EP3692457A1 - Verfahren und system zum bereitstellen einer datentechnischen funktion mittels eines datenverarbeitungssystems eines spurgebundenen fahrzeugs - Google Patents
Verfahren und system zum bereitstellen einer datentechnischen funktion mittels eines datenverarbeitungssystems eines spurgebundenen fahrzeugsInfo
- Publication number
- EP3692457A1 EP3692457A1 EP18800531.8A EP18800531A EP3692457A1 EP 3692457 A1 EP3692457 A1 EP 3692457A1 EP 18800531 A EP18800531 A EP 18800531A EP 3692457 A1 EP3692457 A1 EP 3692457A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- authentication
- data
- unit
- data processing
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- B—PERFORMING OPERATIONS; TRANSPORTING
- B60—VEHICLES IN GENERAL
- B60R—VEHICLES, VEHICLE FITTINGS, OR VEHICLE PARTS, NOT OTHERWISE PROVIDED FOR
- B60R16/00—Electric or fluid circuits specially adapted for vehicles and not otherwise provided for; Arrangement of elements of electric or fluid circuits specially adapted for vehicles and not otherwise provided for
- B60R16/02—Electric or fluid circuits specially adapted for vehicles and not otherwise provided for; Arrangement of elements of electric or fluid circuits specially adapted for vehicles and not otherwise provided for electric constitutive elements
-
- B—PERFORMING OPERATIONS; TRANSPORTING
- B60—VEHICLES IN GENERAL
- B60R—VEHICLES, VEHICLE FITTINGS, OR VEHICLE PARTS, NOT OTHERWISE PROVIDED FOR
- B60R25/00—Fittings or systems for preventing or indicating unauthorised use or theft of vehicles
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/102—Entity profiles
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
- H04L9/3213—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3231—Biological data, e.g. fingerprint, voice or retina
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3234—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/082—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying multi-factor authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
Definitions
- the invention relates to a method and a system for Be providing a data processing function by means of a data processing system of a track-bound vehicle.
- a key switch is used to enable or disable data-related functions based on the position of the key switch. Only users who have a suitable (suitable) key can activate the data-technical function.
- a method for providing a data processing function by means of a data processing system of a track-bound vehicle ge triggers comprises: generating an authentication token by means of an authentication unit based on an authentication process, wherein the authentication token is a session of a user of the data processing identification system, and providing the data technical function by means of a server unit of the data processing system based on the authentication token.
- the invention is based on the recognition that data-technical functions, such as operator actions, the display of information, etc., are called in vehicles from different users. It is desirable that the data-technical functions different users or user groups user-related or user-specific to make available. Certain data-related functions should only be accessible by authorized users or user groups.
- the data-related functions provided are coupled, for example, to a key switch position.
- the schwtech function is provided only to the user who has the appropriate conclusions, and exclusively, while the key switch occupies a position provided for the activation of the function.
- the known solutions are characterized by the fact that for each data-related function, such as access to diagnostic data, a separate authentication is required. Consequently, the known solutions are statically out of the management of user rights.
- the solution according to the invention solves these problems by generating an authentication token by a central authentication service.
- the token identifies a session of a user of the data processing system.
- different data-technical functions can be provided.
- the user rights can be changed in a particularly simple way by means of data-technical access to the authentication unit and adapted according to the wishes of the operator of the data processing system.
- the access to the authentication unit is restricted to users belonging to the operator of the data processing system and / or the track bound vehicle.
- the track-bound vehicle is preferably formed as a train driving tool.
- the data processing system preferably comprises a communication system, which comprises at least one Ethernet network and different data telecommunication devices (systems) connected to the respective Ethernet network.
- the participants can communicate via the respective Ethernet network (exchanging data, for example).
- these can be logically separated, for example as virtual local area networks (VLANs), to allow data streams from one another separate.
- the communication network preferably comprises a Bet reibetz, which is physically separated from a control network of the rail vehicle and may be technically connected to the control network data.
