(19)
(11)EP 2 791 846 B1

(12)EUROPEAN PATENT SPECIFICATION

(45)Mention of the grant of the patent:
20.05.2020 Bulletin 2020/21

(21)Application number: 12858000.8

(22)Date of filing:  10.12.2012
(51)International Patent Classification (IPC): 
G06F 21/30(2013.01)
H04L 29/06(2006.01)
H04L 9/08(2006.01)
(86)International application number:
PCT/US2012/068679
(87)International publication number:
WO 2013/090166 (20.06.2013 Gazette  2013/25)

(54)

SYSTEM AND METHOD FOR TRUSTED PAIR SECURITY

SYSTEM UND VERFAHREN FÜR SICHERHEIT EINES SICHEREN PAARES

SYSTÈME ET PROCÉDÉ POUR LA SÉCURITÉ D'UNE PAIRE DE CONFIANCE


(84)Designated Contracting States:
AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

(30)Priority: 12.12.2011 US 201113323277

(43)Date of publication of application:
22.10.2014 Bulletin 2014/43

(73)Proprietor: JPMorgan Chase Bank, N.A.
New York, NY 10179 (US)

(72)Inventor:
  • MOSCHETTI, Paul, A., Jr.
    New York, NY 10024 (US)

(74)Representative: Leonhard, Frank Reimund et al
Leonhard & Partner Patentanwälte Postfach 10 09 62
80083 München
80083 München (DE)


(56)References cited: : 
WO-A1-2009/045895
US-A- 6 088 450
US-A1- 2007 039 055
US-A1- 2011 145 910
WO-A1-2010/027694
US-A1- 2003 226 014
US-A1- 2007 121 643
US-B1- 7 681 229
  
      
    Note: Within nine months from the publication of the mention of the grant of the European patent, any person may give notice to the European Patent Office of opposition to the European patent granted. Notice of opposition shall be filed in a written reasoned statement. It shall not be deemed to have been filed until the opposition fee has been paid. (Art. 99(1) European Patent Convention).


    Description

    BACKGROUND OF THE INVENTION


    1. Field of the Invention



    [0001] The present invention generally relates to Internet security, and, more particularly, to a system and method for trusted pair security.

    2. Description of the Related Art



    [0002] Firewalls are used in computer networks to permit or deny network transmissions based upon a set of rules. They are frequently used to protect networks from unauthorized access while permitting legitimate communications to pass.

    [0003] There are at least two problems with firewalls. First, as the number of outward-facing applications grows, the complexity of correctly managing firewalls becomes intractable. Human error will creep into any sufficiently complex system, and firewalls tend to include a lot of complexity in their management. The errors will likely take the form of accidental openings to the system through the firewall. Second, typical de-militarized zone ("DMZ") system architecture makes it difficult to deploy or change applications due to substantially increased access restrictions in the zone itself. United States Patent Application Publication US 2011/0145910 discloses a server authenticating a client using a serie of tapping over agreed ports. On successful authentication, said server opens a second port for the client application, which may be encrypted. A new firewall is created to assure that only the newly-opened port is accessible to the successfully-authenticated client. International Patent Publication WO 2010/027694 discloses an accessory that communicates with or controls a multimedia source despite not being directly authenticated by it. Authentication privileges established via the first port (i.e. USB) are to be shared with or transferred to the second port (i.e Bluetooth) in what is termed as "cross-transport authentication".

    SUMMARY OF THE INVENTION



    [0004] A system and method for trusted pair security is disclosed. According to one embodiment, the method may include (1) providing a receiver, the receiver comprising a computer processor, the receiver being communicatively coupled to a network; (2) providing an initiator, the initiator comprising a computer processor, the initiator being communicatively coupled to the resource, the initiator further being communicatively coupled to the receiver; (3) sending, from the initiator to the receiver, a first authentication request on a first port, the first authentication request comprising a parameter shared between the receiver and the initiator; (4) sending, from the receiver to the initiator, an identification of a second port; (5) sending, from the initiator to the receiver, a second authentication request on the second port; (6) mutually authenticating the initiator and the receiver via the second port; and (7) establishing a streaming connection between the initiator and the receiver over the second port.

    [0005] The method may further include (8) receiving, at the receiver, a request for the resource over the network from a requestor; (9) determining, by the receiver, that the initiator is operatively coupled to the resource; (10) passing, by the receiver, the request to the initiator over the second port via the streaming connection; (11) passing, by the initiator, the request to the resource; (12) conveying, by the initiator, a response from the resource to the receiver over the second port via the streaming connection; and (13) sending, from the receiver, the response to the request to the requestor. In one embodiment, further communications between the requestor and the resource pass through the initiator and the receiver over the second port via the streaming connection.

    [0006] In one embodiment, prior to the sending, from the initiator to the receiver, a first authentication request on a first port, the method may include (a) receiving, at the receiver, a request for the resource over the network from a requestor; (b) determining, by the receiver, the absence of a streaming connection between the initiator and the receiver; and (c) sending, by the receiver, an error message to the requestor.

    [0007] The method may also include, prior to the sending, from the initiator to the receiver, a first authentication request on a first port (d) determining, by the receiver, that the initiator is communicatively coupled to the resource, and the error message may include a human readable invitation to access the resource at a future time.

    [0008] The method may also include, prior to the sending, from the initiator to the receiver, a first authentication request on a first port (e) storing in a persistent memory of the receiver an identification of the resource. The determining, by the receiver, that the initiator is communicatively coupled to the resource may include accessing the identification of the resource in the persistent memory of the receiver. The second authentication request may include the identification of the resource.

    [0009] In one embodiment, prior to the sending, from the initiator to the receiver, a first authentication request on a first port, the method may include (a) sending, from the initiator to the receiver, an identification of the resource; and (b) storing in a persistent memory of the receiver the identification of the resource. The determining, by the receiver, that the initiator is communicatively coupled to the resource may include the receiver accessing the identification of the resource in the persistent memory of the receiver.

    [0010] The method may also include providing a resource identification server communicatively coupled to the initiator and to the receiver. The determining, by the receiver, that the initiator is communicatively coupled to the resource may include the receiver accessing the resource identification server.

