The present invention relates to a method of transferring secure information between two terminals.
As a result of an increasingly global alignment of companies, telecommunication services are increasingly being used to transfer voice and data. The costs resulting from these telecommunication services are constantly rising and are becoming a significant cost factor for the companies, which are looking for opportunities to reduce these costs. Local and global computer networks such as an ‘Intranet’ or the ‘Internet’ provide an option of transferring data less expensively and all around the world.
For access to data or services—for example to a server or to an application made available by the server—of a first unit—for example a Company A—originating from a second unit—for example a Company B—or originating from a public access—for example from the ‘Internet’—it is important to prevent unauthorized access to data or services of the unit. This can be done by an access authorization check performed prior to the data access. With an authorization check it is necessary for there to be authorization administration in the first unit to administer the access rights of the individual users. A disadvantage of this type of authorization check is that the access rights for the external users to the first unit must be notified (danger of misuse) and that a user must re-register independently in each case before a data access. Furthermore the authorization administration must be updated on an ongoing basis which involves great administrative expense.
For secure data access originating from a second unit—for example originating from a user device in an Intranet of Company B—there is also the option of routing the access via an existing transmission facility existing between the units. A transmission device in this sense is for example, a fixed connection—that is, a physical line connection set up especially for the purpose—or a logical connection—also referred to as a Virtual Private Network (VPN). Alternatively, a representative device—known as a proxy—can be defined in the second unit, via which accesses to the first unit or to a server of the first unit will be undertaken.
A disadvantage of these possible solutions is, however, that a data access to the first unit must always be routed via the fixed connection or that the data access must always take place via the proxy.