WO2018157960A1 - Procédé et système pour libérer un accès utilisateur à un serveur couplé à un système intégré - Google Patents
Procédé et système pour libérer un accès utilisateur à un serveur couplé à un système intégré Download PDFInfo
- Publication number
- WO2018157960A1 WO2018157960A1 PCT/EP2017/083757 EP2017083757W WO2018157960A1 WO 2018157960 A1 WO2018157960 A1 WO 2018157960A1 EP 2017083757 W EP2017083757 W EP 2017083757W WO 2018157960 A1 WO2018157960 A1 WO 2018157960A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- server
- information
- communication device
- temporary information
- embedded system
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
- H04L63/0838—Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/36—User authentication by graphic or iconic representation
-
- G—PHYSICS
- G09—EDUCATION; CRYPTOGRAPHY; DISPLAY; ADVERTISING; SEALS
- G09C—CIPHERING OR DECIPHERING APPARATUS FOR CRYPTOGRAPHIC OR OTHER PURPOSES INVOLVING THE NEED FOR SECRECY
- G09C1/00—Apparatus or methods whereby a given sequence of signs, e.g. an intelligible text, is transformed into an unintelligible sequence of signs by transposing the signs or groups of signs or by replacing them by others according to a predetermined system
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3228—One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
- H04L2209/805—Lightweight hardware, e.g. radio-frequency identification [RFID] or sensor
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/60—Context-dependent security
- H04W12/69—Identity-dependent
- H04W12/77—Graphical identity
Definitions
- the present invention relates to a method and system for enabling user access to a server coupled to an embedded system and associated computer program (product).
- An embedded system (also referred to as “embedded system”) is an electronic computer or computer that is integrated (embedded) in a technical context, in which case the computer generally either performs monitoring, control or regulating functions or is responsible for a form of data or signal processing, for example, when encrypting or decrypting, coding or decoding or filtering.
- a field device is a technical device, usually in the field of automation technology, which is related to a production process "referred to in the car ⁇ mation technology the area outside of control cabinets or control rooms. Field devices can thus both actuators
- the field devices are then connected to a control and Leitsys ⁇ tem, usually via a fieldbus, or increasingly via real-time Ethernet.
- Web servers can be coupled to or integrated with a field device to query status data and to change the device configuration. There is one Need to prevent unauthorized access to the server (HTTP server, CoAP server, REST server) of the field device.
- Security within such an infrastructure as well as preventing intentional attacks is playing an increasingly important role.
- a successful manipulation may cause a malfunction in the control functions of the above devices.
- Cryptographic protection functions can be used to achieve goals such as integrity, confidentiality or authenticity of the objects. This avoids deliberate, purposeful attacks.
- safety refers mainly to the security, confidentiality and / or integrity of data so ⁇ as their transfer and security, confidentiality and / or integrity in accessing relevant data.
- Cryptographic functionality is generally understood to mean, for example, a function for encrypting, protecting the confidentiality, integrity protection and / or authentication of data (eg user data, control data, configuration data or administrative data) since ⁇ include, for example at one or more of the following set ⁇ led functionalities: - key storage
- the enumerated cryptographic functionalities can in each case be carried out again with other / further methods or combinations of these methods.
- HTTP protocol supports user authentication (HTTP Digest, HTTP Basic Authentication) (see https://en.wikipedia.org/wiki/Digest_Access_Authentication) for which a user must enter a username and password server grants the user access to successful verification of the user name and password
- HTTP Digest, HTTP Basic Authentication see https://en.wikipedia.org/wiki/Digest_Access_Authentication
- a user is authenticated to a web application by typing in a form (Web page) Nationalna ⁇ me and password that also. English "form based authentication" is called.
- JWT JSON Web Token
- JWT authorization token is usually issued by a single sign-on service.
- HTTP HyperText Transfer Protocol
- CoAP cryptographically protected communication connection
- TLS cryptographically protected communication connection
- DTLS cryptographically protected communication connection
- the server is authenticated by means of a digital certificate.
- the client also authenticates with his client certificate.
- a user will Siert authentic by the user used by Web client (Web browser ⁇ ) transmits a user authentication information about the used communication protocol (HTTP, CoAP, TLS, DTLS). For this, a so-called user credential must exist on the client side (eg password, key).
