EP3469778A1 - Dispositif mémoire, dispositif de transmission de données et procédé pour transmettre des données - Google Patents

Dispositif mémoire, dispositif de transmission de données et procédé pour transmettre des données

Info

Publication number
EP3469778A1
EP3469778A1 EP17735058.4A EP17735058A EP3469778A1 EP 3469778 A1 EP3469778 A1 EP 3469778A1 EP 17735058 A EP17735058 A EP 17735058A EP 3469778 A1 EP3469778 A1 EP 3469778A1
Authority
EP
European Patent Office
Prior art keywords
data
interface
memory device
access rights
memory
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP17735058.4A
Other languages
German (de)
English (en)
Inventor
Rainer Falk
Steffen Fries
Martin Wimmer
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Siemens Mobility GmbH
Original Assignee
Siemens Mobility GmbH
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Siemens Mobility GmbH filed Critical Siemens Mobility GmbH
Publication of EP3469778A1 publication Critical patent/EP3469778A1/fr
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • G06F21/79Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in semiconductor storage media, e.g. directly-addressable memories
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1458Protection against unauthorised use of memory or access to memory by checking the subject access rights
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/82Protecting input, output or interconnection devices
    • G06F21/85Protecting input, output or interconnection devices interconnection devices, e.g. bus-connected or in-line devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2212/00Indexing scheme relating to accessing, addressing or allocation within memory systems or architectures
    • G06F2212/10Providing a specific technical effect
    • G06F2212/1052Security improvement
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL

Definitions

  • Storage device data transfer device and method for transferring data
  • the invention relates to a memory device, a data transmission device and a method for transmitting data between at least two computing devices which are assigned to different network zones.
  • a cross-domain security solution based on a virtualization solution is realized in which a virtual machine controls an information transfer between two information domains with different security levels.
  • EP 2981926 discloses a data-validating dual-port memory in which data is stored on a first port. On a second port of a dual-port memory device, the data is only visible after the data content has been successfully validated. Furthermore, semiconductor drives, so-called SSD
  • Hard disks known to have two interfaces. These hard drives are designed for high-availability applications where two redundant computers access the same hard drive.
  • data locks are known as security gateways for the transmission of data between different classified security zones and the exchange between physically separate networks. This is made possible by the use of an intermediate memory, so that two interfaces of the data lock are only activated mutually. This ensures that a direct connection between the different networks is never established. For the exchange of data between an office network and a
  • Control network with complex solutions are not practical when a real-time communication within the control network by a data transfer should not be delayed. Furthermore, should a non-reactive data transfer ⁇ be guaranteed, that is, it should by the data transfer any new or changed data in the network are read from the data are introduced.
  • the memory device for transmitting data between at least two computing devices, different network zones are assigned includes at least a memory unit for storing data, Minim ⁇ least two externally leading interfaces, to each of which one of the external computing devices for reading and / or writing Data is connectable, and at least one
  • Control unit which is designed to set access rights to the data of the memory unit depending on at least two of the externally leading interfaces. This makes it possible that data from each of at least two exter ⁇ NEN computing devices can be written to the memory device or read or both written or read. By the control unit access rights of each interface to the data of the memory unit can be set up and enforced. Thus, for example, a data transmission can be set up exclusively by a first computing device to a second computing device by the first computing device having a first computing device
  • Interface and the second computing device with the second external interface of the memory device is connected and as access rights for the first external Thomasle ⁇ le only write access and for the second external interface exclusively reading access to the data of the memory unit is set up in the control device.
  • access rights are also simply structured and easy to set up.
  • the computing devices are stand-alone devices separate from the memory device.
  • Interface-dependent access rights are, for example, an authorization for read access or
  • the Rechenvor ⁇ direction is about one of the leading externally
  • Interfaces connected to the storage device In this case, only read access, only write, or read and write access via the interface under consideration can be released to the memory unit. There may be different read-write permissions at the at least two interfaces of the memory device.
  • the term "external interface” is used synonymously with “an externally leading interface”.
  • the term “port” is used synonymously as “interface”.
  • the memory unit is configured to store data in different data structures and the control unit is configured in such a way to set up access rights for such a data structure depending on the interface.
  • Data structures are, for example, a partition, a directory or a file. In each of these data structures, for example, a varying amount of data can be stored. Access to data via the respective interface can thus be set up granularly on the corresponding data structure. Thus may be different set up to ⁇ access rights for different data structures. For example, since ⁇ th of a given partition can be transmitted only from a first external interface to the second external interface, whereas only written to a second partition data from the second interface and is read out via the first interface, and thus a data transfer in the reverse direction possible is. It is likewise possible to set up a read and a write access to one of the data structures merely from a first interface and not to access the data structure via the second interface. so that the storage device can also be used for "storage of data.
  • the access rights are enforced by an interface-dependent authorization information in a file system of the memory device.
  • the access rights are enforced by a configuration of the external interfaces themselves.
  • an interface is configured as a read-only interface.
  • a different type of transmission can be excluded with very high probability ⁇ .
  • Control of the access rights by additional queries in, for example, the control unit is no longer necessary after such a configuration.
  • such enforced access rights very reliable overall genüber absence of feedback and transmission security, so as ⁇ very quickly in terms of transmission reliability.
  • the access rights are formed by short-circuit bridges or by DIP switches.
  • separate data structures are designed for different access rights or different access rights can be configured for a single data structure.
  • a data structure which is read-only for a first interface, for example, or a data structure which is only capable of writing with respect to the second interface does not contain any data which is from the first
  • Access different ⁇ right for a single data structure have the advantage that can be used to optimize at a transfer of a large amount of data of comparable-availability storage, since no separate data structure, and thus, for example, a fixed data capacity for example, other communications ⁇ direction is reserved.
  • separate data structures are formed for different access rights or different access rights are for a single Since ⁇ ten-structure formed.
  • Administrative data are, for example, information as to when a file was written to a data structure or the information that the file is ready for collection. Further administrative data is for example information, that lying ready file was read and can therefore play as deleted when ⁇ again by the adjustment ends.
  • administration data information about errors that have occurred can be stored, for example when reading the data. If these management data stored in a separate data structure, so accidental Kochtra ⁇ supply of such management data is minimized instead of user data.
  • the control unit checks the data before passing it to an external interface of ⁇ le to a test specification.
  • checking the data by means of checksums for correct transmission or integrity checking can be done in the
  • Control unit are made. This is particularly useful ⁇ fully when one of the external interfaces is connected to a zone may occur in the potential malware.
  • the control unit can be used to check the data in the respective data structures before the access is released by the other interface.
  • a first control unit checks the data arriving at an interface against input rules
  • a second control unit checks the data output at an interface against outgoing rules.
  • the said input or output rules are often referred to as access policy for the first and second external interface.
  • an access right in addition to a read and / or write authorization, can be set up in the control unit as a function of a role of the reading or writing external computing device. This has the advantage that the access right of a Rechenvor ⁇ direction which is connected to a first externally leading port can be designed differently depending on the role of the computing device.
