WO2018157960A1 - Procédé et système pour libérer un accès utilisateur à un serveur couplé à un système intégré - Google Patents

Procédé et système pour libérer un accès utilisateur à un serveur couplé à un système intégré Download PDF

Info

Publication number
WO2018157960A1
WO2018157960A1 PCT/EP2017/083757 EP2017083757W WO2018157960A1 WO 2018157960 A1 WO2018157960 A1 WO 2018157960A1 EP 2017083757 W EP2017083757 W EP 2017083757W WO 2018157960 A1 WO2018157960 A1 WO 2018157960A1
Authority
WO
WIPO (PCT)
Prior art keywords
server
information
communication device
temporary information
embedded system
Prior art date
Application number
PCT/EP2017/083757
Other languages
German (de)
English (en)
Inventor
Rainer Falk
Steffen Fries
Original Assignee
Siemens Aktiengesellschaft
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Siemens Aktiengesellschaft filed Critical Siemens Aktiengesellschaft
Publication of WO2018157960A1 publication Critical patent/WO2018157960A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • H04L63/0838Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/36User authentication by graphic or iconic representation
    • GPHYSICS
    • G09EDUCATION; CRYPTOGRAPHY; DISPLAY; ADVERTISING; SEALS
    • G09CCIPHERING OR DECIPHERING APPARATUS FOR CRYPTOGRAPHIC OR OTHER PURPOSES INVOLVING THE NEED FOR SECRECY
    • G09C1/00Apparatus or methods whereby a given sequence of signs, e.g. an intelligible text, is transformed into an unintelligible sequence of signs by transposing the signs or groups of signs or by replacing them by others according to a predetermined system
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3228One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • H04L2209/805Lightweight hardware, e.g. radio-frequency identification [RFID] or sensor
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/69Identity-dependent
    • H04W12/77Graphical identity

