WO2019105666A1 - Procédé et système pour fournir une fonction technique de données au moyen d'un système de traitement de données d'un véhicule guidé - Google Patents

Procédé et système pour fournir une fonction technique de données au moyen d'un système de traitement de données d'un véhicule guidé Download PDF

Info

Publication number
WO2019105666A1
WO2019105666A1 PCT/EP2018/079528 EP2018079528W WO2019105666A1 WO 2019105666 A1 WO2019105666 A1 WO 2019105666A1 EP 2018079528 W EP2018079528 W EP 2018079528W WO 2019105666 A1 WO2019105666 A1 WO 2019105666A1
Authority
WO
WIPO (PCT)
Prior art keywords
authentication
data
unit
data processing
user
Prior art date
Application number
PCT/EP2018/079528
Other languages
German (de)
English (en)
Inventor
Thorsten Braun
Original Assignee
Siemens Mobility GmbH
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Siemens Mobility GmbH filed Critical Siemens Mobility GmbH
Priority to EP18800531.8A priority Critical patent/EP3692457A1/fr
Priority to RU2020116390A priority patent/RU2748111C1/ru
Priority to CN201880076717.0A priority patent/CN111406259A/zh
Publication of WO2019105666A1 publication Critical patent/WO2019105666A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60RVEHICLES, VEHICLE FITTINGS, OR VEHICLE PARTS, NOT OTHERWISE PROVIDED FOR
    • B60R16/00Electric or fluid circuits specially adapted for vehicles and not otherwise provided for; Arrangement of elements of electric or fluid circuits specially adapted for vehicles and not otherwise provided for
    • B60R16/02Electric or fluid circuits specially adapted for vehicles and not otherwise provided for; Arrangement of elements of electric or fluid circuits specially adapted for vehicles and not otherwise provided for electric constitutive elements
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60RVEHICLES, VEHICLE FITTINGS, OR VEHICLE PARTS, NOT OTHERWISE PROVIDED FOR
    • B60R25/00Fittings or systems for preventing or indicating unauthorised use or theft of vehicles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/102Entity profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3231Biological data, e.g. fingerprint, voice or retina
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3234Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/082Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying multi-factor authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan

Definitions

  • the invention relates to a method and a system for Be providing a data processing function by means of a data processing system of a track-bound vehicle.
  • a key switch is used to enable or disable data-related functions based on the position of the key switch. Only users who have a suitable (suitable) key can activate the data-technical function.
  • a method for providing a data processing function by means of a data processing system of a track-bound vehicle ge triggers comprises: generating an authentication token by means of an authentication unit based on an authentication process, wherein the authentication token is a session of a user of the data processing identification system, and providing the data technical function by means of a server unit of the data processing system based on the authentication token.
  • the invention is based on the recognition that data-technical functions, such as operator actions, the display of information, etc., are called in vehicles from different users. It is desirable that the data-technical functions different users or user groups user-related or user-specific to make available. Certain data-related functions should only be accessible by authorized users or user groups.
  • the data-related functions provided are coupled, for example, to a key switch position.
  • the schwtech function is provided only to the user who has the appropriate conclusions, and exclusively, while the key switch occupies a position provided for the activation of the function.
  • the known solutions are characterized by the fact that for each data-related function, such as access to diagnostic data, a separate authentication is required. Consequently, the known solutions are statically out of the management of user rights.
  • the solution according to the invention solves these problems by generating an authentication token by a central authentication service.
  • the token identifies a session of a user of the data processing system.
  • different data-technical functions can be provided.
  • the user rights can be changed in a particularly simple way by means of data-technical access to the authentication unit and adapted according to the wishes of the operator of the data processing system.
  • the access to the authentication unit is restricted to users belonging to the operator of the data processing system and / or the track bound vehicle.
  • the track-bound vehicle is preferably formed as a train driving tool.
  • the data processing system preferably comprises a communication system, which comprises at least one Ethernet network and different data telecommunication devices (systems) connected to the respective Ethernet network.
  • the participants can communicate via the respective Ethernet network (exchanging data, for example).
  • these can be logically separated, for example as virtual local area networks (VLANs), to allow data streams from one another separate.
  • the communication network preferably comprises a Bet reibetz, which is physically separated from a control network of the rail vehicle and may be technically connected to the control network data.
  • control network as a network which comprises one or more components for vehicle control (control technology)
  • control technology e.g drive and brake components
  • systems can also be used to output information to passengers and on-board personnel, the automated operation of a sanitary cell, the management of communication between the rail vehicle and the country side, etc., belong to the control network, the components being connected to one another via the control network in terms of control and communication technology.
  • Components that are connected to the operator network for data purposes can be, for example, a passenger information system (FIS) and / or a camera monitoring system for monitoring the interior and exterior of the railway vehicle (CCTV: Closed Circuit Television).
  • FIS passenger information system
  • CCTV Closed Circuit Television
  • the corre sponding components of the FIS or camera surveillance system are data technology via the operator network together a related party.
  • the user can be assigned to one or more user groups. Certain data-related functions are available to a particular user group (or the user group is blocked for certain technical functions). For example, user groups may be provided for maintenance, cleaning, vehicle accompaniment or vehicle guidance. Certain user actions may only be carried out by authorized user groups. For example, the retrieval of diagnostic sedates (as an example of a data-technical function) is intended exclusively for the user group "maintenance".
  • the expert understands by the term "data-technical function" all functions which are provided by the data processing system
  • the data-technical function can, for example, comprise the operation of a component connected to the communication network by means of a user interface retrieve data from the data processing system.
  • the authentication unit is preferably designed as an authentication server with an authentication service.
  • the authentication service includes a Remote Authentication Dial-in User Service (RADIUS).
  • RADIUS Remote Authentication Dial-in User Service
  • the authentication server is a central server within the data processing system of the tracked vehicle, which is available to various subscribers of the communication network via the Ethernet network.
  • the authentication server has a memory on which data about the user, data on an assignment of the user to a user group or multiple user groups and / or data on user rights associated with the user are stored.
  • the server unit can transmit the data-related function immediately upon receipt of the authentication function.
  • the server unit can use a received authentication token to determine independently or with the aid of another component of the data processing system, which data technology function is to be provided.
  • the authentication process comprises: providing authentication information by means of an authentication séesss Maschinen and generating the authentication token by means of the authentication unit based on the authentication information.
