EP2805446A1 - Fonction de dérivation de défi pour protéger des éléments dans un protocole d'authentification par défi-réponse - Google Patents

Fonction de dérivation de défi pour protéger des éléments dans un protocole d'authentification par défi-réponse

Info

Publication number
EP2805446A1
EP2805446A1 EP13715910.9A EP13715910A EP2805446A1 EP 2805446 A1 EP2805446 A1 EP 2805446A1 EP 13715910 A EP13715910 A EP 13715910A EP 2805446 A1 EP2805446 A1 EP 2805446A1
Authority
EP
European Patent Office
Prior art keywords
authenticator
authorization
request message
unit
product
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP13715910.9A
Other languages
German (de)
English (en)
Inventor
Rainer Falk
Steffen Fries
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Siemens AG
Original Assignee
Siemens AG
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Siemens AG filed Critical Siemens AG
Publication of EP2805446A1 publication Critical patent/EP2805446A1/fr
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • H04L9/3273Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response for mutual authentication

Definitions

  • the present invention relates to an apparatus and method for authenticating a product to an authenticator.
  • a product is authenticated, such as a device or an object, by means of a challenge-response method.
  • a request message or challenge message is transmitted to the product to be authenticated by the authenticator, which e.g. is formed as a function of a random number.
  • the product to be authenticated then calculates a response value, a response message or a response message, for example as a function of a secret cryptographic key.
  • This response message is returned to the authenticator, which checks the response message for correctness. Since only an original product or an original device can calculate a correct answer message, an original product or an original device can thus be reliably distinguished from a counterfeit.
  • challenge-response authentication may also be performed using a physical object property, i. a Physical Unclonable Function (PUF).
  • PEF Physical Unclonable Function
  • PUF Physical Unclonable Functions
  • the document DE 10 2009 030 019 B3 shows a system and a method for the reliable authentication of a device.
  • a request message is bound by means of a scholarerkontextinformation to an auditing device. Therefore, it is difficult for an attacker to fake an identity of a device.
  • This application is used in authentication scenarios, especially in telecommunications, where sensitive messages are exchanged.
  • a device for authenticating a product to at least one authenticator has a receiving unit, a test unit and a transmitting unit.
  • the receiving unit is set up to receive a request message sent by the authenticator.
  • the checking unit is set up to check authorization of the authenticator for receiving a response message to the sent request message.
  • the transmitting unit is set up to send a predetermined response message to the authenticator depending on the checked authorization and the received request message.
  • the present device offers increased security in the authentication, since only such request messages (challenge messages, challenges) are actually answered with a corresponding response message from the transmitting unit, which were sent by an authenticator, who is also entitled accordingly. In other words, if an authorization check reveals that the use of the received request message or challenge is permissible, the associated response message or response is sent by the sending unit to the authenticator.
  • a product to be authenticated may be an object such as a semiconductor device, a sensor node, a controller, a particular code in an FPGA, a battery or a toner cartridge, or an RFID tag on a toner Be cartridge.
  • An authenticator may be any device capable of communicating that may participate in a challenge-response procedure.
  • the authenticator may be, for example, an authentication server.
  • the request message may also be referred to as a challenge, challenge value or challenge message.
  • the response message may also be referred to as response, response message or response value.
  • the authorization may also be referred to as an authentication token or authorization token or coded. Examples include SAML assertion, attribute certificate, and XML assertion.
  • the authorization token codes the authorization.
  • the authorization token is protected with a cryptographic checksum, or it is provided over a secure communication link. Examples of cryptographic checksums include message authentication code and digital signature. Examples of such a protected communication link include IPsec, SSL and TLS.
  • Possible criteria for the authorization check can be an identity information of the authenticator (eg a Network Access Identifier (NAI), IP address, MAC address, public key, public key hash, process ID, hash of the program code or file name of the program code).
  • NAI Network Access Identifier
  • IP address IP address
  • MAC address public key
  • public key hash public key hash
  • process ID hash of the program code or file name of the program code
  • contextual information such as current location, current time or current operating status can be used for the authorization check.
  • the number of followed uses of a challenge value are used.
  • the time of the last use of this challenge value or the time span since the last use of this challenge value for the authorization check can be used.
  • the number of free, unused challenge-response pairs of an authenticator or the number of checks by this authenticator can also be included in the authorization check.
  • the present authorization check of the challenges is particularly advantageous for PUFs, since not all challenges can be used here, but only those for which reference data are available for the check.
  • the device is integrated with the receiving unit, the testing unit and the transmitting unit in the product.
  • the product for example a battery, has the device or authentication device.
  • the receiving unit and the transmitting unit are integrated in the product. Furthermore, the test unit precedes the product in such a way that request messages directed to the receiving unit of the product can be transmitted exclusively via the test unit of the apparatus.
  • a conventional product can be authenticated unchanged according to the invention, since the test unit is not part of the product, but only upstream of this product.