- control network as a network which comprises one or more components for vehicle control (control technology)
- control technology e.g drive and brake components
- systems can also be used to output information to passengers and on-board personnel, the automated operation of a sanitary cell, the management of communication between the rail vehicle and the country side, etc., belong to the control network, the components being connected to one another via the control network in terms of control and communication technology.
- Components that are connected to the operator network for data purposes can be, for example, a passenger information system (FIS) and / or a camera monitoring system for monitoring the interior and exterior of the railway vehicle (CCTV: Closed Circuit Television).
- FIS passenger information system
- CCTV Closed Circuit Television
- the corre sponding components of the FIS or camera surveillance system are data technology via the operator network together a related party.
- the user can be assigned to one or more user groups. Certain data-related functions are available to a particular user group (or the user group is blocked for certain technical functions). For example, user groups may be provided for maintenance, cleaning, vehicle accompaniment or vehicle guidance. Certain user actions may only be carried out by authorized user groups. For example, the retrieval of diagnostic sedates (as an example of a data-technical function) is intended exclusively for the user group "maintenance".
- the expert understands by the term "data-technical function" all functions which are provided by the data processing system
- the data-technical function can, for example, comprise the operation of a component connected to the communication network by means of a user interface retrieve data from the data processing system.
- the authentication unit is preferably designed as an authentication server with an authentication service.
- the authentication service includes a Remote Authentication Dial-in User Service (RADIUS).
- RADIUS Remote Authentication Dial-in User Service
- the authentication server is a central server within the data processing system of the tracked vehicle, which is available to various subscribers of the communication network via the Ethernet network.
- the authentication server has a memory on which data about the user, data on an assignment of the user to a user group or multiple user groups and / or data on user rights associated with the user are stored.
- the server unit can transmit the data-related function immediately upon receipt of the authentication function.
- the server unit can use a received authentication token to determine independently or with the aid of another component of the data processing system, which data technology function is to be provided.
- the authentication process comprises: providing authentication information by means of an authentication séesss Maschinen and generating the authentication token by means of the authentication unit based on the authentication information.
- the authentication process comprises, in particular, those method steps which, in common usage, are referred to as "logging on of the user”.
- the skilled person preferably understands that the authentication token is generated when the user has successfully authenticated himself.
- authentication the checking of the authenticity of the user by means of the authentication unit
- authentication the attestation of the authenticity by the authenticating unit.
- the terms “authenticate” and “authenticate” are often combined under the term “authenticate”.
- the authentication unit generates the authentication information based on an application
- An identification medium which provides at least one user information, in particular a smart card, and / or
- a biometric feature of the user which is detected by a reader.
- the authentication unit comprises an authentication device, to which the user by means of a thentleitersmiesmedium, for example by means of the key, the smart card or the biometric feature, a Authentication is performed.
- the authentication device can, for example
- a smart card reader for receiving the smart card, a fingerprint reader for reading the user's fingerprint (as a biometric feature) and / or a camera unit for detecting the user's face (as a biometric feature)
- smart card preferably as a plastic card, which has at least one inte grated circuit and preferably a memory cher, a microprocessor, etc. has.
- the electronic key may preferably be formed by a soft ware key material, which is stored on a terminal device of the user.
- the software key material may be stored as a user on a smartphone of a driver residing in the driver's car.
- the software key material can be transmitted to the vehicle via Bluetooth or WLAN (WLAN: Wireless Local Area Network).
- the authentication unit preferably comprises a control computer, which is connected to the data processing system, in particular to the Ethernet network.
- the control computer reads out the information generated by the authentication device, generates the authentication information on the basis of this information and sends the authentication information via the Ethernet network to the authentication unit.
- the transmission of the authentication information to the authenticating unit is preferably carried out in encrypted form.
- the authentication token is invalidated and / or deleted at a termination of the session. This ensures that the authentication token is the session identified by the user.
- the termination of the session is triggered by a user logoff.
- the session may be terminated at the expiration of a predetermined period of time. This may result in the user having to log in again while using the data processing system.
