WO2008022606A1 - Verfahren zur authentifizierung in einem automatisierungssystem - Google Patents
Verfahren zur authentifizierung in einem automatisierungssystem Download PDFInfo
- Publication number
- WO2008022606A1 WO2008022606A1 PCT/DE2006/001481 DE2006001481W WO2008022606A1 WO 2008022606 A1 WO2008022606 A1 WO 2008022606A1 DE 2006001481 W DE2006001481 W DE 2006001481W WO 2008022606 A1 WO2008022606 A1 WO 2008022606A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- certificate
- automation
- automation system
- communication
- authentication server
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B19/00—Programme-control systems
- G05B19/02—Programme-control systems electric
- G05B19/418—Total factory control, i.e. centrally controlling a plurality of machines, e.g. direct or distributed numerical control [DNC], flexible manufacturing systems [FMS], integrated manufacturing systems [IMS], computer integrated manufacturing [CIM]
- G05B19/4185—Total factory control, i.e. centrally controlling a plurality of machines, e.g. direct or distributed numerical control [DNC], flexible manufacturing systems [FMS], integrated manufacturing systems [IMS], computer integrated manufacturing [CIM] characterised by the network communication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/33—User authentication using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B2219/00—Program-control systems
- G05B2219/30—Nc systems
- G05B2219/31—From computer integrated manufacturing till monitoring
- G05B2219/31135—Fieldbus
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B2219/00—Program-control systems
- G05B2219/30—Nc systems
- G05B2219/36—Nc in input of data, input key till input tape
- G05B2219/36542—Cryptography, encrypt, access, authorize with key, code, password
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02P—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
- Y02P90/00—Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
- Y02P90/02—Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]
Definitions
- the invention relates to a method for authenticating a communication subscriber in an automation system.
- the automation system is understood to mean a plurality of automation devices communicating with one another and possibly further devices which are intended individually or in combination for controlling and / or monitoring a technical process.
- the term "automation device” includes all devices, devices or systems, so in addition to eg., Controls, such as programmable logic controllers, process computers, (industrial) computers, decentralized peripherals, HMI devices and the like also drive or other aggregate controls, frequency and the like, as they are used or can be used to control, regulate and / or monitor technological processes, for example for reshaping or transporting material, energy or information, etc., in particular via suitable technical devices, such as, for example, sensors
- automation devices are also understood to mean those communication users in an automation system who do not interact directly with the respective technical process but, for example, for diagnostic purposes or for operator control and monitoring functions, possibly even only t up, are part of the automation system.
- Ethernet and IP communication also penetrate the so-called fieldbus level, eg. B. down to the level of individual automation cells before.
- fieldbus level eg. B.
- These new threats increase the demands on the protection of Automat! s réellestechnikn.
- access protection based on rights also plays a key role.
- a client an operator / user or a device used by the user
- a client must first be identified and authenticated, with authentication as proof that the particular client is the one he claims to be before it Basis of an assignment, ie an authorization, can take place.
- Automation devices are so far, if at all, by comparatively simple mechanisms, eg. As passwords, in particular embodiments decentrally stored passwords, protected. The respective client must always re-authenticate itself when accessing such devices. To support such operations aids are known, the z.
- automation network is here and in the following
- an automation system which is provided for controlling and / or monitoring a complete installation comprising a large-scale technical process is an automation system which will also be referred to simply as a system in the following: The same applies to terms such as an automation network or the like.
- the advantage here is in particular a facilitated operability or the avoidance of the need to remember a variety of access authorization information, to be called Wachwach part.
- a method for authenticating a communication subscriber in or with respect to an automation system having a plurality of communicatively connected automation devices it is provided in a first step that the communication user sends an identifier to the automation system.
- the communication participant is a permanently or temporarily communicatively connected to the automation system device, eg. For example, a programming device with which a user can access the automation system and at least temporarily included automation devices.
- the identifier sent by the communication subscriber to the automation system identifies either the respective device or the user, or both, collectively referred to as "client.”
