EP4276045A1 - Procédé et système d'authentification pour le contrôle d'accès d'une interface destinés à la maintenance d'un dispositif de transport de personnes - Google Patents

Procédé et système d'authentification pour le contrôle d'accès d'une interface destinés à la maintenance d'un dispositif de transport de personnes Download PDF

Info

Publication number
EP4276045A1
EP4276045A1 EP22172517.9A EP22172517A EP4276045A1 EP 4276045 A1 EP4276045 A1 EP 4276045A1 EP 22172517 A EP22172517 A EP 22172517A EP 4276045 A1 EP4276045 A1 EP 4276045A1
Authority
EP
European Patent Office
Prior art keywords
authentication
indicator
token
interface
authorization
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
EP22172517.9A
Other languages
German (de)
English (en)
Inventor
Claudio COLOMBANO
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Inventio AG
Original Assignee
Inventio AG
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Inventio AG filed Critical Inventio AG
Priority to EP22172517.9A priority Critical patent/EP4276045A1/fr
Publication of EP4276045A1 publication Critical patent/EP4276045A1/fr
Pending legal-status Critical Current

Links

Images

Classifications

    • BPERFORMING OPERATIONS; TRANSPORTING
    • B66HOISTING; LIFTING; HAULING
    • B66BELEVATORS; ESCALATORS OR MOVING WALKWAYS
    • B66B5/00Applications of checking, fault-correcting, or safety devices in elevators
    • B66B5/0087Devices facilitating maintenance, repair or inspection tasks

