GB2188758A - Secure data transmission system - Google Patents
Secure data transmission system Download PDFInfo
- Publication number
- GB2188758A GB2188758A GB8608243A GB8608243A GB2188758A GB 2188758 A GB2188758 A GB 2188758A GB 8608243 A GB8608243 A GB 8608243A GB 8608243 A GB8608243 A GB 8608243A GB 2188758 A GB2188758 A GB 2188758A
- Authority
- GB
- United Kingdom
- Prior art keywords
- data
- equipment
- code
- entry
- transmission
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/606—Protecting data by securing the transmission between two devices or processes
- G06F21/608—Secure printing
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Accessory Devices And Overall Control Thereof (AREA)
Abstract
A secure data transmission system has first and second terminals (2, 5) connected by a data link (6). Data entered via the first terminal (2) can be transmitted to the second terminal (5) where there is provided for preventing unauthorised modification of the data, once its format has been decided. Thus the first terminal (5) may have a code- entry device such as a card reader (10) whereby the decided data can be transmitted with an authorisation code after entry of the correct code. The so transmitted data may be automatically labelled, e.g. at computer 1, so that the data can only be used (e.g. printed out) at the printer 8 if the label is present and correct. The authorisation code at terminal (5) may correspond uniquely to each of several users of the terminal, e.g. a signature. Transmission of unauthorised data may be prevented. <IMAGE>
Description
SPECIFICATION
Secure data transmission system
This invention relates to a secure data transmission system.
Where data is prepared and verified using one piece of equipment and is subsequently transmitted to a second piece of equipment there is the problem of ensuring in a convenient manner that the data is not tampered with, deliberately or inadvertently, after it has been initially verified and before it is finally received by the second piece of equipment.
This is the case, for example, where text is prepared on a first computer or terminal and is then transmitted to a printer. A responsible person may verify the text on the first computer or terminal, and it is desirable that this should be done since there is then the possibility of conveniently making any necessary corrections or modifications, but, with known systems, the person cannot be assured that exactly the same verified text is printed unless he controls the transmission to the printer himself or unless he checks the final printed document.In fact, the usual practice is for the responsible person to check and then sign the final printed document and, if the opportunity of checking the text on the first computer or terminal is not to be sacrificed, this means that the person has to perform two checking operations which can be inconvenient, especially in the case where the printer is at a remote location.
An object of the present invention is to provide a secure data transmission system with which it is possible to have some assurance as to the integrity of a data transmission without requiring duplication of verification.
According to one aspect of the invention therefore there is provided a secure data transmission system comprising first equipment for entering and transmitting data, second equipment for receiving and utilising data, and a data link between said first and second equipment, characterised in that the first equipment includes an input device for entry of an authorisation code and an authentication device is provided which is operable to check an entered said code and is arranged to prevent unauthorised modification of data entered via said first equipment and to permit transmission of said data from said first equipment to said second equipment via said data link after entry into said input device of a predetermined said authorisation code.
According to a second aspect of the invention there is provided a secure data transmission system comprising first equipment for entering and transmitting data, second equipment for receiving and utilising data, and a data link between said first and second equipment, characterised in that the first equipment includes an input device for entry of an authorisation code, and a checking device is provided which is operable to check the format of data entered into said data entering and transmitting equipment so as to prevent transmission of said data in authenticated form to said second equipment if there has been an unauthorised change in said data format after entry of said authorisation code.
With the invention, it will be appreciated that a responsible person can check and verify the data at the transmitting equipment and can then, after entry of an appropriate authorisation code, have some assurance that there will be no unauthorised changes in the data as received and utilised at the receiving equipment.
The system can be used to enable a person to check and verify data before it is transmitted to a printer or to a remote computer or visual display unit (vdu) terminal or any other suitable equipment for receiving and utilising data. The data may take the form of text, for example, of a letter or report or cost quotation or other document. The invention is not however restricted to use in the context of text to be displayed or printed and may also find use in the context of data to be used for any suitable purpose including any suitable transaction or control function or the like.
With regard to the transmitting equipment, this may comprise a computer or terminal or the like and may have a vdu or other display device on which the data can be checked and verified, and such display device may be disposed locally to the connection of the transmitting equipment to the transmission link or, alternatively, remote thereto. In the latter respect one possible application could involve the provision of a main part of the transmitting equipment at a fixed location, e.g. in an office, with a linked fixed or mobile terminal at a remote location e.g. at a person's home.