    [0011] The method may also include the steps of detecting, by the receiver, an attack; and severing the streaming connection in response to the detecting.

    [0012] In another embodiment, a system for protecting a resource is disclosed. According to one embodiment, the system discloses a receiver comprising a computer processor, the receiver being communicatively coupled to a network; an initiator, the initiator comprising a computer processor, the initiator being communicatively coupled to the resource, the initiator further being communicatively coupled to the receiver.

    [0013] The initiator may be configured to send, to the receiver, a first authentication request on a first port, and the first authentication request may include a parameter shared between the receiver and the initiator.

    [0014] The receiver may be configured to send, to the initiator, an identification of a second port.

    [0015] The initiator may be configured to send, to the receiver, a second authentication request on the second port.

    [0016] The initiator and receiver may be configured to mutually authenticate via the second port, and the initiator and receiver may be configured to establish a streaming connection between the initiator and the receiver over the second port.

    [0017] The receiver may be configured to receive a request for the resource over the network from a requestor and determine that the initiator is operatively coupled to the resource, and may be configured to pass the request to the initiator over the second port via the streaming connection.

    [0018] The initiator may be configured to pass the request to the resource and convey a response from the resource to the receiver over the second port via the streaming connection.

    [0019] The receiver may be configured to send the response to the request to the requestor.

    [0020] Further communications between the requestor and the resource may pass through the initiator and the receiver over the second port via the streaming connection.

    [0021] In one embodiment, prior to the first authentication request, the system may be configured to receive, at the receiver, a request for the resource over the network from a requestor; determine, by the receiver, the absence of a streaming connection between the initiator and the receiver; and send, by the receiver, an error message to the requestor.

    [0022] In one embodiment, the receiver may be further configured to, prior to the first authentication request, determine that the initiator is communicatively coupled to the resource, wherein the error message comprises a human readable invitation to access the resource at a future time.

    [0023] In one embodiment, the receiver may be further configured to store, prior to the first authentication request, an identification of the resource.

    [0024] In one embodiment, the second authentication request may include the identification of the resource.

    [0025] In one embodiment, prior to the first authentication request, the system may be configured to send, from the initiator to the receiver, an identification of the resource; and store in a persistent memory of the receiver the identification of the resource. The receiver may be further configured to access the identification of the resource in the persistent memory of the receiver.

    [0026] In one embodiment, the system may further include a resource identification server communicatively coupled to the initiator and to the receiver. The receiver may be configured to access the resource identification server.

    [0027] In one embodiment, the receiver may be further configured to detect an attack and sever the streaming connection in response to the attack.

    [0028] According to another embodiment, a method for establishing a streaming connection between an initiator and a receiver, may include (1) receiving, at a first port for a receiver comprising a computer processor, a request for a streaming communication, the request comprising a first authentication protocol; (2) determining, based on the first authentication protocol, that the initiator is likely to be authentic; (3) using the computer processor, determining a second port for a streaming connection; (4) communicating, over the first port, an identification of the second port to the initiator; (5) dropping the connection at the first port; (6) opening the second port; (7) listening for a communication from the initiator at the second port; and (8) closing the second port if the communication from the initiator is not received within a predetermined time period.

    [0029] The step of determining a second port for a streaming connection may further include randomly selecting the second port.

    [0030] The method may further include (8) authenticating the initiator with a second authentication protocol; and (9) establishing a dedicated link for the streaming connection between the initiator and the receiver.

    BRIEF DESCRIPTION OF THE DRAWINGS



    [0031] The present invention, together with further objects and advantages, may best be understood by reference to the following description taken in conjunction with the accompanying drawings, in the several figures of which like reference numerals identify like elements, and in which:

    Fig. 1 is a schematic diagram illustrating a system according to an embodiment of the present invention;

    Fig. 2 is a flow chart illustrating an attempted user interaction according to an embodiment of the present invention;

    Fig. 3 is a flow chart illustrating a set up operation according to an embodiment of the present invention;

    Fig. 4 is a flow chart illustrating a successful user interaction according to an embodiment of the present invention;

    Fig. 5 is a schematic diagram illustrating a first exemplary configuration arrangement according to an embodiment of the present invention;

    Fig. 6 is a flow chart illustrating a first exemplary configuration operation according to an embodiment of the present invention;

    Fig. 7 is a schematic diagram illustrating a second exemplary configuration arrangement according to an embodiment of the present invention;

    Fig. 8 is a flow chart illustrating a second exemplary configuration operation according to an embodiment of the present invention; and

    Fig. 9 is a schematic diagram illustrating possible additional components according to an embodiment of the present invention.


    DETAILED DESCRIPTION OF PREFERRED EMBODIMENTS



    [0032] Several embodiments of the present invention and their advantages may be understood by referring to Figs. 1-9, wherein like reference numerals refer to like elements.

    [0033] Fig. 1 is a schematic diagram illustrating a system according to an embodiment of the present invention. According to one embodiment, the system may include receiver 110 (and 115) and initiator 120 (and 125). Receivers 110, 115 and initiators 120, 125 may be embodied in computer-executable software, computer hardware, computer firmware, or any suitable combination thereof.

    [0034] Receivers 110, 115 may be outward-facing and may be configured to "listen" on ports that are open to network 105, such as the Internet, such as standard ports like port 8080. Receivers 110, 115 may be in the DMZ or other less-trusted zone. Initiators 120, 125 may not have any direct connection to Internet 105. Instead, initiators 120, 125 may reside inside the firewall or in another trusted zone.

    [0035] Initiators 120, 125 may be connected to applications 130, 135, 140, 145 that are protected from the Internet. Each application may be connected to servicers 155, 165 and to persistent storage 150, 160. Applications 130, 135, 140, 145 may be, by way of non-limiting example, customer account applications (e.g., electronic banking applications), bill payment applications, applications that allow users to apply for products or services (e.g., loan application software), or electronic commerce applications (e.g., an electronic store). In general, embodiments may include a single receiver/initiator pair, a single receiver with a plurality of initiators, or a single initiator with a plurality of receivers.

