EP4128656A1 - Dispositifs, procédé mis en oeuvre par ordinateur et produit-programme informatique pour donner accès à une fonction de commande sur la base d'un objet - Google Patents

Dispositifs, procédé mis en oeuvre par ordinateur et produit-programme informatique pour donner accès à une fonction de commande sur la base d'un objet

Info

Publication number
EP4128656A1
EP4128656A1 EP21739571.4A EP21739571A EP4128656A1 EP 4128656 A1 EP4128656 A1 EP 4128656A1 EP 21739571 A EP21739571 A EP 21739571A EP 4128656 A1 EP4128656 A1 EP 4128656A1
Authority
EP
European Patent Office
Prior art keywords
data
individual features
network application
control functions
reference value
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
EP21739571.4A
Other languages
German (de)
English (en)
Inventor
Thomas JETZFELLNER
Carlos MORRA
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Siemens AG
Original Assignee
Siemens AG
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Siemens AG filed Critical Siemens AG
Publication of EP4128656A1 publication Critical patent/EP4128656A1/fr
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/108Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/088Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3239Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Definitions

  • the invention relates to methods, devices and a system for the security-protected provision of data records, the data records comprising, for example, sensor data.
  • the increasing networking of smart devices e.g. mobile phones, smartwatches
  • production systems means that more and more sensor data is being recorded by these smart devices and production systems.
  • this data is intended to be used to monitor, for example, the production or the transport of objects (e.g. workpieces, food, etc.).
  • a method for identifying an additively manufactured workpiece is known from EP3435272A1.
  • a transaction data set protected by a blockchain includes z.
  • B. program code which can also be referred to as a so-called "smart contract”.
  • the invention relates to a device for granting access to control functions on the basis of an object, comprising: a detection module (110) for detecting individual features (M) of an object (0) by means of a detection device (A); a checking module (120) for calculating a test result based on a comparison of the individual features with a reference value; a control module (120) for granting access to control functions, the control functions being accessed depending on the test result if the test result is sufficiently accurate Correspondence of the reference value with the individual characteristics confirmed.
  • the term "computer” should be interpreted as broadly as possible, in particular to cover all electronic devices with data processing properties.
  • Compu ter can thus be, for example, personal computers, servers, programmable logic controllers (PLC), handheld computer systems, pocket PC devices, cellular phones and other communication devices that can process computer-aided data, processors and other electronic devices for data processing .
  • PLC programmable logic controller
  • computer-aided can mean, for example, an implementation of the method in which a processor in particular carries out at least one method step of the method.
  • computer-aided also means “computer-implemented”.
  • Computer-implemented means, for example, that the method or its method steps are carried out by one processor or by several processors.
  • a processor can be understood to mean, for example, a machine or an electronic circuit.
  • a processor can in particular be a central processing unit (CPU), a microprocessor or a microcontroller, for example an application-specific integrated circuit or a digital signal processor, possibly in combination with a memory unit for storing program commands, act etc.
  • a processor can also be, for example, an IC (integrated circuit), in particular an FPGA (field programmable gate array) or an ASIC (application-specific integrated circuit), or a DSP (Digital Signal Processor) or a graphics processor GPU (Graphic Processing Unit).
  • a processor can also be understood to mean a virtualized processor, a virtual machine or a soft CPU.
  • a “memory unit” or “memory module” and the like can be understood in connection with the invention, for example, a volatile memory in the form of random access memory (RAM) or a permanent memory such as a hard disk or a data carrier.
  • a “module” can be understood to mean, for example, a processor and / or a memory unit for storing program commands To implement or realize a method or a step of the method according to the invention.
  • a module can for example also be a node of the distributed database system which, for example, realizes the specific functions / features of a corresponding module.
  • the respective modules can for example also be separate or independent modules
  • the corresponding modules can include further elements, for example, these elements are, for example, one or more interfaces (e.g. database interfaces, communication interfaces - e.g. network interface, WLAN interface) and / or a ne evaluation unit (e.g. B. a processor) and / or a memory unit.
  • the interfaces can be used, for example, to exchange data (e.g.
  • data can be compared, checked, processed, assigned or calculated, for example with the aid of a computer and / or in an automated manner.
  • data can, for example, be stored, retrieved or made available in a computer-aided and / or automated manner.
  • signal in particular with regard to data and / or information, can be understood to mean, for example, a computer-aided assignment of data and / or information , unique identifier (UID)) is assigned a second datum in which, for example, the first datum is stored in a data record together with the memory address or the unique identifier of the second datum.
  • UID unique identifier
  • providing in particular with regard to data and / or information, can be understood to mean, for example, computer-aided provision Via this interface, for example, corresponding data and / or information can be transmitted and / or sent and / or retrieved and / or received during provision.
  • “providing” can also be understood to mean, for example, loading or saving, for example a transaction with corresponding data. This can be done, for example, on or from a memory module a sending or a transfer) of corresponding data from one node to another node in the block chain or the distributed database system (or its infrastructure) or a network application.
  • a cryptographic checksum or cryptographic hash or hash value which in particular uses a cryptographic hash function over a data set and / or data and / or one or more of the transactions and / or a subarea of a data block (e.g. the block header of a block of a block chain or data block header of a data block of the distributed database system (or the network application) or only part of the transactions of a data block).
  • a checksum can in particular be a checksum (s) or hash value (s) of a hash tree (e.g. Merkle tree, Patricia tree). Furthermore, it can also be understood to mean, in particular, a digital signature or a cryptographic message authentication code.
  • Protection / manipulation protection for the transactions and the data (records) stored in them are implemented. If a high level of security is required, for example, the checksums are generated and checked at the transaction level. If a less high level of security is required, for example the checksums are generated and checked at block level (e.g. over the entire data block or only over part of the data block and / or part of the transactions).
  • a "data block checksum” can be understood in connection with the invention as a checksum that is calculated, for example, over part or all of the transactions of a data block.
  • a node can then, for example, check the integrity / authenticity of the corresponding part of a data block using the data block checksum
  • the data block checksum can in particular also have been formed via transactions of a previous data block / previous data block of the data block.
  • a Merkle tree [1] or a Patricia tree can be realized, the data block checksum in particular being the root checksum of the Merkle tree or a Patricia tree or a binary hash tree.
  • transactions are secured by means of further checksums from the Merkle tree or Patricia tree (e.g.
  • the data block checksum can thus secure the transactions, for example, by forming the root checksum from the other checksums.
  • the data block checksum can in particular be calculated for transactions of a specific data block of the data blocks. In particular, such a data block checksum can enter a subsequent data block of the specific data block in order to concatenate this subsequent data block, for example, with its previous data blocks and in particular to make the integrity of the distributed database system (or the network application) verifiable.
  • the data block checksum can, for example, take over the function of the chaining checksum or can be included in the chaining checksum.
  • the header of a data block (e.g. of a new data block or of the data block for which the data block checksum was formed) can include the data block checksum, for example.
  • transaction checksum can be understood to mean a checksum that is formed in particular over a transaction of a data block Leaves of a Merkle tree, for example, can be used.
  • a “concatenation checksum” can be understood in connection with the invention as a checksum which, in particular, contains a respective data block of the distributed database system (or the network application) the preceding data ten block of the distributed database system (or the network application) specifies or references (in the technical literature in particular often referred to as "previous block hash”)
  • a corresponding concatenation checksum is formed in particular for the corresponding preceding data block.
  • a transaction checksum or the data block checksum of a data block i.e. an existing data block of the distributed database system or the network application
  • the chaining checksum in order to combine a new data block with an (existing) data block of the distributed database system (or the network Application).
  • a checksum it is also possible, for example, for a checksum to be formed over a header of the previous data block or over the entire previous data block and used as a concatenation checksum. This can also be calculated, for example, for several or all of the preceding data blocks.
  • a respective data block of the distributed database system preferably comprises a chaining checksum, which was calculated for a previous data block, in particular even more preferably the data block immediately preceding, of the respective data block or relates to it.
  • a corresponding chaining checksum it is also possible for a corresponding chaining checksum to be formed over only part of the corresponding data block (e.g. the previous data block).
  • a data block can be implemented which comprises an integrity-protected part and an unprotected part.
  • integrity-protected is to be understood in particular to mean that a change in integrity-protected data can be determined by means of a checksum.
  • the data that are stored, for example, in a data block transaction can in particular be provided in different ways.
  • User data such as measurement data or data / ownership of assets, for example, a transaction of a data block can only include the checksum for this data.
  • the corresponding checksum can be implemented in different ways. This can e.g. B.
  • a corresponding data block checksum of a data block (with the corresponding data) of another database or of the distributed database system or network application a transaction checksum of a data block with the corresponding data (of the distributed database system or one of its databases) or a data checksum that over which data was formed.
  • the corresponding transaction can contain a reference or information on a storage location (e.g. an address of a file server and information on where the corresponding data can be found on the file server; or an address of another distributed database that contains the data includes) include.
  • the corresponding data could then, for example, also be provided in a further transaction of a further data block of the distributed database system (or the network application) (e.g. if the corresponding data and the associated checksums are included in different data blocks).
  • this data is provided via another communication channel (for example via another database and / or a cryptographically secured communication channel).
  • an additional data record (for example a reference or an indication of a storage location) can also be stored in the corresponding transactions, which in particular specifies a storage location where the data can be called up. This is particularly advantageous to the extent that a data size of the block chain or the shared database system (or network application) as low as possible.
  • “security-protected” or “cryptographically protected” can be understood to mean protection that is implemented in particular by a cryptographic method. For example, this can be realized by using the distributed database system (or the network application) for the provision or transmission or transmission of corresponding data / transactions. This is preferably achieved by a combination of the different (cryptographic) checksums, in that they interact in particular synergistically in order to improve the security or the cryptographic security for the data of the transactions, for example.
  • “security-protected” in connection with the invention can also be understood to mean “cryptographically protected” and / or “tamper-proof”, where “tamper-proof” can also be referred to as “integrity-protected”.
  • Data blocks of a distributed database system can be understood in connection with the invention, for example, that data blocks each contain information (e.g. concatenation checksum) that refers to another data block or several other data blocks of the distributed database system ( or the network application) or reference them [1] [4] [5].
  • information e.g. concatenation checksum