  • the test unit is designed as a ballast or upstream challenge authorization test device.
  • the receiving unit is configured to receive identification information with the request message from the authenticator.
  • the checking unit is set up to check the authorization of the au- thentiser for receiving the reply message to the sent request message as a function of the received identity information.
  • the authentication information of the authenticator is a simple implementation for the authorization check for receiving a response message by the authenticator.
  • the device has a memory device for storing at least one authorization information for the authorization of at least one authenticator.
  • the checking unit is set up to check the authorization of the authenticator as a function of the received request message and the at least one stored authorization information item.
  • the product can verify the authority to allow the request message based on locally stored authorization information.
  • a set of acceptable challenge values or even a permissible challenge value range can be assigned to a respective authenticator.
  • the receiving unit is configured to receive authorization information with the request message from the authenticator.
  • the checking unit is set up to check the authorization of the authenticator for receiving the reply message to the sent request message as a function of the received authorization information.
  • the authorization information can be designed, for example, as a protected authorization token.
  • the authorization token or authentication token is sent by the authenticator in particular with the request message to the direction.
  • the authorization token confirms the legitimate use of a challenge value against the device.
  • the device has a memory device for storing a number of authorization information for the authorization of a number of au- thentisier, wherein the respective authorization information is associated with a request message to be received. Furthermore, the device has an updating unit for updating the respective authorization information when the receiver unit receives the request message associated with the respective authorization information.
  • the updating unit is configured to update the respective authorization information such that the associated authorization is revoked when the receiving unit receives the request message associated with the respective authorization information.
  • the security level information can be used to display the security level of the current challenge-response authentication to the authenticator.
  • the security level information can be embodied, for example, as a flag or a trust value in the response message.
  • the update unit provides security level information for the received request message in response to the updated authorization information.
  • the transmission unit is set up to provide the security level To send information with the predetermined response message to the authenticator.
  • the system can have a plurality of PUF authentication servers, because in such a case it can be controlled according to the invention which PUF authentication server may use which challenge values. It can also be restricted according to the invention when a particular authentication server can authenticate a product or object, e.g. only until its expiration date has expired. Also, an object may only be authenticated as long as it is in a particular location or area. This information can be included in the authorization check from the context information.
  • the checking unit is set up to check the format and / or the content of the received request message before checking the authorization of the authenticator.
  • the respective unit, receiving unit, test unit and transmitting unit can be implemented by hardware and / or software technology.
  • the respective unit may be embodied as a device or as part of a device, for example as a computer or as a microprocessor.
  • the respective unit may be designed as a computer program product, as a function, as a routine, as part of a program code or as an executable object.
  • the authenticator is for sending a request message to the device and for receiving and checking a response message received in response to the sent request message from the device.
  • the authenticator and the device are set up in such a way that the authenticator authenticates himself to the device.
  • the system has at least a first authenticator and a second authenticator.
  • the first authenticator is configured to have authorization to receive a response message from the device by sending a request message to the device and by receiving a corresponding response message from the device and forward the generated authorization to the second authenticator with an integrity-protected forwarding message.
  • a method for authenticating a product to at least one authenticator is proposed.
  • a request message sent by the authenticator is received.
  • an authorization of the authenticator for receiving a reply message to the sent request message is checked.
  • a predetermined response message is sent to the authenticator in dependence on the checked authorization and the received request message.
  • a computer program product such as a computer program means can be provided or supplied, for example, as a storage medium, such as a memory card, USB stick, CD-ROM, DVD or in the form of a downloadable file from a server in a network. This can be done, for example, in a wire loose communication network; by transmitting a corresponding file with the computer program product or the computer program means.
  • FIG. 1 is a block diagram of a first embodiment of a device for authenticating a product
  • Fig. 2 is a block diagram of a second embodiment of a device for authenticating a product
  • FIG. 3 is a block diagram of a third embodiment of a device for authenticating a product
  • Fig. 4 is a block diagram of an embodiment of a
  • FIG. 1 shows a block diagram of a first embodiment of a device 10 for authenticating a product 1 to an authenticator 2.
  • the device 10 and the authenticator 2 are coupled via a communication link.
  • the device 10 is part of the product 1 to be authenticated.
  • the device 10 has a receiving unit 11, a checking unit 12 and a transmitting unit 13.
  • the receiving unit 11 is configured to receive a request message C sent by the authenticator 2.
  • the checking unit 12 checks the authorization B of the authenticator 2 for receiving a response message R on the sent request message C.
