WO2010009896A1 - Système d'ordinateurs à gestion d'accès automatisée d'une application et contrôle d'accès automatisé à une application, ainsi que procédé de gestion et de contrôle d'accès correspondant - Google Patents

Système d'ordinateurs à gestion d'accès automatisée d'une application et contrôle d'accès automatisé à une application, ainsi que procédé de gestion et de contrôle d'accès correspondant Download PDF

Info

Publication number
WO2010009896A1
WO2010009896A1 PCT/EP2009/005389 EP2009005389W WO2010009896A1 WO 2010009896 A1 WO2010009896 A1 WO 2010009896A1 EP 2009005389 W EP2009005389 W EP 2009005389W WO 2010009896 A1 WO2010009896 A1 WO 2010009896A1
Authority
WO
WIPO (PCT)
Prior art keywords
license
component
user
application
input data
Prior art date
Application number
PCT/EP2009/005389
Other languages
German (de)
English (en)
Inventor
Mathias Dalheimer
Franz-Josef Pfreundt
Original Assignee
Fraunhofer-Gesellschaft zur Förderung der angewandten Forschung e. V.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fraunhofer-Gesellschaft zur Förderung der angewandten Forschung e. V. filed Critical Fraunhofer-Gesellschaft zur Förderung der angewandten Forschung e. V.
Publication of WO2010009896A1 publication Critical patent/WO2010009896A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/121Restricting unauthorised execution of programs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2115Third party
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2135Metering