Definitions

  • the present invention relates to a method and system for enabling user access to a server coupled to an embedded system and associated computer program (product).
  • An embedded system (also referred to as “embedded system”) is an electronic computer or computer that is integrated (embedded) in a technical context, in which case the computer generally either performs monitoring, control or regulating functions or is responsible for a form of data or signal processing, for example, when encrypting or decrypting, coding or decoding or filtering.
  • a field device is a technical device, usually in the field of automation technology, which is related to a production process "referred to in the car ⁇ mation technology the area outside of control cabinets or control rooms. Field devices can thus both actuators
  • the field devices are then connected to a control and Leitsys ⁇ tem, usually via a fieldbus, or increasingly via real-time Ethernet.
  • Web servers can be coupled to or integrated with a field device to query status data and to change the device configuration. There is one Need to prevent unauthorized access to the server (HTTP server, CoAP server, REST server) of the field device.
  • Security within such an infrastructure as well as preventing intentional attacks is playing an increasingly important role.
  • a successful manipulation may cause a malfunction in the control functions of the above devices.
  • Cryptographic protection functions can be used to achieve goals such as integrity, confidentiality or authenticity of the objects. This avoids deliberate, purposeful attacks.
  • safety refers mainly to the security, confidentiality and / or integrity of data so ⁇ as their transfer and security, confidentiality and / or integrity in accessing relevant data.
  • Cryptographic functionality is generally understood to mean, for example, a function for encrypting, protecting the confidentiality, integrity protection and / or authentication of data (eg user data, control data, configuration data or administrative data) since ⁇ include, for example at one or more of the following set ⁇ led functionalities: - key storage
  • the enumerated cryptographic functionalities can in each case be carried out again with other / further methods or combinations of these methods.
  • HTTP protocol supports user authentication (HTTP Digest, HTTP Basic Authentication) (see https://en.wikipedia.org/wiki/Digest_Access_Authentication) for which a user must enter a username and password server grants the user access to successful verification of the user name and password
  • HTTP Digest, HTTP Basic Authentication see https://en.wikipedia.org/wiki/Digest_Access_Authentication
  • a user is authenticated to a web application by typing in a form (Web page) Nationalna ⁇ me and password that also. English "form based authentication" is called.
  • JWT JSON Web Token
  • JWT authorization token is usually issued by a single sign-on service.
  • HTTP HyperText Transfer Protocol
  • CoAP cryptographically protected communication connection
  • TLS cryptographically protected communication connection
  • DTLS cryptographically protected communication connection
  • the server is authenticated by means of a digital certificate.
  • the client also authenticates with his client certificate.
  • a user will Siert authentic by the user used by Web client (Web browser ⁇ ) transmits a user authentication information about the used communication protocol (HTTP, CoAP, TLS, DTLS). For this, a so-called user credential must exist on the client side (eg password, key).
  • a mobile communication device for authorizing a user is known.
  • access information about communication with a back-end system is determined specifically for a terminal to be accessed and forwarded to the field device for checking.
  • the invention claims a method for enabling a user access to an embedded system by means of an authorization of a user by at least one communication device on the server, comprising the following steps:
  • server server authorization information is updated on the embedded system depending on an in-system successful (local) authentication / authorization that can be initialized by the enabling unit.
  • This local authentication / authorization on the embedded system takes place independently of the communication connection for access or user access to the server.
  • the local Authentication / authorization is advantageous to provide additional protection against unauthorized access, but not a mandatory requirement to the above
  • the local authentication / authorization can be understood as a trigger for providing the temporary information or the provision of the temporary information is part of the local authentication / authorization or its operation.
  • the provided information or information derived therefrom which are transmitted to the server for authorization on the server and subsequent verification of the two information, a secure activation of the user access is ultimately ensured.
  • the (caused by the local car ⁇ ization) temporarily provided and the information and forwarded the check can virtually a two-factor authentication (see below) considered advertising to.
  • a development of the invention provides that information for the identification of the release unit is received by the embedded system, which in an assumed form and / or in a derived form can enter into a derivation of the temporary information to be provided. This development may be an embodiment of the local authentication / authorization described above.
  • a further development of the invention provides that the transmission of the temporary information takes place in that a code provided by the activation unit, in particular a one-dimensional barcode or two-dimensional quick response code, is photographed with the at least one communication device, wherein the communication device stores the code de ⁇ coded.
  • the transmitted information comprises at least one password and / or PIN which is determined or determined according to a prescribable rule from the temporary information.
  • a development of the invention provides that the temporary information is provided optically to a display device and / or acoustically by a transmitting device and at the at least one communication device for transmitting the same to the server detected and / or received.
  • a development of the invention provides that the temporary information is provided by means of a radio transmission device and transmitted to the at least one communication device, which receives the same for the transmission of the same to the server.
  • a further development of the invention provides that the tem- porary information a communication device are transmitted to the server by means of input at a Nationalschnittstei ⁇ le of the at least.
  • a development of the invention provides that the temporary information is transmitted to the server by means of the embedded system.
  • a development of the invention provides that at least one port in a device connection unit of the embedded system for user access to the server is enabled by an access control unit that can be integrated into the embedded system.
  • the device adapter can be pronounced as named in the engli ⁇ rule access point.
  • a development of the invention provides that the access control unit additionally checks whether the at least one communication device is remote (remote) or locally connected to the embedded system. This brings the The advantage of this is that it checks whether the embedded system actually has a local authorization and does not attempt an attack from the outside.
  • a physical authentication token (mechanical key, RFID tag) can be easily used:
  • a service technician or user can use any service computer (PC, notebook, tablet, mobile phone) to communicate with a user (Web) browser or an app to access an embedded system. Only the embedded system itself must have an appropriate reader or receiver. It is possible to use a relatively weak password as temporary information to access a server of an embedded system, since it can be dynamically generated by the embedded system and made available for display.
  • two-factor authentication i.e., identity verification of a user by means of the combination of two different and, in particular, independent components (factors), e.g., user ID and PIN (personal.
  • Identification no. or PIN and TAN (transaction no.)) for a protected user access can be easily realized.
  • the aforementioned functions / steps can be implemented in software , firmware and / or hardware. They are understood Kings ⁇ nen as a kind of functional units that can be integrated into your function in any combination in a single unit (component or server or device).
  • a further aspect of the invention an embedded Sys ⁇ system or device suitable for carrying out the method for enabling a user access to a dockable with atientbet ⁇ ended system server using an authorization of a user by at least a communication device on ⁇ pointing: Means for providing temporary information for authorization, the temporary information being derivable from server information,
