EP2920687A1 - Installation de logiciels de commande de bâtiment protégée contre les manipulations dans des environnements d'exécution validés - Google Patents

Installation de logiciels de commande de bâtiment protégée contre les manipulations dans des environnements d'exécution validés

Info

Publication number
EP2920687A1
EP2920687A1 EP13792324.9A EP13792324A EP2920687A1 EP 2920687 A1 EP2920687 A1 EP 2920687A1 EP 13792324 A EP13792324 A EP 13792324A EP 2920687 A1 EP2920687 A1 EP 2920687A1
Authority
EP
European Patent Office
Prior art keywords
software
runtime environment
identity
lui
file
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
EP13792324.9A
Other languages
German (de)
English (en)
Inventor
Peter Hoch
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Siemens Schweiz AG
Original Assignee
Siemens Schweiz AG
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Siemens Schweiz AG filed Critical Siemens Schweiz AG
Publication of EP2920687A1 publication Critical patent/EP2920687A1/fr
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/61Installation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/121Restricting unauthorised execution of programs
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/445Program loading or initiating
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/40Support for services or applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Definitions

  • the invention relates to a method for installing building control software.
  • the method can be applied both in Clearin ⁇ workmanship practices of software as well as software or data updates by overwriting, replacing or patching.
  • the invention relates to a device as a software delivery entity and a device as a runtime environment.
  • the latter device which is intended to act as a runtime environment, may include more than one device.
  • the software to be installed can be installed and / or released on a first device for subsequent execution.
  • An independent second device can be prepared to retrieve the software to be installed from the software delivery instance and / or to obtain a release for an already installed software from the software delivery instance, and the
  • the first device may be for example a Collegesteue ⁇ tion.
  • the second device is typically a service PC or a service smartphone.
  • Processes are known in which a building control regularly contacted a server to retrieve from the server aktuali ⁇ catalyzed building control software.
  • the invention has for its object to provide a method be ⁇ riding determine with which a building control software can only be loaded in that runtime environment or activated only in those runtime environment manipu ⁇ lationsêt for which it is intended. This can be, for example, a specific runtime environment for which the load or to be unlocked building control software has been paid.
  • this object is achieved by providing a method for installing building control software, comprising the following steps:
  • the object is achieved in that the device is prepared to serve as Softwareaus ⁇ delivery instance and / or as a runtime environment of one of the inventive methods.
  • an authentication by means of a symmetrical and / or by means of an asymmetrical encryption method is used for transmitting the identity of the runtime environment from the runtime environment to the software delivery instance. Can be checked with a regulatory procedure closures ⁇ a trustworthiness of the communicating ⁇ th identity end-to-end, without that it comes to a reliability of transmission paths used.
  • An authentication means of an asymmetrical encryption method has the advantage over a authenticatio ⁇ tion by means of a symmetric encryption method, the advantage that is simplified particularly with a large number of participating runtime environments the key exchange, because the key trustworthiness for checking the encryption administered in a public database, and (for example, on a public website). The public Since ⁇ tenbank has a notary function and therefore must itself be trust ⁇ ens Cons.
  • an encryption by means of a symmetrical and / or by means of an asymmetrical encryption method is used for transmitting the identity of the runtime environment from the runtime environment to the software delivery instance.
  • Encryption by means of an asymmetrical encryption method has compared to a closure
  • the method also comprises the step of: checking authorization of the runtime environment to cause downloading, installing or using software to be installed under the identity transmitted to the software delivery instance. This will prevent the software from being downloaded from a runtime environment that may not be due to lack of hardware and / or software requirements, lack of proper contractual relationship, legal regulations, non-payment, misuse, and / or other cause is entitled to download this software.
