Hasso-Plattner-Institut für Softwaresystemtechnik

>> Projekte > Lock-Keeper

Contact

Prof. Dr. Christoph Meinel

Hasso-Plattner-Institut
für Softwaresystemtechnik
Prof.-Dr.-Helmert-Str. 2-3
D-14482 Potsdam, Germany

Tel: +49 0331/5509-222
Fax: +49 0331/5509-325
Mobil: +49 176 10010727
meinel"at"hpi.uni-potsdam.de

Books

(Last update on May 25, 2010)

Lock-Keeper is a novel high security network solution that was designed by Christoph Meinel and his team. It is licensed by Siemens and available on the market. Lock-Keeper is able to provide data transfer over physically separated connections. Based on the simple principle that "the ultimate method to secure a network is to disconnect it" Lock-Keeper can guarantee higher levels of security and entirely prevent specific intruder attacks by physically separating the communicating networks. In recent years, the patented Lock-Keeper system has been developed and improved to be more mature, dependable and applicable.

Links for fast navigation through this page: News - Introduction - R&D - Media Reports - Awards Patents - Publications - Presentations - Team - Partner - Contact

News

Jan. 2010: News is released: Lock-Keeper for IPv6. See HPI press release, idw-online, uni-protokolle, bussiness-on, diagramm, pressbox, SanderMielke.
Oct. 2009: New feature is now available: Lock-Keeper for IPv6. For more information, see EN/DE.
Mar. 2009: Lock-Keeper will be presented on CeBIT 2009. You can visit us in Hall 11, Stand 50/4. Feel free to download our poster released on KES.
Feb. 2009: Lock-Keeper will join the Katalogschau in Saudi Arabia. You can get the Lock-Keeper materials in Jeddah & Riad & Dammam of Saudi Arabia during the first quarter of 2009.
Feb. 2009: A new Lock-Keeper brochure is released.
Apr. 2008: New Master Thesis topics within the Lock-Keeper project are published: 1. Simulation and Visualization of Lock-Keeper Data Exchange Procedure and Performance Measurement (poster) 2. Reconstruct Lock-Keeper based on Trusted Computing Concepts (poster). We are looking forward to discussing with interested Master/Diplom students.
More ... ...

Introduction

The threats originating from the Internet are ever-increasing and far from being "under control". Modern security is designed to protect the vast range of business communication facilities from external as well as internal intruders, so-called "hackers". To this effect, various defensive mechanisms have been developed to protect internal data and systems from unauthorized access. Here, we proposed a novel security solution named Lock-Keeper, which can provide data transfer by physically separated connections.

Based on the simple principle that "the ultimate method to secure a network is to disconnect it", the Lock-Keeper can guarantee higher levels of security and entirely prevent specific intruder attacks by physically separating the communicating networks. In recent years, the patented Lock-Keeper system has been developed and improved to be more mature, dependable and applicable.

Research & Development

By means of the SingleGate Lock-Keeper system, a simple implementation of the "Physical Separation" idea, the possibility of direct attacks to a protected network can be eliminated entirely and data can be exchanged between two networks through a completely secure and reliable way. As an advanced implementation of this technology, the DualGate Lock-Keeper is proposed by including another new "GATE" unit. Along with this development, not only the Lock-Keeper performance on data transfer, especially the transmit speed, is improved significantly, but also some other new good characteristics appear simultaneously. All these changes make the Lock-Keeper technology more efficient, flexible and applicable. Moreover, we also propose a Lock-Keeper Cluster architecture, which is built up by the combination of two or more independent Lock-Keeper systems, to improve the performance on data exchange. Our current research and development work is focus on the following topics:

Deployment of Lock-Keeper in Service-Oriented-Architecture (SOA).
Reconstruct Lock-Keeper using Concepts of Trusted Computing.
Lock-Keeper-based Online Police Station.
Secure Database Replication Module based on WS-Based Messaging Framework.
Lock-Keeper based IDS/IPS Solutions.
Securing VoIP Infrastructure and its Application using Lock-Keeper
Development of the Lock-Keeper Cluster System.
Performance measurement and comparison between the Lock-Keeper and other similar security solutions.
Authentication and access control based on the Lock-Keeper technology.
... ...

