WO2014191179A1 - Procédé et dispositif pour filtrer un paquet de données - Google Patents

Procédé et dispositif pour filtrer un paquet de données Download PDF

Info

Publication number
WO2014191179A1
WO2014191179A1 PCT/EP2014/059486 EP2014059486W WO2014191179A1 WO 2014191179 A1 WO2014191179 A1 WO 2014191179A1 EP 2014059486 W EP2014059486 W EP 2014059486W WO 2014191179 A1 WO2014191179 A1 WO 2014191179A1
Authority
WO
WIPO (PCT)
Prior art keywords
filter
network
rule
configurable area
filter rule
Prior art date
Application number
PCT/EP2014/059486
Other languages
German (de)
English (en)
Inventor
Rainer Falk
Original Assignee
Siemens Aktiengesellschaft
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Siemens Aktiengesellschaft filed Critical Siemens Aktiengesellschaft
Publication of WO2014191179A1 publication Critical patent/WO2014191179A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0263Rule management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0209Architectural arrangements, e.g. perimeter networks or demilitarized zones

Definitions

  • the invention relates to a method for filtering at least one data packet by means of a network filter device at a coupling point between a first network and a second network and a network filter device for this purpose.
  • Network filtering devices so-called security gateways or firewalls, are installed at network boundaries in order to realize a controlled coupling between several differently critical network areas.
  • critical may mean that there are a number of requests for traffic within the network area that must be met.
  • a critical network area compared to a less critical network area will then have more or more stringent requirements.
  • filtering devices that filter network traffic so that only allowed network traffic is allowed through. Admissibility is determined by the filter rules. It is also known to integrate a security gateway as a so-called personal firewall on a device.
  • Process automation there are critical automation areas. These critical automation areas have high requirements for definable functions. For example, a process step with a high reliability must be performed with predetermined parameters. This is to ensure functional safety, also called safety. It is known to logically seal the device configuration of safety components. A distinction can be made between a regular configuration and a safety configuration. The two configurations can be administered via passwords (see "Security-related
  • Safety protocols are known for safety applications. Safety status data is transferred. With the help of
  • Safety protocols make it possible to use a network infrastructure together for safety-related communication and general communication. However, such safety protocols are not protected against intentional attacks or manipulation. Therefore, they are only applicable in a closed network environment.
  • firewalls known from the prior art do not take into account the requirements of a safety-critical network area, for which in particular a freedom from retroactivity on safety-critical systems and a controlled, defined fault behavior must be taken into account.
  • the coupling can be done with an office network.
  • the object of the present invention is therefore to provide an improved method for filtering at least one data packet by means of a network filter device and a network filter device therefor.
  • configurable area is configured separately from the at least one second configurable area by means of a configuration.
  • a threat to functional safety is understood as a state in which the functional safety of the second network is not ensured. is ensured.
  • This may be, for example, the possibility of implementing a process step which involves the processing of a parameter so that a request within the second network is not fulfilled. Such a requirement can be given in particular by not exceeding or falling short of upper and lower threshold values of a parameter.
  • the term functional safety also referred to as safety in the following, thus encompasses all aspects that contribute to the proper performance of functions within the second network. Requirements for filter properties of filter devices to protect a safety-relevant network determine the degree of functional safety.
  • security against attack also referred to as security in the following, includes security requirements which may not be met due to manipulation by an attacker. Accordingly, there is a risk of attack security if it can not be ensured that definable requirements are met.
  • the requirements define the scope and degree of attack security. If, for example, due to a faulty implementation of a network filter device for an attacker, there are possibilities of manipulation, there is a threat to attack security. In particular, confidentiality, availability and integrity should be ensured by ensuring security against attack. As a rule, a data packet as a whole is blocked or forwarded if a threat is recognized due to a component or a feature of the component.
  • At least the first configurable range is formed by a first filter rule, wherein the first filter rule ensures the functional safety and wherein the first Configurable area is configured to modify the first filter rule protected.
  • the first filter rule thus specifies the requirements which are imposed on a data traffic or a data packet which is to be transmitted from the first network to the second network.
  • the first filter specification is designed in such a way that it ensures functional safety, also called safety. This may mean, in particular, that transmission from the first network is not transmitted to the second network if the data packet has components, for example within an address line, which indicate an influence on safety-relevant communication.
  • An indication of an IP address, Ethernet address or protocol number may be such an ingredient.
