(51) Int Cl. 7 : G06F 11/22



Similar documents
(51) Int Cl.: H04L 29/06 ( ) G06F 9/445 ( ) G06F 13/00 ( )

*EP B1* EP B1 (19) (11) EP B1 (12) EUROPEAN PATENT SPECIFICATION

(51) Int Cl.: H04W 4/14 ( )

(51) Int Cl.: G06F 21/00 ( ) H04L 29/06 ( )

(51) Int Cl.: G06F 13/38 ( ) G06F 1/16 ( )

TEPZZ_768 7_B_T EP B1 (19) (11) EP B1 (12) EUROPEAN PATENT SPECIFICATION. (51) Int Cl.: H04M 19/04 ( )

(51) Int Cl.: G05F 3/26 ( ) G05F 3/24 ( )

(51) Int Cl. 7 : G03G 15/00

TEPZZ 5Z _9_B_T EP B1 (19) (11) EP B1 (12) EUROPEAN PATENT SPECIFICATION

(51) Int Cl.: H04L 12/58 ( )

(51) Int Cl.: H04M 3/50 ( )

(51) Int Cl.: H04L 12/26 ( )

(51) Int Cl.: C08K 5/523 ( ) C08K 5/521 ( ) C08K 5/52 ( ) C08G 64/00 ( )

(51) Int Cl.: G06F 12/14 ( ) G06F 17/00 ( ) H04M 1/66 ( ) G06F 1/00 ( )

(51) Int Cl.: H04L 29/06 ( ) H04Q 7/24 ( ) H04L 12/66 ( )

(51) Int Cl.: G08G 1/14 ( ) G07B 15/02 ( ) G10L 15/28 ( )

(51) Int Cl.: H04L 9/08 ( )

(51) Int Cl.: H04W 8/16 ( ) H04L 29/12 ( ) H04W 8/18 ( )

Europaisches Patentamt European Patent Office Office europeen des brevets (11) EP B2

(51) Int Cl. 7 : H04B 7/185, H04B 1/40. (56) References cited: WO-A-00/03494

(51) Int Cl.: H04B 3/23 ( )

EUROPEAN PATENT SPECIFICATION. (51) intci.e: H04L9/06, H04L9/08. (56) References cited: DE-A US-A

(51) Int Cl.: H04L 12/24 ( )

(51) Int Cl.: B29C 41/20 ( ) F21S 4/00 ( ) H05K 3/28 ( )

(51) Int Cl.: H04N 7/16 ( )

(51) Int Cl.: G06F 17/00 ( ) G06F 11/20 ( )

The Advantialer and Its Advantages

EP B1 (19) (11) EP B1 (12) EUROPEAN PATENT SPECIFICATION

(51) Int Cl.: H04M 3/42 ( ) H04Q 3/00 ( )

(51) Int Cl.: G06F 1/00 ( )

(51) Int Cl.: H04L 12/56 ( ) H04L 12/28 ( ) H04M 7/00 ( )

(51) Int Cl.: H04L 12/24 ( )

(51) Int Cl.: G08B 21/02 ( ) H04M 11/04 ( )

(51) Int Cl.: H04L 29/06 ( ) (56) References cited:

(51) Int Cl.: G10L 15/26 ( )

EP B1 (19) (11) EP B1 (12) EUROPEAN PATENT SPECIFICATION

TEPZZ_9 6Z46B_T EP B1 (19) (11) EP B1 (12) EUROPEAN PATENT SPECIFICATION. (51) Int Cl.:

(51) Int Cl.: H04L 29/08 ( ) H04L 29/06 ( )

(51) Int Cl.: H04L 9/00 ( ) H04K 1/00 ( ) G06F 1/04 ( ) G06F 1/06 ( ) G06F 1/08 ( ) G07F 7/10 (2006.

(51) Int Cl. 7 : F16K 11/044, F16K 11/04

(51) Int Cl.: H04L 29/06 ( ) H04L 12/22 ( )

(51) Int Cl.: H04L 12/24 ( ) G06F 9/445 ( )

(51) Int Cl.: G06F 21/24 ( )

(51) Int Cl.: H04Q 11/04 ( ) H04L 12/64 ( )

(51) Int Cl.: H04Q 7/22 ( ) (56) References cited:

(51) Int Cl.: H05K 1/02 ( )

(51) Int Cl.: G06F 17/30 ( )

(51) Int Cl.: G06Q 10/00 ( )

(51) Int Cl.: H04L 29/02 ( ) H04L 12/801 ( )

(51) Int Cl.: G06F 17/30 ( )

(51) Int Cl.: H04L 12/56 ( )

(51) Int Cl.: H04L 29/06 ( ) H04M 15/00 ( )