  • “Insertion into the distributed database system (or into a network application)" and the like can be understood in connection with the invention, for example, that in particular a transaction or the transactions or a data block with its transactions to one or more nodes of a distributed database system If, for example, these transactions are successfully validated (for example by the node (s)), these transactions are in particular considered to be newer Data block concatenated with at least one existing data block of the distributed database system (or network application) [1] [4] [5]. For this purpose, the corresponding transactions are saved in a new data block, for example. In particular, this validation and / or chaining can be carried out by a trustworthy node (for example a mining node, a block chain oracle or a block chain platform).
  • a trustworthy node for example a mining node, a block chain oracle or a block chain platform.
  • a block chain platform can be understood to mean a block chain as a service, as proposed in particular by Microsoft or IBM.
  • a trustworthy node and / or a node can each store a node checksum (e.g. a digital signature) in a data block (e.g. in the data block they have validated and generated, which is then chained) in particular to enable the creator of the data block to be identified and / or to enable the node to be identified.
  • This node checksum indicates which node, for example, has concatenated the corresponding data block with at least one other data block of the distributed database system (or the network application).
  • Transaction can be understood in connection with the invention, for example, a smart contract [4] [5], a data structure or a transaction data record, which in particular comprises one of the transactions or several transactions.
  • transaction or “transactions” can also be understood to mean, for example, the data of a transaction of a data block of a blockchain.
  • a transaction can in particular comprise a program code which, for example, implements a smart contract.
  • a transaction can also be understood as a tax transaction and / or confirmation transaction.
  • a transaction can be, for example, a data structure that stores data (e.g.
  • a "transaction” can for example also be a message or a communication message or be referred to as such. or also includes prerequisites (e.g. specified requirements) for executing the control commands.
  • Direct storage can mean, for example, that the corresponding data block (of the distributed database system / network application) or the corresponding transaction (of the distributed database system / network application) includes the respective data.
  • Indirect storage can be understood to mean, for example, that the corresponding data block or the corresponding transaction includes a checksum and optionally an additional data record (e.g. a reference or an indication of a storage location) for corresponding data and therefore not the corresponding data are stored directly in the data block (or the transaction) (i.e. only a checksum for this data instead).
  • these checksums can be validated, for example, as is explained, for example, under "Insertion into the distributed database system (or into a network application)".
  • a “program code” (for example a smart contract or chain code) can be understood in connection with the invention, for example, as a program command or several program commands that are stored in one or more transactions in particular.
  • the program code can be carried out in particular and is carried out, for example, by the distributed database system (or by the network application).
  • Management environment z. B. a virtual machine
  • the program code is preferably executed by the infrastructure of the distributed database system (or the network application) [4] [5].
  • a virtual machine is implemented through the infrastructure of the distributed database system (or the network connection).
  • a “smart contract” (or also called a chain code) can be understood to mean, for example, an executable program code [4] [5] (see in particular the definition of “program code”).
  • the smart contract is preferably stored in a transaction of a distributed database system (e.g. a block chain) or a network application, for example in a data block of the distributed database system or the network application.
  • the smart contract can be executed in the same way as is explained in the definition of “program code”, in particular in connection with the invention.
  • a “smart contract process” or a “smart contract” can in particular also mean executing a program code or a smart contract in a process through the distributed database system or its infrastructure.
  • proof of work can be understood to mean, for example, solving a computationally intensive task that is to be solved in particular depending on the data block content / content of a specific transaction [1] [4] [5 Such a computationally intensive task is also known as a cryptographic puzzle, for example.
  • a “network application” can be, for example, a distributed database system or distributed communication Under a "network application", in connection with the invention, for example, a decentrally distributed database, a distributed database system, a distributed database, a peer-to-peer application, a distributed memory management system, a blockchain , a distributed ledger, a distributed storage system, a distributed ledger technology (DLT) based system (DLTS), an audit-proof database system, a cloud, a cloud service, a block chain in a cloud or a peer-to-peer database
  • a network application (or also referred to as a network application) can be a distributed database system that is implemented, for example, by means of a block chain (e.g.
  • Hyperledger or a distributed ledger Implementations of a block chain or a DLTS are used, such as a block chain or a DLTS, which are generated by means of a Directed Acylic Graph ( DAG), a cryptographic puzzle, a hash graph or a combination of the implementation variants mentioned [6] [7] is implemented.
  • DAG Directed Acylic Graph
  • Cryptographic puzzle e.g., a hash graph or a combination of the implementation variants mentioned [6] [7]
  • Different consensus algorithms can also be implemented, for example. This can be, for example, a consensus procedure using a cryptographic puzzle, Gossip about Gossip, Virtual Voting or a combination of the procedures mentioned (e.g. Gossip about Gossip combined with Virtual Voting) [6] [7].
  • a “distributed database system” or a “network application” can also be understood, for example, as a distributed database system or a network application, of which at least part (or all parts) of its nodes and / or devices and / or infrastructure are realized by a cloud.
  • the corresponding components are implemented as nodes / devices in the cloud (e.g. as a virtual node in a virtual machine). This can be done using VM-Ware, Amazon Web Services or Microsoft Azure, for example.
  • DAG Directed Acylic Graph
  • the distributed database system or the network application can be, for example, a public distributed database system or a public network application (e.g. a public block chain) or a closed (or private) distributed database system or a closed network Application (e.g. a private block chain).
  • a public distributed database system or a public network application e.g. a public block chain
  • a closed (or private) distributed database system or a closed network Application e.g. a private block chain
  • the operators of the nodes and / or devices can remain anonymous in such a case.
  • the distributed database system or the network application is, for example, a closed distributed database system
  • new nodes and / or devices require, for example, valid credentials and / or valid authentication information and / or valid credentials and / or valid login information to be able to to be able to join a distributed database system or the network application or to be accepted by it.
  • a distributed database system or the network application it can also be, for example, a distributed communication system for data exchange. This can, for example, be a network or a peer-to-peer network.
  • a / the distributed database system can also be, for example, a decentralized distributed database system and / or a decentralized distributed communication system.
  • a "network application” can also be a network application infrastructure, for example, or the network application comprises a corresponding network application infrastructure.
  • This infrastructure can be nodes and / or communication networks and / or data interfaces and / or other components, for example
  • the network application can, for example, be a distributed network application (for example a distributed peer-to-peer application or a distributed database system) which is executed, for example, on several nodes of the network application infrastructure.
  • a distributed database system which can also be referred to as a distributed database, for example, in connection with the invention, a decentrally distributed database, a blockchain, a distributed ledger, a distributed storage system, a distributed ledger technology (DLT) based system (DLTS), an audit-proof database system, a cloud, a cloud service, a block chain in a cloud or a peer-to-peer database.
  • DLT distributed ledger technology
  • DLTS distributed ledger technology
  • an audit-proof database system a cloud, a cloud service, a block chain in a cloud or a peer-to-peer database.
  • DAG Directed Acylic Graph
  • cryptographic puzzle a cryptographic puzzle
  • hash graph or a combination tion from the implementation variants mentioned [6] [7].
  • consensus algorithms can also be implemented. This can be, for example, a consensus procedure using a cryptographic puzzle, Gossip about Gossip, Virtual Voting or a combination of the mentioned procedures (eg Gossip about Gossip combined with Virtual Voting) [6] [7]. If, for example, a block chain is used, this can be implemented in particular by means of a Bitcoin-based implementation or an Ethereum-based implementation [1] [4] [5].
  • a “distributed database system” can also be understood, for example, as a distributed database system of which at least some of its nodes and / or devices and / or infrastructure are implemented by a cloud. For example, the corresponding components are available as nodes / devices in the Cloud (e.g.
  • DAG Directed Acylic Graph
  • transactions or blocks or nodes of the graph are connected to one another via directed edges.
  • edges preferably all edges
  • Acyclic means in particular that there are no loops when running through the graph.
  • the distributed database system can be, for example, a public distributed database system (e.g. a public block chain) or a closed (or private) distributed database system (e.g. a private block chain).
  • the operators of the nodes and / or devices can remain anonymous in such a case.
  • new nodes and / or devices require, for example, a valid credential and / or valid authentication information and / or valid credentials and / or valid login information to access the distributed To be able to join the database system or to be accepted by it.
  • a distributed database system can, for example, also be a distributed communication system for exchanging data.
  • This can be a network or a peer-2-peer network, for example.
  • the invention can also be implemented, for example, by means of a peer-2-peer application instead of the distributed database system.
  • a data block of a distributed database system e.g. a block chain or a peer to peer database
  • a network application which is implemented in particular as a data structure and preferably comprises one of the transactions or several of the transactions.
  • the database or the database system
  • DLTS DLT-based system
  • a data block can, for example, include information on the size (data size in bytes) of the data block, a data block header, a transaction counter and one or more transactions [1].
  • the data block header can, for example, be a version, a chaining checksum, a data block checksum, a time stamp, a proof-of-work certificate and a nonce (one-off value, random value or counter that is used for the proof-of-work certificate) include [1] [4] [5].
  • a data block can, for example, only be a specific memory area or address area of the total data that are stored in the distributed database system. This allows, for example, blockless distributed database systems, such as B. realize the IoT Chain (ITC), IOTA, and Byteball. In particular, the func tionalities of the blocks of a block chain and the Transaktio NEN are combined with one another in such a way that, for. B.
  • the Transaktio NEN itself secure the sequence or chain of transactions (of the distributed database system) (that is, in particular, are stored securely).
  • the transactions themselves can be chained to one another using a chaining checksum, preferably by using a separate checksum or the transaction checksum of one or more transactions as the chaining checksum, which is also saved in the corresponding new transaction when a new transaction is saved in the distributed database system .
  • a data block can, for example, also comprise one or more transactions, wherein in the simplest case, for example, a data block corresponds to a transaction.
  • “nonce” can be understood, for example, as a cryptographic nonce (abbreviation for: “used only once” [2] or “number used once” [3]). or a combination of letters that is preferably used once in the respective context (e.g. transaction, data transmission).
  • previous data blocks of a (specific) data block of the distributed database system can be understood in connection with the invention, for example, the data block of the distributed database system (or the network application), in particular a (specific) data block directly
  • previous data blocks of a (specific) data block of the distributed database system can also be understood to mean, in particular, all data blocks of the distributed database system (or the network application) that precede the specific data block.
  • the chaining checksum or the transaction checksum can only be formed over the data block (or its transactions) directly preceding the particular data block or over all data blocks (or their transactions) preceding the first data block.
