WO2013150186A1 - Secure method for remote grant of operating rights - Google Patents

Secure method for remote grant of operating rights Download PDF

Info

Publication number
WO2013150186A1
WO2013150186A1 PCT/FI2013/050362 FI2013050362W WO2013150186A1 WO 2013150186 A1 WO2013150186 A1 WO 2013150186A1 FI 2013050362 W FI2013050362 W FI 2013050362W WO 2013150186 A1 WO2013150186 A1 WO 2013150186A1
Authority
WO
WIPO (PCT)
Prior art keywords
trusted
key
key device
locking device
locking
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/FI2013/050362
Other languages
English (en)
French (fr)
Inventor
Veikko Ylimartimo
Mikko KORKALA
Juho JUOPPERI
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tosibox Oy
Original Assignee
Tosibox Oy
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tosibox Oy filed Critical Tosibox Oy
Priority to MX2014012002A priority Critical patent/MX352041B/es
Priority to KR1020147031032A priority patent/KR101524659B1/ko
Priority to ES13772027.2T priority patent/ES2635556T3/es
Priority to CA2869110A priority patent/CA2869110C/en
Priority to DK13772027.2T priority patent/DK2834938T3/en
Priority to CN201380018278.5A priority patent/CN104365056B/zh
Priority to JP2015503907A priority patent/JP5795696B2/ja
Priority to US14/390,153 priority patent/US9385870B2/en
Priority to BR112014024934A priority patent/BR112014024934A2/pt
Priority to EP13772027.2A priority patent/EP2834938B1/en
Priority to IN9022DEN2014 priority patent/IN2014DN09022A/en
Priority to AU2013244872A priority patent/AU2013244872B2/en
Publication of WO2013150186A1 publication Critical patent/WO2013150186A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3268Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/2803Home automation networks
    • H04L12/2816Controlling appliance services of a home automation network by calling their functionalities
    • H04L12/2818Controlling appliance services of a home automation network by calling their functionalities from a device located outside both the home and the home network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0272Virtual private networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/126Applying verification of the received information the source of the received data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal

Definitions

  • the invention relates to a secure allocation procedure of operational rights to be utilized in a remote control method and remote control system of actuators in a property.
  • Remote-controllable devices and systems are increasingly being installed in properties and homes.
  • the purpose of the systems is to secure and/or maintain such conditions in properties that living in them is both safe and pleasant.
  • the remote control device pair of the arrangement forms a predetermined unique device pair or a device group, which identify each other in the network. Due to the identification method the key device carried along by the user or a computer program installed in some data processing device, which computer program implements the functions of the key device, establishes a network connection only with its own unique locking device, and a corresponding connection cannot be estab- lished with any other network device. Thus, the key device serves as a strong safety key to the "network doors" of the property.
  • the current IP addresses of the locking device and the key device are maintained in the remote control network server belonging to the arrangement, which IP addresses are used for establishing a connection between said devices. Thanks to the utilized connection establishing methods both of said devices can be connect- ed to some private, non-public network, and they can still establish among themselves a secure data transfer connection over the Internet. It is enough for establishing the data transfer connection over the Internet between the mobile key device and the fixed installed locking device that said devices at some point in the established connection also obtain a public IP address, even though simultane- ously the locking device and the key device only have non-public IP addresses.
  • the remote control network server does not participate in the establishing of the actual data transfer connection after it has sent the IP addresses of the devices to be available for the devices.
  • the same key device may control several separate remote control objects via several separate locking devices. Changes of the mutual control relationship between these locking devices are not possible.
  • a certain locking device can not be assigned as a master device for another locking device, which would serve as the slave locking device of the locking device serving as the master device.
  • Object(s) of the invention :
  • An object of the invention is to provide a new allocation procedure of operational rights of either a new key device or locking device, utilized in the remote control arrangement of properties that can be realized through remote access to the locking device/devices.
  • the objects of the invention are achieved by a procedure where the certificate of the key device is transferred from the utilized data processing device through data transfer network to the locking device(s) signed with a valid private PKI key (Public Key Infrastructure) of the key device, whereafter both the PKI key and the certificate of the new key device received in the locking device(s) are identified, whereafter the addition or change of the operational right determined for the new, Identified key device is realized in the locking device.
  • PKI key Public Key Infrastructure
  • An advantage of the method and arrangement according to the invention is that allocation of operational rights for a new key device can be performed without the need to connect the new key device physically to the target locking device.
  • an advantage of the invention is that the mutual control relationships of several locking devices subordinated to the key device can be altered through re- mote access.
  • a trusted key device transmits a message encrypted with a private encryption key of a trusted key device to at least one locking device, the message comprising the certificate of the trusted key device and the certificate of at least one other device, with which the receiving locking device shall establish a trusted relationship, and definitions of measures done in establishing the trusted relationship - a locking device opens and confirms with the known public encryption key of the trusted key device the authenticity of the sender of the message received by it
  • the locking device establishes a trusted relationship with at least one other device stated in the message.
  • the processor, memory and computer software code saved in it, according to the invention, are characterized in that the key device is configured
  • a trusted key device a message encrypted with a private encryption key of the trusted key device to at least one locking device, the message comprising a certificate of the trusted key device and a certificate of at least one other device, with which a receiving locking device shall establish a trusted relationship, and the definitions of measures done in establishing the trusted relation- ship
  • - code means for transmitting from a key device a message encrypted with a private encryption key of the trusted key device to at least one locking device, the message comprising a certificate of the trusted key device and a certificate of at least one other key device or one other locking device, with which the receiving locking device shall establish a trusted relationship, and definitions of measures done in establishing the trusted relationship, and
  • both devices determine routing information of the devices from their location network all the way to a network terminal connected to the Internet, which routing information is needed for establishment of the connection.
  • This routing information is stored in a remote control network server, connected to the Internet.
  • the key device can be connected to some data transfer device, which is able to establish a data transfer connection to the Internet.
  • Possible data transfer devices are for example a PC, a tablet computer or a smart phone.
  • the computer program implementing the functions of the key device is saved on a portable data storage means, for example a USB stick, from which the computer program to be utilized in remote control can, when required, be installed into a suitable' data processing device.
  • the computer program installed in the data processing device performs the necessary functions of the key device.
  • the USB key device is connected to a data transfer device connected to the local network.
  • the USB key device first determines its own routing through different subnetworks to the remote control network server. When the routing is determined, the current routing information of the USB key device is saved in the remote control network server according to the invention.
  • both the already operating USB key device and a new USB key device to be introduced are connected to the used data transfer device.