  • the authentication process comprises, in particular, those method steps which, in common usage, are referred to as "logging on of the user”.
  • the skilled person preferably understands that the authentication token is generated when the user has successfully authenticated himself.
  • authentication the checking of the authenticity of the user by means of the authentication unit
  • authentication the attestation of the authenticity by the authenticating unit.
  • the terms “authenticate” and “authenticate” are often combined under the term “authenticate”.
  • the authentication unit generates the authentication information based on an application
  • An identification medium which provides at least one user information, in particular a smart card, and / or
  • a biometric feature of the user which is detected by a reader.
  • the authentication unit comprises an authentication device, to which the user by means of a thentleitersmiesmedium, for example by means of the key, the smart card or the biometric feature, a Authentication is performed.
  • the authentication device can, for example
  • a smart card reader for receiving the smart card, a fingerprint reader for reading the user's fingerprint (as a biometric feature) and / or a camera unit for detecting the user's face (as a biometric feature)
  • smart card preferably as a plastic card, which has at least one inte grated circuit and preferably a memory cher, a microprocessor, etc. has.
  • the electronic key may preferably be formed by a soft ware key material, which is stored on a terminal device of the user.
  • the software key material may be stored as a user on a smartphone of a driver residing in the driver's car.
  • the software key material can be transmitted to the vehicle via Bluetooth or WLAN (WLAN: Wireless Local Area Network).
  • the authentication unit preferably comprises a control computer, which is connected to the data processing system, in particular to the Ethernet network.
  • the control computer reads out the information generated by the authentication device, generates the authentication information on the basis of this information and sends the authentication information via the Ethernet network to the authentication unit.
  • the transmission of the authentication information to the authenticating unit is preferably carried out in encrypted form.
  • the authentication token is invalidated and / or deleted at a termination of the session. This ensures that the authentication token is the session identified by the user.
  • the termination of the session is triggered by a user logoff.
  • the session may be terminated at the expiration of a predetermined period of time. This may result in the user having to log in again while using the data processing system.
  • the authentication token is transmitted to a user interface, which is designed to retrieve the function by the user.
  • the user interface can use the authentication token for different purposes. For example, the user interface is activated upon receipt of the authentication token. Alternatively or additionally, the user interface may use the authentication token to restrict provided functions. The presence and / or design of the authentication token for the user interface preferably serve as a decision criterion as to whether a data-technical function is to be made available. Alternatively or additionally, the data processing function can be requested by the user interface based on the authentication token at the server unit.
  • the user interface comprises an operator display.
  • the operator display is as
  • Touchscreen display formed on the technical data functions such as the display of information and / or operating functions are provided.
  • the authentication token is transmitted from the authentication unit to the user interface. Further preferably, the authentication token is stored by means of a memory unit of the user interface. In order for the user interface to provide the function provided by the server unit to a user.
  • the user interface is databank, in particular via the communication network, connected to the Sever unit.
  • the authentication token of the request is attached to a request for the data processing function, which is addressed by the user interface to the server unit.
  • the user interface requests the data processing function at the server unit.
  • the server unit provides the da fortune function centrally available. Based on the attached authentication token, the server unit can check the request. This prevents a data-technological attack on the data processing system from being made possible by manipulation of the user interface.
  • the server unit is located away from the user interface.
  • the person skilled in the art understands the term "removed” to mean that the user has no direct, mechanical access to the server unit, for which the server unit is preferably arranged in a protected area (not accessible to the user) of the rail vehicle ,
  • the request is triggered by an operator action of the user.
  • the Ser ver unit checks an authorization of the request with the help of the authentication unit. This achieves centralized control of user permissions based on tokens. The central role is played by the authentication unit.
  • Various components of the data processing system eg, the server unit
  • the Server unit provides the data-related function only if the verification of the authentication token by the authentication unit is successful.
  • the authorization of the request is preferably checked by means of the authentication unit during a first request within one session. For subsequent requests within the session, a check by the authentication unit is no longer required.
  • the authentication with the aid of the authentication unit is carried out in a preferred development by the authentication unit receiving the authentication token from the server unit, checking the associated authorization, and authorization information which checks the authorization of the user represents, provides.
  • a central control of entitlements of the user based on the token is enabled.
  • the validity of the token is checked by the authentication unit and, in addition, authorizations of the user as authorization information are provided by the authentication unit.
