Connector (information technology)

This article was due to content flaws on the quality assurance side of the computer science editorial added. This is done in order to bring the quality of the articles from the subject area of computer science to an acceptable level. Help to eliminate the shortcomings in this article and take part in the discussion ! ( + )

Reason: This article does not explain the relationships sufficiently. The definition of the term connector seems poor. The aforementioned connector class in the Java programming language and the corresponding data structure are neglected when dealing with topics. Evidence is missing. - A. Abdel-Rahim ( discussion ) 20:25, 1. Mar. 2020 (CET)

A connector is a special entity in a VPN - router (Virtual Private Network router).

Basics

Viewed abstractly, the functional unit of the so-called connector represents a client with extremely advanced authentication capabilities . As a software module in the data memory of a router hardware tailored for the application, it is used to set up and dismantle encrypted communication links to servers that are integrated in a VPN network. In practice, the end-addressed servers are in many cases cloud or database servers; however, the servers can also be dedicated to other purposes.
VPN forms its own logical network , which is embedded in a physical network (e.g. in the Internet and / or in a private or public physical intranet ) as a transport medium and uses the addressing mechanisms that are customary there, but transports its own network data packets in terms of data technology and thus from the rest this network works independently. It enables communication between the VPN partners located in it and the assigned network, is based on VPN tunnel technology , can be configured individually, is customer-specific and is self-contained (therefore " private "). For reasons of IT security , the VPN routers used usually work on the basis of proprietary firmware , the source code of which is not accessible to the general public ( closed source ). However, critics see no security gain in the inaccessibility of the source code, since security gaps in the seclusion can remain undetected for a long time.

The connector opens a virtually isolated transmission channel (a so-called " tunnel ") via the server of a trustworthy VPN provider to the addressee and sends him a connection request. The addressed server responds by sending an authentication query back to the connector. If the connector sends a previously agreed, permissible authentication code back to the addressed server, the connection is released . A bidirectional data transfer to and from the addressed server can take place. The VPN network is temporarily expanded to include the participant in question who uses the VPN router including connector.

While the routing function unit of the VPN router directs the data packets in and out of the correct (on-site) local subnets, which is also known as routing , the connector opens and closes the gateway in the course of authentication , the " Torweg ”, the controlled data passage, for the data packets via which they - through the VPN tunnel - reach the addressees in the external networks. But before the data packets reach the outside world of the data network via the gateway and the VPN tunnel, the connector divides them into data segments and encrypts them segment by segment using a state-of-the-art cryptographic method . These steps are part of the more comprehensive process of data encapsulation , which also has to do with the underlying physical network (e.g. the Internet and / or a private or public physical intranet ) that serves as the transport medium. The data encapsulation is part of the process of sending , while in the process of receiving, decapsulation takes place in correspondingly reversed steps.

Application in industry and community

Application in supply engineering

Special VPN routers with connectors for setting up tunnel connections to cloud servers can be used to perform remote maintenance on machines and systems that are controlled remotely , provided that the data from such machines and systems is stored in a cloud. The recording , visualization , alarming and data preprocessing of the aforementioned controlled machines and systems can be carried out by means of remote access to the cloud via the aforementioned VPN router . From this, for example, predictive maintenance of the machines and systems can be carried out . This technique is also useful for developing product improvements. An important field of application for remote maintenance of such controlled machines and systems is supply technology .

Application in healthcare

In the medical healthcare system in Germany, VPN routers including connectors seem to be prescribed for data exchange, although their introduction is probably seen more as an evolutionary process. The VPN router including VSDM connector used in the healthcare sector creates a virtual private network (VPN) for the " Telematics Infrastructure of the Health Sector " (TI), which ( upon completion) will become a virtual network that will structure around 55,000 healthcare facilities could. Not all institutions have to be online at the same time. The VPN router including VSDM connector contains the mandatory module for insured person master data management (VSDM). In the healthcare sector, the term "VPN router including VSDM connector" is not generally used, but rather, somewhat casually, simply about the "VSDM connector" or the "connector".

The connector is connected to the stationary card terminals the doctor's office or treatment station as well as the practice management system (PVS) practice computer via the network connected locally. The practice administration system must be adapted to enable a connection to the connector and to be able to import the insured person's data from the electronic health card (eGK).

Chip card reader (older generation) for a doctor's office

Three types of chip cards are read in the e-health card terminal:

SMC-B card (Security Module Card-Type B) confirms to the telematics infrastructure that access is via an authorized facility (practice, medical care center, hospital). The SMC-B card is a practice card - a chip card that authenticates the practice for participation in the telematics infrastructure. The practice ID is issued every time the card terminal is switched on, the connector is restarted or This is partly activated by entering a PIN code (personal identification number) when the practice administration system is started and remains in the card terminal.