- a mobile communication device for authorizing a user is known.
- access information about communication with a back-end system is determined specifically for a terminal to be accessed and forwarded to the field device for checking.
- the invention claims a method for enabling a user access to an embedded system by means of an authorization of a user by at least one communication device on the server, comprising the following steps:
- server server authorization information is updated on the embedded system depending on an in-system successful (local) authentication / authorization that can be initialized by the enabling unit.
- This local authentication / authorization on the embedded system takes place independently of the communication connection for access or user access to the server.
- the local Authentication / authorization is advantageous to provide additional protection against unauthorized access, but not a mandatory requirement to the above
- the local authentication / authorization can be understood as a trigger for providing the temporary information or the provision of the temporary information is part of the local authentication / authorization or its operation.
- the provided information or information derived therefrom which are transmitted to the server for authorization on the server and subsequent verification of the two information, a secure activation of the user access is ultimately ensured.
- the (caused by the local car ⁇ ization) temporarily provided and the information and forwarded the check can virtually a two-factor authentication (see below) considered advertising to.
- a development of the invention provides that information for the identification of the release unit is received by the embedded system, which in an assumed form and / or in a derived form can enter into a derivation of the temporary information to be provided. This development may be an embodiment of the local authentication / authorization described above.
- a further development of the invention provides that the transmission of the temporary information takes place in that a code provided by the activation unit, in particular a one-dimensional barcode or two-dimensional quick response code, is photographed with the at least one communication device, wherein the communication device stores the code de ⁇ coded.
- the transmitted information comprises at least one password and / or PIN which is determined or determined according to a prescribable rule from the temporary information.
- a development of the invention provides that the temporary information is provided optically to a display device and / or acoustically by a transmitting device and at the at least one communication device for transmitting the same to the server detected and / or received.
- a development of the invention provides that the temporary information is provided by means of a radio transmission device and transmitted to the at least one communication device, which receives the same for the transmission of the same to the server.
- a further development of the invention provides that the tem- porary information a communication device are transmitted to the server by means of input at a Nationalschnittstei ⁇ le of the at least.
- a development of the invention provides that the temporary information is transmitted to the server by means of the embedded system.
- a development of the invention provides that at least one port in a device connection unit of the embedded system for user access to the server is enabled by an access control unit that can be integrated into the embedded system.
- the device adapter can be pronounced as named in the engli ⁇ rule access point.
- a development of the invention provides that the access control unit additionally checks whether the at least one communication device is remote (remote) or locally connected to the embedded system. This brings the The advantage of this is that it checks whether the embedded system actually has a local authorization and does not attempt an attack from the outside.
- a physical authentication token (mechanical key, RFID tag) can be easily used:
- a service technician or user can use any service computer (PC, notebook, tablet, mobile phone) to communicate with a user (Web) browser or an app to access an embedded system. Only the embedded system itself must have an appropriate reader or receiver. It is possible to use a relatively weak password as temporary information to access a server of an embedded system, since it can be dynamically generated by the embedded system and made available for display.
- two-factor authentication i.e., identity verification of a user by means of the combination of two different and, in particular, independent components (factors), e.g., user ID and PIN (personal.
- Identification no. or PIN and TAN (transaction no.)) for a protected user access can be easily realized.
- the aforementioned functions / steps can be implemented in software , firmware and / or hardware. They are understood Kings ⁇ nen as a kind of functional units that can be integrated into your function in any combination in a single unit (component or server or device).
- a further aspect of the invention an embedded Sys ⁇ system or device suitable for carrying out the method for enabling a user access to a dockable with atientbet ⁇ ended system server using an authorization of a user by at least a communication device on ⁇ pointing: Means for providing temporary information for authorization, the temporary information being derivable from server information,
- Means for transmitting the provided and / or derived temporary information to the server
- Another aspect of the invention may be a computer program or a computer program product with at least one Compu ⁇ terprogramm with means for carrying out the method and its referred embodiments when the computer program (-product) or the at least one computer program on the embedded system according to the above-described Art is brought to execution.
- Form of a field device that temporary to a user Information for authorization is provided in each case in different embodiments.
