WO2021099561A1 - Verfahren zum sicheren datenkommunikation in einem rechnernetzwerk - Google Patents
Verfahren zum sicheren datenkommunikation in einem rechnernetzwerk Download PDFInfo
- Publication number
- WO2021099561A1 WO2021099561A1 PCT/EP2020/082870 EP2020082870W WO2021099561A1 WO 2021099561 A1 WO2021099561 A1 WO 2021099561A1 EP 2020082870 W EP2020082870 W EP 2020082870W WO 2021099561 A1 WO2021099561 A1 WO 2021099561A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- computer
- data
- data connection
- key
- connection
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims abstract description 41
- 238000004891 communication Methods 0.000 title claims description 36
- 230000005540 biological transmission Effects 0.000 claims description 20
- 238000012423 maintenance Methods 0.000 description 6
- 238000013459 approach Methods 0.000 description 5
- 238000013475 authorization Methods 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- 238000013024 troubleshooting Methods 0.000 description 2
- 230000004888 barrier function Effects 0.000 description 1
- 230000006735 deficit Effects 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000000737 periodic effect Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/107—Network architectures or network communication protocols for network security for controlling access to devices or network resources wherein the security policies are location-dependent, e.g. entities privileges depend on current location or allowing specific operations only from locally connected terminals
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- B—PERFORMING OPERATIONS; TRANSPORTING
- B66—HOISTING; LIFTING; HAULING
- B66B—ELEVATORS; ESCALATORS OR MOVING WALKWAYS
- B66B1/00—Control systems of elevators in general
- B66B1/34—Details, e.g. call counting devices, data transmission from car to control system, devices giving information to the control system
- B66B1/3415—Control system configuration and the data transmission or communication within the control system
- B66B1/3423—Control system configuration, i.e. lay-out
-
- B—PERFORMING OPERATIONS; TRANSPORTING
- B66—HOISTING; LIFTING; HAULING
- B66B—ELEVATORS; ESCALATORS OR MOVING WALKWAYS
- B66B1/00—Control systems of elevators in general
- B66B1/34—Details, e.g. call counting devices, data transmission from car to control system, devices giving information to the control system
- B66B1/3415—Control system configuration and the data transmission or communication within the control system
- B66B1/3446—Data transmission or communication within the control system
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/18—Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
Definitions
- the present invention relates to a method for communicating data in a computer network and to a computer network configured to carry out this method, in particular in a passenger transport system.
- Computers which are often referred to as computers, are used in a wide variety of applications for processing data. In a wide range of applications, computers must be able to exchange data with other computers. For this purpose, several computers are connected to a computer network via data connections.
- the authenticity of computers participating in the data communication is usually checked in advance.
- the computers that strive for data communication can exchange authentication data.
- a previously created list can be used, for example, to check whether the authenticated computers are authorized to communicate with one another.
- data communication between computers is also encrypted.
- data to be communicated is encrypted by a sending computer using previously specified encryption data before they are transmitted to a receiving computer, and then decrypted again by the receiving computer using correlating encryption data.
- the sending computer can encrypt the data to be transmitted with a public key of the receiving computer so that the latter can then decrypt the received data again with its private key, which is to be kept secret and which correlates with the public key. Because both computers use correlating encryption data, the authenticity or authorization of the communicating computers is also checked indirectly.
- the authentication data can also be made for the authentication data to have a time-limited validity. However, this may require that after this validity has expired, new authentication data must be transmitted to the computers, which in turn may require a data connection between the computers and the authority computer.
- a need for a method for communicating data in a computer network with which at least some of the deficits mentioned at the outset, as they occur in the conventional operation of computer networks, can be overcome.
- a method for communicating data in a computer network which can be implemented easily and / or with little hardware expenditure and which nevertheless allows a high level of security in data communication.
- a computer network that is configured to carry out or control such a method.
- a passenger transport system that is equipped with such a computer network.
- a method for communicating data in a computer network between a first computer and a second computer, in particular in a passenger transport system is proposed.
- the first computer and the second computer are accommodated together in a room protected against unauthorized access.
- the first computer and the second computer are also connected to one another via a first and a second data connection.
- the second data connection runs exclusively within the protected area.
- the second data connection only allows data to be transmitted between the first computer and the second computer.