(51) Int Cl.: H04L 9/32 ( ) H04B 7/00 ( ) A61N 1/37 ( )

(51) Int Cl.: H04L 29/06 ( ) H04M 3/56 ( ) H04M 3/44 ( ) H04L 12/18 ( )

. Publication number: B1

(51) Int Cl.: G06F 9/455 ( ) G06F 9/50 ( )

TEPZZ 48 56B_T EP B1 (19) (11) EP B1 (12) EUROPEAN PATENT SPECIFICATION

TEPZZ_57 7_9B_T EP B1 (19) (11) EP B1 (12) EUROPEAN PATENT SPECIFICATION

(51) Int Cl.: H04L 12/10 ( ) H04L 12/40 ( )

(51) Int Cl.: H04N 5/225 ( )

(51) Int Cl.: H04L 9/24 ( ) G06Q 10/00 ( )

(51) Int Cl.: G04B 19/08 ( )

TEPZZ Z9Z75 B_T EP B1 (19) (11) EP B1 (12) EUROPEAN PATENT SPECIFICATION

(51) Int Cl.: H04L 12/46 ( )

(51) Int Cl.: G06F 9/00 ( ) G06F 9/46 ( ) G06F 15/16 ( )

(51) Int Cl.: G10L 19/00 ( ) H04L 1/20 ( )

(51) Int Cl.: B43M 3/04 ( )

(51) Int Cl.: H04L 12/56 ( ) H04L 12/24 ( ) H04L 29/06 ( ) H04L 29/08 ( )

(51) Int Cl.: H04L 29/12 ( ) H04L 29/06 ( ) H04M 7/00 ( )

(51) Int Cl.: H04L 9/32 ( )

(51) Int Cl.: B65D 1/26 ( ) B31B 43/00 ( ) B65D 1/34 ( ) B21D 22/20 ( ) B21D 51/18 ( )

(51) Int Cl.: H01M 8/04 ( )

TEPZZ 87_546A T EP A2 (19) (11) EP A2 (12) EUROPEAN PATENT APPLICATION. (51) Int Cl.: G05B 19/05 ( )

(51) Int Cl.: B65H 9/16 ( ) B65H 5/02 ( )

(51) Int Cl.: G06F 9/46 ( ) H04L 12/56 ( )

(51) Int Cl.: H04L 29/06 ( ) H04L 29/12 ( )

EP B1 (19) (11) EP B1 (12) EUROPEAN PATENT SPECIFICATION

(51) Int Cl.: H04L 12/58 ( ) H04L 29/06 ( )

Transcription:

(19) Europäisches Patentamt European Patent Office Office européen des brevets *EP00084463B1* (11) EP 0 844 63 B1 (12) EUROPEAN PATENT SPECIFICATION (4) Date of publication and mention of the grant of the patent: 29.01.03 Bulletin 03/0 (1) Int Cl. 7 : G06F 11/22 (21) Application number: 97939.4 (22) Date of filing: 19.11.1997 (4) Combined remote access and security system Kombiniertes Fernzugriffs- und Sicherheitssystem Système de sécurité à accès à distance (84) Designated Contracting States: AT BE CH DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE () Priority: 19.11.1996 US 72249 (43) Date of publication of application: 27.0.1998 Bulletin 1998/22 (73) Proprietor: Johnson, R. Brent Tulsa, Oklahoma 74116 (US) (72) Inventor: Johnson, R. Brent Tulsa, Oklahoma 74116 (US) (74) Representative: Wombwell, Francis Potts, Kerr & Co. 1, Hamilton Square Birkenhead Merseyside CH41 6BR (GB) (6) References cited: EP-A- 0 474 08 US-A- 237 677 EP 0 844 63 B1 Note: Within nine months from the publication of the mention of the grant of the European patent, any person may give notice to the European Patent Office of opposition to the European patent granted. Notice of opposition shall be filed in a written reasoned statement. It shall not be deemed to have been filed until the opposition fee has been paid. (Art. 99(1) European Patent Convention). Printed by Jouve, 7001 PARIS (FR)