  • nodes Under a “block chain node”, “node”, “node of a distributed database system or a network application” and the like, devices (e.g. field devices, cell phones), computers, smart phones, Clients or participants are understood that carry out operations (with) the distributed database system (e.g. a block chain) [1] [4] [5].
  • Such nodes can, for example, transactions of a network application or a distributed database system or their data blocks or insert or link new data blocks with new transactions in the distributed database system (or in the network application) using new data blocks. In particular, this can be validated and / or linked by a trustworthy node (e.g. a Mining Node) or exclusively by trustworthy nodes.
  • a trustworthy node e.g. a Mining Node
  • a trustworthy node is, for example, a node that has additional safe security measures (e.g. firewalls, access restrictions to the node or similar) to prevent manipulation of the node.
  • a trustworthy node can store a node checksum (e.g. a digital signature or a certificate) in the new data block when chaining a new data block with the distributed database system. In this way, in particular, evidence can be provided which indicates that the corresponding data block was inserted by a specific node or indicates its origin.
  • the devices e.g.
  • the corresponding device are, for example, devices of a technical system and / or industrial plant and / or an automation network and / or a manufacturing plant, which in particular is also a node of the distributed database system (or the Network application).
  • the devices can, for example, be field devices or devices in the Internet of Things, which in particular are also a node of the distributed database system (or the network application).
  • Nodes can for example also comprise at least one processor in order to e.g. B. perform their computerim plemented functionality.
  • a node can be configured as a device or, for example, or a node can comprise a device, for example.
  • a "block chain oracle” and the like can be understood to mean, for example, nodes, devices or computers which, for example, have a security module that is implemented, for example, by means of software protection mechanisms (e.g. cryptographic methods), mechanical protective devices (e.g. a lockable housing), electrical protective devices (e.g. tamper protection or a protective system that deletes the data of the safety module in the event of unauthorized use / treatment of the blockchain oracle) or a combination of the possibilities mentioned
  • the security module can include, for example, cryptographic keys or a secret (for example a character string) that are used for the calculation the checksums (e.g. transaction checksums or node checksums) are necessary.
  • a “computer” or a “device” can be understood as meaning, for example, a computer (system), a client, a smart phone, an IoT device, a device or a server, each of which is outside the block chain are arranged and are not part of the infrastructure of the distributed database system (or the network application) or form a separate, separate infrastructure.
  • a device is, for example, a manufacturing device and / or an electromechanical device and / or an electronic device and / or a device of an automation network (e.g. for industrial technical systems, manufacturing systems, energy or resource distribution systems) , In particular, these devices are not able to communicate directly with the distributed database system (directly) or with the network application.
  • Such a device outside the distributed database system (or the network application) cannot access the data of the distributed database system (or the network application), for example, because the device is too old and neither has the necessary cryptographic and / or IT Security capabilities are still compatible with the data format of the distributed database system (or the network application).
  • a device can, for example, also be a node of a network application or a distributed database system.
  • a “separate and / or direct communication channel” can be understood to mean, for example, data transmission (e.g. sending, receiving, transmitting, providing or transmitting) by means of a communication channel
  • data transmission e.g. sending, receiving, transmitting, providing or transmitting
  • Channel transactions / messages are sent faster and a confirmation of this data transmission exchange can be stored in the distributed database system. Since with, for example, important and / or time-critical transactions or messages (z. B. control commands or control transactions) can be transmitted at a higher speed to a corresponding target (z. B. a device) and since z.
  • the slower data transmission of the distributed database system e.g. when replicating the data blocks / transactions) can be avoided.
  • a separate and / or direct communication channel can be built for the invention and the aspects mentioned, exemplary embodiments, embodiments of the invention and its variants for data transmission between a device (and / or nodes).
  • a direct communication channel the transactions / messages are exchanged directly between a sender (e.g. the (first) and a recipient / target (e.g. the device that is to execute, process or evaluate the control commands) without further nodes and / or devices of the distributed database system being involved in this data exchange.
  • nodes and / or devices of the distributed database system can be involved in the data exchange, for example successfully established between the sender and the receiver (in particular a communication connection was established as a result), data can be exchanged between the sender and the receiver in the form of transactions or messages, for example especially a communication link ended) so, for example, a result of the data transmission z. B. in the form of transactions (z. B. as a transfer confirmation transaction or confirmation transaction) stored in the distributed database system (z. B. in data blocks of the distributed database system).
  • the result of the data transmission can be, for example, a confirmation of the transmission or receipt of the corresponding transactions / messages and / or an analysis result and / or the last transaction / message transmitted was transmitted via the separate and / or direct communication channel before the communication channel was closed.
  • the transaction with the result can be saved, for example, by the sender and / or recipient.
  • the analysis result can be, for example, the confirmation of receipt of the message / transaction and / or that the message / transaction and z. B. whose control commands can be processed by the target / recipient (e.g. confirmation of the feasibility by the target).
  • This can, for example, in turn be stored in a transaction (e.g. in a feasibility confirmation transaction).
  • the feasibility confirmation transaction is stored in the distributed database system.
  • the feasibility confirmation transaction includes, for example, a unique identifier for the device that is able to execute the control commands and / or can, for example, specify when the control commands of the message / transaction will be executed at the latest.
  • the executable confirmation transaction includes, for example, data on the execution z. B. how well or to what degree the control commands are processed (e.g. how quickly the control commands are processed, when they are safely processed, how exactly or precisely the control commands are executed - for example when executing production control commands to e.g. B. to document a processing of a workpiece).
  • the feasibility confirmation transaction includes, for example, device-specific data (e.g. type of device; current device status such as ready for operation, maintenance required, error status of the corresponding device; serial number of the device; location of the device; a checksum / Hash of the executed control commands, calculated for example with the aid of the mentioned invention; tools used; materials used or a combination of the mentioned data) of the corresponding device (e.g. the target / recipient) that are relevant for the execution of the control commands, where z. B. the device-specific see data from the corresponding device at the time of confirmation of feasibility by the device. This takes place z. B.
  • device-specific data e.g. type of device; current device status such as ready for operation, maintenance required, error status of the corresponding device; serial number of the device; location of the device; a checksum / Hash of the executed control commands, calculated for example with the aid of the mentioned invention; tools used; materials used or a combination of the mentioned data
  • the corresponding device e.g. the target /
  • the data of the feasibility confirmation transaction can also have been exchanged between the sender and the recipient before the feasibility confirmation transaction z. B. is stored in the distributed database system.
  • the feasibility confirmation transaction can, for example, also be cryptographically protected (for example it can be encrypted or protected by a transaction checksum).
  • the message last exchanged via the communication channel can be stored in the transmission confirmation transaction (z. B. if the communication channel is interrupted) and the transmission confirmation transaction z. B. then be stored in the distributed database system.
  • This most recently exchanged message can be used, for example, to continue the data exchange or the data transmission when the communication channel is set up again.
  • the transfer confirmation transaction can also be cryptographically protected, for example.
  • the transmission confirmation transaction can include, for example, the control commands and / or the control transaction and / or the last message exchanged between the sender and the recipient.
  • a continuation of the data exchange or the data transmission can also be used for other data transmissions, for example, and is not specifically limited to the data transmission or the data exchange of a single message.
  • the separate and / or direct communication channel is advantageous in order to improve a transmission speed and / or transmission latency.
  • a hybrid method is also possible by using, for example, a corresponding communication channel for time-critical control commands (e.g. with high or critical priority. ority) is used.
  • time-critical control commands e.g. with high or critical priority. ority
  • the determination module can determine corresponding instructions for a data transmission of the message, for example when determining the message control data record.
  • an "object” can mean, for example, a physical object, physical goods, a workpiece (e.g. an engine part or an engine part or an electronic component or a circuit board with electronic components), an intermediate product in manufacture, raw material substances (e.g. diamonds, crude oil), food (e.g. milk or bananas) or devices (e.g. electrical devices, electro-mechanical devices, IoT devices, electronic devices or mechatronic devices).
  • a workpiece e.g. an engine part or an engine part or an electronic component or a circuit board with electronic components
  • raw material substances e.g. diamonds, crude oil
  • food e.g. milk or bananas
  • devices e.g. electrical devices, electro-mechanical devices, IoT devices, electronic devices or mechatronic devices.
  • “Individual features” can be understood in connection with the invention, for example, features (for example in the form of data) that are detected by a sensor from or via the object can and can correspond, for example, to a physical quantity (e.g. wavelength of light).
  • the individual features are, for example, object-specific features, i.e., for example, that these features or data are a unique combination of a sequence of ones and zeros (digital fingerprint or a type of unique identifier) in the form of binary-coded data that can, for example, be permanently assigned to a corresponding object or the object
  • the individual features can be, for example, spectroscopic data (which, for example, also a ls spectral data act on the object (e.g. measured spectra, hyperspectral images).
  • the object can be gemstones, crude oil or food, of which z. B. a spectrum for the object or a predetermined position (z. B.
  • the individual features can be, for example, spectroscopic individual features.
  • the indi viduellen features can, for example, also be features that z. B. can not be removed from the object without damaging or changing the object.
  • Corresponding features can, for example, be referred to as intrinsic individual features of the object.
  • the individual features can also be, for example, individual features of a noise signal that z. B. is detected by the detection device (z. B. an oscilloscope).
  • the object is an electronic component, for example, an object-specific noise signal or an object-specific signal (e.g. a signal generator that generates an unchangeable specific signal that can be configured once) can be transmitted via an interface of the object be captured.
  • an object-specific noise signal or an object-specific signal e.g. a signal generator that generates an unchangeable specific signal that can be configured once
  • the noise signal for example, the amplitude of the noise signal can be recorded and / or taken into account for certain resistances and / or attenuations.
  • a predetermined test signal can also be provided by the object, for example, and signal distortions for the individual features can be taken into account.
  • the detection device can send a test signal that z. B.
  • the object or the corresponding circuitry of the object generates a response that z. B. comprises the test signal, the response being transmitted to the detection device.
  • the individual influence of the circuits on the test signal is then used by the recording device as the individual len characteristics recorded.
  • This individual influence can, for example, be a distortion of the test signal.
  • the individual features can be, for example, individual electronic features.
  • the individual features can also be, for example, acoustic features of the object (e.g. engine noises, operating noises). So that, for example, the recording device can record the individual features as simply as possible, the manner and location (e.g.