  • Means for transmitting the provided and / or derived temporary information to the server
  • Another aspect of the invention may be a computer program or a computer program product with at least one Compu ⁇ terprogramm with means for carrying out the method and its referred embodiments when the computer program (-product) or the at least one computer program on the embedded system according to the above-described Art is brought to execution.
  • Form of a field device that temporary to a user Information for authorization is provided in each case in different embodiments.
  • FIG. 1 shows an embedded system in the form of a field device FD which is connected by means of a network interface
  • Interface I via a network with a communication device K, e.g. a service notebook, a mobile panel or a
  • the communication ⁇ device may be a mobile or portable device.
  • the field device FD is coupled to a server S, preferably web or service server.
  • the server S associated with the field device is integrated in the field device FD.
  • the network N can be a wired or a radio transmission network (eg WLAN, Bluetooth, Zigbee, NFC, etc.).
  • the field device is coupled to an access control unit C, which in this embodiment is integrated into the field device FD.
  • a user U can with a release device that can also be a communication device, for example in the form of a token T, ⁇ a mobile device M or even the same communication device K.
  • the release device of the user U communicates with the access ⁇ control unit C, the information (eg activation code, PIN, password, etc.) for the authorization of the user or his communication device K.
  • This information is temporarily before ⁇ preferably so that this information only for a limited period of time eg a few minutes are available.
  • the server or authorization information of the server carried updated dependent on a direct, local authentication / authorization verification by the access control unit C.
  • This local authenticatio ⁇ tion / authorization is independent of the communication link over the network N to the access to the server S.
  • For Local authentication / authorization can be used in particular: Key switch, DIP switch, jumper, input field (eg membrane keypad or touch screen or control panel) on the field device FD.
  • Authentication token eg T in the form of, for example, RFID, NFC, Bluetooth, Zigbee but also as M12 plug-in module, RJ45 plug-in module or the like possible.
  • temporary information or temporary information derived from the server information is provided to the server for authorization. This can be done optically by displaying on a display ⁇ gevoriques, acoustically by a voice output or possibly ultrasound, mechanical vibrations, etc.
  • the release device or the communication device K can be equipped with a corresponding receiver in order to receive the information.
  • a firewall rule set can be adapted by P, or a port of the network interface can be temporarily activated to allow a temporary access. It can additionally be checked whether the at least one communication device is remote (remote) or locally connected to the embedded system.
  • a hop counter is usually set to 255 for a local "link", and to a number ⁇ 255 for a "remote link”.
  • thedevio ⁇ roll unit C of the field device FD accepts a USB flash drive or token WEL che in unanswered form and / or in derived form into a derivative of the mobilized temporary information (see above) can enter.
  • a corresponding In ⁇ formation accept a USB flash drive or token WEL che in unanswered form and / or in derived form into a derivative of the mobilized temporary information (see above) can enter.
  • FIG. 2 indicates that the field device FD has a display device D, eg an LCD display or display, and a control panel B (keypad, membrane keypad).
  • a user can unlock the field device by entering a user code or an administrator code.
  • the release unit then corresponds to the display or the control panel.
  • the access control unit C With successful testing of the codes by the access control unit C is a user-is temporarily access to the server according to an access policy frge ⁇ on.
  • an access code is provided or displayed as temporary information on the display of the field device FD, which is to be entered via a user interface or surface, eg an HTML form (Form Based Authentication). The user must be on the field device (control panel,
  • Touchscreen and enter via the browser on the server S one / the same, matching PIN or password, which can be freely selectable. It is also possible that information is displayed as a temporary one-dimensional barcode or two-dimensional quick response code (QR code) on the display are provided, which can be photo ⁇ grafiert with the at least one communication device K.
  • the communication device decrypts the code and sends the data obtained therefrom for authorization to the server, which uses the provided temporary information with the information received from the communication device K. Checked or adjusted formations and depending on the activation of user access permits.
  • FIG. 3 shows that access to the field device FD takes place wirelessly, in particular via WLAN.
  • access via Bluetooth, Bluetooth LE, IEEE 802.15.4, ZigBee or via a cellular mobile radio system (GSM, UMTS, LTE, 5G, etc.) would also be possible.
  • the field device has a device connection unit, which in this embodiment is designed as a WLAN access point AP (access point) and coupled to the network interface I. After a direct local authentication / authorization check on the field device, a WLAN access point of the field device is temporarily activated or a port is released.
  • the configuration in particular network name SSID, possibly a PSK WLAN preshared key
  • the user logs in with the information that can be derived or ascertained from the temporary information (access data or code) at the access point AP and, after checking the information by the access control unit, obtains user access to the server.
  • a physical authentication token T - as shown in FIG. 4 - which may indicate a password or a PIN to be entered during server authorization (eg in a form field).
  • a password is selected as temporary information by the Feldge ⁇ advises that must be entered via the user interface components.
  • a physical authentication token it can be checked in temporally equal or variable intervals whether this token is still available and whether or not a decision is made as a function of the local policy P no longer existing token the connection to the server is maintained or dismantled. If the token is detected, depending on the policy, a warning or an indication about the server may be issued to the user.
  • the access button is connected, for example via wireless communication, to the field device FD.
  • the token not only the existence of the token T is checked, but also exchanged dynamic information with the token.
  • the token generates a PIN (eg after a certain time or at the push of a button) and displays this as temporary information on its display.
  • This PIN is then transmitted to the field device FD via NFC, for example.
  • the service technician must now enter this PIN on the server in order to authorize himself for the free access of the user access.
  • SUC ⁇ gen which (collectively referred to as computer readable storage) on computer readable storage media or volatile computer memories gen.
  • Computer-readable memory for example, volatile storage such as caches, buffers, or RAM and non-volatile memory as Kirda ⁇ pinion carrier, hard disks, etc.
  • the functions or steps described above may be in the form of at least one instruction set in / on a computer-readable memory.
  • the functions or Steps are not tied to a specific instruction ⁇ set or to a particular form of instruction sets, or to a particular storage medium or to a particular processor or to specific design schemes and can by software, firmware, microcode, hardware, Prozes ⁇ sensors, integrated circuits, etc. be carried out alone or in any combination.
  • Various processing strategies can be used, for example serial processing by a single processor or multiprocessing or multitasking or parallel processing, etc.
  • the instructions may be stored in local memories, but it is also possible to store the instructions on a remote system and access them via network.
  • processor central signal processing
  • Control unit or “data evaluation means” as here USAGE ⁇ det, processing means includes in the broad sense, that is, for example, servers, general purpose processors, Gardnerluxo ⁇ ren, digital signal processors, application specific inte ⁇ grated circuits (ASICs), programmable logic circuits, such as FPGAs, discrete analog or digital circuits and be ⁇ undesirables combinations thereof, and any other processing means known in the art or developed in the future.
  • Processors can consist of one or more devices or devices or units. If a processor consists of several devices, these can be designed or configured for the parallel or sequential processing or execution of instructions.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Computing Systems (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