1 EP 0 844 63 B1 2 Description BACKGROUND OF THE INVENTION 1. Field of the Invention. [0001] The present invention relates to a system that will provide remote access to allow servicing of a mainframe computer site while at the same time providing for security and integrity of the mainframe computer installation. In particular, the present invention is directed to a system wherein service and maintenance of the mainframe computer system is controlled and monitored from a remote location and service on the mainframe computer system may be performed by a field engineer at a further remote location. 2. Prior Art. 1 2 3 4 0 [0002] Current mainframe processing environments use an operator console to display messages about the system. These messages are monitored and any problems are noted. Programmers and other technicians may then become involved in solving a problem. The problem may be beyond the operations staff's ability to handle. [0003] The mainframe computer system may be serviced and monitored from a remote location. Remote support of mainframe computer installations is becoming increasingly important. This includes both remote monitoring and service support of mainframe computer systems. Businesses have been established which are capable of monitoring and maintaining a wide variety of mainframe computer installations. [0004] From time to time, when problems are found, it is necessary for a technician or field engineer to have access to the mainframe computer system. A technician or field engineer can work on the problems on site at the mainframe installation. With high speed, broad band communications, it is possible for a field engineer to diagnose and solve mainframe computer problems from a remote location by communication from a personal computer. Accordingly, the field engineer may be at any location. These technicians are increasingly specialized and require wide access to the mainframe computer installation. At the same time, the computer mainframe installation must retain its security and integrity. In the past, while limited access and "firewalls" have sometimes been employed to maintain security, the field engineer needs wide access to the mainframe computer to diagnosis and solve the problems. [000] Typically, the dispatch control center is located in a secure location. The field engineer, however, is often times at an unsecured location and may operate from a laptop or other unsecured machine. Additionally, the mainframe computer business has only limited controls over the field engineer. For example, a disgruntled field engineer with wide access to the mainframe computer system could cause considerable problems. [0006] With both the dispatch control center and the field engineer at remote locations from the mainframe computer center, the channels of communication are important. While secure transmission lines are possible to establish, these are expensive over long distances. Additionally, the field engineer may be mobile. [0007] The development of personal computers, modems (modulator/demodulator devices) and data connections has allowed the growth of computer networks. The Internet, a somewhat public network of networks, has become an increasingly useful pathway for computer communication. There is, however, a concern about the security and integrity of the Internet pathways. [0008] One solution to security on the Internet has been the encryption of data to be transmitted. One type of encryption uses a single "key" which the sender and recipient must keep secret. Another type of popular encryption uses "public-private keys." The first is a public key made available to anyone. The second is a "secret key" which the user must not allow anyone else to see. The public and private keys work in tandem. If the secret key is stored on a computer system, it is, however, vulnerable. [0009] Accordingly, the present invention as defined by the independent claims is directed to an arrangement where a mainframe or mainframes are secured at a customer site wired to a personal computer with software for console monitoring. The console monitor is in communication with a remote, secure dispatch control center location. The dispatch control center, upon being alerted of a problem, will contact a field engineer to diagnosis and solve the particular problem. SUMMARY OF THE INVENTION [00] In a combined remote access and security system of the present invention, a single mainframe or multiple mainframes are located at a secure location. A mainframe or mainframes are connected to a console central processing unit through a coax or twinax connection. [0011] The console is used to display status messages about the mainframe computer system including errors or critical situations occurring on the computer system. When specified mainframe system alerts or problems occur a warning or alert will be issued. This alert will be communicated from the console to a dispatch control center central processing unit at a remote, secure location. [0012] A dispatcher will monitor any alarm codes received from the mainframe system. The dispatcher will create a trouble ticket for each incoming alarm, assign a field engineer to the problem and call or otherwise contact the field engineer. [0013] Thereafter, the dispatcher will initiate through the dispatch central processing unit, a unique, randomly generated user identification/password pair which is ref- 2

