EP4062615A1 - Procédé de communication de données sécurisé dans un réseau informatique - Google Patents

Procédé de communication de données sécurisé dans un réseau informatique

Info

Publication number
EP4062615A1
EP4062615A1 EP20807450.0A EP20807450A EP4062615A1 EP 4062615 A1 EP4062615 A1 EP 4062615A1 EP 20807450 A EP20807450 A EP 20807450A EP 4062615 A1 EP4062615 A1 EP 4062615A1
Authority
EP
European Patent Office
Prior art keywords
computer
data
data connection
key
connection
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
EP20807450.0A
Other languages
German (de)
English (en)
Inventor
Claudio COLOMBANO
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Inventio AG
Original Assignee
Inventio AG
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Inventio AG filed Critical Inventio AG
Publication of EP4062615A1 publication Critical patent/EP4062615A1/fr
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/107Network architectures or network communication protocols for network security for controlling access to devices or network resources wherein the security policies are location-dependent, e.g. entities privileges depend on current location or allowing specific operations only from locally connected terminals
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B66HOISTING; LIFTING; HAULING
    • B66BELEVATORS; ESCALATORS OR MOVING WALKWAYS
    • B66B1/00Control systems of elevators in general
    • B66B1/34Details, e.g. call counting devices, data transmission from car to control system, devices giving information to the control system
    • B66B1/3415Control system configuration and the data transmission or communication within the control system
    • B66B1/3423Control system configuration, i.e. lay-out
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B66HOISTING; LIFTING; HAULING
    • B66BELEVATORS; ESCALATORS OR MOVING WALKWAYS
    • B66B1/00Control systems of elevators in general
    • B66B1/34Details, e.g. call counting devices, data transmission from car to control system, devices giving information to the control system
    • B66B1/3415Control system configuration and the data transmission or communication within the control system
    • B66B1/3446Data transmission or communication within the control system
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/18Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels

Definitions

  • the present invention relates to a method for communicating data in a computer network and to a computer network configured to carry out this method, in particular in a passenger transport system.
  • Computers which are often referred to as computers, are used in a wide variety of applications for processing data. In a wide range of applications, computers must be able to exchange data with other computers. For this purpose, several computers are connected to a computer network via data connections.
  • the authenticity of computers participating in the data communication is usually checked in advance.
  • the computers that strive for data communication can exchange authentication data.
  • a previously created list can be used, for example, to check whether the authenticated computers are authorized to communicate with one another.
  • data communication between computers is also encrypted.
  • data to be communicated is encrypted by a sending computer using previously specified encryption data before they are transmitted to a receiving computer, and then decrypted again by the receiving computer using correlating encryption data.
  • the sending computer can encrypt the data to be transmitted with a public key of the receiving computer so that the latter can then decrypt the received data again with its private key, which is to be kept secret and which correlates with the public key. Because both computers use correlating encryption data, the authenticity or authorization of the communicating computers is also checked indirectly.
  • the authentication data can also be made for the authentication data to have a time-limited validity. However, this may require that after this validity has expired, new authentication data must be transmitted to the computers, which in turn may require a data connection between the computers and the authority computer.
  • a need for a method for communicating data in a computer network with which at least some of the deficits mentioned at the outset, as they occur in the conventional operation of computer networks, can be overcome.
  • a method for communicating data in a computer network which can be implemented easily and / or with little hardware expenditure and which nevertheless allows a high level of security in data communication.
  • a computer network that is configured to carry out or control such a method.
  • a passenger transport system that is equipped with such a computer network.
  • a method for communicating data in a computer network between a first computer and a second computer, in particular in a passenger transport system is proposed.
  • the first computer and the second computer are accommodated together in a room protected against unauthorized access.
  • the first computer and the second computer are also connected to one another via a first and a second data connection.
  • the second data connection runs exclusively within the protected area.
  • the second data connection only allows data to be transmitted between the first computer and the second computer.
  • the method comprises at least the following method steps, preferably in the specified order:
  • a computer network with a first computer and a second computer in particular in a passenger transport system, is proposed.
  • the first computer and the second computer are accommodated together in a room protected against unauthorized access.
  • the first computer and the second computer are connected to one another via a first and a second data connection.
  • the second data connection runs exclusively within the protected area.
  • the second data connection only allows data to be transmitted between the first computer and the second computer.
  • the computer network is configured to carry out or control the method according to an embodiment of the first aspect of the invention.
  • a passenger transportation system in particular an elevator system, with a computer network according to an embodiment of the second aspect of the invention is proposed, the protected space being a machine room of the passenger transportation system.
  • computers must be reliably and securely connected to one another via a data network in a wide variety of technical applications communicate, ie exchange data, can.
  • it must be ensured that individual computers only communicate with certain other computers, but do not transmit data to computers that are not authorized for this purpose and / or accept data from computers that are not authorized for this purpose.
  • computers must be able to authenticate, ie a computer must be able to reliably determine the identity of another computer coming into question as a communication partner and, on the basis of the identified identity, determine whether data exchange with this computer is permissible.
  • a first computer and a second computer can be part of a computer network made up of a large number of computers.
  • the first computer can, for example, be a host computer or server computer and the second computer can be a client computer from a plurality of client computers included in the computer network. All these computers can be connected to one another via one or more data connections, i.e. in principle they can be able to exchange data with one another via wired or wireless interfaces.
  • the first computer can exchange data reliably and discretely with the second computer, it must be ensured that no other computer on the computer network can eavesdrop on the data communication between the first and the second computer and that no other computer can intercept the first computer other than the second computer can output.
  • the second computer can authenticate itself to the first computer so that the first computer can be certain of the identity of the second computer and can then determine, based on the identity established in this way, whether there is data communication with the second computer is permissible, ie whether the second computer is authorized to exchange data with the first computer.
  • a prerequisite for the functioning of the method presented here is that the first computer and the second computer are accommodated together in a room protected against unauthorized access, i.e. are in the immediate vicinity of one another.
  • a room can be understood as a physically delimited area, to which normally only persons authorized for this have access.
  • a room can, for example, be a volume in a building or structure surrounded by walls or other physical boundaries, to which access is only possible via one or more lockable doors or the like.
  • a person In order to get into the protected space through such a door, a person must be authorized beforehand, for example by being in possession of a key suitable for unlocking the door.
  • the room protected against unauthorized access can be, for example, a machine room of the passenger transport system.
  • Such a machine room can typically be locked and thus secured against unauthorized access.
