• 专利附录
  • 专利说明
  • 权利要求
  • 类似技术
  • 同族专利
  • 引用文献
  • 法律状态
  • 优先权
    • 专利摘要:
    The invention relates to a device (1) for transferring data between at least one data-generating unit (2a-2f) and a remote communication unit (5a-5c). The device (1) has at least one interface (6a-6d) for a web-enabled communication protocol secured communication with the remote communication unit (5a-5c) via a non-proprietary and preferably publicly accessible network (7) and at least one hardware-proximate communication protocol interface (8a-8i) for communicating with the data-generating unit (2a-2f). Furthermore, the apparatus comprises a security controller (9) capable of controlling communication via the web-enabled interface (s) (6a-6d) and via the near-hardware interface (s) (8a-8i), wherein the Security controller (9) is associated with a secure memory (10) having defined memory areas (A, B, C, D). At least one memory area (A, B, C, D) is assigned at least one certificate (a, b, c).
    公开号:AT513782A2
    申请号:T50275/2014
    申请日:2014-04-11
    公开日:2014-07-15
    发明作者:Andreas Aldrian
    申请人:Avl List Gmbh;
    IPC主号:
    专利说明:

    AV-3600 AT
    Device and method for transmitting data
    The invention relates to a device for transmitting data between at least one data-generating unit and a remote communication unit, the device having at least one interface for a web-enabled communication protocol for secured communication with the remote communication unit via a non-proprietary and preferably publicly accessible network and at least one Has interface for a hardware-based communication protocol for communication with the data-generating unit. Furthermore, the invention relates to a method for transmitting data between such a device and a remote communication unit. 10 The technical development in communication technology is increasingly possible
    Services that were not possible until recently, as more and more technical items are now able to transmit data over the Internet and, for example, receive remote control commands over the Internet. Examples of this are the remote control of a heating system from a smartphone or, in the industrial sector, the monitoring and remote maintenance of products.
    An important area of these new strategies is referred to as "smart services", which refers to services provided by a manufacturer or service provider over the Internet to a customer's devices and facilities. One problem, however, is that the preconditions for such services often still have to be created because the required service-oriented architecture (SOA) is not yet available.
    A prerequisite for the implementation of a service-oriented architecture is that all integrated devices must somehow be capable of web-enabled communication. In the context of the present application, "protocols" are considered to be "web-enabled" which allow a securable, preferably AAA-compliant and encryptable communication connection to be established via open networks, in particular the Internet, and thus to handle data traffic. The protocol stack of a Web-capable protocol maps all 7 layers of the OSI reference model. Highly complex industrial equipment, for example, for the production or performance of tests, generally includes equipment from numerous manufacturers, with several specialists responsible for the maintenance of individual components. For the manufacturer of such components, it is of the utmost interest to obtain information about the use of his product from the customer, on the one hand to obtain data for further development, and another
    AV-3600 AT in order to be able to offer customized maintenance and service strategies that are also of benefit to the customer.
    In industrial environments, there are three major problem groups that delay implementation:
    First, unlike consumer products such as smartphones, many components of industrial systems are very specific to their particular application and often have very limited communication capabilities, from a simple wired analog signal output, to fieldbuses such as CAN or Profibus , to simple network systems, such as Ethernet. With regard to the OSI layer model, such hardware-related communication protocols are usually classified in layers 1, 2 and 3. Such connection solutions are only suitable for local area networks and lack security systems. A connection to the Internet would only be possible through gateways in such systems, but this would put the system at considerable risk of attack, especially if third parties, such as a service provider, were to be granted access to system data. Therefore, such systems are only used in isolation, and this isolated architecture rules out integration into a service-oriented architecture.
    Second, they are mostly mature systems that share multi-generation devices. Due to the long life of industrial components, they can often be in use for decades. However, replacing all the components of a system at the same time against "internet-enabled" devices is usually out of the question for cost reasons and would pose further security problems.
    Third, system data is often highly sensitive data that should be kept secret from competitors, and often should not be provided to system vendors or service providers. It is very important for companies that they can determine the use of their data at any time. For obvious reasons of data security, communication systems created for consumers are therefore usually out of the question for industrial purposes.