- client Such identifier may include a user name and password
- a certificate is generated or a certificate already generated is selected or selecting the The certificate is based on the identifier.
- the certificate is transmitted to the communication subscriber / client.
- the latter can transmit the certificate to all communication users included in the automation system, that is to say, in particular, to the automation devices communicating with one another in a communicative manner. Transmission of the certificate to a communication user in the automation system, referred to hereafter as the "target device", normally leads to authentication of the communication subscriber / client transmitting the certificate Client thus for the respective automation device, ie an access to this device, authenticated.
- the above-mentioned problems are solved by the above method, as well as a device or a system by which the method is implemented by allowing the client to authenticate one-time and then based on this authentication on components of the Automation system. Access is then usually under consideration of rights granted to the client based on its authentication.
- components includes all devices that serve directly or indirectly to fulfill automation tasks, eg. B. automation devices, but also z. B. network components and the like.
- the term "one-time authentication" is to be understood here and below in the sense that the client can log on once and then access other components without having to re-authenticate. However, this does not exclude that the acquired authentication has a time limit beyond which re-authentication may become necessary.
- an automation domain designates a common, so-called “trust domain” in which devices or components with an automation function are located a once acquired authentication of a client valid everywhere, ie all devices "trust” a common entity, which is included in the automation system and is also the basis for performing the authentication.
- An automation solution provided for the automation of a technical process may comprise one or more automation domains.
- An essential advantage of the solution according to the invention is that the client does not have to log on / authenticate to each device, but a single login to the automation domain, ie an authentication in or with respect to the respective automation system, is sufficient. It also provides easy user management that can be centralized to the entire automation domain, eliminating the need for a single device or effect for each device, and increased security and consistency. The latter has an effect especially in the user management, if z. For example, a new client for the automation domain should be allowed or an authorization of a client that is no longer allowed to be revoked should be revoked. For new devices added to the automation domain, they do not require a passphrase. In addition, the respective client only has to remember a password, which results in not only a time saving for this.
- the automation system comprises at least one authentication server, wherein the identifier is sent by the respective Koxnmunikationsteilêt / client to the authentication server and the certificate is then generated or selected by the authentication server.
- the devices encompassed by the automation system in particular the automation devices provided for controlling and / or monitoring the technical process, of administrative functions, such.
- the generation, selection and storage of certificates can be assigned to a dedicated device or device group, namely the authentication server, so that a separation between "automation resources” and "administration resources” becomes possible to that extent.
- At least one private key and a public key belonging to the or each private key are assigned to the authentication server.
- the authentication server signs the selected or created certificate with the or a private key. This is known in the automation system or is in the automation system, eg. B. after selection or generation of the certificate or in connection with the signing of the certificate, made known. Such notification is expediently carried out by the fact that the public key belonging to the private key used for the signing is transmitted to the other communication users in the automation system, in particular the automation devices included therein.
- the certificate acts for the communication user, who asks for an authentication in the automation system or for the automation system, as a soft token that "proofed” the authenticity of individual or multiple devices in the automation system "presented", that is transmitted
- Signing turns the certificate into a soft token that is protected against change known and also in connection with the described embodiment of the present invention, the known signature methods come into consideration in principle. It is also known to recognize any changes in data units based on the respective signature. These known methods should also be used in conjunction with this embodiment of the invention.
- a secure communication channel is preferably used for transmission of the certificate.
- z This ensures, for example, that no unauthorized user can come into possession of the certificate. At least, such unauthorized access is made more difficult.
- the certificate is either rejected or accepted by the respective target device in connection with a transmission of the certificate by the client to a target device based on additional information about the origin of the certificate.
- This additional information relates preferably to the signing of the certificate by, in particular, the authentication server, wherein z.
- the target device verifies the signature of the transmitted certificate on the basis of the public key made known by the authentication server.