3 EP 0 844 63 B1 4 erenced to the assigned problem number. The user identification/password pair is a data encryption key randomly generated by the dispatch central processing unit. The data encryption key is a mathematical algorithm randomly generated. [0014] The identification/password encryption key is transmitted in two separate transmissions over two separate paths. The data encryption key is communicated from the dispatcher's central processing unit to the field engineer's central processing unit. Additionally, the dispatch central processing unit will also transmit the data encryption key back to the console central processing unit of the mainframe. [001] Once the field engineer has been notified and has received the identification/password pair from the dispatch control center, the field engineer will log on and communicate with the console central processing unit. [0016] Data communicated from the field engineer's central processing unit to the console central processing unit is encrypted with the' identification/password key. The data is subsequently decrypted upon receipt at the console monitor central processing unit. Importantly, the password/identification pair does not travel over the connection between the field engineer and the mainframe site. BRIEF DESCRIPTION OF THE DRAWINGS [0017] Figure 1 illustrates a simplified schematic view of a combined remote access and security system as set forth in the present invention. DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS [0018] Referring to the drawings in detail, Figure 1 illustrates a schematic diagram of a combined remote access and security system of the present invention. [0019] At a mainframe computer installation, a single mainframe 12 or multiple mainframes are located at a secure location (illustrated by the box 14). In many industries and businesses, large numbers of transactions are processed on an around-the-clock basis. Because of this demand, multiple mainframe central processing units are utilized within a secure computer complex. Access may be limited by physical measures, such as locked rooms, finger printing, and the like. [00] The mainframe or mainframes are connected to a console central processing unit 16 which typically includes a keyboard 18 and display. The console 16 can be connected with the mainframe or mainframes in various ways, such as, by a coax or twinax connections 22. [0021] The console 16, in the present situation, may employ a Windows NT operating system or other known operating systems. The operating system will have an application program or programs which is in a client-server format and provides console monitoring 1 2 3 4 0 and console automation features. The application program watches the console for certain conditions. [0022] The console 16 is used to display status messages about the mainframe computer system and allows the operations staff to control the operations of the mainframe or mainframes. Types of messages displayed may be about errors or critical situations occurring on the computer system. Examples of problems noted may be a tape drive fault or a chip on a board. [0023] In today's environment, a single console may be responsible for multiple mainframe computers running multiple computer operating systems. [0024] In specified mainframe system alerts, events or problems, the console will issue a warning or alert. This alert will be communicated from the console 16 through a modem and through a communications path, shown by arrow, to a dispatch control center 32. In the present invention, the communications path may be across the public Internet network. [002] The dispatch control center 32 is ordinarily at a secure location. Thus, access to the computer is limited by physical measures such as locked rooms, finger printing and the like. Additionally, access to the dispatch central processing unit 34 may require passwords. Typically, the dispatch central processing unit 34 includes a keyboard 36 and a display 38. The dispatch central processing unit 34 will be running a client side version of the application program. [0026] A dispatcher (not shown) will monitor incoming alarm codes received from the mainframe 12. If an alert occurs, it will appear on the screen of the dispatcher. Upon receipt of an alarm code, it will display in a list on the display 38. The dispatcher will create a trouble ticket for each incoming alarm in the problem tracking program. Once this has been completed, a field engineer will be assigned to the problem and will be called or otherwise contacted. In one such procedure, the dispatcher will call the field engineer via telephone over a voice line. This connection is shown by arrow. The field engineer will be assigned a problem number for the incoming problem on the mainframe computer. [0027] Thereafter, the dispatch control center will initiate a utility software program on the dispatch central processing unit which will create a unique, randomly generated user identification/password pair which is referenced to the assigned problem number. The user identification/password pair is a data encryption key randomly generated by the dispatch central processing unit. [0028] In the present case, the data encryption key is a mathematical algorithm which will be a randomly generated binary code of 128 bits. The data encryption key is also time limited so that after a certain period of time, it will automatically expire. For example, the data encryption key may be valid for a period of 24 hours. [0029] The identification/password is transmitted in two separate transmissions in two separate paths. The data encryption key is communicated and transmitted 3

EP 0 844 63 B1 6 from the dispatch central processing unit to the field engineer central processing unit 0 as shown by arrow 2. The dispatch central processing unit will also transmit the identification/password data encryption key back to the console central processing unit 16. The data encryption key is itself also encrypted. The data encryption key is itself decrypted at the field engineer's central processing unit and at the console. [00] Once the field engineer has been notified and has received the identification/password pair from the dispatch control center, the field engineer 0 will log on and communicate with the console central processing unit 16 as shown at arrow 4. The field engineer will be running a client side version of the same application program. This communication may be made through a public network such as the Internet. The encrypted data is decrypted at the console monitor. [0031] The field engineer will input and download the assigned problem number already received from the dispatch control center. The field engineer will thereby retrieve the problem details from the console. The field engineer will thus be connected to the mainframe site. Importantly, the password does not travel over the connection between the field engineer 0 and the mainframe site 14. [0032] Once connected to the mainframe computer site, the field engineer retrieves the necessary information through the console central processing unit 16 via the coax 22 connection to the mainframe 12. The field engineer, thus, has access to the mainframe and will endeavor to solve the problem presented. [0033] Once the problem is resolved, the field engineer will notify the dispatch control center 32 that the problem has been resolved. This may be done in a number of ways. This may be done by telephone through voice line. Alternatively, the field engineer may communicate through the field engineer's central processing unit 0 through a communications line back to the dispatch central processing unit. This may also be performed through the Internet. [0034] The dispatcher closes the problem in the problem tracking system. Thereafter, the unique identification/password pair is invalidated so that there is no longer access to the mainframe computer. The dispatcher closes the problem in the dispatch central processing unit database, which then removes the identification/ password pair from the console monitor 16 at the mainframe site. [003] Each of the computer communications may be made through a public network such as the Internet. The data connection from an unsecured terminal/location is at all times secured by the present invention. [0036] Whereas, the present invention has been described in relation to the drawings attached hereto, it should be understood that other and further modifications, apart from those shown or suggested herein, may be made within the scope of this invention. 1 2 3 4 0 Claims 1. A combined remote access and security system for servicing a secure mainframe central processing unit (14) having a console monitor (16), which system comprises: a secure dispatch control central processing unit (34) for receiving problem reports concerning said mainframe central processing unit (14); first communications means for communicating between said mainframe central processing unit (14) from said console central processing unit from said console monitor (16) and said dispatch control central processing unit (34); a field engineer central processing unit (0) independent from said secure mainframe central processing unit (14) and said secure dispatch control central processing unit (34), wherein said secure dispatch control central processing unit (34) is remote from said mainframe central processing unit (14) and wherein said field engineer central processing unit (0) is remote from both said mainframe central processing unit (14) and said secure dispatch control central processing unit (34); second communication means for communicating between said field engineer central processing unit (0) and said secure dispatch control central processing unit (34); a data encryption key randomly generated and transmitted from said secure dispatch control central processing unit (34) to said field engineer over the second communication means and from said secure dispatch control central processing unit (34) to said mainframe central processing unit (14) over the first communication means; and third communication means between said field engineer central processing unit (0) and said mainframe central processing unit (14) wherein data transmitted from said field engineer central processing unit (0) is encrypted and wherein said encrypted data received is decrypted at said mainframe central processing unit (14). 2. A combined remote access and security system as set forth in claim 1, wherein said data encryption key is time limited to expire after a set time period. 3. A combined remote access and security system as set forth in claim 1, wherein said secure dispatch control central processing unit is remote from said mainframe central processing unit and wherein said field engineer central processing unit is remote from both said mainframe central processing unit and said dispatch central processing unit. 4

