WO2003088573A2

WO2003088573A2 - Method for establishment and running secure access in a client/server type network

Info

Publication number: WO2003088573A2
Application number: PCT/FR2003/001146
Authority: WO
Inventors: Michel Gouget
Original assignee: Michel Gouget
Priority date: 2002-04-12
Filing date: 2003-04-10
Publication date: 2003-10-23
Also published as: AU2003246817A1; AU2003246817A8; FR2838593A1; WO2003088573A3

Abstract

The invention relates to a connection between a client and a server (10), using Internet protocol, logically established at the request of the server (10). The method prevents the operator accepting incoming connections and is particularly useful for telemaintenance, remote transfer and remote operation of distant sites.

Description

METHOD FOR ESTABLISHING AND CONDUCTING A COMPUTER LINK

It is common to have multiple IT facilities (hereinafter called "client sites") physically dispersed, which may be of various types and natures and belong to different administrative entities, and which must be accessed from one or a few central IT sites. This occurs in particular during the installation or updating of software, file transfer, correction of malfunctions, and more generally during all administration operations, maintenance, operation, remote control, or others on customer sites. An operation of this type is hereinafter called remote intervention. Usually IT competence is weak on client sites, at least in the field concerned by the intervention, and intervening remotely in particular makes it possible to pool the rare and expensive IT competence of qualified operators, reduce costs and / or provide a best service.

This situation is encountered in particular in the case of IT services companies and IT vendors who have to provide support and assistance to an installed base. Access to the customer site must be secure, in particular to avoid intrusions, provide a data rate adapted to the operations to be carried out, in particular to provide good comfort of use, be reliable and available (intervention possible at any time, character ), do not require the intervention of staff from client sites, be easy to install and implement, including in heterogeneous IT environments, and be economical, particularly when implementation and operation, especially in the case of long interventions or on geographically distant sites.

There is currently no access method fully satisfying these constraints. For example, a private corporate network cannot be used for multiple businesses; private virtual networks offered by telecommunication companies. are expensive; leaving a machine at each client site with open incoming access from the Internet is very dangerous without excellent local IT skills to protect it and avoid intrusion, etc.

In practice, the majority of remote control systems use the standard telephone network, with modems, and sometimes encryption, passwords and / or automatic call back. This solution has many disadvantages, in particular a limited and non-adaptable data throughput, an unreliable link both during establishment and in duration, significant establishment time, random security and significant cost. The method which is the subject of the invention makes it possible to carry out such accesses without the drawbacks indicated. Tl allows client sites to be connected to the Internet in a reasonably secure manner while allowing central sites to access them. For this, the client site has at least one machine (the client) with at least outgoing access (direct or via firewall, etc.) and the central site has a machine (the server) with access at least entering the Internet or a network or environment using the TCP / TP protocol An object executing a sequence of instructions on a machine is called the execution unit; depending on the environment, this corresponds to a process, a task, a thread, a daemon, etc. At the initiative of the client (at startup for example), a client thread establishes a connection according to Internet protocols to a thread located on the server, creates a two-way communication channel (called by the suite socket) between the two, and sends a data stream simulating a question. The two execution units can be physically on the same site or the same machine. Thus, seen from the network and security systems of the customer site, we are dealing with a usual outgoing communication. As long as the central site does not want to connect, the server does not respond, or can also periodically send back filling data to keep the socket open. If, for some reason, for example due to too long a period of inactivity, the socket closes, the client can recreate a new one in the same way; in this case, on receipt of this incoming call from the same client, the server can close the old one, and consider the new one to be the active socket. When the central site wishes to connect, the server responds by sending the desired request to the active socket, dressing it so that it becomes, seen from the outside, the payload of the response to the request from the client site. The client answers this question with a response dressed to be the payload of a question within the meaning of the protocol used. The rest of the dialogue is carried out either by means of said socket which remains open, or thanks to new sockets created in a similar manner by the client, or by a mixture of these methods. Depending on the embodiments and the protocols used, certain questions, both real and within the meaning of the protocol used, may contain no or more answers, and certain questions and answers within the meaning of the protocol used may not be used and may only be used for filling in example.