  • the fact that the first configurable area is configured in a protected manner may mean that it is configured separately. This may mean in particular that the first configurable area can not be configured together with the second configurable area.
  • the first filter rule is changed and a changed first filter rule is generated if a test value that can be entered with a configuration change matches a stored check value.
  • a test value that can be entered with a configuration change matches a stored check value.
  • Enter authentication This may be, for example, a password assigned to a user, for example a password which is known to a group of persons who is authorized to change the configuration.
  • the first filter specification is changed to requirements for specifiable properties.
  • a restricted range is formed within the first configurable range, so that, for example, essential characteristics of the data packet or essential requirements for the data packet must always be met. This happens on the one hand independently of the second configurable range and also independently of a non-configurable range of the first configurable range.
  • an influence on real-time communication can be prevented, for example by no further communication being possible during a time slot reserved for real-time communication or within a virtual local area network reserved for real-time communication, also called virtual local area network (VLAN).
  • VLAN virtual local area network
  • the prevention of overload can always be guaranteed.
  • a safety-related communication can always be blocked, thus guaranteeing no feedback on safety communication.
  • communication via unprotected remote access so-called remote access such as Telnet or simple network management protocol, English Simple Network Management Protocol, SNMP for short, can always be blocked.
  • the first filter specification is sealed.
  • a seal is a special one
  • Protection mechanism for activating a configuration For example, file sealing might require entering a checksum, such as an MD5 hash, a CRC checksum, a SHA1 / SHA256 hash.
  • a seal can not be undone. This ensures that a sealed configuration can not be changed.
  • the first filter specification is replaced by the configuration by an updated filter specification.
  • a safety-related filter specification also called a safety policy, can only be deleted and set up completely new. This particularly increases the assurance of a faulty configuration of the first filter rule.
  • a blocking filter instruction is automatically activated, which can be canceled by setting up and resealing a filter instruction.
  • the first filter rule is replaced by the configuration by a user by the updated filtering rule, if a user authentication by the network filtering device was successful.
  • the user authentication can be realized by common methods, such as a user-specific password input. It is conceivable that additionally a reset of the network filter device is necessary.
  • the updated filter specification is enforced after performing an operation release.
  • the concept of enforcement describes the operating state of the network filter device in which it is active and converts filter specifications according to the configuration. This makes it possible for an internal interface to be deactivated without the operation being enabled, so that no repercussion on the second network or safety network is possible. This ensures a period of maintenance.
  • the at least one second configurable region is formed by a second filter specification and the network filter device calculates a common filter rule from the first filter rule and the second filter rule.
  • a more flexible designed second filter rule can be taken into account by the network filter device, which takes into account in particular aspects of attack security.
  • the second configurable area can be arbitrarily updated by updating the filter rules. Demands placed on the network filter device with regard to attack security can thus be met, as it is possible to react promptly to current threats, in particular the networks. At the same time, however, it is ensured that the boundary conditions required from the safety point of view are not impaired, since these boundary conditions can not be changed together with a security configuration change. A safety approval obtained for a system remains in particular for this purpose.
  • Functional security threats can also be caused by authorized personnel updating network filter rules, for example, due to current IT security threats.
  • authorized personnel updating network filter rules for example, due to current IT security threats.
  • the second filter specification can be updated relatively freely as in a conventional network filter device especially after ordinary user authentication.
  • a secure shell access or ssh access or an HTTPS web configuration server can be used.
  • the common filter specification is enforced by a common filter machine.
  • a so-called policy combiner which calculates the common filter rule, can be part of the common filter machine.
  • Network traffic can pass through the network filter device only insofar as it satisfies both requirements imposed by the first filter specification and by the second filter specification.
  • the first filter specification is enforced by a first filter machine.
  • the first filter specification is enforced by a first filter machine and the second filter specification by a second filter machine.
  • the separate configuration options are clearly defined.
  • the necessary administration accesses for setting up the configuration can thus be designed for the requirements from the point of view of functional security or attack security in each case.
  • the at least one second configurable range is determined by a second filter rule formed, wherein the second filter rule, the attack security is ensured and wherein the at least one second configurable area is configured protected.