  • This object data set can for example be provided by the network application or a database (e.g. a distributed database system) or this object data set can be called up to the object by means of a data memory for the acquisition module or for the acquisition device that is enclosed with the object.
  • the object can also include the data memory, for example.
  • the object data record can include information, for example, which type of measurement (e.g. optical, spectral, acoustic, electrical, optoacoustic, multispectral optoacoustic), with which type of sensor (e.g.
  • microphone ultrasonic sensor, infrasound sensor, spectral measuring systems, optoacoustic measuring systems, optoacoustic measuring systems), at which location, over which period and with which measuring parameters (e.g. attenuation; signal filters such as high pass, low pass, band pass, frequencies, wavelengths) are to be carried out in order to determine the individual To capture characteristics.
  • measuring parameters e.g. attenuation; signal filters such as high pass, low pass, band pass, frequencies, wavelengths
  • tolerance values can be taken into account when capturing and / or evaluating and / or comparing and / or checking and / or processing the individual features in order to, for.
  • the corresponding information NEN which are not agile for recording the individual characteristics, are firmly specified.
  • This fixed information can for example be stored for objects of the same type in a network application or a database system (e.g. the distributed database system) or be permanently preconfigured in corresponding devices.
  • An "object-specific characteristic" (or, for example, only referred to as a characteristic) can be understood in connection with the invention, for example, as processed (for example by data processing) individual features which are processed in particular in such a way that the individual characteristic can be reproducibly generated for the same individual features.
  • tolerance values can be taken into account, e.g. to compensate for measurement tolerances or measurement inaccuracies of the recording device.
  • the object-specific characteristic is, for example, a digital fingerprint for the object.
  • the digital fingerprint is calculated, for example, using an algorithm for digital fingerprints (e.g. Rabin's fingerprinting algorithm) If the individual features are, for example, a signal or noise signal, the signal / noise ratio, phase of the signal, frequencies, We All length information and frequency amplitudes are used.
  • the individual features such. B. be evaluated in terms of wavelengths and amplitudes in spectra.
  • the intensity of the wavelength at one or more image positions or positions on the object can be evaluated for the respective wavelengths of the images (or in the corresponding captured images).
  • the corresponding characteristic is calculated for the corresponding individual features, can z.
  • the individual features are preprocessed to compensate for the measurement inaccuracies.
  • measured values of the individual features lie in a possible value range (e.g. 1 to 100). This range of values is divided into predetermined intervals, for example.
  • the individual value intervals are then assigned interval-specific values (e.g. 1 - 20: A, 21 - 40: B, 41 - 60: C, 61 - 80: D, 81 - 100: E).
  • a measured value of the individual features is evaluated or preprocessed, then z. B. checks in which value interval the specific measured value lies and the interval-specific value is used to calculate the digital fingerprint. For the values 1 and 100, for example, the result would be "AE". Other methods can also be used, for example. These are, for example, mean value methods or sliding mean value methods.
  • the corresponding, possibly pre-processed, individual features are then used, for example, as input parameters for an algorithm
  • one of the mentioned variants of preprocessing / processing can be applied to the data (individual features and / or object-specific features) which are used to determine or provide or calculate the first cryptographic key.
  • the pre-processing / processing explained for the corresponding data can be used before they are also used for other purposes
  • the cryptographic checksum can be calculated using this data processed in this way.
  • B. can be used as a secret when calculating the cryptographic checksum (e.g. this can be used for the device).
  • messages can mean, for example, messages of a communication protocol and / or transactions of a database system (e.g. a distributed database system) or a network application.
  • a message can, for example, correspond to the data structure or a message can comprise the data structure.
  • the corresponding message can also include the corresponding cryptographic checksum, for example.
  • a “data structure” can be understood to mean, for example, a message or a transaction.
  • a message or a transaction includes a corresponding data structure.
  • the data structure, the message or the transaction may include a corresponding cryptographic Check sum for the data structure.
  • a “cryptographic key” can be understood to mean, for example, a symmetrical cryptographic key or a private key of an asymmetrical cryptographic key pair or a public key of an asymmetrical cryptographic key pair.
  • a data structure used by the invention can also include further data, such as control commands, in order to e.g. B. to control a further transport or a Wei terprocessing of the object if z. B. was found with the invention that the object is authentic or corresponds to the object for which z. B. already a corresponding data structure (z. B. with a checksum) z. B. was saved in the network application.
  • further data such as control commands
  • a decentralized infrastructure e.g. based on block chains
  • manages real or physical goods e.g. objects
  • processes them e.g. production, Transport and confirmation of their authenticity
  • certain services or services can be provided, for example, if there is a corresponding object with which these services are associated. These services can be activated or released, for example, by means of the control functions.
  • a (digita Ler) service or a corresponding physical object is to use a corresponding service (z. B. in the form of provided control functions) to complete z. B. to control the further processing of an object (e.g. a workpiece) and / or to document its transport and work steps.
  • a corresponding service z. B. in the form of provided control functions
  • the invention makes it possible, in particular, to provide corresponding control functions for a (physical) object in order to use corresponding (digital) services.
  • z. B. for the object identified the allowed control functions, for example, data between the object and z. B. a network application can be exchanged via a corresponding control function.
  • z. B. Data on the status of the object (e.g. a device status, if the object is a device,
  • control functions z. B. such as B. ready for operation, maintenance necessary, error status of the corresponding device
  • the control functions can then, for. B. software updates of the object are made or software updates of other objects or systems are made, the object here z. B. enables the necessary control functions.
  • the individual features of the object are recorded by the recording device, for example, and compared or checked with the corresponding reference value.
  • the individual features can be surface structures of the object, for example, if the object is, for example, a workpiece that was manufactured by means of machining.
  • the detection device e.g. a surface detection device such as a 3D surface scanner or a surface camera
  • the detection device can detect the individual features at predetermined positions of the object, in which case the individual features are, for example, in such a case individual surface features of the property.
  • a digital fingerprint was incorporated into the object in the form of the individual features.
  • This fingerprint or the digital features cannot be determined, for example, with the naked eye and / or without knowledge of the type and position, or can only be determined with considerable technical effort.
  • the information to record the individual features can be stored in a protected memory of the device so that this information cannot be accessed by unauthorized persons.
  • the incorporated fingerprint can be, for example, surface irregularities that are generated during the manufacture of the object.
  • the fingerprint can be implemented by applying colors or particles, with the colors or particles being applied, for example, in such a way that an individual spectrum is generated for the object.
  • different colors / particles can be distributed over the upper surface of the object, so that the example se a geometric spectrum is generated so that, for. B. a predetermined spectrum can be measured at certain positions of the object.
  • the spectrum or the colors / particles are selected, for example, in such a way that they are not in the spectrum that is visible to the human eye.
  • This can, for example, be a spectrum that extends beyond 800 nm (e.g. B. wavelengths> 800 nm such as a wavelength range between 800 nm and 1000 nm).
  • the individual features can also be features other than surface features, for example.
  • the individual features can be spectroscopic data about the object. For example se it can be in the object to precious stones, crude oil or Le benskar, of which z. B. by means of a detection device in the form of a spectroscope, a spectrum for the object or a predetermined position (z. B. a predetermined area and / or position) of the object is detected.
  • the individual features can be, for example, spectroscopic individual features.
  • the individual features can also be, for example, individual features of a noise signal that z. B. is detected by the detection device (z. B. an oscilloscope).
  • an object-specific noise signal or an object-specific signal e.g. a signal generator that generates an unchangeable specific signal that can be configured once, for example
  • an object-specific noise signal or an object-specific signal can be sent via an interface of the object.
  • this noise signal for example, the amplitude of the noise signal for certain resistances and / or attenuations can be recorded and / or taken into account.
  • a predetermined test signal can also be provided by the object, for example, and signal distortions for the individual features can be taken into account.
  • the detection device can send a test signal that z. B. is transmitted / sent by predetermined circuits of the object. For example, the object or the corresponding circuitry of the object generates a response that z.
  • the B. comprises the test signal, the response being transmitted to the detection device.
  • the individual influence of the circuits on the test signal is then recorded by the recording device as the individual features.
  • This individual influence can for example a distortion of the test signal.
  • the individual features can be, for example, individual electronic features.
  • the individual features can thus be, for example, individual surface features and / or individual spectroscopic features and / or individual electronic features.
  • the individual features can also be, for example, acoustic features, optoacoustic features or multisprectral optoacoustic features.
  • the corresponding individual features can, for example, be recorded in a reproducible manner for the object.
  • the individual features can also be referred to as object-specific features, for example) can also be, for example, a combination of the examples mentioned for individual features.
  • an object-specific characteristic can then be calculated, for example.
  • tolerance values for the individual features can be taken into account in order, for example, to generate a reproducible, object-specific characteristic for the object.
  • the object-specific characteristics are advantageous in order to compensate for measurement inaccuracies when recording the individual features, for example.
  • the mentioned data structure can be a message or a message can include the data structure where the message is to be stored or processed, for example, by a distributed database system or a network application, the distributed database system or the network application being, for example, a block chain and the data structure being a Transaction of the distributed database system (or network application) and the crypto graphic checksum is, for example, a transaction checksum.
  • the cryptographic checksum is appended to the data structure so that the integrity and / or origin and / or authenticity of the data structure and its association with the object can be checked.
  • the network application or a database can include, for example, a variety of reference values to which z. B. the corresponding (permitted) control functions (e.g. write functions and / or access restrictions) are assigned for a corresponding object. For example, by comparing and / or determining the test result based on the individual features with the reference value, it is identified which of the control functions are available or can be provided when the object is present.
  • control functions e.g. write functions and / or access restrictions
  • the access data can preferably be used for a limited time in order to ensure that this data is e.g. B. can not be used unnecessarily long in the absence of the property.
  • the device comprises, for example, a cryptography module, the cryptography module calculating, for example, a first cryptographic key on the basis of an object-specific characteristic and / or on the basis of the individual features.
  • the individual features are compared with the corresponding reference value, with the first cryptographic key and / or access data being released by the cryptography module if the reference value matches the individual features with sufficient accuracy.
  • the corresponding control functions can be accessed using the first cryptographic key and / or using the access data.
  • the first cryptographic key can be used to cryptographically sign a corresponding request message (e.g. implemented as a corresponding data record or data structure in a message). If z. B. a correctness of the corresponding digital signature could be confirmed by a check by means of a corresponding assigned further cryptographic key or assigned key material (z. B. provided by a trustworthy entity such as a trustworthy server or a certificate authority), z. B. provided the corresponding control functions or granted access to them.