- a client works on a at least temporarily connected to an automation system communication participants, eg. B. a programmer. From there, the client authenticates itself to the automation system, eg. On the authentication server. This authentication is carried out using standard mechanisms by transmitting a user-specific identifier. Such an identifier may, for. B. User name and / or password, or a so-called RFID, etc., or be based on biometric data or the like.
- This authentication information is usually transmitted between client and authentication server on a secure channel. For this an SSL channel is used. After successful authentication, the authentication server generates a certificate for the client, which it receives back via the secure channel.
- This certificate can the user below to prove its authenticity to other communication participants in the automation system, eg. B. automation system comprised by the automation system, submit.
- the certificate can be installed in local, so-called certificate stores of the client.
- the issued certificate is signed by the authentication server. To do this, the authentication server uses a private key.
- the associated public key is distributed in the form of a so-called root certificate to all members of the automation domain, that is to say in particular to the automation devices included in the automation system. This can also be done in an upstream th configuration step, z. B. during a so-called configuration done.
- this certificate is "submitted", ie transmitted by the client to the respective target device.
- a request thus initiated by the client initiates the establishment of a secure so-called SSL tunnel between the client and the target device
- This secure channel is used to transfer the client's certificate to the target device, where it can be used to assign and / or check appropriate authorizations without the client having to log on to the target device or the authentication server.
- the target device will generally not trust each submitted certificate, but check whether the respective issuer, ie the source of the certificate, is a trustworthy so-called stand certification authority, whereby the trustworthiness z. B. may result from the fact that the issuer is the authentication server of its own domain. If both a valid and trusted certificate are then available, the client can access the target device within the scope of the rights assigned to it without the need for further authentication.
- Kerberos is that the SSL protocol is a widely used protocol that is available on a variety of devices. SSL enables the transparent packaging of TCP telegrams in an SSL channel, so that no modifications are required for TCP-based applications. The use of z. B. Kerberos usually requires an adjustment of the application protocol, with Kerberos speaking of "Kerberization".
- the certificate is a so-called X509 ⁇ certificate, which is used to prove the authenticity of the client.
- Certificates can be determined using, in particular, secure data transmission protocols, e.g. B. SSL, comparatively easy to transport one of the automation devices in the automation system, where on the basis of the certificate, the authentication of the client, ie the communication subscriber from whom the certificate is sent, is checked. Certificates can be stored in secured storage areas that exist under many platforms, so that access protection is ensured on the one hand and compatibility with existing platforms on the other hand guaranteed.
- Kerberos trust mechanisms are used, the advantage of which is, above all, the relatively simple realizability, if Kerberos is already implemented on the participating devices.
- Kerberos trust mechanisms are used, the advantage of which is, above all, the relatively simple realizability, if Kerberos is already implemented on the participating devices.
- Kerberos also uses so-called "shared secrets" by default, and to the best of Applicant's knowledge, Kerberos has not been used in automation devices because of the significant problems it poses, including in connection with a so-called Kerberization of the application protocols
- the alternative use of X509 certificates has the advantage that a so-called trust ratio can be easily checked on the basis of the respective signature and no recourse to shared secrets or the like is required Unlike the shared secrets, special root certificates do not need to be kept in a secure store because they do not receive any secret information, unlike shared secrets, certificates can be time-limited have duration. Even if unauthorized third parties gain access to certificates, this may result in unauthorized access for a limited time only.
- root certificates can be revoked if an authentication server or its public key has been compromised. All certificates issued by him will then become invalid and a new private key can be assigned to the authentication server so that new certificates can be issued based on which clients can then re-authenticate.
- the single sign-on system is designed so that issued by the authentication server for the client certificates have a fixed or definable period of validity. After expiry of the validity period, the client needs a new certificate in order to continue to have access to the automation system.
- provision may be made for such a new certificate to be requested from the authentication server using an old, in particular expired, or shortly before expiration certificate.
- Such a requirement can be automatic. This has the advantage that the client does not have to specify his password again even if the certificate has to be renewed.