  • the locking devices controlled by the operating USB key device are shown on the screen of the used data processing device. From this list the user selects the locking devices as a key of which the new USB key device to be connected to the system is to serve. After the selection, a request message for establishing a trusted relationship, confirmed with the certificate of the already operating USB key device is sent to the selected locking devices, encrypted with a private PKI key of a trusted USB key device. Each locking device opens the received message with a public PKI key of a trusted USB key device.
  • each locking device checks that the received certificate corresponds to the certificate of the USB key device paired with it and which certificate is thus known. If the identification is successful, the certificate of the new USB key device that was delivered with the certificate of the trusted USB key device and its public PKI key are saved in the respective locking device. A message about success of identification and establishment of a trusted relationship is sent to the USB key device that sent the message, which key device saves, based on the received message, the certificate of the known locking device in the memory of the new USB locking device. Thereaf- ter, the respective locking device can be controlled with both USB key devices.
  • Figure 1 shows an example of a remote control arrangement, wherein a two-way data transfer connection can be established between a client device handling remote control and an individual control or management device of a property
  • Figure 2 shows as an exemplary flow chart, how operational rights are allocated for a new key device
  • Figure 3 shows as an exemplary flow chart, how a virtual private network is es- tablished between two locking devices
  • FIG. 4 shows by way of example a USB key device according to the invention
  • FIG 1 shows an advantageous embodiment 1 of the remote control system.
  • a data transfer connection is established, utilizing a data processing device 32, to one locking device 61 located in a property elsewhere.
  • the USB key device 32 can, however, advantageously operate also with separate locking devices (not shown in Figure 1 ) located in two or more properties.
  • the Internet is referred to with reference 2.
  • Some public network or an intranet, reference 3, is also connected to the Internet 2.
  • the network 3 may be a fixed or a wireless data transfer network.
  • a client device 32 implementing remote control joins the network 3.
  • the USB key device 34 is connected to the USB port 33 of the client de- vice.
  • the house intranet in the property to be remote-controlled is designated with reference 5 in Figure 1.
  • Exemplary data processing devices, references 55 and 56, are connected to the house intranet network 5.
  • another data transfer net- work 6, a house control intranet is connected to the house intranet network 5.
  • Actuators 62-65 to be remote-controlled in the property are connected to the home control intranet 6 either with a wireless data transfer connection or a cable connection.
  • the USB key device 34 and the locking device 61 need each other's routing information through the Internet 2, in order to be able to establish between them an end-to-end data transfer connection based on the data link layer or network layer, in the example of Figure 1 , a VPN data transfer connection 41.
  • the determined real time routing information is saved by both the USB key device 34 and the locking device 61 in a remote control network server 21 on the Internet via connection 42.
  • the USB key device 34 and the locking device 61 must determine their actual network path from their own network at least up to the Internet 2. This network path determination can be made in several known ways, which the USB key device 34 and the locking device 61 advantageously are able to utilize.
  • the NAT firewalls 31 (FW2) and 51 (FW1 ) which separate the local networks from the Internet, are advantageously not limiting the outgoing UDP traffic (User Datagram Protocol).
  • UDP traffic User Datagram Protocol
  • firewalls 31 and/or 51 limit the outgoing traffic at least in some connection procedures
  • the firewalls can be passed by using suitable other traffic protocols and by means thereof a data transfer connection can be es- tablished between the USB key device 34 and the locking device 61.
  • both devices 34 and 61 retrieve from the remote control network server 21 the routing information saved therein by the counterpart device via the data transfer connection 42.
  • the remote control network server 21 checks that it is really a question of an allowed USB key device - locking device pair. Thereafter, by means of the retrieved routing information the USB key device 34 and the locking device 61 establish a direct VPN connection 41 between them.
  • a data processing device 32 in the data transfer network 3 can make a connection with one or more devices 62, 63, 64 or 65 in the house control network 6.
  • Figure 2 shows as an exemplary flow chart, how an existing USB key device is utilized in establishing the operational rights, so called trusted relationship, of a parallel new USB key device.
  • these key devices are referred to as USB key device 1 and USB key device 2.
  • the USB key device 1 may also be referred to with the reference number 34 of Figure 1.
  • messages encrypted with a private PKI key are utilized (public cryptographic key method).
  • the devices send to each other messages encrypted with an own private PKI key, which messages can be opened by the receiving device with the known public PKI key of the sending device.
  • step 250 the locking device 61 establishes the requested trusted relationship with the new USB key device 2 and therefore saves the certificate of the USB key device 2 in its memory. Thereafter, the locking device 61 sends a confirmation of the formed trusted relationship to the USB key device 1.
  • step 260 the USB key device 1 first receives the message about establishing the trusted relationship, sent by the locking device 61 , and after that saves the certificate of the known locking device 61 in the memory of the USB key device 2. After this the USB key device 2 can serve as the key device of the locking device 61 , step 270.
  • FIG 3 shows as an exemplary flow chart, how an existing USB key device is utilized when establishing a trusted relationship between two separate locking devices, which locking devices have an existing trusted relationship with the same USB key device.
  • the key devices are referred to as USB key device and the locking devices as locking device 1 and locking device 2.
  • the USB key device may also be referred to with the reference number 34 of Figure 1.