    The subject invention aims to overcome the disadvantages of the prior art. In particular, it should be possible to integrate devices into a service-oriented architecture, which can only communicate via low-level communication protocols. Nevertheless, access to these devices by unauthorized persons must be excluded. According to the invention, existing, old devices which are still in use should also be able to be integrated into the service-oriented architecture. As another 3/182 '
    AV-3600 AT
    According to the invention, a security requirement should be simple and comprehensible in allowing the data access permissions to be defined precisely for all parties involved.
    In the context of the present description, "communication-related hardware protocols" generally refer to communications protocols whose layer or protocol stack does not encompass all 7 layers of the OSI model, in particular protocols which do not have a presentation layer (layer 6), and therefore neither Cross-system communication, still allow data encryption. One feature of low-level communication protocols is that they do not allow implementation of security protocols that would allow reliable, secure communication across 10 distributed (cloud) networks.
    Existing communications interfaces for near-hardware protocols, which may utilize, for example, field bus technology or point-to-point Ethernet connectivity, are therefore limited to the mere minium of the 7 layers of the OSI model. Particularly simple low-level communication protocols only use the bit transmission layer (layer 1) or a combination of bit transmission layer and data link layer (layer 2).
    Examples of physical layer protocols include V.24, V.28, X.21, RS 232, RS 422, RS 423, or RS 499. Examples that use combinations of layers 1 and 2, or layer 2 only, count Ethernet Protocol, HDLC, SDLC, DDCMP, IEEE 802.2 (LLC), ARP 20, RARP, STP, IEEE 802.11 (WLAN), IEEE 802.4 (Token Bus), IEEE 802.5 (Token Ring) or FDDI.
    In addition, higher-level protocols can also be used in hardware-related communication protocols. Examples of layers 3-5 protocols include X.25, ISO 8208, ISO 8473 (CLNP), ISO 9542 (ESIS), IP, IPsec, ICMP, ISO 8073 / X.224, ISO 25 8602, TCP, UDP, SCTP, ISO 8326 / X.215 (Session Service), ISO 8327 / X.225 (Connection-Oriented Session Protocol) or ISO 9548 (Connectionless Session Protocol).
    Examples of low-level communication protocols that are used in particular for industrial applications in the field of test environments, for example in the automotive sector, include the AK protocol via RS232, CANopen via CAN 30 and Profibus-DP via RS485. In particular, the AK protocol of the "Verband der Automobilindustrie e.V. / Working Group Techniques for the Standardization of Exhaust Gas Measurement" is still a de facto standard in many test systems in the automotive sector. It was created as a simple protocol for hardware-related data transmission and offers no possibilities to implement a Triple-A system (Authentication, Authorization, Accounting - AAA). 4/183 '
    AV-3600 AT
    According to the invention, the above-defined objects are achieved by a device of the type mentioned in the introduction which has a security controller which is capable of controlling the communication via the web-enabled interface (s) and via the interface (s) close to the hardware , wherein the security controller is associated with a secure memory having defined memory areas, wherein at least one memory area is associated with at least one certificate. Such a device can communicate via the hardware-related interfaces with the data-generating units, ie in particular with individual components of the system that are to be integrated into the service-oriented architecture, via their low-level communication protocols and generate corresponding data that are stored in a specific memory area. In order to retrieve the data, the remote communication unit can perform a remote inquiry via the web-capable interface, wherein the authorization to query via the certificate can be checked. For each storage area, the respective access-authorized certificates (or the "certificate beneficiaries" who have this certificate) can be specified individually.
    A certificate generally refers to an object through which the trust and attributability / non-repudiation of a person or entity can be ensured. This concerns in particular the steps of the authentication and authorization of the so-called AAA conformity. Certificates can be used in particular for transport and access protection. In this case, the public part of the certificate ("public key" or "public key") is used for security, so that only the owner of the corresponding private part of the certificate ("private key" or "private key") has the opportunity to access to have or to have access to the data. The most widely used standard for certificates today is X.509, also known as a "PKI Store", but other suitable methods are known to those skilled in the art.
    Advantageously, at least one memory area may contain program code that is executable on the security controller. As a result, security-relevant program parts that define, for example, the operation of the security controller, are protected against manipulation even in the secure memory and are also available for access control via certificates.