- the authentication token is transmitted to a user interface, which is designed to retrieve the function by the user.
- the user interface can use the authentication token for different purposes. For example, the user interface is activated upon receipt of the authentication token. Alternatively or additionally, the user interface may use the authentication token to restrict provided functions. The presence and / or design of the authentication token for the user interface preferably serve as a decision criterion as to whether a data-technical function is to be made available. Alternatively or additionally, the data processing function can be requested by the user interface based on the authentication token at the server unit.
- the user interface comprises an operator display.
- the operator display is as
- Touchscreen display formed on the technical data functions such as the display of information and / or operating functions are provided.
- the authentication token is transmitted from the authentication unit to the user interface. Further preferably, the authentication token is stored by means of a memory unit of the user interface. In order for the user interface to provide the function provided by the server unit to a user.
- the user interface is databank, in particular via the communication network, connected to the Sever unit.
- the authentication token of the request is attached to a request for the data processing function, which is addressed by the user interface to the server unit.
- the user interface requests the data processing function at the server unit.
- the server unit provides the da fortune function centrally available. Based on the attached authentication token, the server unit can check the request. This prevents a data-technological attack on the data processing system from being made possible by manipulation of the user interface.
- the server unit is located away from the user interface.
- the person skilled in the art understands the term "removed” to mean that the user has no direct, mechanical access to the server unit, for which the server unit is preferably arranged in a protected area (not accessible to the user) of the rail vehicle ,
- the request is triggered by an operator action of the user.
- the Ser ver unit checks an authorization of the request with the help of the authentication unit. This achieves centralized control of user permissions based on tokens. The central role is played by the authentication unit.
- Various components of the data processing system eg, the server unit
- the Server unit provides the data-related function only if the verification of the authentication token by the authentication unit is successful.
- the authorization of the request is preferably checked by means of the authentication unit during a first request within one session. For subsequent requests within the session, a check by the authentication unit is no longer required.
- the authentication with the aid of the authentication unit is carried out in a preferred development by the authentication unit receiving the authentication token from the server unit, checking the associated authorization, and authorization information which checks the authorization of the user represents, provides.
- a central control of entitlements of the user based on the token is enabled.
- the validity of the token is checked by the authentication unit and, in addition, authorizations of the user as authorization information are provided by the authentication unit.
- the authentication unit sends the authorization information to the server unit.
- data-related functions are provided by the server unit. For this purpose, whoever transmits the data underlying the respective function to the user interface.
- the data processing function is provided by the server unit depending on the authorization information.
- the authentication token which sends the Sever unit to the authentication unit for checking forms the basis for providing the data-related function.
- the server unit In addition, based on the authorization information determine which data-related functions to be provided.
- the provision of the data-technical function comprises providing information with the server unit for display by means of a user interface.
- the display of the information by means of the user interface is triggered by the user requesting the information by actuating a touch screen of the user interface.
- the server unit Upon request (if a valid authentication token is present), the server unit provides the information for display by the user interface.
- the information is transmitted to the user interface for the display and displayed by the user interface.
- the provision of the data-technical function comprises providing data to a data interface of the data processing system.
- the data is provided by the server unit and transmitted to the data interface.
- a maintenance PC and / or a diagnostic device is connected to the data interface.
- the data interface preferably comprises a USB-to-Ethernet bridge, which provides a connection between the Ethernet network and a USB port of the data interface (USB: Universal Serial Bus).
- the data interface further preferably comprises a computing unit for processing data and a memory.
- a preferred development of the embodiment comprises: data-technical connection of a memory unit to the data interface, querying the data by means of the data interface at the server unit and providing the data by means of the server unit.
- the memory unit comprises a USB data memory which is carried by the user and connected to the USB port of the data interface.
- the request is made by closing the server unit from the data interface sig nalformat that the memory unit is connected to the data interface. Further preferably, the data are prepared by the server unit in response to the request and transmitted to the data interface.