  • the authentication unit sends the authorization information to the server unit.
  • data-related functions are provided by the server unit. For this purpose, whoever transmits the data underlying the respective function to the user interface.
  • the data processing function is provided by the server unit depending on the authorization information.
  • the authentication token which sends the Sever unit to the authentication unit for checking forms the basis for providing the data-related function.
  • the server unit In addition, based on the authorization information determine which data-related functions to be provided.
  • the provision of the data-technical function comprises providing information with the server unit for display by means of a user interface.
  • the display of the information by means of the user interface is triggered by the user requesting the information by actuating a touch screen of the user interface.
  • the server unit Upon request (if a valid authentication token is present), the server unit provides the information for display by the user interface.
  • the information is transmitted to the user interface for the display and displayed by the user interface.
  • the provision of the data-technical function comprises providing data to a data interface of the data processing system.
  • the data is provided by the server unit and transmitted to the data interface.
  • a maintenance PC and / or a diagnostic device is connected to the data interface.
  • the data interface preferably comprises a USB-to-Ethernet bridge, which provides a connection between the Ethernet network and a USB port of the data interface (USB: Universal Serial Bus).
  • the data interface further preferably comprises a computing unit for processing data and a memory.
  • a preferred development of the embodiment comprises: data-technical connection of a memory unit to the data interface, querying the data by means of the data interface at the server unit and providing the data by means of the server unit.
  • the memory unit comprises a USB data memory which is carried by the user and connected to the USB port of the data interface.
  • the request is made by closing the server unit from the data interface sig nalformat that the memory unit is connected to the data interface. Further preferably, the data are prepared by the server unit in response to the request and transmitted to the data interface.
  • the data is provided to the data interface after completion of an authentication process, in particular an authentication process of the type previously described.
  • the authentication token generated during the authentication process is preferably transmitted to the data interface and more preferably from the memory of the data interface saved. Further preferably, the authentication token of the request, which is directed by the data interface to the server unit, attached.
  • authorization information which represents authorization of the user, is transmitted to the server unit after completion of the authentication process.
  • the computer unit of the data interface After connecting the memory unit, in particular the USB data memory, to the data interface, the computer unit of the data interface establishes a data connection to the server unit. For this a connection request is directed to the server unit.
  • the server unit receives the connection request and uses the authorization information to determine which data-related function is to provide. For example, the server unit uses the authorization information to determine which data is to be provided for the data interface.
  • the invention further relates to a system for providing a data processing function by means of a data processing system of a tracked vehicle.
  • the system comprises: an authentication unit configured to generate an authentication token based on an authentication process, wherein the authentication token identifies a session of a user of the data processing system, and a server unit that configures is to provide the data-related function based on the authentication token.
  • the invention further relates to a computer program product which can be at least partially loaded directly into a memory of a Ser ver unit, at least partially loaded directly into a memory of an authentication unit and software code sections, with which the method of the type described above are performed can if the product is running on a computer of the server unit and a computer of the authentication unit.
  • the invention further relates to a server unit for a data processing system of a lane-bound vehicle, which is designed to provide a data-related function based on an authentication token identifying a session of a user of the data processing system and to provide the authentication token from an authen tification unit, which is designed to generate the authentication token based on an authentication process.
  • FIG. 1 shows a schematic structure of a system according to egg nem embodiment of the invention
  • FIG. 2 shows a schematic flow diagram of an authentication process according to the invention
  • Figure 3 is a schematic flow diagram of a method according to a first embodiment of the inven tion and
  • Figure 4 is a schematic flow diagram of a method according to a second embodiment of the inven tion.
  • Figure 1 shows a vehicle 1, which is designed as a track-bound vehicle 2, in a schematic (an view.
  • the track-bound vehicle 2 has a communication system 4 which comprises at least Ethernet networks 5, 6 and 7. To the Ethernet networks 5, 6 and 7 different participants are connected in terms of data technology and connected via the Ethernet networks 5, 6 and 7.
  • the communication system 4 together with its data technically connected participants forms a data processing system. 8
  • a server unit 10 is technically connected to the Ethernet network 7.
  • the server unit 10 provides several different data processing functions.
  • the server unit 10 provides information for display via a user interface 12.
  • the user interface 12 is designed as an operator display 13 with a touch-sensitive display area (so-called touchscreen).
