EP3345364A1 - Transmission d'autorisation indirecte - Google Patents

Transmission d'autorisation indirecte

Info

Publication number
EP3345364A1
EP3345364A1 EP16748087.0A EP16748087A EP3345364A1 EP 3345364 A1 EP3345364 A1 EP 3345364A1 EP 16748087 A EP16748087 A EP 16748087A EP 3345364 A1 EP3345364 A1 EP 3345364A1
Authority
EP
European Patent Office
Prior art keywords
authorization
entitlement
carrier
transport
destination
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP16748087.0A
Other languages
German (de)
English (en)
Inventor
Kai Römer
Philipp Spangenberg
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Blueid GmbH
Original Assignee
Blueid GmbH
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Blueid GmbH filed Critical Blueid GmbH
Publication of EP3345364A1 publication Critical patent/EP3345364A1/fr
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/126Applying verification of the received information the source of the received data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/10Integrity
    • H04W12/108Source integrity
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • G06F21/35User authentication involving the use of external additional devices, e.g. dongles or smart cards communicating wirelessly
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/18Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels

Definitions

  • the present invention relates to methods and systems for securely transferring authorizations for control functions of a technical system, such as
  • the security of smart cards is combined with the benefits of Internet-enabled smartphones, so that an authorization for an object to be protected can be transmitted over an insecure channel and still be used safely and reliably.
  • Applicant's European Patent L 910 134 Bi relates to an identification system for authorization-dependent use of a technical system.
  • control functions of a vehicle can be triggered, for example by means of a mobile phone or smartphone, so that the vehicle can be opened and / or started with the mobile phone or smartphone, for example.
  • Mobile phones or similar electronic devices eg smartphones, personal digital assistants (PDAs) and / or tablet computers
  • PDAs personal digital assistants
  • tablet computers can be flexibly provided with appropriate permissions due to their Internet connectivity, if they are connected via a secure connection to the authority that has the permissions issues.
  • the present invention is therefore based on the problem to provide methods and systems with the entitlement carrier, such as smart cards, safe and flexible can be equipped with permissions, so that the above mentioned in connection with the prior art disadvantages are at least partially overcome.
  • the at least one authorization is transmitted via an unsecured communication channel to a
  • Verifying unit of an object to be protected received the at least one authorization is cryptographically signed by a trustworthy entity.
  • the at least one authorization is cryptographically signed by a trustworthy entity (also called “trust center”) and preferably also issued by it, the authorization can be transmitted via an insecure or unsecured channel and nevertheless can be used safely and reliably
  • An unsecured channel is a communication between two units via at least one interface, where the transmission path can not be used to ensure that a data packet can be read or changed by unauthorized parties
  • the Internet an SMS, a QR code, GSM, BTLE, Zigbee, general radio links such. 866 MHz, a transport channel via a
  • a digital signature is an asymmetrical cryptosystem in which a sender uses a secret signature key (the private key) to calculate a value for a digital message (in other words, the at least one authorization), which is also called a digital signature. This value allows anyone, with the help of the public verification key (the public key), to make the non-contestable
  • Authorship and integrity of the message (here the at least one authorization) to examine.
  • a signature method for example, those based on
  • Prime factor decomposition such as RSA, such as based on discrete logarithms, eg El Gamal, DSA, those based on elliptic curves, eg ECDSA, or similar are used.
  • Transport authorization carriers are received.
  • the transport entitlement carrier may have previously received the at least one entitlement from the trusted entity. This makes it possible, for example, the at least one
  • Smartphone which in this example is the transport authorization carrier
  • the verification unit which may be located, for example, in a vehicle as an object to be protected.
  • the flexibility of the method is considerably increased, since any conventional electronic devices, such as smartphones, can be used as a transport medium for the at least one authorization.
  • the authenticity of the transmitted at least one authorization is preserved thanks to the signature described above, although the at least one authorization is transmitted via an unsecured channel (for example the internet-enabled smartphone).
  • the at least one authorization may have one