- the data is provided to the data interface after completion of an authentication process, in particular an authentication process of the type previously described.
- the authentication token generated during the authentication process is preferably transmitted to the data interface and more preferably from the memory of the data interface saved. Further preferably, the authentication token of the request, which is directed by the data interface to the server unit, attached.
- authorization information which represents authorization of the user, is transmitted to the server unit after completion of the authentication process.
- the computer unit of the data interface After connecting the memory unit, in particular the USB data memory, to the data interface, the computer unit of the data interface establishes a data connection to the server unit. For this a connection request is directed to the server unit.
- the server unit receives the connection request and uses the authorization information to determine which data-related function is to provide. For example, the server unit uses the authorization information to determine which data is to be provided for the data interface.
- the invention further relates to a system for providing a data processing function by means of a data processing system of a tracked vehicle.
- the system comprises: an authentication unit configured to generate an authentication token based on an authentication process, wherein the authentication token identifies a session of a user of the data processing system, and a server unit that configures is to provide the data-related function based on the authentication token.
- the invention further relates to a computer program product which can be at least partially loaded directly into a memory of a Ser ver unit, at least partially loaded directly into a memory of an authentication unit and software code sections, with which the method of the type described above are performed can if the product is running on a computer of the server unit and a computer of the authentication unit.
- the invention further relates to a server unit for a data processing system of a lane-bound vehicle, which is designed to provide a data-related function based on an authentication token identifying a session of a user of the data processing system and to provide the authentication token from an authen tification unit, which is designed to generate the authentication token based on an authentication process.
- FIG. 1 shows a schematic structure of a system according to egg nem embodiment of the invention
- FIG. 2 shows a schematic flow diagram of an authentication process according to the invention
- Figure 3 is a schematic flow diagram of a method according to a first embodiment of the inven tion and
- Figure 4 is a schematic flow diagram of a method according to a second embodiment of the inven tion.
- Figure 1 shows a vehicle 1, which is designed as a track-bound vehicle 2, in a schematic (an view.
- the track-bound vehicle 2 has a communication system 4 which comprises at least Ethernet networks 5, 6 and 7. To the Ethernet networks 5, 6 and 7 different participants are connected in terms of data technology and connected via the Ethernet networks 5, 6 and 7.
- the communication system 4 together with its data technically connected participants forms a data processing system. 8
- a server unit 10 is technically connected to the Ethernet network 7.
- the server unit 10 provides several different data processing functions.
- the server unit 10 provides information for display via a user interface 12.
- the user interface 12 is designed as an operator display 13 with a touch-sensitive display area (so-called touchscreen).
- a Be user 14 functions of the data processing system 8 can be provided.
- 14 information can be displayed to the user and / or the user 14 can operate a component of the data processing system 8 via the operator display 13.
- the server unit 10 and the user interface 12 are data technically connected to each other via the Ethernet network 7.
- the invention is based on the desire to provide the user 14 data technical functions based on user authorization.
- an authentication process is carried out.
- FIG. 2 shows a schematic flow diagram which represents the method steps carried out as part of the authentication process.
- the user 14 logs on to the vehicle 1 using an authentication unit 16.
- the login takes place by plugging in a user-14 personally ordered smart card 17 in a smart card reader 18 (Ver process step A).
- authentication information is transmitted to a control unit 20 in a method step B.
- the logon takes place by inserting a mechanical key 21 into a mechanical lock 22 and / or by reading out a biometric feature, for example a fingerprint by means of a fingerprint reader 19.
- the control unit 20 is connected by data technology to the Ethernet network 5.
- the authentication information is transmitted to an authentication unit 24.
- the authentication unit 24 is formed as a server 25 with authentication service, in particular a Remote Authentication Dial-In User Service (RADIUS).
- the server 25 is used within the vehicle 1 as a central server or service for authenticating Benut zern.
- the server 25 If there are user data associated with the received authentication information on the server 25, the server 25 generates an authentication token in a method step D.