    In this case, the memory area containing the program code can advantageously be assigned to the certificate of a hardware provider of the security controller. Basic program parts can only be used by the hardware provider of the security chip itself
    AV-3600 AT changes to prevent erroneous deactivation of security features by employees or willful interference by attackers.
    An advantageous embodiment of the invention can provide that at least one memory area is assigned to a specific data-generating unit, wherein the memory area contains a unique identification (Unique ID), operating data, control data, configuration data and / or historical data of the unit. This makes it possible, for example, for the service provider to remotely access relevant data and to change it according to the authorization (for example, to reset it after a service). By allocating several memory areas to a single unit, complex authorization structures can also be implemented by assigning different certificates.
    A further advantageous embodiment of the invention can provide that at least one memory area contains certificates and / or allocations. Thus, the certificates can be protected against external access even with the same system. Furthermore, it is possible to specify who is authorized to change the assignments, and thus the access authorizations. It may be particularly advantageous if the memory area containing the certificates and / or the assignments, the certificate of a holder of the device is assigned. This often makes sense as it allows the owner to define what rights he grants to third parties, and in particular to the service provider. A particularly high security level can be achieved if the access authorization is defined in the program code of the security controller.
    Advantageously, the security controller can have means for monitoring the data generating units connected to the hardware-related interfaces. This makes it possible to detect, for example, if a device has been exchanged without authorization and if the data of the device is plausible, for example, if an operating hours counter increases in a strictly monotonic manner.
    By means of the device, a method for transmitting data between the device and a remote communication unit can advantageously be carried out, which is characterized by the following steps: establishing a communication connection via a web-enabled interface with a communication unit of a certificate beneficiary to which a certificate is assigned is; Determining the certificate of the certificate beneficiary; Determining a storage area of the data to be transmitted; Checking the assignment of the certificate of the certificate-beneficiary to the storage area, and if the check is positive, transmitting data stored in the storage area to the remote communication unit and / or receiving data from the remote communication unit and storing 6/185 '
    AV-3600 AT of the received data in the storage area. This process makes it easy to implement complex security architectures.
    Advantageously, the method may further comprise the steps of: receiving (operating) data of a device via a near-hardware interface; 5 and storing the operating data in one of the unit associated memory area of the secure memory. Thereby, (operational) data of the units can be retrieved from the device either on the basis of a schedule, by a specific defined event, or by a user query. In a subsequent remote inquiry then access to the unit itself is no longer required because the data is already stored in the safe SpeI-10. According to the invention, it is thus not necessary that the authorized person designated by the certificate directly accesses the unit for retrieving the data. This reliably prevents manipulation of the system in which the unit is located.
    In a particularly preferred embodiment, the communication of the device 15 with the remote communication unit can be encrypted. Since the respective communication partner is identified by the certificate, the encryption can be carried out easily via key pairs that are assigned to the certificates.
    Advantageously, a protocol can be implemented on the web-enabled interface, which works purely via push mechanisms. Such protocols, such as the MQTT specification, allow Web-enabled interfaces to enforce firewall policies that block incomming traffic.
    The invention will be described in detail below with reference to the accompanying drawings, in which:
    Fig. 1 shows a schematic representation of network components with which a device according to the invention communicates;
    Fig. 2 shows a schematic representation of essential elements of a device according to the invention;
    Fig. 3 shows a further schematic representation of the device according to the invention, for explaining exemplary communication protocols; and Figure 4 shows schematically a service oriented architecture network in which the device according to the invention is used in several places. -6 7/18
    AV-3600 AT
    1 shows an exemplary network arrangement that can be divided essentially into five areas, namely the area of an industrial site 4, three areas 3a, 3b, 3c of communication subscribers referred to below as "certificate beneficiaries", namely a hardware provider 3a, a service provider 3b and an owner 3c, each with a remote communication unit 5a, 5b, 5c, and the area of a non-proprietary network 7, which has a cloud infrastructure, in particular the Internet.
    The industrial site 4 may be, for example, a production facility or a testing facility, e.g. for the automotive sector, the location being associated with a particular owner 3c. The owner of the industrial site 4 is of particular importance, since he must specify the access rights, as will be explained in more detail below. At the industrial site 4 are a plurality of data generating units 2a to 2f, wherein as "data generating unit" substantially all devices are considered whose status can be monitored in any way. Specifically, these may be, in particular, entities originating from a particular vendor interested in monitoring the products sold by it, in order to provide prompt, timely, and easy provision of any service. The service provider is assigned a separate area 3b in FIG.