  • the functional safety-oriented filter regulations can be kept completely out of the second filter specification. It is also possible to set the second filter specification in a protected manner, for example by user authentication by the network filter device having been successfully carried out before the second filter rule is changed.
  • the second filter rule is changed and a second modified filter rule is generated if a second check value, which can be input with a second configuration change, matches a second stored check value.
  • the second filter rule which is to ensure the security of attack of the second network, not completely new deposited, but can be adjusted. This is particularly advantageous in view of the many necessary updates or updates of a firewall designed to ensure security of attack.
  • the coupling site is activated if the first configurable area has been configured.
  • the transmission of data traffic is thus excluded if a configuration of the network filter device does not exist.
  • a configuration of the network filter device does not exist.
  • no inadmissible data traffic can be transmitted to the second network, since the coupling point is then inactive.
  • the presence of a valid security configuration would therefore not be sufficient to packet packets, because the filter specification, which checks safety aspects, must also be configured in each case.
  • the invention further relates to a network filter device for filtering at least one data packet at a coupling point between a first network and a second network, wherein a component of the at least one data packet can be blocked if the component has at least one feature which is a threat to a functional safety and / or attack security of the second network, comprising a first configurable area and at least a second configurable area, the first configurable being configurable separately from the at least one second configurable area by means of a configuration.
  • the network filter device further comprises at least one further unit, suitable for use according to one of the embodiments or developments described above.
  • the network filter device further comprises a temperature monitoring sensor unit for detecting a physical modification of the network filter device.
  • Figure 1 is a schematic representation of networks with a network filter device according to a first embodiment of the invention
  • Figure 2 is a schematic representation of a network filter device according to a second embodiment of the invention
  • Figure 3 is a schematic representation of a first
  • Figure 4 is a schematic representation of a part of a
  • Figure 5 is a schematic representation of the second
  • Figure 6 is a schematic representation of a network filter device according to a sixth embodiment of the invention.
  • Figure 7 is a schematic representation of a network filter device according to a seventh embodiment of the invention
  • Figure 8 is a schematic representation of a network filter device according to an eighth embodiment of the invention.
  • FIG. 1 shows a network filter device 1 at a coupling point between a first network 100 and a second network 200.
  • a data packet 300 is to be transmitted from the first network 100 to the second network 200.
  • the first network 100 is, for example, an office network.
  • the second network 200 is in particular a safety network.
  • safety network describes an environment in which high demands are placed on ensuring defined functionalities. In particular, it may be a rail automation network, a vehicle control network, an energy automation network Manufacturing automation network or a process automation network act.
  • Messages or data packets transmitted in these safety networks must be checked to ensure that they do not contain any inadmissible components. For example, a schedule update is to be sent from the first network 100 to the second network 200 or rail automation network. An illegal component is present in particular when a message is transmitted within a communication, which leads to instructions being implemented which result in a malfunction of the automation system, for example, or cause damage in a similar manner. Within a safety network, it must therefore be ensured that a functional safety SF is not endangered. For example, a function or a parameter of a function should not be able to be influenced on the basis of a communication which does not originate from the second network 200 but, for example, from the first network 100. For this purpose, features of the data packet 300 are analyzed.
  • a data packet is not transmitted from the first network 100 into the second network 200 if the data packet has components within an address line that indicate an influence on safety-relevant communication.
  • An indication of an IP address, Ethernet address, or protocol number identifying communication partners within the second network 200, such as two lane automation network controllers Gl, G2, may be such.
  • an attack security SC should also not be jeopardized.
  • Threat to attack security SC occurs when, for example, an attacker intentionally attempts to intercept communications or more generally intentionally attempts to manipulate a data packet 300.
  • the protection against threats against attackers, ie the protection of the attack security SC is thereby re- be adapted to protect devices Gl, G2 within the second network 200 from tampering.
  • the data packet 300 is checked by means of a common filter machine M12.
  • the common filter machine M12 implements a common filter specification F12.
  • the common filter specification F12 is calculated from a first filter specification Fl, which ensures the functional safety SF, and a second filter instruction F2, which ensures the attack safety SC.
  • the first filter instruction Fl and the second filter instruction F2 are each configured via separate administration accesses.
  • a first configurable area 10 and at least one second configurable area 20 separate from the first configurable area 10 are provided.
  • the second configurable area 20 is accessible independently of the first configurable area 10 to allow periodically necessary updates of the second filter rule F2.
  • a security policy for setting the second filter specification F2 via a removable configuration memory such as an SD card or a USB card is configurable.
  • FIG. 2 shows how the first filter specification Fl and the second filter specification F2 are respectively enforced via a separate filter machine, namely a first filter machine M1 and a second filter machine M2.
  • a separate filter machine namely a first filter machine M1 and a second filter machine M2.
  • the data packet 300 first passes through the first filter machine M1 and is thereby checked for security aspects. Subsequently, the checking of the data packet 300 is carried out for safety aspects. If the data packet 300 passes both tests, the data traffic is forwarded to the second network 200. This results in an effective
  • FIG. 3 illustrates how within the first configurable range 10 a first filter specification Fl can be restrictively changed.
  • the first filter specification Fl is changed and an altered first filter specification Fl 'is generated.
  • an input test value P by a user who wants to make the configuration change is entered.
  • a stored check value RP is stored, with the aid of which a user can be authenticated. This ensures that a configuration change can not be made by any user.
  • FIG. 4 shows how an updated filter specification FA is generated by means of a configuration K from the first filter specification F1.
  • the updated filter instruction FA completely replaces the first filter instruction F1.
  • a first filter specification F1 can not be changed. In particular, this is advantageous to minimize misconfiguration.
  • Performing an operation release BF may involve actuating a local or local key switch or a similar local operating element of the network filter device.
  • the interface between the first network 100 and the second network 200 is activated only after the operational release BF has been established.
  • a first filter instruction F1 which has been sealed, can only be deleted and reconfigured. Again, this is a configuration access advantageously with a user authentication to secure.
  • the configuration K may require that, in addition to configuration data, a password for user identification or a checksum for ensuring data integrity be provided, which protects against inadmissible or erroneous configuration.
  • FIG. 5 schematically shows how the second filter specification F2 is also changed by means of a configuration K protected by user authentication and a second modified filter specification F2 1 is generated.
  • a second test value P2 which can be input with a second configuration change is compared with a second stored test value RP2.
  • a common filter specification F12 is calculated from the first filter specification Fl and the second filter specification F2 by means of a policy combiner.
  • the common filter specification F12 is enforced on the one hand via a common filter machine Ml2.
  • a first filter machine M1 passes through the first filter specification F1.
  • the safety policy which is defined by the first filter instruction F1 is enforced twice.
  • a particularly high degree of protection is achieved since two separate filter machines or filter engines enforce the safety policy.
  • the first filter specification F1 can serve as a safety configuration to analyze the network traffic occurring at the network interface NI of the network filter device oriented to the second network 200.
  • a network device 31, a so-called Networktap is provided in order to access the network traffic, in particular the data packet 300.
  • the data packet 300 is evaluated by a monitoring machine 32 or monitoring engine.
  • the network interface NI is disabled by providing a signal to Fail Silent.
  • an analysis device 33 is provided for analyzing the configured second filter specification F2.
  • the security policy is analyzed and checked whether this also meets the requirements of the safety policy, i. E. also covers the first filter regulation Fl with.
  • the configuration K of the specifications for the first filter specification Fl is again carried out separately via the first configurable region 10. Enforced by a filter machine M2 then only the second filter rule F2. If the analysis device 33 recognizes that the security requirements are not covered by the security policy, the network interface NI directed to the second network 200 can again be deactivated via a fail-silent signal.
  • two separate partitions can be replaced by a hypervisor, such as the
  • Operating system PikeOS be realized.
  • the two separate partitions are each separated by the hypervisor. Communication is not possible directly, but only under the control of the hypervisor.
  • An integrated realization is possible, with software implementations separated by partitioning or a microvisor being logically separated from one another.
  • the configurable network t leverages, in particular the security policy with the designated filter machine, by a remote solution, ie a hosted firewall, be realized.
  • the present invention provides a firewall solution with at least two separately configurable filter policies. This allows different constraints to be applied to the way the configuration can be set up and updated. There is a relatively static eligible part and a configurable, updatable part. It ensures that even configuration errors in the firewall security rules have no effect on essential safety features. Certificates that certify the functional security of a plant remain valid for a longer period of time, while still ensuring a currently configured security firewall.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Business, Economics & Management (AREA)
  • General Business, Economics & Management (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

L'invention concerne un procédé pour filtrer au moins un paquet de données au moyen d'un dispositif de filtrage réseau (1) au niveau d'un point de couplage entre un premier réseau (100) et un deuxième réseau (200) et un dispositif de filtrage réseau, au moins un composant dudit paquet de données (300) étant bloqué dans le cas où un danger pour une sécurité fonctionnelle et/ou une sécurité d'accès du deuxième réseau est identifié. Une première zone configurable (10) et au moins une deuxième zone configurable (20) sont prévues et la première zone configurable est configurée séparément de ladite deuxième zone configurable.
PCT/EP2014/059486 2013-05-28 2014-05-08 Procédé et dispositif pour filtrer un paquet de données WO2014191179A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE102013209914.2 2013-05-28
DE102013209914.2A DE102013209914A1 (de) 2013-05-28 2013-05-28 Filtern eines Datenpaketes mittels einer Netzwerkfiltereinrichtung

Publications (1)

Publication Number Publication Date
WO2014191179A1 true WO2014191179A1 (fr) 2014-12-04

Family

ID=50732148

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2014/059486 WO2014191179A1 (fr) 2013-05-28 2014-05-08 Procédé et dispositif pour filtrer un paquet de données

Country Status (2)

Country Link
DE (1) DE102013209914A1 (fr)
WO (1) WO2014191179A1 (fr)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20200314066A1 (en) * 2019-03-29 2020-10-01 Cloudflare, Inc. Validating firewall rules using data at rest
US11377072B2 (en) * 2018-11-02 2022-07-05 Uatc, Llc Systems and methods for tamper evident electronic detection
CN115047835A (zh) * 2022-06-27 2022-09-13 中国核动力研究设计院 基于dcs系统定期试验数据获取方法、装置、设备及介质

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1496664A2 (fr) * 2003-07-10 2005-01-12 Siemens Aktiengesellschaft Système, méthode et module de sécurité pour sécuriser l'accèss d'un utilisateur à au moins un composant d'automatisation d'un système d'automatisation
US7127738B1 (en) * 2000-10-18 2006-10-24 Nortel Networks Limited Local firewall apparatus and method
US20100165878A1 (en) * 2008-12-31 2010-07-01 Schneider Automation Inc. Communication Module with Network Isolation and Communication Filter

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7127738B1 (en) * 2000-10-18 2006-10-24 Nortel Networks Limited Local firewall apparatus and method
EP1496664A2 (fr) * 2003-07-10 2005-01-12 Siemens Aktiengesellschaft Système, méthode et module de sécurité pour sécuriser l'accèss d'un utilisateur à au moins un composant d'automatisation d'un système d'automatisation
US20100165878A1 (en) * 2008-12-31 2010-07-01 Schneider Automation Inc. Communication Module with Network Isolation and Communication Filter

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
HANS-HERMANN BOCK ET AL: "Towards an IT Security Protection Profile for Safety-Related Communication in Railway Automation", 25 September 2012, COMPUTER SAFETY, RELIABILITY, AND SECURITY, SPRINGER BERLIN HEIDELBERG, BERLIN, HEIDELBERG, PAGE(S) 137 - 148, ISBN: 978-3-642-33677-5, XP047016659 *
HIERZU; A. DIELMANN; B. PAPST: "Sicherheitsgerichtetes Steuerrelais Safety, Handbuch", January 2013

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11377072B2 (en) * 2018-11-02 2022-07-05 Uatc, Llc Systems and methods for tamper evident electronic detection
US20200314066A1 (en) * 2019-03-29 2020-10-01 Cloudflare, Inc. Validating firewall rules using data at rest
CN115047835A (zh) * 2022-06-27 2022-09-13 中国核动力研究设计院 基于dcs系统定期试验数据获取方法、装置、设备及介质
CN115047835B (zh) * 2022-06-27 2024-06-04 中国核动力研究设计院 基于dcs系统定期试验数据获取方法、装置、设备及介质

Also Published As

Publication number Publication date
DE102013209914A1 (de) 2014-12-04

Similar Documents

Publication Publication Date Title
EP3001884B1 (fr) Procédé, dispositif et système de surveillance d'une passerelle de sécurité
EP2299650A1 (fr) Procédé de détection des anomalies dans un réseau de contrôle
WO2012167995A2 (fr) Nœud de connexion pour un réseau de communication
WO2014191179A1 (fr) Procédé et dispositif pour filtrer un paquet de données
EP3122016B1 (fr) Reseau d'automatisation et procede de surveillance de la securite de la transmission de paquets de donnees
EP3028409B1 (fr) Filtrage d'un paquet de données par un dispositif de filtrage de réseau
EP3688951B1 (fr) Procédé de détection d'une attaque menée contre un calculateur d'un véhicule
EP1862931B1 (fr) Dispositif et procédé destinés à la protection d'un appareil médical et d'un patient traité par cet appareil contre les actions dangereuses d'un réseau de communication
WO2017167490A1 (fr) Réduction de la capacité d'attaque d'un point faible d'un appareil par le biais d'un point d'accès à un réseau
EP2987301B1 (fr) Controler la fonctionalite d'un filtre de reseau
WO2015062812A1 (fr) Système à fonction de sécurité avec superviseur
EP1675342A1 (fr) Dispositif et mèthode pour la gestion des erreurs dans des réseaux de communication protégés
DE102011106497B4 (de) System zur Fernwartung oder Diagnose einer computergesteuerten Brennschneidmaschine
WO2021197822A1 (fr) Procédé pour traiter une anomalie de données, en particulier dans un véhicule automobile
EP3661830B1 (fr) Concept pour la surveillance d'un trafic réseau entrant dans un poste d'aiguillage
EP3987742A1 (fr) Filtre, système et procédé de fonctionnement d'un système
WO2020099291A1 (fr) Dispositif destiné à sécuriser un réseau de données ethernet en temps réel d'un véhicule automobile
EP3813314A1 (fr) Système de sécurisation et procédé de filtration d'un trafic des données
EP3382976A1 (fr) Dispositif de protection, procédé et appareil comprenant un dispositif de protection destiné à protéger un réseau de communication connecté à l'appareil
EP3603011B1 (fr) Dispositifs et procédé de fonctionnement d'une communication mobile avec un dispositif côté trajet
EP3700171A1 (fr) Vérification et confirmation de la configuration de sécurité de l'accès réseau sur un serveur de rendez-vous
WO2016116207A1 (fr) Dispositif de commande électronique
WO2014075704A1 (fr) Procédé et ensemble d'automatisation pour le contrôle du trafic de données entre des appareils de traitement de données

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14724393

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 14724393

Country of ref document: EP

Kind code of ref document: A1