Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Reexamination Certificate
1998-03-31
2001-03-06
Beausoliel, Jr., Robert W. (Department: 2785)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
C705S064000
Reexamination Certificate
active
06199165
ABSTRACT:
BACKGROUND OF THE INVENTION
The invention relates to communication of data between data processing systems in which secure data is transmitted between the systems via a secure channel. The term “secure data” means data which is confidential so that the user wishes to ensure that it has the maximum protection from unauthorised access.
It is quite commonplace for secure data such as credit card numbers to be transmitted via telephone voice channel, via fax transmissions, or using DTMF tones with a telephone. In a limited way, such communication can be quite effective. For example, there is growing use of DTMF interaction for automatic 24-hour on-line banking. This type of communication is regarded as being quite secure.
However, such communication is quite limited and cannot provide the range of services and flexibility which can be provided by systems such as PCs connected to a host system. An example is a connection to an Internet service provider.
It is also known to transmit secure data in a broadcasting system, as described in GB 2154108 (Communications Patents Limited). An arrangement is described in this specification whereby a subscriber selects a secure channel dedicated to the transmission of encrypted data and his or her terminal is temporarily connected to the secure channel. The channel is used for communication of encryption keys. The system includes a channel selector, a secure channel signal generator, and a secure channel selection detector at the head end. The user end includes a receiver, a channel selector controller, a decryptor, an algorithm store, and an encryptor. This system involves much signalling to establish communication and requires special hardware. Further, it does not appear that it would provide the necessary versatility which is required for general communication in which a large portion of the data to be communicated is not necessarily secure data.
SUMMARY OF THE INVENTION
The invention provides a data communication method carried out by mutually remote data processing systems, the method comprising the step of a system transmitting secure data to the other system via a secure channel, wherein in that the method comprises the further steps of:
system identifying category of data as being either secure or general,
said system transmitting the general data via a general channel which is at least partly physically separate from the secure channel, and
the receiving system receiving both the secure and general data via the secure and general channels and merging it.
Thus, the invention provides a large degree of flexibility because the a system handles both secure data and general data and can simultaneously transmit both types. This also allows a fast response as there are no serial communication delays. The invention thus, for example, allows a PC to communicate with a remote system such as a service provider using an Internet access program to achieve the comprehensive and flexible services which can be provided in this manner, while also ensuring that secure data is transmitted via a secure path. The roles of the receiving and translating systems may be reversed at any time including during a single communications session. This allows bi-directional secure data communication.
In one embodiment, the transmitting system comprises means for automatically identifying data category.
In one embodiment, the transmitting system automatically recognises the category of the data according to programs initially received from the receiving system.
Preferably, the secure channel is a signalling channel associated at the terminating points with the general channel.
In one embodiment, the secure channel has a lower bandwidth than the general channel.
In another embodiment, the method comprises the further step of the receiving system transmitting a secure channel address to the transmitting system, for example, via the general channel.
In one embodiment, both the secure and general data are received by an exchange connected to the transmitting system and the exchange routes secure data via a telecommunications link to the receiving system.
In one embodiment, the exchange routes the secure data to the receiving system via a management function.
In one embodiment, the exchange routes the secure data to the management function via a leased line.
In another embodiment, the management function routes the secure data to a system via a leased line.
Preferably, the management function comprises a matrix correlating remote data processing system addresses used by said systems with addresses for a protocol between the exchange and said systems.
In one embodiment, the secure channel comprises the D-channel of an ISDN connection, and the general channel comprises the B-channel of the ISDN connection.
According to another aspect the invention provides a data communication method carried out by a user system and a remote host system, the method comprising the step of the user system transmitting secure data to the remote system via a secure channel wherein the secure channel includes the D-channel of an ISDN connection, the user system identifies category of data as being either secure or general, the user system transmits the general data via an ISDN B-channel, a digital exchange connected to the user system routes the general data via a non-secure path to the host system and routes the secure data via a physically separate telecommunications link to the host system, and the host system receives both the secure and general data and merges it.
In one embodiment, a digital exchange routes the secure data via a management function to the host system.
In one embodiment, the management function comprises an addressing matrix to allow communication with a large number of host systems requested by the user system.
The invention also provides a data processing system comprising means for transmitting secure data to a remote data processing systems via a secure channel, characterised in that a data processing system further comprises means for identifying category of data as being either secure or general, and transmitting the general data via a general channel which is at least partly physically separate from the secure channel.
REFERENCES:
patent: 4802220 (1989-01-01), Marker, Jr.
patent: 5574870 (1996-11-01), Dziennus et al.
patent: 5579394 (1996-11-01), Waldron, Jr. et al.
patent: 5703943 (1997-12-01), Otto
patent: 5826245 (1998-10-01), Sandberg-Diment
patent: 5862220 (1999-01-01), Perlman
patent: 6012144 (2000-01-01), Pickett
patent: 0 511 497 (1993-11-01), None
patent: 0 603 596 (1994-06-01), None
patent: 2 154 108 (1985-08-01), None
Baderman Scott T.
Beausoliel, Jr. Robert W.
Burns Doane Swecker & Mathis L.L.P.
Telefonaktiebolaget LM Ericsson (publ)
LandOfFree
Method and apparatus for secure data communication does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and apparatus for secure data communication, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and apparatus for secure data communication will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2467636