- the use of certificates protected against alteration, in particular of X509 certificates, can also be used to secure authorization information for access to automation components.
- Authorization information can be privileges, rights, roles, and so on.
- the transfer of such authorization information is secured in a special way.
- z For example, the following scenario is conceivable: The client logs on to an authentication server and receives from it a certificate that identifies him as an authenticated client in the future. The authentication server has signed the certificate so that each target device can verify that the authentication is trusted. The certificate now contains one or more roles. One of these roles includes z.
- B. Information such as "operator", "maintenance personnel” or the like. This role information is transmitted with the transmission of the certificate to the target device.
- the target device extracts after a verification of Authentication the role information. Based on locally stored rights tables, the target device can now assign rights to the respective client via the role. This has the advantage that the rights tables do not contain any user information, so that they do not have to be changed when clients are removed or when new clients are added. In addition, the role information is securely transmitted to the respective target device together with the authentication information.
- Relationships used in subclaims indicate the further development of the subject of the main claim by the features of the respective subclaim; they should not be construed as a waiver of obtaining independent, objective protection for the feature combinations of the dependent claims. Furthermore, in terms of an interpretation of the claims in a closer concretization of a feature in a downstream Claim that such a restriction does not exist in the respective preceding claims.
- FIG. 1 shows a schematically simplified representation of communication relationships between an automation system provided for controlling a technical process and a client with which access to the automation system is to take place.
- the automation system 10 comprises a number of communicatively interconnected communication participants. Some of the communication stations comprised by the automation system 10 are automation devices 14, 16, 18, 20 corresponding to the definition given at the outset, namely a first and second automation device 14, 16 and further automation devices 18, 20.
- the automation system 10 likewise includes a Authentication server 22.
- the automation devices 14-20, the authentication server 22, and possibly other, not shown devices or components are communicatively connected via a bus 24, in particular a field bus. A permanent or temporary connection of another communication subscriber 26 to the automation system 10 is also possible via the bus 24.
- the client sends the automation system 10 an identifier 28 (indicated by the double arrow).
- the identifier 28 is received and checked by one of the devices included in the automation system 10, in the present scenario by the authentication server 22.
- a certificate 30 is generated or selected.
- the generation or selection of the certificate 30 preferably also takes place by the authentication server 22.
- the generated or selected certificate 30 is transmitted to the client, in particular by the authentication server 22 (illustrated by a first communication relationship 32 in the context of the single sign-on method).
- the authentication server 22 is signed.
- a private key (not shown) associated with the authentication server 22 is considered.
- its "integrity" can be recognized by checking the signature, for which purpose the authentication server 22 sends a public key 34 belonging to the private key at least also to the automation devices 14-20 included in the automation system 10. In this transmission it is a second communication relationship 36 in the context of the single-sign-on method.
- the client Upon receipt of the certificate 30, the client can access individual components of the automation system 10, e.g. B. one of the programmable controllers 14-20, in these, in Described below for distinction as a target device, submit the certificate 30.
- This transmission is a third communication relationship 38 in the context of the single-sign-on method.
- the respective target device in the example shown the second automation device 16, checks the transmitted certificate 30, in particular on the basis of the public key 34 previously transmitted by the authentication server 22.
- the certificate 30 is sent after such a check, and possibly after a check, whether the certificate 30 originates from a trusted source, ie in particular a device comprised by the automation system 10 itself, namely, for.
- the authentication server 22 The respective client is then granted access to the addressed target device. If the client wants to access other target devices, as long as a possibly envisaged time limit for the validity of the certificate 30 has not expired, submission of the certificate 30 to this target device is sufficient to gain access, in particular after a subsequent authorization certain rights are assigned to the client, in particular with regard to the transmitted certificate 30.