L'invention concerne un procédé pour libérer un accès utilisateur à un serveur couplé à un système intégré (FD) au moyen d'une autorisation d'un utilisateur par l'intermédiaire d'au moins un appareil de communication (K) sur le serveur (S). Le procédé comprend les étapes consistant : à fournir des informations temporaires pour l'autorisation par l'intermédiaire d'une unité de libération couplée au système intégré, les informations temporaires pouvant être déduites d'informations du serveur ; à transmettre au serveur (S) les informations temporaires fournies et/ou déduites ; à libérer ledit accès utilisateur au serveur (S) par l'intermédiaire d'une unité de contrôle d'accès (C) couplée au serveur et pouvant être reliée audit au moins un appareil de communication (K), ladite libération dépendant d'une vérification pour déterminer si les informations transmises concordent au minimum de manière déterminable avec les informations fournies et/ou déduites.
PCT/EP2017/083757 2017-02-28 2017-12-20 Procédé et système pour libérer un accès utilisateur à un serveur couplé à un système intégré WO2018157960A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE102017203235.9 2017-02-28
DE102017203235.9A DE102017203235A1 (de) 2017-02-28 2017-02-28 Verfahren und System zum Freischalten eines Nutzerzugangs zu einem mit einem eingebetteten System gekoppelten Server

Publications (1)