This creates a connection created physically on the initiative of the customer site, but logically on the initiative of the central site, in which questions in the sense of the protocol used are sent by the customer, at least some of which include in their payload responses to questions housed in the response payload within the meaning of the protocol used issued by the server.

The first question within the meaning of the protocol used sent by the client may include in its payload information on the state of the client execution unit and its environment. Furthermore, the client can initialize as many connections as necessary at judiciously chosen times (for example and without limitation during the first reception of data from the server) so that there is always a connection available. Doing so allows the customer site to prohibit (via a firewall for example) any incoming connection without impacting the operation of the process, which is a very important security advantage because it eliminates the vast majority of intrusion possibilities . This also avoids all the constraints of addressing, routing and resolution of names linked to the creation of an incoming connection.

The central site accepts incoming communications, but this does not pose any crucial security problems because, in general, the central site has computer skills to make a correct configuration, and moreover, it is much easier to secure a single site than 'many. This process is very economical because, unlike the telephone for example, connections

TCP / IP are usually not priced for duration, volume, distance, or the number of active links, but according to the available bandwidth of the link. When no remote control operation is in progress, all of this bandwidth is available for other uses (typically e-mail and access to the world wide web); in case of activity, the bandwidth is easily shared without any particular operation to be carried out. In addition, very frequently, a permanent Internet link already exists on the customer site, and can be used by the remote control system, thus eliminating any additional telecom investments and expenses linked to remote control. This process provides much better user comfort than the telephone, because, unlike the latter, Internet connections are generally permanent, and moreover available in multiple speed classes, thus allowing flexible and easy adjustment to requirements. In addition, these types of links are identical worldwide without specific variants or local licenses, unlike telephone or ISDN networks. It is possible to use any protocol on the socket, therefore in particular standard protocols such as for example HTTP, HTTPS or SOAP. Doing so allows the customer in particular through the use of syntaxes, protocols and / or judicious addresses to generate links similar to those usually made by the customer site, and therefore difficult to discern from them, at least by the devices local security. For example, it is possible to simulate the behavior of an ordinary user connected to the Internet via his workstation, a type of connection almost always authorized by the protection devices (firewalls for example) and the computer network of the customer site. . Thus, no modification of said devices is necessary during installation on the customer site.

Likewise, connections can be authenticated and encrypted, for example through the use of protocols and algorithms with public or private key, and / or certificates, and / or third-party certifiers, and / or digital signatures. The connections can also encapsulate any other protocol, thus allowing in particular in the payload the multiplexing (case of the PPP protocol for example) of several incoming and or outgoing information flows, and or the creation of gateways between programs, and / or the transmission of information of any kind (for example audio or video) between sites. Similarly, the client and / or server execution units can play the role of dispatchers by routing and / or multiplexing / demultiplexing the requests and / or data received to and / or from an operator and / or any devices (for example not ineffective: cameras, microphones, sensors, actuators, sound / image / video acquisition / playback systems ...) and / or other processing units and / or other systems, and returning the responses to these. The link may also not be permanent. In this case, the customer is free to establish the connection, for example according to time slots or the occurrence of any type of event (alarms, malfunctions ...), or request from an operator of the customer site. It is possible to redundant the connections and / or execution units, on the client and / or server side, in order to guard against possible malfunctions and improve the availability of the assembly. In this case, according to a preferred embodiment of the invention, the assembly is judiciously arranged so that in the event of a faulty unit and / or connection, another unit and / or another connection takes over. , in order to maintain and / or restore the connection.

A nonlimiting example of implementation of the invention is shown in Figure 1). The client site includes the client machine (1) connected to the Internet (11) via a router and a firewall (not shown) preventing any incoming connection, on which runs a daemon (2) activated when the machine starts, supporting the protocols SOAP and HTTP. The operator (9) accesses the central site via standard navigation software (WEB browser) using the HTTP and HTML protocols, via the Internet (11). The central site consists of a server (10) operating under multitasking operating system connected to the Internet.