- a method for authenticating a communication subscriber 26, also referred to as client, in an automation system 10 with automation devices 14, 16, 18, 20 communicating with one another is indicated, in which the communication subscriber 26 sends an identifier 28 to the automation system 10, the identifier 28 is checked in the area of the automation system 10 and, upon successful verification, a certificate 30 is generated or selected and transmitted to the communication user 26, and the certificate 30 authenticates the client to a respective target device this, in particular one of the programmable controllers 14-20, can be transmitted.
Abstract
Description
Claims
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
DE112006004090T DE112006004090A5 (de) | 2006-08-23 | 2006-08-23 | Verfahren zur Authentifizierung in einem Automatisierungssystem |
PCT/DE2006/001481 WO2008022606A1 (de) | 2006-08-23 | 2006-08-23 | Verfahren zur authentifizierung in einem automatisierungssystem |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/DE2006/001481 WO2008022606A1 (de) | 2006-08-23 | 2006-08-23 | Verfahren zur authentifizierung in einem automatisierungssystem |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2008022606A1 true WO2008022606A1 (de) | 2008-02-28 |
Family
ID=37905904
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/DE2006/001481 WO2008022606A1 (de) | 2006-08-23 | 2006-08-23 | Verfahren zur authentifizierung in einem automatisierungssystem |
Country Status (2)
Country | Link |
---|---|
DE (1) | DE112006004090A5 (de) |
WO (1) | WO2008022606A1 (de) |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP2159653A1 (de) * | 2008-09-02 | 2010-03-03 | Siemens Aktiengesellschaft | Verfahren zur Einräumung einer Zugriffsberechtigung auf ein rechnerbasiertes Objekt in einem Automatisierungssystem, Computerprogramm und Automatisierungssystem |
DE102010011657A1 (de) * | 2010-03-17 | 2011-09-22 | Siemens Aktiengesellschaft | Verfahren und Vorrichtung zum Bereitstellen mindestens eines sicheren kryptographischen Schlüssels |
EP2407843A1 (de) * | 2010-07-09 | 2012-01-18 | Siemens Aktiengesellschaft | Sichere Datenübertragung in einem Automatisierungsnetzwerk |
EP2618226A1 (de) * | 2012-01-19 | 2013-07-24 | Siemens Aktiengesellschaft | Industrielles Automatisierungssystem und Verfahren zu dessen Absicherung |
EP2680529A1 (de) * | 2012-06-29 | 2014-01-01 | Siemens Aktiengesellschaft | Netzwerkeinrichtung und Verfahren zum Betreiben einer Netzwerkeinrichtung für ein Automatisierungsnetzwerk |
EP2579116A3 (de) * | 2011-10-04 | 2014-05-07 | Endress + Hauser Process Solutions AG | Verfahren zur Sicherstellung des autorisierten Zugriffs auf ein Feldgerät der Automatisierungstechnik |
EP3355141A1 (de) * | 2017-01-27 | 2018-08-01 | Siemens Aktiengesellschaft | Operator-system für ein prozessleitsystem |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE10200681A1 (de) * | 2002-01-10 | 2003-07-31 | Siemens Ag | Temporäre Zugansberechtigung zum Zugriff auf Automatisierungseinrichtungen |
EP1403749A1 (de) * | 2002-09-30 | 2004-03-31 | Siemens Aktiengesellschaft | Automatisierungssystem sowie Verfahren zu dessen Betrieb |
EP1582950A2 (de) * | 2004-03-31 | 2005-10-05 | Rockwell Automation Technologies, Inc. | Verfahren und System zur Verwaltung digitaler Rechte |
EP1624350A1 (de) * | 2004-08-02 | 2006-02-08 | Siemens Aktiengesellschaft | Verfahren zur Authentifizierung in einem Automatisierungssystem |