Definitions

  • a method for access control of an interface for servicing a passenger transport device in the form of an elevator, moving walkway or escalator is described.
  • An identification indicator associated with the interface is provided for identifying the interface.
  • the method involves submitting a request to an authentication infrastructure using a communication device.
  • the request includes an identification token.
  • the identification token is created based on the identification indicator.
  • the method further includes processing the request with the authentication infrastructure, transmitting an authentication token to the communication device through the authentication infrastructure, and transmitting an authorization token to the interface through the authentication infrastructure.
  • the authorization token includes the authentication token.
  • the method involves rendering an authentication indicator with the communication device.
  • the authentication indicator is created based on the authentication token.
  • the method includes entering the authentication indicator at an input device of the interface and checking the authentication indicator with the interface. Verifying the authentication indicator includes comparing the authentication indicator with the authorization token, and selecting an authorization level based on the authorization token.
  • the method involves changing the interface to a maintenance mode based on the reconciliation and authorization level.
  • an authentication system for access control of an interface for servicing a passenger transport device in the form of an elevator, moving walkway or escalator.
  • the authentication system includes a communication device, the interface and an authentication infrastructure.
  • the interface includes an identification indicator associated with the interface for identifying the interface, as well as an input device for entering an authentication indicator at an input device of the interface.
  • the interface is set up to receive an authorization token from the authentication infrastructure, to check the authentication indicator, the verification comprising a comparison of the authentication indicator with the authorization token and a selection of an authorization level based on the authorization token, and to switch to a maintenance mode based on the comparison and the authorization level.
  • the communication device is set up to do this Read the identification indicator and generate a request.
  • the request includes an identification token.
  • the identification token is created based on the identification indicator.
  • the communication device is set up to transmit the request to the authentication infrastructure, to receive an authentication token from the authentication infrastructure, to generate an authentication indicator based on the authentication token, and to reproduce the authentication indicator.
  • the authentication infrastructure is set up to receive the request from the communication system, to generate the authentication token based on the identification token and to transmit the authentication token to the communication device, to generate the authorization token, the authorization token being Token includes the authentication token and the authorization token to transmit to the interface.
  • a computer program product for execution on an interface for maintaining a passenger transport device in the form of an elevator, moving walkway or escalator.
  • the computer program product includes commands that, when the program is executed through the interface, cause it to perform the following steps: receiving an authorization token from an authentication infrastructure, verifying an entered authentication indicator, the verification including a comparison of the authentication indicator with the authorization token and a selection of an authorization level based on the authorization token, and switching to a maintenance mode based on the comparison and the authorization level.
  • an interface can be an interface of a monitoring and/or control component (“component”) of a passenger transport device, for example a controller or a security module.
  • the interface can be separate or separable from the component.
  • the interface can be integrated into the component.
  • the component can include the interface, for example the interface can be provided in a common housing or on a common board of the component.
  • the component and the interface can be an embedded system. Functions of the interface, in particular the functions described herein, can be at least partially implemented in the component or carried out by it become.
  • the interface includes an input device, for example one or more buttons, a keypad, a keyboard, a touch screen, a jog dial or the like.
  • the input device is suitable for entering an authentication indicator, for example in the form of a password in the form of a character string, digit sequence, symbol sequence, or another embodiment of a clearly identifiable sequence of inputs, for example a sequence of directions of rotation and clicks of the jog dial.
  • the interface can comprise an output device, in particular a display device, for example a display, one or more indicator lights, and/or acoustic signal generators.
  • the output device can, for example, output the result of the access control, e.g. “Access granted” or “Access not granted”, and, for example, menu control, output or maintenance functions of the component can be made available to the user.
  • a communication device can be a portable device that can be clearly assigned to a user at least temporarily, for example through ownership or sole access by the user. Due to the clear assignability, the intended authorization level of the user can be achieved for each user by setting up the communication device.
  • Suitable communication devices include password generators with communication function, portable computers such as laptops, tablets and/or smartwatches.
  • the communication device can in particular be a smartphone.
  • the communication device may be capable of carrying out the functions described herein, for example by executing a program or software (“app”).
  • the communication device is suitable for displaying an authentication indicator.
  • the communication device for playback includes a display that is suitable for displaying the authentication indicator, and/or another output device, for example acoustic signal generators.
  • the communication device is suitable for reading an identification indicator. Reading in the identification indicator can advantageously involve reading in, for example, an optical code with an optical sensor Communication device include, but in embodiments an identification indicator can also be entered manually, for example via an input device of the communication device, such as a keypad or a touchscreen.
  • the communication device, the authentication infrastructure and the interface are set up for communication or include a communication function, i.e. are communicatively connected, in particular for the exchange of data or data packets, the data in particular being the tokens described herein (identification tokens, authentication tokens, authorization tokens).
  • the communication device and the authentication infrastructure can send and receive data between each other.
