US 12,069,094 B2
Method and device for configuring an access protection system
Volker Fusenig, Trier (DE); and Angela Schattleitner, Tuntenhausen (DE)
Assigned to Siemens Aktiengesellschaft, Munich (DE)
Appl. No. 17/276,579
Filed by Siemens Aktiengesellschaft, Munich (DE)
PCT Filed Sep. 3, 2019, PCT No. PCT/EP2019/073423
§ 371(c)(1), (2) Date Mar. 16, 2021,
PCT Pub. No. WO2020/057958, PCT Pub. Date Mar. 26, 2020.
Claims priority of application No. 18194992 (EP), filed on Sep. 18, 2018.
Prior Publication US 2022/0053025 A1, Feb. 17, 2022
Int. Cl. H04L 29/06 (2006.01); H04L 9/40 (2022.01)
CPC H04L 63/20 (2013.01) [H04L 63/10 (2013.01)] 17 Claims
OG exemplary drawing
 
1. A computer-implemented method for configuring an access protection system for regulating a data communication connection of a computer-implemented application between a first computer network and a second computer network, comprising:
providing the computer-implemented application;
providing a reconstruction of the first computer network in a test system and executing the computer-implemented application therein, wherein the reconstruction of the first computer network includes network components and connections, wherein executing the computer-implemented application in the test system results in a trusted data communication connection from the reconstruction of the first network to the second computer network, wherein the test system is shielded from communication relationships other than the trusted data communication connection resulting from executing the computer-implemented application, data communication into the test system is prevented, and only communication from the test system is enabled;
determining, by a sensor, the trusted data communication connection resulting when executing the computer-implemented application, between the reconstruction of the first computer network and the second computer network, in the test system, wherein a type of data communication connection of the computer-implemented application is determined, and wherein a communication characteristic is determined from the type of data communication connection of the computer-implemented application;
deriving a configuration rule for the access protection system for permitting the data communication connection of the computer-implemented application between the first computer network and the second computer network on the basis of the trusted data communication connection determined by the sensor in the test system, including the type of data communication connection and the communication characteristic, wherein the configuration rule is derived in such a manner that, according to the configuration rule, only trusted and/or permitted data communication connections of the computer-implemented application are permitted via the access protection system and further data traffic is not permitted;
and
outputting the configuration rule for configuring the access protection system.