Electrical computers and digital processing systems: multicomput – Computer-to-computer session/connection establishing – Network resources access controlling
Reexamination Certificate
2000-04-13
2004-06-15
Najjar, Saleh (Department: 2157)
Electrical computers and digital processing systems: multicomput
Computer-to-computer session/connection establishing
Network resources access controlling
C709S225000, C709S227000, C709S230000
Reexamination Certificate
active
06751671
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates to a method of communication procedure between a user station and a data transmission network, using an Internet-type protocol.
The inventive procedure pertains in particular to a user station equipped with a “smart” card reader and connected to the aforementioned network.
This invention also relates to the system architecture for implementation of the method.
2. Definitions
Within the scope of this invention, the common meaning of the term “user station” is upheld. The aforementioned station may, in particular, consist of a personal computer using various operating systems such as for example, the WINDOWS or UNIX type (both copyrighted). It may also consist of a dedicated worksation, a portable computer or a card terminal.
Similarly, within the scope of this invention, the term “Internet” encompasses, in addition to the Internet itself, all private business networks or other networks, termed “intra-nets”, as well as network extensions, termed “extra-nets”.
In the following, without limitation to any kind of applications, the scope will refer to a preferred application of the invention, except when otherwise specified. Thus, a user station, termed simply “Terminal” is equipped with a smart card reader and connected to an Internet-type network, is considered.
An application system, based on a smart card, in general consists of the following main components:
a smart card;
a host system consisting of the aforementioned Terminal;
a communication network, and specifically the Internet, for the preferred application;
an application server connected to the network.
DESCRIPTION OF RELATED ACT
FIG. 1
illustrates an example of this type of system architecture. Terminal (
1
), for example, a personal computer, comprises a smart card (
2
) reader (
3
). The reader (
3
) may or may not be physically integrated to terminal (
1
). The smart card (
2
) comprises an integrated circuit (
20
), the input-output connections of which show through the surface of the case to allow for electrical power supply and communication with the terminal (
1
). The latter comprises access circuits to a data transmission network (RI). These circuits depend, in particular, on the specificity of network (RI) and terminal (
1
). On an exemplification basis, it could consist of a network card for local area type networks, or a modem for connection to a dial-up telephone line, or an integrated services digital network (ISDN), for connection to the Internet, for example, via an Internet Service Provider (ISP).
Terminal (
1
) obviously comprises all the circuits and components required for proper operation, which are omitted for purposes of simplification in the figure. These circuits and components include central unit, read-write and fixed storage memory, magnetic disc memory, disc and/or CD ROM driver, etc.
Additionally, it is also customary for Terminal (
1
) to be linked to traditional peripherals, integrated or not, such as a monitor (
5
) and a keyboard (
6
).
Communication may be established between Terminal (
1
) and servers connected to the network (RI), one of which (
4
) is illustrated in FIG.
1
. For the case of the preferred application of this invention, access circuits (
11
) establish communication between terminal (
1
) and the servers (
4
) using a particular software (
11
), termed navigator or “browser”. The latter allows for access to different applications distributed across network (RI) and, in general, according to a “client-server” mode.
Usually, network communication occurs according to protocols consistent with specific standards and comprising several superimposed layers of software. For the case of network (RI) of the internet type, communication occurs according to specific protocols compatible with this type of communication, which will be subsequently described in detail, although they also consist of several software layers. A communication protocol is selected depending on the specific application that is targeted: for example querying of “WEB” pages, file transfer, electronic mail (e-mail), forums, “news” etc.
In an application system that is smart card based, as illustrated by the architecture of
FIG. 1
, the smart card may be ascribed several functions. In particular, it is used for security purposes: confidentiality and/or authentication of the terminal (
1
) user.
However, it should be noted that card (
3
) cannot communicate with commercially available navigators unless the latter's code is modified. Current smart cards, which are otherwise consistent with specific standards, contain both software and physical configurations, which also do not allow for direct communication with the Internet. In particular, they cannot receive or transmit data bundles, according to protocols used by this kind of network. Thus, there are provisions for inclusion of an additional piece of software installed in terminal (
1
), in general, referred to as a “plug-in”, according to Anglo-Saxon terminology. This piece of software, referred to in
FIG. 1
as (
12
), functions as an interface between navigator (
10
) and card (
2
) and, in particular, the electronic circuits (
20
) of card (
1
) therein.
Card (
2
) supplies data for navigator (
10
), in particular security data: for example, data that allows identification or authentication, or even data access authorization for any one of the remote servers (
4
), and/or applications located on the servers.
This procedure affords a greater level of security than usage alone of security software layers, and supplied recently by some navigators. Smart card (
2
) remains the property of the user and under the user's control. In particular, all security data stays in the smart card (
2
) memory and is only transmitted to the terminal (
1
) in numerical format. However, this security chain does present a weak “link”. That is, navigator (
10
) is in communication with the outside world. Thus, in reality, communication is indirect, as it occurs, in particular, via access circuits (
11
) and via different software layers, which will be described subsequently in greater detail. However, the terminal (
1
), which is usually used for this type of application, does not include any specific means, whether physical or software, that can afford a high level of security and isolate it from the outside world. Thus, it remains vulnerable to different attacks from network (RI): “viruses”, “Trojan horses”, “logic bombs” etc., even despite the presence of card reader (
3
) and smart card (
2
), peripheral to Terminal (
1
).
Finally, smart card (
2
) may be used for applications other than for security. It is important to note that, given the state of the art, the host system linked to the smart card reader (
3
), that is terminal (
1
), is also linked to a particular kind of application. In other words, provisions are required for dedicated task specific terminals for each particular application.
Further, there are currently numerous needs for applications based on smart cards, needs that are either imperfectly or completely unsatisfied by the present state of the art, whose main characteristics have been outlined above. Otherwise, there are also certain needs and requirements that are contradictory to these characteristics.
The following list of needs is non-exhaustive:
personal mobility: users need to be able to access communication services anywhere in the world, either using their own equipment or using equipment that is compatible with their smart cards, and thus with a degree of specified communication security;
standard environment: wherever users are, they need to be able to find access to their own work environment, with the benefit of communication security as mentioned above, in other words, the process of changing equipment needs to be “transparent” for users;
terminal mobility: the terminal itself needs to be portable and connectable to any segment of the network, with users benefiting from all possibilities (authorized access, etc.) regularly available at their o
Bull CP8
Kondracki Edward J.
Miles & Stockbridge P.C.
Najjar Saleh
LandOfFree
Method of communication between a user station and a... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method of communication between a user station and a..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method of communication between a user station and a... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3315754