U.S. patent application number 15/354384 was filed with the patent office on 2017-03-09 for computer system and method of securely booting a computer system.
The applicant listed for this patent is Fujitsu Technology Solutions Intellectual Property GmbH. Invention is credited to Mario Wegener.
Application Number | 20170068818 15/354384 |
Document ID | / |
Family ID | 49766116 |
Filed Date | 2017-03-09 |
United States Patent
Application |
20170068818 |
Kind Code |
A1 |
Wegener; Mario |
March 9, 2017 |
COMPUTER SYSTEM AND METHOD OF SECURELY BOOTING A COMPUTER
SYSTEM
Abstract
A computer system includes a data network connection, a reading
device, an input component and a security device that receives
access data from the data network connection, the reading device
and the input component, wherein the security device establishes a
data network link via the data network connection as the computer
system is starting up and the security device further receives
access data either via the data network link or via the reading
device and the input component, and the security device compares
the received access data with a data record stored in a firmware on
a memory element including security-related data to authenticate a
user and boots the computer system if the comparison was
successful.
Inventors: |
Wegener; Mario; (Bobingen,
DE) |
|
Applicant: |
Name |
City |
State |
Country |
Type |
Fujitsu Technology Solutions Intellectual Property GmbH |
Munchen |
|
DE |
|
|
Family ID: |
49766116 |
Appl. No.: |
15/354384 |
Filed: |
November 17, 2016 |
Related U.S. Patent Documents
|
|
|
|
|
|
Application
Number |
Filing Date |
Patent Number |
|
|
14430262 |
Mar 23, 2015 |
9530003 |
|
|
PCT/EP2013/076922 |
Dec 17, 2013 |
|
|
|
15354384 |
|
|
|
|
Current U.S.
Class: |
1/1 |
Current CPC
Class: |
G06F 21/575 20130101;
G06F 21/6218 20130101; G06F 21/31 20130101; G06F 21/572 20130101;
H04L 63/0457 20130101 |
International
Class: |
G06F 21/57 20060101
G06F021/57; G06F 21/31 20060101 G06F021/31; H04L 29/06 20060101
H04L029/06; G06F 21/62 20060101 G06F021/62 |
Foreign Application Data
Date |
Code |
Application Number |
Jan 10, 2013 |
DE |
102013100230.7 |
Claims
1. A computer system comprising a data network connection, a chip
card reader, an input component and a security device that receives
access data from the data network connection, the chip card reader
and the input component, wherein the security device establishes a
data network link via the data network connection as the computer
system is starting up and said security device further receives
access data either via the data network link or via the chip card
reader and the input component, and said security device compares
the received access data with a data record stored in a firmware on
a memory element comprising security-related data, and the security
device boots the computer system if the comparison was successful,
wherein the access data either comprises a security code stored on
a chip card, received via the chip card reader, and a personal
identification number (PIN), received via the input component, or
the access data received via the data network link simulates to the
security device a combination of the security code on the chip card
and the personal identification number (PIN).
2. The computer system according to claim 1, wherein the security
device repeats the receiving and comparing of the access data for a
predefined number of times if the comparison is unsuccessful.
3. The computer system according to claim 2, wherein the security
device, once the predefined number of repeated comparisons of the
access data has been reached and the comparison was unsuccessful,
blocks the access data received via the chip card reader or the
data network link, and said security device receives, either via
the input component or the data network link, a personal unlock key
(PUK), compares the personal unlock key (PUK) with a data record
stored in the firmware on the memory element, and following a
successful comparison of the personal unlock key (PUK) unblocks the
blocked access data.
4. (canceled)
5. The computer system according to claim 1, wherein the security
device, following a successful comparison of the access data
received via the data network link, allows booting the computer
system repeatedly on successive occasions without receiving access
data afresh, wherein the number of booting processes is limited
quantitatively or with respect to a predefined time period.
6. The computer system according to claim 1, wherein the data
received via the data network link is encrypted and the security
device decrypts the received data.
7. A method of booting a computer system comprising a data network
connection, a chip card reader, an input component and a security
device that receives access data from the data network connection,
the chip card reader and the input component, the method
comprising: establishing, by the security device, a data network
link via the data network connection as the computer system starts
up, receiving access data, by the security device, either via the
data network link or via the chip card reader and the input
component, wherein the access data comprises either a security code
on a chip card, received via the chip card reader and a personal
identification number (PIN), received via the input component or
the access data received via the data network link simulates to the
security device a combination of the security code on the chip card
and the personal identification number (PIN), comparing, by the
security device, the received access data with a data record stored
in a firmware on a memory element, and booting the computer system
if the comparison was successful.