  • both a drive machine and a controller used to control this drive machine are accommodated in a machine room.
  • this control usually has a computer that can be viewed as the first computer or host computer.
  • This first computer can communicate with a large number of other computers, which in certain cases can be viewed here as second computers or client computers. Some of these computers can be located within the Machine room are located, other computers can be arranged outside the machine room.
  • a computer can be viewed, for example, which should be able to communicate with the first computer for maintenance purposes or for troubleshooting and for this purpose should be able to exchange data with the first computer.
  • the second computer can be permanently installed in the protected space.
  • the second computer can be temporarily brought into the protected space, for example by a maintenance technician temporarily bringing a maintenance device controlled by the second computer into the machine room.
  • the first and the second computer should be connected to one another both via a first data connection and via a second data connection. Via each of the two data connections, data can be exchanged between the two computers from the first computer to the second computer and / or from the second computer to the first computer.
  • a data connection can be established by wire, i.e. data can be transmitted between the two computers via devices and / or cables connecting the computers.
  • a data connection can be established wirelessly, i.e. data can be transmitted between the two computers via radio, for example.
  • authentication data should first be generated by the first computer, by means of which the second computer can authenticate itself on the first computer.
  • the authentication data contain at least one key to be kept secret.
  • the key to be kept secret is transmitted from the first computer to the second computer via the second data connection.
  • the key to be kept secret can, for example, be part of a key pair made up of a public key and a private key correlating with it. In particular, the key to be kept secret can be the private key of such a key pair.
  • the first computer does not send the key of this authentication data, which is to be kept secret, to the second computer via the first data connection, but rather via the second data connection.
  • the first computer can be sure that the secret key of the authentication data has been sent to a computer that is located within the protected area.
  • the first computer can therefore assume that the second computer receiving the key to be kept secret is authorized to exchange data with the first computer, since otherwise it would not have been allowed to enter the protected area.
  • the first computer can also assume that the secret key can only be known to a second computer that is authorized for communication with the first computer.
  • encrypted data communication is established between the first and the second computer, the authentication data being used at least for the authentication of the second computer by the first computer. .
  • this data communication is not established via the second data connection, but via the first data connection, via which the first computer is also connected to other computers and which generally has different data transmission properties than the second data connection.
  • the first computer can thus check the authenticity of the second computer within the framework of the encrypted data communication established.
  • the method described and the computer network specially designed for this purpose can ensure that data communication required for certain applications can only be established from the first computer with computers that are authorized for this purpose and that are located within the protected area.
  • the data communication protected in this way can be set up with very simple hardware means.
  • the first data connection is configured for data communication at a higher data transmission rate than the second data connection.
  • the first data connection can be designed to transmit data at a higher transmission rate than the second data connection.
  • the first data connection can thus be designed for a larger bandwidth than the second data connection.
  • the data transmission rate to be established via the first data connection can be more than twice as high, preferably more than ten times as high, as that of the second data connection. While the first data connection can thus be designed for a high data throughput, the second data connection can be established with technically simpler means, since it only needs to enable a low transmission rate.
  • the first data connection is also accessible to subscribers in the computer network who are located outside the protected area.
  • the first data connection can be configured in such a way that it can also be used to communicate with the first computer via computers that are not located within the protected space, but are external to it.
  • the first data connection can be part of a local network (LAN - local area network), a wide network (WAN - wide area network) or even a global data network such as the Internet, via which a large number of computers inside and outside the protected space can communicate with each other.
  • the first data connection can be an Ethernet connection.
  • Ethernet connections are a long-established and largely standardized option for data transmission between several computers.
  • Ethernet connections use software in the form of protocols, etc., and hardware in the form of cables, distributors, network cards, etc., which are specified for wired data networks and which are originally for local area networks (LAN). They enable data to be exchanged between the devices connected in a local network using data frames. Transmission rates of up to 400 gigabit / s are currently possible.
  • a data network established with Ethernet connections typically extends over a building, but Ethernet variants over fiber optics can have a range of up to 70 km.
  • the second data connection can only allow data to be transmitted between the first computer and the second computer.
  • the second data connection can thus differ from the first data connection, which in principle can allow data to be transmitted between the first computer and a large number of other computers.
  • the second data connection can thus ensure that only data can be exchanged via it between the first and the second computer, but not with other computers.
  • the second data connection can be a wired data connection.
  • Such a wired data connection can use one or more cables which run between the first and the second computer and via which these two computers can exclusively exchange data.
  • a wired data connection can be established in a technically simple manner by, for example, plugging a data cable with its plugs into one of the computers at opposite ends.