Publication Number Publication Date
WO2018157960A1 true WO2018157960A1 (fr) 2018-09-07

Family

ID=61007651

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2017/083757 WO2018157960A1 (fr) 2017-02-28 2017-12-20 Procédé et système pour libérer un accès utilisateur à un serveur couplé à un système intégré

Country Status (2)

Country Link
DE (1) DE102017203235A1 (fr)
WO (1) WO2018157960A1 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3410241A1 (fr) * 2017-05-31 2018-12-05 Krohne Messtechnik GmbH Procédé de communication sécurisée avec un appareil de mesure de terrain du processus industriel et appareil de mesure de terrain correspondant
EP4011032A4 (fr) * 2019-08-09 2023-08-09 Rosemount Inc. Authentification à deux facteurs pour dispositifs de terrain sans fil

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102018007259A1 (de) * 2018-09-14 2019-10-17 Baumer Electric Ag Verfahren zum Betreiben einer Feldgeräte-Verbindungsstruktur
DE102020128758A1 (de) 2020-11-02 2022-05-05 Vega Grieshaber Kg Mobiles Servicegerät
DE102021213519A1 (de) 2021-11-30 2023-06-01 Vega Grieshaber Kg Feldgerät, Feldgerätenetzwerk und Verfahren zum Gewähren eines Feldgerätedatenerhalts

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030030542A1 (en) 2001-08-10 2003-02-13 Von Hoffmann Gerard PDA security system
US7734716B2 (en) 2002-01-24 2010-06-08 Ge Fanuc Automation North America, Inc. Methods and systems for management and control of an automation control module
EP1621944B1 (fr) 2004-07-29 2012-11-21 Rockwell Automation Technologies, Inc. Système de sécurité et procédé pour un système d'automatisation industriel
DE102012214018B3 (de) 2012-08-07 2014-02-13 Siemens Aktiengesellschaft Autorisierung eines Nutzers durch ein tragbares Kommunikationsgerät
US20150089591A1 (en) * 2010-11-25 2015-03-26 Ensygnia Limited Handling encoded information
US20160063785A1 (en) * 2014-09-02 2016-03-03 Endress + Hauser Conducta Gesellschaft für Mess- und Regeltechnik mbH + Co. KG Method for the authentication of at least one first unit on at least one second unit

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
ATE524897T1 (de) 2008-09-17 2011-09-15 Gmv Soluciones Globales Internet S A Verfahren und system zur authentifizierung eines benutzers mit hilfe eines mobilfunkgeräts
EP2421217B1 (fr) 2010-08-16 2013-10-02 BlackBerry Limited Système de communication fournissant une authentification sans fil pour un accès privé aux données et procédé associé
CN103441997B (zh) 2013-08-20 2017-02-22 华为技术有限公司 一种内容共享方法、装置和系统
KR102216877B1 (ko) 2014-02-19 2021-02-18 삼성전자 주식회사 전자장치에서 생체 정보를 이용한 인증 방법 및 장치
KR102213448B1 (ko) 2014-04-04 2021-02-08 삼성전자 주식회사 전자 장치의 인증 상태를 제어하는 방법 및 이를 이용한 전자 장치

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030030542A1 (en) 2001-08-10 2003-02-13 Von Hoffmann Gerard PDA security system
US7734716B2 (en) 2002-01-24 2010-06-08 Ge Fanuc Automation North America, Inc. Methods and systems for management and control of an automation control module
EP1621944B1 (fr) 2004-07-29 2012-11-21 Rockwell Automation Technologies, Inc. Système de sécurité et procédé pour un système d'automatisation industriel
US20150089591A1 (en) * 2010-11-25 2015-03-26 Ensygnia Limited Handling encoded information
DE102012214018B3 (de) 2012-08-07 2014-02-13 Siemens Aktiengesellschaft Autorisierung eines Nutzers durch ein tragbares Kommunikationsgerät
US20160063785A1 (en) * 2014-09-02 2016-03-03 Endress + Hauser Conducta Gesellschaft für Mess- und Regeltechnik mbH + Co. KG Method for the authentication of at least one first unit on at least one second unit

