN107950003B (en) Method and device for dual-user authentication
Sabah et al. Developing an end-to-end secure chat application
US11170094B2 (en) System and method for securing a communication channel
Wanda et al. Efficient data security for mobile instant messenger
KR20210049421A (en) Method for processing request based on user authentication using blockchain key and system applying same
CN112751803A (en) Method, apparatus, and computer-readable storage medium for managing objects
JP2014527786A (en) Communication system for authentication by fingerprint information and use thereof
WO2020188117A1 (en) Digital connection system and method
WO2017130200A1 (en) System and method for securing a communication channel
WO2016030832A1 (en) Method and system for mobile data and communication security

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20727580

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20727580

Country of ref document: EP

Kind code of ref document: A1