- the authentication token identifies a session of the user 14. In other words, the authentication token loses its validity and / or is deleted when the session ends. The termination of the session is triggered, for example, by logging off the user 14.
- FIG. 3 shows a schematic flow diagram which represents the method steps carried out in the context of a first exemplary embodiment.
- a method step E the authentication token is transmitted to the user interface 12 via the Ethernet network 5, 6, 7.
- the user interface 12 stores the authentication token by means of a storage unit.
- the user 14 When operating the user interface 12, the user 14 calls a data processing function in a method step F. For example, by operating the user interface 12 as a data-related function, the user 14 requests display of information by means of the user interface 12. In response to this action of the user 14, in a method step G, a request for the function from the user interface 12 to the server unit 10 sent. The request will receive the authentication token for the Transmission to the server unit 10 in a step GG attached.
- the server unit 10 checks an authorization of the request in that the server unit 10 sends the authentication token to the authentication unit 24 via the Ethernet network 6.
- the authentication unit 24 receives the authentication token from the server unit 10 in a method step J.
- the authentication unit 24 checks an associated authorization (which is assigned to the authentication token) and in a method step L provides authorization information, which the permission of the user 14 represents ready.
- the authorization information which represents credentials of the user and authorizations of the user, are transmitted to the server unit 10 in a method step M.
- the server unit 10 provides the information to be displayed on the basis of the received authorization information in a method step N and transmits it to the user interface 12.
- the information is shown in a method step 0 by means of the user interface 12.
- the method steps H to L are to be carried out in particular during a first-time request by means of the user interface 12 within a session.
- the se can provide data-technical functions on the basis of the authorization information until the end of the session.
- FIG. 4 shows a schematic flow diagram which represents the method steps carried out in the context of a second exemplary embodiment.
- authentication tokens generated during the authentication process are transmitted to a data interface 32 (via the Ethernet network 5, 6, 7) and stored by a memory of the data interface.
- authorization information of the user 14 is transmitted from the authentication unit 24 to the server unit 10 via the Ethernet network 6 (method step P).
- a method step Q the user 14 connects a memory unit 30 in the form of a USB memory 31 to the data interface 32.
- the connection is beispielswei se by inserting the USB memory 31 in the data intersection point 32.
- a data connection to the server unit 10 ago is a computing unit of the data interface.
- a connection request to the ser Ver unit 10 is directed.
- the server unit 10 receives the connection request.
- a method step R the data interface 32 queries the server unit 10 for data which are provided for storage on the memory unit 30.
- the terrorismstel le 32 includes a USB-to-Ethernet bridge, which provides a Ver connection between the Ethernet network 7 and a USB port of the data interface available (USB: Universal Serial Bus).
- Inquiries R are made by signaling from the data interface 32 to the server unit 10 that the USB memory 31 is connected during the connection.
- the server unit 10 checks which data is provided for a memory on the USB memory 31. Depending on the authorization information, the server unit 10 provides the data in a method step S. For example, the server unit 10 uses the authorization information to determine which data is available for the data interface. be presented. In a method step T, the provided data are transmitted via the Ethernet network 7 to the data interface 32 in order to be stored on the memory unit 30.