The arrangement may be such that data prepared in the office can be checked and verified by a person working away from the office whereby despatch of the data can then be remotely authorised by the person confident that it can then be received at its destination without any unauthorised changes.
With regard to the entry of the authorisation code, this may be effected in any suitable manner. For example, entry may be effected via a keyboard or by presentation of a coded device which is automatically machine-read by the input device, such coded device comprising a "key" or card or plug-in module or other structure which may be read magnetically, opticaliy, electrically or in any other suitable manner.
The entered code is checked by the authentication device with the first aspect of the invention and if the code is verified as being a predetermined authorisation code, the data is "locked" against unauthorised modification.
This locking may take the form of prevention of any changes in data. Alternatively the locking may involve initiation of automatic transmission of the data so that there is no opportunity for any further changes.
With the second aspect of the invention, the entered authorisation code triggers operation of the data checking device to prevent transmission in authenticated format of data which has been subjected to unauthorised modification. This prevention may take the form of a prohibition of transmission in the event that unauthorised modification is detected. Alternatively, the data may be given an authentification label if the data is transmitted correctly (i.e. if it is transmitted after entry of the authorisation code and without unauthorised modification) whereas such label is omitted or is changed if transmission is effected incorrectly. Such label may act as a functional label at the second equipment which is used to initiate utilisation of the data. Thus, the label may comprise an initiating or enabling code which must be present before the second equipment can operate correctly.Alternatively, the label may comprise a check code such as a check sum related to the authorised data which code has to be verified against the data actually transmitted before the equipment can be operated. For example, where the second equipment comprises a printer or display device, the correct label may act as an enabling command for such equipment. Alternatively or additionally the label may be arranged to produce a visual indication of authentication. For example, the correct label may act to produce a signature at the end of a printed document, such signature being omitted in the case where the correct label is absent.
Where the arrangement of the first aspect of the invention is utilised, the transmitted data may additionally be given an authentication label as described above. Moreover, the first and second aspects of the invention may be wholly combined if desired.
With regard to the authorisation code, with both aspects of the invention, there may be a single code or range of codes intended to be used by one person or by different persons.
In one embodiment where the abovementioned authentication labelling is used, different persons may have different codes and a different "correct" label may be produced in response to entry of each person's code. For example, where the authentication label comprises a signature, the corresponding persons signatures may be produced in response to entry of the respective authenticated codes.
The invention will now be described further by way of example only and with reference to the accompanying drawing which is a diagrammatic representation of one form of data transmission system according to the invention.
As shown in the drawing a document-producing word processing system has a central computer 1 linked to a work station 2 at a central location, for example, in an office. The text of the document to be produced is entered into the computer 1 via the work station 2 by means of a keyboard 3. In conventional manner the text appears on a vdu screen 4 at the work station 2 and can be corrected and modified as required using a word processing program. When the text has been fully entered to the satisfaction of the operator of the work station 2, the text can then be transferred to a remote terminal 5 to be checked by a responsible person. This terminal 5 may be located nearby in the office premises or elsewhere outside the offices and may be linked to the central computer 1 by means of a permanent cable link 6 or a radiation link or a telephone link or otherwise as desired.The arrangement may be such that the responsible person can make changes to the text either directly by means of a keyboard 7 on his terminal 5 or by instructing the operator at the work station 2 to make the changes.
When the text has been finally approved the responsible person gives appropriate authorisation and the text is transmitted from the computer 1 to a receiving device in the form of a printer 8. The printer 8 may be connected locally to the computer 1 via a cable link 9. Alternatively the printer 8 may be connected remotely e.g. by a fixed cable link, a radiation link or a telephone link.
The authorisation of the transmission of the text is effected such that the responsible person can be confident that the text received at the printer 8 is the same as that checked by him on his terminal 5. This is achieved by entry of a unique, personal code into the terminal 5.
The code may be entered in any suitable manner. For example, it may involve entering a code word or combination via the terminal keyboard 7. Alternatively, there may be a card reader 10 attached to the terminal, whereby a card with a code-carrying magnetic stripe is inserted into the reader so that the stripe is automatically read and the code transmitted via the terminal 5 to the central computer 1.
At the termainal 5 or at the central computer 1 there is an authentication device, most conveniently comprising a software routine of the computer 1, and this checks the entered code firstly to authenticate this as being a valid authorisation code and secondly to identify the person to whom the code relates.
