• 专利附录
  • 专利说明
  • 权利要求
  • 类似技术
  • 同族专利
  • 引用文献
  • 法律状态
  • 优先权
    • 专利摘要:
    METHOD AND DEVICE FOR THE SECURE TRANSMISSION OF DATA. The present invention relates to a method and device (1) for securely transmitting data (D). To this end, a session concept is described, which uses application-level cryptographic methods. Although in conventional methods point-to-point connections can be sufficiently secure at the transport level, in accordance with the technical teachings provided, data integrity protection and data confidentiality protection can now also be implemented at the application level. Method and device (1) for secure data transmission (D) are used in network technology.
    公开号:BR112012011445B1
    申请号:R112012011445-0
    申请日:2010-09-02
    公开日:2021-07-06
    发明作者:Steffen Fries;Maik Seewald
    申请人:Siemens Aktiengesellschaft;
    IPC主号:
    专利说明:

    [0001] The present invention relates to a method within network technology to ensure, among other things, the protection of the integrity and protection of the confidentiality of data and, in particular, to a method for the secure transmission of data . The present invention further relates to a corresponding device for secure data transmission, a computer program product that initializes the performance of the method for secure data transmission, and a data store that stores the computer program product. computer.
    [0002] In current communication technology, confidential data is often transmitted worldwide via data connections across heterogeneous networks. It is of particular importance that data is protected with respect to its completeness and content. It must also be ensured that the data is transmitted in a secure manner, that is, that upon transmission, the receipt of the data by the correct receiver and, upon receipt, the transmission of the data by the correct sender, are guaranteed.
    [0003] To this end, conventional methods provide a variety of authentication possibilities. The authentication process is, in general, the process of providing an identity. During this process, messages are typically exchanged between a verification unit and a device that is to be authenticated. If said exchanged messages are intercepted by a hacker, the hacker can fake a fake identity using the intercepted messages. Authentication can serve, for example, for the reliable recognition of a device, for example, a sensor or a battery. In the case of client-server communication, also, verification of the identity of the client or server may be necessary.
    [0004] In conventional methods, authentication is often done using a Challenge/Answer process. A "challenge message", which is formed, for example, dependent on a random number, is transmitted to the device. When using a secret cryptographic key, the device then calculates a second value, which it designates a "response message". The response message is sent to the challenge issuer, who then checks the response for correction. Since only an original product or an original device can calculate a correct response message, an original product or an original device can therefore be reliably distinguished from a counterfeit.
    [0005] In conventional authentication processes, there is often a need to verify a device not only locally, but also remotely, through a communication site, for example, over the internet, a mobile radio link or other connection of data. This need exists particularly in the case of remote device maintenance. During remote verification of an identity, there is a problem that an intermediary entity can read the messages and use said measures to present a false identity. This attack scenario is also known as a "man-in-the-middle attack".
    [0006] For the transfer of real-time process data and control information between devices and applications, the manufacturing message specification protocol, also called MMS, is known. In the context of automation technology, particularly for use in the energy industry, the MMS protocol can be used in order to control field devices. The MMS protocol can be used via several other protocols, for example the TCP/IP protocol. At the application layer of the MMS stack, the ISO Association Control Service Element protocol, also called ACSE, is used. The ACSE protocol can be used, for example, in order to establish application associations between application entities and determine the identity and context of said associations. An Application Association is defined in this context as a cooperative relationship between two application entities. A relevant context can be an explicitly defined set of Application Service Elements or ASE.
    [0007] In the fields of automation and energy technology, the MMS protocol can be used for transmitting commands directly between two endpoints, which are identified below as case 1. There are also scenarios in which the MMS protocol is not transmitted over a non-hierarchical network connection, that is, in which only one transport connection hop is present, but through a plurality of transport connection hops, which are identified below as case 2, to which, by example, a substation controller is turned on. The TCP/IP protocol connection can be obtained in the transport connection hops through a TLS protocol, for example.
    [0008] Figure 1 shows the transmission of commands between two endpoints as in a conventional method. In the drawing, components 10 are arranged vertically. The components in question are the control center 13, a substation controller 14, also known as a "substation control unit" and a field device 15. Also arranged vertically are transport safety mechanisms 11. they are, for example, certificates, which are shown vertically under the transport security mechanisms 11 in figure 1. An MMS protocol message flow 12 is also shown in figure 1. Arrow 16 indicates case 1, in which the commands are used directly between two endpoints. Arrow 17, on the other hand, indicates case 2, in which commands are transmitted via a plurality of hops, also referred to as "intermediate components".
    [0009] From a security point of view, the MMS protocol offers the possibility of performing an authentication at the beginning of a connection. However, it is subject to the limitation that authentication can only occur at the beginning of a communication connection, but there is no concept of secure application layer session that guarantees that the same non-hierarchical networks communicate with each other from the beginning to end of the session. This aspect is of particular importance in case 2 according to arrow 17 since, in case 1 according to arrow 16, this requirement can only be guaranteed through the use of the TLS protocol. The security connections established at the transport layer must match the security connections at the application layer.
    [00010] In addition, Role Based Access Control or RBAC can also be used. Certificates and private keys can be used in this context.
    [00011] It is also known from conventional methods that the MMS protocol supports the possibility of authentication of non-hierarchical networks through the definitions in ISO-IEC 62351. The following is specified in part 4 of this standard as profile A security: - Authentication of Non-Hierarchical Network Entity - AARQ - AARE
    [00012] Peer-to-peer network entity authentication denotes authentication of communication components, AARQ stands for Application Association Request and AARE stands for Application Association Response. For sender authentication, for example, the following source text can be used within a peer-to-peer network entity authentication:

    END
    [00013] At the beginning of a connection, AARQ request and AARE reply messages are exchanged between subscribers and, in the process, cryptographic data is carried. Among other things, a timestamp is added and checked in a 10-minute time window if a corresponding timestamp has already been received. Not all connection messages are integrity protected at the application layer.
    [00014] Various methods are also known that allow the authentication of a message or a plurality of messages, for example, the Digest Authentication of hhtp protocol.
    [00015] In conventional methods, network security protocols are also used in order to protect an IP-based communication cryptographically. In this process, the authentication of the communication participants is done both on one side and also mutually. Commonly used protocols that undergo authentication of a communication participant are known as SSL, TLS, or IKE protocols for IPsec. Authentication of a communication participant, in particular on the http server via SSL or TLS protocol, is done through a digital certificate. This certificate contains, in addition to the server's public key, information about the server, in particular its name, such as a name, a DNS name or an IP address.