  • the step of checking the authorization comprises a credit check and / or a payment transaction. This can be ensured before the download of the software, the provision of consideration, which is intended for downloading and / or use of the software to be downloaded.
  • a further development provides that the identity of the running ⁇ -time environment and the software to be installed to generate the signed file to be signed separately or that the identity of the runtime environment and the hash of the software to be installed to generate the signed file to be signed separately. In this way, the signed identity can be res ⁇ checked source saving without consideration of the signed shares of the software to be installed.
  • An alternative development provides that the file which contains the identity of the runtime environment and the hash of the software to be installed, or which contains the identity of the running time environment and the software to be installed, is signed by the software delivery entity as a whole. As a result, an abusive combination of signed file portions of different transactions can be excluded.
  • the ge in FIG 1 on the basis of a message exchange diagram ⁇ showed method 100 for installing building control ⁇ software S includes the following steps.
  • a first step 110 an identity LUi of a runtime environment LU is transmitted to a software delivery entity AI in a trustworthy and / or audio-secure manner.
  • an authentication means of a symmetrical and / or by means of a step unsymmet ⁇ encryption method may be applied.
  • the Ü bpe the identity Lui of the runtime environment LU to the software delivery instance AI can (coded for example by means of a PGP method), for example via email or via an Internet site (for example by means of a secure hyper ⁇ text transfer protocol (for example using HTTPS)) take place.
  • a PGP method for example via email or via an Internet site
  • a secure hyper ⁇ text transfer protocol for example using HTTPS
  • the retrieval of the software S is subject to certain pre ⁇ preconditions, such as the adoption of terms and conditions or to the payment of a purchase price, a use or an upgrade fee.
  • the method 100 also includes the following second step 120: checking 120 an authorization of the runtime environment LU, downloading 150, installing 170 or using a software to be installed. S would have to be caused by the identity LUi that was transmitted to the software delivery instance AI.
  • a file D is generated by the software delivery entity AI, the file D comprising the transmitted identity LUi and the software S to be installed and / or a hash H (S) of the software to be installed.
  • the generated file D is signed by the software delivery entity AI by means of a key Kai of the software delivery entity AI. By checking the signature Kai can be determined whether the file D has been changed.
  • the signed file Kai (D) is transmitted from the Softwareausliefe ⁇ approximately instance AI to the runtime environment LU.
  • the runtime environment LU compares whether the identityizi the runtime environment LU with the Identi tyizi ⁇ 'matches, the (D) has actually been transmitted in the signed file Kai.
  • the software S to be installed in the runtime environment LU is then and only then installed and / or released for use if the comparison 160 has shown that the identity LUi of the runtime environment LU matches the identity LUi ' which was actually transmitted in the signed file Kai (D).
  • An embodiment provides that the identity LUi of the runtime environment LU and the software S to be installed for generating the signed file Kai (D) are signed separately or that the identity LUi of the runtime environment LU and the hash H (S) of the software S to be installed to sign the signed file D separately.
  • Another embodiment provides that the file D, wel ⁇ che the identity LUi of the runtime environment LU and the hash H (S) of the software to be installed S or which the Iden- LUi of the runtime environment LU and the software to be installed S, is signed by the software delivery entity AI as a whole.
  • the identity LUi of the runtime environment LU and the hash H (S) of the software to be installed S is signed by the software delivery entity AI as a whole.
  • Runtime environment LU is transmitted from the runtime environment LU together with a designation B (V) of a desired software version V to a software delivery entity AI. It is preferred if the following steps are carried out in step 170 of installing and / or releasing the software S to be installed: Downloading 172 of the software S to be installed from the software delivery instance AI to the runtime environment LU, generating 173 a hash H (S ') of downloaded software S ', Compare 174 of the
  • Hash H (S) Compare Hash H (S) to Hash H '(S)

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computing Systems (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Storage Device Security (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