  • the data cable establishing the data connection can be used shielded so that data transmitted via the data cable cannot be intercepted from outside.
  • the data transmission takes place via such a wired data connection exclusively between the two first and second computers arranged in the protected space and can neither be manipulated nor eavesdropped from outside the protected space.
  • the second data connection can be a serial data connection.
  • a serial data connection enables data to be transmitted sequentially between communication partners, for example in the form of individual bits.
  • Such a serial data connection can be established with very simple technical means, for example with a single wire or cable, which can optionally be shielded.
  • the second data connection can be a unidirectional data connection.
  • a unidirectional data connection which is sometimes also referred to as a monodirectional data connection, can be understood to mean a data connection which allows data transmission only in one direction, but not in the opposite direction.
  • a cable can typically not only transmit data unidirectionally
  • the interfaces to be provided on the first and second computers, which are connected to the cable and which are part of the data connection can very well be designed for such unidirectional data communication.
  • the interface provided on the first computer can only be configured to send data but not receive it, whereas the interface provided on the second computer can only be configured to receive data, but not to send it.
  • a particularly confidential data transmission can be established.
  • only a transmission of data from the first computer to the second computer can be made possible via the second data connection.
  • the key to be kept secret is formed by a key for symmetrical data encryption, the key being stored on the first computer as well as on the second computer.
  • the data communication to be established between the first and the second computer is symmetrical encryption
  • the key to be kept secret is formed by a private key of the second computer.
  • a public key corresponding to the private key is generated by the first computer.
  • the authentication data include at least the private key and the public key.
  • authentication data can include a key pair with a private and a public key, the private key being transmitted from the first computer to the second computer via the second data connection
  • the public key is stored on the first computer in a list of authorized keys. In other words, it becomes public
  • the key of the second computer is stored on the first computer in such a way that it can be recognized as trustworthy at a later point in time
  • the public key which is part of a key pair serving as authentication data and which is generated by the first computer itself and then stored, is stored as trustworthy, so that when encrypted data communication is established later for the first computer it can be seen that the associated Communication partner computer is trustworthy, ie authorized.
  • the public key is signed by the first computer and this signed key, together with the private key, forms the authentication data.
  • the signed key can also be transmitted to the second computer.
  • the signed key is also referred to as a certificate or can form a certificate.
  • the second computer can set up an encrypted connection between the second computer and the first computer using Transport Layer Security or also using Secure Sockets Layer, the first computer being able to check the authenticity of the second computer.
  • the second computer can dispense with checking the authenticity of the first computer. However, this could be done optionally.
  • FIG. 1 shows a passenger transport system in the form of an elevator system with a computer network according to an embodiment of the present invention.
  • FIG. 1 shows a passenger transport system 1 in the form of an elevator system 3.
  • an elevator car 7 is displaced vertically by a drive machine 9.
  • the drive machine 9 is controlled by an elevator control 11.
  • the elevator control 11 has a first computer 13 or is controlled by it.
  • the first computer is part of a computer network 15 in which several computers 19, 21, 23 can communicate with the first computer 13 via a first data connection 17.
  • Computers 19 can be accommodated within a machine room 25 in which the controller 11 and the first computer 13 are also located.
  • Other computers 21, 23 can be located outside this machine room 25.
  • the first data connection 17 can be an Ethernet connection and can enable high data transmission rates of, for example, a few kilobits per second through a few megabits per second up to a few gigabits per second.
  • the second computer 27 can, for example, be part of a maintenance tool that is brought along and / or operated by a technician 31 in order to configure the controller 11.
  • the second computer 27 is located within the machine room 25. Since this machine room 25 can only be entered by people through a lockable door 33, it can be viewed as a room 35 protected against unauthorized access.
  • the second computer 27 is connected to the first computer 13 via the first data connection 17 and can use this to exchange data with the first computer 13 at a high data transmission rate.
  • the second computer 27 is on the other hand connected to the first computer 13 via a second data connection 29.
  • This second data connection 29 runs exclusively within the engine room 25. It is preferably designed as a wired data connection and is used exclusively to transmit data between the first computer 13 and the second computer 27.
  • the second data connection 29 is designed as a serial and unidirectional data connection that it only enables data to be transmitted from the first computer 13 in one direction to the second computer 27, but not in the opposite direction.
  • the two computers can assume different roles or perform different tasks.
  • the first computer 13 can, for example, control the controller 11 of the elevator system 3 and thereby be responsible for correct and safe operation of the elevator system 3.
  • the second computer 27 can be a client computer that should be able to interact with the controller 11.
  • Such a client computer can, for example, display and / or modify status information and can be used for maintenance or troubleshooting of an elevator installation 3.
  • Client computer and host computer ie first computer 13 and second computer 27, are all connected to the same local network, that is, can use the common first data connection 17 communicate with each other.
  • This network is used as a connection with a wide bandwidth and shared by all computers in order to form a LAN for the elevator system 3.