This code, or a consequently generated code, is appended to or incorporated in the stored, authorised text as an authentication label and action is then taken to inhibit any unauthorised further modification of the text. This action may involve, for example, sealing the file in which the text is stored or deriving a check sum from the text which forms part of said authentication label and which can subse quently be compared with the text to see if there has been any change after authorisation, or initiating a monitor routine which deletes or changes the authentication label if any change after authorisation has occurred.
The authorised text is then transmitted automatically or under the control of the operator of the terminal 2 or otherwise to the printer 8. The authentication label is checked by the printer 8 and printing is initiated only if the label is identified as being acceptable (e.g. if it contains a check sum which tallies with the text or if it is of a predetermined acceptable nature). Also, the identity of the authorising person is derived from the label and the signature or name of the person may be automatically printed at an appropriate position on the document produced by the printer 8.
In this way a person can cause a letter or report to be produced and despatched in a form which he can be assured is exactly as authorised by him without requiring that he inspects directly the final document. Moreover, this can be effected in a particularly simple and convenient manner from a location remote from the central computer 1, work station 2 and printer 8, e.g. from a fixed terminal at the person's home or from a portable terminal 5 which is linked to the central computer 1 via a radiation link from a motor vehicle or via a telephone wire link from different premises or the like.
The system as described above has a single terminal 5 operated by one person. In practice, a number of people may use the same terminal 5 or there may be different terminals 5 connected to the same computer. In these cases the system will recognise the different personal authorisation codes and where signed or named documents are produced, the appropriate name will be printed on each document.
It is of course to be understood that the invention is not intended to be restricted to the details of the above embodiment which are described by way of example only. Thus, for example, instead of transmitting data to a printer, data may be transmitted to a terminal with a vdu screen, or a further computer or any other suitable device and the transmitted data may take any suitable form, not necessa rily text, used for any suitable purpose.
Claims (18)
1. A secure data transmission system comprising first equipment for entering and transmitting data, second equipment for receiving and utilising data, and a data link between said first and second equipment, characterised in that the first equipment includes an input device for entry of an authorisation code and an authentication device is provided which is operable to check an entered said code and is arranged to prevent unauthorised modification of data entered via said first equipment and to permit transmission of said data from said first equipment to said second equipment via said data link after entry into said input device of a predetermined said authorisation code.
2. A secure data transmission system comprising first equipment for entering and transmitting data, second equipment for receiving and utilising data, and a data link between said first and second equipment, characterised in that the first equipment includes an input device for entry of an authorisation code, and a checking device is provided which is operable to check the format of data entered into said data entering and transmitting equipment so as to prevent transmission of said data in authenticated form to said second equipment if there has been an unauthorised change in said data format after entry of said authorisation code.
3. A secure data transmission system according to claims 1 and claim 2.
4. A system according to anyone of claims 1 to 3 characterised in that the second equipment comprises a printer.
5. A system according to any one of claims 1 to 3 characterised in that the second equipment comprises a remote computer.
6. A system according to anyone of claims 1 to 3 characterised in that the second equipment comprises a visual display unit terminal.
7. A system according to any one of claims 1 to 6 characterised in that the first equipment comprises a computer or terminal having a display device on which the said data can be checked or verified.
8. A system according to claim 7 characterised in that the said display device is disposed remotely to the connection of the first equipment to the transmission link.
9. A system according to any one of claims 1 to 8 characterised in that said input device comprises a keyboard.
10. A system according to any one of claims 1 to 8 characterised in that said input device is adapted to automatically machineread a coded device for entry of said authorisation code.
11. A system according to claim 1 or 3 or any one of claims 4 to 10 when dependent on claim 1 or 3 characterised in that, after verification of an entered code, changes in said data are prevented.
12. A system according to claim 1 or 3 or any one of claims 4 to 10 when dependent on claims 1 or 3 characterised in that, after verification of an entered code, automatic transmission of said data is initiated.
13. A system according to claim 2 or 3 or any one of claims 4 to 12 when dependent on claims 2 or 3 characterised in that said transmission of data is prevented in the event that unauthorised modification is detected.
14. A system according to claim 2 or 3 or any one of claims 4 to 12 when dependent on claims 2 or 3 characterised in that said data is given an authentication label if transmitted after entry of the authorisation code and without unauthorised modification.
15. A system according to claim 14 characterised in that said label is used as a functional label at the second equipment which is used to initiate utilisation of the data.
16. A system according to claims 14 or 15 characterised in that said label is arranged to produce a visual indication of authentication.
17. A system according to claim 1 6 characterised in that said visual indication comprises a signature at the end of a printed document.