  • the establish- ment method of a trusted relationship is based on use of private and public PKI keys (public cryptographic key method). Both the key device and the locking devices 1 and 2 send to each other messages signed with their private PKI key, the receiving device being able to open with the respective known public PKI key of the sending device.
  • the receiving device verifies with the certificate of the send- ing device related to the message that the message was truly sent by the signed trusted device. :
  • Step 300 describes a situation where the remote control arrangement is in working order and in use.
  • the locking devices 1 and 2 are connected to the remote control system 1.
  • the locking devices 1 and 2 are constantly prepared to receive messages either from their USB key device 34 (USB key device) or from the remote control network server 21 , shown in Figure 1.
  • step 3 0 the establishment of a trusted relationship is started between locking devices 1 and 2.
  • the establishment procedure of a trusted relationship is started, when the USB key device is connected to the USB port of the data processing device 32, by using of which key device it is desired to establish a trusted relationship between locking devices 1 and 2.
  • the software utilized in the remote control of the locking devices is activated with the data processing device 32.
  • the software may be pre-installed in the data processing device 32, or the data processing device starts execution of said program in the USB key device.
  • all locking devices with which the respective USB key device has been paired (that is, there is a trusted relationship between them), are displayed on the screen of the data processing device 32.
  • the locking device 1 and locking device 2 are selected, between which it is required to establish a trusted relationship.
  • the character of the trusted relationship is determined, that is, the way in which the locking devices will later establish networks with each other.
  • the aim of establishing a trusted relationship is to establish a VPN data transfer connection between locking devices 1 and 2.
  • the message for the locking device 1 serving later as a server can preferably be formed as follows:
  • the remote control software operating in the data processing device 32 sends to the locking devices 1 and 2 messages formed about establishing a trusted relationship, which messages are encrypted with a private PKI key of the USB key device.
  • the locking devices 1 and 2 first receive the message about establish- ing a trusted relationship sent by the USB key device to the respective locking device.
  • the locking devices check that the signature of the sending USB key device corresponds to the signature of the USB key device in their memory. After this the locking devices read also the certificate of the other locking device included in the message.
  • step 350 the locking devices 1 and 2 establish the required trusted relationship between themselves and therefore save each other's certificates in their own memories. Thereafter, the locking devices send a confirmation of the formed trusted relationship also to the USB key device.
  • step 360 the locking device 1 and locking device 2 form by means of known certificates- of the counterpart a VPN network between themselves, where the locking device 1 serves as the server device (master device).
  • the establishment process of a VPN private network between two locking devices is similar to what is disclosed in connection with Figure 1 , where the VPN private network is established between one USB key device and one locking device.
  • All the process steps shown in Figures 2 and 3 can be realized with computer program commands, which are executed in a suitable general-purpose or special- purpose processor.
  • the computer commands can be stored in a computer- readable medium, such as a data disc or a memory, from where the processor can retrieve said computer program commands and run them.
  • the references to a computer-readable medium can for example also contain special components, such as programmable USB Flash memories, logic arrays (FPLA), application- specific integrated circuits (ASIC) and signal processors (DSP).
  • FIG. 4 shows functional main parts of the USB key device 34.
  • the USB key device 34 can comprise one or several cryptoprocessors 342.
  • Processor or processor means can comprise an arithmetic logic unit, a group of different registers and control circuits.
  • the cryptoprocessor 342 advantageously comprises an internal memory unit, in which an individual private cryptographic key 3421 is stored.
  • programs stored in the memory of the remote control key device 34 are an operating system (e.g. Linux), TCP/IP programs, a VPN program (e.g. OpenVPN), a DHCP client device/server program (e.g. ISC DHCP), a database program (e.g. SQLite), a certificate management/confirmation program (e.g. GPG) and a user interface library (e.g. LuCI).
  • an operating system e.g. Linux
  • TCP/IP programs e.g. OpenVPN
  • a DHCP client device/server program e.g. ISC DHCP
  • database program e.g. SQLite
  • certificate management/confirmation program e.g. GPG
  • a user interface library e.g. LuCI
  • the USB key device 34 also comprises interface elements, which comprise an input/output or input/output means 343 for receiving or sending information.
  • the information received with the input means is transferred to be processed by the processor means 342 of the remote control key device 34.
  • the interface elements 343 of the USB key device 34 are advantageously used to transfer information from the memory 342 of the USB key device 34 either to an external data processing device 32 or to the locking device 61 (in example of- Figure 1 ).
  • information or commands can be received via the interface elements for example from the data processing device 32, to which the USB key device 34 is connected.
  • levels of operational rights there are at least two levels of the above- described USB key devices 34, for example administrator and basic user level key devices.
  • a user/owner e.g.
  • an administrator of a higher operational right level has control right over all control targets of users (such as basic users) of remote control key devices 4 on a lower level (such as basic users).
  • An owner of a lower level key device operational right level does on the other hand not have access to any other control target of higher operational right level than his own targets.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Automation & Control Theory (AREA)
  • Lock And Its Accessories (AREA)
  • Selective Calling Equipment (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Telephonic Communication Services (AREA)
  • Computer And Data Communications (AREA)
PCT/FI2013/050362 2012-04-05 2013-04-03 Secure method for remote grant of operating rights Ceased WO2013150186A1 (en)

Priority Applications (12)

Application Number Priority Date Filing Date Title
MX2014012002A MX352041B (es) 2012-04-05 2013-04-03 Método seguro para concesión remota de los derechos de operación.
KR1020147031032A KR101524659B1 (ko) 2012-04-05 2013-04-03 운영 권리들의 원격 승인을 위한 보안 방법
ES13772027.2T ES2635556T3 (es) 2012-04-05 2013-04-03 Método seguro para la concesión remota de derechos de funcionamiento
CA2869110A CA2869110C (en) 2012-04-05 2013-04-03 Secure method for remote grant of operating rights
DK13772027.2T DK2834938T3 (en) 2012-04-05 2013-04-03 Safe procedure for remote allocation of operating rights
CN201380018278.5A CN104365056B (zh) 2012-04-05 2013-04-03 用于操作权的远程授予的安全方法和设备
JP2015503907A JP5795696B2 (ja) 2012-04-05 2013-04-03 操作の権利をリモート付与するためのセキュアな方法
US14/390,153 US9385870B2 (en) 2012-04-05 2013-04-03 Secure method for remote grant of operating rights
BR112014024934A BR112014024934A2 (pt) 2012-04-05 2013-04-03 método seguro para a concessão remota de direitos de operação
EP13772027.2A EP2834938B1 (en) 2012-04-05 2013-04-03 Secure method for remote grant of operating rights
IN9022DEN2014 IN2014DN09022A (https=) 2012-04-05 2013-04-03
AU2013244872A AU2013244872B2 (en) 2012-04-05 2013-04-03 Secure method for remote grant of operating rights

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
FI20120110 2012-04-05
FI20120110A FI124237B (fi) 2012-04-05 2012-04-05 Tietoturvallinen etäyhteydellä suoritettava toimintaoikeuden myöntömenettely

Publications (1)

Publication Number Publication Date
WO2013150186A1 true WO2013150186A1 (en) 2013-10-10

Family

ID=49300050

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/FI2013/050362 Ceased WO2013150186A1 (en) 2012-04-05 2013-04-03 Secure method for remote grant of operating rights

Country Status (15)

Country Link
US (1) US9385870B2 (https=)
EP (1) EP2834938B1 (https=)
JP (1) JP5795696B2 (https=)
KR (1) KR101524659B1 (https=)
CN (1) CN104365056B (https=)
AU (1) AU2013244872B2 (https=)
BR (1) BR112014024934A2 (https=)
CA (1) CA2869110C (https=)
DK (1) DK2834938T3 (https=)
ES (1) ES2635556T3 (https=)
FI (1) FI124237B (https=)
IN (1) IN2014DN09022A (https=)
MX (1) MX352041B (https=)
PL (1) PL2834938T3 (https=)
WO (1) WO2013150186A1 (https=)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3197101A4 (en) * 2014-09-19 2017-07-26 Panasonic Intellectual Property Management Co., Ltd. Connection method, connection system, portable terminal, and program
EP3595247A4 (en) * 2017-03-31 2020-06-10 Huawei Technologies Co., Ltd. IDENTITY AUTHENTICATION METHOD AND SYSTEM, SERVER AND TERMINAL

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9124434B2 (en) * 2013-02-01 2015-09-01 Microsoft Technology Licensing, Llc Securing a computing device accessory
KR101983481B1 (ko) * 2014-08-25 2019-08-28 가부시키가이샤 리코 전자 디바이스 및 접속 방법
US10674339B2 (en) * 2015-10-27 2020-06-02 Sony Corporation Information processing device and information processing method
CN105931331A (zh) * 2016-04-20 2016-09-07 上海斐讯数据通信技术有限公司 一种基于光通信的智能锁及开锁方法
US12231892B2 (en) 2017-09-27 2025-02-18 Ubiquiti Inc. Systems for automatic secured remote access to a local network
US11258764B2 (en) * 2017-09-27 2022-02-22 Ubiquiti Inc. Systems for automatic secured remote access to a local network
US10796029B2 (en) 2017-11-30 2020-10-06 International Business Machines Corporation Software controlled port locking mechanisms
CN109949461B (zh) * 2019-03-15 2021-01-01 北京深思数盾科技股份有限公司 开锁方法及装置
CN113347168B (zh) * 2021-05-26 2022-10-11 北京威努特技术有限公司 一种基于零信任模型的防护方法及系统
US12407512B2 (en) 2022-12-21 2025-09-02 Microsoft Technology Licensing, Llc Securing a computing device accessory

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050120204A1 (en) * 2003-12-01 2005-06-02 Gary Kiwimagi Secure network connection
JP2010086175A (ja) * 2008-09-30 2010-04-15 Dainippon Printing Co Ltd リモートアクセス管理システム及び方法
US20100125894A1 (en) * 2008-11-19 2010-05-20 At&T Intellectual Property I, L.P. Systems, methods and computer program products that facilitate remote access of devices in a subscriber network
JP2010134749A (ja) * 2008-12-05 2010-06-17 Mitsubishi Electric Corp アクセス制御システムおよびアクセス制御方法

Family Cites Families (23)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
NO314530B1 (no) * 2000-02-25 2003-03-31 Ericsson Telefon Ab L M Trådlös reservering, innsjekking, tilgangskontroll, utsjekking og betaling
JP4389366B2 (ja) * 2000-08-11 2009-12-24 株式会社デンソー 電子制御装置
CA2324679A1 (en) * 2000-10-26 2002-04-26 Lochisle Inc. Method and system for physical access control using wireless connection to a network
US6854010B1 (en) * 2001-04-05 2005-02-08 Bluecube Software, Inc. Multi-location management system
US7389530B2 (en) * 2003-09-12 2008-06-17 International Business Machines Corporation Portable electronic door opener device and method for secure door opening
JP2005123996A (ja) * 2003-10-17 2005-05-12 National Institute Of Information & Communication Technology デバイス間において認証用情報を委譲する情報処理方法及び情報処理システム
JP4648148B2 (ja) * 2005-09-30 2011-03-09 富士通株式会社 接続支援装置
US20080048826A1 (en) * 2006-08-10 2008-02-28 Kavita Agrawal System and method for controlling, configuring, and disabling devices in a healthcare system
US20080103813A1 (en) * 2006-10-12 2008-05-01 Kavita Agrawal System and method for portable safeguard context in a patient's room
US8387124B2 (en) * 2007-03-15 2013-02-26 Palo Alto Research Center Incorporated Wormhole devices for usable secure access to remote resource
US7391298B1 (en) 2007-05-09 2008-06-24 Gewa, Llc Wireless system for monitoring and reacting to events at a remote location
US20090030718A1 (en) * 2007-09-28 2009-01-29 Rick Robert Bengson System and method for automatic acquisition and distribution of information in a real estate context
CA2990331C (en) * 2007-12-31 2020-06-16 Schlage Lock Company Mesh network security system gateway and method
GB2466071B (en) * 2008-12-15 2013-11-13 Hewlett Packard Development Co Associating a signing key with a software component of a computing platform
US8120460B1 (en) * 2009-01-05 2012-02-21 Sprint Communications Company L.P. Electronic key provisioning
US11042816B2 (en) * 2009-10-30 2021-06-22 Getaround, Inc. Vehicle access control services and platform
EP2393266A1 (en) * 2010-06-02 2011-12-07 Deutsche Telekom AG Method and system for providing a user equipment with acces control to a remotely controllable device
CN103026682A (zh) 2010-06-16 2013-04-03 德尔斐系统有限公司 无线装置启动锁定系统
US8670752B2 (en) * 2010-09-24 2014-03-11 At&T Intellectual Property I, L.P. Providing integrated service-entity premium communication services
US8972746B2 (en) * 2010-12-17 2015-03-03 Intel Corporation Technique for supporting multiple secure enclaves
CN102255730A (zh) * 2011-07-11 2011-11-23 吴沙林 数字证书安全锁装置、数字证书认证系统及方法
US8947200B2 (en) * 2011-11-17 2015-02-03 Utc Fire & Security Corporation Method of distributing stand-alone locks
US9710982B2 (en) * 2011-12-23 2017-07-18 Microsoft Technology Licensing, Llc Hub key service

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050120204A1 (en) * 2003-12-01 2005-06-02 Gary Kiwimagi Secure network connection
JP2010086175A (ja) * 2008-09-30 2010-04-15 Dainippon Printing Co Ltd リモートアクセス管理システム及び方法
US20100125894A1 (en) * 2008-11-19 2010-05-20 At&T Intellectual Property I, L.P. Systems, methods and computer program products that facilitate remote access of devices in a subscriber network
JP2010134749A (ja) * 2008-12-05 2010-06-17 Mitsubishi Electric Corp アクセス制御システムおよびアクセス制御方法

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
ONNO ET AL.: "Conciliating remote home network access and MAC-address control", 2012 IEEE INTERNATIONAL CONFERENCE ON CONSUMER ELECTRONICS (ICCE), 13 January 2012 (2012-01-13), pages 98 - 99, XP032124785 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3197101A4 (en) * 2014-09-19 2017-07-26 Panasonic Intellectual Property Management Co., Ltd. Connection method, connection system, portable terminal, and program
EP3595247A4 (en) * 2017-03-31 2020-06-10 Huawei Technologies Co., Ltd. IDENTITY AUTHENTICATION METHOD AND SYSTEM, SERVER AND TERMINAL
US11165767B2 (en) 2017-03-31 2021-11-02 Huawei Technologies Co., Ltd. Identity authentication method and system, server, and terminal

Also Published As

Publication number Publication date
CA2869110C (en) 2015-11-03
PL2834938T3 (pl) 2017-11-30
EP2834938A4 (en) 2015-12-02
AU2013244872B2 (en) 2014-12-11
IN2014DN09022A (https=) 2015-05-22
EP2834938B1 (en) 2017-05-31
DK2834938T3 (en) 2017-08-28
JP5795696B2 (ja) 2015-10-14
FI20120110L (fi) 2013-10-06
KR20140138351A (ko) 2014-12-03
MX352041B (es) 2017-11-07
CA2869110A1 (en) 2013-10-10
BR112014024934A2 (pt) 2017-07-11
JP2015518316A (ja) 2015-06-25
AU2013244872A1 (en) 2014-10-23
ES2635556T3 (es) 2017-10-04
CN104365056A (zh) 2015-02-18
US20150341177A1 (en) 2015-11-26
CN104365056B (zh) 2017-11-24
FI124237B (fi) 2014-05-15
EP2834938A1 (en) 2015-02-11
MX2014012002A (es) 2014-12-05
KR101524659B1 (ko) 2015-06-01
US9385870B2 (en) 2016-07-05

Similar Documents

Publication Publication Date Title
US9385870B2 (en) Secure method for remote grant of operating rights
CA2860680C (en) Device arrangement and method for implementing a data transfer network used in remote control of properties
JP2005509977A5 (https=)
JP2023162313A (ja) 端末のネットワーク接続を認証及び制御するためのシステム及びそれに関する方法
CN109005179A (zh) 基于端口控制的网络安全隧道建立方法
CA2834147C (en) Device arrangement for implementing remote control of properties
RU2575689C1 (ru) Безопасный способ удаленного предоставления прав на функционирование

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13772027

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 2869110

Country of ref document: CA

REEP Request for entry into the european phase

Ref document number: 2013772027

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 2013772027

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 14390153

Country of ref document: US

ENP Entry into the national phase

Ref document number: 2015503907

Country of ref document: JP

Kind code of ref document: A

WWE Wipo information: entry into national phase

Ref document number: MX/A/2014/012002

Country of ref document: MX

NENP Non-entry into the national phase

Ref country code: DE

ENP Entry into the national phase

Ref document number: 2013244872

Country of ref document: AU

Date of ref document: 20130403

Kind code of ref document: A

ENP Entry into the national phase

Ref document number: 20147031032

Country of ref document: KR

Kind code of ref document: A

ENP Entry into the national phase

Ref document number: 2014141363

Country of ref document: RU

Kind code of ref document: A

REG Reference to national code

Ref country code: BR

Ref legal event code: B01A

Ref document number: 112014024934

Country of ref document: BR

ENP Entry into the national phase

Ref document number: 112014024934

Country of ref document: BR

Kind code of ref document: A2

Effective date: 20141006