    [00016] The Kerberos protocol is also known from conventional methods, with the aid of which an authentication and authorization can be done through a trusted third party. The Kerberos protocol is based on the use of symmetric keys.
    [00017] Figure 2 illustrates the Kerberos authentication service protocol according to a conventional method. Kerberos is a distributed authentication network or service protocol that was developed for public and non-secure computer networks such as the internet. According to the Kerberos system, authentication is done through a trusted third party, for example, a Kerberos server.
    [00018] According to the Kerberos method illustrated in Figure 2, in a first step, a user N makes a request for a ticket-granting service "Ticket-Granting Ticket" from a Kerberos KS server through a request message or the R-TG-T. A ticket is an authorization message with which the respective message owner has access to server S. In a subsequent step, Kerberos server KS transmits a ticket T and a Ticket Grant Session Key TGSK to user N. The end In addition to transmitting the Ticket T messages and Ticket Granting Session Key TGSK, the Kerberos KS server has a KDS Key Distribution Service. Said KDS key distribution service communicates through a data connection with a DB database.
    [00019] In a subsequent method step, user N requests a Service Grant Ticket SGT, and for this purpose the Kerberos KS server accesses a Ticket Grant Server TGS. The ticket-granting server TGS then transmits a ticket message T and a Session Key SK to user N. Depending on the message received, user N creates a Service Request message RS and transmits said message to a another server S. Depending on a verification of the Service Request RS message, said server S transmits a Server Authentication message to user N.
    [00020] Another example of a network protocol according to a conventional method is SAML, which is known as Security Assertion Markup Language. In contrast to the Kerberos protocol, in the SAML protocol, asymmetric methods can also be used.
    [00021] In general, in conventional methods, for example, in the MMS mechanism, in the application layer, only one authentication happens. Consequently, conventional methods offer no integrity protection and confidentiality protection for data at the application layer. Point-to-point connections are only secure at the transport layer. Conventional methods do not teach a definition of a session concept for information security in an application layer that makes use of existing mechanisms.
    [00022] It is, therefore, an object of the present invention to provide a method and a device for the secure transmission of data.
    [00023] Therefore, a method for secure data transmission is provided. The method has the following steps: - provision of data connections from different starting components, through at least one intermediate component, to a common destination component; - grouping the intermediate components into an intermediate component, depending on the cryptographic information; and - the transmission of data from the outbound components, through the grouped intermediate component, to the destination component.
    [00024] Data transmission can be considered secure if said data is, among other things, protected as to integrity and confidentiality. Data can be any type of information units, such as those exchanged on the internet. Data can also be exchanged in packages or partitioned. In this regard, the data can be modulated in a digital and/or analog way. Consequently, data can also be signals that are transmitted.
    [00025] The provision of a data connection can be done, for example, through a routing table, a method call, a remote method call and/or, in general, with an exchange of messages. It is also possible to provide data connections by reading data connections from a data memory. Consequently, provisioning data connections may involve naming a data path or creating a data line between two components. A data link can be provided, for example, between a control center, a substation controller and/or a field device. For example, a data connection can be provided between a starting component and an intermediate component as well as between an intermediate component and a destination component. Consequently, at the physical level, two data connections are provided, in which logically, a data connection is provided between a starting component and a destination component.
    [00026] Different starting components, which may comprise at least one intermediate component and the common destination component, may consist of at least one other component, wherein one component may be present as a technical device, a component, a system of computer, a network device, a software unit, a software module, a class of software, a software package and/or a plurality of other components. In particular, at least one starting component can be present as a control center, an intermediate component can be present as a substation controller and/or a destination component can be present as a field device. Depending on the configuration of the starting components, intermediate components and/or target components, a suitable data connection can be selected. In a mobile application scenario, the data connection could be, for example, a wireless connection that is implemented over an air interface. It is also possible that the data connection has other components besides the starting component, the intermediate component and/or the destination component.
    [00027] The grouping of intermediary components that depend on cryptographic information in an intermediary component can be implemented, for example, according to a session protocol. It is therefore necessary, in view of the multiple transmission of data from a source component, through an intermediate component, to a destination component, to create a special data connection between the intermediate component and the destination component in each case. According to one aspect of the present invention, it is advantageous for each data transmission to provide a transport connection between the outbound component and the intermediate component, albeit for a plurality of data transmissions from the intermediate component to the destination component , precisely a data connection needs to be provided. Consequently, in accordance with one aspect of the present invention, it is unnecessary for a plurality of data connections to be created between the intermediate component and a destination component. Consequently, grouping the intermediary components into an intermediary component, according to a session protocol, makes it possible that only a single authentication of the intermediary component or the destination component is required.
    [00028] Grouping the intermediate components into an intermediate component through routing is also possible. It is possible, from a plurality of intermediate components, to select only one and to address this selected intermediate component by means of the network addresses among the respective other intermediate components that have not been selected. Consequently, data from the different starting components is not transmitted to a plurality of intermediate components, but only to a selected intermediate component, the one selected intermediate component establishing a data connection with the only common destination component.
    [00029] The realization of the routing can comprise the diversion of data packets, the assignment of new network addresses to intermediate components and/or the updating of a routing table.
    [00030] The grouping of intermediate components can be done depending on the cryptographic information. The provision of cryptographic information can happen, for example, according to conventional methods, such as the challenge/answer method. In order to provide the cryptographic information, it may be advantageous to adapt a relevant data format so as to make it suitable for encoding the cryptographic information. Consequently, data which is provided in accordance with this adapted data format may provide the cryptographic information.
    [00031] The generation of cryptographic information can be done through a starter component. In this case, it is advantageous to generate the cryptographic information through, for example, the challenge/answer method. The challenge/response method used can also be extended or adapted to other cryptographic information. Cryptographic information can be a token generated and/or Nonce Information. Nonce Information is suitable for the provision of a random number and/or a pseudo-random number. Also, the cryptographic number can be a checksum. An extension of the MMS protocol data format is suitable for encapsulating cryptographic information and other data that must be transmitted. A plurality of other data formats that can be adapted in a suitable way are known to a person skilled in the art.
    [00032] The transmission of data from the starting component through the intermediate components grouped together to the destination component is suitable for a transmission of the data, while preserving integrity and confidentiality. According to one aspect of the present invention, by means of transmission via the grouped intermediate component, the number of intermediate components is restricted to exactly one. Consequently, the aforementioned man-in-the-middle attack on the data connection between the intermediary component and the common destination component is hampered.