    At the industrial site 4, a device 1 according to the invention is provided, the device 1 having a plurality of hardware-related interfaces 8a-8i, which are connected in different ways to the data-generating units 2a-2f. The data generating units 2a-2f may be arranged in a plurality of groups, in the illustrated arrangement the units 2c-2f forming a group connected to a common fieldbus over which the units communicate, using any fieldbus communication protocol known in the art can be, for example CANopen or Profibus-DP. The device 1 is also connected to the field bus via the interface 8i in order to be able to communicate with the units 2c-2f of the group. A further group form the units 2a and 2b, which are each connected via an end-to-end protocol to an interface 8b, 8d of the device 1.
    It should be noted that the units generally have no means to transmit data over the Internet via Web-enabled protocols. However, it may also be that, despite the principal capability of a Web-enabled communication device, this device can not be connected to an open network because there are other devices in the network that could be exposed to unauthorized access.
    The hardware provider of the device 1, or the hardware provider of security-relevant elements of the device 1, in particular of the device contained in the device 8/187
    AV-3600 AT security controller 9, another area 3a is assigned. For the purposes of the present description, the term "hardware provider" may refer in particular to the actual chip manufacturer or else to a third party provider, for example a certification authority. The term "hardware provider" refers in particular to the body responsible for the functioning and development of the security controller. A special security feature of the device can provide that an update of the program controller on which the security controller is based can only be carried out by the point designated as a hardware provider and, if appropriate, under further special security precautions.
    The apparatus 1 of Fig. 1 comprises a plurality of Web-enabled interfaces 6a-6d through which cross-system communication with other entities may be established over open or proprietary networks, such as an intranet, a GSM network, and / or the Internet , The construction of web-enabled connections, the communication over these connections and the protocols used for this purpose are well known in the art and therefore need not be explained further here. In the exemplary embodiment illustrated in FIG. 1, the device 1 communicates with a remote communication unit 5c of the holder 3c of the industrial site 4 via an intranet connection, and with the remote communication units 5a and 5b of the service provider 3a or the hardware provider 3a via an internet connection.
    With reference to FIG. 2, the mode of operation of the device 1 according to the invention will now be explained, wherein in particular the function of the safety controller 9 will be discussed. The safety controller 9 of the device 1 can be embodied as a single chip or as a combination of several chips, the safety controller cooperating with a microcontroller 11 (ARM CPU). It is also possible to integrate the security controller 10 and the microcontroller 11 in a single chip. Although this would allow high security standards, it would also involve a high development effort.
    The security controller controls communication with the data-generating units 2a-2f via the hardware-related interfaces 8a-8i, the communication via the web-capable interfaces 6a-6d, and access to a secure memory 10.
    The secure memory 10 is demarcated in terms of hardware so that access can only be made by the security controller 9. In order to use the device, it must first be "picked" by a dispensing unit, with the picking being performed by the hardware provider in the case illustrated. When picking a division of the memory 10 into individual memory areas A, B, 9/188 '
    AV-3600 AT C, D, etc. defined, wherein in the first memory area A, the program code for the control of the security processor 9 is stored. In storage area B, for all instances to be considered for access, certificates a, b, c, d are stored, which is the public part of the certificate. In addition to the definition of the memory areas A, B, C, D, the program code also determines which certificate holders should have access to which memory areas and whether the access authorization also allows the modification of data.
    In the example shown, the memory area A, in which the program code is stored, is secured by the certificate a of the hardware provider or the picking station. This means that the program code (and therefore the division of the memory areas and the access authorization structure) can only be changed by the hardware provider 3a. Changes to the program code can therefore be made neither by the owner 3 c of the device, nor by the service provider 3 b, but only by the hardware provider 3 a, for example, when an update is to be recorded. In addition, if the program code requires an update, another security feature may require the consent of the owner 3a and / or the service provider 3b.