  • the transmitting unit 13 is configured to send a predetermined response message R to the authenticator 2 in dependence on the checked authorization B and the received request message C. That is, the checked permission B indicates whether or not to send a response message R to the authenticator 2. Only with a positive authorization B of the authenticator 2 is such a response message R sent to it. In the case of a positive authorization of the authenticator 2, the type of the response message R is determined in particular as a function of the checked authorization B and / or the received request message C. With the request message C, the authenticator 2 a
  • the identi- fication information can be used for authorization checking of the authenticator 2.
  • the authenticator 2 can transmit an authorization information with the request message C to the receiving unit 11 of the device 10.
  • the authorization information may directly indicate that the authenticator 2 is authorized to receive response messages R from the device 10.
  • the checking unit 12 then checks the authorization B of the authenticator 2 for receiving the response message R on the sent request message C as a function of the received authorization information.
  • the checking unit 12 may be configured to check the format of the received request message C before checking the authorization B of the authenticator 2. For example, the authorization B of the authenticator 2 is checked by the checking unit 12 only if the format of the received request message C corresponds to a predetermined format.
  • FIG. 2 shows a block diagram of a second exemplary embodiment of a device 10 for authenticating a product 1 with respect to an authenticator 2.
  • the second exemplary embodiment of FIG. 2 differs from the first exemplary embodiment of FIG. 1 in that the receiving unit 11 and the transmitting unit 13 of the device 10 are integrated in the product 1 to be authenticated, but the checking unit 12 is not part of the product 1 , but this is upstream.
  • the test unit 12 is connected upstream of the product 1 such that request messages C directed to the receiving unit 11 of the product 1 can be transmitted exclusively via the test unit 12 of the device 10.
  • the test unit 12 may have a test device 15 which checks the authorization B of the authenticator 2. With a positive permission B transmits the test means 15 an authorization signal B to a switching means 16, which then accomplishes the communication connection between the transmitting unit 13 of the device 10 and the authenticator 2. If an unauthorized authorization is detected by the checking means 15, this controls
  • a memory device 14 is provided for storing at least one authorization information Ref for the authorization of the authenticator 2.
  • the checking unit 12 can then check the authorization B of the authenticator 2 as a function of the received request message C and the stored authorization information Ref.
  • the stored authorization information Ref can also be referred to as reference values or reference data.
  • the memory device 14 can also be set up for storing a plurality of authorization information Ref for the authorization of a plurality of authenticators 2, wherein the respective authorization information Ref is associated with a request message C to be received.
  • FIG. 3 shows a block diagram of a third exemplary embodiment of a device 10 for authenticating a product 1.
  • the third exemplary embodiment of FIG. 3 is based on the first exemplary embodiment of FIG. 1, the device 10 of FIG. 3 additionally having a memory device 14 and an updating unit 17.
  • the memory device 14 of the device 10 is configured to store a number of authorization information Ref for the authorization of a number of authenticators 2, wherein the respective authorization information Ref is associated with a request message C to be received.
  • the memory device 14 is in particular coupled between the updating unit 17 and the test unit 12.
  • the updating unit 17 is set up to update the respective authorization information Ref of the memory device 14 by means of an updating signal A when the receiver unit 11 receives the request message C assigned to the respective authorization information Ref from an authenticator 2.
  • the update device 17 can also be set up to update the respective authorization information Ref in such a way that the associated authorization B is revoked when the reception unit 11 receives the request message C assigned to the respective authorization information Ref.
  • the updating unit 17 can be set up to generate a security level information for the received request message C as a function of the updated authorization information Ref. Then, the transmitting unit 13 can be configured to send the generated security level information with the predetermined response message R to the authenticator 2.
  • a first authentication server 21 carries out a so-called enrollment phase (steps 401-403), in which challenge-response Pairs of challenges and responses are generated.
  • a challenge-response pair indicates an authorization of the requesting authentication server.
  • the first authentication server 21 can forward or delegate these authorizations to the further second authentication server 22.
  • the second authentication server 22 can use the delegated authorization of the authentication server 21. This will be explained below with reference to FIG. 4 in detail.
  • the first authentication server 21 sends a challenge C to the device 10.
  • the device 10 responds with a response R in step 402.
  • the first authentication server 21 sends a forwarding message W with authority B to receive
  • step 404 the second authentication server 22 generates a challenge C with the transmitted authorization B.
  • step 405 the second authentication server 22 transmits the generated challenge C to the device 10.
  • step 406 the device 10 checks the received authorization received from the first authentication server
  • the device 10 may request a response R in step 406 to the second authentication server
  • FIG. 5 illustrates a flow chart of one embodiment of a method for authenticating a product to an authenticator.
  • step 501 an inquiry message sent by the authenticator is received by the product.
  • step 502 an authorization of the authenticator to receive a response message to the sent request message from the product is checked.
  • step 503 a predetermined response message is sent from the product to the authenticator depending on the examined authorization and the received request message.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