Definitions

  • the present invention relates to a computer arrangement (hereinafter alternatively referred to as a computer network) with automated access control of and with automated access control to one or more application (s).
  • the present invention also relates to a corresponding access control and access control method.
  • a license of a computer of its own organization (user computer) and / or of a user within its own organization for accessing an application program or an application which is (s) on another computer, in particular on a resource computer, which is provided by another organization within the computer network, is understood. Licenses thus allow access to remotely installed applications.
  • the user uses licenses that are available outside of their own organization, ie the resource provider or a corresponding resource calculator.
  • the user brings own licenses to the resource provider or to the resource calculator.
  • a software or application is provided with a so-called node-lock license, ie the application is bound to a fixed computer and can only be used there.
  • This license form only permits on-site use, ie in
  • a second technical realization of licensing is the so-called floating license:
  • a central server is set up at the licensee and configured with the number of licenses or other specifications.
  • the application e.g., simulation or calculation software
  • queries at this central server whether a free license is currently available. If this is the case, this license can be used for the task currently being processed. If no free license is available, the task will not be processed.
  • a third form of licensing is known as "Named User”: In this case, access to an application is only permitted to certain users, whereby the application is often linked to the local user name.
  • a node-lock license is only available to resource providers who provide a fixed number of licenses for use in the grid.
  • a user can not submit his own license here.
  • the use of a floating license is possible in principle.
  • the license can either be at job start are obtained from a user or resource server license server, but with some limitations:
  • the license server must be reachable from the location of the calculation so that the license can be released when starting the job. Depending on the configuration of the network environment of the resource provider, this is not possible and can not be checked before starting the computing job.
  • the corresponding license server To start the calculation job, the corresponding license server must actually hold a license. If a job does not find a license, it will quit without performing the calculation. Under certain circumstances, the user thus loses the time that the job has been waiting in a batch queue. You may also be charged for reserving resources.
  • the object of the present invention to provide a computer arrangement for the automated access control and / or access control of applications, in which simple, fast, on exactly defined manner and with a high degree of protection against the evasion of access control or access control, the control of access to one or more applications by user computer connected to the computer arrangement or by users working on the computer arrangement is possible. It is also an object of the present invention to provide a corresponding automated access control and access control method.
  • a computer arrangement according to the invention with automated access control from an access control to an application has a user component, a license server component designed for bidirectional data exchange with the user component, and a resource component designed for bidirectional data exchange with the user component, which controls an application that is designed as part of an application or on which an application is installed.
  • a license descriptor can be generated on the basis of the user component on the basis of first input data for the application and / or of hardware features of the user component.
  • This license descriptor can then be transmitted to the license server component and can be checked by the latter as to whether the user component, a user and / or the first input data are authorized to access the application.
  • the license server component can then generate a license token which allows access to the application and can be transmitted to the user component.
  • the user component then enables the license token (or licensing information based thereon) and second input data for the application to be transmitted to the resource component.
  • the license token (or license information) is / are then represented by the resource component te and / or the application verifiable to whether the access authorization of the user component, the user and / or the second input data is given to the application. If this is the case, then the application can be the second transmitted
  • Use input data for example, perform calculations with these input data and return the results of these calculations back to the user component.
  • the first input data will be identical to the second input data (these data are therefore usually also referred to below as simplified input data without further specification).
  • the user first generates a license descriptor based on the first input data for the application, then transmits it to the license server component and then receives the license token generated on the basis of the first input data and transmitted back.
  • the user can then exchange the first input data (for example, if he determines that additional calculations are still necessary) with other input data (second input data) suitable for the application and then, together with the license token (of such an exchange in this case admits) to which the actual calculations carry out the resource component.
  • the computer arrangement according to the invention can be used in particular in the field of simulation of technical systems:
  • simulation of such systems eg in the simulation of medical X-ray systems or also therapy systems, for example radiation therapy systems
  • the virtual imaging of the corresponding technical system is often necessary.
  • systems require a large number of calculations (eg Monte Carlo simulation calculations or the like), which, so that the user does not have to wait too long for the calculation results, must be distributed over several individual resource components.
  • Hardware elements or be designed as software and hardware elements.
  • this is e.g. not limiting to the effect that the client must be designed as software and the server as hardware (for example, a client can be realized as a pure software solution, but it can also be a computer system with appropriately installed components, etc. ).
  • the individual components that is to say the user component (s), the resource component (s) and the license server component will each be installed on separate, separate individual computers (or designed as corresponding individual computers).
  • a user component and a resource component can be installed on a common user and resource computer.
  • the license server component and a resource component on a common license server and resource computer.
  • the license server component is on a license ver formed separately from the user and resource calculator.
  • at least one user component is then formed separately from the license server and resource computer on a separate individual computer, which is then connected via a network (for example the Internet) to the common license server and resource computer.
  • user component user computer, user, licensee, client, user client and user client;
  • License server component License server, license server, licensor and manufacturer of an application or software
  • resource component resource calculator, resource provider, resource provider, and calculation backend
  • the license tokens are advantageously generated as needed and stored in the respective files, ie, they can be transferred to other computers. It is, as will be described below, no fear of misuse. They are the following Implementation scenarios can be realized:
  • the license token is linked to an input file for an application.
  • the license preferably refers to the use of the application with exactly this input file (as described above, it is however also possible to obtain the license for use of the application with other, optionally exchanged or supplemented input data).