  • the interface and the authentication infrastructure can be communicatively connected in such a way that data can be transmitted from the authentication infrastructure to the interface and the data can be received by the interface.
  • entering the authentication indicator on an input device of the interface is not understood as a communicative connection for the exchange of data.
  • the exchange of data can correspond to Internet-of-Things communication (IoT), in particular secure communication can be provided, for example by encrypting the data, for example by end-to-end encryption and / or certificate-based authentication.
  • IoT Internet-of-Things communication
  • Possible security standards include Standard Trusted Network Connect and Mutual Authentication.
  • the communication device, the authentication infrastructure and the interface each include at least one network module for exchanging the Data.
  • the network modules can, for example, include network adapters and be intended for connection to a data network and/or communication network.
  • the data network can be set up to enable communication between the communication device, the interface and the authentication infrastructure.
  • the network modules can be intended for wireless or wired communication.
  • the network modules can enable a communicative connection with a packet-based data network, for example a local network and/or the Internet.
  • the authentication infrastructure can advantageously be connected to the Internet via a network module.
  • the interface can advantageously be connected via a network module to a local data network, for example a data network provided for the passenger transport device, wherein the passenger transport device can comprise an edge device , for example a gateway for connecting the local data network to the Internet, via which data transmission between the interface and the Internet is possible.
  • the interface and/or the communication device can, in particular for connection to the Internet, comprise a network module for communication with a wireless network, for example a W-LAN interface, a mobile radio interface such as a 2G, 3G, 4G, LTE and/or 5G interface, for communicating with a wireless network or cellular network.
  • a connection to the Internet may be possible via the wireless network and/or the cellular network.
  • an identification indicator includes information identifying the interface.
  • the identification indicator can, for example, contain information that enables the interface to be uniquely identified, for example a serial number of the passenger transport device and/or the interface, a previously assigned random value, a MAC address of the interface or a value set for the interface.
  • the identification indicator may be visible, particularly to maintenance personnel located near the passenger transportation facility maintenance interface.
  • the identification indicator can be read without authorization or even without access to the interface, for example without switching the interface to maintenance mode.
  • the identification indicator may be displayed on a display of the interface, for example.
  • the identification indicator can be in spatial proximity to the interface, for example on a housing part of the interface, and / or for example in or on a control cabinet in which the interface is located, for example by attaching a label, for example a printed product, for example a sticker.
  • the identification indicator may comprise a character string, for example a human-readable character string that is readable by, for example, a maintenance mechanic and inputtable into the communication device.
  • the identification indicator may, alternatively or additionally, be provided in machine-readable form.
  • the identification indicator can be provided in an optically detectable form, for example in the form of a bar code or matrix code.
  • the identification indicator can include a visible identification in the form of a QR code. Other visible markings or codes include DataMatrix, MaxiCode, Azetc code, JAB code, Han-Xin code, Dotcode and other optoelectronic readable fonts.
  • the communication device is set up to read the identification indicator.
  • Reading the identification indicator may include human input.
  • the reading can advantageously include the optical detection of a visible marking of the identification indicator.
  • the communication device can include an optical sensor, for example a camera or a camera scanner, for detecting the visible identification and can be set up for decoding the visible identification in order to derive the identification indicator from the visible identification.
  • an app can be provided for decoding.
  • the communication device is configured to generate a request and transmit the request to an authentication infrastructure.
  • the method described herein includes submitting the request to the authentication infrastructure.
  • the transmission can take place via the communicative connections described herein.
  • the transmission can take place via the Internet.
  • the request includes an identification token.
  • the identification token is created based on the identification indicator.
  • the identification token may include the identification indicator so that the interface is uniquely identifiable to the authentication infrastructure based on the identification indicator.
  • an authentication infrastructure is described.
  • the authentication infrastructure is set up to receive the request from the communication system.
  • the method described herein includes processing the request.
  • the authentication infrastructure is set up, in particular to process the request, to generate an authentication token based on the identification token and to generate an authorization token.
  • the authorization token includes the authentication token.
  • the authorization token is identical to the authentication token.
  • the authorization token includes additional information, in particular information on the basis of which an authorization level can be selected, such as the authorization indicator described below or information derived from the authorization indicator.
  • the authentication infrastructure is set up to transmit the authentication token to the communication device and to transmit the authorization token to the interface as a result of processing the request.
  • the transmission can take place via the communicative connections described herein. In particular, the transmission can take place via the Internet.
  • the change of the interface to a maintenance mode takes place on the basis of a comparison of the authentication indicator with the authorization token, as well as a selection of an authorization level based on the authorization token and/or the comparison.
  • an authentication indicator that does not match the authorization token may indicate a non-authorization authorization level.
  • an authentication indicator for which the comparison with the authorization token results in a match may mean one of a plurality of authorization levels.
  • a successful comparison of the authentication indicator with the authorization token can directly mean the assignment of an authorization level, for example full access.