  • a communication link is established between the object and / or the device.
  • a communication connection is set up between the object and / or a network application.
  • a communication connection is set up between the object and / or the device and / or a network application.
  • the communication connection is protected by means of cryptographic protection.
  • the cryptographic protection can be generated and / or checked and / or removed with the first cryptographic key.
  • the reference value is a reference hash value or an unambiguous (reference) identifier, for example the reference hash value or the unambiguous (reference) identifier being formed for one or the stored reference value.
  • the individual features are an object hash value or a unique (object) identifier, with, for example, the object hash value or the unique (object) identifier having been or will be formed when the individual features were recorded (e.g. based on the individual features recorded).
  • z. B. corresponding (cryptographic) functions can be used.
  • the reference value is established when the object is generated, the reference value being assigned to the object in particular when it is generated.
  • control functions allow access to a database or network application in order to exchange or synchronize data about the object in a data structure with the database or the network application.
  • control functions are corresponding control functions of the device and / or corresponding control functions of the object and / or corresponding control functions of a network application.
  • the network application or the distributed database system is, for example, a block chain, the device being designed, for example, as a node or oracle of the distributed database system or the network application, and the cryptographic checksum is, for example, a digital signature.
  • the device comprises, for example, a calculation module (120), wherein the calculation module (120) is set up, for example, to calculate an object-specific characteristic based on the individual features, the characteristic is calculated, for example, taking into account predetermined tolerance values of the individual features, for example the characteristic and / or the individual features are compared with the corresponding reference value , for example in the case of a sufficiently precise match between the reference value and the characteristics and / or the individual features, the first cryptographic key is released by the cryptography module.
  • the calculation module (120) is set up, for example, to calculate an object-specific characteristic based on the individual features, the characteristic is calculated, for example, taking into account predetermined tolerance values of the individual features, for example the characteristic and / or the individual features are compared with the corresponding reference value , for example in the case of a sufficiently precise match between the reference value and the characteristics and / or the individual features, the first cryptographic key is released by the cryptography module.
  • the device comprises, for example, a monitoring module, the monitoring module, for example, being set up to monitor the device and, in particular, to store information from the monitoring in a file or in a data structure. So that the operation of the device can be monitored and z. For example, it can be determined when changes have been made to a device (e.g. a software or firmware update has been imported) or when a device status of the device changes, e.g. B. has changed.
  • a monitoring module for example, being set up to monitor the device and, in particular, to store information from the monitoring in a file or in a data structure. So that the operation of the device can be monitored and z. For example, it can be determined when changes have been made to a device (e.g. a software or firmware update has been imported) or when a device status of the device changes, e.g. B. has changed.
  • the object and / or the device comprises an object data record, the object data record specifying the geometric locations and / or interfaces at which the recording device can record the individual features, the object data record, for example, the individual features and / or the object-specific characteristics in encrypted form, for example the encrypted the individual features and / or the object-specific characteristics Characteristic by means of the first cryptographic key, the object data set includes, for example, further object data, such as measured values of the object, measured values about the object, manufacturing details of the object, whereabouts of the object, the other object data, for example from sensors of the device for the object are detected, the sensors are, for example, a GPS module and / or temperature sensors and / or optical Sen sensors that detect, for example, corresponding properties of the object.
  • the device is advantageous in that it allows, for example, certain selected areas of the object or the interfaces to be defined via which the individual features can be recorded by the recording device.
  • the interfaces can be, for example, interfaces of the object if, for example, the object is an electronic component.
  • the object data set can be stored, for example, in a corresponding data structure and exchanged between the object and / or the device and / or the network application.
  • the property-specific characteristic is calculated taking into account given tolerance values of the individual features.
  • the device is advantageous to compensate for measurement inaccuracies when calculating the characteristic, for example, in order to calculate the object-specific characteristic for the correct object in a reproducible manner, if necessary.
  • the tolerance values can be selected such that in the case of spectroscopic individual features (also called spectral individual features) of an object, for. B. in the form of food, no first cryptographic key is provided (or no valid first cryptographic key graphic key can be provided) if the object or the food are no longer fresh enough.
  • the tolerance value for the spectrum of the surfaces of the bananas can be selected in such a way that if the bananas turn brown over a large area (e.g.
  • the corresponding tolerance values are then selected so that no first cryptographic key may be provided if the perishable goods have degenerated too much (e.g. the shelf life of food has expired or the food has spoiled)
  • an alternative cryptographic key can be provided if the tolerance values are exceeded, for example hand which can be traced at which point in the documentation of the transport of the object the tolerance values were exceeded.
  • a threshold value can be established, and if it is exceeded, in particular no corresponding valid first cryptographic key is provided or no valid cryptographic checksum is created.
  • a tolerance value correspond to a threshold value.
  • the first cryptographic key is calculated, for example, on the basis of the object-specific characteristics and / or the individual features and / or a character string.
  • the cryptographic checksum can be calculated instead of the first cryptographic key.
  • a predefined tolerance value is taken into account when comparing the individual features with the corresponding reference value.
  • the device is advantageous to take into account, for example, measurement inaccuracies when recording the individual features, in order to determine the individual features for the correct object, if necessary, in a reproducible manner.
  • the tolerance values can be selected in such a way that in the case of spectroscopic individual features (also called spectral individual features) of an object, for. B. in the form of food, no first cryptographic key be provided (or no valid first kryptographi cal key can be provided) if the object or the food are no longer fresh enough.
  • the tolerance value for the spectrum of the surfaces of the bananas can be selected in such a way that when the bananas are brown over a large area (e.g.
  • the shelf life of food has expired or the food has spoiled).
  • an alternative cryptographic key can be provided, which can be used to trace the point at which the tolerance values were exceeded in the documentation of the transport of the object.
  • a threshold value can be established which, when exceeded, in particular no corresponding valid first cryptographic key is provided or no valid cryptographic checksum is created.
  • a tolerance value correspond to a threshold value.
  • the object data set comprises data which indicate the geometric locations and / or interfaces at which the detection device can detect the individual features.
  • the device is advantageous in that it allows, for example, certain selected areas of the object or the interfaces to be defined via which the individual features can be recorded by the recording device.
  • the interfaces can be, for example, interfaces of the object if, for example, the object is an electronic component.
  • the object data set includes, for example, the individual features and / or the object-specific characteristics in encrypted form. rare form, where for example the encrypted individual features and / or the object-specific characteristics can be decrypted by means of the first cryptographic key.
  • the device is advantageous to the extent that, for example, the characteristics can be checked by a recipient (e.g. in the sense of a delivery of goods) in order to e.g. B. determine how much the individual features and / or the object-specific characteristics have varied during the processing of the object. This is relevant, for example, if the object was transported over a long transport route or several production steps were carried out in the manufacture of the object.
  • a data structure is created for the object and stored, for example, in a distributed database system (or in a network application) (as already explained above, for example).
  • the data structure can, for example, include additional information about the production step, production conditions (temperatures during production), tools used and materials used.
  • the data structure can, for example, contain information about the transport conditions (temperature for cold chains, position information, etc.). This additional information can be referred to as further object-related data, for example.
  • the object in the case of a transport, can be a transport container which comprises corresponding sensors and / or the device.
  • the transport container can be, for example, a transport container for milk, precious stones or other food / materials.
  • the transport container could, for example, comprise a device according to the invention and a corresponding detection device.
  • the object data set includes, for example, further object-related data, such as measured values of the object, measured values about the object, manufacturing details of the object, whereabouts of the Object, the other object data being recorded for example by sensors of the device for the object or by sensors of the object, the sensors being, for example, a GPS module and / or temperature sensors and / or optical sensors and / or acoustic sensors and / or optoacoustic sensors - Are table sensors that, for example, detect the corresponding properties of the object.
  • further object-related data such as measured values of the object, measured values about the object, manufacturing details of the object, whereabouts of the Object
  • the other object data being recorded for example by sensors of the device for the object or by sensors of the object, the sensors being, for example, a GPS module and / or temperature sensors and / or optical sensors and / or acoustic sensors and / or optoacoustic sensors - Are table sensors that, for example, detect the corresponding properties of the object.
  • the sensor values can be recorded during production or during transport of the object and z. B. in the distributed database system (or in the network werkap references) stored or processed (z. B. by control functions such. B. a service) (z. B. by means of the data structure, preferably in conjunction with the cryptographic checksum).
  • the invention relates to a computer-implemented method for granting access to control functions using an object with the following method steps:
  • the method comprises further method steps in order to implement the functional features or in order to implement further features of the device or its embodiments.
  • a computer program product with program commands for performing the above-mentioned methods according to the invention is claimed, whereby one of the methods according to the invention, all methods according to the invention or a combination of the methods according to the invention can be carried out by means of the computer program product.
  • a variant of the computer program product with program commands for configuring a creation device for example a 3D printer, a computer system or a manufacturing machine suitable for creating processors and / or devices, is claimed, the creation device being configured with the program commands in such a way that the aforementioned device according to the invention is created.
  • a provision device for storing and / or providing the computer program product.
  • the provision device is, for example, a data carrier that stores and / or provides the computer program product.
  • the provision device is, for example, a network service, a computer system, a server system, in particular a distributed computer system, a cloud-based computer system and / or virtual computer system, which the computer program product preferably stores and / or provides in the form of a data stream.
  • This provision takes place, for example, as a download in the form of a program data block and / or command data block, preferably as a file, in particular as a download file, or as a data stream, in particular as a download data stream, of the complete computer program product.