  • batch programs can be used as input files.
  • the inventive system can also be used for the dynamic allocation of floating licenses.
  • the license is not tied to an input file, but to the local hardware. For example, a user of a pre-processing tool for a simulation program for a
  • FIG. 1 shows a computer arrangement according to the invention, in which the user component, the license ver component and the resource component are each realized as separate individual computers (and therefore also be so called) in overview;
  • Figure 2 is an example of a license descriptor
  • FIG. 3 shows the architecture of a concretely implemented license service in a computer network according to the invention
  • FIG. 4 shows a concrete implementation of a license descriptor.
  • FIG. 1 shows an example of the basic structure of a computer network according to the invention with automated access control and access control.
  • the network has a user computer 1 embodied as a PC IPC (which forms the user component), which is designed for bidirectional data exchange with a license server 2 (which forms the license server component) designed as a PC 2PC (arrows above).
  • the user computer 1 is also designed for bidirectional data exchange with a resource calculator 3 designed as a PC 3PC, which forms the resource component (arrows at the bottom of the picture).
  • An application 4 is installed on the resource calculator, here a simulation program which performs simulation calculations on the basis of input data.
  • input data 5 are stored, which are designed so that the application 4 can be made with them to start a simulation calculation and to transmit the corresponding simulation results.
  • the user computer 1 From this input data 5, the user computer 1 generates a license descriptor 7. In the present case, this is done by the user computer 1 calculating a cryptographic code in the form of a hash code from the input data 5. This calculated code is then used together with user identification data that identifies the user's computer 1 and a user acting on it
  • the user computer 1 based on hardware features 6 of the user computer and / or information about the user Ia (for example, based on a CPU identification number of the CPU of the user's computer or a MAC address of the user computer) a cryptographic code in the form of a
  • this cryptographic code can then be combined with user identification data for the license descriptor.
  • data are added to the license descriptor which are necessary in order to enable the license server 2 to determine whether access authorization of the user computer (or of the user) to the application 4 is given for the corresponding input data 5.
  • the license descriptor 7 is then sent to the license server
  • the license server 2 which checks the above-described access authorization. If an appropriate access authorization is given (which the license server 2 can check, for example, on the basis of a previously stored table with user computer or customer data and data for the application 4), then the license server 2 cryptographically encrypts the license descriptor 7 with a secret key of a public key infra - Structure (for example, an X.509-based public key infrastructure) and forms by means of this encryption from the optionally suitably adapted or supplemented license descriptor 7 a license token 8. Since an appropriate access to the application 4 is given, is this license token 8 then transferred from the license server 2 back to the user computer 1.
  • a public key infra - Structure for example, an X.509-based public key infrastructure
  • the input data 5 'to be used for starting the simulation calculations by means of the application 4 is then based on the license token 8 License information 8 'connected and transmitted to the resource calculator 3.
  • the user of the user computer 1 provides those input data for starting the simulation process of the application 4, from which the hash code of the license descriptor was also calculated.
  • the license token 8 transmitted by the user computer 1 to the resource computer 3 is then checked by the application 4 in the resource computer 3 to determine whether access authorization of the input data 5 of the user computer 1 to the application 4 is given.
  • the license token 8 is first decrypted by the application by means of the public key of the above-mentioned public-key infrastructure (which has been made available by the license server and has already been stored in the resource computer 3) and then checked accordingly.
  • the resource calculator or by the application itself
  • This calculated in the resource calculator 3 hash code is then with the hash Code, which was transmitted in the license descriptor 7 first from the user computer 1 to the license server 2 and then in the encrypted license descriptor, ie in the license token 8, from the license server 2 via the user computer 1 to the resource computer 3. Only if these two hash codes match (and after successful decryption and verification of the license token 8 with the public key), the application 4 starts with the transmitted input data 5 their simulation calculation. The output data 9 (simulation results) calculated by the application from the input data 5 are then transmitted from the resource computer 3 to the user computer 1.
  • the bidirectional data transmission between the units 1, 2 and 3 takes place in the context of the computer network according to the invention via the Internet.
  • a local computer network intranet within an organization
  • the license descriptor 7 is also possible for the license descriptor 7 to be generated by the user computer 1 with a duration desired by the user for the license for the application 4.
  • the license descriptor 7 is then transmitted with this information to the license server 2, which determines whether a desired license period is possible (this can be done for example on the basis of a user account of a user 1 on the license server 2).
  • the license token 8 is then generated by the license server 2 with a correspondingly determined license duration.
  • the license duration is defined in such a way that ultimately a time window is transmitted to the resource computer 3, during which the application 4 can perform simulation calculations on the basis of the input data 5.
  • a secure implementation must be v.
  • A. Provide protection against tampering or prevent the reuse of keys for other calculations. This can be achieved, for example, simply by using an X.509-based Public Key Infrastructure (PKI):
  • PKI Public Key Infrastructure
  • the licensee creates a license descriptor for the input data by sending a cryptographic hash of the input data to the licensor.
  • the licensee also adds a descriptor to the request with further personal data (user identification data).
  • the licensor can then decide, for example, whether the licensee is already known and whether he can be granted the access rights. It may also be possible to transmit information on the type of license granted here.
  • the licensee 1 then transmits his data together with the license token 8 to a resource provider 3. Although he has installed, for example, the software of the licensor, but may have. even no license for it.
  • the job is started normally via a batch system.
  • the application now checks the license token with the help of the licensor's public key and thus has secured a precondition for the validity of the license. (Here it is checked whether the license token was actually issued by the license server, - the check whether the license subsequently also applies to this input data is carried out as described below.) Then it calculates the cryptographic hash of the input and compares it with the signed hash from the license token. This is possible because the license descriptor is transmitted with the user-generated hash to the license server, where it is adopted in the license token and then transmitted to the user and the resource computer. If these match, then there is a valid license for this input data and the calculation can start.
  • the license server thus checks whether the user Ia is allowed to use the application. In doing so, a license token dependent, for example, on the application data / input data is created. The user computer must check this license token to verify the existence of a license token ensure correct license for the given input data. The reason for this is that the resource calculator and the license server do not have any knowledge of each other, ie no communication to the outside must be made at the time the job starts.