L'invention concerne un dispositif d'authentification d'un produit vis-à-vis d'au moins une entité authentifiante. Le dispositif présente une unité réceptrice, une unité de vérification et une unité émettrice. L'unité réceptrice est conçue pour recevoir un message-interrogation émis par l'entité authentifiante. L'unité de vérification est conçue pour vérifier une autorisation de l'entité authentifiante en vue de la réception d'un message-réponse au message-interrogation envoyé. L'unité émettrice est conçue pour envoyer un message-réponse prédéfini à l'entité authentifiante en fonction de l'autorisation vérifiée et du message-interrogation reçu. Cela permet de garantir une sécurité accrue lors de l'authentification. L'invention concerne enfin un système pourvu d'un tel dispositif et d'une entité authentifiante ainsi qu'un procédé et un produit programme d'ordinateur destiné à l'authentification d'un produit.
EP13715910.9A 2012-05-25 2013-03-21 Fonction de dérivation de défi pour protéger des éléments dans un protocole d'authentification par défi-réponse Withdrawn EP2805446A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE102012208834A DE102012208834A1 (de) 2012-05-25 2012-05-25 Authentisierung eines Produktes gegenüber einem Authentisierer
PCT/EP2013/055923 WO2013174540A1 (fr) 2012-05-25 2013-03-21 Fonction de dérivation de défi pour protéger des éléments dans un protocole d'authentification par défi-réponse