- the method comprises at least the following method steps, preferably in the specified order:
- a computer network with a first computer and a second computer in particular in a passenger transport system, is proposed.
- the first computer and the second computer are accommodated together in a room protected against unauthorized access.
- the first computer and the second computer are connected to one another via a first and a second data connection.
- the second data connection runs exclusively within the protected area.
- the second data connection only allows data to be transmitted between the first computer and the second computer.
- the computer network is configured to carry out or control the method according to an embodiment of the first aspect of the invention.
- a passenger transportation system in particular an elevator system, with a computer network according to an embodiment of the second aspect of the invention is proposed, the protected space being a machine room of the passenger transportation system.
- computers must be reliably and securely connected to one another via a data network in a wide variety of technical applications communicate, ie exchange data, can.
- it must be ensured that individual computers only communicate with certain other computers, but do not transmit data to computers that are not authorized for this purpose and / or accept data from computers that are not authorized for this purpose.
- computers must be able to authenticate, ie a computer must be able to reliably determine the identity of another computer coming into question as a communication partner and, on the basis of the identified identity, determine whether data exchange with this computer is permissible.
- a first computer and a second computer can be part of a computer network made up of a large number of computers.
- the first computer can, for example, be a host computer or server computer and the second computer can be a client computer from a plurality of client computers included in the computer network. All these computers can be connected to one another via one or more data connections, i.e. in principle they can be able to exchange data with one another via wired or wireless interfaces.
- the first computer can exchange data reliably and discretely with the second computer, it must be ensured that no other computer on the computer network can eavesdrop on the data communication between the first and the second computer and that no other computer can intercept the first computer other than the second computer can output.
- the second computer can authenticate itself to the first computer so that the first computer can be certain of the identity of the second computer and can then determine, based on the identity established in this way, whether there is data communication with the second computer is permissible, ie whether the second computer is authorized to exchange data with the first computer.
- a prerequisite for the functioning of the method presented here is that the first computer and the second computer are accommodated together in a room protected against unauthorized access, i.e. are in the immediate vicinity of one another.
- a room can be understood as a physically delimited area, to which normally only persons authorized for this have access.
- a room can, for example, be a volume in a building or structure surrounded by walls or other physical boundaries, to which access is only possible via one or more lockable doors or the like.
- a person In order to get into the protected space through such a door, a person must be authorized beforehand, for example by being in possession of a key suitable for unlocking the door.
- the room protected against unauthorized access can be, for example, a machine room of the passenger transport system.
- Such a machine room can typically be locked and thus secured against unauthorized access.
- both a drive machine and a controller used to control this drive machine are accommodated in a machine room.
- this control usually has a computer that can be viewed as the first computer or host computer.
- This first computer can communicate with a large number of other computers, which in certain cases can be viewed here as second computers or client computers. Some of these computers can be located within the Machine room are located, other computers can be arranged outside the machine room.
- a computer can be viewed, for example, which should be able to communicate with the first computer for maintenance purposes or for troubleshooting and for this purpose should be able to exchange data with the first computer.
- the second computer can be permanently installed in the protected space.
- the second computer can be temporarily brought into the protected space, for example by a maintenance technician temporarily bringing a maintenance device controlled by the second computer into the machine room.
- the first and the second computer should be connected to one another both via a first data connection and via a second data connection. Via each of the two data connections, data can be exchanged between the two computers from the first computer to the second computer and / or from the second computer to the first computer.
- a data connection can be established by wire, i.e. data can be transmitted between the two computers via devices and / or cables connecting the computers.
- a data connection can be established wirelessly, i.e. data can be transmitted between the two computers via radio, for example.
- authentication data should first be generated by the first computer, by means of which the second computer can authenticate itself on the first computer.
- the authentication data contain at least one key to be kept secret.
- the key to be kept secret is transmitted from the first computer to the second computer via the second data connection.
- the key to be kept secret can, for example, be part of a key pair made up of a public key and a private key correlating with it. In particular, the key to be kept secret can be the private key of such a key pair.
- the first computer does not send the key of this authentication data, which is to be kept secret, to the second computer via the first data connection, but rather via the second data connection.
- the first computer can be sure that the secret key of the authentication data has been sent to a computer that is located within the protected area.
- the first computer can therefore assume that the second computer receiving the key to be kept secret is authorized to exchange data with the first computer, since otherwise it would not have been allowed to enter the protected area.