7 EP 0 844 63 B1 8 4. A combined remote access and security system as set forth in claim 3, wherein said communications means between said mainframe central processing unit (14) and said dispatch central processing unit (34), between said field engineer central processing unit and said dispatch central processing unit (34) and between said field engineer central processing unit (0) and said mainframe central processing unit (34) is via the Internet network.. A combined remote access and security system as set forth in claim 1, wherein said console monitor (16) includes a central processing unit having monitoring and automation capabilities. 6. A combined remote access and security system as set forth in claim, including a plurality of mainframe central processing units connected to said console. 7. A process to remotely access and service a secure mainframe central processing unit (14) having a console monitor (16), which process comprises: communicating a problem with said mainframe central processing unit (14) from said console monitor (16) to a remote secure dispatch control central processing unit (34); over first communication means between said mainframe central processing unit (14) from said console monitor (16) and said secure dispatch control central processing unit (34); randomly generating a data encryption key at said remote secure dispatch control central processing unit (34); transmitting said data encryption key from said secure dispatch control central processing unit (34) to said mainframe central processing unit (14) over the first communication means and to a field engineer central processing unit (0), which is independent and remote from both the secure dispatch control central processing unit (34) and the mainframe central processing unit (14), via second communication means between said field engineer central processing unit (0) and said secure dispatch control central processing unit (34); and communicating via third communication means between said field engineer central processing unit (0) and said mainframe central processing unit (14) wherein data transmitted from said field engineer central processing unit (0) is encrypted and then said encrypted data received is decrypted at said mainframe central processing unit (14). 8. A process to remotely access and service a secure mainframe central processing unit as set forth in 1 2 3 4 0 claim 7, including the additional step of time limiting the data encryption key to expire after a set period of time. 9. A process to remotely access and service a secure mainframe central processing unit as set forth in claim 7, including the additional, initial step of monitoring said console monitor for certain conditions which are identified as problems.. A process to remotely access and service a secure mainframe central processing unit as set forth in claim 7, wherein the steps of communicating said problem, transmitting said data encryption key, and communicating between said field engineer central processing unit and said mainframe is done over the Internet network. 11. A process to remotely access and service a mainframe central processing unit as set forth in claim 7, including the additional step of the dispatch control center contacting said field engineer after communicating said problem to said dispatch control center. Patentansprüche 1. Ein kombiniertes Fernzugriffs- und Sicherheitssystem zum Bedienen einer sicheren Mainframe-Zentralverarbeitungseinheit (14), die einen Konsolmonitor (16) aufweist, wobei das System aufweist: eine sichere Kontrollpunkt-Zentralverarbeitungseinheit 834) zum Empfangen von Problemberichten, die die Mainframe-Zentralverarbeitungseinheit (14) betreffen; erste Kommunikationsmittel zum Kommunizieren zwischen der Mainframe-Zentralverarbeitungseinheit (14) aus der Konsolenzentralverarbeitungseinheit aus dem Konsolmonitor (16) und der Kontrollpunkt-Zentralverarbeitungseinheit (34) ; eine von der sicheren Mainframe-Zentralverarbeitungeinheit (14) und der sicheren Kontrollpunkt-Zentralverarbeitungseinheit (34) unabhängige Außendiensttechniker-Zentralverarbeitungseinheit (0), wobei die sichere Kontrollpunkt-Zentralverarbeitungseinheit (34) von der Mainframe-Zentralverarbeitungseinheit (14) entfernt angeordnet ist und wobei die Außendiensttechniker-Zentralverarbeitungseinheit (0) von sowohl der Mainframe-zentralverarbeitungseinheit (14) als auch der sicheren Kontrollpunkt-Zentralverarbeitungseinheit (34) entfernt angeordnet ist; zweite Kommunikationsmittel zum Kommunizieren zwischen der Außendiensttechniker-