- FIG. 1 shows an embedded system in the form of a field device FD which is connected by means of a network interface
- Interface I via a network with a communication device K, e.g. a service notebook, a mobile panel or a
- the communication ⁇ device may be a mobile or portable device.
- the field device FD is coupled to a server S, preferably web or service server.
- the server S associated with the field device is integrated in the field device FD.
- the network N can be a wired or a radio transmission network (eg WLAN, Bluetooth, Zigbee, NFC, etc.).
- the field device is coupled to an access control unit C, which in this embodiment is integrated into the field device FD.
- a user U can with a release device that can also be a communication device, for example in the form of a token T, ⁇ a mobile device M or even the same communication device K.
- the release device of the user U communicates with the access ⁇ control unit C, the information (eg activation code, PIN, password, etc.) for the authorization of the user or his communication device K.
- This information is temporarily before ⁇ preferably so that this information only for a limited period of time eg a few minutes are available.
- the server or authorization information of the server carried updated dependent on a direct, local authentication / authorization verification by the access control unit C.
- This local authenticatio ⁇ tion / authorization is independent of the communication link over the network N to the access to the server S.
- For Local authentication / authorization can be used in particular: Key switch, DIP switch, jumper, input field (eg membrane keypad or touch screen or control panel) on the field device FD.
- Authentication token eg T in the form of, for example, RFID, NFC, Bluetooth, Zigbee but also as M12 plug-in module, RJ45 plug-in module or the like possible.
- temporary information or temporary information derived from the server information is provided to the server for authorization. This can be done optically by displaying on a display ⁇ gevoriques, acoustically by a voice output or possibly ultrasound, mechanical vibrations, etc.
- the release device or the communication device K can be equipped with a corresponding receiver in order to receive the information.
- a firewall rule set can be adapted by P, or a port of the network interface can be temporarily activated to allow a temporary access. It can additionally be checked whether the at least one communication device is remote (remote) or locally connected to the embedded system.
- a hop counter is usually set to 255 for a local "link", and to a number ⁇ 255 for a "remote link”.
- thedevio ⁇ roll unit C of the field device FD accepts a USB flash drive or token WEL che in unanswered form and / or in derived form into a derivative of the mobilized temporary information (see above) can enter.
- a corresponding In ⁇ formation accept a USB flash drive or token WEL che in unanswered form and / or in derived form into a derivative of the mobilized temporary information (see above) can enter.
- FIG. 2 indicates that the field device FD has a display device D, eg an LCD display or display, and a control panel B (keypad, membrane keypad).
- a user can unlock the field device by entering a user code or an administrator code.
- the release unit then corresponds to the display or the control panel.
- the access control unit C With successful testing of the codes by the access control unit C is a user-is temporarily access to the server according to an access policy frge ⁇ on.
- an access code is provided or displayed as temporary information on the display of the field device FD, which is to be entered via a user interface or surface, eg an HTML form (Form Based Authentication). The user must be on the field device (control panel,
- Touchscreen and enter via the browser on the server S one / the same, matching PIN or password, which can be freely selectable. It is also possible that information is displayed as a temporary one-dimensional barcode or two-dimensional quick response code (QR code) on the display are provided, which can be photo ⁇ grafiert with the at least one communication device K.
- the communication device decrypts the code and sends the data obtained therefrom for authorization to the server, which uses the provided temporary information with the information received from the communication device K. Checked or adjusted formations and depending on the activation of user access permits.
- FIG. 3 shows that access to the field device FD takes place wirelessly, in particular via WLAN.
- access via Bluetooth, Bluetooth LE, IEEE 802.15.4, ZigBee or via a cellular mobile radio system (GSM, UMTS, LTE, 5G, etc.) would also be possible.
- the field device has a device connection unit, which in this embodiment is designed as a WLAN access point AP (access point) and coupled to the network interface I. After a direct local authentication / authorization check on the field device, a WLAN access point of the field device is temporarily activated or a port is released.
- the configuration in particular network name SSID, possibly a PSK WLAN preshared key
- the user logs in with the information that can be derived or ascertained from the temporary information (access data or code) at the access point AP and, after checking the information by the access control unit, obtains user access to the server.
- a physical authentication token T - as shown in FIG. 4 - which may indicate a password or a PIN to be entered during server authorization (eg in a form field).