-
2006
- 2006-08-23 WO PCT/DE2006/001481 patent/WO2008022606A1/de active Application Filing
- 2006-08-23 DE DE112006004090T patent/DE112006004090A5/de not_active Withdrawn
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE10200681A1 (de) * | 2002-01-10 | 2003-07-31 | Siemens Ag | Temporäre Zugansberechtigung zum Zugriff auf Automatisierungseinrichtungen |
EP1403749A1 (de) * | 2002-09-30 | 2004-03-31 | Siemens Aktiengesellschaft | Automatisierungssystem sowie Verfahren zu dessen Betrieb |
EP1582950A2 (de) * | 2004-03-31 | 2005-10-05 | Rockwell Automation Technologies, Inc. | Verfahren und System zur Verwaltung digitaler Rechte |
EP1624350A1 (de) * | 2004-08-02 | 2006-02-08 | Siemens Aktiengesellschaft | Verfahren zur Authentifizierung in einem Automatisierungssystem |
Cited By (18)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2010026152A1 (de) * | 2008-09-02 | 2010-03-11 | Siemens Aktiengesellschaft | Verfahren zur einräumung einer zugriffsberechtigung auf ein rechnerbasiertes objekt in einem automatisierungssystem, computerprogramm und automatisierungssystem |
EP2159653A1 (de) * | 2008-09-02 | 2010-03-03 | Siemens Aktiengesellschaft | Verfahren zur Einräumung einer Zugriffsberechtigung auf ein rechnerbasiertes Objekt in einem Automatisierungssystem, Computerprogramm und Automatisierungssystem |
CN102144193B (zh) * | 2008-09-02 | 2013-11-20 | 西门子公司 | 在自动化系统中同意对基于计算机的对象的访问权限的方法、设备和自动化系统 |
DE102010011657A1 (de) * | 2010-03-17 | 2011-09-22 | Siemens Aktiengesellschaft | Verfahren und Vorrichtung zum Bereitstellen mindestens eines sicheren kryptographischen Schlüssels |
US8989386B2 (en) | 2010-03-17 | 2015-03-24 | Siemens Aktiengesellschaft | Method and device for providing at least one secure cryptographic key |
EP2407843A1 (de) * | 2010-07-09 | 2012-01-18 | Siemens Aktiengesellschaft | Sichere Datenübertragung in einem Automatisierungsnetzwerk |
US8832446B2 (en) | 2010-07-09 | 2014-09-09 | Siemens Aktiengesellschaft | Secure data transfer in an automation network |
EP2579116A3 (de) * | 2011-10-04 | 2014-05-07 | Endress + Hauser Process Solutions AG | Verfahren zur Sicherstellung des autorisierten Zugriffs auf ein Feldgerät der Automatisierungstechnik |
US9124581B2 (en) | 2012-01-19 | 2015-09-01 | Siemens Aktiengesellschaft | Industrial automation system and method for safeguarding the system |
EP2618226A1 (de) * | 2012-01-19 | 2013-07-24 | Siemens Aktiengesellschaft | Industrielles Automatisierungssystem und Verfahren zu dessen Absicherung |
CN103532732A (zh) * | 2012-06-29 | 2014-01-22 | 西门子公司 | 网络装置和用于运行自动化网络的网络装置的方法 |
DE102012212412A1 (de) * | 2012-06-29 | 2014-01-02 | Siemens Ag | Netzwerkeinrichtung und Verfahren zum Betreiben einer Netzwerkeinrichtung für ein Automatisierungsnetzwerk |
EP2680529A1 (de) * | 2012-06-29 | 2014-01-01 | Siemens Aktiengesellschaft | Netzwerkeinrichtung und Verfahren zum Betreiben einer Netzwerkeinrichtung für ein Automatisierungsnetzwerk |
US9736021B2 (en) | 2012-06-29 | 2017-08-15 | Siemens Aktiengesellschaft | Network device and method for operating a network device for an automation network |
EP3355141A1 (de) * | 2017-01-27 | 2018-08-01 | Siemens Aktiengesellschaft | Operator-system für ein prozessleitsystem |
CN108363616A (zh) * | 2017-01-27 | 2018-08-03 | 西门子公司 | 用于过程控制系统的操作者系统 |
US10114961B2 (en) | 2017-01-27 | 2018-10-30 | Siemens Aktiengesellschaft | Operator system for a process control system |