  • a Be user 14 functions of the data processing system 8 can be provided.
  • 14 information can be displayed to the user and / or the user 14 can operate a component of the data processing system 8 via the operator display 13.
  • the server unit 10 and the user interface 12 are data technically connected to each other via the Ethernet network 7.
  • the invention is based on the desire to provide the user 14 data technical functions based on user authorization.
  • an authentication process is carried out.
  • FIG. 2 shows a schematic flow diagram which represents the method steps carried out as part of the authentication process.
  • the user 14 logs on to the vehicle 1 using an authentication unit 16.
  • the login takes place by plugging in a user-14 personally ordered smart card 17 in a smart card reader 18 (Ver process step A).
  • authentication information is transmitted to a control unit 20 in a method step B.
  • the logon takes place by inserting a mechanical key 21 into a mechanical lock 22 and / or by reading out a biometric feature, for example a fingerprint by means of a fingerprint reader 19.
  • the control unit 20 is connected by data technology to the Ethernet network 5.
  • the authentication information is transmitted to an authentication unit 24.
  • the authentication unit 24 is formed as a server 25 with authentication service, in particular a Remote Authentication Dial-In User Service (RADIUS).
  • the server 25 is used within the vehicle 1 as a central server or service for authenticating Benut zern.
  • the server 25 If there are user data associated with the received authentication information on the server 25, the server 25 generates an authentication token in a method step D.
  • the authentication token identifies a session of the user 14. In other words, the authentication token loses its validity and / or is deleted when the session ends. The termination of the session is triggered, for example, by logging off the user 14.
  • FIG. 3 shows a schematic flow diagram which represents the method steps carried out in the context of a first exemplary embodiment.
  • a method step E the authentication token is transmitted to the user interface 12 via the Ethernet network 5, 6, 7.
  • the user interface 12 stores the authentication token by means of a storage unit.
  • the user 14 When operating the user interface 12, the user 14 calls a data processing function in a method step F. For example, by operating the user interface 12 as a data-related function, the user 14 requests display of information by means of the user interface 12. In response to this action of the user 14, in a method step G, a request for the function from the user interface 12 to the server unit 10 sent. The request will receive the authentication token for the Transmission to the server unit 10 in a step GG attached.
  • the server unit 10 checks an authorization of the request in that the server unit 10 sends the authentication token to the authentication unit 24 via the Ethernet network 6.
  • the authentication unit 24 receives the authentication token from the server unit 10 in a method step J.
  • the authentication unit 24 checks an associated authorization (which is assigned to the authentication token) and in a method step L provides authorization information, which the permission of the user 14 represents ready.
  • the authorization information which represents credentials of the user and authorizations of the user, are transmitted to the server unit 10 in a method step M.
  • the server unit 10 provides the information to be displayed on the basis of the received authorization information in a method step N and transmits it to the user interface 12.
  • the information is shown in a method step 0 by means of the user interface 12.
  • the method steps H to L are to be carried out in particular during a first-time request by means of the user interface 12 within a session.
  • the se can provide data-technical functions on the basis of the authorization information until the end of the session.
  • FIG. 4 shows a schematic flow diagram which represents the method steps carried out in the context of a second exemplary embodiment.
  • authentication tokens generated during the authentication process are transmitted to a data interface 32 (via the Ethernet network 5, 6, 7) and stored by a memory of the data interface.
  • authorization information of the user 14 is transmitted from the authentication unit 24 to the server unit 10 via the Ethernet network 6 (method step P).
  • a method step Q the user 14 connects a memory unit 30 in the form of a USB memory 31 to the data interface 32.
  • the connection is beispielswei se by inserting the USB memory 31 in the data intersection point 32.
  • a data connection to the server unit 10 ago is a computing unit of the data interface.
  • a connection request to the ser Ver unit 10 is directed.
  • the server unit 10 receives the connection request.
  • a method step R the data interface 32 queries the server unit 10 for data which are provided for storage on the memory unit 30.
  • the terrorismstel le 32 includes a USB-to-Ethernet bridge, which provides a Ver connection between the Ethernet network 7 and a USB port of the data interface available (USB: Universal Serial Bus).
  • Inquiries R are made by signaling from the data interface 32 to the server unit 10 that the USB memory 31 is connected during the connection.
  • the server unit 10 checks which data is provided for a memory on the USB memory 31. Depending on the authorization information, the server unit 10 provides the data in a method step S. For example, the server unit 10 uses the authorization information to determine which data is available for the data interface. be presented. In a method step T, the provided data are transmitted via the Ethernet network 7 to the data interface 32 in order to be stored on the memory unit 30.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Mechanical Engineering (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Biodiversity & Conservation Biology (AREA)
  • Biomedical Technology (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Computing Systems (AREA)
  • Small-Scale Networks (AREA)
  • Lock And Its Accessories (AREA)