- a password is selected as temporary information by the Feldge ⁇ advises that must be entered via the user interface components.
- a physical authentication token it can be checked in temporally equal or variable intervals whether this token is still available and whether or not a decision is made as a function of the local policy P no longer existing token the connection to the server is maintained or dismantled. If the token is detected, depending on the policy, a warning or an indication about the server may be issued to the user.
- the access button is connected, for example via wireless communication, to the field device FD.
- the token not only the existence of the token T is checked, but also exchanged dynamic information with the token.
- the token generates a PIN (eg after a certain time or at the push of a button) and displays this as temporary information on its display.
- This PIN is then transmitted to the field device FD via NFC, for example.
- the service technician must now enter this PIN on the server in order to authorize himself for the free access of the user access.
- SUC ⁇ gen which (collectively referred to as computer readable storage) on computer readable storage media or volatile computer memories gen.
- Computer-readable memory for example, volatile storage such as caches, buffers, or RAM and non-volatile memory as Kirda ⁇ pinion carrier, hard disks, etc.
- the functions or steps described above may be in the form of at least one instruction set in / on a computer-readable memory.
- the functions or Steps are not tied to a specific instruction ⁇ set or to a particular form of instruction sets, or to a particular storage medium or to a particular processor or to specific design schemes and can by software, firmware, microcode, hardware, Prozes ⁇ sensors, integrated circuits, etc. be carried out alone or in any combination.
- Various processing strategies can be used, for example serial processing by a single processor or multiprocessing or multitasking or parallel processing, etc.
- the instructions may be stored in local memories, but it is also possible to store the instructions on a remote system and access them via network.
- processor central signal processing
- Control unit or “data evaluation means” as here USAGE ⁇ det, processing means includes in the broad sense, that is, for example, servers, general purpose processors, Gardnerluxo ⁇ ren, digital signal processors, application specific inte ⁇ grated circuits (ASICs), programmable logic circuits, such as FPGAs, discrete analog or digital circuits and be ⁇ undesirables combinations thereof, and any other processing means known in the art or developed in the future.
- Processors can consist of one or more devices or devices or units. If a processor consists of several devices, these can be designed or configured for the parallel or sequential processing or execution of instructions.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Software Systems (AREA)
- Computing Systems (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
L'invention concerne un procédé pour libérer un accès utilisateur à un serveur couplé à un système intégré (FD) au moyen d'une autorisation d'un utilisateur par l'intermédiaire d'au moins un appareil de communication (K) sur le serveur (S). Le procédé comprend les étapes consistant : à fournir des informations temporaires pour l'autorisation par l'intermédiaire d'une unité de libération couplée au système intégré, les informations temporaires pouvant être déduites d'informations du serveur ; à transmettre au serveur (S) les informations temporaires fournies et/ou déduites ; à libérer ledit accès utilisateur au serveur (S) par l'intermédiaire d'une unité de contrôle d'accès (C) couplée au serveur et pouvant être reliée audit au moins un appareil de communication (K), ladite libération dépendant d'une vérification pour déterminer si les informations transmises concordent au minimum de manière déterminable avec les informations fournies et/ou déduites.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
DE102017203235.9 | 2017-02-28 | ||