  • the verification unit (for example in the vehicle) has the at least one authorization directly, e.g. over a
  • the at least one authorization is further from the at least one authorization
  • Verification unit to a destination authorization carrier via a second
  • a smartphone can be used to unlock the vehicle doors, but not for starting the vehicle, which is done in this example by means of the authorization on the smart card.
  • Authorization carrier via an unsecured communication channel, it shows the significant increase in flexibility of the method according to the invention, which thanks to the signature of at least one permission nevertheless highest
  • the present invention also enables a direct transmission of at least one authorization from a transport authorization carrier to a destination authorization carrier.
  • a method for transmitting at least one authorization for a control function of a technical system in which the at least one authorization is received by a transport authorization carrier via a third, preferably unsecured, communication channel at a destination authorization carrier.
  • the at least one authorization is also cryptographically signed by a trustworthy entity.
  • the at least one authorization at the transport authorization carrier can be received by the trustworthy entity via a, preferably unsecured, fourth communication channel. Furthermore, as has likewise been described above, it is possible for the at least one authorization to be checked for authenticity and origin in the trustworthy entity, which is preferably carried out by the verification unit of the object to be protected.
  • the method may include the further step of authenticating the
  • the destination entitlement bearer eg, a smartcard
  • the destination entitlement bearer can uniquely prove its identity to the verification unit.
  • Transport authorization bearer may include an authentication unit to authenticate to the verification unit. It can the
  • Transport authorization bearers have a lower strong authentication unit than the destination authorization bearer.
  • the at least one authorization is one or more
  • Authorization carriers for example, at least the destination authorization carrier assigned. Thus, certain destination entitlement bearers may be authorized for certain control functions (e.g., deactivating the immobilizer of a vehicle)
  • Vehicle unlocking a vehicle, locking a vehicle, releasing the full vehicle power, start booking, end booking, unlocking additional functions such as. Navigation device or seat heating, or the like).
  • the entitlement bearers mentioned here i. the transport entitlement bearer and / or the destination entitlement bearer may be an Internet-enabled entitlement bearer, a mobile phone, a smartphone, a PDA, a tablet computer, a smartwatch, a smartcard, an NFC card, a smart token, a vehicle key, an RFID card and / or a SIM card.
  • the at least one authorization is preferably a certificate, particularly preferably a digital certificate, for example a public-key certificate according to the standard X.509, or else another proprietary certificate system.
  • the at least one entitlement may have one or more of the following limitations: a temporal one
  • Limitation a functional limitation, a channel limitation, a limitation to one or more entitlement carriers and / or entitlement carrier groups, a limitation to one or more objects to be protected, a local limitation and / or a person-related limitation.
  • one or more transport entitlement bearers (20) may be used to transfer the entitlement (or also multiple entitlements) to a destination (i.e., preferably one
  • Authorization holders can also provide without the above confirmation.
  • the present invention further relates to a computer program comprising
  • a system for transmitting at least one authorization for a control function of a technical system having a verification unit of an object to be protected, which is suitable for receiving the at least one authorization via an unsecured one
  • a system for transmitting at least one authorization for a control function of a technical system having a destination authorization carrier which is suitable for receiving the at least one authorization via a third communication channel from a transport authorization carrier, wherein the at least one authorization is from a trustworthy entity is cryptographically signed.
  • a destination authorization carrier which is suitable for receiving the at least one authorization via a third communication channel from a transport authorization carrier, wherein the at least one authorization is from a trustworthy entity is cryptographically signed.
  • embodiments of the systems discussed above may be arranged to accommodate all or at least some of the methods discussed above
  • FIG. 1 is a schematic block diagram illustrating the interaction of various components according to embodiments of the invention.
  • FIG. 2 shows an exemplary authorization in XML format according to embodiments of the invention (so-called "BluelD ticket”).