Abstract

L'invention concerne un procédé ainsi qu'un système pour fournir une fonction technique de données au moyen d'un système de traitement de données (8) d'un véhicule guidé (2). Pour fournir la fonction technique de données de façon flexible et orientée utilisateur, le procédé comprend les étapes suivantes : production (D) d'un jeton d'authentification au moyen d'une unité d'authentification (24) sur la base d'un processus d'authentification, le jeton d'authentification identifiant une session d'un utilisateur (14) du système de traitement de données (8); et fourniture (N) de la fonction technique de données au moyen d'une unité de serveur (10) du système de traitement de données (8) sur la base du jeton d'authentification.
PCT/EP2018/079528 2017-11-28 2018-10-29 Procédé et système pour fournir une fonction technique de données au moyen d'un système de traitement de données d'un véhicule guidé WO2019105666A1 (fr)

Priority Applications (3)

Application Number Priority Date Filing Date Title
EP18800531.8A EP3692457A1 (fr) 2017-11-28 2018-10-29 Procédé et système pour fournir une fonction technique de données au moyen d'un système de traitement de données d'un véhicule guidé
RU2020116390A RU2748111C1 (ru) 2017-11-28 2018-10-29 Способ и система для предоставления информационно-технической функции посредством системы обработки данных колейного транспортного средства
CN201880076717.0A CN111406259A (zh) 2017-11-28 2018-10-29 借助有轨车辆的数据处理系统提供数据技术功能的方法和系统

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE102017221300.0 2017-11-28
DE102017221300.0A DE102017221300A1 (de) 2017-11-28 2017-11-28 Verfahren und System zum Bereitstellen einer datentechnischen Funktion mittels eines Datenverarbeitungssystems eines spurgebundenen Fahrzeugs

Publications (1)

Publication Number Publication Date
WO2019105666A1 true WO2019105666A1 (fr) 2019-06-06

Family

ID=64270826

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2018/079528 WO2019105666A1 (fr) 2017-11-28 2018-10-29 Procédé et système pour fournir une fonction technique de données au moyen d'un système de traitement de données d'un véhicule guidé

Country Status (5)

Country Link
EP (1) EP3692457A1 (fr)
CN (1) CN111406259A (fr)
DE (1) DE102017221300A1 (fr)
RU (1) RU2748111C1 (fr)
WO (1) WO2019105666A1 (fr)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP4060946A1 (fr) * 2021-03-16 2022-09-21 Siemens Aktiengesellschaft Authentification d'un appareil dans un réseau de communication d'une installation d'automatisation

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050269401A1 (en) * 2004-06-03 2005-12-08 Tyfone, Inc. System and method for securing financial transactions
DE102014119241A1 (de) * 2014-12-19 2016-06-23 Knorr-Bremse Systeme für Schienenfahrzeuge GmbH Verfahren zur Authentifizierung an einer Steuereinheit eines Subsystems eines Schienenfahrzeugs
WO2017004373A1 (fr) * 2015-07-02 2017-01-05 Convida Wireless, Llc Structure d'autorisation dynamique pilotée par ressources

Family Cites Families (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1811421A1 (fr) * 2005-12-29 2007-07-25 AXSionics AG Jeton de sécurité et procédé d'authentification d'un utilisateur au moyen du jeton de sécurité
AU2007203701A1 (en) * 2007-08-08 2009-02-26 Red Crater Global Ltd Security control over computer access in restricted area
US8689292B2 (en) * 2008-04-21 2014-04-01 Api Technologies Corp. Method and systems for dynamically providing communities of interest on an end user workstation
DE102008042262B4 (de) * 2008-09-22 2010-05-27 Bundesdruckerei Gmbh Verfahren zur Speicherung von Daten, Computerprogrammprodukt, ID-Token und Computersystem
US8984588B2 (en) * 2010-02-19 2015-03-17 Nokia Corporation Method and apparatus for identity federation gateway
WO2013087984A1 (fr) * 2011-12-12 2013-06-20 Nokia Corporation Procédé et appareil pour la réalisation de comptes de services fédérés
US8966268B2 (en) * 2011-12-30 2015-02-24 Vasco Data Security, Inc. Strong authentication token with visual output of PKI signatures
DE102012218943A1 (de) * 2012-10-17 2014-04-17 Bundesdruckerei Gmbh Verfahren zur Initialisierung von Datenbankmitteln
US9742767B1 (en) * 2014-09-25 2017-08-22 Google Inc. Systems, methods, and media for authenticating multiple devices
CN106375270B (zh) * 2015-07-24 2020-12-08 华为技术有限公司 令牌生成并认证的方法及认证服务器
US9619638B2 (en) * 2015-08-25 2017-04-11 International Business Machines Corporation Vehicle operations based on biometric fingerprint analysis
JP6682254B2 (ja) * 2015-12-08 2020-04-15 キヤノン株式会社 認証連携システム及び認証連携方法、認可サーバー及びプログラム