    [00033] A method is therefore provided, offering a cryptographically secure session concept at the application layer. Assigning different contexts over the same transport connection therefore becomes possible. A data connection, for example a TLS protocol connection, when established, can be used for different sessions at the application layer. This is particularly advantageous in multi-hop scenarios. A hop indicates the transmission of data from one component to an adjacent component in the transport layer. In case of single-hop scenarios as well, the method is advantageous if a plurality of apps or a plurality of users communicate from one device with another device and use only a single transport connection, for example, a transport connection TLS protocol.
    [00034] The definition of a universal cryptographic information is also made possible, favoring the introduction of other security services. In particular, hybrid cryptographic methods provide a starting point, even if asymmetric key material is used for authentication. Stepped transmission of an asymmetric protection through a hybrid protection to a complete asymmetric protection in accordance with an aspect of the present invention can be performed. The hybrid approach has advantages, particularly when defining security relationships, since static administration of paired shared secret information is therefore avoided and dynamically negotiates said information at the beginning of the session.
    [00035] In an embodiment of the method according to the present invention, the different starting components, the intermediate components and/or the destination components are provided in an automation network.
    [00036] This has the advantage that data transmission can be performed in automation networks via the method provided. Automation networks are used in a variety of technical fields, particularly in the energy industry, for example, for the operation of power plants.
    [00037] In another embodiment of the method according to the present invention, the data transmission is performed by means of an extended Multimedia Message Service protocol.
    [00038] This has the advantage of an existing technology and therefore previously implemented infrastructures can be reused.
    [00039] In another embodiment of the method according to the present invention, the grouping of the intermediate components and/or the transmission of data is performed by means of at least one exchange of messages.
    [00040] This has the advantage that, through the exchange of messages, the grouping can be done depending on the cryptographic information according to a session and/or negotiation protocol to which the intermediate components must be grouped.
    [00041] In another embodiment of the method according to the present invention, the exchange of messages is performed between the different starting components, the intermediate components and/or the destination components.
    [00042] This has the advantage that a plurality of components can dynamically communicate with each other.
    [00043] In another embodiment of the method according to the present invention, the exchange of messages implements at least one symmetric and/or asymmetric cryptographic method.
    [00044] This has the advantage that previously known technologies can be reused for the implementation of the method according to the present invention.
    [00045] Furthermore, the use of a plurality of cryptographic methods, which can be symmetric, asymmetric or hybrid, is possible.
    [00046] Still, in another modality of the method according to the present invention, the exchange of messages is performed according to a shared key process, a Digest Authentication process of http protocol, a Challenge / Response process, a a Keyed Scatter process, a Scatter Function, a Diffie-Hellman process and/or a digital signature process.
    [00047] This has the advantage that a plurality of methods can be used for implementing the method of the present invention. In particular, the aforementioned processes allow for secure data transmission at the application layer.
    [00048] In another embodiment of the method according to the present invention, at least one exchanged message comprises a reference to a Nonce Information item, a random number, a pseudo-random number, a command, an identity of a sender, an identity of a recipient, a timestamp and/or a sequential number.
    [00049] This has the advantage that, for example, a Next Nonce process that allows the content of a transmitted message to be linked to a preceding message via a Nonce Information item can be implemented. Furthermore, through the messages exchanged, a plurality of session protocols can be implemented.
    [00050] In another embodiment of the method according to the present invention, at least one exchanged message contains the cryptographic information.
    [00051] This has the advantage that cryptographic information can be exchanged for implementing cryptographic processes, eg an exchange of keys between individual components.
    [00052] In another embodiment of the method according to the present invention, at least one exchanged message contains a checksum.
    [00053] This has the advantage that the content of messages exchanged can be checked for integrity.
    [00054] In another embodiment of the method according to the present invention, the exchange of messages is performed depending on a cryptographic protocol.
    [00055] This has the advantage that messages can be exchanged in an encrypted manner. Furthermore, previously implemented infrastructures that act according to a particular encryption protocol can be reused.
    [00056] In another modality of the method according to the present invention, the grouping of the intermediate components is performed by means of at least one routing operation, an allocation of network addresses, an application of a session protocol, establishing a secure data connection, transmitting a command, transmitting an item of cryptographic information and/or transmitting a confirmation message.
    [00057] This has the advantage that the grouping of the intermediate components can be done by means of a plurality of procedures and, in particular, by means of a combination of a plurality of procedures.
    [00058] In another embodiment of the method according to the present invention, the grouping of the intermediate components is performed in the application layer.
    [00059] This has the advantage that, among other things, integrity protection can be implemented independently of the transport layer.
    [00060] The problem is further solved by a device for secure data transmission. According to this aspect, a device for the secure transmission of data is provided, particularly for the execution of the above mentioned methods, comprising the following: - a provision unit for the provision of data connections from different starting components through from at least one intermediate component in each case to a common destination component; - a grouping unit for grouping the intermediate components, dependent on an item of cryptographic information, into an intermediate component; and - a transmission unit for the transmission of data from the starting components through the intermediate components grouped together to the destination component.
    [00061] Furthermore, a computer program product is provided that initializes the performance of a predetermined method and a data store that stores the computer program product.
    [00062] The present invention will be described in more detail below, with reference to the exemplary embodiments, and also to the attached drawings, in which: Figure 1 is an illustration of the transmission of commands between two endpoints according to a conventional method; Figure 2 is an illustration of an authentication service according to a conventional method; Figure 3 is an activity diagram of an embodiment of a method for secure data transmission in accordance with the present invention; Figure 4 is a detailed activity diagram of an embodiment of a method for secure data transmission in accordance with the present invention; Figure 5 is a block diagram of an embodiment of a device for secure data transmission according to the present invention; Figure 6 is a flowchart of an embodiment of a method for secure data transmission in accordance with the present invention; Figure 7 is a sequential diagram of an embodiment of a method for secure data transmission in accordance with the present invention; Figure 8 is a sequence diagram of another embodiment of a method for securely transmitting data in accordance with the present invention; Figure 9 is a sequence diagram of another embodiment of a method for securely transmitting data in accordance with the present invention; Figure 10 is a sequence diagram of another embodiment of a method for secure data transmission in accordance with the present invention; Figure 11 is a message structure of a message that can be used in an embodiment of the method for secure data transmission according to the present invention; and Figure 12 is a schematic structure of a cryptographic information item as may be used in an embodiment of a method for securely transmitting data in accordance with the present invention.