- the first computer can also assume that the secret key can only be known to a second computer that is authorized for communication with the first computer.
- encrypted data communication is established between the first and the second computer, the authentication data being used at least for the authentication of the second computer by the first computer. .
- this data communication is not established via the second data connection, but via the first data connection, via which the first computer is also connected to other computers and which generally has different data transmission properties than the second data connection.
- the first computer can thus check the authenticity of the second computer within the framework of the encrypted data communication established.
- the method described and the computer network specially designed for this purpose can ensure that data communication required for certain applications can only be established from the first computer with computers that are authorized for this purpose and that are located within the protected area.
- the data communication protected in this way can be set up with very simple hardware means.
- the first data connection is configured for data communication at a higher data transmission rate than the second data connection.
- the first data connection can be designed to transmit data at a higher transmission rate than the second data connection.
- the first data connection can thus be designed for a larger bandwidth than the second data connection.
- the data transmission rate to be established via the first data connection can be more than twice as high, preferably more than ten times as high, as that of the second data connection. While the first data connection can thus be designed for a high data throughput, the second data connection can be established with technically simpler means, since it only needs to enable a low transmission rate.
- the first data connection is also accessible to subscribers in the computer network who are located outside the protected area.
- the first data connection can be configured in such a way that it can also be used to communicate with the first computer via computers that are not located within the protected space, but are external to it.
- the first data connection can be part of a local network (LAN - local area network), a wide network (WAN - wide area network) or even a global data network such as the Internet, via which a large number of computers inside and outside the protected space can communicate with each other.
- the first data connection can be an Ethernet connection.
- Ethernet connections are a long-established and largely standardized option for data transmission between several computers.
- Ethernet connections use software in the form of protocols, etc., and hardware in the form of cables, distributors, network cards, etc., which are specified for wired data networks and which are originally for local area networks (LAN). They enable data to be exchanged between the devices connected in a local network using data frames. Transmission rates of up to 400 gigabit / s are currently possible.
- a data network established with Ethernet connections typically extends over a building, but Ethernet variants over fiber optics can have a range of up to 70 km.
- the second data connection can only allow data to be transmitted between the first computer and the second computer.
- the second data connection can thus differ from the first data connection, which in principle can allow data to be transmitted between the first computer and a large number of other computers.
- the second data connection can thus ensure that only data can be exchanged via it between the first and the second computer, but not with other computers.
- the second data connection can be a wired data connection.
- Such a wired data connection can use one or more cables which run between the first and the second computer and via which these two computers can exclusively exchange data.
- a wired data connection can be established in a technically simple manner by, for example, plugging a data cable with its plugs into one of the computers at opposite ends.
- the data cable establishing the data connection can be used shielded so that data transmitted via the data cable cannot be intercepted from outside.
- the data transmission takes place via such a wired data connection exclusively between the two first and second computers arranged in the protected space and can neither be manipulated nor eavesdropped from outside the protected space.
- the second data connection can be a serial data connection.
- a serial data connection enables data to be transmitted sequentially between communication partners, for example in the form of individual bits.
- Such a serial data connection can be established with very simple technical means, for example with a single wire or cable, which can optionally be shielded.
- the second data connection can be a unidirectional data connection.
- a unidirectional data connection which is sometimes also referred to as a monodirectional data connection, can be understood to mean a data connection which allows data transmission only in one direction, but not in the opposite direction.
- a cable can typically not only transmit data unidirectionally
- the interfaces to be provided on the first and second computers, which are connected to the cable and which are part of the data connection can very well be designed for such unidirectional data communication.
- the interface provided on the first computer can only be configured to send data but not receive it, whereas the interface provided on the second computer can only be configured to receive data, but not to send it.
- a particularly confidential data transmission can be established.
- only a transmission of data from the first computer to the second computer can be made possible via the second data connection.
- the key to be kept secret is formed by a key for symmetrical data encryption, the key being stored on the first computer as well as on the second computer.
- the data communication to be established between the first and the second computer is symmetrical encryption
- the key to be kept secret is formed by a private key of the second computer.
- a public key corresponding to the private key is generated by the first computer.
- the authentication data include at least the private key and the public key.