Publications (1)

Publication Number Publication Date
EP2805446A1 true EP2805446A1 (fr) 2014-11-26

Family

ID=48092908

Family Applications (1)

Application Number Title Priority Date Filing Date
EP13715910.9A Withdrawn EP2805446A1 (fr) 2012-05-25 2013-03-21 Fonction de dérivation de défi pour protéger des éléments dans un protocole d'authentification par défi-réponse

Country Status (5)

Country Link
US (1) US20150143545A1 (fr)
EP (1) EP2805446A1 (fr)
CN (1) CN104322005A (fr)
DE (1) DE102012208834A1 (fr)
WO (1) WO2013174540A1 (fr)

Families Citing this family (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101404673B1 (ko) * 2013-07-02 2014-06-09 숭실대학교산학협력단 Rfid태그 인증 시스템
US10177933B2 (en) 2014-02-05 2019-01-08 Apple Inc. Controller networks for an accessory management system
KR102138027B1 (ko) 2014-02-05 2020-07-27 애플 인크. 제어기와 액세서리 사이의 통신을 위한 균일한 통신 프로토콜
US9619633B1 (en) 2014-06-18 2017-04-11 United Services Automobile Association (Usaa) Systems and methods for upgrading authentication systems
US10206170B2 (en) 2015-02-05 2019-02-12 Apple Inc. Dynamic connection path detection and selection for wireless controllers and accessories
US20170100862A1 (en) 2015-10-09 2017-04-13 Lexmark International, Inc. Injection-Molded Physical Unclonable Function
DE102016215917A1 (de) 2016-08-24 2018-03-01 Siemens Aktiengesellschaft Gesichertes Verarbeiten einer Berechtigungsnachweisanfrage
US10496508B2 (en) 2017-06-02 2019-12-03 Apple Inc. Accessory communication control
US11805009B2 (en) 2018-06-03 2023-10-31 Apple Inc. Configuring accessory network connections
US10595073B2 (en) 2018-06-03 2020-03-17 Apple Inc. Techniques for authorizing controller devices
US10728230B2 (en) * 2018-07-05 2020-07-28 Dell Products L.P. Proximity-based authorization for encryption and decryption services
US11290290B2 (en) * 2019-03-22 2022-03-29 Lexmark International, Inc. Physical unclonable function variable read sensor
US11269999B2 (en) * 2019-07-01 2022-03-08 At&T Intellectual Property I, L.P. Protecting computing devices from malicious tampering
EP3817315A1 (fr) * 2019-10-29 2021-05-05 Siemens Aktiengesellschaft Dispositif de vérification, dispositif et procédé de validation de transactions
EP3917103A1 (fr) * 2020-05-29 2021-12-01 Siemens Aktiengesellschaft Procédé, système, émetteur et récepteur d'authentification d'un émetteur

Family Cites Families (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6954792B2 (en) * 2001-06-29 2005-10-11 Sun Microsystems, Inc. Pluggable authentication and access control for a messaging system
JP4763726B2 (ja) * 2005-02-04 2011-08-31 クゥアルコム・インコーポレイテッド 無線通信のための安全なブートストラッピング
DE102005038106A1 (de) * 2005-08-11 2007-02-15 Giesecke & Devrient Gmbh Verfahren zur Absicherung der Authentisierung eines tragbaren Datenträgers gegen ein Lesegerät über einen unsicheren Kommunikationsweg
WO2007023420A1 (fr) * 2005-08-23 2007-03-01 Koninklijke Philips Electronics N.V. Methode d'authentification de support d'informations faisant appel a une fonction unidirectionnelle physique
ATE527797T1 (de) * 2005-10-05 2011-10-15 Privasphere Ag Verfahren und einrichtungen zur benutzerauthentifikation
CN101331707A (zh) * 2005-12-20 2008-12-24 松下电器产业株式会社 认证系统及认证装置
US8006300B2 (en) * 2006-10-24 2011-08-23 Authernative, Inc. Two-channel challenge-response authentication method in random partial shared secret recognition system
DE102007026836A1 (de) * 2007-06-06 2008-12-11 Bundesdruckerei Gmbh Verfahren und System zur Prüfung der Echtheit eines Produkts und Lesegerät
WO2009079050A2 (fr) 2007-09-19 2009-06-25 Verayo, Inc. Authentification avec des fonctions non clonables physiques
CN100553193C (zh) * 2007-10-23 2009-10-21 西安西电捷通无线网络通信有限公司 一种基于可信第三方的实体双向鉴别方法及其系统
EP2141883A1 (fr) * 2008-07-04 2010-01-06 Alcatel, Lucent Procédé homologue pour authentifier l'homologue vers un sceau électronique, dispositif correspondant, et produit de programme informatique correspondant
WO2010124390A1 (fr) * 2009-04-30 2010-11-04 Certicom Corp. Système et procédé d'authentification d'étiquettes rfid
DE102009030019B3 (de) 2009-06-23 2010-12-30 Siemens Aktiengesellschaft System und Verfahren zur zuverlässigen Authentisierung eines Gerätes
US20110167477A1 (en) * 2010-01-07 2011-07-07 Nicola Piccirillo Method and apparatus for providing controlled access to a computer system/facility resource for remote equipment monitoring and diagnostics