8. The method according to claim 7, wherein the steps of receiving
and comparing the access data are repeated for a predefined number
of times in the event of an unsuccessful comparison.
9. The method according to claim 7, wherein booting the computer
system following a successful comparison of access data received
via the data network link can be repeated on successive occasions
without having to repeat the steps of receiving and comparing
access data, and the number of repetitions is limited
quantitatively or with respect to a predefined time period.
10. (canceled)
11. The method according to claim 7, further comprising encrypting
data prior to transmitting data via the data network link, and
decrypting the encrypted data that has been received via the data
network link.
12. A computer system comprising a data network connection, a chip
card reader, an input component and a security device that receives
access data from the data network connection, the chip card reader
and the input component, wherein the security device establishes a
data network link via the data network connection with a local area
network as the computer system is starting up and said security
device further receives access data either remotely via the data
network link from a third agent or locally via the chip card reader
and the input component, and said security device compares the
received access data with a data record stored in a firmware on a
memory element comprising security-related data, wherein the access
data either comprises a security code stored on a chip card,
received via the chip card reader, and a personal identification
number (PIN), received via the input component, or the access data
received via the data network link simulates to the security device
a combination of the security code on the chip card and the
personal identification number (PIN), and said security device
boots the computer system if the comparison was successful.
13. The computer system according to claim 12, wherein the access
data in form of a security code on a chip card, received via the
chip card reader, and a personal identification number (PIN),
received via the input component is used to authenticate a user of
the computer system when the user is in possession of the chip card
and the personal identification number (PIN), and the access data
received via the data network link, simulating to the security
device a combination of the security code on the chip card and the
personal identification number (PIN) is used to boot the computer
system when the user of the computer system has forgotten the chip
card and/or the personal identification number (PIN) or to unlock
and boot the computer system remotely from the third agent when the
user of the computer system is not present.
14. The computer system according to claim 1, wherein the data
network connection connects the security device to a local area
network.
15. The method according to claim 7, wherein the data network
connection connects the security device to a local area
network.
16. The method according to claim 8, wherein the access data is
blocked if the predefined number of repeatedly receiving and
comparing the access data has been reached and the comparison was
unsuccessful.
17. The method according to claim 16, further comprising: receiving
a personal unlock key (PUK) by the security device, either via the
data network link or via the input component, if the access data
has been blocked; comparing, by the security device, the personal
unlock key (PUK) with a data record stored in the firmware on the
memory element; and unblocking the blocked access data if the
comparison of the personal unlock key (PUK) was successful.
18. The method according to claim 7, wherein the access data
received via the data network link is used to boot the computer
system when a user of the computer system has forgotten the user's
chip card and/or personal identification number (PIN) or, when the
user of the computer system is not present and an administrator
requires booting the computer system remotely via the data network
link from a third agent.
Description
TECHNICAL FIELD
[0001] This disclosure relates to a computer system comprising a
security device adapted to receive access data, compare the access
data and boot the computer system if the comparison was successful.
In addition, the disclosure relates to two methods of receiving and
comparing access data and booting a computer system.
BACKGROUND
[0002] Computer systems are known, wherein it is necessary to
insert a valid chip card to boot the computer systems. Using a
reading device, the computer systems can read out data from the
chip card belonging to a user of the computer system. In addition,
it is possible to request a password allocated to the user of the
chip card. The use of a mechanical component with access data can
ensure a high degree of security. If, on the other hand, the
computer system is to be booted without the use of a chip card,
disproportionately high security deficiencies arise.
[0003] It could therefore be helpful to provide a computer system
and method that close the gaps in security when operating a
computer system of this type.
SUMMARY
[0004] I provide a computer system including a data network
connection, a reading device, an input component and a security
device, wherein the security device establishes a data network link
via the data network connection as the computer system is starting
up and said security device further receives access data either via
the data network link or via the reading device and the input
component, and said security device compares the received access
data with a data record stored in a firmware on a memory element
and boots the computer system if the comparison was successful.
