SYSTEM AND METHOD FOR AUTHENTICATION ON A DEVICE

Abstract

A method for the authentication on a device includes a step of providing a certificate, the certificate enabling a limited number N of authentication processes. The method further includes a step of carrying out an authentication process on the device, and a step of reducing the number N of authentication processes that are still possible for the certificate.

Claims

1-14. (canceled)

15. A method for authentication on an appliance, the method comprising: providing a certificate, the certificate enabling a limited number N of authentication processes; carrying out an authentication process on the appliance; and reducing the number N of authentication processes that are still possible for the certificate.

16. The method according to claim 15, wherein the authentication process comprises: checking whether the number N of authentication processes that are still possible is greater than zero; and upon determining that the number N of authentication processes that are still possible is not greater than zero, rejecting the authentication process on the appliance.

17. The method according to claim 15, wherein the method further comprises: determining a user type from a plurality of different user types; and providing a certificate which enables one or more specific access rights to the appliance depending on the user type.

18. The method according to claim 15, wherein the authentication process comprises: receiving a challenge from the appliance; determining a response to the challenge, the response depending on the challenge and the certificate; and sending the response to the appliance.

19. The method according to claim 15, which comprises providing the certificate on a hardware security module.

20. The method according to claim 19, which comprises reducing the number N of authentication processes that are still possible by a counter on the hardware security module.

21. The method according to claim 19, which comprises: authenticating a computer unit on the appliance; and enabling access to the certificate via a communication interface between the computer unit and the hardware security module.

22. The method according to claim 15, which comprises providing the certificate by a server that is responsible for an administration of accesses to the appliance.

23. The method according to claim 22, which further comprises: carrying out a server authentication process on the server to authenticate a unit requesting to obtain the certificate from the server; and providing the certificate following a successful server authentication process.

24. The method according to claim 22, which further comprises providing information relating to the appliance from the server together with the certificate.

25. The method according to claim 22, wherein the number N of possible authentication processes for the certificate, when the certificate is provided via the server, lies between 2 and 10.

26. The method according to claim 15, wherein the number N of possible authentication processes for the certificate, when the certificate is first provided, lies between 2 and 10.

27. The method according to claim 15, wherein the appliance is a household appliance.

28. The method according to claim 27, wherein the household appliance is an appliance selected from the group consisting of a washing machine, a dryer, a food processor, a stove, an oven, a refrigerator, and a dishwasher.

29. The method according to claim 15, wherein: the certificate is configured to enable a user of the certificate to access the appliance following a successful authentication process; and the certificate is configured to limit an access to a subset of access rights from a total set of access rights.

30. A system for authentication on an appliance, the system being configured: to provide a certificate, the certificate enabling a limited number N of authentication processes; to carry out an authentication process on the appliance; and to decrease the number N of authentication processes that are still possible for the certificate.

Description

[0019] The invention will now be described in greater detail making reference to the exemplary embodiments illustrated in the drawings. In the drawings:

[0020] FIG. 1 shows a block diagram of a system for authenticating a user on an appliance;

[0021] FIG. 2 shows an exemplary sequence of an authentication process on an appliance; and

[0022] FIG. 3 shows a flow chart of an exemplary method for authentication on an appliance.

[0023] As set out in the introduction, the present document concerns the efficient and secure authentication of a user or of the computer unit of a user on an appliance. In this context, FIG. 1 shows a system 100 for authentication on an appliance 105, in particular on a household appliance. The system 100 comprises a hardware security module (HSM) 103 which is embodied to receive a certificate 102 from an authentication server 101 (step 111 in FIG. 1). Here, the certificate 102 can enable access to a specific appliance 105 and/or to a specific group of appliances 105. Furthermore, the certificate 102 can define the scope of activities which can be executed in the context of an access to an appliance 105.

[0024] The certificate 102 comprises a specific (maximum) usage number, wherein the usage number shows how often or how many times the certificate 102 can and/or may be used for authentication on an appliance 105.

[0025] The certificate 102 can be stored in the HSM 103. The HSM 103 can be connected to a computer unit 104 (for example to a smartphone or a laptop computer) by a user via an interface 108 (for example, via USB). A communication connection 112 (for example, Bluetooth and/or WLAN) can be set up between the computer unit 104 and the appliance 105 to enable access to an appliance 105.

[0026] The appliance 105 can send a challenge 113 to the computer unit 104 via the communication connection 112. The challenge 113 can comprise, for example, a random number. The computer unit 104 can thereupon complete or sign the challenge 113 using the certificate (for example, by means of one of the passwords included in the certificate). On the basis of the signed challenge 113, a response 114 can then be sent from the computer unit 104 to the appliance 105. For example, the signed challenge 113 can be encrypted and/or a hash function of the signed challenge 113 can be created and sent as a response 114. On the basis of the response 114, the appliance 105 can authenticate the computer unit 104 or reject an authentication. The computer unit 104 can also be informed of the authentication result 115. Following successful authentication, the access 117 to the appliance 105 can be enabled.