  • the license check can be done purely with locally available data. Thus, in the present case, several conditions must be met for a license to be valid for the input data (test procedure performed by the application and / or the resource calculator):
  • the token refers to the input data (here: the hash codes match) and
  • CPU of the resource computer may be executed) are fulfilled.
  • This step may e.g. can also be integrated directly into the licensing preprocessing tools.
  • a kind of "archive" for the submission to a resource provider can be created, which contains not only the input data but also the license for the application. The licensee then only has to send this archive to the resource provider.
  • this licensing process has the advantage that the application checking the license from the input data itself. It is not necessary to maintain a permanent application license or to maintain a corresponding network configuration for each customer's license server. In the case of a failed job (eg due to computer failures), the provider can also independently restart the job without having to wait for a license.
  • the hash represents an identification of the user's computer, eg a combination of CPU ID, MAC address, etc.
  • the following deployment scenario is conceivable: The user would like to have a valid license for one week on his notebook, eg to be able to work independently of the network during a customer visit. He starts the license client on the notebook, whereupon he calculates a cryptographic hash from the hardware components of the notebook. Together with other data, such as the desired license period, a license descriptor is created, which can then be signed by the license server. This license token can then be saved in a file.
  • the license token is first checked for validity and then the current cryptographic hash is calculated from the hardware. If the two hashes match, the license conditions described in the license descriptor apply.
  • Network may require a user to return their license after use. Since it is generally not possible to communicate with the resource calculator on which the calculation is running, the return can only be indirect. To do this, the license will be issued for a longer time than the job really needed. After the calculation has expired, the application logs the used computing time.
  • This logging can be included as an additional field in the license token and provided with the signature of the application binaries. Together with the output data of the application, the license token is transferred back to the user. There, the license client can restore the changed license token. Send back to the license server.
  • the license server checks the signature for the computation time. If the signature is correct, the unused computation time is transferred back to the user's account.
  • the licensing service consists of the already mentioned components User Client (on User Computer 1), License Server 2 and License Checker (part of Resource Calculator 3).
  • a messaging service is required for the communication.
  • the underlying application consists of a user component and a calculation backend and the license is to be bound to an input file.
  • the components are displayed individually, followed by the communication protocol. An overview of the components used is given in FIG. 3.
  • the user client The user client:
  • the user client is a software component that can be integrated directly into the end-user application.
  • the purpose of the user client is to request a license key from the license server for a given input record.
  • the input data set is first characterized by a hash.
  • further information regarding the application must be compiled, eg how many CPUs are used should be.
  • An example of a license descriptor is shown in Figure 4. The internal flow of the user's client looks like this:
  • Clients are charged a specific cryptographic hash from the input data.
  • the license descriptor is compiled. To determine the identity of the user, the license descriptor is provided with a digital signature.
  • the license descriptor is packaged with the signature in a request and sent to the license server.
  • the server's response contains an encrypted license token.
  • the client asks the server again for the decryption key. With this the client decrypts the license token.
  • the license token is stored in a file and made available to the user.
  • the license server If unused computation times are to be reversed, the modified license token is sent back to the license server after the computation has been completed. If an error occurs, the user will be notified.
  • the license server :
  • the license server is a daemon that constantly waits for and answers incoming license requests.
  • a valid license token is created by providing the license descriptor with the signature of the server from the user's client. The internal process looks like this:
  • the received license descriptor is opened and the identity of the user is checked by means of his digital signature.
  • the request is authenticated, i. It is clear to whom the license request is to be assigned.
  • the user must be authorized, i. Based on a customer database, etc., it is decided whether the user may even request this license. Details of the requested license terms (for example number of CPUs, calculation modules) can be checked. This functionality is encapsulated in a separate license management plugin.
  • the license descriptor is signed with the secret key of the license server.
  • the server assigns a symmetric key for this request and encrypts the license token with it.
  • the license token will now be returned.
  • the server is waiting for the client's request for the key. If this request comes in, the server knows that the license token has arrived at the client. The server responds with the key to unlock the license. The license server's answer adds a signature to the license descriptor if the license is valid. This license token certifies the validity of a license under the terms specified in the license descriptor.
  • the license client wants to return a signed license token after the end of the calculation job, it will be evaluated with regard to the used computing time.
  • This component is integrated directly into the calculation bucket. Your job is to check the validity of a license token. For this the following steps are carried out:
  • the license token is opened and the signature of the license server is checked for validity.
  • the hash of the input data is calculated and compared with the value in the license descriptor. If all checks are successful, the license for this input record is valid.
  • the license examiner only has to know the public key of the license server. It is not necessary to establish network connections to the license server - the license descriptor can be checked locally. After the calculation has expired, the license examiner can document and sign the used up processing time in the license token. The token can then be copied back to the user with the results.
  • the license server and the user client exchange only compact messages, it is not necessary to exchange larger amounts of data. It is therefore possible to handle the communication via a messaging queue.
  • Several physical license servers can be linked to a logical one to increase the reliability.
  • only the messaging queue needs to be made accessible via the Internet so that no direct attacks on the license servers are possible.
  • the key encrypts the license token symmetrically. After the client has received the encrypted license token, he asks the license server for the corresponding key again. He specifies a transaction number that was transmitted by the server in the same data package as the license token. If the request for the key has been received by the server with the correct transaction number, then the license can be finally calculated.
  • the message with the key of the server can also be lost.
  • the client can display to the user a message with the transaction number - with this the user can then contact the licensor and request the activation key.