Abstract
Description
Claims
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
DE102017221300.0A DE102017221300A1 (de) | 2017-11-28 | 2017-11-28 | Verfahren und System zum Bereitstellen einer datentechnischen Funktion mittels eines Datenverarbeitungssystems eines spurgebundenen Fahrzeugs |
PCT/EP2018/079528 WO2019105666A1 (de) | 2017-11-28 | 2018-10-29 | Verfahren und system zum bereitstellen einer datentechnischen funktion mittels eines datenverarbeitungssystems eines spurgebundenen fahrzeugs |
Publications (1)
Publication Number | Publication Date |
---|---|
EP3692457A1 true EP3692457A1 (de) | 2020-08-12 |
Family
ID=64270826
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP18800531.8A Pending EP3692457A1 (de) | 2017-11-28 | 2018-10-29 | Verfahren und system zum bereitstellen einer datentechnischen funktion mittels eines datenverarbeitungssystems eines spurgebundenen fahrzeugs |
Country Status (5)
Country | Link |
---|---|
EP (1) | EP3692457A1 (de) |
CN (1) | CN111406259A (de) |
DE (1) | DE102017221300A1 (de) |
RU (1) | RU2748111C1 (de) |
WO (1) | WO2019105666A1 (de) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP4060946A1 (de) * | 2021-03-16 | 2022-09-21 | Siemens Aktiengesellschaft | Authentifizieren eines gerätes in einem kommunikationsnetz einer automatisierungsanlage |
Family Cites Families (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2005119608A1 (en) * | 2004-06-03 | 2005-12-15 | Tyfone, Inc. | System and method for securing financial transactions |
EP1811421A1 (de) * | 2005-12-29 | 2007-07-25 | AXSionics AG | Sicherheitstoken und Verfahren zur Benutzerauthentifizierung mit dem Sicherheitstoken |
AU2007203701A1 (en) * | 2007-08-08 | 2009-02-26 | Red Crater Global Ltd | Security control over computer access in restricted area |
US8689292B2 (en) * | 2008-04-21 | 2014-04-01 | Api Technologies Corp. | Method and systems for dynamically providing communities of interest on an end user workstation |
DE102008042262B4 (de) * | 2008-09-22 | 2010-05-27 | Bundesdruckerei Gmbh | Verfahren zur Speicherung von Daten, Computerprogrammprodukt, ID-Token und Computersystem |
US8984588B2 (en) * | 2010-02-19 | 2015-03-17 | Nokia Corporation | Method and apparatus for identity federation gateway |
US9734321B2 (en) * | 2011-12-12 | 2017-08-15 | Nokia Technologies Oy | Method and apparatus for providing federated service accounts |
US8966268B2 (en) * | 2011-12-30 | 2015-02-24 | Vasco Data Security, Inc. | Strong authentication token with visual output of PKI signatures |
DE102012218943A1 (de) * | 2012-10-17 | 2014-04-17 | Bundesdruckerei Gmbh | Verfahren zur Initialisierung von Datenbankmitteln |
US9742767B1 (en) * | 2014-09-25 | 2017-08-22 | Google Inc. | Systems, methods, and media for authenticating multiple devices |
DE102014119241B4 (de) * | 2014-12-19 | 2021-04-01 | Knorr-Bremse Systeme für Schienenfahrzeuge GmbH | Verfahren zur Authentifizierunq an einer Steuereinheit eines im Schienenfahrzeug befindlichen Subsystems und Steuereinheit hierfür |
US10893051B2 (en) * | 2015-07-02 | 2021-01-12 | Convida Wireless, Llc | Resource-driven dynamic authorization framework |
CN106375270B (zh) * | 2015-07-24 | 2020-12-08 | 华为技术有限公司 | 令牌生成并认证的方法及认证服务器 |
US9619638B2 (en) * | 2015-08-25 | 2017-04-11 | International Business Machines Corporation | Vehicle operations based on biometric fingerprint analysis |
JP6682254B2 (ja) * | 2015-12-08 | 2020-04-15 | キヤノン株式会社 | 認証連携システム及び認証連携方法、認可サーバー及びプログラム |
-
2017
- 2017-11-28 DE DE102017221300.0A patent/DE102017221300A1/de active Pending
-
2018
- 2018-10-29 WO PCT/EP2018/079528 patent/WO2019105666A1/de unknown
- 2018-10-29 EP EP18800531.8A patent/EP3692457A1/de active Pending
- 2018-10-29 CN CN201880076717.0A patent/CN111406259A/zh active Pending