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050269401A1 (en) * 2004-06-03 2005-12-08 Tyfone, Inc. System and method for securing financial transactions
DE102014119241A1 (de) * 2014-12-19 2016-06-23 Knorr-Bremse Systeme für Schienenfahrzeuge GmbH Verfahren zur Authentifizierung an einer Steuereinheit eines Subsystems eines Schienenfahrzeugs
WO2017004373A1 (fr) * 2015-07-02 2017-01-05 Convida Wireless, Llc Structure d'autorisation dynamique pilotée par ressources

Also Published As

Publication number Publication date
RU2748111C1 (ru) 2021-05-19
CN111406259A (zh) 2020-07-10
EP3692457A1 (fr) 2020-08-12
DE102017221300A1 (de) 2019-05-29

Similar Documents

Publication Publication Date Title
DE60131534T2 (de) Umfassender Authentifizierungsmechanismus
DE102014107242A1 (de) System und Verfahren zur Zugriffskontrolle
DE102015005232B4 (de) Steuern einer Freischaltberechtigung eines Kraftfahrzeugs
WO2016005377A1 (fr) Procédé et système d'authentification d'un utilisateur
DE102016201601B4 (de) Verfahren und Vorrichtungen betreffend insbesondere ein Kraftfahrzeugzugangs- und/oder Start-System
DE102016215021B4 (de) Verfahren und Servervorrichtung zum Konfigurieren eines Weitergabevorgangs einer Zugangsberechtigung zu einem Kraftfahrzeug
DE102011078018A1 (de) System zum Ausführen von Fernfunktionen eines Kraftfahrzeugs
DE102004044454A1 (de) Tragbares Gerät zur Freischaltung eines Zugangs
DE10311327A1 (de) Nutzer-Objekte zur Authentifizierung der Nutzung medizinischer Daten
EP1697820B1 (fr) Procede pour activer un acces a un systeme informatique ou a un programme
DE102010010760A1 (de) Verfahren zur Vergabe eines Schlüssels an ein einem drahtlosen Sensor-Aktor-Netz neu hinzuzufügendes Teilnehmergerät
WO2004034334A1 (fr) Systeme de controle d'acces pour portes et procede pour faire fonctionner un tel systeme
WO2019105666A1 (fr) Procédé et système pour fournir une fonction technique de données au moyen d'un système de traitement de données d'un véhicule guidé
EP2199944A2 (fr) Procédé d'authentification d'une personne par rapport à une installation de traitement des données électronique à l'aide d'une clé électronique
DE102014108162A1 (de) Verfahren zur Bedienung eines Feldgerätes vermittels eines Bediengerätes
EP1525731B1 (fr) Identification d'un utilisateur d'un terminal mobile et generation d'une autorisation d'action
EP3032505B1 (fr) Procédé de fonctionnement de terminaux de paiement d'un système de contrôle d'accès ID pour un scénario d'après paiement
WO2016124506A1 (fr) Procédé de gestion d'autorisation dans un ensemble comportant plusieurs systèmes informatiques
DE102010031932A1 (de) Verfahren zur Zugangskontrolle und entsprechende Vorrichtung
EP3657750B1 (fr) Procédé d'authentification des lunettes intelligentes dans un réseau de données
DE102015213449B4 (de) Vorrichtung zum Betrieb eines Fahrzeugs für Car-Sharing und Fahrzeug für Car-Sharing umfassend die Vorrichtung
DE102018215739A1 (de) Verwendung einer Benutzerschnittstelle eines Fahrgastinformationssystems und/oder Unterhaltungssystems
DE102017000514B3 (de) Vorrichtungen, systeme und verfahren zum entriegeln eines schlosses eines schloss-systems
EP2169579A1 (fr) Procédé et dispositif d'accès à un document lisible sur machine
EP3039611B1 (fr) Procedure et dispositif pour transferer une information

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18800531

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 2018800531

Country of ref document: EP

Effective date: 20200508

NENP Non-entry into the national phase

Ref country code: DE