9 EP 0 844 63 B1 Zentralverarbeitungseinheit (0) und der sicheren Kontrollpunkt-Zentralverarbeitungseinheit (34); einen Datenverschlüsselungsschlüssel, der zufällig erzeugt und aus der sicheren Kontrollpunkt-Zentralverarbeitungseinheit (34) an den Außendiensttechniker über die zweiten Kommunikationsmittel und von der sicheren Kontrollpunkt-Zentralverarbeitungseinheit (34) an die Mainframe-Zentralverarbeitungseinheit (14) über die ersten Kommunikationsmittel übermittelt wird; und dritte Kommunikationsmittel zwischen der Außendiensttechniker-Zentralverarbeitungseinheit (0) und der Mainframe-Zentralverarbeitungseinheit (14), wobei Daten, die aus der Außendiensttechniker-Zentralverarbeitungseinheit (0) übermittelt werden, verschlüsselt werden, und wobei die empfangenen verschlüsselten Daten bei der Mainframe-Zentralverarbeitungseinheit (14) entschlüsselt werden. 2. Ein kombiniertes Fernzugriffs- und Sicherheitssystem nach Anspruch 1, wobei der Datenverschlüsselungsschlüssel zeitlich beschränkt ist, so daß er nach einer vorgegebenen Zeitdauer abläuft. 3. Ein kombiniertes Fernzugriffs- und Sicherheitssystem nach Anspruch 1, wobei die sichere Kontrollpunkt-Zentralverarbeitungseinheit von der Mainframe-Zentralverarbeitungseinheit entfernt angeordnet ist und wobei die Außendiensttechniker-Zentralverarbeitungseinheit sowohl von der Mainframe-Zentralverarbeitungseinheit als auch der Kontrollpunkt-Zentralverärbeitungseinheit entfernt angeordnet ist. 4. Ein kombiniertes Fernzugriffs- und Sicherheitssystem nach Anspruch 3, wobei die Kommunikationsmittel zwischen der Mainframe-Zentralverarbeitungseinheit (14) und der Kontrollpunkt-Zentralverarbeitungseinheit (34), zwischen der Außendiensttechniker-Zentralverarbeitungseinheit (0) und der Kontrollpunkt-Zentralverarbeitungseinheit (34) und zwischen der Außendiensttechniker-Zentralverarbeitungseinheit (0) und der Mainframe-Zentralverarbeitungseinheit (14) das Internet-Netzwerk nutzen.. Ein kombiniertes Fernzugriffs- und Sicherheitssystem nach Anspruch 1, wobei der Konsolmonitor (16) eine zentrale Verarbeitungseinheit enthält, die Überwachungs- und Automatisierungsfähigkeiten aufweist. 1 2 3 4 0 6. Ein kombiniertes Fernzugriffs- und Sicherheitssystem nach Anspruch, einschließlich einer Mehrzahl von Mainframe-Zentralverarbeitungseinheiten, die mit der Konsole verbunden sind. 7. Ein Prozeß für einen Fernzugriff und für den Service einer sicheren Mainframe-Zentralverarbeitungseinheit (14), die einen Konsolmonitor (16) äufweist, wobei der Prozeß umfaßt: Übermitteln eines Problems der Mainframe- Zentralverarbeitungseinheit (14) aus dem Konsolmonitor (16) zu einer fernen sicheren Kontrollpunkt-Zentralverarbeitungseinheit (34) über erste Kommunikationsmittel zwischen der Mainframe-Zentralverarbeitungseinheit (14) aus dem Konsolmonitor (16) und der sicheren Kontrollpunkt-Zentralverarbeitungseinheit (34); zufälliges Erzeugen eines Datenverschlüsselungsschlüssels bei der fernen sicheren Kontrollpunkt-Zentralverarbeitungseinheit (34) ; Senden des Datenverschlüsselungsschlüssels aus der sicheren Kontrollpunkt-Zentralverarbeitungseinheit (34) an die Mainframe-Zentralverarbeitungseinheit (14) über die ersten Kommunikationsmittel und an eine Außendiensttechniker-Zentralverarbeitungseinheit (0), welche unabhängig ist und entfernt von sowohl der sicheren Kontrollpunkt-Zentralverarbeitungseinheit (34) als auch der Mainframe-Zentralverarbeitungseinheit (14) angeordnet ist, über zweite Kommunikationsmittel zwischen der Außendiensttechniker-Zentralverarbeitungseinheit (0) und der sicheren Kontrollpunkt-Zentralverarbeitungseinheit (34), und Kommunizieren zwischen der Außendiensttechniker-Zentralverarbeitungseinheit (0) und der Mainframe-Zentralverarbeitungseinheit (14) über dritte Kommunikationsmittel, wobei die aus der Außendiensttechniker-Zentralverarbeitungseinheit (0) gesendeten Daten verschlüsselt werden und dann die empfangenen verschlüsselten Daten bei der Mainframe-Zentralverarbeitungseinheit (14)entschlüsselt werden. 8. Ein Prozeß für einen Fernzugriff und für den Service einer sicheren Mainframe-Zentralverarbeitungseinheit nach Anspruch 7, einschließend den zusätzlichen Schritt der zeitlichen Begrenzung des Datenverschlüsselungsschlüssels, so daß er nach einer vorgegebenen Zeitdauer abläuft. 9. Ein Prozeß für einen Fernzugriff und für den Service einer sicheren Mainframe-Zentralverarbeitungseinheit nach Anspruch 7, einschließend den zusätzlichen, anfänglichen Schritt des Überwachens des Konsolmonitors hinsichtlich bestimmter Bedingungen, welche als Probleme identifiziert sind. 6