Media Reports

About Security: Ein Bericht von der CeBIT (entwickler.com, 13. March 2008)
Was war. Was wird. (heise online news, 09. March 2008)
News from CeBIT (in Arabic) (Deutsche Welle, 08. March 2008)
Hochsicheres Rechnersystem gegen Internet-Spionage (innovations-report.de, 04. March 2008)
CeBIT: Hochsicheres Rechnersystem gegen Internet-Spionage (silicon.de, 04. March 2008)
CeBIT: Hochsicheres Rechnersystem gegen Internet-Spionage (idw-online.de, 03. March 2008)
Cebit: Potsdamer Computergrafiker abstrahieren 3-D-Modelle für die Fahrzeugnavigation (computerzeitung.de, 03. March 2008)
Hasso-Plattner-Institut macht CeBIT zur zentralen Sammelstelle für Technikfrust und Innovationsideen (uni-protokolle.de, 19. February 2008)
Sicherer Datentransfer zwischen Buerger und Polizei gewaehrleistet! (Six, Stuttgart, 18. October 2007)
Studenten schuetzen E-Mails der Polizei mit hochsicherer Datenschleuse (uni-protokolle.de, 11. October 2007)

Awards

Lock-Keeper won the 2007 German "IT Security Award" (in the "Kategorie Web/Internet Security").
Lock-Keeper got the Inventor's prize from the Investitions- und Strukturbank Rheinland-Pfalz (ISB) in 2002.

Patents

In recent years, the Lock-Keeper technology has gotten the right of patent, under the name of "Data Connection Between Two Processors and Process to Transmit Data Between Two Processors", from several contries or districts.

Hong Kong, of China, Nr. 01104595.0, from 04.07.2001
European Union, Nr. 01 106 701.4, from 16.03.2001
USA, Nr. PCT/EP99/05550, from 14.02.2001
China, Nr. 99809961.9, from 31.07.1999
Korea, Nr. 2.341.180, from 31.07.1999
Canada, Nr. PCT/EP99/05550, from 31.07.1999
Russia, Nr. PCT/EP99/05550, from 31.07.1999

Selected Publications

F. Cheng, T.-D. Tran, S. Roschke, Ch. Meinel
A Specialized Tool for Simulating Lock-Keeper Data Transfer
Proc. AINA 2010, IEEE Press, Perth (Australia), 2010, pp. 182-189.
S. Roschke, F. Cheng, T.-D. Tran, Ch. Meinel
A Theoretical Model of Lock-Keeper Data Exchange and its Practical Verification
Proc. NPC 2009, IEEE Press, Gold Coast (Australia), 2009, pp. 190-196.
F. Cheng, S. Roschke, Ch. Meinel
Implementing IDS Management on Lock-Keeper
Proc. ISPEC 2009, Springer LNCS 5451, Xi'an (China), 2009, pp. 360-371.
F. Cheng, Ch. Meinel
Design of Lock-Keeper Federated Authentication Gateway
Proc. ICACT 2009, IEEE Press, Phoenix Park (Korea), 2009, pp. 1041-1046.
F. Cheng, Ch. Meinel
Strong Authentication over Lock-Keeper
Proc. SOFSEM 2008, Springer LNCS4910, High Tatras (Slovakia), 2008, pp. 572-584
Ch. Meinel
Physikalische Trennung als Ultima Ratio im Hochsicherheitsbereich
GI Informatik-Spektrum, 30(3), June 2007, Springer Verlag, pp. 170-174.
F. Cheng, Ch. Meinel
Lock-Keeper: A New Implementation of Physical Separation Technology
Proc. ISSE 2006, Rome (Italy), 2006, pp. 275-286.
F. Cheng, Ch. Meinel
Research on the Lock-Keeper Technology: Architectures, Advancements and Applications
International Journal of Computer and Information Science(IJCIS), 5(3), 2004, pp. 236-245
F. Cheng, Ch. Meinel, et. al.
A Complete Solution for Highly Secure Data Exchange: Lock-Keeper and its Advancements
Proc. IEEE PDCAT 2003, Chengdu (China), 2003, pp. 201-205
More ... ...

Selected Presentations

Feng Cheng
Lock-Keeper - A High Security Solution based on Physical Separation, Jan. 2008
Feng Cheng
Demonstrations on Lock-Keeper Application Modules, Jan. 2008
Prof. Dr. Christoph Meinel
Lock-Keeper - A New High-Level Security Architecture for Data Exchange Between Physically Separated Networks, invited talk in ETH, Switzerland, Jan. 2007.
Prof. Dr. Christoph Meinel
Lock-Keeper: More Security is Impossible, tele-task, Dec. 2005
Prof. Dr. Christoph Meinel
Lock-Keeper: Mehr Sicherheit geht nicht, tele-task, Dec. 2005 (in German)
More ... ...

Team Organization

Prof. Dr. Christoph Meinel
Dipl. -Inform. Feng Cheng
M. Sc. Sebastian Roschke (since Nov. 2008)
M. Sc. Ahmad Al-Sadeh (since Jun. 2009)
M. Sc.-Student David Jäger (since Jul. 2009)

Partners

We are cooperated with following partners on R&D works with Lock-Keeper and its applications.

Contact us

Research group of Internet Technologies and Systems,
Hasso-Plattner-Institute, at the University of Potsdam,
D-14440, Potsdam, Germany
Phone: +49 331 5509-51
Fax: +49 331 5509-325
Room: B-1.12
Email: