Processing

Please wait...

Settings

Settings

Goto Application

1. WO2020094798 - CONTROLLING ACCESS RIGHTS IN A NETWORKED SYSTEM WITH DATA PROCESSING

Publication Number WO/2020/094798
Publication Date 14.05.2020
International Application No. PCT/EP2019/080564
International Filing Date 07.11.2019
IPC
H04W 12/08 2009.01
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
WWIRELESS COMMUNICATION NETWORKS
12Security arrangements, e.g. access security or fraud detection; Authentication, e.g. verifying user identity or authorisation; Protecting privacy or anonymity
08Access security
G06F 21/60 2013.01
GPHYSICS
06COMPUTING; CALCULATING OR COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
60Protecting data
G06F 21/62 2013.01
GPHYSICS
06COMPUTING; CALCULATING OR COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
60Protecting data
62Protecting access to data via a platform, e.g. using keys or access control rules
H04W 12/06 2009.01
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
WWIRELESS COMMUNICATION NETWORKS
12Security arrangements, e.g. access security or fraud detection; Authentication, e.g. verifying user identity or authorisation; Protecting privacy or anonymity
06Authentication
H04L 29/06 2006.01
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
29Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/-H04L27/136
02Communication control; Communication processing
06characterised by a protocol
G06F 21/31 2013.01
GPHYSICS
06COMPUTING; CALCULATING OR COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
30Authentication, i.e. establishing the identity or authorisation of security principals
31User authentication
CPC
G06F 21/31
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
30Authentication, i.e. establishing the identity or authorisation of security principals
31User authentication
G06F 21/44
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
30Authentication, i.e. establishing the identity or authorisation of security principals
44Program or device authentication
G06F 21/604
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
60Protecting data
604Tools and structures for managing or administering access control systems
G06F 21/6218
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
60Protecting data
62Protecting access to data via a platform, e.g. using keys or access control rules
6218to a system of files or objects, e.g. local or distributed file system or database
H04L 63/10
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
63Network architectures or network communication protocols for network security
10for controlling access to network resources
H04L 63/101
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
63Network architectures or network communication protocols for network security
10for controlling access to network resources
101Access control lists [ACL]
Applicants
  • SAMSON AKTIENGESELLSCHAFT [DE]/[DE]
Inventors
  • SCHÖBEL, Michael
  • MOJZIS, Martin
Agents
  • KÖLLNER, Malte
Priority Data
10 2018 127 949.308.11.2018DE
Publication Language German (DE)
Filing Language German (DE)
Designated States
Title
(DE) KONTROLLE VON ZUGRIFFSRECHTEN IN EINEM VERNETZTEN SYSTEM MIT DATENVERARBEITUNG
(EN) CONTROLLING ACCESS RIGHTS IN A NETWORKED SYSTEM WITH DATA PROCESSING
(FR) CONTRÔLE DE DROITS D'ACCÈS DANS UN SYSTÈME EN RÉSEAU AVEC TRAITEMENT DE DONNÉES
Abstract
(DE)
Die Erfindung betrifft ein Verfahren zur rechnergestützten Verwaltung von Berechtigungen bzw. Zugriffsrechten in einem vernetzten System mit Datenverarbeitung. Das Verfahren beruht auf einer Unterteilung bzw. Gruppierung von Objekten (O1,..., Ot) des Systems wie z.B. Dateien, Ge- räten, Anwendungsprogrammen,... in Objektgruppen. Dabei entscheidet die Zugehörigkeit zu einer Objektgruppe, ob einem Nutzer (N1,..., N,) ein Zugriffsrecht auf ein Objekt (O1,..., Ot) ge- währt oder verweigert wird. Die Bildung der Objektgruppen erfolgt mithilfe von Regeln, die sich auf mindestens eine Eigenschaft der Objekte (O1,..., Ot) beziehen, insbesondere eine zeitlich ver- änderliche Eigenschaft. Dabei wird die Zugehörigkeit der Objekte (O1,..., Ot) zu einer Objekt- gruppe laufend aktualisiert, so dass nur auf Objekte (O1,..., Ot) mit bestimmten Eigenschaften zugegriffen werden kann. Dadurch wird die Verwaltung der Zugriffsrechte sicherer sowie auch vereinfacht, da hierarchische Organisationsstrukturen entfallen. Das Verfahren eignet sich be- sonders für sicherheitskritische Systeme wie Versorgungssysteme für Fernwärme, Erdgas, Strom oder Wasser oder verfahrenstechnische Anlagen.
(EN)
The invention relates to a method for the computer-aided administration of authorizations or access rights in a networked system with data processing. The method involves subdivision or grouping of objects (O1,..., Ot) in the system such as files, devices, application programs etc. into object groups. Membership of an object group determines whether an access right to an object (O1,..., Ot) is granted to a user (N1,..., N,) or refused. The object groups are formed with the aid of rules which relate to at least one property of the objects (O1,..., Ot), particularly a property that varies over time. Assignment of the objects (O1,..., Ot) to an object group is continuously updated, so that it is only possible to access objects (O1,..., Ot) with specified properties. As a result, administration of the access rights is more reliable and also easier, as hierarchical organizational structures are not required. The method is particularly suitable for security-critical systems such as supply systems for district heat, natural gas, power or water, or process engineering machinery and equipment.
(FR)
L'invention concerne un procédé pour la gestion informatisée d'autorisations et de droits d'accès à un système en réseau avec traitement de données. Le procédé se base sur une division ou un groupement d'objets (O1,..., Ot) du système, tels que, p. ex., fichiers, appareils, programmes d'application,,... en groupes d'objets. L'appartenance à un groupe d'objets décide si un utilisateur (N1,..., N,) se voit octroyer ou refuser un droit d'accès à un objet (O1,..., Ot). La formation des groupes d'objets s'effectue à l'aide de règles, qui se réfèrent à au moins une propriété de l'objet (O1,..., Ot), en particulier une propriété variable dans le temps. L'appartenance des objets (O1,..., Ot) à un groupe d'objets est continuellement actualisée, de sorte que l'on ne peut avoir accès qu'aux seuls objets (O1,..., Ot) ayant certaines propriétés. La gestion des droits d'accès devient ainsi plus sûre ainsi que plus facile, étant donné que des structures d'organisation hiérarchiques sont supprimées. Le procédé convient en particulier pour des systèmes critiques au niveau de la sécurité tels que des systèmes d'alimentation pour chauffage urbain, gaz naturel, électricité ou eau ou des installations de traitement.
Latest bibliographic data on file with the International Bureau