    [0036] Fig. 2 is a flow chart illustrating an attempted user interaction according to an embodiment of the present invention. At block 205, the receiver initializes. This may include the receiver powering on, restarting or otherwise re-setting itself.

    [0037] At block 210, the receiver receives a request for a resource from a user over the internet.

    [0038] At block 215, the receiver may check its settings to determine which resources it can provide once it is successfully paired with an initiator. In one embodiment, the receiver may check its "config" settings. A "config" may simply be a set of parameters that may control the behavior of the receiver and initiator pair. Those parameters could be realized in a variety of physical formats(for example, in XML, JSON, name-value, etc) and may be persisted in a variety of ways (file, non-volatile RAM, ROM, even as a transient message on messaging subsystem such as TIBCO EMS, SonicMQ, or IBM MQ, etc.). The config may be internal or external to the receiver. Techniques for supplying the receiver with the config are discussed below in reference to Figs. 5-8.

    [0039] If the requested resource is not listed in config, the receiver replies with an error message. The error message may convey to the user that the resource is not available and that the user should not expect the resource to be available.

    [0040] If the requested resource is listed in config, in block 220 the receiver checks whether it is paired with an initiator that can provide the requested resource. The process discussed in reference to Fig. 2 assumes that no such pairing yet exists, thus, at block 220, the receiver determines that it has not paired with an initiator that can provide the requested resource.

    [0041] At block 225, the receiver sends an error message to the requesting user, such as "resource not currently available." In one embodiment, the error message may be more detailed and/or intelligent than a simple HTTP Standard Response Code 404 (i.e., a "not found" message). Indeed, the message could be customized to say, e.g., "please try again in 15 minutes." (This assumes that the receiver determined at block 215 that it can connect to the initiator that connects to the requested resource. If the receiver does not recognize the resource at all, it can respond with a more standard "not found" error message).

    [0042] Fig. 3 is a flow chart illustrating a set up operation according to an embodiment of the present invention. At block 305, the initiator initializes. This may comprise powering up, restarting, or otherwise resetting itself. At block 310, the initiator communicates with a receiver to establish a communication link. In one embodiment, this communication link to be established may be a dedicated, permanent link. Thus, in one embodiment, both the initiator and the receiver may include or have access to the same authentication mechanism, such as a symmetric cryptographic key. This key may be hard coded into each so that there is no need for a key transportation mechanism.

    [0043] The receiver, which is assumed for the purposes of Fig. 3 to have already initialized, listens on a port. In one embodiment, this port may be a pre-defined port, which may be referred to as the "hailing port." In one embodiment, the receiver may only listen on the hailing port; in another embodiment, the receiver may listen on multiple ports. When the initiator communicates with the receiver, the initiator contacts the hailing port.

    [0044] At block 315, the initial contact at the hailing port may include a lightweight authentication protocol. By way of non-limiting example, the initiator may send a hash of the time and date encrypted using the shared key to the receiver. If the receiver can decrypt the hash and match it to a hash that it itself generates, then the initiator is judged to be potentially authentic and the process can proceed. If not, the connection is dropped.

    [0045] The lightweight authentication protocol helps mitigate denial-of-service attacks by not allowing the hailing port to remain busy for too long.

    [0046] In one embodiment, the initiator and receiver may continue the connection using the hailing port. In another embodiment, the initiator and receiver may agree to continue the communication on another port, such as a dynamically opened port. In one embodiment, the receiver may select a new port at random (e.g., port 48000) and convey the identity of that port to the initiator at block 320. The receiver then drops the connection on its hailing port and begins listening on the new port selected by the receiver.

    [0047] In block 325, the initiator may contact the receiver. Unless the initiator makes appropriate contact with the receiver within a specified time interval (e.g., 0.5 seconds, one second, two seconds, or whatever time period is necessary and/or desired) this port "times out" and closes. Thus, if an attacker happens to attack port 48000 during this brief interval, not only will the attack fail, but if the attacker returns, he will find the port closed.

    [0048] At block 330, the communications at the new port may next proceed with a more heavyweight authentication protocol. In one embodiment, this authentication protocol may include a nonce exchange using an asymmetric key pair. At block 335, once the receiver and initiator are authenticated to each-other on the dynamic port, they may proceed to establish a dedicated link between them. This double authentication with the hailing and dynamic ports creates a trusted initiator/receiver pair. The link may be a bit-bucket-brigade, streaming, unblocking connection.

    [0049] In one embodiment, the dedicated link between the receiver and initiator may be temporary, semi-permanent, or permanent. In one embodiment, the link may time out after the passage of a predetermined amount of time, data, etc.

    [0050] In one embodiment, the initiator may be required to re-authenticate itself randomly, or periodically, or as necessary and/or desired.

    [0051] In any embodiment, the link between the initiator and the receiver may be immediately severed if an attack is detected by the receiver or any other component. This immediately isolates the resource from the Internet.

    [0052] Fig. 4 is a flow chart illustrating a successful user interaction according to an embodiment of the present invention. The process illustrated in Fig 4 assumes that the initiator and receiver have already established a permanent link between them as discussed above in reference to Fig. 3.

    [0053] At block 410, a request for a resource is received over the Internet via standard http protocol. In one embodiment, the request may be routed to a well known port on the receiver, such as port 8080.

    [0054] At block 415, the receiver may check its config to determine whether it might be paired with an initiator that can provide the resource. If not, the process may terminate with an error message as discussed above in reference to Fig. 3. If so, the process proceeds to block 420.

    [0055] In block 420, the receiver may check whether it has an existing trusted pairing with the initiator that can provide the requested resource. If no such pairing exists, in one embodiment, the receiver immediately drops the connection. In another embodiment, the receiver may take an appropriate action to disable communication via the connection. In still another embodiment, the receiver may send a communication to the initiator that the initiator is not authenticated, that the requested resource is not requested, etc.

    [0056] If the receiver is paired with an initiator (as discussed above in reference to Fig. 3), at block 425, the receiver may pass the information to the initiator over the dynamically established port.