- authentication data can include a key pair with a private and a public key, the private key being transmitted from the first computer to the second computer via the second data connection
- the public key is stored on the first computer in a list of authorized keys. In other words, it becomes public
- the key of the second computer is stored on the first computer in such a way that it can be recognized as trustworthy at a later point in time
- the public key which is part of a key pair serving as authentication data and which is generated by the first computer itself and then stored, is stored as trustworthy, so that when encrypted data communication is established later for the first computer it can be seen that the associated Communication partner computer is trustworthy, ie authorized.
- the public key is signed by the first computer and this signed key, together with the private key, forms the authentication data.
- the signed key can also be transmitted to the second computer.
- the signed key is also referred to as a certificate or can form a certificate.
- the second computer can set up an encrypted connection between the second computer and the first computer using Transport Layer Security or also using Secure Sockets Layer, the first computer being able to check the authenticity of the second computer.
- the second computer can dispense with checking the authenticity of the first computer. However, this could be done optionally.
- FIG. 1 shows a passenger transport system in the form of an elevator system with a computer network according to an embodiment of the present invention.
- FIG. 1 shows a passenger transport system 1 in the form of an elevator system 3.
- an elevator car 7 is displaced vertically by a drive machine 9.
- the drive machine 9 is controlled by an elevator control 11.
- the elevator control 11 has a first computer 13 or is controlled by it.
- the first computer is part of a computer network 15 in which several computers 19, 21, 23 can communicate with the first computer 13 via a first data connection 17.
- Computers 19 can be accommodated within a machine room 25 in which the controller 11 and the first computer 13 are also located.
- Other computers 21, 23 can be located outside this machine room 25.
- the first data connection 17 can be an Ethernet connection and can enable high data transmission rates of, for example, a few kilobits per second through a few megabits per second up to a few gigabits per second.
- the second computer 27 can, for example, be part of a maintenance tool that is brought along and / or operated by a technician 31 in order to configure the controller 11.
- the second computer 27 is located within the machine room 25. Since this machine room 25 can only be entered by people through a lockable door 33, it can be viewed as a room 35 protected against unauthorized access.
- the second computer 27 is connected to the first computer 13 via the first data connection 17 and can use this to exchange data with the first computer 13 at a high data transmission rate.
- the second computer 27 is on the other hand connected to the first computer 13 via a second data connection 29.
- This second data connection 29 runs exclusively within the engine room 25. It is preferably designed as a wired data connection and is used exclusively to transmit data between the first computer 13 and the second computer 27.
- the second data connection 29 is designed as a serial and unidirectional data connection that it only enables data to be transmitted from the first computer 13 in one direction to the second computer 27, but not in the opposite direction.
- the two computers can assume different roles or perform different tasks.
- the first computer 13 can, for example, control the controller 11 of the elevator system 3 and thereby be responsible for correct and safe operation of the elevator system 3.
- the second computer 27 can be a client computer that should be able to interact with the controller 11.
- Such a client computer can, for example, display and / or modify status information and can be used for maintenance or troubleshooting of an elevator installation 3.
- Client computer and host computer ie first computer 13 and second computer 27, are all connected to the same local network, that is, can use the common first data connection 17 communicate with each other.
- This network is used as a connection with a wide bandwidth and shared by all computers in order to form a LAN for the elevator system 3.
- the client computer, ie the second computer 27, is located together with the first computer 13 within the protected space 35, ie in close proximity to the first computer 13 with which it is to interact.
- the protected space 35 that is to say the engine room 25 in the example mentioned, is regarded as trustworthy.
- this room 35 has sufficient physical barriers, such as the lockable door 33, to prevent unauthorized entry.
- the network can also be accessed by other computers 19, 21, 23 that are not necessarily in the vicinity of the first computer 13, ie by other computers 19, 21, 23 that are not located within the protected space 35 become.
- the data exchange must be secure. This means that only authorized client computers are allowed to communicate with the server via the local network.
- a wide area network (WAN) such as the Internet may be available to interact with members of the local area network.
- the local network i.e.
- the first data connection 17 should not be allowed to be used to exchange data to be kept secret, such as authentication data or encryption data to be used accordingly, in order to rule out the possibility that this could be read by an attacker eavesdropping on the data traffic.
- data to be kept secret such as authentication data or encryption data to be used accordingly
- Conventionally, such assumptions or problems are solved by gradually defining data to be kept secret, for example in the form of software keys or certificates, which identify the client computer and are recognized as authentic by the host computer.