The electronic health professional card (eHBA) is a chip card for doctors, dentists, psychotherapists, pharmacists and, in the future, also for members of other health professions who identify themselves with it.

The electronic health card with which the respective patient identifies himself.

Stationary eHealth card terminals also require a chip card, the gSMC-KT (device-specific security module card for stationary eHealth card terminals), in order to identify themselves as part of the TI to the connector.

For access to the telematics infrastructure, medical practices need a special VPN access service - similar to an Internet provider that provides access to the TI.

In the combination of a hardware-based VPN with a certified provider, the data already pre-encrypted by the VPN software and the gSMC-KT card in the doctor’s practice are stored in the connector using cryptographic keys, including on the health professional card (HBA), the SMC-B and the health card (eGK) once again packaged and encrypted, whereby further routing data can be given to the internal data packet. The provider providing the intranet must qualify as particularly trustworthy. This decrypts the external data packet and forwards the internal one to the recipient, for example to the health insurance company , using the latter's address data , whereby he has to strictly separate this process from his other services for the Internet. In the first phase of using VPN routers including VSDM connectors, the main task of the same is the online comparison of the insured person's master data (VSDM).

The public network virtually switches its own VPN tunnel to the addressee (server or client) via the provider. Although the same lines are used and the transmission technology is the same as that of the Internet, the VPN channel has nothing to do with it. Cross connections to the Internet are excluded. The provider and the gateway to be set up by the doctor take care of this. Everything runs automatically for the end user. The encryption is carried out by the gateway or the special VPN router so that operating errors and manipulation are practically impossible. What is striking about the procedure used in the healthcare sector is that there is additional encryption, which the recipient can use to determine whether the data received really comes from the alleged sender .

In addition, there is a decisive advantage of the use of smart cards / smart cards is that symmetric and asymmetric encryption can be made without secret key on the input / output - interface in the local and remote network to let go outside world. Compared to key storage on a computer, the keys on a chip card are much less vulnerable.

The next expansion stage in terms of connector, expected in 2020, is the e-health connector. In addition to VSDM, this should also enable the qualified electronic signature (QES) and contain the modules for emergency data management (NFDM) and the electronic medication plan (eMP). Another future expansion stage is the ePA connector, which is a prerequisite for the electronic patient record (ePA). All planned functional expansions do not require a new device, but can be installed via software upgrade.

So far, models of VPN routers including VSDM connectors from four manufacturers are available that have been approved for TI operation by Gematik , the certifier of the healthcare sector (as of March 2020), namely the following:

CompuGroup / KoCo Connector KoCoBox Med +;
T-Systems Medical Access Port VSDM connector;
secunet Security Networks secunet connector;
Research Industrial Systems Engineering RISE connector.

The upgrades for the e-health connector are currently being developed or are in the approval process.

Remarks

↑ As in: Wolfgang Böhmer: VPN: Virtual Private Network: The real world of virtual networks. Hanser, Munich 2002, ISBN 3-446-21532-8 , p. 192

Individual evidence

^ Paul Ferguson, Geoff Huston: What is a VPN? potaroo.net internet portal, April 1998 (PDF; 652 kB)
↑ ^a ^b ^c VPN router with MindSphere connector. In: SPS-Magazin online, October 8, 2019
↑ ^a ^b ^c ^d ^e ^f ^g ^h ⁱ Technical equipment for the TI. kbv.de Internet portal (National Association of Statutory Health Insurance Physicians), June 28, 2019
↑ ^a ^b Telematics Infrastructure: Why the connector is so important. In: Ärztezeitung online, September 1, 2017

[5] As in: Wolfgang Böhmer: VPN: Virtual Private Network: The real world of virtual networks. Hanser, Munich 2002, ISBN 3-446-21532-8 , p. 192

[PaulFerguson-GeoffHuston-VPN-1] Paul Ferguson, Geoff Huston: What is a VPN? potaroo.net internet portal, April 1998 (PDF; 652 kB)

[sps-magazin.de_Router_mit_Cloud-Konnektor-2] VPN router with MindSphere connector. In: SPS-Magazin online, October 8, 2019

[kbv.de_Technische_Ausstattung_für_die_TI-3] ↑ ^a ^b ^c ^d ^e ^f ^g ^h ⁱ Technical equipment for the TI. kbv.de Internet portal (National Association of Statutory Health Insurance Physicians), June 28, 2019

[aerztezeitung.de_Telematikinfrastruktur_Konnektor-4] Telematics Infrastructure: Why the connector is so important. In: Ärztezeitung online, September 1, 2017