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

L'invention concerne un réseau d'ordinateurs à gestion d'accès automatisée d'une application et contrôle d'accès automatisé à une application. Le réseau d'ordinateurs selon l'invention comprend un ordinateur utilisateur (1), un serveur de licence (2) conçu pour l'échange de données bidirectionnel avec l'ordinateur utilisateur, ainsi qu'un ordinateur de ressources (3) qui est conçu pour l'échange de données bidirectionnel avec l'ordinateur utilisateur et sur lequel une application (4) peut être et/ou est installée. Un descripteur de licence (7) peut être généré sur l'ordinateur utilisateur sur la base de premières données d'entrée (5) pour l'application et/ou de caractéristiques matérielles (6) de l'ordinateur utilisateur. Ce descripteur de licence peut être transmis au serveur de licence qui peut vérifier s'il existe une autorisation d'accès de l'ordinateur utilisateur et/ou des premières données d'entrée (5) à l'application. Si cette autorisation d'accès existe, le serveur de licence peut générer un jeton de licence (8) permettant l'accès à l'application et le transmettre à l'ordinateur utilisateur. Le jeton de licence ou des informations de licence (8') se basant sur ce jeton ainsi que des deuxièmes données d'entrée (5') pour l'application peuvent être transmis par l'ordinateur utilisateur à l'ordinateur de ressources, l'ordinateur de ressources et/ou l'application pouvant vérifier le jeton de licence ou les informations de licence pour savoir si l'ordinateur utilisateur et/ou les deuxièmes données (5') possèdent l'autorisation d'accès à l'application.
PCT/EP2009/005389 2008-07-24 2009-07-24 Système d'ordinateurs à gestion d'accès automatisée d'une application et contrôle d'accès automatisé à une application, ainsi que procédé de gestion et de contrôle d'accès correspondant WO2010009896A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE102008034492.3 2008-07-24
DE102008034492A DE102008034492A1 (de) 2008-07-24 2008-07-24 Rechneranordnung mit automatisierter Zugriffssteuerung von einer und Zugriffskontrolle auf eine Applikation sowie entsprechendes Zugriffssteuerungs- und Zugriffskontrollverfahren

Publications (1)

Publication Number Publication Date
WO2010009896A1 true WO2010009896A1 (fr) 2010-01-28

Family

ID=41259446

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2009/005389 WO2010009896A1 (fr) 2008-07-24 2009-07-24 Système d'ordinateurs à gestion d'accès automatisée d'une application et contrôle d'accès automatisé à une application, ainsi que procédé de gestion et de contrôle d'accès correspondant

Country Status (2)

Country Link
DE (1) DE102008034492A1 (fr)
WO (1) WO2010009896A1 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3062255A1 (fr) * 2015-02-25 2016-08-31 Siemens Aktiengesellschaft Homologation de produits logiciels
US20210319896A1 (en) * 2020-04-14 2021-10-14 Drägerwerk AG & Co. KGaA System, medical devices, network components, devices, processes and computer programs for medical devices and for network components

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5204897A (en) * 1991-06-28 1993-04-20 Digital Equipment Corporation Management interface for license management system
WO2004086264A1 (fr) * 2003-03-21 2004-10-07 Deutsche Telekom Ag Procede et systeme de communication pour homologuer une unite de traitement de donnees
US20060004668A1 (en) * 2004-07-01 2006-01-05 Hamnen Jan H Method of distributing electronic license keys
EP1626323A2 (fr) * 2004-08-11 2006-02-15 Andreas Hopp contrôle d'accès et protection contre la copie