- 2018-10-29 RU RU2020116390A patent/RU2748111C1/ru active
Also Published As
Publication number | Publication date |
---|---|
DE102017221300A1 (de) | 2019-05-29 |
RU2748111C1 (ru) | 2021-05-19 |
WO2019105666A1 (de) | 2019-06-06 |
CN111406259A (zh) | 2020-07-10 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP2966605B1 (de) | Verfahren und System zur Authentifizierung eines Benutzers | |
DE60131534T2 (de) | Umfassender Authentifizierungsmechanismus | |
EP2338255B1 (de) | Verfahren, computerprogrammprodukt und system zur authentifizierung eines benutzers eines telekommunikationsnetzwerkes | |
DE102014107242A1 (de) | System und Verfahren zur Zugriffskontrolle | |
DE102015005232B4 (de) | Steuern einer Freischaltberechtigung eines Kraftfahrzeugs | |
DE102016201601B4 (de) | Verfahren und Vorrichtungen betreffend insbesondere ein Kraftfahrzeugzugangs- und/oder Start-System | |
DE102016215021B4 (de) | Verfahren und Servervorrichtung zum Konfigurieren eines Weitergabevorgangs einer Zugangsberechtigung zu einem Kraftfahrzeug | |
DE102011078018A1 (de) | System zum Ausführen von Fernfunktionen eines Kraftfahrzeugs | |
DE102004044454A1 (de) | Tragbares Gerät zur Freischaltung eines Zugangs | |
DE10311327A1 (de) | Nutzer-Objekte zur Authentifizierung der Nutzung medizinischer Daten | |
EP1697820B1 (de) | Verfahren zur freischaltung eines zugangs zu einem computersystem oder zu einem programm | |
DE102010010760A1 (de) | Verfahren zur Vergabe eines Schlüssels an ein einem drahtlosen Sensor-Aktor-Netz neu hinzuzufügendes Teilnehmergerät | |
WO2004034334A1 (de) | Zutrittskontrollsystem für türen und verfahren zum betrieb eines solchen zutrittskontrollsystemes | |
WO2019105666A1 (de) | Verfahren und system zum bereitstellen einer datentechnischen funktion mittels eines datenverarbeitungssystems eines spurgebundenen fahrzeugs | |
EP2199944A2 (de) | Verfahren zur Authentifizierung einer Person gegenüber einer elektronischen Datenverarbeitungsanlage mittels eines elektronischen Schlüssels | |
DE102014108162A1 (de) | Verfahren zur Bedienung eines Feldgerätes vermittels eines Bediengerätes | |
EP1525731B1 (de) | Identifikation eines benutzers eines mobilterminals und generierung einer aktionsberechtigung | |
WO2016124506A1 (de) | Verfahren zur berechtigungsverwaltung in einer anordnung mit mehreren rechensystemen | |
EP3657750B1 (de) | Verfahren zur authentifizierung einer datenbrille in einem datennetz | |
DE102015213449B4 (de) | Vorrichtung zum Betrieb eines Fahrzeugs für Car-Sharing und Fahrzeug für Car-Sharing umfassend die Vorrichtung | |
EP3032505B1 (de) | Verfahren zum Betreiben von Bezahlautomaten eines ID-basierten Zugangskontrollsystems für ein Post-Payment-Szenario | |
DE102018215739A1 (de) | Verwendung einer Benutzerschnittstelle eines Fahrgastinformationssystems und/oder Unterhaltungssystems | |
DE102010031932A1 (de) | Verfahren zur Zugangskontrolle und entsprechende Vorrichtung | |
EP2169579A1 (de) | Verfahren und Vorrichtung zum Zugriff auf ein maschinenlesbares Dokument | |
EP3352142A1 (de) | Vorrichtungen, systeme und verfahren zum entriegeln eines schlosses eines schloss-systems |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: UNKNOWN |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE |
|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE |
|
17P | Request for examination filed |
Effective date: 20200508 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
AX | Request for extension of the european patent |
Extension state: BA ME |
|
DAV | Request for validation of the european patent (deleted) | ||
DAX | Request for extension of the european patent (deleted) | ||
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: EXAMINATION IS IN PROGRESS |
|
17Q | First examination report despatched |
Effective date: 20220224 |