DE102017203235.9A DE102017203235A1 (de) | 2017-02-28 | 2017-02-28 | Verfahren und System zum Freischalten eines Nutzerzugangs zu einem mit einem eingebetteten System gekoppelten Server |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2018157960A1 true WO2018157960A1 (fr) | 2018-09-07 |
Family
ID=61007651
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/EP2017/083757 WO2018157960A1 (fr) | 2017-02-28 | 2017-12-20 | Procédé et système pour libérer un accès utilisateur à un serveur couplé à un système intégré |
Country Status (2)
Country | Link |
---|---|
DE (1) | DE102017203235A1 (fr) |
WO (1) | WO2018157960A1 (fr) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP3410241A1 (fr) * | 2017-05-31 | 2018-12-05 | Krohne Messtechnik GmbH | Procédé de communication sécurisée avec un appareil de mesure de terrain du processus industriel et appareil de mesure de terrain correspondant |
EP4011032A4 (fr) * | 2019-08-09 | 2023-08-09 | Rosemount Inc. | Authentification à deux facteurs pour dispositifs de terrain sans fil |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE102018007259A1 (de) * | 2018-09-14 | 2019-10-17 | Baumer Electric Ag | Verfahren zum Betreiben einer Feldgeräte-Verbindungsstruktur |
DE102020128758A1 (de) | 2020-11-02 | 2022-05-05 | Vega Grieshaber Kg | Mobiles Servicegerät |
DE102021213519A1 (de) | 2021-11-30 | 2023-06-01 | Vega Grieshaber Kg | Feldgerät, Feldgerätenetzwerk und Verfahren zum Gewähren eines Feldgerätedatenerhalts |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030030542A1 (en) | 2001-08-10 | 2003-02-13 | Von Hoffmann Gerard | PDA security system |
US7734716B2 (en) | 2002-01-24 | 2010-06-08 | Ge Fanuc Automation North America, Inc. | Methods and systems for management and control of an automation control module |
EP1621944B1 (fr) | 2004-07-29 | 2012-11-21 | Rockwell Automation Technologies, Inc. | Système de sécurité et procédé pour un système d'automatisation industriel |
DE102012214018B3 (de) | 2012-08-07 | 2014-02-13 | Siemens Aktiengesellschaft | Autorisierung eines Nutzers durch ein tragbares Kommunikationsgerät |
US20150089591A1 (en) * | 2010-11-25 | 2015-03-26 | Ensygnia Limited | Handling encoded information |
US20160063785A1 (en) * | 2014-09-02 | 2016-03-03 | Endress + Hauser Conducta Gesellschaft für Mess- und Regeltechnik mbH + Co. KG | Method for the authentication of at least one first unit on at least one second unit |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
ATE524897T1 (de) | 2008-09-17 | 2011-09-15 | Gmv Soluciones Globales Internet S A | Verfahren und system zur authentifizierung eines benutzers mit hilfe eines mobilfunkgeräts |
EP2421217B1 (fr) | 2010-08-16 | 2013-10-02 | BlackBerry Limited | Système de communication fournissant une authentification sans fil pour un accès privé aux données et procédé associé |
CN103441997B (zh) | 2013-08-20 | 2017-02-22 | 华为技术有限公司 | 一种内容共享方法、装置和系统 |
KR102216877B1 (ko) | 2014-02-19 | 2021-02-18 | 삼성전자 주식회사 | 전자장치에서 생체 정보를 이용한 인증 방법 및 장치 |
KR102213448B1 (ko) | 2014-04-04 | 2021-02-08 | 삼성전자 주식회사 | 전자 장치의 인증 상태를 제어하는 방법 및 이를 이용한 전자 장치 |
-
2017
- 2017-02-28 DE DE102017203235.9A patent/DE102017203235A1/de not_active Withdrawn
- 2017-12-20 WO PCT/EP2017/083757 patent/WO2018157960A1/fr active Application Filing
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030030542A1 (en) | 2001-08-10 | 2003-02-13 | Von Hoffmann Gerard | PDA security system |
US7734716B2 (en) | 2002-01-24 | 2010-06-08 | Ge Fanuc Automation North America, Inc. | Methods and systems for management and control of an automation control module |
EP1621944B1 (fr) | 2004-07-29 | 2012-11-21 | Rockwell Automation Technologies, Inc. | Système de sécurité et procédé pour un système d'automatisation industriel |
US20150089591A1 (en) * | 2010-11-25 | 2015-03-26 | Ensygnia Limited | Handling encoded information |
DE102012214018B3 (de) | 2012-08-07 | 2014-02-13 | Siemens Aktiengesellschaft | Autorisierung eines Nutzers durch ein tragbares Kommunikationsgerät |
US20160063785A1 (en) * | 2014-09-02 | 2016-03-03 | Endress + Hauser Conducta Gesellschaft für Mess- und Regeltechnik mbH + Co. KG | Method for the authentication of at least one first unit on at least one second unit |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP3410241A1 (fr) * | 2017-05-31 | 2018-12-05 | Krohne Messtechnik GmbH | Procédé de communication sécurisée avec un appareil de mesure de terrain du processus industriel et appareil de mesure de terrain correspondant |