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100834752B1 (ko) * 2006-02-17 2008-06-05 삼성전자주식회사 컨텐츠의 라이센스를 전달하기 위한 장치 및 방법

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5204897A (en) * 1991-06-28 1993-04-20 Digital Equipment Corporation Management interface for license management system
WO2004086264A1 (fr) * 2003-03-21 2004-10-07 Deutsche Telekom Ag Procede et systeme de communication pour homologuer une unite de traitement de donnees
US20060004668A1 (en) * 2004-07-01 2006-01-05 Hamnen Jan H Method of distributing electronic license keys
EP1626323A2 (fr) * 2004-08-11 2006-02-15 Andreas Hopp contrôle d'accès et protection contre la copie

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3062255A1 (fr) * 2015-02-25 2016-08-31 Siemens Aktiengesellschaft Homologation de produits logiciels
US20210319896A1 (en) * 2020-04-14 2021-10-14 Drägerwerk AG & Co. KGaA System, medical devices, network components, devices, processes and computer programs for medical devices and for network components

Also Published As

Publication number Publication date
DE102008034492A1 (de) 2010-01-28

Similar Documents

Publication Publication Date Title
DE112011101729B4 (de) Verwaltung von Ressourcenzugriff
DE102007033615B4 (de) Verfahren und Vorrichtung zum Umwandeln von Authentisierungs-Token zur Ermöglichung von Interaktionen zwischen Anwendungen
EP2159653B1 (fr) Procédé de concession d'une justification d'accès sur un objet informatique dans un système d'automatisation, programme informatique et système d'automatisation
DE102011089580B3 (de) Verfahren zum Lesen von Attributen aus einem ID-Token
DE112011100182T5 (de) Transaktionsprüfung für Datensicherheitsvorrichtungen
DE112018005203T5 (de) Authentifizierung unter Verwendung von delegierten Identitäten
DE102011084728B4 (de) Verfahren zum Starten einer externen Applikation und bidirektionaler Kommunikation zwischen einem Browser und einer externen Applikation ohne Browsererweiterungen
DE112013007160T5 (de) Entwicklungsumgebungssystem, Entwicklungsumgebungsvorrichtung, Entwicklungsumgebungsbereitstellungsverfahren und Programm
DE112010004135T5 (de) Sicherung Asynchroner Client-Server-Transaktionen
EP3245607B1 (fr) Procédé de lecture d'attributs à partir d'un jeton d'identité
EP3763089B1 (fr) Procédé et système de contrôle pour le contrôle et/ou la surveillance d'appareils
EP3743844B1 (fr) Système d'identité basé sur chaînes de blocs
DE602005003631T2 (de) Ausschluss der Passwortaufdeckung bei Attributzertifikatausgabe
DE102011077218A1 (de) Zugriff auf in einer Cloud gespeicherte Daten
DE112021002747T5 (de) Sicheres wiederherstellen von geheimen schlüsseln
DE112023000299T5 (de) Verwalten eindeutiger geheimnisse in verteilten systemen
EP3767513B1 (fr) Procédé de mise en uvre sécurisée d'une signature à distance ainsi que système de sécurité
DE202020005753U1 (de) Verwalten von Benutzeridentitäten in einem verwalteten Multi-Tenant-Dienst
WO2010009896A1 (fr) Système d'ordinateurs à gestion d'accès automatisée d'une application et contrôle d'accès automatisé à une application, ainsi que procédé de gestion et de contrôle d'accès correspondant
EP3244331B1 (fr) Procédé de lecture d'attributs à partir d'un jeton d'identification
EP3298526B1 (fr) Procédé de lecture d'attributs à partir d'un jeton d'identification
DE102021130811A1 (de) Blockchain-selektive world-state-datenbank
EP2923264B1 (fr) Procede et systeme pour l'installation d'application dans un élément de sécurité
EP3244332B1 (fr) Procédé de lecture d'attributs à partir d'un jeton d'identification
DE10215746B4 (de) Verfahren und Anordnung sowie Computerprogramm mit Programmcode-Mitteln und Computerprogramm-Produkt zur Autorisierung eines mobilen Agenten in einem Kommunikationsnetz

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 09777426

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 09777426

Country of ref document: EP

Kind code of ref document: A1