- this can present the following logistical challenges:
- Data to be kept secret such as keys or certificates
- keys or certificates can be generated as different at the time of manufacture of a computer or an assembly by accessing a certified authority computer that is responsible for generating such keys and certificates. While this is possible, it introduces complex additional infrastructure into a manufacturing chain.
- Keys and certificates can have a kind of expiry date, i.e. have a limited validity in order to reduce the risks of security gaps that are not limited in time.
- Generating and installing new keys and certificates, for example at periodic intervals, can, however, lead to increased logistics costs, for example if no Internet connection is available and a visit on site is required to install such keys and certificates.
- a parallel connection can be established between the second computer 27 serving as the client computer and the first computer 13 serving as the server computer, which connection can be assumed to be reliable.
- the second data connection 29 can be used, for example, in the form of a short serial cable with a physical unidirectional transmission capability from the server computer to the client computer for a secure exchange of data to be kept secret.
- the cable establishing the second data connection 29 can connect the client computer to the server computer, since these are assumed to be arranged in spatial proximity to one another.
- the cable can also be assumed to be secured against physical access, since it is located in the protected space 35 and is therefore not easily accessible for eavesdropping or eavesdropping.
- a configuration in which the cable only enables unidirectional data transmission can help to make it even more difficult to carry out an eavesdropping attack.
- the first computer 13 generates authentication data by means of which the second computer 27 can authenticate itself on the first computer.
- the authentication data contain a key of the second computer 27 to be kept secret and a public key of the second computer 27.
- the first computer 13 stores the public key, for example in a list of authorized keys. This list can be used later to authenticate a client computer such as the second computer 27.
- the list can be formed, for example, by a file, a database or also by a directory structure and files.
- the first computer 13 can also sign the public key of the authentication data with its own private key.
- the signed, public key of the authentication data is also referred to as the certificate in the following.
- the first computer 13 sends the key of the authentication data to be kept secret to the second computer 27 via the serial, preferably unidirectional cables 29, for example with a standard serial protocol such as RS232.
- the public key of the authentication data or the certificate can also be transmitted to the second computer, this transmission being able to take place either via the first data connection 17 or via the second data connection 29.
- the second computer 27 can store it, for example in a permanent data memory. Likewise, the public key of the authentication data or the certificate can be saved if this or this has been transmitted to the second computer 27.
- the second computer 27 can then use this key, which is to be kept secret, in order to establish authenticated data communication with the first computer via the local network, that is to say via the first data connection 17.
- the first computer 13 can authenticate the second computer 27, since the first computer 13 has the public key corresponding to the private key of the authentication data in the list of authorized keys. Alternatively, the first computer 13 can check the signature of the certificate.
- the data connection between the first computer 13 and the second computer 27 is also encrypted.
- a known encryption method such as, for example, Transport Layer Security or Secure Sockets Layer, can be used for this purpose.
- the first computer 13 generates authentication data by means of which the second computer 27 can authenticate itself on the first computer.
- the authentication data contain a key that is to be kept secret.
- the first computer 13 stores the key to be kept secret, for example in a list of authorized keys to be kept secret. This list can later be used to authenticate the second computer 27.
- the first computer 13 sends the key to be kept secret to the second computer 27 via the serial, preferably unidirectional cable which forms the second data connection 29.
- serial preferably unidirectional cable which forms the second data connection 29.
- a standard serial protocol such as RS232 can be used for this.
- the second computer 27 can store it, for example in a permanent data memory.
- the second computer 27 can then use this key, which is to be kept secret, in order to establish authenticated as well as secure data communication with the first computer 13 via the local network, that is to say via the first data connection 17.