(11) via a router and a firewall not shown. On this server operates a standard WEB server (4), the set being configured so that a process (5) is executed upon receipt of a SOAP request received on the URL (3) sent by the daemon (2) and that the process (7) is executed on reception of an HTML request received on the URL (8) sent by the operator (9), using a CGI interface for example. A daemon (6) is activated on (10) at startup, to which processes (5) and (7) can be connected by a mechanism based on sockets for example. The steps of the exchanges and actions of the different components are as follows: • Step 1): At startup, (2) sends an empty SOAP request (X) to the URL (3) managed by the WEB server (4), which active (5) which connects to (6) via a socket, transmits the request and waits for a response on it. The result of this action is that (6) notes in its internal tables the coordinates of (2) • Step 2): Some time after (9) sends an actual HTML request (Y) to the URL (8) managed by (4), which activates (7) which connects to (6) via a socket, transmits the request and waits for a response on it.

• Step 3): (6) code and format this HTML request so that it is syntactically seen as the response to the SOAP request (X), and returns the result to (5), which transmits it to the WEB server ( 4) which itself forwards it to (2).

• Step 4): (2) receives this pseudo SOAP response, which is actually the question contained in the HTML request (Y), calculates the answer to this question, codes it and formats it so that it is syntactically seen as a SOAP request (Z), and returns this result on the URL (3) managed by (4), which activates (5) which transmits it to (6). (2) is then in the same state as at the end of step 1).

• Step 5): (6) decodes and formats this pseudo request in order to make an HTML response which is transmitted to (4) which returns it to the operator (9) as a response to the HTML request (Y) . Steps 2) to 5) can be repeated indefinitely. Processes (4), (5), (6), and (7) can be implemented separately or not depending on the IT environments. Regarding steps 1) to 5): Seen from the operator, (9) sent an HTML question to (1), and received shortly after an HTML response. Seen from the WEB server, (1) sent a SOAP request to (10), received a SOAP response shortly after, and then returned another SOAP request which is awaiting response. Seen from the Internet, (1) received no incoming calls or requests and made two. The object of the invention is therefore realized, that is to say a communication physically on the initiative of the client, but logically on the initiative of the server.

This process can be used in particular in software, solutions and systems for remote maintenance, remote operation, file transfer, remote administration, remote monitoring, television broadcasting or remote collection of files, software or other, remote updating of sites, applications or other, consolidation of information and / or data.

Claims

1) Method for setting up and running a computer link according to Internet protocols between a client execution unit located on a client site and a server execution unit located on a server site, said units being able to be physically on the same site and / or the same machine, characterized in that the client unit establishes the connection to the server unit, that the client unit sends in the sense of the protocol used questions and receives in the sense of the protocol used zero or more answers to each question, and that the payload of at least some answers is actually a question of the server unit, and the payload of at least some questions is actually an answer of a question of the server unit , the first question within the meaning of the protocol used sent by the client unit serving as a filling to respect the protocol used.

2) Method according to the preceding claim, characterized in that it is used in software, solutions and systems for remote maintenance, remote operation, file transfer, remote administration, remote monitoring, television broadcasting or remote collection of files, software or other, remote updating of sites, applications or other, consolidation of information and / or data.

3) Method according to any one of the preceding claims, characterized in that the useful chaige of the first question within the meaning of the protocol used issued by the client unit actually contains at least partially information on the state of the unit execution and its environment. 4) Method according to any one of the preceding claims, characterized in that the client unit initializes several connections at judiciously chosen times so that there is always at least one available.

5) Method according to any one of the preceding claims, characterized in that the protocols and / or the syntax and / or the addresses used make the connection similar to the other connections usually carried out on the client site and / or difficult to discern from them.

6) Method according to any one of the preceding claims, characterized in that all or part of the incoming and / or outgoing data is encrypted and / or authenticated and / or digitally signed.

7) Method according to any one of the preceding claims, characterized in that the payloads of the questions and / or answers within the meaning of the protocol used are organized so as to multiplex several incoming and / or outgoing information flows.

8) Method according to any one of the preceding claims, characterized in that the server processing unit and or the client processing unit performs routing and or or multiplexing / demultiplexing of data from and / or to devices and / or systems and / or processing units and / or human operators. ) Method according to any one of the preceding claims, characterized in that there are additional processing units on the client site and / or the server site, and / or that there are several possibilities of connection between said units, and that the assembly is arranged so that in the event of a faulty unit and / or connection, another unit and / or another connection takes over in order to maintain and or restore the connection.