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3410241A1 (fr) * 2017-05-31 2018-12-05 Krohne Messtechnik GmbH Procédé de communication sécurisée avec un appareil de mesure de terrain du processus industriel et appareil de mesure de terrain correspondant
US11353836B2 (en) 2017-05-31 2022-06-07 Krohne Messtechnik Gmbh Method for secure communication with a field measuring device of process measuring technology and corresponding field measuring device
EP4011032A4 (fr) * 2019-08-09 2023-08-09 Rosemount Inc. Authentification à deux facteurs pour dispositifs de terrain sans fil

Also Published As

Publication number Publication date
DE102017203235A1 (de) 2018-08-30

Similar Documents

Publication Publication Date Title
WO2018157960A1 (fr) Procédé et système pour libérer un accès utilisateur à un serveur couplé à un système intégré
EP2494485B1 (fr) Authentification d'un jeton et protection d'intégrité de ses données
EP2891102A1 (fr) Etiquette rfid et procédé permettant de faire fonctionner une étiquette rfid
EP2668607A1 (fr) Procédé de surveillance d'une protection anti-manipulation et système de surveillance d'un appareil de terrain équipé d'une protection anti-manipulation
EP3130167B1 (fr) Procédé d'accès sécurisé à un appareil de terrain
DE102017106777A1 (de) Verfahren zum Betreiben eines Feldgeräts der Automatisierungstechnik und eine Bedieneinheit zum Durchführen des Verfahrens
EP3410241B1 (fr) Procédé de communication sécurisée avec un appareil de mesure de terrain du processus industriel et appareil de mesure de terrain correspondant
EP3582033A1 (fr) Procédé et dispositif de fonctionnement sûr d'un appareil de terrain
EP2548358B1 (fr) Méthode d'autorisation dynamique d'un dispositif de communication mobile
EP3017432B1 (fr) Dispositif de communication sécurisé pour un véhicule et système de véhicule
EP3769553B1 (fr) Procédé et système d'autorisation de la communication d'un noeud de réseau
EP3769554B1 (fr) Procédé et système d'autorisation de la communication d'un noeud de réseau
DE102008063864A1 (de) Verfahren zur Authentifizierung einer Person gegenüber einer elektronischen Datenverarbeitungsanlage mittels eines elektronischen Schlüssels
DE102017006200A1 (de) Verfahren, Hardware und System zur dynamischen Datenübertragung an ein Blockchain Rechner Netzwerk zur Abspeicherung Persönlicher Daten um diese Teils wieder Blockweise als Grundlage zur End zu Endverschlüsselung verwendet werden um den Prozess der Datensammlung über das Datenübertragungsmodul weitere Daten in Echtzeit von Sensoreinheiten dynamisch aktualisiert werden. Die Blockmodule auf dem Blockchaindatenbanksystem sind unbegrenzt erweiterbar.
EP2996299B1 (fr) Procédé et système d'autorisation d'une action sur un système auto-commandé
DE102012216396B4 (de) Ermitteln einer IT-Berechtigungsinformation unter Verwendung eines mechanischen Schlüssels
WO2018145798A1 (fr) Système de réseau et procédé de contrôle de la fonctionnalité d'une fonction de commande dématérialisée
DE102021127395A1 (de) Biometrisch authentifizierter fahrzeugstart mithilfe von mit sensor gekoppelter schlüsselangriffsdetektion
WO2019175086A1 (fr) Procédé et dispositif de transmission de données protégée de manière cryptographique entre un premier appareil et un deuxième appareil
DE102015221372A1 (de) Verfahren zur Aktivierung eines Konfigurationsmodus eines Geräts
EP4087184B1 (fr) Procédé d'authentification des interactions indépendamment d'une heure système , ainsi que dispositif de mise en uvre dudit procédé et détecteur de flamme doté d'un tel dispositif
WO2014124765A1 (fr) Dispositif et procédé d'administration sécurisée de codes d'accès
DE102011117186A1 (de) Verfahren zur Kontrolle des Zugriffs auf einen Aktor und/oder Sensor
EP3399457B1 (fr) Procédé et dispositifs de reconnaissance d'une manipulation d'un appareil
WO2013135439A1 (fr) Procédé et système pour l'authentification d'un utilisateur par une application

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17832496

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17832496

Country of ref document: EP

Kind code of ref document: A1