  • the client computer, ie the second computer 27, is located together with the first computer 13 within the protected space 35, ie in close proximity to the first computer 13 with which it is to interact.
  • the protected space 35 that is to say the engine room 25 in the example mentioned, is regarded as trustworthy.
  • this room 35 has sufficient physical barriers, such as the lockable door 33, to prevent unauthorized entry.
  • the network can also be accessed by other computers 19, 21, 23 that are not necessarily in the vicinity of the first computer 13, ie by other computers 19, 21, 23 that are not located within the protected space 35 become.
  • the data exchange must be secure. This means that only authorized client computers are allowed to communicate with the server via the local network.
  • a wide area network (WAN) such as the Internet may be available to interact with members of the local area network.
  • the local network i.e.
  • the first data connection 17 should not be allowed to be used to exchange data to be kept secret, such as authentication data or encryption data to be used accordingly, in order to rule out the possibility that this could be read by an attacker eavesdropping on the data traffic.
  • data to be kept secret such as authentication data or encryption data to be used accordingly
  • Conventionally, such assumptions or problems are solved by gradually defining data to be kept secret, for example in the form of software keys or certificates, which identify the client computer and are recognized as authentic by the host computer.
  • this can present the following logistical challenges:
  • Data to be kept secret such as keys or certificates
  • keys or certificates can be generated as different at the time of manufacture of a computer or an assembly by accessing a certified authority computer that is responsible for generating such keys and certificates. While this is possible, it introduces complex additional infrastructure into a manufacturing chain.
  • Keys and certificates can have a kind of expiry date, i.e. have a limited validity in order to reduce the risks of security gaps that are not limited in time.
  • Generating and installing new keys and certificates, for example at periodic intervals, can, however, lead to increased logistics costs, for example if no Internet connection is available and a visit on site is required to install such keys and certificates.
  • a parallel connection can be established between the second computer 27 serving as the client computer and the first computer 13 serving as the server computer, which connection can be assumed to be reliable.
  • the second data connection 29 can be used, for example, in the form of a short serial cable with a physical unidirectional transmission capability from the server computer to the client computer for a secure exchange of data to be kept secret.
  • the cable establishing the second data connection 29 can connect the client computer to the server computer, since these are assumed to be arranged in spatial proximity to one another.
  • the cable can also be assumed to be secured against physical access, since it is located in the protected space 35 and is therefore not easily accessible for eavesdropping or eavesdropping.
  • a configuration in which the cable only enables unidirectional data transmission can help to make it even more difficult to carry out an eavesdropping attack.
  • the first computer 13 generates authentication data by means of which the second computer 27 can authenticate itself on the first computer.
  • the authentication data contain a key of the second computer 27 to be kept secret and a public key of the second computer 27.
  • the first computer 13 stores the public key, for example in a list of authorized keys. This list can be used later to authenticate a client computer such as the second computer 27.
  • the list can be formed, for example, by a file, a database or also by a directory structure and files.
  • the first computer 13 can also sign the public key of the authentication data with its own private key.
  • the signed, public key of the authentication data is also referred to as the certificate in the following.
  • the first computer 13 sends the key of the authentication data to be kept secret to the second computer 27 via the serial, preferably unidirectional cables 29, for example with a standard serial protocol such as RS232.
  • the public key of the authentication data or the certificate can also be transmitted to the second computer, this transmission being able to take place either via the first data connection 17 or via the second data connection 29.
  • the second computer 27 can store it, for example in a permanent data memory. Likewise, the public key of the authentication data or the certificate can be saved if this or this has been transmitted to the second computer 27.
  • the second computer 27 can then use this key, which is to be kept secret, in order to establish authenticated data communication with the first computer via the local network, that is to say via the first data connection 17.
  • the first computer 13 can authenticate the second computer 27, since the first computer 13 has the public key corresponding to the private key of the authentication data in the list of authorized keys. Alternatively, the first computer 13 can check the signature of the certificate.
  • the data connection between the first computer 13 and the second computer 27 is also encrypted.
  • a known encryption method such as, for example, Transport Layer Security or Secure Sockets Layer, can be used for this purpose.
  • the first computer 13 generates authentication data by means of which the second computer 27 can authenticate itself on the first computer.
  • the authentication data contain a key that is to be kept secret.
  • the first computer 13 stores the key to be kept secret, for example in a list of authorized keys to be kept secret. This list can later be used to authenticate the second computer 27.
  • the first computer 13 sends the key to be kept secret to the second computer 27 via the serial, preferably unidirectional cable which forms the second data connection 29.
  • serial preferably unidirectional cable which forms the second data connection 29.
  • a standard serial protocol such as RS232 can be used for this.
  • the second computer 27 can store it, for example in a permanent data memory.
  • the second computer 27 can then use this key, which is to be kept secret, in order to establish authenticated as well as secure data communication with the first computer 13 via the local network, that is to say via the first data connection 17.
  • the first computer 13 can authenticate the second computer, since only the first computer 13 and the second computer know the secret key.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Automation & Control Theory (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Small-Scale Networks (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