  • This provision can, for example, also take place as a partial download, which consists of several parts and, in particular, is downloaded via a peer-to-peer network or made available as a data stream.
  • Such a computer program product is read into a system in the form of the data carrier using the provision device, for example executes the program commands so that the method according to the invention is executed on a computer or the creation device is configured in such a way that it creates the device according to the invention.
  • FIG. 1 shows a first embodiment of the invention
  • Fig. 2 shows a further embodiment of the invention
  • the following exemplary embodiments have at least one processor and / or one memory unit in order to implement or carry out the method.
  • a combination of hardware (components) and software (components) according to the invention can occur in particular if some of the effects according to the invention are preferably exclusively through special hardware (e.g. a processor in the form of an ASIC or FPGA) and / or another part through the (processor- and / or memory-based) software is effected.
  • special hardware e.g. a processor in the form of an ASIC or FPGA
  • FIGS. 1 to 3 each show exemplary embodiments of the different aspects of the invention.
  • Fig. 1 shows a system that is used to store sensor data in a network application (z. B. a distributed database system) for example and / or to grant access to control functions based on an object.
  • the sensor data is, in particular, information about an object 0.
  • the control functions are Is it, for example, (digital) services that z. B. should be used by the property or the device.
  • the network application includes z. B. a database or a database that uses reference values and / or access data to identify and / or provide appropriate control functions on the basis of the object.
  • first node NI shows a first node NI, a second node N2, a third node N3 and a fourth node N4, which are the nodes of the network application BC (for example the distributed database system which is implemented, for example, as a block chain ) form, one of the nodes, e.g. B. the first node NI which comprises the device (according to the invention).
  • the nodes are z. B. connected to one another via a first communication network NW1.
  • FIG. 1 shows blocks B, for example a first block B1, a second block B2 and a third block B3, a network application BC, a section of the network application BC being shown here as an example.
  • the network application BC z. B. be implemented as a block chain or DLT.
  • the blocks B each include several transactions T.
  • the transactions T can include control transactions and / or confirmation transactions and / or a data structure and / or an object data record and / or recorded individual features.
  • the first block B1 includes, for example, a first transaction Tla, a second transaction Tlb, a third transaction Tic and a fourth transaction Tld.
  • the second block B2 comprises, for example, a fifth transaction T2a, a sixth transaction T2b, a seventh transaction T2c and an eighth transaction T2d.
  • the third block B3 comprises, for example, a ninth transaction T3a, a tenth transaction T3b, an eleventh transaction T3c and a twelfth transaction T3d.
  • the blocks B each also include one of the concatenation checksums CRC, which is formed as a function of the direct predecessor block.
  • the first block B1 thus comprises a first chaining checksum CRC1 from its predecessor block, the second block B2 a second chaining checksum CRC2 from the first block B1, and the third block B3 a third chaining checksum CRC3 from the second block B2.
  • the respective chaining checksum CRC1, CRC2, CRC3 is preferably formed using the block header of the corresponding preceding block.
  • the concatenation checksums CRC can preferably be formed using a cryptographic hash function such as SHA-256, KECCAK-256 or SHA-3.
  • the chaining checksum can also be calculated using the data block checksum or the header includes the data block checksum (the data block checksum is explained below).
  • each of the blocks can include a data block checksum. This can be implemented, for example, using a hash tree.
  • a transaction checksum (e.g. also a hash value) is calculated for each transaction of a data (block).
  • a transaction checksum which was preferably created by the creator of the transaction when creating the transaction, can be used for this purpose.
  • a Merkle Tree or Patricia Tree is used, whose root hash value / root checksum is preferably stored as corresponding data block checksum in the respective blocks.
  • the data block checksum is used as a concatenation checksum.
  • a block can furthermore have a time stamp, a digital signature, a proof-of-work evidence, as was explained in the embodiments of the invention.
  • the network application or the BC block chain itself is implemented using a block chain infrastructure with several block chain nodes (nodes NI, N2, N3, N4 and other blocks).
  • the nodes can be, for example, block chain oracles or trusted nodes.
  • the nodes are communicatively connected to one another via the network NW1 (for example a communication network such as the Internet or an Ethernet network).
  • NW1 for example a communication network such as the Internet or an Ethernet network.
  • the device can be, for example, as a component of the network application or in variants of a communication infrastructure (e.g. a peer-2-peer system, a distributed communication infrastructure).
  • the device can, for example, communicate with other devices or databases or systems or distributed database systems by means of the network application or, in variants, communicate with one another by means of a communication infrastructure (e.g. a peer-2-peer system, a distributed communication infrastructure).
  • the nodes of the network application can each additionally comprise, for example, one or more additional components, such as a processor, a storage unit , other communication interfaces (e.g. Ethernet, WLAN, USB, fieldbus, PCI), an input device, in particular a computer keyboard or a computer mouse, and a display device (for example a monitor).
  • a processor can, for example, comprise several further processors which can be used in particular to implement further exemplary embodiments.
  • Fig. 2 shows an example of a further embodiment, for example, the functioning of the device (according to the invention).
  • the device can also be referred to as a device, for example.
  • FIG. 2 shows in detail a device 100 (according to the invention) for granting access to control functions on the basis of an object, the control functions being, for example, functions of a network application, the device or the object 0.
  • a node from FIG. 1 can e.g. B. comprise the device 100 or be designed as the device 100 or a node from FIG. 1 is connected to the device 100 via a data line or a communication network.
  • the device 100 For granting access to control functions on the basis of an object, the device 100 comprises a detection module 110, a checking module 120, a control module 130 and a communication module (e.g. a network interface) 101, which are connected via a bus (e.g. a PCI Bus, CAN bus, USB or data line) 102 are communicatively connected to one another.
  • a bus e.g. a PCI Bus, CAN bus, USB or data line
  • the device 100 optionally includes a processor and / or a cryptography module and / or a calculation module and / or a protection module, which may or may not be available via the bus (e.g.
  • a PCI bus, CAN bus, USB or data line are also communicatively connected to one another.
  • the acquisition module 110 is for acquiring individual features M (these individual features can also be used, for example, as object-specific features are designated) of the object 0 set up by means of a detection device A.
  • the recording device A is connected to the recording device A via a data connection (wireless or wired) (e.g. with USB, LAN, W-LAN, Bluetooth, Firewire) C.
  • the detection device A detects / measures surface unevenness as individual features for the object 0 by means of a scanning beam and transmits (Sil) the individual features to the detection module 110.
  • the checking module 120 is set up to calculate a checking result based on a comparison of the individual features with a reference value.
  • the control module 130 is set up to grant access to the control functions, the access to the control functions taking place as a function of the test result (S1) if the test result confirms a sufficiently precise correspondence of the reference value with the individual features.
  • the control functions F are, for example, (digital) services that z. B. should be taken from the object or the device in claim men.
  • the checking module 120 and / or the control module 130 are used, for example, to identify which control functions are relevant for the object 0 or should be used on the basis of the object.
  • the object 0 or the device or a user of the device sends a request for corresponding control functions to the device (or a network application) via a corresponding communication connection.
  • the device can, for. B. identify the relevant control functions.
  • a network application e.g. the network application from FIG. 1 or a cloud CL
  • a database can include, for example, a large number of reference values.
  • the corresponding (permitted) control functions e.g. write functions and / or access restrictions
  • the corresponding control functions are assigned for a corresponding object. For example, by comparing and determining the test result on the basis of the individual features with the reference value, it is identified which of the control functions are available or can be provided when the object is present.
  • the corresponding control functions by ei ne request that z. B. by the object or by the device or by a user, identified or selected.
  • the access data can preferably be used for a limited time in order to ensure that this data is e.g. B. can not be used unnecessarily long in the absence of the property.
  • test result confirms, for example, a sufficiently precise correspondence between the reference value and the individual features.
  • test result is negative - sufficient correspondence between the reference value and the individual characteristics is not confirmed - access to the control functions is prevented or not granted.
  • the reference value can, for example, be a key for an entry in an assignment table (e.g. hash table) or a database, whereby for a key or reference corresponding information or a data set is stored with corresponding information indicating which control functions are available for the corresponding reference value.
  • an assignment table e.g. hash table
  • a database whereby for a key or reference corresponding information or a data set is stored with corresponding information indicating which control functions are available for the corresponding reference value.
  • no entry can be identified or assigned net
  • no corresponding control functions are identified, for example, and it can, for. B. an error message can be issued.
  • control functions to which access is to be granted can, for. B. can be identified via the in dividual features and / or the reference value and / or via a request (z. B. by the object, by a user of the device or by the device itself).
  • a request z. B. by the object, by a user of the device or by the device itself.
  • control functions Fl-F3 control functions
  • tolerance values can be taken into account, for example, in order to B. Measurement inaccuracies of the detection device A to be taken into account.
  • z. B. Analogously to the recorded individual features, z. B. the reference value is also available as a hash value, the z. B. was calculated by means of a one-way function.
  • the communication with the object 0 and / or the cloud CL and / or the network application and / or the database preferably takes place via the communication module (e.g. a network interface) 101.
  • the communication module e.g. a network interface
  • control functions can allow access to the network application (e.g. the cloud CL) in order to exchange or synchronize data about the object in a data structure with the database or the network application.
  • corresponding control functions F of the cloud CL can be used to z. B. to save the corresponding data (e.g. status data about the object or measurement data about the object) in the cloud or at another location.
  • maintenance work on object 0 can be carried out using the control functions be by z. B. a firmware update or a software update or an update of configuration files or an update of access authorizations for the object is carried out by a corresponding control function of the control functions.
  • parts of a technical system for object 0 can be controlled via the control functions.
  • This can be, for example, controlling a conveyor belt so that object 0 (e.g. a melting furnace) is supplied with material for melting down or object 0 (e.g. a production robot) is supplied with the next part to be produced.
  • object 0 e.g. a melting furnace
  • object 0 e.g. a production robot
  • control functions can be implemented, for example, as a smart contract for the network application.
  • the optional calculation module is set up to calculate an object-specific characteristic based on the individual features M.
  • tolerance values can be taken into account, for example, in order to B. Measurement inaccuracies of the detection device A to be taken into account in the determination of the first cryptographic key mentioned below.
  • the calculation module can, for example, be dispensed with in implementation variants in which the cryptographic key is provided on the basis of the individual features.
  • the optional cryptography module is designed to provide a first cryptographic key on the basis of the individual features and / or the object-specific characteristics.
  • the optional cryptography module can, for example, calculate a first cryptographic key on the basis of an object-specific characteristic and / or on the basis of the individual features.
  • the individual features are compared with the corresponding reference value (e.g. by the cryptography module), with the first cryptographic key and / or access data being released by the cryptography module or control module if the reference value matches the individual features with sufficient accuracy will.