L'invention concerne un procédé (100) d'installation de logiciels de commande de bâtiment (S) comprenant les étapes suivantes: transmission (110) d'une identité (LUi) d'un environnement d'exécution (LU) de l'environnement d'exécution (LU) à un instance de fourniture de logiciel (AI), génération (130) d'un fichier (D) par l'instance de fourniture de logiciel (AI), le fichier (D) comportant l'identité (LUi) transmise et le logiciel (S) à installer ou un hachage (H(S)) du logiciel (S) à installer, signature (140) du fichier (D) généré par l'instance de fourniture de logiciel (AI) au moyen d'une clé (Kai) de l'instance de fourniture de logiciel (AI), transmission (150) du fichier signé (Kai(D)) de l'instance de fourniture de logiciel (AI) à l'environnement d'exécution (LU), installation (170) et/ou validation du logiciel (S) à installer dans l'environnement d'exécution (LU) quand et uniquement quand l'identité (LUi) de l'environnement d'exécution (LU) concorde avec l'identité (LUi') qui a été effectivement transmise dans le fichier signé (Kai(D)). L'invention concerne également des dispositifs correspondants pour installer des logiciels de commande de bâtiment.
EP13792324.9A 2012-11-14 2013-11-13 Installation de logiciels de commande de bâtiment protégée contre les manipulations dans des environnements d'exécution validés Ceased EP2920687A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE102012220767.8A DE102012220767A1 (de) 2012-11-14 2012-11-14 Verfahren und Vorrichtungen zum Installieren von Gebäudesteuerungssoftware
PCT/EP2013/073696 WO2014076116A1 (fr) 2012-11-14 2013-11-13 Installation de logiciels de commande de bâtiment protégée contre les manipulations dans des environnements d'exécution validés

Publications (1)

Publication Number Publication Date
EP2920687A1 true EP2920687A1 (fr) 2015-09-23

Family

ID=49596277

Family Applications (1)

Application Number Title Priority Date Filing Date
EP13792324.9A Ceased EP2920687A1 (fr) 2012-11-14 2013-11-13 Installation de logiciels de commande de bâtiment protégée contre les manipulations dans des environnements d'exécution validés

Country Status (6)

Country Link
US (1) US9858061B2 (fr)
EP (1) EP2920687A1 (fr)
CN (1) CN104956324B (fr)
DE (1) DE102012220767A1 (fr)
HK (1) HK1211359A1 (fr)
WO (1) WO2014076116A1 (fr)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10303891B2 (en) * 2014-12-30 2019-05-28 Data I/O Corporation Automated manufacturing system with job packaging mechanism and method of operation thereof
DE102015112040A1 (de) 2015-07-23 2017-01-26 Phoenix Contact Gmbh & Co. Kg Verfahren und System zur Firmware-Aktualisierung einer Steuereinrichtung zur Prozesssteuerung
EP3157272A1 (fr) * 2015-10-16 2017-04-19 Gemalto Sa Procédé de gestion d'applications
US20180232529A1 (en) * 2017-02-15 2018-08-16 Microsoft Technology Licensing, Llc Client-side exposure control
GB2565052B (en) 2017-07-27 2020-08-19 Arm Ip Ltd Authorized operations in electronic systems
US11726766B2 (en) * 2021-11-29 2023-08-15 Trane International Inc. Method and apparatus for maintaining software of a control unit for an industrial control system

Family Cites Families (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7146645B1 (en) * 1999-12-30 2006-12-05 Nokia Mobile Phones Ltd. Dedicated applications for user stations and methods for downloading dedicated applications to user stations
US6760441B1 (en) * 2000-03-31 2004-07-06 Intel Corporation Generating a key hieararchy for use in an isolated execution environment
US20020078380A1 (en) * 2000-12-20 2002-06-20 Jyh-Han Lin Method for permitting debugging and testing of software on a mobile communication device in a secure environment
EP1429224A1 (fr) * 2002-12-10 2004-06-16 Texas Instruments Incorporated Autentification du firmware en temps d'exécution
DE10304877A1 (de) * 2003-02-06 2004-08-19 Siemens Ag Verfahren zur Installation eines Plug-in-Programms
US20090249492A1 (en) * 2006-09-21 2009-10-01 Hans Martin Boesgaard Sorensen Fabrication of computer executable program files from source code
US7913086B2 (en) * 2007-06-20 2011-03-22 Nokia Corporation Method for remote message attestation in a communication system
US8341715B2 (en) * 2008-02-29 2012-12-25 Research In Motion Limited System and method for shared resource owner based access control
CN102110199A (zh) * 2009-12-28 2011-06-29 北京安码科技有限公司 一种利用Elgamal公钥算法生成软件注册码的方法
US8984293B2 (en) * 2010-11-19 2015-03-17 Microsoft Corporation Secure software product identifier for product validation and activation
CN102195978A (zh) 2011-04-26 2011-09-21 深圳市共济科技有限公司 一种软件分布部署方法及系统
US8800058B2 (en) * 2011-07-27 2014-08-05 Microsoft Corporation Licensing verification for application use