  • an access right can be set up and / or checked in the control device as a function of an information path of the data written to the memory unit or of data read out of the memory unit.
  • An information path is defined as a number of Informati ⁇ ones that specify, for example, components of the computing device, the data on which the data before ben Scream have passed through the storage device. These are, for example, information about the user of the data. For example, data used to boot hardware may be marked as such. Entspre ⁇ accordingly, data relating, for example, the operating system egg ner computing device, be labeled as such or data for an application to be identified as such and be included as information in the information path. Furthermore, an identifier of the computing device or, for example, an identifier of the external interface via which the data is read into the memory device are contained in the information path. In the control unit, an access right to an external interface is established depending on the specified information.
  • an information path that is to say the information mentioned, is read into the memory device and checked by the control unit with respect to the access rights and assigned resulting rights. This makes it possible to control access rights very flexibly and depending on different properties or boundary conditions.
  • the storage device is used as a mass storage device, in particular as a semiconductor storage device.
  • SSD designed as magnetic disk storage HDD, as a redundant arrangement of independent storage disks RAID or directly connected storage DAS.
  • a storage device having the described characteristics is claimed as a data transfer device, often referred to as a data gateway, for transferring data between different zones of a network.
  • the invention includes REMtra ⁇ constriction device for transferring data between different network zones
  • At least two computing devices each associated with different network zones, and
  • a memory device with at least two externally leading interfaces
  • the memory device is configured to set up access rights to data of the memory device depending on the accessing interface.
  • the inventive method for transmitting data between at least two computing devices that are associated with different chen network zones, wherein a first rake ⁇ device having a first externally leading interface of a storage device is connected, and a second computing device with a direction different from the first second to external leading interface of the memory device is connected, has the followingtechnischsschrit ⁇ te on:
  • the access rights are additionally dependent on an information path is directed ⁇ and the information about the path is provided by external lead ⁇ de interface.
  • the information path in addition at least one of the following arrival gave on an indication of the role of computing devices, an indication of the type of data source or data sink in the rake ⁇ device and an identifier of the data sink or data source.
  • An indication of the role of the data source is in ⁇ play, the use of the computing device as a service terminal.
  • Information about the type of data source can be, for example, whether it is hardware, software or application software. related data. This can also be specified in the form of an at ⁇ tation by a trusted module (Trusted Platform Module, TPM).
  • TPM Trusted Platform Module
  • An identifier of the data sink or data source can be, for example, a processor identifier or an EPID (Enhanced Privacy Identity).
  • Authentication or an interface identifier of a storage device in the computing device act.
  • Figure 1 shows an embodiment of the method according to the invention as a flowchart
  • Figure 2 shows an embodiment of the inventive method with a transfer path information to a first embodiment of an inventive ⁇ SEN storage device in a schematic representation
  • FIG. 3 shows an exemplary embodiment of a data transmission device according to the invention in an exemplary application scenario in a schematic representation
  • 4 shows a first embodiment of an inventive ⁇ SEN memory device in block form
  • 5 shows a second embodiment of a erfindungsge ⁇ MAESSEN memory device having a test method in a block diagram
  • FIG. 6 shows a third embodiment of a erfindungsge ⁇ MAESSEN memory device with checking of data with respect to input and output rules.
  • Figure 1 shows the inventive method in a schematic representation.
  • a memory device with at least two external interfaces for reading and / or writing data.
  • Each of the interfaces is connected to a directly connectable external computing device that acts as a data sink or data source, ver ⁇ prevented.
  • the two computing devices can act as lock computers.
  • the first computing device is connected, for example, to a safety-critical zone of a network.
  • Lock computer is connected to a second zone of the network, which has lower security requirements, for example.
  • the storage device assumes the function of a data lock in the described method.
  • interface-dependent access rights to the data of the memory device are established based on at least one information path.
  • the information path contains at least one indication of the external interface of the storage device used. In the simplest case, for example, for the first
  • separate data structures may be designed for different access rights.
  • a data structure can only be set up for a data transfer in one direction, and another data structure for data transfer in the opposite direction.
  • a data structure can be a partition, a directory, or a file.
  • a one-way communication or a network separation can be realized with the memory device.
  • a network separation can prevent the spread of network-based attacks.
  • a data structure can only have access rights for a transmission direction.
  • the interface of ⁇ len-dependent access rights can be set up depending on further information, particularly an information path.
  • information of an information path is the role of the data source or the data sink, information on the type of data source, the type of data transmitted itself and a Ken ⁇ tion of the data sink or data source. Setting up the access rights can be carried out during the commissioning of a Speichervorrich ⁇ tung. Access rights can be changed or deleted and new access rights can be added. This can be ⁇ limited to certain modes of operation of the storage device or be possible during operation.
  • Interface checked In addition to the interface, which provides the data, the data itself and the information ⁇ path of the memory device can be provided. The access rights for the assigned data are selected based on this information. The data is now written to the storage device according to the determined access rights. In process step 13 are prior to the reading of data on a second external interface to a second ⁇ ex ternal computing device the access rights of the second
  • the data sink is here the second computing device or an application set up in the second computing device.
  • the second rake ⁇ device reads the data.
  • data can be forwarded in a controlled manner via the storage device between two network zones.
  • FIG. 2 shows the process step 12, that is, the Einle ⁇ out data in a memory device 30 using a path information 20.
  • the storage device 30 includes a first external interface 31 and a second external interface 32.
  • the storage device 30 includes a storage unit 37 made up of two logical data structures 34 and 35.
  • the access rights 33 in a control unit 36 are set as ⁇ in such a way that is allowed from the first interface 31, a write access to the data structure of the 34th
  • the data readout 35 can be accessed via the first external interface 31 in a read-only manner.