  • control functions are accessed using the first cryptographic key and / or by means of the access data.
  • Preventing access to the control functions can e.g. B. can be realized by un terbinden the access to the first cryptographic key and / or to the access data.
  • the provision of the first cryptographic key or the access data can be implemented in different ways, for example.
  • the individual features and / or the object-specific characteristic can be compared with reference values or a reference value, in which case, for example, corresponding tolerance values are taken into account. If the fabricat len features and / or the object-specific characteristic match the reference value (z. B. after taking into account the tolerance values), then the first cryptographic key and / or the access data z. B. loaded from a secure spei cher.
  • the reference value can be recorded or stored, for example, during an initialization phase and / or installation phase of the device. The initialization phase and / or installation phase for the device can preferably only be carried out once.
  • the first cryptographic key or the access data is calculated on the basis of the individual features and / or the object-specific characteristics by the individual visual features and / or the property-specific characteristics can be used as input data for a key derivation function. Additional data can also be used here (e.g. a stored user name).
  • a character string e.g. a secret password
  • PBKDF2 key derivation function
  • the communication connection is protected by means of cryptographic protection.
  • the cryptographic protection can be generated and / or checked and / or removed with the first cryptographic key and / or the access data.
  • the communication link can be a secure communication link in which the object 0 and the cloud CL each require a cryptographic key in order to establish the secure communication link.
  • the reference value or the reference values or a value derived therefrom can serve as a cryptographic key for the secure communication connection for the cloud CL (or the network application).
  • z. B corresponding reference values managed by the cloud CL or by the network application.
  • the individual features or a value derived therefrom can serve as a cryptographic key or as access data for the secure communication connection for object 0.
  • a data structure can be used which is protected by means of a cryptographic checksum.
  • the data structure and the cryptographic checksum are stored, for example, in a data record, the data record being stored, for example, as a transaction in the distributed database system or the network application.
  • the transaction can include an additional checksum (z. B. a transaction checksum), which z. B. by means of a cryptographic key (z. B.
  • the entity can be, for example, an operator of a measuring station or processing station that controls, processes or manages the object 0.
  • the data record can, for example, also be a message or a transaction, depending on the implementation.
  • the data structure can e.g. B. also correspond to the data record if z. B. the data structure comprises a data field to store the cryptographic checksum or the cryptographic checksum of the data struc ture is appended.
  • the data structure and / or the data record can be stored or included in a message or a transaction.
  • the data structure and / or the data record can be a message or a transaction.
  • the optional protection module is set up for cryptographic protection of the data structure using the cryptographic checksum, the protection module calculating the cryptographic checksum using the first cryptographic key.
  • the cryptographic checksum can be calculated, for example, with a keyed hash message authentication code (HMAC, e.g. using MD5, SHA1, SHA256).
  • HMAC keyed hash message authentication code
  • the cryptographic checksum can be implemented as a digital signature or as a digital certificate, with Depending on the cryptographic method used (symmetrical or asymmetrical method), the first cryptographic key functions, for example, as a private key in order to generate the digital signature.
  • the public key is derived from the first cryptographic key and provided by a trustworthy entity (e.g.
  • a checking authority for example, can access the corresponding key in variants.
  • the private key e.g. B. have been generated and z. B. been stored in a memory of the cryptography module, for example, the corresponding individual features of the object can be changed or made unusable so that the first cryptographic key can no longer be derived. This can be done, for example, by polishing the corresponding position on the surface of the object in the case of surface features, washing colors / particles from the object (e.g. using solvents) or additionally applying colors / particles to the object in order to remove the to make corresponding individual characteristics unusable or to change.
  • the individual features are made unusable in such a way that the first cryptographic key can no longer be calculated directly from them, but the object-specific characteristic can still be calculated using the changed individual features, taking tolerance values into account to z.
  • B. provide or calculate the public key through the cryptography module.
  • the public key can be a (digital) fingerprint, the digital fingerprint being formed on the basis of the individual features.
  • the individual features e.g. surface unevenness, a dye with a specific spectrum that, for example, decays after a specified time, in particular to encode a shelf life
  • This fingerprint or the individual features cannot be determined / readable, for example, with the naked eye and / or without knowledge of the type and position, or can only be determined with considerable technical effort.
  • the information (e.g. the object data record) to record the individual features can be stored in a protected memory of the device so that this information cannot be accessed by unauthorized persons.
  • the incorporated fingerprint / individual features can be, for example, surface irregularities that are generated during the manufacture of the object or the further processing of the object.
  • the fingerprint can be implemented by applying colors or particles, with the colors or particles being applied in such a way that an individual spectrum is generated for the object.
  • different colors / particles can be distributed over the surface of the object, so that, for example, a geometric spectrum is generated so that z.
  • a predetermined spectrum can be measured at certain positions of the object.
  • the spectrum or the colors / particles are selected, for example, in such a way that they are not in the spectrum that is visible to the human eye. This can, for example, be a spectrum that lies beyond 800 nm.
  • tolerance values is e.g. B. to that effect, for example, to take into account (or compensate) measurement inaccuracies when calculating the characteristic or capturing the individual features, in order to reproducibly calculate the object-individual characteristic or the individual features for the correct object, if necessary.
  • the tolerance values can be selected in such a way that in the case of spectroscopic individual characteristics of an object z. B. in the form of food, no first cryptographic key is provided (or no valid first cryptographic key can be provided) if the object or the food are no longer fresh enough. If, for example, the object is bananas, the tolerance value for the spectrum of the surfaces of the bananas can be selected in such a way that if the bananas are brown over a large area, no first cryptographic key is provided for these bananas (or no valid first one cryptographic key can be provided) or is generated.
  • the bananas or a banana delivery with these bananas at a transport point or at an intermediary can no longer be confirmed / stored as "fresh" in a supply chain by means of a message with the data structure or the data structure in the distributed database system
  • other objects in the form of perishable goods can be monitored by means of messages / data structures in a distributed database system B. have degenerated too much (e.g. the shelf life of food has expired or the food has spoiled)
  • an alternative cryptographic key can be provided, which can be used to reconstruct which point in the documentation of the transport of the object the tolerance values were exceeded.
  • the specified tolerance values can be used not only for the object-specific characteristics, but they can also be used when the first cryptographic key is to be provided on the basis of the individual features. This may be necessary, for example, if the individual characteristics (which can also be referred to as object-specific characteristics) with a reference renzwert should be compared in order to release the first cryptographic key in the event of a corresponding match or the individual features should serve as input parameters for a key derivation function and z.
  • object-specific characteristics which can also be referred to as object-specific characteristics
  • a reference renzwert should be compared in order to release the first cryptographic key in the event of a corresponding match
  • the individual features should serve as input parameters for a key derivation function and z.
  • the invention can be used advantageously, for example, in supply chain management or when monitoring a supply chain.
  • objects e.g. goods such as food, electronic components, precious parts, etc.
  • object-related data from the different entities e.g. manufacturers, several logistics companies, sales, buyers
  • the invention is particularly advantageous if the entities involved do not trust each other, since the corresponding data z. B. are protected ity by the cryptographic checksum and / or a checksum of a corresponding Enti.
  • the device can, for example, be part of a transport container to, for. B. to transport food such as bananas or milk or there are several Gleicharti ge devices at the different points of processing / processing of the object or the times when this occurs.
  • object-specific data e.g. what type of object it is, type, manufacturer, unique identifier / UID, etc., time of arrival at the logistics company
  • object data record or documentation data record can then, for. B. for saving in the network application in the data Structure are saved and as already explained z. B. be protected with the cryptographic checksum by the first cryptographic key is provided in accordance with the explanations.
  • a corresponding object in particular a physical object, can be more closely linked by means of the “digital world.” For example, if the object is transported too long or is being processed / Processing / transport changed in such a way that, for example, the corresponding tolerance values are no longer adhered to, the exceeding of the tolerance values or improper handling of the object can be proven without gaps was exchanged, which is relevant, for example, in the case of counterfeit products.
  • the object were to be exchanged for a counterfeit object, the corresponding individual characteristics would change.
  • This can be relevant for medicine products, for example, to find out whether it is z. B. a silicone implant is actually a manufacturer's silicone implant and not an implant that has been counterfeited.
  • the corresponding data for the object is written into the distributed database system according to one of the above-mentioned variants.
  • Logistics companies, sales companies and clinics that transport, trade and implant the object document the relevant processing steps, times and other relevant data (information on the respective entity) carried out by them in accordance with the procedure mentioned.
  • the individual features of an implant can be, for example, surface features of the implant (e.g.
  • silicone cushion it can be, for example Even with the individual characteristics, a measured spectrum of the content (silicone) of the silicone cushion is involved.
  • the invention is not limited only to silicone pads. Other implants with other fillings can also be checked. It is also possible to determine the authenticity of other medical products such as drugs (e.g. using spectra) or medical devices such as MRIs, CTs and their electronic components (e.g. using test signals or noise signals).
  • the device can also use different individual features, the individual features preferably encoding a predetermined key (e.g. as a fingerprint).
  • a predetermined key e.g. as a fingerprint
  • the different individual features are then z. B. at different, preferably randomly selected, positions on the object. If necessary, these positions can be saved in an object data record.
  • the individual features cannot be determined randomly, but rather are in a known / assigned position for a corresponding object (e.g. on the base of the object or on uneven areas of a workpiece).
  • Fig. 3 shows a further embodiment of the inven tion, which is shown as a flow chart for a method.
  • the method is preferably implemented in a computer-implemented manner.
  • the method comprises a first method step 310 for capturing individual features of an object by means of a capturing device.
  • the method comprises a second method step 320 for calculating a test result based on a comparison of the individual features with a reference value.
  • the method comprises a third method step 330 for granting access to control functions, the control functions being accessed depending on the test result if the test result confirms a sufficiently precise match of the reference value with the individual features.
  • Another embodiment of the invention which is not shown in a figure, relates to a method for computer-aided checking of a cryptographic checksum.
  • the invention relates to an ecosystem of devices that interact with one another autonomously by means of a block chain or network application.
  • security-protected data processing of sensor data or measurement data for an object is implemented by means of the invention with a distributed infrastructure (e.g. the network application).
  • Areas of application are supply chain scenarios or industrial control applications of block chains.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