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO2013174540A1 *

Also Published As

Publication number Publication date
US20150143545A1 (en) 2015-05-21
DE102012208834A1 (de) 2013-11-28
WO2013174540A1 (fr) 2013-11-28
CN104322005A (zh) 2015-01-28

Similar Documents

Publication Publication Date Title
WO2013174540A1 (fr) Fonction de dérivation de défi pour protéger des éléments dans un protocole d'authentification par défi-réponse
EP3574625B1 (fr) Procédé de réalisation d'une authentification
EP3125492B1 (fr) Procede et systeme de fabrication d'un canal de communication sur pour des terminaux
EP2765752B1 (fr) Procédé destiné à pourvoir un terminal mobile d'un certificat d'authentification
DE102017212618B3 (de) Hardwaresystem mit Blockchain
EP3057025A1 (fr) Procédé mis en uvre par ordinateur destiné au contrôle d'accès
EP2561461A1 (fr) Procédé de lecture d'un attribut à partir d'un jeton id
EP3246839B1 (fr) Contrôle d'accès comprenant un appareil radio mobile
WO2010031700A2 (fr) Procédé de télécommunications, produit de programme informatique, et système informatique
EP3417395B1 (fr) Détermination de l'authenticité d'un appareil à l'aide d'un certificat d'autorisation
EP2446390B1 (fr) Système et procédé pour authentifier de manière fiable un appareil
EP3114600B1 (fr) Système de sécurité à contrôle d'accès
DE102020121533A1 (de) Vertrauenswürdige authentifizierung von automotiven mikrocon-trollern
EP3465513B1 (fr) Authentification d'utilisateur au moyen d'un jeton d'identification
DE102017121648B3 (de) Verfahren zum anmelden eines benutzers an einem endgerät
EP3935808B1 (fr) Fourniture d'un certificat numérique protégée de manière cryptographique
EP3767513B1 (fr) Procédé de mise en uvre sécurisée d'une signature à distance ainsi que système de sécurité
DE102017006200A1 (de) Verfahren, Hardware und System zur dynamischen Datenübertragung an ein Blockchain Rechner Netzwerk zur Abspeicherung Persönlicher Daten um diese Teils wieder Blockweise als Grundlage zur End zu Endverschlüsselung verwendet werden um den Prozess der Datensammlung über das Datenübertragungsmodul weitere Daten in Echtzeit von Sensoreinheiten dynamisch aktualisiert werden. Die Blockmodule auf dem Blockchaindatenbanksystem sind unbegrenzt erweiterbar.
EP3882796A1 (fr) Authentification de l'utilisateur à l'aide de deux éléments de sécurité indépendants
EP3336732A1 (fr) Authentification d'utilisateur à l'aide de plusieurs caractéristiques
EP3336736B1 (fr) Jeton auxiliaire id destiné à l'authentification mulifacteur
DE102017012249A1 (de) Mobiles Endgerät und Verfahren zum Authentifizieren eines Benutzers an einem Endgerät mittels mobilem Endgerät
DE102021103997A1 (de) Nutzerauthentifizierung unter Verwendung zweier unabhängiger Sicherheitselemente
WO2023217645A1 (fr) Système d'accès sécurisé
EP3809661A1 (fr) Procédé d'authentification d'un dispositif client lors d'un accès à un serveur d'application

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20140820

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

DAX Request for extension of the european patent (deleted)
RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: SIEMENS AKTIENGESELLSCHAFT

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20171003