11 EP 0 844 63 B1 12. Ein Prozeß für einen Fernzugriff und für den Service einer sicheren Mainframe-Zentralverarbeitungseinheit nach Anspruch 7, wobei die Schritte des Übermittelns des Problems, des Sendens des Datenverschlüsselungsschlüssels und der Kommunikation zwischen der Außendiensttechniker-Zentralverarbeitungseinheit und dem Mainframe über das Internet-Netzwerk ausgeführt werden. 11. Ein Prozeß für einen Fernzugriff und für den Service einer Mainframe-Zentralverarbeitungseinheit nach Anspruch 7, einschließend den zusätzlichen Schritt, daß das Kontrollpunkt-Zentrum den Außendiensttechniker kontaktiert, nachdem das Problem an das Kontrollpunktzentrum übermittelt worden ist. Revendications 1. Un système combiné de sécurité et d'accès à distance pour desservir en sécurité une unité centrale de traitement de gros système sécurisée (14) ayant une console de surveillance (16), lequel système comprenant: 1 2 3 4 0 une unité centrale de traitement de contrôle d'envoi sécurisée (34) pour recevoir des rapports de problèmes concernant ladite unité centrale de traitement de gros système (14) ; des premiers moyens de communication pour communiquer entre ladite unité centrale de traitement de gros système (14) à partir de ladite unité centrale de traitement de console à partir de ladite console de surveillance (16) et ladite unité centrale de traitement de contrôle d'envoi (34) ; une unité centrale de traitement de l'ingénieur de maintenance (0) indépendante de ladite unité centrale de traitement de gros système sécurisée (14) et de ladite unité centrale de traitement de contrôle d'envoi sécurisée (34), dans laquelle ladite unité centrale de traitement de contrôle d'envoi sécurisée (34 ) est distante de ladite unité centrale de traitement de gros système sécurisée (14), dans lequel ladite unité centrale de traitement de l'ingénieur de maintenance (0) est distante desdites deux unité centrale de traitement de gros système sécurisée (14) et unité centrale de traitement de contrôle d'envoi sécurisée (34) ; des deuxièmes moyens de communication pour communiquer entre ladite unité centrale de traitement de l'ingénieur de maintenance (0) et ladite unité centrale de traitement de contrôle d'envoi sécurisée (34) ; une clé de chiffrement de données générée de manière aléatoire et transmise de ladite unité centrale de traitement de contrôle d'envoi sécurisée (34) audit ingénieur de maintenance par les deuxièmes moyens de communication et de ladite unité centrale de traitement de contrôle d'envoi sécurisée (34) à ladite unité centrale de traitement de gros système sécurisée (14) par les premiers moyens de communication ; et des troisièmes moyens de communication entre ladite unité centrale de traitement de l'ingénieur de maintenance (0) et ladite unité centrale de traitement de gros système sécurisée (14) dans lesquels les données transmises de ladite unité centrale de traitement de l'ingénieur de maintenance (0) sont chiffrées et dans lesquels lesdites données chiffrées reçues sont déchiffrées à ladite unité centrale de traitement de gros système sécurisée (14). 2. Un système combiné de sécurité et d'accès à distance selon la revendication 1, dans lequel ladite clé de chiffrement de données a une durée limitée de façon à expirer après une période de temps déterminée. 3. Un système combiné de sécurité et d'accès à distance selon la revendication 1, dans lequel ladite unité centrale de traitement d'envoi sécurisée est distante de ladite unité centrale de traitement de gros système et dans lequel ladite unité centrale de traitement de l'ingénieur de maintenance est distante à la fois de ladite unité centrale de traitement de gros système et de ladite unité centrale de traitement d'envoi. 4. Un système combiné de sécurité et d'accès à distance selon la revendication 3, dans lequel lesdits moyens de communication entre ladite unité centrale de traitement de gros système sécurisée (14) et ladite unité centrale de traitement de contrôle d'envoi sécurisée (34), entre ladite unité centrale de traitement de l'ingénieur de maintenance et ladite unité centrale de traitement de contrôle d'envoi sécurisée (34) et entre ladite unité centrale de traitement de l'ingénieur de maintenance (0) et ladite unité centrale de traitement de contrôle d'envoi sécurisée (34) sont via le réseau Internet.. Un système combiné de sécurité et d'accès à distance selon la revendication 1, dans lequel ladite console de surveillance (16) comprend une unité centrale de traitement possédant des capacités de contrôle et d'automatisation. 6. Un système combiné de sécurité et d'accès à distance selon la revendication, comprenant une pluralité d'unités de traitement central de gros système connectées à ladite console. 7