    [0057] At block 430, the initiator may pass the request to the requested resource, and, at block 435, the resource, in turn, may pass its response back to the initiator. At block 440, the initiator passes the response on to the receiver. At block 445, the receiver passes the response to the end user. The end user and the resource may continue to communicate -- effectively transparently and safely -- through the receiver/initiator pair.

    [0058] Fig. 5 is a schematic diagram illustrating a first exemplary configuration arrangement according to an embodiment of the present invention. In the embodiment of Fig. 5, both receiver 505 and initiator 510 include hard-coded copies of the config 515, 520. In this arrangement, there is no need to convey the config to the receiver or initiator once the config has been coded. The release control dynamics of this arrangement are similar to releasing an application into the DMZ in a traditional architecture.

    [0059] Fig. 6 is a flow chart illustrating a first exemplary configuration operation according to an embodiment of the present invention. In one embodiment, the process of Fig. 6 may be implemented using the arrangement described above in reference to Fig. 5, or any other arrangement as necessary and/or desired.

    [0060] At block 605, the initiator and receiver may each obtain hard-coded copies of the config by, for example, manual installation by a human administrator. The config may be provide in any suitable way, including through the secure communication link, on a token, thumb drive, via wireless communication, by email, or by any mechanism as necessary and/or desired. In another embodiment, config may be hardcoded into the initiator and/or receiver.

    [0061] At block 610, and as part of an initial authentication (e.g., block 315 of Fig. 3), the initiator may combine the resource description (e.g., the config itself or a hash thereof) with a nonce and encrypts it. The receiver may decrypt the message and verify the resource description matches its own hard-coded data. The receiver may return the decrypted nonce or other evidence of its ability to decrypt the original message.

    [0062] In one embodiment, a verification of this return message may complete the initial authentication.

    [0063] Fig. 7 is a schematic diagram illustrating a second exemplary configuration arrangement according to an embodiment of the present invention. In this arrangement, initiator 710 may be communicatively coupled to server 715 which can vend a config. Receiver 705 and initiator 710 may not have hard-coded configs in this arrangement; they may only have the shared symmetric key 720, 725.

    [0064] Following the establishment of the permanent link between receiver and initiator (block 335 of Fig. 3) the initiator may send the config vended from server 715 to the receiver

    [0065] Fig. 8 is a flow chart illustrating a second exemplary configuration operation according to an embodiment of the present invention. The process of Fig. 8 may be implemented using, for example, the arrangement described above in reference to Fig. 7.

    [0066] At block 805 in this arrangement, the initiator-connected server may provide a list of resources to the initiator. Alternately, the initiator may already include a list of resources. In either case, at block 810 the initiator may encrypt encrypts config with, for example, the symmetric key and may transmit the encrypted config to the receiver. This may be done, for example, at start-up.

    [0067] At block 815, the receiver may decrypt config with symmetric key.

    [0068] Fig. 9 is a schematic diagram illustrating possible additional components according to an embodiment of the present invention. In Fig. 9, several optional performance, security, or resilience-related components may sit between Internet 905 and receiver 910, which is coupled to initiator 915. Such components may include any, or a combination, of global load balancer 920, SSL terminator 925, reverse proxy server 930 and firewall 935. Other components, such as application firewalls, email-borne malware scanning appliances or software, other bitstream scanning appliances or software, etc. may be provided as necessary and/or desired.

    [0069] It is to be appreciated that the set of instructions, such as the software that configures the computer operating system to perform the operations described above, may be contained on any of a wide variety of media or medium, as desired. Further, any data that is processed by the set of instructions might also be contained on any of a wide variety of media or medium. That is, the particular medium, that is, the memory in the processing machine, utilized to hold the set of instructions or the data used in the invention may take on any of a variety of physical forms or transmissions, for example. Illustratively, the medium may be in the form of paper, paper transparencies, a compact disk, a DVD, an integrated circuit, a hard disk, a floppy disk, an optical disk, a magnetic tape, a RAM, a ROM, a PROM, a EPROM, a wire, a cable, a fiber, communications channel, a satellite transmissions or other remote transmission, as well as any other medium or source of data that may be read by a computer.

    [0070] In the preceding specification, various preferred embodiments have been described with references to the accompanying drawings. It will, however, be evident that various modifications and changes may be made thereto, and additional embodiments may be implemented, without departing from the broader scope of invention as set forth in the claims that follow. The specification and drawings are accordingly to be regarded in an illustrative rather than restrictive sense.


    Claims

    1. Method for protecting a resource, the method comprising
    providing a receiver (110,115), the receiver comprising a computer processor, the receiver communicating with a network (105) and having a plurality of receiver ports;
    providing an initiator (120, 125), comprising a computer processor, the initiator communicating with the resource and the receiver ports (110,115);
    sending from the initiator (120) to the receiver (110) a first authentication request on the first receiver port (110), the first authentication request comprising a parameter shared between the receiver and the initiator (120,110);
    sending from the receiver (110,115) to the initiator (120,125) an identification of the second receiver port in response to a successful first authentication request;
    sending from the initiator (120,125) to the receiver (110,115) a second authentication request on the second receiver port;

    - mutually authenticating the initiator and the receiver (120,110; 115,125) via the second receiver port in response to a successful second authentication request;

    - establishing a streaming connection between the initiator and the receiver (120,110; 115,125) over the second receiver port in response to a successful mutual authentication;

    - the receiver (110,115) detecting an attempt for an unauthorized access at the second receiver port and severing the streaming connection between the initiator and the receiver (120,110; 115,125) over the second receiver port in response to the detected attempt for unauthorized access.


     
    2. Method of claim 1, further comprising

    - receiving, at the receiver, a request for the resource over the network (105) from a requestor;

    determining, by the receiver, that the initiator is operatively coupled to the resource;
    passing, by the receiver, the request to the initiator over the second receiver port via the streaming connection;
    passing, by the initiator, the request to the resource;
    conveying, by the initiator, a response from the resource to the receiver over the second receiver port via the streaming
    connection; and
    sending, from the receiver, the response to the request to the requestor;
    whereby further communications between the requestor and the resource pass through the initiator and the receiver over the second receiver port via the streaming connection.
     