L'invention concerne un procédé de communication de données dans un réseau informatique (15) entre un premier ordinateur (13) et un second ordinateur (27), plus particulièrement dans un système de transport de passagers (1), et un réseau informatique (15) configuré pour mettre en œuvre ce procédé. Le premier ordinateur (13) et le second ordinateur (27) sont logés ensemble dans une pièce (35) protégée contre un accès non autorisé. Le premier ordinateur (13) et le deuxième ordinateur (27) sont reliés l'un à l'autre par une première et une deuxième liaison de données (17, 29). La seconde connexion de données (29) fonctionne uniquement à l'intérieur de la salle protégée (35) et permet seulement un transfert de données entre le premier ordinateur (13) et le second ordinateur (27). Le procédé comprend au moins les étapes suivantes : La génération, par le premier ordinateur (13), des données d'authentification et le transfert des données d'authentification du premier ordinateur (13) au second ordinateur (27) par l'intermédiaire de la seconde connexion de données (29). (Fig. 1)
EP20807450.0A 2019-11-21 2020-11-20 Procédé de communication de données sécurisé dans un réseau informatique Pending EP4062615A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
EP19210773 2019-11-21
PCT/EP2020/082870 WO2021099561A1 (fr) 2019-11-21 2020-11-20 Procédé de communication de données sécurisé dans un réseau informatique

