The access process via the portal is described here in detail:
1.The user calls the HS/FS.
- The HS/FS checks the authorisation of the caller using the telephone number.
- If the caller is known, he receives a 5-digit random number as the PIN.
- PIN transfer is via language output.
- The PIN is only valid once for a time period that can be set.
- If the caller is known, he receives a 5-digit random number as the PIN.
- PIN transfer is via language output.
- The PIN is only valid once for a time period that can be set.
2.After a valid call, the HS/FS connects to the Internet.
- Afterwards, it transfers the address in the Internet to the portal.
- The address transfer is encrypted with a password.
- This password is only known to the HS/FS and the portal operator.
- This password can be changed by the HS/FS owner at any time.
- The address transfer is encrypted with a password.
- This password is only known to the HS/FS and the portal operator.
- This password can be changed by the HS/FS owner at any time.
3.From his device, the user retrieves the portal page via the Internet.
- He enters the name of the HS/FS in the mask on the portal page.
- This name is only known to the user and can be changed at any time.
- The portal transfers the Internet address of the HS/FS.
- This name is only known to the user and can be changed at any time.
- The portal transfers the Internet address of the HS/FS.
4.The device of the user now automatically connects directly with the HS/FS.
- The portal is no longer involved in the further procedure.
- The HS/FS transfers a LOGIN mask to the user.
- The user must now enter the user name and the PIN received in 1).
- If authentication is positive, the HS/FS can now be operated.
- The transfer between HS/FS and user is encrypted.
- The HS/FS transfers a LOGIN mask to the user.
- The user must now enter the user name and the PIN received in 1).
- If authentication is positive, the HS/FS can now be operated.
- The transfer between HS/FS and user is encrypted.
Note
The portal takes on the function of a telephone directory service in order to search for the matching address (telephone number) using a known name.
The password which is known to the portal operator is only used for storing the HS/FS address.
The portal is no longer involved in the authentication of the user with the HS/FS.
This is emphasised again here because in the past there were often misunderstandings about this point.
The portal operation has no information which could enable access to the HS/FS.
All of the data required for authentication resides solely on the HS/FS,
and can only be changed locally using the start-up software.
A further important point is the use of a PIN for authentication that is only valid once.
This is especially relevant when accessing the HS/FS using devices that can be used by the public (e.g. Internet cafe, workstation, etc.).
This is because entries and passwords may be saved and recorded.
The portal is no longer involved in the authentication of the user with the HS/FS.
This is emphasised again here because in the past there were often misunderstandings about this point.
The portal operation has no information which could enable access to the HS/FS.
All of the data required for authentication resides solely on the HS/FS,
and can only be changed locally using the start-up software.
A further important point is the use of a PIN for authentication that is only valid once.
This is especially relevant when accessing the HS/FS using devices that can be used by the public (e.g. Internet cafe, workstation, etc.).
This is because entries and passwords may be saved and recorded.