[0005] I further provide a method of booting the computer system
including establishing a data network link via the data network
connection if the computer system is starting up, receiving access
data either via the data network link or via the reading device and
the input component, comparing the received access data with a data
record stored in a firmware on a memory element, and booting the
computer system if the comparison was successful.
[0006] I yet further provide a method of booting the computer
system including establishing a data network link via the data
network connection if the computer system is starting up,
repeatedly receiving access data either via the data network link
or via the reading device and the input component, and comparing
the received access data with a data record stored in a firmware on
a memory element until the comparison was successful or until a
predefined number of repetitions has been reached, blocking the
access data if the predefined number of repetitions has been
reached in the step of repeatedly receiving and comparing access
data or booting the computer system if the comparison of the access
data was successful, and comparing control data received via the
data network link or via the input component if the access data has
been blocked and activating the blocked access data if the
comparison of the control data was successful.
[0007] I still further provide a computer system including a data
network connection, a reading device, an input component and a
security device that receives access data from the data network
connection, the reading device and the input component, wherein the
security device establishes a data network link via the data
network connection as the computer system is starting up and said
security device further receives access data either via the data
network link or via the reading device and the input component, and
said security device compares the received access data with a data
record stored in a firmware on a memory element including
security-related data to authenticate a user and boots the computer
system if the comparison was successful.
[0008] I still further provide a method of booting a computer
system including a data network connection, a reading device, an
input component and a security device that receives access data
from the data network connection, the reading device and the input
component, wherein the security device establishes a data network
link via the data network connection as the computer system is
starting up and said security device further receives access data
either via the data network link or via the reading device and the
input component, and said security device compares the received
access data with a data record stored in a firmware on a memory
element including security-related data to authenticate a user and
boots the computer system if the comparison was successful, the
method including establishing a data network link via the data
network connection if the computer system is starting up, receiving
access data either via the data network link or via the reading
device and the input component, comparing the received access data
with a data record stored in a firmware on a memory element, and
booting the computer system if the comparison was successful.
BRIEF DESCRIPTION OF THE DRAWINGS
[0009] FIG. 1 illustrates a computer system in accordance with one
example.
[0010] FIG. 2 illustrates a flow chart of a first method of booting
a computer system.
[0011] FIG. 3 illustrates a flow chart of a second method of
booting a computer system.
LIST OF REFERENCE NUMERALS
TABLE-US-00001 [0012] 10 Computer system 11 Security device 12 Data
network connection 13 Reading device 14 Input component 15 Memory
element 16 Data record 17 Data network link 18 Counter 19 Chip card
20, 30 Flow chart 21 to 24 Method steps 31 to 37 Method steps n
Counter value
DETAILED DESCRIPTION
[0013] I provide a computer system that comprises a data network
connection, a reading device, an input component and a security
device. The security device establishes a data network link via the
data network connection as the computer system is starting up and
the security device further receives access data either via the
data network link or via the reading device and the input
component. Furthermore, the security device compares the received
access data with a data record stored in a firmware in a memory
element and boots the computer system if the comparison was
successful.
[0014] One advantage is that the security device establishes a data
network link prior to starting up the computer system. This renders
it possible to receive the access data not only via the reading
device (by way of example to read out a chip card) and the input
component (by way of example a key pad) but rather also via the
data network link. This is particularly important if a user makes
an error when inputting the access data received by the input
component or not all the access data is received via the reading
device. If this occurs, a third agent, for example, an
administrator, can provide the access data via the data network
link and boot the computer system.
[0015] Advantageously, the security device may repeat the receiving
and the comparing of the access data for a predefined number of
times if the comparison is unsuccessful, and to read out via the
reading device the predefined number from a chip card.
[0016] By virtue of the fact that the receiving and comparing of
the access data can be repeated, it is possible for any errors, for
example, when inputting a password, to be corrected. The number of
repetitions that allow an incorrect input of access data or an
incorrect identification of access data can be read out via the
chip card.
[0017] Advantageously, the security device, once the predefined
number of repeated comparisons of the access data has been reached,
may block the access data received via the reading device or the
data network link and delete the access data received via the input
component. Furthermore, the security device receives, either via
input component or the data network link, control data dependent
upon the access data, compares the control data with a data record
stored in the firmware on a memory element, and following a
successful comparison of the control data unblocks the blocked
access data and regenerates the deleted access data.