  • the authorization indicator can include information about the intended authorization level, so that the interface switches to the maintenance level specified by the authorization token.
  • Possible permission levels derived from the permission token can be derived, for example, do not include any authorization, for example if no authorization is provided for the communication device.
  • the maintenance level may correspond approximately to the state that the interface has when no authorization is present.
  • maintenance levels with partial authorizations such as limited access rights, such as exclusive read authorization, or full access rights, such as write/read authorization, can be provided.
  • separate authorizations can be assigned for partial functions, or even for each individual function, that are available to the maintenance personnel for the respective interface.
  • the method described herein includes setting up the communication device.
  • Setting up includes storing an authorization indicator in a memory of the communication device.
  • the authorization indicator is indicative of the authorization level of a user.
  • the identification token can be created based on the authorization indicator.
  • setting up the device can include installing an app and assigning authorization levels, for example in an app of the communication device or another communication device, or even in an administration system, for example by an administrator who is authorized to assign the authorization levels.
  • an administrator tasked with the maintenance of one or more passenger transport devices can specifically assign authorizations for each person in the maintenance staff (“user”), for example depending on the qualifications of the person on the maintenance staff. For example, a trainee can receive read permission for one or more interfaces for the communication device assigned to him, while a fully qualified maintenance mechanic can receive read/write permissions for one or more interfaces.
  • the identification token can include the authorization indicator so that it is transmitted to the authentication infrastructure together with the request and the authorization level for the authentication infrastructure can therefore be determined directly.
  • the authorization indicator can include an identifier of the communication device
  • the authentication infrastructure can include a database in which authorizations are stored for a large number of identifiers of communication devices, preferably for the respective interface, so that based on the Authorization indicator through the authentication infrastructure, for example during the processing of the request, the respective authorization level can be determined by accessing the database. Entries in the database can, for example, be stored in the database by an administrator, for example decentrally, or when setting up the communication device instead of or in addition to storing the authorization indicator in the memory of the communication device.
  • processing the query described herein includes generating a random value.
  • the random value can in particular be generated by the authentication infrastructure, for example by a random generator.
  • the authentication token and the authorization token can be generated based on the identification token and the random value.
  • the random value may include or be the authentication indicator.
  • the random value can be a value from which an authentication indicator can be derived, in particular through the communication device and the interface, and/or through which a comparison of the authentication indicator with the authorization token is possible in the interface.
  • a new random value can be generated for each request, for example when processing the request. This allows a new authentication indicator to be created for each request.
  • the authentication indicator can be a one-time password, a one-time code or the like and, in particular, potential security gaps due to unauthorized disclosure or repeated use can be avoided.
  • the authentication indicator is reproduced in human-readable form, for example via a display of the communication device.
  • This allows the maintenance personnel to enter the authentication indicator on an input device of the interface, for example in the form of a password in the form of a character string, number sequence, symbol sequence, or another embodiment of a clearly identifiable sequence of inputs, for example a sequence of directions of rotation and clicks of the jog Dials.
  • the communication device can be set up to display different types of authentication indicators, in particular in such a way that an authentication indicator that can be entered in a particularly convenient way for the respective interface is displayed.
  • the authentication indicator may be limited to the character set of the interface's input device be.
  • an authentication indicator consisting entirely of numbers may be provided for an interface with an input device that only includes numbers.
  • the character set to be selected can be contained in the identification indicator, selected by maintenance personnel, for example by command, stored in a database of the authentication system, or can be transmitted to the authentication system through communication between the interface and the authentication system.
  • several possible authentication indicators with the same or similar information content can be reproduced by the communication system from the authentication token, which correspond to different character sets and can be selected by the maintenance personnel for the respective interface.
  • checking the authentication indicator includes checking whether the input of the authentication indicator occurred within a predetermined period of time.
  • the predetermined period of time can correspond to a period of validity of a password from generation.
  • the time period may be approximately 30 seconds, one minute, two minutes or five minutes. This allows the previously described advantages of a one-time password to be further enhanced, in particular by not allowing passwords to be generated in advance.
  • checking the authentication indicator includes checking whether the entry of the authentication indicator, in particular the same authentication indicator, has occurred more often than a predetermined number of entries. For example, after entering the same password several times, or after entering the same or an incorrect password twice, a switch to a maintenance mode with more than no authorization can be prevented. This allows you to avoid using the same password multiple times and, in particular, bruteforce attacks.
  • the communication device may include a user interface.
  • the user interface can be a graphical user interface.
  • the user interface can be a user interface that is displayed on a display of the communication device.
  • the user interface can be generated by software or a program, for example the app described herein.
  • the user interface can be... Allow users, such as maintenance staff, to apply for access rights.
  • the user interface can include a selection option, for example a selectable button.
  • the communication device can be set up to request the user to record the identification indicator as a result of an input by the user requesting access rights, for example through a display via the user interface.