13 EP 0 844 63 B1 14 7. Un procédé d'accès et de service à distance d'une (14) ayant une console de surveillance (16), lequel procédé comprend : la communication d'un problème avec ladite unité centrale de traitement de gros système sécurisée (14) de ladite console de surveillance (16) à une unité centrale de traitement de contrôle d'envoi sécurisée (34) par un premier moyen de communication entre ladite unité centrale de traitement de gros système sécurisée (14) de ladite console de surveillance (16) et ladite une unité centrale de traitement de contrôle d'envoi sécurisée (34) ; la génération de manière aléatoire, d'une clé de chiffrement de données à ladite unité centrale de traitement de contrôle d'envoi sécurisée (34) ; la transmission de ladite clé de chiffrement de données à partir de ladite unité centrale de traitement de contrôle d'envoi sécurisée (34) à ladite unité centrale de traitement de gros système sécurisée (14) par les premiers moyens de communication, et à ladite unité centrale de traitement de l'ingénieur de maintenance (0), laquelle est indépendante et distante à la fois de l'unité centrale de traitement de contrôle d'envoi sécurisée (34) et de l'unité centrale de traitement de gros système sécurisée (14), via des deuxièmes moyens de communication entre ladite unité centrale de traitement de l'ingénieur de maintenance (0) et ladite unité centrale de traitement de contrôle d'envoi sécurisée (34) ; et la communication, via des troisièmes moyens de communication, entre ladite unité centrale de traitement de l'ingénieur de maintenance (0) et ladite unité centrale de traitement de contrôle d'envoi sécurisée (34) dans laquelle les données transmises de ladite unité centrale de traitement de l'ingénieur de maintenance (0) sont chiffrées et lesdites données reçues sont ensuite déchiffrées à ladite unité centrale de traitement de gros système sécurisée (14). 1 2 3 4 9. Un procédé d'accès et de service à distance d'une selon la revendication 7, comprenant l'étape initiale supplémentaire de contrôle de ladite console de surveillance pour certaines conditions identifiées comme étant des problèmes.. Un procédé d'accès et de service à distance d'une selon la revendication 7, dans lequel les étapes de communication desdits problèmes, la transmission de ladite clé de chiffrement de données, et la communication entre ladite unité centrale de traitement de l'ingénieur de maintenance et ledit gros système sont effectuées via le réseau Internet. 11. Un procédé d'accès et de service à distance d'une selon la revendication 7, comprenant l'étape supplémentaire qui veut que le centre de contrôle d'envoi contacte ledit ingénieur de maintenance après avoir communiqué ledit problème audit centre de contrôle d'envoi. 8. Un procédé d'accès et de service à distance d'une selon la revendication 7, comprenant l'étape supplémentaire de limitation en durée de vie de la clé de chiffrement de données afin que celle-ci expire après une période de temps déterminée. 0 8

EP 0 844 63 B1 9

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information