  • Preferred embodiments of the present invention provide computer-implemented methods and systems that combine the security of smart cards with the benefits of Internet-enabled smartphones.
  • at least one authorization for an object to be protected can be transmitted via an insecure channel to an authorization carrier and nevertheless used safely and reliably.
  • authorization will be used both in the singular and in the plural, but it should be understood that the present invention is applicable to any number of permissions.
  • inventive systems comprise at least a subset of the components explained below with reference to FIG. 1:
  • a trustworthy entity 10 (also called “trust center”) which is suitable for creating and signing one or more authorizations.
  • a trust center is generally a service that all parties trust and that is able to issue and then sign permissions. He takes care that only the authorized person can issue authorizations and that the secrets necessary for issuing the authorization are safely stored and used.
  • a TrustCenter is connected to the Internet so that permissions can be easily and quickly distributed.
  • the TrustCenter should preferably have multiple shifts in order to achieve better protection and, if necessary, better mitigation during attacks.
  • the outermost layer has the task of repelling attacks and protecting the inner layer (s).
  • a second layer is
  • a third layer typically handles the signing of permissions.
  • a fourth layer is provided for the secure storage of the cryptographic secrets.
  • a so-called hardware secure element is often used, which, however, can also be integrated in the third layer.
  • a TrustCenter can be arranged at different places in the overall system. Ideally, the site is protected against unauthorized access (both digital and physical), is monitored to detect tampering, and has high availability for retrieving authorizations created. Usually this will be in a special area of a
  • a trust center can be operated as a cloud service for a large number of users by a trustworthy entity, such as the applicant's company, or locally by the IT department of the respective company.
  • a trustworthy entity such as the applicant's company
  • At least one object to be protected 30 (also called “secured object"), which is managed by the authorization system according to the invention.
  • vehicles e.g., motor vehicles, trucks, etc.
  • Car washes, elevators), locks e.g.
  • Cylinder lock, electronic fitting, electronic door opener), barriers and / or gates, sliding doors and / or hinged doors, or the like act.
  • One or more authorizations which are preferably assigned to one or more defined authorization carriers.
  • a permission can be defined in XML format.
  • the signature that is stored in the field permission-> signature formed over all user data between the permission tags.
  • a verification unit can check the authenticity.
  • One or more entitlement carriers 20, 40 which are suitable for storing one or more (signed) authorizations.
  • a credential carrier 20, 40 may include an authentication unit capable of cryptographically authenticating to the verification unit 35 (see below).
  • Such an authorization carrier 20, 40 is therefore suitable for the transport and storage or use of at least one authorization (for example a smartcard or a smartphone).
  • Authorization bearers 20, 40 without an authentication unit can not authenticate themselves and thus do not represent full-fledged keys; they only serve to transport at least one authorization (for example a USB stick).
  • a verification unit 35 in the object 30 to be protected (or connected to the protective object 30) which is suitable for checking whether the at least one authorization originates correctly and unchanged from the trust center 10 and / or if the authorization carrier 20, 40 is the one for which he pretends (authentication).
  • the verification unit is preferably a sealed system that is protected against manipulation. It may include a processor suitable for controlling communication with the entitlement carrier and / or to perform the verification of the authorization. In a vehicle this is often the BCM (Body Control Module). In particularly small and power-consuming implementations, such as electronic locking cylinders, this is often directly in the BCM (Body Control Module). In particularly small and power-consuming implementations, such as electronic locking cylinders, this is often directly in the BCM (Body Control Module). In particularly small and power-consuming implementations, such as electronic locking cylinders, this is often directly in the BCM (Body Control Module).
  • BCM Body Control Module
  • Communication unit e.g. the BluetoothLE chip.
  • a particular advantage of the present invention is that an authorization bearer 40 not connected to the Internet can be authorized to execute, initiate or trigger a control function of a technical system 30, without the at least one authorization having the authorization bearer 40 at the trust center 10 must be picked up. This is achieved by the fact that the
  • Permission and authentication are separate.