    3. Method of claim 1, wherein prior to the sending from the initiator to the receiver a first authentication request on the first port
    a request for the resource over the network from a requestor is received at the receiver;
    the receiver determines the absence of a streaming connection (220) between the initiator and the receiver; and
    the receiver sends an error message (225) to the requestor.
     
    4. Method of claim 3, further comprising, prior to the sending, from the initiator to the receiver, a first authentication request on the first receiver port:

    determining by the receiver that the initiator communicates with the resource;

    wherein the error message comprises a human readable invitation to access the resource at a future time.


     
    5. Method of claim 4, further comprising, prior to the sending, from the initiator to the receiver, a first authentication request on the first receiver port:

    storing in a persistent memory (150, 160) of the receiver an identification of the resource;

    wherein the determining, by the receiver, that the initiator is communicatively coupled to the resource comprises accessing the identification of the resource in the persistent memory of the receiver.


     
    6. Method of claim 5, wherein the second authentication request comprises the identification of the resource.
     
    7. Method of claim 4, further comprising, prior to the sending, from the initiator to the receiver, a first authentication request on the first receiver port:

    sending, from the initiator to the receiver, an identification of the resource; and storing in a persistent memory of the receiver the identification of the resource;

    wherein the receiver determines that the initiator is communicating with the resource and comprises the receiver accessing the identification of the resource in the persistent memory of the receiver.


     
    8. Method of claim 4, further comprising a providing a resource identification server communicating with the initiator and the receiver, wherein the receiver determines that the initiator is communicating with the resource and comprises the receiver accessing the resource identification server.
     
    9. Method of claim 1, wherein the resource is further in communication with a second network, and

    - isolating the resource from the second network in response to the detected attempt for the unauthorized access.


     
    10. System for protecting a resource, the system comprising a receiver (110, 115) comprising a computer processor, the receiver being communicatively coupled to a network (105) and having a plurality of receiver ports; and comprising

    - an initiator (120, 125), the initiator comprising a computer processor, the initiator being communicatively coupled to the resource, the initiator further being communicatively coupled to the receiver through receiver ports (115, 110); wherein the initiator is configured to send, to the receiver, a first authentication request on the first receiver port, the first authentication request comprising a parameter shared between the receiver and the initiator;

    - wherein the receiver (110, 115) is configured to send, to the initiator, an identification of the second receiver port in response to a successful first authentication request; and the initiator is configured to send, to the receiver, a second authentication request on the second receiver port;

    - and the initiator and receiver (110, 115) are configured to mutually authenticate via the second receiver port in response to a successful second authentication request and the initiator and receiver are configured to establish a streaming connection between the initiator and the receiver using the second receiver port;

    - wherein the receiver (110, 115) is configured to receive a request for the resource over the network (105) from a requestor and determine that the initiator is operatively coupled to the resource and the receiver is configured to pass the request to the initiator over the second receiver port via the streaming connection;

    - wherein the initiator (120, 125) is configured to pass the request to the resource and convey a response from the resource to the receiver (110,115) over the second receiver port via the streaming connection;

    wherein the receiver (110, 115) is configured to send the response to the request to the requestor and to pass further communications between the requestor and the resource through the initiator and the receiver over the second receiver port via the streaming connection; -the receiver (110,115) configured to detect an attempt for an unauthorized access at the second receiver port and configured to severe the streaming connection over the second receiver port in response to the detected attempt for unauthorized access.
     
    11. System of claim 10, further configured to, prior to the first authentication request:

    receive, at the receiver, a request for the resource over the network from a requestor;

    the receiver is configured to determine the absence of a streaming connection between the initiator and the receiver; and

    the receiver is configured to send an error message to the requestor.


     
    12. System of claim 11, wherein the receiver is further configured to, prior to the first authentication request, determine that the initiator is communicatively coupled to the resource, wherein the error message comprises a human readable invitation to access the resource at a future time, preferably the receiver is further configured to store an identification of the resource prior to the first authentication request.
     
    13. System of claim 12, wherein the second authentication request comprises the identification of the resource.
     
    14. System of claim 12, further configured
    to send, from the initiator to the receiver, an identification of the resource; and
    store in a persistent memory (150, 160) of the receiver the identification of the resource;
    wherein the receiver is further configured to access the
    identification of the resource in the persistent memory (150, 160) of the receiver.
     
    15. System of claim 12, further comprising a resource identification server communicatively coupled to the initiator (120, 125) and to the receiver, wherein the receiver (115, 110) is further configured to access the resource identification server.
     


    Ansprüche

    1. Verfahren zum Schützen einer Ressource, wobei das Verfahren umfasst Bereitstellen eines Empfängers (110, 115), wobei der Empfänger einen Computerprozessor umfasst, der Empfänger mit einem Netzwerk (105) kommuniziert und eine Vielzahl von Empfängeranschlüssen (Ports) aufweist;
    Bereitstellung eines Initiators (120, 125), der einen Computerprozessor umfasst, wobei der Initiator mit der Ressource und den Empfängerports oder -anschlüssen (110, 115) kommuniziert;
    Senden einer ersten Authentifizierungsanforderung von dem Initiator (120) an den Empfänger (110) an/auf dem ersten Empfängerport (110), wobei die erste Authentifizierungsanforderung einen Parameter umfasst, der von dem Empfänger und dem Initiator (120, 110) gemeinsam genutzt wird;
    Senden vom Empfänger (110, 115) an den Initiator (120, 125) - als Antwort auf eine erfolgreiche erste Authentifizierungsanfrage - eine Identifikation des zweiten Empfänger-Ports;
    Senden einer zweiten Authentifizierungsanforderung vom Initiator (120, 125) an den Empfänger (110, 115) am zweiten Empfänger-Port;

    - gegenseitige Authentifizierung des Initiators und des Empfängers (120.110; 115.125) über den zweiten Empfänger-Port als Antwort auf eine erfolgreiche zweite Authentifizierungsanfrage;

    - Aufbau einer Streaming-Verbindung zwischen dem Initiator und dem Empfänger (120.110; 115.125) über den zweiten Empfänger-Port als Reaktion auf eine erfolgreiche gegenseitige Authentisierung;

    - wobei der Empfänger (110, 115) einen Versuch eines unberechtigten Zugriffs am zweiten Empfänger-Port erkennt und die Streaming-Verbindung zwischen dem Initiator und dem Empfänger (120, 110; 115, 125) über den zweiten Empfänger-Port als Reaktion auf den erkannten Versuch eines unberechtigten Zugriffs trennt.