[0027] The appliance 105 can comprise a communication unit 107 via which the communication with the computer unit 104 takes place. Furthermore, the appliance 105 can comprise a control unit 106 which is configured to evaluate the response 114 in order to authenticate a computer unit 104.

[0028] The HSM 103 is embodied to reduce (step 116) the remaining usage number of the certificate 102 for each authentication process. Furthermore, the HSM 103 can be configured to prevent a further use of the certificate 102 for authentication purposes if the remaining usage number of the certificate 102 is zero. Alternatively or additionally the appliance 105 can be embodied to update the usage number of a certificate 102. Furthermore, the appliance 105 can be configured to check the remaining usage number as part of an authentication process.

[0029] Without loss of generality, a customer service intervention is described below as an example of an access to an appliance 105. The method described in this document for authentication on an appliance 105, in particular a household appliance, can however in principle be used by any individual.

[0030] The user 202 (see FIG. 2), who would like to authenticate themselves on the appliance 105 or on the system master SMM 205 of the appliance 105, uses an HSM (hardware security module) 103, possibly as the only required hardware. With the aid of a (possibly freely available) web service, the user 202 can, for example, use a PC or a smartphone to authenticate themselves with a backend server 101. By specifying and evidencing specific information, a distinction can be made, where appropriate, between different user groups (for example, end user, customer service, appliance developer, etc.). The user can request (step 211) a digital certificate 102 according to their authorization, for example to carry out a customer service intervention on a particular appliance 105 or on a defined group of appliances 105. Here, the granularity of the access rights can depend on the implementation and/or the properties of the appliance 105.

[0031] A digital certificate 102 can be generated (step 212) by the backend server 101 depending on the properties of the user 202 and/or the appliance 105 or the appliance group. The digital certificate 102 can be securely stored (step 213) in the HSM 103 with the aid of one of more technologies provided by the HSM 103 (for example, “PKI as a Service”, “Device Issuer CA”, “Built-In PKI” and/or Secure Channel). PKI stands for public key infrastructure and CA for certification authority.

[0032] Requests for a certificate 102, which are not considered to be plausible, can be rejected by the backend server 101 (for example, too many access or certificate requests in one day). Where appropriate, requests from known, invalid users can also be rejected, allowing for example an effective revoking of certificates 102. This functionality can not typically be replicated with an implementation without HSM 103.

[0033] If access to an appliance 105 is to be implemented, the user inserts the HSM 103 into a computer unit 104 (for example in a smartphone with a USB OTG interface). A software APP on the computer unit 104 can enable (step 214) an end-to-end communication 112 between the HSM 103 and the appliance 105.

[0034] The user then proves their authorization with the certificate 102 by means of a challenge-response method (steps 215, 216, 217, 219), wherein a random number (for example, in the form of an authentication token) 203 of the appliance 105 is signed (step 218) by a private key of the certificate 102 in the HSM 103. Access can be restricted by the HSM features “Key Use Counter” and/or “Key Restriction”. After each use, an internal counter is counted down (step 116). As soon as the value of the counter reaches 0, no further use is possible with the installed certificate 102. This means that a loss of the HSM 103 only has a limited impact on security.

[0035] Security can also be increased further as an option through the use of PIN management.

[0036] The measures described in this document can improve the ease of handling and increase security. Furthermore, as a new certificate 102 has to be obtained from a backend server 101 in a timely manner before each access, current information on an appliance 105 can be provided which improves access to the appliance 105. For example, information on preceding accesses and/or current software or firmware versions for an appliance 105 can be transmitted. As an alternative to an HSM 103, a JavaCard-compatible NFC smartcard which has the HSM-relevant features can be used.

[0037] FIG. 3 shows a flow diagram of an exemplary method 300 for authentication (of a unit 104 and/or a user 202) on an appliance 105. The method 300 can be executed by a system 100 and/or by a computer unit 104. The method 300 comprises providing 301 a certificate 102, the certificate 102 enabling a limited number N of authentication processes (for example, N>1 and/or N<5 on delivery of the certificate 102).

[0038] Furthermore, the method 300 comprises carrying out 302 an authentication process on the appliance 105 using the certificate 102. The method 300 furthermore comprises reducing 303 the number N of authentication processes that are still possible for the certificate 102. In this way, the number N of authentication processes that are still possible for the certificate 102 can be reduced (by one in each case) after each authentication process. The access to an appliance 105 (or to an appliance group) can therefore be enabled and/or controlled in an efficient and secure manner.

[0039] The present invention is not restricted to the exemplary embodiments shown. In particular, it should be noted that the description and the figures are only intended to illustrate the principle of the proposed system and/or the proposed method.