Importance

Loading Importance Indicators...

Abstract

The presented inventions concern communication systems with services. The services provided by the presented systems are invisible to port scans, allowing security critical data to be stored on units without any permanently open connection endpoints. Existing network systems according to the client/server-principle require the permanent provision of open connection endpoints to be accessible on a 24h base. The large number of services implies a large number of open connection endpoints, where each open connection endpoint presents a potential point-of-attack for malicious clients. The object of the present invention is to securely provide services in communication systems. The present invention overcomes the prior art by triggerable invisible services, which during normal operation do not provide any permanently open connection endpoint. Connection endpoints are only opened after prior client authentication and authorization validated by an independent logon sub-system. Connection endpoints can be opened for previously authenticated and authorized clients either on the service side during a predefined short time interval or on the client side. If opened on the client side, the invisible service is triggered to initiate the connection build-up to the open connection endpoint on the client side. Services opening temporary connection endpoints are for port scan during normal operation invisible. Services connecting to connection endpoints opened on the client side, at no time provide any open connection endpoints and are therefore for port scan absolutely invisible. In networks on the base of TCP/IP the id of an opened connection endpoint (port) may be selected pseudo or absolutely randomly. In addition, it is possible to dynamically select the service unit out of a set of multiple service units in dependence of the actual system load distribution 'load balancing', connection quality, geographical, topological or other criteria. After the establishment of a connection between an invisible service and a client, both partners may authenticate each other using random access data (tickets).

Loading the Abstract Image...

First Claim