     
    2. Verfahren nach Anspruch 1, weiter umfassend
    Erhalten, beim Empfänger, eine Anfrage für die Ressource über das Netzwerk (105) von einem Anfragenden;
    Bestimmung durch den Empfänger, dass der Initiator operativ mit der Ressource gekoppelt ist;
    Weitergabe der Anforderung an den Initiator durch den Empfänger über den zweiten Empfänger-Port über die Streaming-Verbindung;
    Weitergabe der Anfrage durch den Initiator an die Ressource;
    Übermittlung einer Antwort von der Ressource durch den Initiator an den Empfänger über den zweiten Empfänger-Port über die Streaming-Verbindung; und
    Senden der Antwort auf die Anfrage vom Empfänger an den Anforderer;
    wobei die weitere Kommunikation zwischen dem Anforderer und der Ressource durch den Initiator und den Empfänger über den zweiten Empfängerport über die Streaming-Verbindung erfolgt.
     
    3. Verfahren nach Anspruch 1, wobei vor dem Senden vom Initiator zum Empfänger eine erste Authentifizierungsanforderung am ersten Port
    eine Anforderung der Ressource über das Netzwerk von einem Anforderer beim Empfänger eingeht;
    der Empfänger das Fehlen einer Streaming-Verbindung (220) zwischen dem Initiator und dem Empfänger feststellt; und
    der Empfänger eine Fehlermeldung (225) an den Anforderer sendet.
     
    4. Verfahren nach Anspruch 3, das ferner vor dem Senden vom Initiator zum Empfänger eine erste Authentifizierungsanforderung am ersten Empfängerport umfasst:

    Bestimmung durch den Empfänger, dass der Initiator mit der Ressource kommuniziert;

    wobei die Fehlermeldung eine von Menschen lesbare Einladung zum Zugriff auf die Ressource zu einem zukünftigen Zeitpunkt enthält.


     
    5. Verfahren nach Anspruch 4, das ferner vor dem Senden vom Initiator zum Empfänger eine erste Authentifizierungsanforderung am ersten Empfängerport umfasst:

    Speicherung einer Identifikation der Ressource in einem persistenten Speicher (150, 160) des Empfängers;

    wobei die Bestimmung durch den Empfänger, dass der Initiator kommunikativ mit der Ressource gekoppelt ist, den Zugriff auf die Identifikation der Ressource im persistenten Speicher des Empfängers umfasst.


     
    6. Verfahren nach Anspruch 5, wobei der zweite Authentifizierungsantrag die Identifizierung der Ressource umfasst.
     
    7. Verfahren nach Anspruch 4, das ferner vor dem Senden vom Initiator zum Empfänger eine erste Authentifizierungsanforderung am ersten Empfängerport umfasst:

    Senden einer Identifikation der Ressource vom Initiator an den Empfänger; und Speichern der Identifikation der Ressource in einem persistenten Speicher des Empfängers;

    wobei der Empfänger bestimmt, dass der Initiator mit der Ressource kommuniziert, und den Empfänger umfasst, der auf die Identifikation der Ressource im persistenten Speicher des Empfängers zugreift.


     
    8. Verfahren nach Anspruch 4, ferner umfassend ein Bereitstellen eines Ressourcen-Identifikationsservers, der mit dem Initiator und dem Empfänger kommuniziert, wobei der Empfänger bestimmt, dass der Initiator mit der Ressource kommuniziert und umfasst, dass der Empfänger auf den Ressourcen-Identifikationsserver zugreift.
     
    9. Verfahren nach Anspruch 1, bei dem die Ressource weiterhin mit einem zweiten Netzwerk kommuniziert, und bei dem die Ressource als Reaktion auf den erkannten Versuch des unberechtigten Zugriffs von dem zweiten Netzwerk isoliert wird.
     
    10. System zum Schützen einer Ressource, wobei das System einen Empfänger (110, 115) umfasst, der einen Computerprozessor umfasst, wobei der Empfänger kommunizierend mit einem Netzwerk (105) gekoppelt ist und eine Vielzahl von Empfängerports aufweist; und umfassend

    - einen Initiator (120, 125), wobei der Initiator einen Computerprozessor umfasst, wobei der Initiator kommunizierend mit der Ressource gekoppelt ist, wobei der Initiator ferner kommunizierend mit dem Empfänger über Empfänger-Ports (115, 110) gekoppelt ist; wobei der Initiator konfiguriert ist, an den Empfänger eine erste Authentifizierungsanforderung an/auf dem ersten Empfänger-Port zu senden, wobei die erste Authentifizierungsanforderung einen Parameter umfasst, der von dem Empfänger und dem Initiator gemeinsam genutzt wird;

    - wobei der Empfänger (110, 115) so konfiguriert ist, dass er als Antwort auf eine erfolgreiche erste Authentifizierungsanforderung eine Identifikation des zweiten Empfänger-Ports an den Initiator sendet; und der Initiator so konfiguriert ist, eine zweite Authentifizierungsanforderung am zweiten Empfänger-Port an den Empfänger sendet;

    - und der Initiator und der Empfänger (110, 115) so konfiguriert sind, dass sie sich als Reaktion auf eine erfolgreiche zweite AuthentifizierungsAnforderung über den zweiten Empfänger-Port gegenseitig authentifizieren, und der Initiator und der Empfänger so konfiguriert sind, dass sie unter Verwendung des zweiten Empfänger-Ports eine Streaming-Verbindung zwischen dem Initiator und dem Empfänger herstellen;

    - wobei der Empfänger (110, 115) so konfiguriert ist, dass er eine Anforderung für die Ressource über das Netzwerk (105) von einem Anforderer empfängt und bestimmt, dass der Initiator operativ mit der Ressource gekoppelt ist, und der Empfänger so konfiguriert ist, dass er die Anforderung an den Initiator über den zweiten Empfänger-Port über die Streaming-Verbindung weiterleitet;

    - wobei der Initiator (120,125) so konfiguriert ist, dass er die Anforderung an die Ressource weiterleitet und eine Antwort von der Ressource an den Empfänger (110, 115) über den zweiten Empfängeranschluss über die Streaming-Verbindung übermittelt;

    wobei der Empfänger (110, 115) so konfiguriert ist, dass er die Antwort auf die Anforderung an den Anforderer sendet und weitere Kommunikationen zwischen dem Anforderer und der Ressource durch den Initiator und den Empfänger über den zweiten Empfängeranschluss per Streaming-Verbindung weiterleitet;
    der Empfänger (110, 115) so konfiguriert ist, dass er einen Versuch eines unberechtigten Zugriffs am zweiten Empfänger-Port erkennt, und so konfiguriert ist, die Streaming-Verbindung über den zweiten Empfänger-Port als Reaktion auf den erkannten Versuch des unberechtigten Zugriffs zu unterbrechen.
     
    11. System von Anspruch 10, weiter so konfiguriert, dass vor dem ersten Authentifizierungsantrag:

    beim Empfänger eine Anfrage für die Ressource über das Netzwerk von einem Antragsteller erhalten;

    der Empfänger so konfiguriert ist, dass er das Fehlen einer Streaming-Verbindung zwischen dem Initiator und dem Empfänger feststellt; und

    der Empfänger so konfiguriert ist, dass er eine Fehlermeldung an den Anforderer sendet.


     
    12. System nach Anspruch 11, wobei der Empfänger ferner so konfiguriert ist, dass er vor der ersten Authentifizierungsanforderung feststellt, dass der Initiator kommunikativ mit der Ressource gekoppelt ist, wobei die Fehlermeldung eine von Menschen lesbare Einladung zum Zugriff auf die Ressource zu einem zukünftigen Zeitpunkt umfasst, vorzugsweise ist der Empfänger ferner so konfiguriert, dass er vor der ersten Authentifizierungsanforderung eine Identifikation der Ressource speichert.
     
    13. System von Anspruch 12, wobei der zweite Authentifizierungsantrag die Identifizierung der Ressource umfasst.
     
    14. System von Anspruch 12, weiter konfiguriert
    vom Initiator zum Empfänger eine Identifizierung der Ressource zu senden; und
    in einem persistenten Speicher (150, 160) des Empfängers die Identifikation der Ressource speichern;
    wobei der Empfänger ferner so konfiguriert ist, dass er auf die Identifikation der Ressource im persistenten Speicher (150, 160) des Empfängers zugreift.
     
    15. System nach Anspruch 12, das ferner einen Ressourcen-Identifikationsserver umfasst, der kommunikativ mit dem Initiator (120, 125) und dem Empfänger gekoppelt ist, wobei der Empfänger (115, 110) ferner so konfiguriert ist, dass er auf den Ressourcen-Identifikationsserver zugreift.
     


    Revendications

    1. Procédé de protection d'une ressource, la méthode comprenant fournissant un récepteur (110,115), le récepteur comprenant un processeur informatique, le récepteur communiquant avec un réseau (105) et ayant une pluralité de ports de réception ;
    fournir un initiateur (120, 125), comprenant un processeur informatique, l'initiateur communiquant avec la ressource et les ports récepteurs (110, 115) ;
    l'envoi par l'initiateur (120) au récepteur (110) d'une première demande d'authentification sur le premier port du récepteur (110), la première demande d'authentification comprenant un paramètre partagé entre le récepteur et l'initiateur (120,110) ;
    l'envoi par le récepteur (110 115) à l'initiateur (120 125) d'une identification du deuxième port de réception en réponse à une première demande d'authentification réussie ;
    l'envoi par l'initiateur (120,125) au récepteur (110,115) d'une seconde demande d'authentification sur le second port du récepteur ;

    - l'authentification mutuelle de l'initiateur et du récepteur (120,110; 115,125) via le deuxième port de réception en réponse à une deuxième demande d'authentification réussie ;

    - établir une connexion en continu entre l'initiateur et le récepteur (120 110 ; 115 125) sur le deuxième port de réception en réponse à une authentification mutuelle réussie ;

    - le récepteur (110,115) détectant une tentative d'accès non autorisé, sur le second port du récepteur et coupant la connexion en continu entre l'initiateur et le récepteur (120,110 ; 115,125) sur le second port du récepteur en réponse à la tentative d'accès non autorisé détectée.


     
    2. Procédé de la revendication 1, comprenant en outre
    la réception, chez le destinataire, d'une demande de ressource sur le réseau (105) de la part d'un demandeur ;
    déterminer, par le récepteur, que l'initiateur est couplé de manière opérationnelle à la ressource ;
    en faisant passer, par le récepteur, la demande à l'initiateur sur le deuxième port du récepteur via la connexion de diffusion en continu ;
    en faisant passer, par l'initiateur, la demande à la ressource ;
    la transmission, par l'initiateur, d'une réponse de la ressource au récepteur sur le deuxième port de réception via la connexion de diffusion en continu ; et
    l'envoi, par le destinataire, de la réponse à la demande au demandeur ;
    par lequel les communications ultérieures entre le demandeur et la ressource passent par l'initiateur et le récepteur sur le deuxième port de réception via la connexion de diffusion en continu.
     
    3. Procédé de la revendication 1, dans laquelle, avant l'envoi de l'initiateur au destinataire, une première demande d'authentification sur le premier port
    une demande de ressource sur le réseau émanant d'un demandeur est reçue par le destinataire ;
    le récepteur détermine l'absence de connexion en streaming (220) entre l'initiateur et le récepteur
    le destinataire envoie un message d'erreur (225) au demandeur.
     