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
None *
See also references of WO2014076116A1 *

Also Published As

Publication number Publication date
CN104956324A (zh) 2015-09-30
HK1211359A1 (en) 2016-05-20
US9858061B2 (en) 2018-01-02
CN104956324B (zh) 2018-05-22
US20150277887A1 (en) 2015-10-01
WO2014076116A1 (fr) 2014-05-22
DE102012220767A1 (de) 2014-05-28

Similar Documents

Publication Publication Date Title
WO2014076116A1 (fr) Installation de logiciels de commande de bâtiment protégée contre les manipulations dans des environnements d'exécution validés
EP2159653B1 (fr) Procédé de concession d'une justification d'accès sur un objet informatique dans un système d'automatisation, programme informatique et système d'automatisation
EP2332284B1 (fr) Activation d'un service sur un appareil électronique
DE102013108020A1 (de) Authentifizierungsschema zum Aktivieren eines Spezial-Privileg-Modus in einem gesicherten elektronischen Steuergerät
WO2012130461A2 (fr) Actualisation d'une application de support de données
DE102013108022A1 (de) Verfahren zum Aktivieren des Entwicklungsmodus eines gesicherten elektronischen Steuergeräts
DE60212969T3 (de) Verfahren und vorrichtung zum verfolgen des status eines betriebsmittels in einem system zur verwaltung der benutzung der betriebsmittel
EP3576368A1 (fr) Procédé et système de commande d'une libération d'une ressource
EP2885907B1 (fr) Procédé d'installation des applications de sécurite dans un élèment de sécurité d'un terminal
EP1668466B1 (fr) Amenagement d'un acces a un objet informatise
EP3718263B1 (fr) Procédé et système de contrôle pour le contrôle et/ou la surveillance d'appareils
EP3113438B1 (fr) Procede de configuration d'appareils electriques, en particulier de configuration de composants d'un systeme de controle d'acces
DE102018217431A1 (de) Sicherer Schlüsseltausch auf einem Gerät, insbesondere einem eingebetteten Gerät
EP1671201B1 (fr) Systeme d'acces autorise a un objet informatise
EP2191407A2 (fr) Procédé de vérification d'une version d'un logiciel à installer ou à exécuter sur un premier dispositif
CN113411311A (zh) Ecu诊断授权验证方法、存储介质和系统
EP3884636A1 (fr) Procédé de traitement des programmes d'application sur un système d'automatisation distribué
EP2278515B1 (fr) Procédé d'activation d'un environnement de temps d'exécution d'une unité de microprocesseur
WO2019096489A1 (fr) Procédé et dispositif de traitement d'attestations d'authenticité pour des entités, en particulier des certificats numériques liés à des personnes, liés à des services et/ou liés à des objets
EP3358488B1 (fr) Procédé de reconnaissance de copies non autorisées de jetons de sécurité numériques
WO2023117327A1 (fr) Procédé d'utilisation légale de cryptomonnaies dans des véhicules et véhicule
EP4114050A1 (fr) Vérification d'une licence d'utilisation d'au moins une caractéristique de performance dans un appareil internet des objets (ido)
DE102021211755A1 (de) Verfahren zur Gewährleistung einer IT-Sicherheit einer Automatisierungsanlage und Sicherheitssystem
WO2023194051A1 (fr) Former une connexion cryptographiquement protégée
WO2019091935A1 (fr) Procédé et équipement de validation destinés à valider un certificat numérique

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20150505

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

AX Request for extension of the european patent

Extension state: BA ME

DAX Request for extension of the european patent (deleted)
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: EXAMINATION IS IN PROGRESS

17Q First examination report despatched

Effective date: 20170720

REG Reference to a national code

Ref country code: DE

Ref legal event code: R003

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION HAS BEEN REFUSED

18R Application refused

Effective date: 20191220