  • the access rights for the second interface 32 are set up in the illustrated example such that only a read access to the data structure 34 is permitted and a write access to the data structure 35 is possible.
  • an information path 20 ⁇ provides to the first external interface 31 economicallyge.
  • the control unit 36 is now checked against the access rights information in the information path 33, 20 and SpeI ⁇ chert the provided data corresponding to the determined access rights. If a read access is requested via a second external interface 32, the access rights of the second external interface 32 to the data are checked on the basis of the established access rights. Again, you can
  • Path information provided by the second computing device and taken into account in the examination of access rights. If the read access is permitted, the data is output via the second interface 32. The data are thus forwarded from a first computing device to a second computing device.
  • the information path 20 includes, for example, information on the role R, on the type T or also an identification ID of the data source.
  • FIG. 3 illustrates an application scenario of the described storage device 30 and a data transfer device 48.
  • a first zone 40 of a data network is for example a game ⁇ automation network. Therein, components 41, 42, 43, for example field devices, are connected.
  • Such a first network zone 40 usually has particularly high levels Requirements with respect to data security, in particular, when used as a backup system, for example, the train control ⁇ or Glassignal horrung or even in power plants.
  • Such a first network zone 40 is usually formed as a closed network and a data transfer from a less secure second network zone 45 into the first network zone 40 or the transmission of data from the first network zone into the second network zone 45 is only possible under strict conditions.
  • the memory device 30 serves as a data lock and forms together with two computing devices 44, 47 as a lock computer, a data transmission device 48, which is also referred to as a data gateway.
  • the memory device 30 is illustrated here in simplified form and corresponds to the memory device 30 shown in detail in FIG. 4. It comprises a first external interface 31 to which a first computing device 44 of the first network zone is connected.
  • an interface is referred to as an external interface, via which data can be read into the data loop from outside the data lock or data can be read from the data lock to the outside into a connected computing device.
  • a second external interface 32 of the SpeI ⁇ chervoroplasty 30 is now connected to the second network zone 45, for example, a computing device 47th Through the first and second interface 31, 32, respectively, supplied ⁇ resorted to, since ⁇ th, which are stored on a storage unit 37 may be.
  • the memory device 30 in the formed access rights for the first and second interface ⁇ not only a network separation, but also a controlled data exchange between the first zone 40 and the second zone 45 is possible. If, for example, only one write access to the memory unit 37 is set up for the first interface 31, then data can be written to the memory unit 37 from the first network zone 40. If only one le ⁇ sender access to the memory unit 37 granted for the second interface 32, for example, a diagnostic computer 46, which is connected via an office network with the second interface 32, read diagnostic data in the second zone 45.
  • the storage device 30 is operated in each case with a lock computer, which is connected in each case to one of the external interfaces 31, 32 of the storage device. Both lock computers 44, 47 have access to a common file system that is physically mapped in the storage unit 37 of the storage device.
  • a lock calculator 44 which is connected to the interface 31 may, for example, query and diagnostic data from the field devices 41, 42, 43 save it as a file on the storage unit 37 of the memory device ⁇ . There the file of a
  • Lock computer 47 which is connected to the second interface 32, are read out and transmitted, for example via Internet 45 to a cloud service 46 for evaluation.
  • a firmware update of the second zone 45 in the automation network 40 are transmitted in a controlled manner.
  • represents administratge via a control unit 36 is that the storage units or on the storage Chere unit configured data structures 34, 35, only je ⁇ Weils from one direction are readable or writable.
  • a control unit 36 controls the access rights of the first or second interface 31, 32 to the data or the data structures 34, 35.
  • the control unit 36 monitors the access rights defined for the interfaces 31 and 32, which are shown here schematically as a unit 33 are shown.
  • the access rights can also be configured via short ⁇ bridge, also known as jumpers, or as a DIP switch. Thus, the access right is enforced physically.
  • the access rights can also be specified by a file system which is set up in a complex control unit of the storage device or in the connected computing devices 44, 47.
  • file system data structures such as a partition or a directory or a file read and write permissions for an output to the interface of storage are given chervorraum 30, monitored and thus Runaway sets ⁇ .
  • areas for management data 38, 39 may be formed in the storage unit 37.
  • the memory device 50 in FIG. 5 shows a further embodiment with two interfaces 31, 32, two data structures 34, 35 and a control unit 51.
  • the control unit 51 additionally includes a test function 52, which respectively stores data before reading in and out The data is checked against a test specification by a computing device connected to the interface 31 or 32. This is particularly useful if one of the interfaces is connected to a network zone, can occur in potentially malicious code or Manipu ⁇ lation.
  • the control unit 51 can be used to check the data in the respective data structures before the access is enabled by the other side.
  • As a test specification for ⁇ a checksum of the data can play as evaluated or the compared to the current checksum formed.
  • a computing device connected to the interface 31, 32 may validate a file after reading, for example, perform a format check before the computing device accepts the file.
  • data can be loaded from or to the computing device in the respective network zone.
  • FIG. 6 shows a memory device 60 in which two control units 61, 63 are formed as an alternative implementation variant , each of which converts an input or output rule 62, 64, also called access policy.
  • An access to the memory unit or the data structures is only possible via the control unit if access is allowed entspre ⁇ accordingly the respective input and output rules.
  • a control unit is divided into two separate instances as an input control unit 63 and an output control unit 61, which respectively check data written to the memory unit 65 against input rules 64.
  • the output control unit 61 verifies the read data ge ⁇ genüber output rules 62 before this advertising output via the interface 31 to a connected computing device to.
  • the network ⁇ connectivity between a first and second network zone is interrupted.
  • a corresponding configuration, that is about the access rights, the read and write permissions can accordingly limita ⁇ ken depending on the interface.
  • an asynchronous treatment can be achieved per forward direction.
  • data can be buffered and checked or validated according to different criteria.
  • interface By defining interface from ⁇ pending permissions to sub-structures of the storage unit, so by setting up partitions, directory Sources or files and access rights directed to them can flexibly separate data streams and forward them according to various rules or even store them.
  • the transfer of different types of data can be taken into account very flexibly.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Automation & Control Theory (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