  • the passenger transport device is an elevator, an escalator or a moving walkway.
  • the use includes the maintenance of the passenger transport facility. Maintenance is understood to mean the influence of maintenance personnel on the function of the passenger transport facility and/or the inspection of the passenger transport facility.
  • the maintenance can include an interaction with the interface, in particular to influence or check the component assigned to the interface.
  • the use can include the spatial search of the interface and the identification indicator by a user, for example entering an operating room or opening a control cabinet.
  • a computer program product may be configured, upon execution of the program, to cause the interface to perform functions in accordance with the aspects and embodiments described herein.
  • the computer program product can be provided on a data carrier.
  • the computer program product can be stored in a memory of the interface or a component of the passenger transport device associated with the interface.
  • the computer program product can be transmittable and, for example, be set up to be installed during an update, for example a firmware update.
  • the transmission can, for example, be receivable for the interface via a communication module of the interface described herein.
  • the interface includes a processor, such as a microprocessor or a CPU.
  • the interface can further include a memory.
  • the computer program described herein can be stored in the memory.
  • the computer program when executed on the processor, may cause the interface to execute or perform the functions of the interface described herein.
  • the processor and memory can be provided in the component assigned to the interface, for example a controller.
  • the communication device includes a processor, such as a microprocessor or a CPU.
  • the communication device can further include a memory.
  • the app described herein can be stored in the memory, as well as other programs, for example for controlling the functions not described herein in connection with the app, such as controlling a camera of the communication device.
  • the App when running on the processor, may cause the communication device to execute or perform the functions of the communication device described herein.
  • the authentication infrastructure includes a processor, such as one or more CPUs.
  • the authentication infrastructure may further include storage.
  • Software for controlling the authentication infrastructure can be stored in the memory.
  • the software can, when executed the processor, cause the authentication infrastructure to execute or perform the authentication infrastructure functions described herein.
  • the memory may additionally store a database in which the data described herein in connection with the database is stored.
  • the database can contain data about users, authorization levels of the users, in particular for a respective interface, communication devices, in particular communication devices assigned to the respective user, interfaces, in particular the identification indicator assigned to the respective interface, as well as further data, for example location data of the interface, and/or Addresses, for example IP addresses or URLs, of the interface and/or the communication device in the data network.
  • the database can be optional, in particular in embodiments in which the data mentioned is transmitted to the authentication infrastructure, for example together with the request, for example together with the identification token.
  • Fig. 1 shows an authentication system 100 according to an exemplary embodiment.
  • the authentication system 100 includes a control cabinet 112 of a passenger transport device, in which a control component with an interface 110 is located.
  • the interface 110 includes a Keypad, which serves as an input device, and a display, which serves as an output device.
  • the interface 110 is connected to the Internet 140 via a network connection 116.
  • An identification indicator 114 is mounted in a visible location in the control cabinet 112.
  • the identification indicator 114 is encoded as a QR code.
  • the identification indicator 114 may have been applied upon installation of the interface 110, or upon an update of the interface with the computer program product described herein.
  • the authentication system 100 shown includes a communication device 120.
  • the communication device 120 is a smartphone that is set up to carry out the functions described here by means of an app installed on it.
  • the communication device 120 is uniquely assigned to a user, for example the communication device 120 can be a smartphone that is, at least temporarily, exclusively owned by the user and/or to which only the user has access.
  • the communication device 120 is set up, i.e. an authorization indicator is stored in a memory of the communication device 120, which includes the user's authorization level.
  • the communication device 120 is not intended exclusively for authentication at a single passenger transport device.
  • the communication device 120 can, for example, remain with the user and is only required, for example, if the steps described herein for carrying out an access control method are carried out on the interface 110 of the respective passenger transport device.
  • This in Fig. 1 Communication device 120 shown includes a camera.
  • the camera is set up to read the identification indicator 114 encoded as a QR code, in particular in such a way that the QR code can be decoded and the decoded identification indicator can be further processed by the communication device 120.
  • the reading of the identification indicator coded as a QR code is shown in Fig. with arrow 124.
  • the communication device 120 shown includes a display 122.
  • the display 122 shows a raw output from the Image data captured by the camera of the communication device 120, here a reproduction of the identification indicator 114 coded as a QR code ("ID") is displayed.
  • ID the identification indicator
  • an authentication indicator (“AI") that was derived by the communication device 120 from a previously received authentication token is further displayed on the display 122.
  • the display of the authentication indicator allows the user to enter the authentication indicator at the input device of the interface 110. Entering the authentication indicator is in Fig. 1 shown with arrow 126.
  • This in Fig. 1 Communication device 120 shown is connected to the Internet 140 via a wireless network connection 128, for example via a cellular network or a local wireless network.
  • Authentication system 100 shown includes an authentication infrastructure 130.
  • authentication infrastructure 130 is a server-based cloud service configured to perform the authentication infrastructure functions described herein.
  • the functions include at least receiving a request from the communication system, generating an authentication token based on the identification token and transmitting the authentication token to the communication device, generating an authorization token, and sending the authorization token to the interface to transmit.
  • the indicators and tokens described herein are in Fig. 2 described in more detail.