    [00063] In the figures, the same elements or functionally similar elements are identified with the same reference signs, unless otherwise indicated.
    [00064] Figure 3 shows an activity diagram of an embodiment of a method for secure data transmission according to the present invention. The method comprises the following steps: - providing 100 data connections from different starting components via at least one intermediate component to a common destination component in each case; - grouping 101 of the intermediate components, dependent on an item of cryptographic information, for an intermediate component; and - transmitting 102 the data from the starting components through the grouped intermediate component to the destination component.
    [00065] The method steps defined above can be performed iteratively and/or in another sequence.
    [00066] Figure 4 shows a detailed activity diagram of a method for secure transmission according to an embodiment of the present invention.
    [00067] In a first step of method 200, the identification of different starting components, occurs at least an intermediate component and a common destination component.
    [00068] Thus, in the first step of method 200, the selection of components that must communicate, that is, exchange data with each other through a data connection, happens. The identification of communicating components can also be performed implicitly, through a method call from one component to another component. For example, through a remote method call, a control device calls a function from a field device, whereby it is specified that the control device must communicate with the field device through a connection of logical data. at the physical layer, it is now identified that the control unit method call must be fed through a substation or an intermediate component. Consequently, in method step 200, a starting component, specifically a control unit, an intermediate component, specifically a substation unit, and a field device are indistinctly identified.
    [00069] In a subsequent method step 201, a connection is established between the starting component identified in method step 200, the intermediate component and the destination component. Method step 201 may comprise, for example, establishing a TLS protocol session. Establishing a TLS protocol session may involve exchanging a plurality of messages from different starting components to the at least one intermediate component and from the intermediate component to the common destination component. Consequently, after the performance of method step 201, a logical connection is provided between the starting component and the destination component.
    [00070] In another method step 202, a command is transmitted from the starting component to the destination component. For example, a control command can be transmitted from the starting component to the target component.
    [00071] In the present exemplary embodiment, the method of the present invention is used within an automation network of a power technology. The starting component is therefore a control unit that controls a field device that is provided, for example, in a power station. in the present exemplary embodiment, in method step 201, the "close power circuit" command is transmitted to the field device. Consequently, the control unit transmits a parameter to the field device that indicates that the control device must close a power circuit. Alternatively, in method step 202, a remote method call takes place from the control unit to the field device.
    [00072] In a subsequent method step 203, the field device transmits a "challenge" to the control unit. A challenge is a request message that is generated, for example, through a Challenges / Responses process.
    [00073] In a subsequent method step 204, the control unit generates a corresponding response message that is created, for example, through a Challenges / Responses process. The calculated response message can be transmitted to the field device along with the command. Consequently, the field device is notified that a particular generated response refers to a particular command. The field device thus recognizes which response is involved, since the control unit can transmit a plurality of control messages relating to different commands and/or because a plurality of starting components transmit at least one relative response. to a particular command.
    [00074] In method step 205, the transmitted response message is checked, and if the comparison of the transmitted response message reveals that the transmitted response message matches an expected response message, the transmitted command is executed. Furthermore, in the method step 205, a confirmation of the execution of the command is performed by means of a confirmation message and another item of cryptographic information is transmitted by the destination component to the outgoing component. In this case, it is possible that the transmission of the cryptographic information during the method step 205 comprises a "Next Challenge" item or a "Next Nonce" information. It is therefore possible, during another data transmission from the starting component to the destination component, that method steps 203 and/or 204 are no longer done, since said steps can be performed through performance iteratively of the method steps 204 and/or 205. It is also possible, in each of the method steps 202, 203, 204 and 205, to transmit other parameters, i.e. other commands, other challenge messages, other response messages and /or other confirmation messages. The cryptographic information transmitted can also comprise, for example, a cryptoken.
    [00075] In another embodiment of the method for secure data transmission according to the present invention, the iterative execution of method steps 202 and/or 203 occurs. For example, in a method step 202, a command and a cryptographic information is transmitted by the departing component to the destination component and, in a method step 203, an acknowledgment message and another item of cryptographic information are transmitted from the destination component to the departing component. Consequently, in a repeated execution of method step 202, a new command is transmitted along with a new item of cryptographic information from the starting component to the destination component. Subsequently, in method step 203, transmission of an acknowledgment message along with another item of cryptographic information occurs.
    [00076] In a last optional method step 206, a check is made as to whether other data is present for a transmission from the starting component to the destination component, if it is guaranteed, in the method step 206, that other data is present for a transmission, a branch of one of the previously performed method steps 202, 203, 204 or 205 occurs.
    [00077] The described method steps may contain other substeps and may be performed iteratively and/or in a different sequence.
    [00078] Figure 5 shows a device 1 for securely transmitting data D according to an embodiment of the present invention. The device 1 for the secure transmission of data D comprises: - a provision unit 2 for the provision of DV data connections from different starting components SK via at least one intermediate component ZK, in each case, to a component of common destination ZK'; - a grouping unit 3 for grouping the intermediate component ZK dependent on an item of cryptographic information KI into an intermediate component ZK; and - a transmission unit 4 for the transmission of data D from the starting components SK via the grouped intermediate component ZK to the destination component ZK'.
    [00079] Other aspects of another exemplary mode of device 1 for secure data transmission D that can only be provided in this other mode will be described below. These aspects are therefore optional aspects.
    [00080] In the present exemplary embodiment, the provision unit 2 reads the different starting components SK, the at least two intermediate components ZK' and the common destination component ZK' from the data memory. it is also possible that the supply unit 2 receives the starting components SK, the intermediate components ZK and the common destination component ZK' provided by another unit. In addition, a quantity of data from which a selection of data D is to be transmitted to the target component ZK' is provided to provision unit 2. Provision unit 2 can, for example, identify DV data connections based on the transmitted start components SK, intermediate components ZK and/or destination components ZK', through which the DV data connections of the D data are to be transmitted. DV data connections can be logical, physical and/or hybrid DV data connections.
    [00081] The grouping unit 3 is suitable for grouping a plurality of intermediate components ZK into an intermediate component ZK dependent on an item of cryptographic information KI. To this end, it is possible that at least one item of cryptographic information KI becomes available to the grouping unit 3. The provision of cryptographic information KI can occur, for example, by calculating and/or by reading a memory of DB1 data. When intermediate unit ZK is selected, this information can be transmitted to transmission unit 4. Transmission unit 4 can then initiate data transmission D.
    [00082] Figure 6 shows a flowchart according to a method for securely transmitting data according to an embodiment of the present invention. In the present figure 6, a plurality of components 60 are input vertically, for example a control unit 63, a control substation unit 64 and a field device 65. For data transmission, an application of the TLS protocol with mutual authentication on a hop-to-hop basis using certificates is performed at a transport security layer 61. An MMS 62 protocol message flow takes place at the application layer.
    [00083] In comparison with the exemplary embodiment according to figure 1, in the exemplary embodiment according to the present figure 6, the message exchange is done by means of the control unit 63 and the field device 65. control 63 can be, for example, at least a start component SK, and field device 65 can be, for example, a destination component ZK'. The exchange of messages can be done, for example, through an MMS protocol handshake using AARQ request and/or AARE reply messages according to the MMS protocol specification. To this end, a Diffie-Hellman process can be used. Individual messages exchanged between the outgoing component 63 and the destination component 65 can be protected with a digital signature. For example, an AARQ request message can be extended with a crypttoken. An exemplary structure of a crypttoken is shown in Figure 12. Another exchange of messages can be done through AARE reply messages, which can also be extended with a crypttoken. The exchange of messages from the outbound component 63 to the destination component 65 is identified in Fig. 6 with an arrow 66. The exchange of messages from the destination component 65 to the outbound component 63 is identified in Fig. 6 with an arrow 67.
    [00084] In the present embodiment according to Figure 6, according to the present invention, the exchange of messages is performed between the outgoing component 63 and the destination component 65, in which the exchange of messages, as identified, by example, in figure 1 with arrows 16 and 17, it is not necessary. Thus, the establishment of a session according to the present invention takes place, in the application layer, directly between two point-to-point communication connections. The probability of a man-in-the-middle attack, as is possible according to Figure 1, is minimized by the method of the present invention.
    [00085] Figure 7 shows a sequential diagram of an embodiment of a method for secure data transmission according to an embodiment of the present invention. In figure 7, data transmission takes place from at least one starting component SK, through an intermediate component ZK, to a field device ZK' in the physical layer. To this end, a connection is established at the transport layer, for example, via a TLS TLSS protocol session. It is performed by means of multiple message exchanges between at least one of the starting components SK, at least one intermediate component ZK and the common destination component ZK'. In the present exemplary embodiment, according to Fig. 7, an exchange of messages 70 takes place, which can be represented according to the MMS protocol as follows: AARQ PDU1 (command)
    [00086] An AARQ message is an Application Association Request message. PDU represents, for example, a Protocol Data Unit as it is known in network technology. The command "command" can be a work instruction for field device ZK'. In another message 71, the destination component ZK' requests a response from the outgoing component SK by sending a challenge message. This message can be represented according to the MMS protocol as follows: AARE PDU2 (challenge)
    [00087] AARE matches a response Application Association Message. The calculation of the challenge, that is, a request message, can be done by the target component ZK' through a Challenges / Responses process. The starting component SK then calculates the response message in relation to the command transmitted in the message 70, and transmits said response in the message 72 again to the destination component ZK'. The ZK' target component then checks the response and executes the transmitted command depending on the response check. Message 72 can be represented according to the MMS protocol as follows: AARQ PDU3 (command (PDU1), reply)
    [00088] As long as the target component ZK' executes the command, the target component ZK' transmits an acknowledgment message, known as the Acknowledgment Acknowledgment ACK, along with another challenge, also known as a Nonce Message, to the SK starter component. This message 73 can be represented according to the MMS protocol as follows: AARE PDU4 (ACK, Next Nonce)
    [00089] In a renewed data transmission, instead of executing the method steps 70, 71, 72 and/or 73 again, in the modality of the present invention, the message 72 can be transmitted one more time, in which the response, in this case, refers to the Next Nonce transmitted in the previously transmitted message 73. In this way, the renewed authentication of the command takes place. According to the Nonce Information, there is a link with the respective preceding message. In this way, a session concept is implemented, which will allow a cryptographic chain link of the messages to be prepared in the application layer. In addition, the response calculation can also contain the current response message so that integrity protection can be done for the messages.
    [00090] In another embodiment of the method for secure data transmission, the HTTP protocol digest authentication approach is used, in which the server issues a challenge and the client calculates the appropriate response. Also, in this context, a Next Nonce mechanism can be used in order to avoid duplication of all request messages. Using the Next Nonce mechanism, only the first handshake would be duplicated, while all other responses from the server would receive the challenge via the last response. This approach originates from a symmetric secret, with which the integrity of messages is protected.
    [00091] Figure 8 shows a sequence diagram of another embodiment of the method for secure data transmission according to the present invention. Within the MMS protocol, the following concerns an extended MMS protocol. The starting component SK transmits a message to the destination component ZK', which can be represented according to the MMS protocol, as follows: AARQ PDU1 (command, crypttoken)
    [00092] In this exemplary modality, the cryptotoken receives a checksum that was generated by means of the starting component SK. When the cryptotoken transmitted matches an expected cryptotoken, the target component ZK transmits an acknowledgment message along with the crypttoken. This can be represented according to the MMS protocol, as follows: AARE PDU2 (ACK, crypttoken)
    [00093] In this way, the destination component ZK' confirms whether the integrity of the transmitted message 80 is guaranteed, when the data is repeatedly transmitted from the starting component SK to the destination component ZK', another transmission of the message 82 takes place, and this can be represented according to the MMS protocol, as follows: AARQ PDU3 (command, crypttoken)
    [00094] When the command is executed according to the message 82 transmitted by the destination component ZK', an acknowledgment and renewed transmission of the cryptoken by the destination component ZK' to the outgoing component SK takes place. This can be represented according to the MMS protocol, as follows: AARE PDU4 (ACK, crypttoken)
    [00095] As an alternative to the renewed transmission of messages 82 and 83, an iterative transmission of messages 80 and 81 may occur.
    [00096] In another modality of the method for secure data transmission according to the present invention, there is the use of a basically symmetrical approach similar to the H.235.1 process device. The H.235.1 process is a conventional method that is used in real-time communication. In the present modality, the identity of the sender and the receiver, as well as the time stamp and the sequence number can be added to all messages.
    [00097] This approach originates from a symmetric secret with which the integrity of messages can be protected. For the purpose of integrity protection, a Keyed Scatter process (HMAC) with updated Scatter functions such as SHA-256, SHA-512 and others can be used.
    [00098] Figure 9 shows a sequential diagram of a modality of a method for secure data transmission. In this case, in a first exchange of messages, the transmission of message 90 takes place and this can be represented according to the MMS protocol, as follows: AARQ PDU1 (command, crypttoken, signed)
    [00099] This modality is different from that shown in figure 8 in that a digital signature can be used. However, in this case, a signature verification is required to take place. It is particularly advantageous, in the embodiment according to figure 9, that no symmetric secret is needed. The digital signature can be transmitted, for example, via the "signed" parameter of the message 90 from the starting component SK to the destination component ZK'.
    [000100] Then, a transmission of message 91 is made from the destination component ZK' to the outgoing component SK, and this can be represented according to the MMS protocol, as follows: AARE PDU2 (ACK, cryptotoken, signed)
    [000101] In this way, the destination component ZK' confirms that the message comprising the command, the cryptoken and the signature was successfully received. When other data is transmitted by the starting component SK to the destination component ZK', the transmission of messages 92 takes place, and this can be represented according to the MMS protocol, as follows: AARQ PDU3 (command, crypttoken, signed) - and the transmission of message 93 takes place, which can be represented according to the MMS protocol, as follows: AARE PDU4 (ACK, cryptoken, signed)
    [000102] As an alternative to the transmission of messages 92 and 93, a renewed transmission of messages 90 and 91 can be initiated.
    [000103] In another modality of the method for secure data transmission according to the present invention, a basically asymmetric approach is used, similar to the H.235.2 standard, the H.235.2 standard being a conventional method of communication technology. In this mode, the identity of the sender and receiver, as well as the time stamp and sequence number can be added to all messages. This approach is based on an asymmetric key pair with which the integrity of messages can be protected. For integrity protection, a digital signature, for example an RSA algorithm, elliptic curves or the like can be used. Through signature, a non-repudiation can be done as a security service for each message, which can be done through a requirement to support role-based access methods.
    [000104] Figure 10 shows a sequence diagram of a method for secure data transmission according to an embodiment of the present invention. In this case, during message exchange, a transmission of message 10A takes place, and this can be represented according to the MMS protocol, as follows: AARQ PDU1 (command, crypttoken, signed, DHset)
    [000105] In this embodiment, a Diffie-Hellman Key establishment can be used in a handshake. For this purpose, it may be necessary to pass the parameter DHset from the source component SK to the destination component ZK'. In a subsequent message exchange, a 10B message is transmitted, which can be represented according to the MMS protocol, as follows: AARE PDU2 (ACK, crypttoken, signed, DHset)
    [000106] Then, by means of the 10C message, a method call is transmitted, and this can be represented according to the MMS protocol, as follows: AARQ PDU3 (command, crypttoken, keyed scatter)
    [000107] Follows the generation and transmission of the 10D message, and this can be represented according to the MMS protocol, as follows: AARE PDU4 (ACK, cryptotoken, keyed scatter)
    [000108] This modality concerns a combined execution of the procedure described above, as described in figure 9 and figure 8. In this case, it is advantageous that a smaller computational power is necessary, since the repeated verification of the subscription may be waived. it is also particularly advantageous, in the embodiment of figure 10, that a new key is generated for each data exchange session.
    [000109] In the present embodiment of Figure 10, data integrity is therefore guaranteed based on the key pair and a digital signature for a first handshake.
    [000110] In another embodiment of the method for secure data transmission according to the present invention, a hybrid approach of the H.235.3 standard is used, which is a telecommunication process. In the first handshake, a Diffie-Hellman Key establishment, which is digitally signed with the asymmetric key material, can be used. This approach relies on an asymmetric key pair. Preferably, this handshake can be done on the AARQ request and AARE reply messages. With the use of the Shared Key thus established, integrity protection can then be done for messages within the session. This protection can be implemented using the HMAC code.
    [000111] Figure 11 shows a possible message structure that can be used in an embodiment of the method of the present invention for secure data transmission. The message shown in Fig. 11 may be an extended MMS protocol message with a cryptoken 113 and/or a checksum, for example a MAC code 114. The message has an IP header 110, a UDP/TCP header 111, a MMS 112 protocol payload, a cryptotoken 113, and/or a MAC code 114. The MMS 112 protocol payload can be a payload. At the application layer, the MMS protocol payload 115, the cryptoken 113, and the MAC code 114 can be designated as the payload, as indicated by arrow 115.
    [000112] In the message structure shown in Figure 11, the essential information for the method execution is encapsulated with the use of cryptotokens. A crypttoken 113 encapsulates all essential cryptographic information and can therefore be included equally in all messages. MAC code 114 at the end of the message allows for payload integrity checking. One possible definition of a cryptotoken 113 for carrying the necessary cryptographic information can be represented as an ASN.1 notation tree. An example of it is shown in figure 12.
    [000113] The cryptotoken 113 may comprise, for example, the Nonce Information. With the use of the message construct shown, the integrity of the MMS protocol payload 112 and/or the cryptoken 113 can be guaranteed, as shown in Figure 11 by arrow 116.
    [000114] Figure 12 shows a schematic form of the crypttoken structure. A crypttoken can be defined, for example, through the following source code.


    [000115] The cryptotoken 120 shown in figure 12 may correspond, for example, to the cryptotoken 113 shown in figure 11.
    [000116] In the present exemplary modality, the crypttoken 120 can comprise a TokenOID 121, a Clear Token 122, a Hashed Datatype 123 and/or a Signed-Datatype 124. For the purposes of a more intuitive understanding, the following list shows the identifications of reference signals: 120 - crypttoken 121 - tokenOID 122 - ClearToken 123 - HASHED 124 - signed 1221 - tokenOID 1222 - certificate 1223 - dhkey 1224 - timeStamp 1225 - Sequence Number (Sequential number) 1226 - random (random, random) 1227 - receiver ID 1228 - senders ID 1231 - algorithmOID 1232 - paramS = NULL 1233 - hash (scatter) 1241 - algorithmOID 1242 - paramS = NULL 1243 - signature
    权利要求:
    Claims (12)
    [0001]
    1. Method for secure data transmission (D), characterized in that it comprises the steps of, - provision (100) of data connections (DV) from different starting components (SK) through at least one intermediate component (ZK) to a common destination component (ZK') in each case; - grouping (101) of intermediate components (ZK), dependent on a cryptographic information item (KI), for an intermediate component (ZK) grouped by means of at least one exchange of messages by a grouping unit (3), being that the cryptographic information (KI) is a generated token and/or Nonce Information item, and where it is negotiated which of the intermediate components (ZK) are grouped; and - transmission (102) of the data (D) of the starting components (SK) through the grouped intermediate component (ZK) to the destination component (ZK'), with the grouping (101) of the intermediate components (ZK) is performed through at least one routing operation, so that from the intermediate components (ZK) precisely one intermediate component (ZK) is selected and the selected intermediate component (ZK) is addressed via the network addresses of the intermediate components ( ZK) not selected.
    [0002]
    2. Method according to claim 1, characterized in that the different starting components (SK), the intermediate components (ZK) and/or the destination component (ZK') are provided in an automation network.
    [0003]
    3. Method according to claim 1 or 2, characterized in that the transmission (102) of the data (D) is performed by means of an extended Multimedia Message Service protocol.
    [0004]
    4. Method according to claim 3, characterized in that the message exchange is carried out between the different starting components (SK), the intermediate components (ZK) and/or the destination components (ZK').
    [0005]
    5. Method according to claim 3 or 4, characterized in that the message exchange implements at least one symmetric and/or asymmetric cryptographic method.
    [0006]
    6. Method, according to any one of claims 3 to 5, characterized in that the message exchange is performed according to a shared key process, a Digest Authentication process of http protocol, a Challenge / Response process , a Keyed Scatter process, a Scatter Function, a Diffie-Hellman process, and/or a digital signature process.
    [0007]
    7. Method according to any one of claims 3 to 6, characterized in that at least one message is exchanged (70; 71; 72, 73; 80; 81; 82; 83; 90; 91; 92; 93; 10A; 10B; 10C; 10D) comprises a reference to a Nonce Information item, a random number, a pseudo-random number, a command, an identity of a sender, an identity of a receiver, a timestamp and/or a number sequential.
    [0008]
    8. Method according to any one of claims 3 to 7, characterized in that at least one message is exchanged (70; 71; 72, 73; 80; 81; 82; 83; 90; 91; 92; 93; 10A; 10B; 10C; 10D) contains the cryptographic information.
    [0009]
    9. Method according to any one of claims 3 to 8, characterized in that at least one message is exchanged (70; 71; 72, 73; 80; 81; 82; 83; 90; 91; 92; 93; 10A; 10B; 10C; 10D) contains a checksum.
    [0010]
    10. Method according to any one of claims 3 to 9, characterized by the fact that the exchange of messages is carried out dependent on an encryption protocol.
    [0011]
    11. Method according to any one of claims 1 to 10, characterized in that the grouping (101) of the intermediate components (ZK) is performed by means of at least one allocation of network addresses, an application of a protocol of session, the establishment of a secure data connection (DV), the transmission of a command, the transmission of a cryptographic information item (KI) and/or the transmission of a confirmation message.
    [0012]
    12. Device (1) for secure data transmission (D), particularly for carrying out the method as defined in any one of claims 1 to 11, characterized in that it comprises, - a provision unit (2) for the provision of data connections (DV) from different starting components (SK) through at least one intermediate component (ZK) in each case, to a common destination component (ZK'); - a grouping unit (3) for grouping the intermediate components (ZK), dependent on a cryptographic information item (KI), for an intermediate component (ZK) grouped by means of at least one exchange of messages to negotiate which of the intermediate components (ZK) are grouped, and the cryptographic information (KI) is a generated token and/or Nonce Information item; and - a transmission unit (4) for the transmission of data (D) from the starting components (SK) through the intermediate components grouped together (ZK) in the destination component (ZK'), with the grouping unit (3) performs the grouping (101) of the intermediate components (ZK) by means of at least one routing operation so that the grouping unit (3) selects from the intermediate components (ZK) precisely an intermediate component (ZK) and the selected intermediate component (ZK) is addressed via the network addresses of the intermediate components (ZK) not selected.
    类似技术:
    公开号 | 公开日 | 专利标题
    BR112012011445B1|2021-07-06|method and device for secure data transmission
    Tschofenig et al.2016|Transport layer security |/datagram transport layer security | profiles for the internet of things
    US10601594B2|2020-03-24|End-to-end service layer authentication
    US11164674B2|2021-11-02|Multimodal cryptographic data communications in a remote patient monitoring environment
    US7707412B2|2010-04-27|Linked authentication protocols
    US20170201382A1|2017-07-13|Secure Endpoint Devices
    KR101704540B1|2017-02-09|A method of managing group keys for sharing data between multiple devices in M2M environment
    KR100948604B1|2010-03-24|Security method of mobile internet protocol based server
    JP4870427B2|2012-02-08|Digital certificate exchange method, terminal device, and program
    CN108650227A|2018-10-12|Handshake method based on datagram secure transfer protocol and system
    WO2018075965A1|2018-04-26|Dark virtual private networks and secure services
    JP4025734B2|2007-12-26|Session management apparatus, method, and program for establishing encrypted communication channel between terminals
    CN108432203B|2021-07-23|Method and system for key distribution between a server and a medical device
    JP2004194196A|2004-07-08|Packet communication authentication system, communication controller and communication terminal
    JP4583424B2|2010-11-17|Session management apparatus, method, and program for establishing encrypted communication channel between terminals
    JP2021511613A|2021-05-06|Devices, methods and products for messaging using message-level security
    GB2584590A|2020-12-16|Machine-to-machine communication mechanisms
    Park et al.2021|A New Approach to Constructing Decentralized Identifier for Secure and Flexible Key Rotation
    Chen2021|Use Identity as Raw Public Key in EAP-TLS draft-chen-emu-eap-tls-ibs-03
    Binding2013|Network Working Group S. Hartman Internet− Draft M. Wasserman Intended status: Informational Painless Security Expires: August 29, 2013 D. Zhang Huawei
    Binding2012|Network Working Group S. Hartman Internet-Draft M. Wasserman Intended status: Informational Painless Security Expires: December 30, 2012 D. Zhang Huawei
    Hoeper2011|EMU Working Group S. Hartman, Ed. Internet-Draft Painless Security Intended status: Standards Track T. Clancy Expires: May 2, 2012 Electrical and Computer Engineering
    Hoeper2011|EMU Working Group S. Hartman, Ed. Internet-Draft Painless Security Intended status: Standards Track T. Clancy Expires: January 12, 2012 Electrical and Computer Engineering
    Binding2012|Network Working Group S. Hartman Internet-Draft M. Wasserman Intended status: Informational Painless Security Expires: September 6, 2012 D. Zhang Huawei
    Lechner2009|Securing backbones for embedded home and building automation networks
    同族专利:
    公开号 | 公开日
    RU2554532C2|2015-06-27|
    CN102577314B|2015-05-13|
    US20120260088A1|2012-10-11|
    US9398049B2|2016-07-19|
    EP2494759B1|2019-05-08|
    DE102009051383A1|2011-05-12|
    BR112012011445A2|2016-05-03|
    WO2011051028A1|2011-05-05|
    RU2012122190A|2013-12-10|
    EP2494759A1|2012-09-05|
    CN102577314A|2012-07-11|
    引用文献:
    公开号 | 申请日 | 公开日 | 申请人 | 专利标题
    US7055173B1|1997-12-19|2006-05-30|Avaya Technology Corp.|Firewall pooling in a network flowswitch|
    AU2002363156A1|2001-10-29|2003-05-12|Omtool, Ltd|Methods and apparatus for securely communicating a message|
    US7243366B2|2001-11-15|2007-07-10|General Instrument Corporation|Key management protocol and authentication system for secure internet protocol rights management architecture|
    US7984157B2|2002-02-26|2011-07-19|Citrix Systems, Inc.|Persistent and reliable session securely traversing network components using an encapsulating protocol|
    US7661129B2|2002-02-26|2010-02-09|Citrix Systems, Inc.|Secure traversal of network components|
    DE10353253A1|2003-11-13|2005-06-23|Endress + Hauser Process Solutions Ag|Method for servicing field devices of process automation technology with a maintenance computer of the device manufacturer|
    US20060190999A1|2004-11-22|2006-08-24|David Chen|Method and apparatus for two-way transmission of medical data|
    US20050257257A1|2003-11-21|2005-11-17|O'connor Dennis|Method and apparatus for two-way transmission of medical data|
    GB0411560D0|2004-05-24|2004-06-23|Protx Group Ltd|A method of encrypting and transferring data between a sender and a receiver using a network|
    US7523491B2|2005-01-03|2009-04-21|Nokia Corporation|System, apparatus, and method for accessing mobile servers|
    CN1874323A|2006-06-20|2006-12-06|四川长虹电器股份有限公司|Method for transmitting message in multimedia|
    US20080189781A1|2007-02-02|2008-08-07|Sharp Laboratories Of America, Inc.|Remote management of electronic devices|
    US9730078B2|2007-08-31|2017-08-08|Fisher-Rosemount Systems, Inc.|Configuring and optimizing a wireless mesh network|
    DE102009051383A1|2009-10-30|2011-05-12|Siemens Aktiengesellschaft|Method and device for the secure transmission of data|US7162035B1|2000-05-24|2007-01-09|Tracer Detection Technology Corp.|Authentication method and system|
    US8171567B1|2002-09-04|2012-05-01|Tracer Detection Technology Corp.|Authentication method and system|
    US7995196B1|2008-04-23|2011-08-09|Tracer Detection Technology Corp.|Authentication method and system|
    DE102009051383A1|2009-10-30|2011-05-12|Siemens Aktiengesellschaft|Method and device for the secure transmission of data|
    GB2482653B|2010-06-07|2012-08-29|Enecsys Ltd|Solar photovoltaic systems|
    WO2016114842A1|2014-10-31|2016-07-21|Convida Wireless, Llc|End-to-end service layer authentication|
    CN104702466B|2015-02-12|2018-02-23|中国南方电网有限责任公司|A kind of process layer safety test system and method based on IEC62351|
    EP3272094B1|2015-03-16|2021-06-23|Convida Wireless, LLC|End-to-end authentication at the service layer using public keying mechanisms|
    US9692757B1|2015-05-20|2017-06-27|Amazon Technologies, Inc.|Enhanced authentication for secure communications|
    CN105519028B|2015-07-01|2019-05-28|海能达通信股份有限公司|A kind of wireless system connection control method and device|
    KR102017758B1|2016-07-11|2019-10-21|한국전자통신연구원|Health device, gateway device and method for securing protocol using the same|
    US10523678B2|2016-10-25|2019-12-31|Sean Dyon|System and method for architecture initiated network access control|
    DE102017102677A1|2017-02-10|2018-08-16|Endress+Hauser Conducta Gmbh+Co. Kg|Method for authenticating a field device of automation technology|
    DE102017208735A1|2017-05-23|2018-11-29|Siemens Aktiengesellschaft|Method and device for protecting a communication between at least one first communication device and at least one second communication device, in particular within a communication network of an industrial manufacturing and / or automation|
    RU2649414C1|2017-07-31|2018-04-03|Федеральное государственное бюджетное учреждение "16 Центральный научно-исследовательский испытательный ордена Красной Звезды институт имени маршала войск связи А.И. Белова" Министерства обороны Российской Федерации|Portable multifunctional communication complex|
    CN112311544B|2020-12-31|2021-03-16|飞天诚信科技股份有限公司|Method and system for communication between server and authenticator|
    法律状态:
    2019-01-08| B06F| Objections, documents and/or translations needed after an examination request according [chapter 6.6 patent gazette]|
    2020-01-14| B15K| Others concerning applications: alteration of classification|Free format text: AS CLASSIFICACOES ANTERIORES ERAM: H04L 29/06 , G05B 19/418 Ipc: H04L 29/06 (1990.01) |
    2020-01-21| B06U| Preliminary requirement: requests with searches performed by other patent offices: procedure suspended [chapter 6.21 patent gazette]|
    2021-05-04| B09A| Decision: intention to grant [chapter 9.1 patent gazette]|
    2021-07-06| B16A| Patent or certificate of addition of invention granted|Free format text: PRAZO DE VALIDADE: 20 (VINTE) ANOS CONTADOS A PARTIR DE 02/09/2010, OBSERVADAS AS CONDICOES LEGAIS. PATENTE CONCEDIDA CONFORME ADI 5.529/DF, QUE DETERMINA A ALTERACAO DO PRAZO DE CONCESSAO. |
    优先权:
    申请号 | 申请日 | 专利标题
    DE102009051383A|DE102009051383A1|2009-10-30|2009-10-30|Method and device for the secure transmission of data|
    DE102009051383.3|2009-10-30|
    PCT/EP2010/062833|WO2011051028A1|2009-10-30|2010-09-02|Method and device for securely transmitting data|
    [返回顶部]