- the first computer 13 can authenticate the second computer, since only the first computer 13 and the second computer know the secret key.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Automation & Control Theory (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Signal Processing (AREA)
- Small-Scale Networks (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
Description
Claims
Priority Applications (5)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
AU2020385641A AU2020385641A1 (en) | 2019-11-21 | 2020-11-20 | Method for secure data communication in a computer network |
EP20807450.0A EP4062615A1 (de) | 2019-11-21 | 2020-11-20 | Verfahren zum sicheren datenkommunikation in einem rechnernetzwerk |
US17/755,975 US20220407848A1 (en) | 2019-11-21 | 2020-11-20 | Method for secure data communication in a computer network |
BR112022009812A BR112022009812A2 (pt) | 2019-11-21 | 2020-11-20 | Processo para a comunicação de dados segura em uma rede de computadores |
CN202080080677.4A CN114747178A (zh) | 2019-11-21 | 2020-11-20 | 用于确保计算机网络中的数据通信安全的方法 |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP19210773.8 | 2019-11-21 | ||
EP19210773 | 2019-11-21 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2021099561A1 true WO2021099561A1 (de) | 2021-05-27 |
Family
ID=68653422
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/EP2020/082870 WO2021099561A1 (de) | 2019-11-21 | 2020-11-20 | Verfahren zum sicheren datenkommunikation in einem rechnernetzwerk |
Country Status (6)
Country | Link |
---|---|
US (1) | US20220407848A1 (de) |
EP (1) | EP4062615A1 (de) |
CN (1) | CN114747178A (de) |
AU (1) | AU2020385641A1 (de) |
BR (1) | BR112022009812A2 (de) |
WO (1) | WO2021099561A1 (de) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP7151941B2 (ja) * | 2020-06-19 | 2022-10-12 | 三菱電機ビルソリューションズ株式会社 | エレベーター制御装置、エレベーター監視システム及びエレベーター監視方法 |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20140258392A1 (en) * | 2013-03-05 | 2014-09-11 | Cisco Technology, Inc. | System and associated methodology for detecting same-room presence using ultrasound as an out-of-band channel |
US20190100405A1 (en) * | 2017-09-29 | 2019-04-04 | Otis Elevator Company | Elevator request authorization system for a third party |
Family Cites Families (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7711565B1 (en) * | 1999-06-10 | 2010-05-04 | Gazdzinski Robert F | “Smart” elevator system and method |
ATE315859T1 (de) * | 2002-09-17 | 2006-02-15 | Errikos Pitsos | Verfahren und vorrichtung zur bereitstellung einer liste von öffentlichen schlüsseln in einem public-key-system |
GB2472491B (en) * | 2009-02-06 | 2013-09-18 | Thales Holdings Uk Plc | System and method for multilevel secure object management |
CN113630416A (zh) * | 2015-06-30 | 2021-11-09 | 维萨国际服务协会 | 机密认证和供应 |
WO2017063701A1 (en) * | 2015-10-15 | 2017-04-20 | Otis Elevator Company | Software updating device |
BR112018012417A2 (pt) * | 2015-12-21 | 2018-12-18 | Koninklijke Philips N.V. | dispositivo de registrando, método de registrando, método de configurador, dispositivo de configurador, e produto de programa de computador |
WO2017167771A1 (en) * | 2016-03-29 | 2017-10-05 | Koninklijke Philips N.V. | Handshake protocols for identity-based key material and certificates |
LU93024B1 (de) * | 2016-04-11 | 2017-11-08 | Phoenix Contact Gmbh & Co Kg Intellectual Property Licenses & Standards | Verfahren und Anordnung zum Aufbauen einer sicheren Kommunikation zwischen einer ersten Netzwerkeinrichtung (Initiator) und einer zweiten Netzwerkeinrichtung (Responder) |
AU2018356262C1 (en) * | 2017-10-27 | 2022-03-03 | Inventio Ag | Safety system for a building-related passenger transportation system |
EP3530602B1 (de) * | 2018-02-23 | 2020-06-17 | Otis Elevator Company | Sicherheitsschaltung für eine aufzugsanlage, vorrichtung und verfahren zur aktualisierung solch einer sicherheitsschaltung |
CN110844724A (zh) * | 2018-08-21 | 2020-02-28 | 奥的斯电梯公司 | 电梯数据通信系统 |
-
2020
- 2020-11-20 US US17/755,975 patent/US20220407848A1/en not_active Abandoned
- 2020-11-20 EP EP20807450.0A patent/EP4062615A1/de active Pending
- 2020-11-20 AU AU2020385641A patent/AU2020385641A1/en not_active Abandoned
- 2020-11-20 WO PCT/EP2020/082870 patent/WO2021099561A1/de unknown
- 2020-11-20 CN CN202080080677.4A patent/CN114747178A/zh active Pending
- 2020-11-20 BR BR112022009812A patent/BR112022009812A2/pt unknown
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20140258392A1 (en) * | 2013-03-05 | 2014-09-11 | Cisco Technology, Inc. | System and associated methodology for detecting same-room presence using ultrasound as an out-of-band channel |
US20190100405A1 (en) * | 2017-09-29 | 2019-04-04 | Otis Elevator Company | Elevator request authorization system for a third party |
Also Published As
Publication number | Publication date |
---|---|
EP4062615A1 (de) | 2022-09-28 |
US20220407848A1 (en) | 2022-12-22 |
BR112022009812A2 (pt) | 2022-08-09 |
CN114747178A (zh) | 2022-07-12 |
AU2020385641A1 (en) | 2022-06-16 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP1563638B1 (de) | Kommunikationssystem mit quantenkryptographie und vermittlungsstationen | |
EP2567501B1 (de) | Verfahren zum kryptographischen schutz einer applikation | |
WO2005112459A1 (de) | Verfahren zur authentifizierung von sensordaten und zugehörigem sensor | |
EP3582033B1 (de) | Verfahren zur gesicherten bedienung eines feldgeräts | |
DE102009059893A1 (de) | Vorrichtung und Verfahren zum Absichern eines Aushandelns von mindestens einem kryptographischen Schlüssel zwischen Geräten | |
DE60319514T2 (de) | Verfahren und anordnung zur zugangssteuerung | |
EP2272199B1 (de) | Verteilte datenspeicherungseinrichtung | |
DE102015200279A1 (de) | Einwegübertragungseinrichtung, Vorrichtung undVerfahren zum rückwirkungsfreien Erfassen von Daten | |
EP3596709A1 (de) | Verfahren zur zugangskontrolle | |
EP2548358B1 (de) | Verfahren zur dynamischen autorisierung eines mobilen kommunikationsgerätes | |
EP3151503B1 (de) | Verfahren und system zur authentifizierung einer umgebenden web-anwendung durch eine einzubettende web-anwendung | |
WO2021099561A1 (de) | Verfahren zum sicheren datenkommunikation in einem rechnernetzwerk | |
DE10200681B4 (de) | Temporäre Zugansberechtigung zum Zugriff auf Automatisierungseinrichtungen | |
DE102010021257A1 (de) | Steckverbindungssystem zum geschützten Aubau einer Netzwerkverbindung | |
EP3266186A1 (de) | Netzwerkgerät und verfahren zum zugriff einer netzwerkkomponente auf ein datennetz | |
DE102018102608A1 (de) | Verfahren zur Benutzerverwaltung eines Feldgeräts | |
EP4054143A1 (de) | Authentifizieren eines gerätes in einem kommunikationsnetz einer automatisierungsanlage | |
EP2996299A1 (de) | Verfahren und Anordnung zur Autorisierung einer Aktion an einem Selbstbedienungssystem | |
WO2023217645A1 (de) | Abgesichertes zugriffssystem | |
EP3734478A1 (de) | Verfahren zur vergabe von zertifikaten, leitsystem, verwendung eines solchen, technische anlage, anlagenkomponente und verwendung eines identitätsproviders | |
EP4099611B1 (de) | Erzeugung quantensicherer schlüssel in einem netzwerk | |
DE102019109341B4 (de) | Verfahren zum sicheren Austausch von verschlüsselten Nachrichten | |
EP2618226A1 (de) | Industrielles Automatisierungssystem und Verfahren zu dessen Absicherung | |
DE102018132979A1 (de) | Abgesichertes und intelligentes Betreiben einer Ladeinfrastruktur | |
WO2018091703A1 (de) | Verfahren und vorrichtung zum sichern einer elektronischen datenübertragung |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 20807450 Country of ref document: EP Kind code of ref document: A1 |
|
REG | Reference to national code |
Ref country code: BR Ref legal event code: B01A Ref document number: 112022009812 Country of ref document: BR |
|
ENP | Entry into the national phase |
Ref document number: 2020385641 Country of ref document: AU Date of ref document: 20201120 Kind code of ref document: A |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
ENP | Entry into the national phase |
Ref document number: 2020807450 Country of ref document: EP Effective date: 20220621 |
|
ENP | Entry into the national phase |
Ref document number: 112022009812 Country of ref document: BR Kind code of ref document: A2 Effective date: 20220519 |