  • the authentication infrastructure is connected to the Internet 140 via connection 132.
  • the in Fig. 1 Components shown, in particular the interface 110, the communication device 120 and the authentication infrastructure 130 are set up to carry out the functions described herein for the respective component, in particular to carry out a method for access control of the interface 110.
  • An embodiment of such a method is in Fig. 3 described in more detail.
  • Fig. 1 shown are the interface 110, the communication device 120 and the authentication infrastructure 130, for example via the network modules described herein, directly or indirectly connected to the Internet.
  • This allows data, For example, data packets comprising the tokens described herein are exchanged between the interface 110 and the authentication infrastructure 130 and between the communication device 120 and the authentication infrastructure 130.
  • a direct transmission of data packets via the Internet 140 between the communication device 120 and the interface 110 is not necessary. This can advantageously increase the security of access control.
  • Fig. 2 shows exemplary embodiments of the indicators and tokens described herein.
  • the identification indicator 210 serves to clearly assign the interface and can be designed in accordance with the aspects or embodiments described herein.
  • the identification indicator can, for example, be in the form of the in Fig. 1 QR code coded identification indicator shown in the control cabinet 112 can be provided. After reading the identification indicator 210, the identification indicator 210 may be present as a computer-processable element, such as a string of numbers or characters.
  • the identification token 220 is used by a communication device, for example the in Fig. 1 Communication device 120 shown, generated after reading the identification indicator 210.
  • the identification token includes the identification indicator 210.
  • the identification indicator 210 may be integrated directly into the token.
  • the identification indicator 210 of the identification token 220 may be processed, for example compressed, transcoded or encrypted.
  • the identification token includes, as in Fig. 2 shown, more information.
  • the additional information may be optional.
  • the identification token may include an identifier of the communication device 222.
  • the identifier of the communication device 222 may be intended to identify the communication device to an authentication infrastructure, such as that in Fig. 1 authentication infrastructure 130 shown. This allows, for example, the user assigned to the communication device to be identified and/or authenticated to the authentication infrastructure, and for example an authorization level stored in a database of the authentication infrastructure of the user can be determined.
  • An identifier of the communication device 222 can be dispensed with in embodiments if alternative identification methods are used instead, for example a session login of the communication device to the authentication infrastructure.
  • the identification token 220 includes an authorization indicator 224.
  • the authorization indicator 224 may include information indicating the user's authorization level.
  • the authorization indicator 224 of the identification token 220 is created by the communication device. Accordingly, the authorization indicator 224 may be an authorization indicator that was stored in a memory of the communication device when the communication device was set up in accordance with aspects and embodiments described herein.
  • the authorization indicator 224 of the identification token 220 may be the authorization indicator of the authorization token 240 in embodiments, particularly in embodiments in which the processing of the request by the authentication infrastructure does not require a modification of the authorization indicator 224 or initial creation of the authorization indicator 242.
  • the authorization indicator 224 of the identification token 220 can be omitted in embodiments, for example in embodiments in which the user's authorization level is stored in a database of the authentication infrastructure, or in which the user's authorization level is determined by the Authentication infrastructure is determined.
  • the further information for example the identifier of the communication device 222 and/or the authorization indicator 224 of the identification token 220, can be processed, for example compressed, recoded or encrypted.
  • the entire identification token 220 can be encrypted. Encryption of both the identification token 220 and the information contained in the identification token 220 may be capable of being decrypted by the authentication infrastructure described herein.
  • the authentication token 230 is provided by an authentication infrastructure generated, for example the one in Fig. 1 authentication infrastructure 130 shown, after receiving the request by the communication device comprising the identification token 220.
  • the authentication token 230 can be transmitted from the authentication infrastructure to the communication device.
  • the authentication token includes at least one authentication indicator 232.
  • the authentication indicator 232 may be an authentication indicator in accordance with aspects or embodiments described herein. In particular, the authentication indicator can be created based on a random value.
  • the authentication token 230 may include additional optional information 234.
  • the optional information 234 may be information that should advantageously be made available to the user, for example by output by the communication device.
  • the optional information 234 may, for example, include information that is contained in the same or similar manner in the authorization token 240, for example a validity period of the authentication indicator 232, an authorization level of the user, a model name and/or version number of the interface, or the like.
  • the authorization token 240 is generated by an authentication infrastructure, for example the in Fig. 1 authentication infrastructure 130 shown, after receiving the request by the communication device comprising the identification token 220.
  • the authentication token 230 can be transmitted from the authentication infrastructure to an interface.
  • the authorization token 240 includes the authentication token 230.
  • the authorization token 240 thus includes at least the authentication indicator 232.
  • the authorization token 240 may include the optional information 234 described for the authentication token 232.
  • the authorization token 240 includes the authorization indicator 242.
  • the authorization indicator 242 may be optional, for example in embodiments for which only two authorization levels are provided, for example "full authorization” and "no authorization". In these embodiments, authorization may be established, for example, by the presence of a valid authentication indicator 230 or by already receiving an authorization token 240 by the Interface must be given. In further embodiments, the authorization indicator 242 may be adapted to select an authorization level based on the authorization indicator 242 and to switch the interface to a maintenance mode based on the authorization level.