La présente invention concerne un dispositif mémoire (30) pour transmettre des données entre au moins deux dispositifs informatiques qui sont associés à des zones réseau (40, 45) différentes. Le dispositif selon l'invention comprend au moins une unité mémoire (37) pour stocker des données, au moins deux interfaces (31, 32) menant vers l'extérieur, auxquelles respectivement l'un des dispositifs informatiques extérieurs peuvent être raccordés pour permettre la lecture et/ou l'écriture de données, et au moins unité de commande (36) qui est conçue pour établir des droits d'accès aux données de l'unité mémoire (37) en fonction d'au moins deux des interfaces (31, 32) menant vers l'extérieur. Cela permet par exemple une transmission de données exclusivement d'un premier dispositif informatique à un second dispositif informatique.
EP17735058.4A 2016-07-19 2017-06-27 Dispositif mémoire, dispositif de transmission de données et procédé pour transmettre des données Withdrawn EP3469778A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE102016213164.8A DE102016213164A1 (de) 2016-07-19 2016-07-19 Speichervorrichtung, Datenübertragungsvorrichtung und Verfahren zum Übertragen von Daten
PCT/EP2017/065750 WO2018015111A1 (fr) 2016-07-19 2017-06-27 Dispositif mémoire, dispositif de transmission de données et procédé pour transmettre des données