    4. Procédé de la revendication 3, comprenant en outre, avant l'envoi, de l'initiateur au destinataire, une première demande d'authentification sur le premier port du destinataire :

    déterminer par le récepteur que l'initiateur communique avec la ressource ;

    où le message d'erreur comprend une invitation lisible par l'utilisateur à accéder à la ressource à un moment ultérieur.


     
    5. Procédé de la revendication 4, comprenant en outre, avant l'envoi, de l'initiateur au destinataire, une première demande d'authentification sur le premier port du destinataire :

    le stockage dans une mémoire permanente (150, 160) du récepteur d'une identification de la ressource ;

    dans lequel la détermination, par le récepteur, que l'initiateur est couplé de manière communicative à la ressource comprend l'accès à l'identification de la ressource dans la mémoire permanente du récepteur.


     
    6. Procédé de la revendication 5, dans laquelle la deuxième demande d'authentification comprend l'identification de la ressource.
     
    7. Procédé de la revendication 4, comprenant en outre, avant l'envoi, de l'initiateur au destinataire, une première demande d'authentification sur le premier port du destinataire :

    l'envoi, de l'initiateur au destinataire, d'une identification de la ressource ; et le stockage dans une mémoire permanente du destinataire de l'identification de la ressource ;

    dans lequel le récepteur détermine que l'initiateur communique avec la ressource et comprend l'accès du récepteur à l'identification de la ressource dans la mémoire permanente du récepteur.


     
    8. Procédé de la revendication 4, comprenant en outre la fourniture d'un serveur d'identification de ressources communiquant avec l'initiateur et le récepteur, dans lequel le récepteur détermine que l'initiateur communique avec la ressource et comprend l'accès du récepteur au serveur d'identification de ressources.
     
    9. Procédé de la revendication 1, dans laquelle la ressource est en outre en communication avec un second réseau, et isolant la ressource du second réseau en réponse à la tentative détectée d'accès non autorisé.
     
    10. Système pour protéger une ressource, le système comprenant un récepteur (110, 115) comprenant un processeur informatique, le récepteur étant couplé de manière communicative à un réseau (105) et ayant une pluralité de ports de réception ; et comprenant

    - un initiateur (120, 125), l'initiateur comprenant un processeur informatique, l'initiateur étant couplé de manière communicative à la ressource, l'initiateur étant en outre couplé de manière communicative au récepteur par l'intermédiaire de ports de réception (115, 110) ; dans lequel l'initiateur est configuré pour envoyer, au récepteur, une première demande d'authentification sur le premier port de réception, la première demande d'authentification comprenant un paramètre partagé entre le récepteur et l'initiateur ;

    - dans laquelle le récepteur (110, 115) est configuré pour envoyer, à l'initiateur, une identification du second port de réception en réponse à une première demande d'authentification réussie ; et l'initiateur est configuré pour envoyer, au récepteur, une seconde demande d'authentification sur le second port de réception ;

    - et l'initiateur et le récepteur (110, 115) sont configurés pour s'authentifier mutuellement via le second port de réception en réponse à une seconde demande d'authentification réussie et l'initiateur et le récepteur sont configurés pour établir une connexion en continu entre l'initiateur et le récepteur en utilisant le second port de réception ;

    - dans lequel le récepteur (110, 115) est configuré pour recevoir une demande de ressource sur le réseau (105) de la part d'un demandeur et déterminer que l'initiateur est couplé de manière opérationnelle à la ressource et le récepteur est configuré pour transmettre la demande à l'initiateur sur le deuxième port du récepteur via la connexion de diffusion en continu ;

    - dans laquelle l'initiateur (120, 125) est configuré pour transmettre la demande à la ressource et pour transmettre une réponse de la ressource au récepteur (110, 115) sur le deuxième port de réception via la connexion de diffusion en continu ;

    dans lequel le récepteur (110, 115) est configuré pour envoyer la réponse à la demande au demandeur et pour faire passer les communications ultérieures entre le demandeur et la ressource par l'intermédiaire de l'initiateur et du récepteur sur le deuxième port de réception via la connexion de diffusion en continu ;
    le récepteur (110 115) configuré pour détecter une tentative d'accès non autorisé sur le second port de réception et configuré pour couper la connexion en continu sur le second port de réception en réponse à la tentative d'accès non autorisé détectée.
     
    11. Système de demande 10, configuré en outre pour, avant la première demande d'authentification :

    recevoir, au niveau du récepteur, une demande de ressource sur le réseau de la part d'un demandeur ;

    le récepteur est configuré pour déterminer l'absence de connexion en continu entre l'initiateur et le récepteur

    le récepteur est configuré pour envoyer un message d'erreur au demandeur.


     
    12. Système de revendication 11, dans lequel le récepteur est en outre configuré pour, avant la première demande d'authentification, déterminer que l'initiateur est couplé de manière communicative à la ressource, dans lequel le message d'erreur comprend une invitation lisible par l'homme à accéder à la ressource à un moment ultérieur, de préférence le récepteur est en outre configuré pour stocker une identification de la ressource avant la première demande d'authentification.
     
    13. Système de revendication 12, dans lequel la deuxième demande d'authentification comprend l'identification de la ressource.
     
    14. Système de revendication 12, configuré ultérieurement
    d'envoyer, de l'initiateur au destinataire, une identification de la ressource
    stocker dans une mémoire permanente (150, 160) du récepteur l'identification de la ressource ;
    dans lequel le récepteur est en outre configuré pour accéder à l'identification de la ressource dans la mémoire permanente (150, 160) du récepteur.
     
    15. Système selon la revendication 12, comprenant en outre un serveur d'identification de ressources couplé de manière communicative à l'initiateur (120, 125) et au récepteur, dans lequel le récepteur (115, 110) est en outre configuré pour accéder au serveur d'identification de ressources.
     




    Drawing
































    Cited references

    REFERENCES CITED IN THE DESCRIPTION



    This list of references cited by the applicant is for the reader's convenience only. It does not form part of the European patent document. Even though great care has been taken in compiling the references, errors or omissions cannot be excluded and the EPO disclaims all liability in this regard.

    Patent documents cited in the description