  • the authorization token 240 may include further optional information 244, for example in addition to or in place of the optional information 234 present in the authentication token 230 included in the authorization token 240.
  • the optional information 244 can be information that should advantageously be made available to the interface, for example in order to operate or set the interface based on the optional information 244.
  • the optional information may include a validity period of the authentication indicator 232, and/or a maximum number of entry attempts of the authentication indicator.
  • Fig. 3 shows a method 300 for access control of an interface for maintaining a passenger transportation device according to an exemplary embodiment.
  • the method can be used through the in Fig. 1
  • Authentication system 100 shown can be executed.
  • Fig. 3 shows which operations can be carried out in the respective components interface 110, communication device 120 and authentication infrastructure 130.
  • the operations 316, 328 and 332 shown as arrows show communication, in particular an exchange of data, that takes place between the respective components and, for example, according to the aspects described herein and embodiments, for example via the Internet.
  • the operations 324 and 326 shown as arrows include an exchange of information that takes place directly at the interface, i.e. without data exchange via, for example, the Internet, but by reading 324 the identification indicator and entering 326 the authentication indicator.
  • the method includes, in operation 310, providing an identifying indicator, such as the in Fig. 1 identification indicator 114 shown.
  • the provision can be made, for example, by displaying it on a display of the interface, or by attaching a visible label in spatial proximity to the interface.
  • the method includes, in operation 324, reading the identification indicator with the communication device 120.
  • the reading may include optical sensing.
  • the identification indicator is processed, for example, a QR code encoded identification indicator may be in the form of image data in the communication device 120, and the communication device 120 may decode the image data to produce the identification indicator in the form of a processable To be able to further process a data structure, for example a character sequence such as a string.
  • an identification token is created based on the identification indicator in accordance with aspects and embodiments described herein.
  • a request is created in accordance with the aspects and embodiments described herein.
  • the request includes the identification token.
  • Creating the request in operation 323 may include establishing a communicative connection with the authentication infrastructure, such as establishing a secure connection, transmitting and verifying certificates, and/or authenticating the communication device to the authentication infrastructure.
  • the request is transmitted to the authentication infrastructure 130 in accordance with aspects and embodiments described herein.
  • the request is processed by the authentication infrastructure 130 in accordance with the aspects and embodiments described herein. Processing the request in operation 330 may include, for example, a plausibility check of the request.
  • Processing the request in operation 330 may, if necessary, include accessing a database through the authentication infrastructure, for example to identify the communication device, and/or query an authorization level of the user associated with the communication device for the interface associated with the identification indicator .
  • an authorization token and an authentication token are created in accordance with aspects and embodiments described herein.
  • the authentication token is transmitted to the communication device 120.
  • the authorization token is transmitted to interface 110.
  • an authentication indicator is generated from the authentication token by the communication device 120 in accordance with the aspects and embodiments described herein.
  • the authentication token can be decrypted.
  • an authentication indicator contained in the authentication token can be extracted, or an authentication indicator can be created based on information contained in the authentication token.
  • the authentication indicator is reflected by the communication device.
  • the authentication indicator is entered at an input device of the interface in accordance with the aspects and embodiments described herein.
  • the entered authentication indicator is checked and matched with the authorization token.
  • the matching may include the same steps for the authorization token that were described in operation 340 for the authentication token and the generation of the authentication indicator from the authentication token, that is, the interface may in turn generate an authentication indicator from the authentication indicator in the authorization Generate the authentication token contained in the token.
  • the comparison may include comparing whether the entered authentication indicator matches the authentication indicator generated in the interface. Likewise, the comparison can be carried out, for example, using appropriate mathematical or cryptographic functions.
  • the authentication indicator may be derived from the authentication token via a cryptographic function, and the matching in operation 350 may include applying the same or a complementary cryptographic function.
  • Operation 352 involves transitioning the interface to a maintenance mode in accordance with the aspects and embodiments described herein. Operation 352 may include reading an authorization level contained in the authorization token and selecting an authorization level based on the authorization token. Based on the selected permission level, operation 352 may include changing the interface to a maintenance mode corresponding to the particular selected permission level.
  • the embodiments described herein enable secure and simple access control. Instead of a static password, an authentication indicator is used that is created for each user and for each maintenance activity. This increases security in a particularly advantageous manner. Complex authorization procedures, such as maintenance personnel requesting the preset password for the respective interface from a central authority, are not necessary. For the user of the proposed solution, compared to the usual entry of a preset password, advantageously only one additional step is necessary, namely reading in the identification indicator. In addition, a maintenance mode with a preset authorization level can be permitted for each user and even for each interface, so that malicious or accidental interference with security-relevant functions can be ruled out in many cases.
  • the proposed solutions allow quick and easy granting of permissions to temporary maintenance teams and, at the end of maintenance, it can be easily ensured that no access rights remain with the members of the temporary maintenance team, without having to change a password on each interface, for example.
  • the proposed solution can advantageously be implemented by a software update of the interface with the computer program product proposed herein, so that a hardware retrofit of the interface or the component assigned to the interface is advantageously not necessary.