    In the described embodiment, therefore, each device according to the invention is specifically adapted to the particular conditions of use during picking, so that subsequent changes are not or only to a limited extent possible. Depending on the security conditions, however, subsequent changes may be permitted for individual elements, such possibilities having to be defined in the program code. For example, an exchange of individual certificates can be allowed as soon as they have expired and need to be renewed.
    The further memory areas C, D,... Are each assigned to a data-generating unit 2a-2f or to a group of such units, wherein the data stored in the respective memory area are likewise controlled by the program code. The updating of data may either be triggered by a particular event (e.g., when the service provider 3b resets a service counter after maintenance), or they may be generated continuously or at certain time intervals (e.g., for recording operating times). Furthermore, in the respective memory areas C, D for the units 2a-2f, a unique identifier of the unit and information about the communication protocol to be used may be included.
    The communication via the web-capable interfaces 6a-6d is also controlled by the security controller 9, whereby the respective certificate is checked each time a communication connection is established and the communication connection is preferably transmitted via the certificate.
    AV-3600 AT kat is also encrypted so that only the owner of the private key can access the content. Thus, it is precisely defined which storage areas the holder of a certificate is allowed to access. Optionally, the data in certain memory areas may additionally be stored in encrypted form with a certificate. However, this will allow access to content only with a single certificate. In other cases, it is preferred that the data is stored in another way, such as a symmetric key, encrypted or unencrypted in memory, and is encrypted by the security controller with the respective certificate only during the data transmission.
    In the embodiment illustrated in FIG. 2, the owner 3c with the certificate 3c can access the memory areas B, C and D, the service provider 3b can access his memory area C with his certificate, and the hardware provider 3a can exclusively access his certificate a access the memory area A.
    The security controller 9 ensures a strict separation of the communication via the hardware-related interfaces 8 of the communication via the web-enabled interfaces 6, 15 so that a direct access to the data-generating units 2a-2f via one of the Web-capable interfaces (6a-6d) impossible is. Even if attackers succeed in bypassing all security precautions and hacking the security controller, they are not yet able to gain access to the data-generating units because they communicate on completely different protocol levels than in the case of communications Logs of the Web-enabled interface is the case.
    The security aspects of the devices and methods of the subject invention can be arbitrarily adapted to the respective user needs, whereby both additional security measures can be implemented and certain security features can be dispensed with. FIG. 3 shows a further schematic illustration of an exemplary embodiment of the device according to the invention, wherein the individual elements are schematically broken down by way of example with regard to the functional components and the protocols used. The device of FIG. 3 has five hardware-related interfaces for directly connecting units, these are the interfaces 8a (LAN), 8b (RS232 or RS485), 308c (CAN), 8d (USB) and 8e (others). The other hardware-related interfaces are the interfaces 8f (LAN), 8g (Ethercat), 8h (USB) and 8i (CAN, CANOpen).
    4 schematically shows a network with a service-oriented architecture of a service provider 3b, wherein the device 1 according to the invention is used in the case of several customers (owners 3c and 3c ') of the service provider, in order to define a service defined by the respective owner.
    AV-3600 AT baren access to data serviced by the service provider 3b data generating units 2a-2c of customers to allow.
    LIST OF REFERENCES:
    Device (1) 5 Data Generating Unit (2a-2f)
    Certificate Beneficiary (3)
    Hardware Provider (3a)
    Service Provider (3b)
    Owner (3c) 10 industrial site 4 remote communication unit (5a-5c)
    Web-enabled interface (6a-6d) non-proprietary network (7) hardware-oriented interface (8a-8i) 15 security controllers (9)
    Secure memory (10)
    Microcontroller 11 memory areas (A, B, C, D)
    Certificates a, b, c 20 -11 12/18
    权利要求:
    Claims (11)
    [1]
    AV-3600 AT Claims 1. Device (1) for transmitting data between at least one data-generating unit (2a-2f) and a remote communication unit (5a-5c), wherein the device (1) has at least one interface (6a-6d) for a web-enabled communication protocol for secure communication with the remote communication unit (5a-5c) via a non-proprietary and preferably publicly accessible network (7) and at least one interface (8a-8i) for a hardware-oriented communication protocol for communication with the data-generating unit (2a) 2f), characterized in that the device further comprises a security controller (9) capable of controlling communication via the web-enabled interface (s) (6a-6d) and via the near-hardware interface (s) ^) (8a-8i), wherein the security controller (9) is associated with a secure memory (10) having defined memory areas (A, B, C, D), wherein at least one memory area (A, B, C, D) is associated with at least one certificate (a, b, c).
    [2]
    2. Device according to claim 1, characterized in that at least one memory area (A) contains program code which is executable on the security controller (9).
    [3]
    3. A device according to claim 2, characterized in that the memory area (A) containing the program code is associated with the certificate (a) of a hardware provider (3a) of the security controller.
    [4]
    4. Device according to one of claims 1 to 3, characterized in that at least one memory area (C, D) of a certain data-generating unit (2a, 3b) is assigned, wherein the memory area a unique identification (Unique ID), operating data, control data , Configuration data and / or historical data of the unit.
    [5]
    5. Device according to one of claims 1 to 4, characterized in that at least one memory area (B) contains certificates (a, b, c) and / or assignments.
    [6]
    6. The device according to claim 5, characterized in that the memory area (B) containing the certificates and / or the assignments, the certificate (c) of a holder (3c) of the device (1) is associated.
    [7]
    7. Device according to one of claims 1 to 6, characterized in that safety controller (9) comprises means for monitoring the data to the hardware-related interfaces (8a-8i) data-generating units (2a-2f). 13 / lk2 'AV-3600 AT
    [8]
    8. A method for transmitting data between a device according to one of claims 1 to 7 and a remote communication unit (5a-5c), characterized in that the method comprises the following steps: establishing a communication connection via a web-enabled interface (6) 5 with a communication unit (5a-5c) of a certificate beneficiary (3) to which a certificate (a, b, c) is assigned; Determining the certificate (a, c, b) of the certificate beneficiary (3); Determining a memory area (A, B, C, D) of the data to be transmitted; Checking the assignment of the certificate (a, b, c) of the certificate holder (3) to the memory area (A, B, C, D), and, if the check is positive, transmitting data stored in the memory area (A, B, C, D) to the remote communication unit (5a-5c) and / or receiving data from the remote communication unit (5a-5c) and storing the received data in the memory area.
    [9]
    9. The method according to claim 8, characterized in that the method further comprises the following steps: receiving or retrieving (operating) data of a unit (2a-2f) via a hardware-oriented interface (8); and - storing the operating data in a memory area (B, C, ...) of the secure memory (10) assigned to the unit (2a-2f).
    [10]
    10. The method according to claim 8 or 9, characterized in that the communication with the remote communication unit (5a-5c) is encrypted.
    [11]
    11. The method according to any one of claims 8 to 10, characterized in that on the web-enabled interface, a protocol is implemented, which works purely via push mechanisms. 14 / #
    类似技术:
    公开号 | 公开日 | 专利标题
    AT513782B1|2018-08-15|Device and method for transmitting data
    DE102015113054A1|2016-02-25|Securing devices in process control systems
    DE102010011657A1|2011-09-22|Method and apparatus for providing at least one secure cryptographic key
    WO2003023541A2|2003-03-20|Method for securing the exchange of data between an external access unit and a field device
    EP2400708B1|2013-12-04|Network protection device
    DE102015200279A1|2016-07-14|Single-use transmission device, device and method for non-reactive data acquisition
    EP3705955A1|2020-09-09|Method for secure communication between a field device for automation technology and a terminal and system for secure communication between a field device and a terminal
    EP1403749A1|2004-03-31|Automation system and method for its operation
    EP2448182B1|2013-12-04|Method for communicating in an automation system
    DE102016107450A1|2017-10-05|Secure gateway
    DE102012112875A1|2014-07-10|Method for remote control of a field device of automation technology
    AT15082U1|2016-12-15|Device and method for transmitting data
    EP3339994A1|2018-06-27|Method for verifying a client allocation, computer program product and device
    WO2014206451A1|2014-12-31|Method and device for secure transmission of signal data in a system
    WO2018114101A1|2018-06-28|Method for checking a tenant assignment, computer program product, and automation system having field devices
    DE102018124466A1|2020-04-09|Aggregator device for unified access to a plurality of network segments of a fieldbus system
    DE102018117465A1|2019-01-24|FIREWALL FOR ENCRYPTED DATA TRAFFIC IN A PROCESS CONTROL SYSTEM
    DE102019127787A1|2021-04-15|Self-checking automation component
    EP3889707A1|2021-10-06|Method for determining operational usage data of an industrial device
    DE102020204058A1|2021-09-30|Method for treating an anomaly in data, in particular in a motor vehicle
    DE102019125092A1|2021-03-18|System and method for manipulation-proof management of data of a field device in automation technology
    DE202013105224U1|2013-12-19|locking system
    DE102020211581A1|2022-03-17|Device and method for accessing field devices in automation technology
    DE102020204056A1|2021-09-30|Method for treating an anomaly in data, in particular in a motor vehicle
    DE102020204057A1|2021-09-30|Method for treating an anomaly in data, in particular in a motor vehicle
    同族专利:
    公开号 | 公开日
    CN106164923A|2016-11-23|
    NO3129888T3|2018-08-25|
    EP3129888A1|2017-02-15|
    JP2017519388A|2017-07-13|
    ES2671788T3|2018-06-08|
    JP6487939B2|2019-03-20|
    KR20160145682A|2016-12-20|
    AT513782A3|2016-10-15|
    EP3129888B1|2018-03-28|
    US20170024586A1|2017-01-26|
    KR102333331B1|2021-12-01|
    CN106164923B|2020-08-28|
    WO2015155274A1|2015-10-15|
    AT513782B1|2018-08-15|
    引用文献:
    公开号 | 申请日 | 公开日 | 申请人 | 专利标题
    US5629980A|1994-11-23|1997-05-13|Xerox Corporation|System for controlling the distribution and use of digital works|
    JP4268690B2|1997-03-26|2009-05-27|ソニー株式会社|Authentication system and method, and authentication method|
    JPH11150550A|1997-09-12|1999-06-02|Toshiba Corp|Data communication electronic circuit, distributed control network system and communication method for control data in the system|
    JPH11161321A|1997-11-28|1999-06-18|Toshiba Corp|Plant monitor device|
    US7020680B2|1998-03-19|2006-03-28|Isochron, Llc|System and method for monitoring and control of beverage dispensing equipment|
    US6892300B2|1998-06-04|2005-05-10|International Business Machines Corporation|Secure communication system and method of operation for conducting electronic commerce using remote vault agents interacting with a vault controller|
    AU2193900A|1998-12-18|2000-07-03|Cybersigns, Inc.|Encrypted virtual private network for accessing remote sensors|
    JP2000267957A|1999-03-16|2000-09-29|Hitachi Ltd|Fire wall for control system|
    EP1175749B1|1999-04-22|2005-07-06|Veridicom, Inc.|High security biometric authentication using a public key/private key encryption pairs|
    JP2001292176A|2000-04-10|2001-10-19|Fuji Electric Co Ltd|Gateway device and method for integrating control/ information network|
    JP2002278838A|2001-03-15|2002-09-27|Sony Corp|Memory access control system, device managing device, partition managing device, memory packaged device, memory access control method and program storage medium|
    US7096362B2|2001-06-01|2006-08-22|International Business Machines Corporation|Internet authentication with multiple independent certificate authorities|
    US20050138402A1|2003-12-23|2005-06-23|Yoon Jeonghee M.|Methods and apparatus for hierarchical system validation|
    EP1836642A2|2004-12-21|2007-09-26|SanDisk Corporation|Control structure for versatile content control and method using structure|
    WO2006066604A1|2004-12-22|2006-06-29|Telecom Italia S.P.A.|Method and system for access control and data protection in digital memories, related digital memory and computer program product therefor|
    US20080189557A1|2005-01-19|2008-08-07|Stmicroelectronics S.R.I.|Method and architecture for restricting access to a memory device|
    US7725930B2|2005-03-30|2010-05-25|Microsoft Corporation|Validating the origin of web content|
    US8245292B2|2005-11-16|2012-08-14|Broadcom Corporation|Multi-factor authentication using a smartcard|
    GB0524742D0|2005-12-03|2006-01-11|Ibm|Methods and apparatus for remote monitoring|
    US7873830B2|2006-01-13|2011-01-18|International Business Machines Corporation|Methods for coordinating access to memory from at least two cryptography secure processing units|
    US8132245B2|2006-05-10|2012-03-06|Appia Communications, Inc.|Local area network certification system and method|
    US7836269B2|2006-12-29|2010-11-16|Spansion Llc|Systems and methods for access violation management of secured memory|
    JP4252620B1|2008-08-27|2009-04-08|グローバルサイン株式会社|Server certificate issuing system|
    JP2010079388A|2008-09-24|2010-04-08|Sony Corp|Ic chip, external apparatus, system and program|
    US8457013B2|2009-01-13|2013-06-04|Metrologic Instruments, Inc.|Wireless dual-function network device dynamically switching and reconfiguring from a wireless network router state of operation into a wireless network coordinator state of operation in a wireless communication network|
    US8677466B1|2009-03-10|2014-03-18|Trend Micro Incorporated|Verification of digital certificates used for encrypted computer communications|
    US8839346B2|2010-07-21|2014-09-16|Citrix Systems, Inc.|Systems and methods for providing a smart group|
    JP2012068835A|2010-09-22|2012-04-05|Canon Inc|Image forming apparatus, control method of image forming apparatus, and program|
    US9064116B2|2010-11-08|2015-06-23|Intel Corporation|Techniques for security management provisioning at a data storage device|
    WO2012109401A1|2011-02-09|2012-08-16|Avocent|Infrastructure control fabric system and method|
    WO2013008058A1|2011-07-08|2013-01-17|Daini Matteo|Portable usb pocket device for internet connection, with its own live operating system for accessing user's virtual desktop through the internet|
    FR2980285B1|2011-09-15|2013-11-15|Maxim Integrated Products|SYSTEMS AND METHODS FOR MANAGING CRYPTOGRAPHIC KEYS IN A SECURE MICROCONTROLLER|
    CN103079176B|2012-12-31|2016-12-28|Tcl集团股份有限公司|The method and system of a kind of remote controlled electronic device and mobile terminal and electronic equipment|
    CN103457948A|2013-08-29|2013-12-18|网神信息技术(北京)股份有限公司|Industrial control system and safety device thereof|AT518298B1|2016-03-07|2020-01-15|Avl List Gmbh|Method for creating and updating a remote instance of a screen view|
    GB2550600A|2016-05-24|2017-11-29|Bofa International Ltd|Fume extraction systems|
    KR102303022B1|2017-03-20|2021-09-17|광동 오포 모바일 텔레커뮤니케이션즈 코포레이션 리미티드|Method for transmitting data and terminal device|
    EP3441278A1|2017-08-08|2019-02-13|Railnova SA|A cable assembly for accessing data from a fieldbus in rolling stock|
    ES2847550T3|2018-02-28|2021-08-03|Kistler Holding Ag|Communication system for data transmission between data sources and data evaluators|
    DE102018108309A1|2018-04-09|2019-10-10|Wago Verwaltungsgesellschaft Mbh|Automation system, terminal block for automation systems and methods for this|
    CN110708281A|2019-08-26|2020-01-17|上海商米科技集团股份有限公司|Service request processing method and device|
    法律状态:
    优先权:
    申请号 | 申请日 | 专利标题
    ATA50275/2014A|AT513782B1|2014-04-11|2014-04-11|Device and method for transmitting data|ATA50275/2014A| AT513782B1|2014-04-11|2014-04-11|Device and method for transmitting data|
    ES15720606.1T| ES2671788T3|2014-04-11|2015-04-09|Data transmission of secure storage|
    KR1020167031541A| KR102333331B1|2014-04-11|2015-04-09|Apparatus and method for transmitting data|
    PCT/EP2015/057683| WO2015155274A1|2014-04-11|2015-04-09|Apparatus and method for transmitting data|
    NO15720606A| NO3129888T3|2014-04-11|2015-04-09|
    CN201580019155.2A| CN106164923B|2014-04-11|2015-04-09|Apparatus and method for transmitting data|
    US15/302,343| US20170024586A1|2014-04-11|2015-04-09|Device and Method for Transmitting Data|
    JP2016561324A| JP6487939B2|2014-04-11|2015-04-09|Equipment and method for transmitting data|
    EP15720606.1A| EP3129888B1|2014-04-11|2015-04-09|Transmission of data out of a secured storage|
    [返回顶部]