Publications (1)

Publication Number Publication Date
EP4062615A1 true EP4062615A1 (fr) 2022-09-28

Family

ID=68653422

Family Applications (1)

Application Number Title Priority Date Filing Date
EP20807450.0A Pending EP4062615A1 (fr) 2019-11-21 2020-11-20 Procédé de communication de données sécurisé dans un réseau informatique

Country Status (6)

Country Link
US (1) US20220407848A1 (fr)
EP (1) EP4062615A1 (fr)
CN (1) CN114747178A (fr)
AU (1) AU2020385641A1 (fr)
BR (1) BR112022009812A2 (fr)
WO (1) WO2021099561A1 (fr)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2021255932A1 (fr) * 2020-06-19 2021-12-23 三菱電機ビルテクノサービス株式会社 Dispositif de commande d'ascenseur, système de surveillance d'ascenseur et procédé de surveillance d'ascenseur

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE60220959T2 (de) * 2002-09-17 2008-02-28 Errikos Pitsos Verfahren und Vorrichtung zur Bereitstellung einer Liste von öffentlichen Schlüsseln in einem Public-Key-System
GB2472491B (en) * 2009-02-06 2013-09-18 Thales Holdings Uk Plc System and method for multilevel secure object management
US9241016B2 (en) * 2013-03-05 2016-01-19 Cisco Technology, Inc. System and associated methodology for detecting same-room presence using ultrasound as an out-of-band channel
AU2016287732A1 (en) * 2015-06-30 2017-12-07 Visa International Service Association Mutual authentication of confidential communication
US10887310B2 (en) * 2015-12-21 2021-01-05 Koninklijke Philips N.V. Network system for secure communication
WO2017167771A1 (fr) * 2016-03-29 2017-10-05 Koninklijke Philips N.V. Protocoles d'établissement de liaison "handshake" pour matériau de clé basée sur l'identité et certificats
LU93024B1 (de) * 2016-04-11 2017-11-08 Phoenix Contact Gmbh & Co Kg Intellectual Property Licenses & Standards Verfahren und Anordnung zum Aufbauen einer sicheren Kommunikation zwischen einer ersten Netzwerkeinrichtung (Initiator) und einer zweiten Netzwerkeinrichtung (Responder)
US10875741B2 (en) * 2017-09-29 2020-12-29 Otis Elevator Company Elevator request authorization system for a third party

Also Published As

Publication number Publication date
WO2021099561A1 (fr) 2021-05-27
AU2020385641A1 (en) 2022-06-16
BR112022009812A2 (pt) 2022-08-09
US20220407848A1 (en) 2022-12-22
CN114747178A (zh) 2022-07-12

Similar Documents

Publication Publication Date Title
DE60119857T2 (de) Verfahren und Vorrichtung zur Ausführung von gesicherten Transaktionen
EP2567501B1 (fr) Procédé pour la protection cryptographique d'une application
WO2005112459A1 (fr) Procede pour authentifier des donnees de capteur et capteur associe
EP1563638B1 (fr) Systeme de communication par cryptographie quantique et stations de commutation
DE102009059893A1 (de) Vorrichtung und Verfahren zum Absichern eines Aushandelns von mindestens einem kryptographischen Schlüssel zwischen Geräten
EP3582033B1 (fr) Procédé de fonctionnement securisé d'un appareil de terrain
DE60319514T2 (de) Verfahren und anordnung zur zugangssteuerung
DE102016222523A1 (de) Verfahren und Vorrichtung zum Übertragen von Daten in einem Topic-basierten Publish-Subscribe-System
EP2272199B1 (fr) Dispositif de stockage de données réparti
DE102015200279A1 (de) Einwegübertragungseinrichtung, Vorrichtung undVerfahren zum rückwirkungsfreien Erfassen von Daten
EP2548358B1 (fr) Méthode d'autorisation dynamique d'un dispositif de communication mobile
EP4062615A1 (fr) Procédé de communication de données sécurisé dans un réseau informatique
DE10200681B4 (de) Temporäre Zugansberechtigung zum Zugriff auf Automatisierungseinrichtungen
EP2388972A1 (fr) Système de connecteur à fiche pour le montage protégé d'une liaison de réseau
EP3266186A1 (fr) Appareil de réseau et procédé d'accès à un composant de réseau dans un réseau de données
EP4054143A1 (fr) Authentification d'un appareil dans un réseau de communication d'une installation d'automatisation
EP3151503B1 (fr) Procede et systeme d'authentification d'une application web environnante par une application web a inserer
WO2018166942A1 (fr) Procédé de contrôle d'accès
EP3734478A1 (fr) Procédé d'attribution des certificats, système de guidage, utilisation d'un tel système de guidage, installation technique, composants d'installation et utilisation d'un fournisseur d'identité
WO2016041843A1 (fr) Procédé et agencement permettant d'autoriser une action au niveau d'un système en libre-service
EP4099611B1 (fr) Génération de la clé quantique sûre dans un réseau
DE102018102608A1 (de) Verfahren zur Benutzerverwaltung eines Feldgeräts
DE102019109341B4 (de) Verfahren zum sicheren Austausch von verschlüsselten Nachrichten
EP2618226A1 (fr) Système d'automatisation industriel et son procédé de protection
EP3907927A1 (fr) Fourniture de clés quantiques sûres pour des n uds de réseau non connectés au moyen du canal quantique

Legal Events

Date Code Title Description
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: UNKNOWN

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE

PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE

17P Request for examination filed

Effective date: 20220412

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

DAV Request for validation of the european patent (deleted)
DAX Request for extension of the european patent (deleted)