Publications (1)

Publication Number Publication Date
EP3469778A1 true EP3469778A1 (fr) 2019-04-17

Family

ID=59276723

Family Applications (1)

Application Number Title Priority Date Filing Date
EP17735058.4A Withdrawn EP3469778A1 (fr) 2016-07-19 2017-06-27 Dispositif mémoire, dispositif de transmission de données et procédé pour transmettre des données

Country Status (5)

Country Link
US (1) US20210286906A1 (fr)
EP (1) EP3469778A1 (fr)
CN (1) CN109565502A (fr)
DE (1) DE102016213164A1 (fr)
WO (1) WO2018015111A1 (fr)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
ES2948909T3 (es) * 2019-06-14 2023-09-21 Siemens Mobility GmbH Sistema informático y procedimiento para operar un sistema informático
CN114008982B (zh) * 2019-06-14 2023-07-21 西门子交通有限公司 计算设备和用于运行计算设备的方法

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN2684479Y (zh) * 2004-03-31 2005-03-09 南京南瑞集团公司信息系统分公司 单向连接网络安全隔离装置
KR101203804B1 (ko) * 2009-04-10 2012-11-22 닉스테크 주식회사 보안 이동형 저장장치 및 그 제어 방법
US20110041005A1 (en) * 2009-08-11 2011-02-17 Selinger Robert D Controller and Method for Providing Read Status and Spare Block Management Information in a Flash Memory System
CN101751233B (zh) * 2009-12-31 2012-07-04 成都索贝数码科技股份有限公司 存储设备容量的扩展方法及系统
US9130937B1 (en) * 2011-03-07 2015-09-08 Raytheon Company Validating network communications
US8590005B2 (en) 2011-06-08 2013-11-19 Adventium Enterprises, Llc Multi-domain information sharing
WO2014061583A1 (fr) * 2012-10-15 2014-04-24 日本電気株式会社 Nœud de communication, dispositif de commande, système de communication, procédé de traitement de paquets, et programme
DE102013212525A1 (de) * 2013-06-27 2014-12-31 Siemens Aktiengesellschaft Datenspeichervorrichtung zum geschützten Datenaustausch zwischen verschiedenen Sicherheitszonen
DE102013216847B4 (de) * 2013-08-23 2023-06-01 Siemens Mobility GmbH Verfahren, Vorrichtung und System zur Überwachung einer Sicherheits-Netzübergangseinheit

Also Published As

Publication number Publication date
DE102016213164A1 (de) 2018-01-25
US20210286906A1 (en) 2021-09-16
CN109565502A (zh) 2019-04-02
WO2018015111A1 (fr) 2018-01-25

Similar Documents

Publication Publication Date Title
EP2981926B1 (fr) Dispositif de stockage de données permettant un échange de données protégé entre différentes zones de sécurité
DE112020005786T5 (de) Systeme und verfahren zum ermöglichen eines hochverfügbaren verwalteten ausfallsicherungsdienstes
DE69531112T2 (de) Mechanismus zum verknüpfen von dateien auf einem emulierten system mit dem zentralsystem für den zugriff durch emulierte systembenutzer
DE10197063B4 (de) Verfahren und Einrichtung zum Verhindern eines unberechtigen Zugriffs durch ein Netzwerkgerät
EP3625950B1 (fr) Dispositif de traitement de données, dispositif total et procédé pour faire fonctionner un dispositif de traitement de données ou un dispositif total
DE112019000485T5 (de) System und verfahren zum bereitstellen der sicherheit für einfahrzeuginternes netzwerk
DE102006051186A1 (de) Infrastruktur-Servicearchitektur für Applikationen
EP3437297A1 (fr) Procédé et système de contrôle d'intégrité permettant la surveillance de l'intégrité sans effet rétroactif
EP3763089B1 (fr) Procédé et système de contrôle pour le contrôle et/ou la surveillance d'appareils
AT506735B1 (de) Verteilte datenspeicherungseinrichtung
EP3023896A1 (fr) Procédé de transmission de jeux de données médicales
EP3469778A1 (fr) Dispositif mémoire, dispositif de transmission de données et procédé pour transmettre des données
EP3655876B1 (fr) Système sur puce, procédé pour faire fonctionner un système sur puce et véhicule à moteur
EP3718263B1 (fr) Procédé et système de contrôle pour le contrôle et/ou la surveillance d'appareils
DE102014206989A1 (de) Verfahren und System zur deterministischen Autokonfiguration eines Gerätes
DE10241974B4 (de) Überwachung von Datenübertragungen
EP3723007B1 (fr) Procédé et système de commande permettant de commander l'exécution des transactions
DE102013209264A1 (de) Verfahren zum Betreiben eines Kommunikationsmoduls und Kommunikationsmodul
EP1924945B1 (fr) Procede pour ameliorer la fiabilite d'appareils electroniques et support de donnees approprie
EP4148605A1 (fr) Exécution d'opérations privilégiées dans un conteneur
DE102016008957A1 (de) Direkter Zugriff auf Bussignale in einem Kraftfahrzeug
EP3945702A1 (fr) Communication basée sur les canaux dans un réseau iot
DE102012111181A1 (de) Speichersystem, insbesondere Cloud Storage System, und Computerprogrammprodukt
EP4250146A1 (fr) Interaction des entités physiques
EP4343545A1 (fr) Attribution automatique de justificatifs d'identité modifiés à des fins de diagnostic pour des instances de conteneurs de travail déjà initiées

Legal Events

Date Code Title Description
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: UNKNOWN

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE

PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE

17P Request for examination filed

Effective date: 20190108

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

AX Request for extension of the european patent

Extension state: BA ME

DAV Request for validation of the european patent (deleted)
DAX Request for extension of the european patent (deleted)
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: EXAMINATION IS IN PROGRESS

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: EXAMINATION IS IN PROGRESS

17Q First examination report despatched

Effective date: 20200604

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20201015