  • the trust center 10 secures the scope and content of the authorization cryptographically, that is to say which authorization carrier 40 is allowed to do something.
  • the identity of the destination entitlement bearer 40 must be known to the trust center 10.
  • the authorization and authorization are not only downloaded directly from the trust center 10 to the authorization medium 40, but also via any unsafe channel (for example via another
  • Authorization carriers 20, a so-called “transport authorization carrier”, can be transferred to the destination authorization carrier 40. Nevertheless, the authorization on the destination authorization carrier 40 can be used safely and reliably.
  • the present invention provides various exemplary
  • the trust center 10 transmits the authorization over the channel 100 (e.g.
  • Transport entitlement carrier 20 e.g., a smartphone.
  • Transport entitlement carrier 20 e.g., a smartphone.
  • Transport entitlement bearer 20 likewise have one or more authorizations for the object 30 to be secured and / or the transferred one
  • the transport authorization carrier 20 preferably transmits the authorization via the channel 600 directly (for example, preferably via NFC, as appropriate)
  • Authorization bearer e.g., BLE Key Fob
  • Bluetooth classic BT 1.0-3.0
  • Bluetooth LE / Smart Bluetooth LE / Smart
  • the authorization is particularly advantageous here for the authorization to be transferred from the trust center 10 to the destination authorization carrier 40 (e.g.
  • Smartcard can be transmitted.
  • no physical contact between target authorization carrier 20 and TrustCenter 10 is necessary.
  • the embodiment can be limited by specifications of the transport authorization carrier 20 (for example, not all currently available
  • Smartphones have a direct communication connection with a smartcard).
  • the trust center 10 transmits the authorization over the channel 100 (e.g.
  • Transport entitlement carrier 20 (e.g., a smartphone).
  • the transport entitlement bearer 20 may also have one or more entitlements for the object 30 to be secured and / or the transferred one
  • the transport authorization carrier 20 transmits the authorization via the channel 200 (eg, preferably Bluetooth LE or classic, NFC, Zigbee, general radio links such as 866 MHz, or another unsafe channel as mentioned above) to the verification unit 35 of the object 30 to be secured (FIG. eg a vehicle).
  • the channel 200 eg, preferably Bluetooth LE or classic, NFC, Zigbee, general radio links such as 866 MHz, or another unsafe channel as mentioned above
  • the verification unit 35 transmits the authorization via the channel 400 (eg, preferably NFC, depending on the authorization carrier (eg BLE Key Fob) but also via Bluetooth classic (BT 1.0-3.0) or Bluetooth LE / Smart) to the destination authorization carrier 40 (eg Smartcard), preferably as soon as it communicates with the verification unit 35.
  • the channel 400 eg, preferably NFC, depending on the authorization carrier (eg BLE Key Fob) but also via Bluetooth classic (BT 1.0-3.0) or Bluetooth LE / Smart) to the destination authorization carrier 40 (eg Smartcard), preferably as soon as it communicates with the verification unit 35.
  • the authorization can be transmitted via an insecure channel (eg smartphone) from the trust center 10 to the destination authorization carrier 40 (eg smartcard) become.
  • the verification unit 35 can be set up to delete the authorization again from its memory. This may be particularly advantageous in the context of car rental companies, where the verification unit of a given vehicle is loaded in a short time with a plurality of authorizations (for the different customers), which could lead to memory bottlenecks. Further, some automakers require that a permission never be allowed to remain in the vehicle, which is also addressed by this embodiment.
  • Example 3 1. The verification unit 35 of the object 30 to be protected loads the
  • Authorization over the channel 300 preferably directly (e.g., over the Internet, general wireless links such as 866MHz, SMS, GSM, or other such unsafe channel as mentioned above) from the TrustCenter 10.
  • the verification unit 35 transmits the authorization via the channel 400 (eg, preferably NFC, depending on the authorization carrier (eg BLE Key Fob) but also via Bluetooth classic (BT 1.0-3.0) or Bluetooth LE / Smart) to the destination authorization carrier 40 (eg a Smartcard), preferably as soon as it communicates with the verification unit 35.
  • the channel 400 eg, preferably NFC, depending on the authorization carrier (eg BLE Key Fob) but also via Bluetooth classic (BT 1.0-3.0) or Bluetooth LE / Smart) to the destination authorization carrier 40 (eg a Smartcard), preferably as soon as it communicates with the verification unit 35.
  • the authorization can reach the entitlement carrier without time-consuming detours, since the verification unit is preferably connected directly to the Internet.
  • the delivery of a permission can be easily understood.