18. A secure data transmission system substantially as hereinbefore described with reference to and as illustrated in the accompanying drawings.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| GB8608243A GB2188758A (en) | 1986-04-04 | 1986-04-04 | Secure data transmission system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| GB8608243A GB2188758A (en) | 1986-04-04 | 1986-04-04 | Secure data transmission system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| GB8608243D0 GB8608243D0 (en) | 1986-05-08 |
| GB2188758A true GB2188758A (en) | 1987-10-07 |
Family
ID=10595670
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| GB8608243A Withdrawn GB2188758A (en) | 1986-04-04 | 1986-04-04 | Secure data transmission system |
Country Status (1)
| Country | Link |
|---|---|
| GB (1) | GB2188758A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO1998007254A1 (en) * | 1996-08-09 | 1998-02-19 | University Court Of The University Of Paisley | Device and method for safeguarding data transferred between machines operating within a network |
| GB2377042A (en) * | 2001-06-26 | 2002-12-31 | Nokia Corp | Identification of a data entity |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| GB2061578A (en) * | 1979-05-30 | 1981-05-13 | Stockburger H | Data transmission system |
| EP0152900A2 (en) * | 1984-02-16 | 1985-08-28 | Secure Computing Technology Corporation | Data processing system having protected system files |
| EP0169913A1 (en) * | 1984-01-30 | 1986-02-05 | Fanuc Ltd. | Method of altering program protecting range |
| GB2168831A (en) * | 1984-11-13 | 1986-06-25 | Steebek Systems Ltd | Password-protected data link |
-
1986
- 1986-04-04 GB GB8608243A patent/GB2188758A/en not_active Withdrawn
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| GB2061578A (en) * | 1979-05-30 | 1981-05-13 | Stockburger H | Data transmission system |
| EP0169913A1 (en) * | 1984-01-30 | 1986-02-05 | Fanuc Ltd. | Method of altering program protecting range |
| EP0152900A2 (en) * | 1984-02-16 | 1985-08-28 | Secure Computing Technology Corporation | Data processing system having protected system files |
| GB2168831A (en) * | 1984-11-13 | 1986-06-25 | Steebek Systems Ltd | Password-protected data link |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO1998007254A1 (en) * | 1996-08-09 | 1998-02-19 | University Court Of The University Of Paisley | Device and method for safeguarding data transferred between machines operating within a network |
| GB2377042A (en) * | 2001-06-26 | 2002-12-31 | Nokia Corp | Identification of a data entity |
Also Published As
| Publication number | Publication date |
|---|---|
| GB8608243D0 (en) | 1986-05-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US12288434B2 (en) | Systems and methods for controlling access to physical space | |
| CA1266326A (en) | Ic card system | |
| US6307640B1 (en) | Computer-based network printing system and method | |
| EP1102205A1 (en) | Signature system for presenting user signature information | |
| US5608387A (en) | Personal identification devices and access control systems | |
| US7273169B2 (en) | Secure photo carrying identification device, as well as means and method for authenticating such an identification device | |
| US4742351A (en) | IC card system | |
| EP0676877A2 (en) | Method and apparatus for authentication and verification of printed documents using digital signatures and authentication codes | |
| JP2002516445A (en) | How to authenticate an IC card user's personal code | |
| EP0923018A2 (en) | Personal authentication system | |
| CN100477579C (en) | Method for registering and enabling PKI functionality | |
| US20100170942A1 (en) | Method and system for increasing security in the creation of electronic signatures by means of a chip card | |
| US7360247B2 (en) | Method for protection against fraudulent modification of data sent to a secure electronic medium | |
| US12470394B2 (en) | Electronic approval system, electronic approval server, and computer-readable storage medium | |
| EP1349122B1 (en) | Method and system for user authentication in a digital communication system | |
| GB2188758A (en) | Secure data transmission system | |
| US20010039618A1 (en) | User authentication method, network system used for same and storage medium storing control program of same | |
| JP4994290B2 (en) | Supervisory control terminal device | |
| KR102693677B1 (en) | User certification system of unmanned store and method thereof | |
| JP2943853B2 (en) | User authentication system using graphic image input | |
| CN116074833A (en) | Method and device for judging short message verification code | |
| US20230082618A1 (en) | Utilization management device, utilization management method, and program | |
| JPH0762939A (en) | Electronic key with owner confirmation function | |
| GB2316790A (en) | Identity verification | |
| KR100257393B1 (en) | Apparatus and method for verifying internal data of cable television converter |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| WAP | Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1) |