CN108363616B (zh) * | 2017-01-27 | 2020-07-24 | 西门子公司 | 用于过程控制系统的操作者系统 |
Also Published As
Publication number | Publication date |
---|---|
DE112006004090A5 (de) | 2009-07-30 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP3125492B1 (de) | Verfahren und system zum erzeugen eines sicheren kommunikationskanals für endgeräte | |
AT513016B1 (de) | Verfahren und Vorrichtung zur Steuerung eines Schließmechanismus mit einem mobilen Endgerät | |
DE60119857T2 (de) | Verfahren und Vorrichtung zur Ausführung von gesicherten Transaktionen | |
WO2018104276A1 (de) | Masterblockchain | |
WO2012031821A1 (de) | Verfahren zur zertifikats-basierten authentisierung | |
WO2008022606A1 (de) | Verfahren zur authentifizierung in einem automatisierungssystem | |
EP2250598A2 (de) | Client/server-system zur kommunikation gemäss dem standardprotokoll opc ua und mit single sign-on mechanismen zur authentifizierung sowie verfahren zur durchführung von single sign-on in einem solchen system | |
EP3422628B1 (de) | Verfahren, sicherheitseinrichtung und sicherheitssystem | |
DE102013203101A1 (de) | Erweitern der Attribute einer Credentialanforderung | |
EP3556047A1 (de) | Programmierbares hardware-sicherheitsmodul und verfahren auf einem programmierbaren hardware-sicherheitsmodul | |
EP3935808B1 (de) | Kryptographisch geschütztes bereitstellen eines digitalen zertifikats | |
EP3785416B1 (de) | Verfahren zur anbindung eines endgerätes in eine vernetzbare rechner-infrastruktur | |
EP3785459B1 (de) | Einrichtung einer zugangsberechtigung zu einem teilnetzwerk eines mobilfunknetzes | |
EP3244360A1 (de) | Verfahren zur registrierung von geräten, insbesondere von zugangskontrollvorrichtungen oder bezahl- bzw. verkaufsautomaten bei einem server eines systems, welches mehrere derartige geräte umfasst | |
DE102018102608A1 (de) | Verfahren zur Benutzerverwaltung eines Feldgeräts | |
EP2289052B1 (de) | Verfahren zur erstellung, vergabe und überprüfung von autorisierungs-bewilligungen | |
EP2816777B1 (de) | Rechnernetz, Netzknoten und Verfahren zur Bereitstellung von Zertifizierungsinformationen | |
DE102021130243A1 (de) | Verfahren für die bevollmächtigte gemeinsame Nutzung eines Schlüssels für digitales Fahrzeugschlüsselsystem | |
EP3267619B1 (de) | Verfahren zur herstellung einer ausfallsicherung in einem netzwerk | |
WO2011000608A1 (de) | Vorrichtungen und verfahren zum erstellen und validieren eines digitalen zertifikats | |
EP3881486B1 (de) | Verfahren zur bereitstellung eines herkunftsortnachweises für ein digitales schlüsselpaar | |
EP3917103A1 (de) | Verfahren, system, sender und empfänger zum authentifizieren eines senders | |
EP1624350B1 (de) | Verfahren zur Authentifizierung in einem Automatisierungssystem | |
EP3739834A1 (de) | Verfahren, vorrichtung und anordnung zum verarbeiten von daten | |
EP3937451B1 (de) | Verfahren zu herstellung einer verschlüsselten verbindung |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 06791315 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: RU |
|
WWE | Wipo information: entry into national phase |
Ref document number: 1120060040901 Country of ref document: DE |
|
REF | Corresponds to |
Ref document number: 112006004090 Country of ref document: DE Date of ref document: 20090730 Kind code of ref document: P |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 06791315 Country of ref document: EP Kind code of ref document: A1 |