  • a possible disadvantage here is that an online connection is necessary. As soon as e.g. in an underground car park no internet connection at a e.g. Vehicle is present, no new authorization can be loaded. Here then an alternative channel must be used, since the vehicle is not without
  • the authorization is loaded by the verification unit (eg from a local storage or by the authorization holder) and is authorized by the Verification unit checked. In this case, it is preferable to first create a hash over the content and then to verify the signature by means of the public key of the issuing trust center. Now the content is analyzed. If the authorization for the verification unit is determined and the further limitations arrive, the identity of the associated authorization carrier is determined from the
  • the identity of the authorization holder can be checked. For this purpose, it is preferably checked whether there is a specific secret in the authorization medium.
  • the necessary verification data can be derived from the identity description of the authorization holder. Usually, a random number is sent to the entitlement carrier and its response is cryptographically verified via the public key of the entitlement carrier from the entitlement. If the authorization holder matches the authorization, the action is carried out or released. Further, the present invention also allows embodiments in which the authority remains on the verification unit 35, i. not on the
  • Target authorization carrier 40 is transmitted.
  • the corresponding processes are:
  • the trust center 10 transmits the authorization over the channel 100 (e.g.
  • Internet Internet, Internet, general radio links such. 866 MHz, SMS, GSM, or another as mentioned in the beginning unsafe channel) on the
  • Transport entitlement carrier 20 (e.g., a smartphone).
  • the transport entitlement bearer 20 may also have one or more entitlements for the object 30 to be secured and / or the transferred one
  • the transport authorization carrier 20 transmits the authorization via the channel 200 (eg, preferably NFC, depending on the authorization carrier (eg BLE Key Fob) but also via Bluetooth classic (BT 1.0-3.0) or Bluetooth LE / Smart) to the verification unit 35 of the security to be secured Object 30 (eg a
  • Example 5 1. The verification unit 35 of the object 30 to be protected loads the
  • Authorization over the channel 300 preferably directly (e.g., over the Internet, general wireless links such as 866MHz, SMS, GSM, or other such unsafe channel as mentioned above) from the TrustCenter 10.
  • the entitlement bearer 40 and / or the verification unit 35 must preferably be made known to the trust center 10 in order to enable the authentication. This is preferably done before
  • Advertising can include the following:
  • the verification unit receives the public key of the Trust Center, which it should trust, before the start of the assignment. This usually happens during production or during commissioning by means of a configuration tool.
  • the verification unit must be available to the TrustCenter at the latest when creating an authorization, so that it can be entered in the authorization.
  • Offline devices with asynchronous connection without direct internet connection o NFC card, e.g. Smart card o SmartToken, e.g. Car key, building key, access card, etc. o RFID card o SIM card o Smartwatch
  • the at least one permission discussed herein may include one or more of the following components:
  • each user has a personal loyalty card, namely a smart card 40, which is uniquely assigned to the user.
  • the user books a car directly with his smartphone 20. Shortly before the booking starts, the user receives on the one hand, the digital authorization and the position of the vehicle 30 on his smartphone 20 that are suitable for the time of booking.
  • the user goes to the vehicle 30, which is located in the car rental garage, and opens it with the smartphone 20 by means of, for example, the data channel BLE (FIG. "Bluetooth Low Energy") or
  • Smartphone 20 the authorization to start the vehicle 30 on the
  • Verification unit 35 transmitted, the authorization of the smart card 40 is assigned.
  • the user places the smart card 40 on a reader 35 in the vehicle 30 and the authorization is transferred to the smart card 40.
  • the smartcard 40 can be authenticated by the vehicle 30 or the verification unit 35 and the
  • the vehicle 30 can then be started.
  • the smartcard 40 may also undertake the localization (Thatchem) and / or the certification (e.g., CC EAL 5+).
  • the use of a smart card from a reputable manufacturer such as e.g. G & D also has the advantage that these cards can be purchased in one version on the market, the highest
  • a smart card that uses NFC as a communication channel also solves the problem of identifying the vehicle's credentials, as they can only be read in a reader that has a reading area limited to a few centimeters.
  • TrustCenter Trusted entity
  • Transport authorization carrier 30
  • Object to be protected 35
  • Verification unit 40
  • Target authorization carrier Authentication of the target authorization carrier Transmission of the authorization from the transport authorization carrier to the target authorization carrier