[0018] One advantage is that even when incorrect access data is
repeatedly input the computer system is not completely blocked but
rather it is always possible to unlock the computer system. By
virtue of receiving the control data via the input component or the
data network link, the computer system can be unlocked not only by
a user of the computer system but rather also by a user, for
example, an administrator, from a remote location.
[0019] Advantageously, the security device of the computer system
may receive as access data a security code on a chip card via the
reading device and an alpha-numeric character string via the input
component, or receive as access data via the data network link a
combination based on the two sets of data received via the reading
device and the input component.
[0020] By virtue of the fact that the combination of the access
data simulates the two other sets of access data, it is sufficient
to transfer one data record rather than having to wait for a
further input.
[0021] Advantageously, the security device may ensure, following a
successful comparison of the access data received via the data
network link, that the computer system can be booted repeatedly on
successive occasions without receiving access data afresh, wherein
the number of booting processes is limited quantitatively or with
respect to a predefined time period.
[0022] If a user of a computer system does not have an access card
to the computer system on hand and, as a consequence, cannot boot
the computer system in the proper manner, the user can request that
an access code that unlocks and boots the computer system be
transmitted to the computer system via a data network link. During
the course of the working day, it is therefore possible that the
computer system must be rebooted. This would involve the user
repeating the process again. It is one advantage that, after
requesting an activation code, the user can close down or boot the
computer system as desired as long as this occurs within the
limited number of times.
[0023] Advantageously, the computer system is characterised in that
the data received via the data network link may be encrypted.
Furthermore, the security device decrypts the received data. This
ensures that third parties cannot access the transferred data.
[0024] I also provide a method for a computer system having a data
network connection, a reading device and an input component
comprising the steps: [0025] establishing a data network link via
the data network connection if the computer system is starting up,
[0026] receiving access data either via the data network link or
via the reading device and the input component, [0027] comparing
the received access data with a data record stored in a firmware on
a memory element, and [0028] booting the computer system if the
comparison was successful.
[0029] One advantage is that a data network link is established
first and this renders it possible also to receive the access data
via the data network link. As a consequence, it is not necessary to
provide a user with all the information that is relevant for the
system or rather security.
[0030] Advantageously, the method is characterized in that the
steps of receiving and comparing the access data may be repeated
for a predefined number of times in the event of an unsuccessful
comparison. Advantageously, the following step is also performed:
[0031] reading out via the reading device from a chip card the
predefined number of repetitions of the steps of receiving and
comparing said data.
[0032] Further advantageously, the step of booting the computer
system following a successful comparison of the access data
received via the data network link may be performed repeatedly on
successive occasions without having to repeat the steps of
receiving and comparing said access data, wherein the number of
repetitions is limited quantitatively or with respect to a
predefined time period.
[0033] Further advantageously, in the step of receiving access
data, either a security code may be received via the reading device
from a chip card or an alphanumeric character string may be
received via the input component or a combination based on the
security code and the character string is received via the data
network link as access data.
[0034] I further provide a method for a computer system comprising
a data network connection, a reading device and an input component.
The method comprises the steps: [0035] establishing a data network
link via the data network connection if the computer system is
starting up, [0036] repeatedly receiving access data either via the
data network link or via the reading device and the input component
and comparing the received access data with a data record stored in
a firmware on a memory element until the comparison was successful
or until a predefined number of repetitions has been reached,
[0037] blocking the access data if the predefined number of
repetitions has been reached in the step of repeatedly receiving
and comparing access data or booting the computer system if the
comparison was successful, and [0038] comparing control data
received via the data network link or via the input component if
the access data has been blocked and unblocked the blocked access
data if the comparison of the control data was successful.
[0039] The advantages of this method then become obvious if a user
has repeatedly incorrectly input the access data. By virtue of the
fact that a data network link is established prior to receiving and
comparing the access data, it is possible to receive the control
data likewise by direct input via the data network link. As a
consequence, it is not necessary for the user to be in possession
of the control data. This control data can be input by way of
example by an administrator from a remote location.
[0040] Advantageously, the method is characterized in that in the
step of comparing the control data an alphanumeric character string
may be received as the control data.
[0041] Further advantageously, the following additional steps may
be performed: [0042] encrypting data prior to transmitting data via
the data network link, and [0043] decrypting the encrypted data
that has been received via the data network link.