L'invention concerne un écosystème d'appareils interagissant les uns avec les autres de façon autonome au moyen d'une chaîne de blocs ou d'une application réseau. L'invention permet notamment d'effectuer, au moyen d'une infrastructure distribuée, un traitement sécurisé de données de capteur ou de données de mesure pour un objet. Les domaines d'application sont des scénarios de chaîne d'approvisionnement ou des applications de commande industrielles de chaînes de blocs.
EP21739571.4A 2020-06-30 2021-06-21 Dispositifs, procédé mis en oeuvre par ordinateur et produit-programme informatique pour donner accès à une fonction de commande sur la base d'un objet Pending EP4128656A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
EP20183046.0A EP3934195A1 (fr) 2020-06-30 2020-06-30 Appareils, procédé mis en oeuvre par ordinateur et produit-programme d'ordinateur de fourniture d'accès à une fonction de commande à l'aide d'un objet
PCT/EP2021/066808 WO2022002663A1 (fr) 2020-06-30 2021-06-21 Dispositifs, procédé mis en oeuvre par ordinateur et produit-programme informatique pour donner accès à une fonction de commande sur la base d'un objet

Publications (1)

Publication Number Publication Date
EP4128656A1 true EP4128656A1 (fr) 2023-02-08

Family

ID=71409119

Family Applications (2)

Application Number Title Priority Date Filing Date
EP20183046.0A Withdrawn EP3934195A1 (fr) 2020-06-30 2020-06-30 Appareils, procédé mis en oeuvre par ordinateur et produit-programme d'ordinateur de fourniture d'accès à une fonction de commande à l'aide d'un objet
EP21739571.4A Pending EP4128656A1 (fr) 2020-06-30 2021-06-21 Dispositifs, procédé mis en oeuvre par ordinateur et produit-programme informatique pour donner accès à une fonction de commande sur la base d'un objet

Family Applications Before (1)

Application Number Title Priority Date Filing Date
EP20183046.0A Withdrawn EP3934195A1 (fr) 2020-06-30 2020-06-30 Appareils, procédé mis en oeuvre par ordinateur et produit-programme d'ordinateur de fourniture d'accès à une fonction de commande à l'aide d'un objet

Country Status (4)

Country Link
US (1) US20230254156A1 (fr)
EP (2) EP3934195A1 (fr)
CN (1) CN115943605A (fr)
WO (1) WO2022002663A1 (fr)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111930852B (zh) * 2020-09-29 2022-03-25 北京百度网讯科技有限公司 基于区块链的数据处理方法、装置、设备以及存储介质
CN117478706B (zh) * 2023-12-27 2024-03-08 西安捷成优禾智能科技有限公司 一种基于区块链的机加工平台数据共享系统

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11716211B2 (en) * 2016-10-01 2023-08-01 James L. Schmeling 3D-printed packaging with blockchain integration
EP3435272B1 (fr) * 2017-07-27 2020-11-04 Siemens Aktiengesellschaft Procédé et dispositif d'identification d'une pièce d'usinage produite par fabrication additive
EP3667597A1 (fr) * 2018-12-13 2020-06-17 Siemens Aktiengesellschaft Procédé de détermination d'une identité d'un produit au moyen de la détection d'une caractéristique visible optiquement et d'une caractéristique invisible ainsi que système d'identification

Also Published As

Publication number Publication date
WO2022002663A1 (fr) 2022-01-06
EP3934195A1 (fr) 2022-01-05
US20230254156A1 (en) 2023-08-10
CN115943605A (zh) 2023-04-07

Similar Documents

Publication Publication Date Title
EP3683713B1 (fr) Procédé, dispositifs et système de fourniture sécurisée des ensembles de données
EP3673623B1 (fr) Procédé et système de contrôle pour le contrôle et/ou la surveillance d'appareils
EP3777088B1 (fr) Procédé et système de commande d'une libération d'une ressource
EP3595267B1 (fr) Procédé, dispositifs et système d'échange de données entre un système de banque de données distribué et appareils
EP4128656A1 (fr) Dispositifs, procédé mis en oeuvre par ordinateur et produit-programme informatique pour donner accès à une fonction de commande sur la base d'un objet
EP3763089B1 (fr) Procédé et système de contrôle pour le contrôle et/ou la surveillance d'appareils
EP3667597A1 (fr) Procédé de détermination d'une identité d'un produit au moyen de la détection d'une caractéristique visible optiquement et d'une caractéristique invisible ainsi que système d'identification
EP3413254A1 (fr) Procédé et dispositif destinés à fournir un mot de passe à usage unique
WO2019081434A1 (fr) Procédé et système de commande destinés à la commande et/ou à la surveillance d'appareils
EP3718263B1 (fr) Procédé et système de contrôle pour le contrôle et/ou la surveillance d'appareils
EP3617926B1 (fr) Dispositif et procédé de formation de blocs, dispositif noeud et procédé de confirmation de blocs
WO2022022992A1 (fr) Commande de processus basée sur un jumeau numérique dans un réseau ido
WO2020207717A1 (fr) Procédé et système de commande pour la commande d'une exécution de transactions
EP3714575B1 (fr) Procédé et système de contrôle pour le contrôle et/ou la surveillance d'appareils
EP3958071A1 (fr) Systèmes et procédé de certification numérique des données utiles d'une installation d'automatisation
WO2020043588A1 (fr) Dispositif et procédé pour déterminer une version de consensus d'un livre de transaction et dispositif et procédé pour surveiller un système de base de données réparties
WO2022002696A1 (fr) Dispositifs, procédé mis en œuvre par ordinateur et produit programme informatique pour identifier un jumeau numérique d'un objet
WO2022002790A1 (fr) Dispositifs, procédé mis en œuvre par ordinateur et produit de programme informatique pour exécuter des instructions de programmation sur la base d'un objet
WO2018215148A1 (fr) Procédé et dispositif de traitement assisté par ordinateur d'une configuration binaire aléatoire
EP3945480A1 (fr) Système, appareil et procédé d'exécution des commandes de programme pour une ressource
EP3787251A1 (fr) Procédé, dispositif de communication et application réseau destinés à la transmission protégée d'un ensemble de données
EP4009207A1 (fr) Contrôle d'accès à un appareil basé sur une caractéristique discriminante
EP3829103A1 (fr) Dispositif et procédé de formation de blocs de données
EP3817315A1 (fr) Dispositif de vérification, dispositif et procédé de validation de transactions
WO2020193044A1 (fr) Procédé et système de commande pour la commande d'une exécution de transactions

Legal Events

Date Code Title Description
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: UNKNOWN

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE

PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE

17P Request for examination filed

Effective date: 20221031

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

DAV Request for validation of the european patent (deleted)
DAX Request for extension of the european patent (deleted)