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Lock And Its Accessories (AREA)

Abstract

L'invention concerne des procédés et des systèmes pour la transmission d'au moins une autorisation pour une fonction de commande d'un système technique. Dans un mode de réalisation, un procédé correspondant consiste à recevoir l'au moins une autorisation par l'intermédiaire d'un canal de communication non sécurisé (200, 300) au niveau d'une unité de vérification (35) d'un objet (30) à protéger, l'au moins une autorisation étant signée de façon cryptographique par une instance de confiance (10).
EP16748087.0A 2015-08-31 2016-07-27 Transmission d'autorisation indirecte Withdrawn EP3345364A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE102015216630.9A DE102015216630A1 (de) 2015-08-31 2015-08-31 Indirekter Berechtigungstransport
PCT/EP2016/067909 WO2017036686A1 (fr) 2015-08-31 2016-07-27 Transmission d'autorisation indirecte

Publications (1)

Publication Number Publication Date
EP3345364A1 true EP3345364A1 (fr) 2018-07-11

Family

ID=56611237

Family Applications (1)

Application Number Title Priority Date Filing Date
EP16748087.0A Withdrawn EP3345364A1 (fr) 2015-08-31 2016-07-27 Transmission d'autorisation indirecte

Country Status (4)

Country Link
US (1) US20190028487A1 (fr)
EP (1) EP3345364A1 (fr)
DE (1) DE102015216630A1 (fr)
WO (1) WO2017036686A1 (fr)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR102445514B1 (ko) * 2017-10-26 2022-09-21 현대자동차주식회사 차량 및 차량 시스템
WO2019129351A1 (fr) * 2017-12-28 2019-07-04 Blueid Gmbh Systèmes et procédés permettant de fournir une authentification et/ou une autorisation
BR112022004889A2 (pt) * 2019-09-17 2022-09-27 Cezar Carvalho Nilton Sistema de gerenciamento remoto aplicado em fechaduras eletrônicas com controle de acesso via dispositivo móvel