US11353836B2 (en) | 2017-05-31 | 2022-06-07 | Krohne Messtechnik Gmbh | Method for secure communication with a field measuring device of process measuring technology and corresponding field measuring device |
EP4011032A4 (fr) * | 2019-08-09 | 2023-08-09 | Rosemount Inc. | Authentification à deux facteurs pour dispositifs de terrain sans fil |
Also Published As
Publication number | Publication date |
---|---|
DE102017203235A1 (de) | 2018-08-30 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2018157960A1 (fr) | Procédé et système pour libérer un accès utilisateur à un serveur couplé à un système intégré | |
EP2494485B1 (fr) | Authentification d'un jeton et protection d'intégrité de ses données | |
EP2891102A1 (fr) | Etiquette rfid et procédé permettant de faire fonctionner une étiquette rfid | |
EP2668607A1 (fr) | Procédé de surveillance d'une protection anti-manipulation et système de surveillance d'un appareil de terrain équipé d'une protection anti-manipulation | |
EP3130167B1 (fr) | Procédé d'accès sécurisé à un appareil de terrain | |
DE102017106777A1 (de) | Verfahren zum Betreiben eines Feldgeräts der Automatisierungstechnik und eine Bedieneinheit zum Durchführen des Verfahrens | |
EP3410241B1 (fr) | Procédé de communication sécurisée avec un appareil de mesure de terrain du processus industriel et appareil de mesure de terrain correspondant | |
EP3582033A1 (fr) | Procédé et dispositif de fonctionnement sûr d'un appareil de terrain | |
EP2548358B1 (fr) | Méthode d'autorisation dynamique d'un dispositif de communication mobile | |
EP3017432B1 (fr) | Dispositif de communication sécurisé pour un véhicule et système de véhicule | |
EP3769553B1 (fr) | Procédé et système d'autorisation de la communication d'un noeud de réseau | |
EP3769554B1 (fr) | Procédé et système d'autorisation de la communication d'un noeud de réseau | |
DE102008063864A1 (de) | Verfahren zur Authentifizierung einer Person gegenüber einer elektronischen Datenverarbeitungsanlage mittels eines elektronischen Schlüssels | |
DE102017006200A1 (de) | Verfahren, Hardware und System zur dynamischen Datenübertragung an ein Blockchain Rechner Netzwerk zur Abspeicherung Persönlicher Daten um diese Teils wieder Blockweise als Grundlage zur End zu Endverschlüsselung verwendet werden um den Prozess der Datensammlung über das Datenübertragungsmodul weitere Daten in Echtzeit von Sensoreinheiten dynamisch aktualisiert werden. Die Blockmodule auf dem Blockchaindatenbanksystem sind unbegrenzt erweiterbar. | |
EP2996299B1 (fr) | Procédé et système d'autorisation d'une action sur un système auto-commandé | |
DE102012216396B4 (de) | Ermitteln einer IT-Berechtigungsinformation unter Verwendung eines mechanischen Schlüssels | |
WO2018145798A1 (fr) | Système de réseau et procédé de contrôle de la fonctionnalité d'une fonction de commande dématérialisée | |
DE102021127395A1 (de) | Biometrisch authentifizierter fahrzeugstart mithilfe von mit sensor gekoppelter schlüsselangriffsdetektion | |
WO2019175086A1 (fr) | Procédé et dispositif de transmission de données protégée de manière cryptographique entre un premier appareil et un deuxième appareil | |
DE102015221372A1 (de) | Verfahren zur Aktivierung eines Konfigurationsmodus eines Geräts | |
EP4087184B1 (fr) | Procédé d'authentification des interactions indépendamment d'une heure système , ainsi que dispositif de mise en uvre dudit procédé et détecteur de flamme doté d'un tel dispositif | |
WO2014124765A1 (fr) | Dispositif et procédé d'administration sécurisée de codes d'accès | |
DE102011117186A1 (de) | Verfahren zur Kontrolle des Zugriffs auf einen Aktor und/oder Sensor | |
EP3399457B1 (fr) | Procédé et dispositifs de reconnaissance d'une manipulation d'un appareil | |
WO2013135439A1 (fr) | Procédé et système pour l'authentification d'un utilisateur par une application |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 17832496 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 17832496 Country of ref document: EP Kind code of ref document: A1 |