[0044] Advantageously, the second method is characterized in that
in the step of blocking the access data in addition the access data
received via the input component may be deleted and in the step of
comparing the control data the deleted access data may be
regenerated if the comparison was successful.
[0045] My systems and methods are described in detail hereinunder
with the aid of different examples with reference to the attached
figures.
[0046] FIG. 1 schematically illustrates a computer system 10. A
security device 11 is arranged in the computer system 10. The
security device can be a microcontroller provided for this purpose
or it can also be integrated in the existing hardware. The security
device 11 is provided for the purpose of preventing unauthorized
access by persons wishing to access the computer system 10. Various
control mechanisms are provided so that authorized users have the
opportunity of authenticating themselves. The security device 11
connects to a data network connection 12 so that a data network
link 17 can be established by way of example a company network via
a so-called "Local Area Network". Furthermore, the security device
11 connects to a reading device 13 that can read out, for example,
the data on a chip card 19. The security device 11 furthermore
connects to an input component 14, as an example, a key pad. The
security device 11 receives access data from the three components
12, 13 and 14. The security device 11 furthermore connects to a
memory element 15 in which a data record 16 is stored. The data
record 16 is part of a firmware and comprises security-related data
required for the purpose of authenticating a user. The computer
system 10 comprises a counter 18 connected to the security device
11.
[0047] During conventional use of the computer system 10, a user
inserts chip card 19 into the reading device 13, starts up the
computer system 10 and prior to the computer system booting, the
security device 11 displays an input mask by means of which the
user with the aid of the key pad can input a password, for example,
a so-called "personal identification number" (PIN). The security
device 11 is adapted to compare the received code, in the example
the PIN number and the data on the chip card 19 received via the
reading device 13, with the data record 16 in the memory element
15. If the comparison is successful, the security device 11 unlocks
the computer system 10 and boots it.
[0048] If, on the other hand, it is not the user who has the chip
card 19 but rather a system administrator who wishes to access the
computer system 10 from a remote location, then it would be
laborious for the system administrator to obtain a chip card 19, go
to the computer system 10 and use the chip card 19. In lieu of
this, it is more practical to start up the computer system 10 via a
data network link 17. However, since the security device 11 only
allows users who have the access data on a chip card 19 to access
the computer system 10, it is necessary that the administrator of
the security device 11 can make this type of data available. The
administrator can for this purpose transmit a security code via the
data network link 17 and the security code connects via the data
network connection 12 to the security device 11 to simulate to the
security device 11 a combination of access data on a chip card 19
and a PIN number that has been input. The security device 11 can
compare this security code and likewise the combination of the
access data from the chip card 19 and the input component 14, with
the data record 16 in the memory element 15.
[0049] Alternatively, the user may have forgotten chip card 19. In
this case, the user can inform the administrator so that the
administrator transmits the combination of access data via the data
network link 17 to the security device 11 and thus unlocks the
computer system 10. It is also necessary for this purpose that the
security device 11 has established a data network link 17 even
prior to booting the computer system 10 via the data network
connection 12.
[0050] In the example, the security device 11 repeatedly compares
the access data if the comparison was unsuccessful. If, for
example, the user inserts chip card 19 into the reading device 13,
but subsequently inputs an incorrect PIN number via the input
components 14, then the security device 11 recognizes this and
provides the user with a further opportunity of inputting via the
input component 14 the PIN number that belongs to the chip card 19.
In the described example, the security device 11 reads out for this
purpose via the reading device 13 from the chip card 19 the
predefined maximum number of repetitions that the security device
11 makes available to the user and increases the value of the
counter 18 to count the number of repetitions. Consequently, it is
possible to define on each individual chip card 19, the number of
occasions a user may repeat the input of the password.
[0051] The security device 11 is adapted to block the access data
that has been read out via the reading device 13 from the chip card
19, or rather to block the access data that has been received via
the data network link 17, and to delete the access data, in the
example the PIN number, which has been received via the input
component 14 if the number of permitted repetitions has been
exceeded. By virtue of blocking or rather deleting the access data,
a user is refused the opportunity to boot the computer system 10.
This is by way of example expedient if an unauthorized user intends
to establish which password is correct by making multiple attempts.