Landscapes

  • Telephonic Communication Services (AREA)
EP22172517.9A 2022-05-10 2022-05-10 Procédé et système d'authentification pour le contrôle d'accès d'une interface destinés à la maintenance d'un dispositif de transport de personnes Pending EP4276045A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
EP22172517.9A EP4276045A1 (fr) 2022-05-10 2022-05-10 Procédé et système d'authentification pour le contrôle d'accès d'une interface destinés à la maintenance d'un dispositif de transport de personnes

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
EP22172517.9A EP4276045A1 (fr) 2022-05-10 2022-05-10 Procédé et système d'authentification pour le contrôle d'accès d'une interface destinés à la maintenance d'un dispositif de transport de personnes

Publications (1)

Publication Number Publication Date
EP4276045A1 true EP4276045A1 (fr) 2023-11-15

Family

ID=81597876

Family Applications (1)

Application Number Title Priority Date Filing Date
EP22172517.9A Pending EP4276045A1 (fr) 2022-05-10 2022-05-10 Procédé et système d'authentification pour le contrôle d'accès d'une interface destinés à la maintenance d'un dispositif de transport de personnes

Country Status (1)

Country Link
EP (1) EP4276045A1 (fr)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2006050626A1 (fr) * 2004-11-09 2006-05-18 Inventio Ag Procede et dispositif pour entretenir un systeme d'ascenseur ou d'escalier roulant
WO2010069347A1 (fr) * 2008-12-18 2010-06-24 Otis Elevator Company Système et procédé de contrôle d'accès à un système de commande d'appareil de transport de personnes
WO2018099793A1 (fr) * 2016-11-30 2018-06-07 Inventio Ag Configuration d'un droit d'accès à un système de commande d'ascenseur
EP3832608A1 (fr) * 2019-12-02 2021-06-09 KONE Corporation Solution pour fournir une sortie visuelle représentant des informations relatives à la maintenance d'un système de transport de personnes ou d'un système de commande d'accès

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2006050626A1 (fr) * 2004-11-09 2006-05-18 Inventio Ag Procede et dispositif pour entretenir un systeme d'ascenseur ou d'escalier roulant
WO2010069347A1 (fr) * 2008-12-18 2010-06-24 Otis Elevator Company Système et procédé de contrôle d'accès à un système de commande d'appareil de transport de personnes
WO2018099793A1 (fr) * 2016-11-30 2018-06-07 Inventio Ag Configuration d'un droit d'accès à un système de commande d'ascenseur
EP3832608A1 (fr) * 2019-12-02 2021-06-09 KONE Corporation Solution pour fournir une sortie visuelle représentant des informations relatives à la maintenance d'un système de transport de personnes ou d'un système de commande d'accès

Similar Documents

Publication Publication Date Title
DE102015215120B4 (de) Verfahren zur verwendung einer vorrichtung zum entriegeln einer weiteren vorrichtung
DE102014101495B4 (de) Verfahren zum Zugang zu einem physisch abgesicherten Rack sowie Computernetz-Infrastruktur
DE102012214018B3 (de) Autorisierung eines Nutzers durch ein tragbares Kommunikationsgerät
DE10065667A1 (de) Verfahren und Vorrichtung zur Gemeinschaftsverwaltung bei einem Vornehmen von Diensten bei entfernten Systemen
DE112013002539B4 (de) Validierung mobiler Einheiten
EP2732398B1 (fr) Méthode d'operation d'un dispositif de réseau
EP3198826B1 (fr) Clé d'authentification
EP1697820B1 (fr) Procede pour activer un acces a un systeme informatique ou a un programme
EP4276045A1 (fr) Procédé et système d'authentification pour le contrôle d'accès d'une interface destinés à la maintenance d'un dispositif de transport de personnes
EP3485603B1 (fr) Authentification par jeton avec message signé
DE19703970B4 (de) Verfahren zur Erfassung von Daten und deren Übermittlung in authentischer Form
DE102012216396B4 (de) Ermitteln einer IT-Berechtigungsinformation unter Verwendung eines mechanischen Schlüssels
WO2011072952A1 (fr) Dispositif et procédé pour accorder des droits d'accès à une fonctionnalité de maintenance
EP3657750B1 (fr) Procédé d'authentification des lunettes intelligentes dans un réseau de données
EP3585084A1 (fr) Établissement d'une autorisation d'accès à un réseau partiel d'un réseau de téléphonie mobile
EP3435619A1 (fr) Procédé d'appariement d'appareils e/s en services en nuage
WO2013110407A1 (fr) Commande d'accès
DE102013202339A1 (de) Vorrichtung und Verfahren zum Verwalten von Zugangscodes
DE102019200925A1 (de) Verfahren und Vorrichtung zur Erzeugung und Überprüfung eines Einmal-Kennworts
EP4087184B1 (fr) Procédé d'authentification des interactions indépendamment d'une heure système , ainsi que dispositif de mise en uvre dudit procédé et détecteur de flamme doté d'un tel dispositif
EP3352142A1 (fr) Dispositifs, systèmes et procédés de déverrouillage d'une serrure d'un système de serrure
US20210097156A1 (en) Method for automatically registering a user on a field device, and automation system
DE102021005608A1 (de) Authentifizierung eines Beatmungsgerätes
WO2015114160A1 (fr) Procédé de transmission sécurisée de caractères
DE10065668A1 (de) Verfahren und Vorrichtung zum sicheren Fernzugriff auf Software bei einer zentralen Dienstanlage

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION HAS BEEN PUBLISHED

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR