EP 3970335 A1 20220323 - METHOD FOR IMPLEMENTING CLIENT SIDE CREDENTIAL CONTROL TO AUTHORIZE ACCESS TO A PROTECTED DEVICE
Title (en)
METHOD FOR IMPLEMENTING CLIENT SIDE CREDENTIAL CONTROL TO AUTHORIZE ACCESS TO A PROTECTED DEVICE
Title (de)
VERFAHREN ZUR IMPLEMENTIERUNG EINER KUNDENSEITIGEN BERECHTIGUNGSKONTROLLE ZUR AUTORISIERUNG DES ZUGRIFFS AUF EINE GESCHÜTZTE VORRICHTUNG
Title (fr)
PROCÉDÉ DE MISE EN OEUVRE D'UN CONTRÔLE DE JUSTIFICATIF D'IDENTITÉ CÔTÉ CLIENT POUR AUTORISER UN ACCÈS À UN DISPOSITIF PROTÉGÉ
Publication
Application
Priority
HU 2019050023 W 20190514
Abstract (en)
[origin: WO2020229853A1] The invention relates to a method for client-side credential control to allow remote access to a second (protected) device, the method comprising: - providing a gateway integrated into the second (protected) device, or independent thereof capable for communication using electronic data channel with the first (client) device, - providing a secure storage device to first (client) device, - providing user privileges to at least one command executable by the second (protected) device and storing user credentials (privilege data) in the secure storage device; - providing a key pair of asymmetric cryptography having a private key and a public key, - storing the private key of the key pair used for the asymmetric encryption in the secure storage device, - generating at least one data related to the command executable by the second (protected) device, - checking in the secure storage device, whether the data related to the command executable by the second (protected) device corresponds to at least one user credential related to the command executable by the second (protected) device, stored in the secure storage device, - in case of correspondence generating in the secure storage device a data block derived from the data related to the command executable by the second (protected) device, - signing the data block with the support of the secure storage device using the private key stored in the secure storage device, - generating at least one data packet from the data block signed with the private key - transmitting the at least one data packet to the gateway via the electronic communication channel. The invention further relates to a gateway, a secure storage device and computer program products for performing the method according to the invention.
IPC 8 full level
H04L 9/32 (2006.01); H04W 12/08 (2021.01)
CPC (source: EP)
H04L 9/3234 (2013.01); H04L 63/0442 (2013.01); H04L 63/10 (2013.01); H04L 63/0209 (2013.01); H04L 63/0272 (2013.01); H04L 63/0823 (2013.01); H04L 63/083 (2013.01); H04L 63/0853 (2013.01); H04L 2463/121 (2013.01)
Citation (search report)
See references of WO 2020229853A1
Designated contracting state (EPC)
AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR
Designated extension state (EPC)
BA ME
DOCDB simple family (publication)
DOCDB simple family (application)
HU 2019050023 W 20190514; EP 19745263 A 20190514