However, if the legitimate user then wishes to work on the computer
system 10 again, the access data can be re-instated by inputting
the control data, for example, a Personal Unlock Keys (PUK). The
legitimate user can, for example, input this PUK via the input
component 14. To obtain the PUK, the legitimate user must first
make a telephone call to an administrator and obtain the PUK over
the telephone. This can lead to an incorrect PUK possibly being
conveyed or to the message from the administrator being
misunderstood and an incorrect PUK being input. To avoid this, it
is possible using the described computer system 10 to receive this
PUK via the data network link 17. Consequently, the administrator
can give the user direct access to the computer system 10 without
the user having to input the PUK.
[0052] In the example, the security device 11 allows repeated
successive booting of the computer system 10 following a successful
comparison of the access data received via the data network link 17
without receiving the access data afresh. In this manner, a user
can then repeatedly boot the computer system 10 without chip card
19 at hand and must request the access data via the data network
link 17 from an administrator. The number of booting processes is
limited quantitatively or with respect to a predefined time period
so that the user receives by way of example access for a day or for
5 booting processes.
[0053] In the example, the data to be transmitted via the data
network link 17 are first encrypted and the security device 11
decrypts the received data. This ensures a high degree of security
and makes it difficult for an unauthorized user to gain access to
correct access data.
[0054] The flow chart 20 illustrated in FIG. 2 illustrates the
steps of a method of booting a computer system 10. If the computer
system 10 is starting up, the step 21 is first performed. In step
21, the security device 11 establishes a data network link 17 via
the data network connection 12. Due to the fact that the data
network link 17 is established prior to the computer system 10
being booted, access data from an external source can even be
received to receive and compare the access data. In step 22, access
data is then either read out from a chip card 19 via a reading
device 13, and received via the input component 14 or the access
data are transmitted to the data network connection 12 via the data
network link 17 and the access data is received by the security
device 11 via the data network connection 12.
[0055] In step 23, the access data that have been received in step
22 are compared by the security device 11 with a data record 16
stored in the memory element 15. It is irrelevant whether the
access data received in step 22 has been received via the data
network link 17 or the input component 14 and the reading device
13. If the comparison of the access data is successful, the
computer system 10 is booted in step 24.
[0056] FIG. 3 illustrates a flow chart 30 for booting the computer
system 10. If the computer system 10 is starting up, step 31 is
first performed, wherein the security device 11 establishes a data
network link 17 via the data network connection 12. In step 32, the
security device 11 receives access data and compares these access
data with a data record 16 in a memory element 15. If the
comparison is successful, then the user is authorized to use the
computer system and the computer system 10 is booted in step 33.
If, on the other hand, the comparison of the access data was
unsuccessful, then a counter 18 is activated and the counter value
n of the counter 18 is increased by 1. In the query 34, a check is
performed as to whether the counter value n of the counter 18
corresponds to a predefined value. If this is not the case, then
the user has a further opportunity in step 32 to input the access
data and initiate a comparison via the security device 11. If the
comparison is successful, the system can be booted in step 33. If,
on the other hand, the comparison is once more unsuccessful, then
the counter value n of the counter 18 is increased by 1 and a new
query is made in step 34 as to whether the counter value n of the
counter 18 has reached the predefined value. The predefined value
for the maximum repetition of this process is stored in the example
on the chip card 19.
[0057] If the value by way of example 4 is reached, then the
password has been incorrectly input on too many occasions and the
access data are blocked in step 35.
[0058] To at this point unlock the system again, control data are
received and compared in step 36. It is now possible to input the
control data in the form of a PUK via the input component 14 or via
the data network link 17. If the comparison of the control data is
successful, then the access data is blocked in step 37. Following
on from step 37, the counter value n of the counter 18 is reset and
the user can once more input his access data in step 32.
[0059] In one example, not illustrated, in step 35, in addition to
blocking the access data, the PIN number input by the user and
received via the input component 14 is cancelled. Accordingly, in
step 37, in addition to unblocking the access data, the access data
that have been received via the input component 14 are
regenerated.
[0060] In the examples, all data that can be input via the input
component 14 are alphanumeric character strings. These data are
either input themselves via the input component 14 or are
transmitted via the data network link 17.
[0061] In one example, not illustrated, the methods comprise in
addition to the mentioned steps also the step of encrypting data
prior to this data being transmitted via the data network link 17.
Accordingly, the methods comprise likewise a step of decrypting the
encrypted data.
* * * * *