Family Cites Families (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2005033913A1 (fr) * 2003-09-30 2005-04-14 Siemens Aktiengesellschaft Systeme d'acces autorise a un objet informatise
DE102005031376B3 (de) * 2005-07-05 2007-03-29 Siemens Ag Steuermodul und Verfahren zum Betreiben eines Kraftfahrzeugs
US8884738B2 (en) 2005-07-19 2014-11-11 Baimos Technologies Gmbh Identifying and/or locking system for identifying and/or unblocking a technical system, and method for the operation thereof
SE529849C2 (sv) * 2006-04-28 2007-12-11 Sics Swedish Inst Of Comp Scie Accesstyrsystem och förfarande för att driva systemet
EP2193607B1 (fr) 2007-08-15 2012-03-28 baimos technologies GmbH Procédé et système de localisation de l'émetteur d'un signal radio à saut de fréquence
WO2011134655A1 (fr) * 2010-04-28 2011-11-03 Baimos Technologies Gmbh Dispositif, système et procédé pour l'identification d'un champ magnétique produit artificiellement sur un téléphone mobile
DE102011083820A1 (de) * 2011-09-30 2013-04-04 Ford Global Technologies, Llc Verfahren zur Kontrolle des Zugangs zu einem Kraftfahrzeug sowie Steuerungseinrichtung
US9466162B2 (en) * 2011-11-22 2016-10-11 Mitsubishi Electric Coporation Electronic key system, and lock-side terminal and portable terminal employed in same
CN104115464B (zh) * 2012-02-22 2017-09-29 诺基亚通信公司 控制访问
DE102013225106A1 (de) * 2013-12-06 2015-06-11 Bundesdruckerei Gmbh Zugangs- und Nutzungskontrolle für ein Kraftfahrzeug

Also Published As

Publication number Publication date
DE102015216630A1 (de) 2017-03-02
WO2017036686A1 (fr) 2017-03-09
US20190028487A1 (en) 2019-01-24

Similar Documents

Publication Publication Date Title
DE102016218986B4 (de) Verfahren zur Zugriffsverwaltung eines Fahrzeugs
DE102006015212B4 (de) Verfahren zum Schutz eines beweglichen Gutes, insbesondere eines Fahrzeugs, gegen unberechtigte Nutzung
AT506344B1 (de) Verfahren und vorrichtung zur steuerung der zutrittskontrolle
EP2777309B1 (fr) Procédé et système permettant la validation d'un dispositif technique
EP3078218B1 (fr) Contrôle d'accès et d'utilisation pour un véhicule automobile
WO2016128446A1 (fr) Procédé mis en œuvre par ordinateur pour le contrôle d'accès
DE102013215303A1 (de) Mobiles elektronisches Gerät
DE102016220656A1 (de) Bereitstellung und Prüfung der Gültigkeit eines virtuellen Dokuments
EP3649625B1 (fr) Procédé de délégation de droits d'accès
WO2013189584A1 (fr) Dispositif et procédé de commande d'une autorisation d'accès et/ou d'une autorisation de conduite pour un véhicule
EP3699791B1 (fr) Contrôle d'accès comprenant un appareil radio mobile
DE102016215628B4 (de) Kommunikationssystem zur Verwaltung von Nutzungsrechten an einem Fahrzeug
DE102016218071B4 (de) Authentifikationssystem für ein Kraftfahrzeug
EP2624223B1 (fr) Procédé et dispositif de contrôle d'accès
DE102014219502A1 (de) System und Verfahren für einen beschränkten Zugang zu einem Fahrzeug
EP3345364A1 (fr) Transmission d'autorisation indirecte
DE102013100756B3 (de) Verfahren und Vorrichtung zur Authentifizierung eines Nutzers
EP3135546A1 (fr) Cle d'automobile, systeme de communication et procede associe
DE102014110540A1 (de) Delegierbare Zugriffssteuerung
EP3336736B1 (fr) Jeton auxiliaire id destiné à l'authentification mulifacteur
EP3125464A1 (fr) Service de revocation pour un certificat genere par un jeton d'id
DE102017215000B4 (de) Steuerung einer Funktion eines Kraftfahrzeugs
DE102017215806B3 (de) Sicheres Authentifizierungsverfahren für ein Fahrzeug
DE102014211839A1 (de) Verfahren zum Authentifizieren einer Entität
EP2843872A1 (fr) Méthode et matériel pour la registration d'une acquisition de services sur demande

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20180329

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

AX Request for extension of the european patent

Extension state: BA ME

DAV Request for validation of the european patent (deleted)
DAX Request for extension of the european patent (deleted)
17Q First examination report despatched

Effective date: 20200318

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20200729