Method and it system for transferring a software artifact from a source network to a target network

Abstract

A method for transferring software artifacts from a source network (QN) into a target network (ZN), wherein a proxy system (PS) is arranged between the target and source network, wherein the proxy system (PL) comprises plug-ins (PL), wherein the transfer is controlled on the target network side, wherein an information structure (WL) is provided inside the target network, wherein the information structure contains entries, wherein each entry respectively characterizes a software artifact, the download of which is permitted by an operator of the target network (ZN), by means of the plug-ins (PL): - reading an entry from the information structure (WL) inside the target network, - receiving a request from the target network (WL) on the availability of a new software artifact on behalf of the source network (QN), - finding at least one matching entry to the request in the information structure (WL) inside the target network for each request, and - depending on whether at least one matching entry exists in the information structure (WL) inside the target network, either invoking the software artifact characterized in the at least one matching entry to the request, or blocking the request.

Description

Technical Field

[0001] The present invention relates to a preferred computer-executed method for transferring software artifacts from a source network to a target network, wherein a proxy system with plug-ins is arranged between the target network and the source network, and wherein the transfer is controlled on the target network side.

[0002] Furthermore, the present invention relates to the aforementioned plug-in.

[0003] Furthermore, the present invention relates to systems, particularly IT systems, in which the aforementioned plug-ins for performing the aforementioned methods can be employed. Background Technology

[0004] To realize the advantages of the digital realm, cloud computing, or especially edge computing, bridges the gap between the world of typical automated systems and the world of data processing in information technology through digital innovation.

[0005] Therefore, maintaining faster firmware and software update cycles at the edge, and bringing automated systems for mobile industrial and production facilities closer to external networks, such as the Internet and especially cloud platforms located on the Internet, which can provide all the necessary resources for the digitization of industrial and production facilities.

[0006] Existing typical security strategies are struggling against this "open" scenario. A known dilemma exists, particularly in the field of edge computing: either block the digitization of cloud integration or expose internal enterprise networks, thus increasing the attack potential on their automated systems.

[0007] Specifically, there is a great need for solutions to the following dilemma:

[0008] On the one hand, internal enterprise networks and automation systems should be protected against malware and other external intrusions. On the other hand, internal enterprise networks should be opened up for digitalization to take advantage of the rapid update cycles of edge platform firmware, edge applications, any type of configuration, and analytical models. Summary of the Invention

[0009] Therefore, the purpose of this invention is to improve the security of the internal network of an industrial or production facility that uses cloud platform resources.

[0010] According to the present invention, this objective is achieved by the method described at the beginning,

[0011] - Provides an information structure within the target network, wherein the information structure contains entries, such as multiple entries, each entry representing a software artifact. Downloading the software artifact is permitted by the operator of the target network. The transmission of the software artifact is controlled on the target network side via a plug-in.

[0012] - Read entries from the information structure within the target network.

[0013] - Represents the source network receiving requests from the target network regarding the availability of new software artifacts.

[0014] - For each request, search the information structure within the target network for at least one entry that matches the request, and

[0015] - Depending on whether there is at least one matching entry in the information structure within the target network, either invoke the software artifact represented in at least one matching request entry, or block the request.

[0016] In one implementation, it is proposed that the plugin reads entries from the information structure within the target network, receives requests from the target network on behalf of the source network regarding the availability of new software artifacts, searches for at least one matching entry in the information structure within the target network for each request, and, depending on whether there is at least one matching entry in the information structure within the target network, either invokes the software artifact represented in at least one matching entry or blocks the request.

[0017] In one implementation, the information structure within the target network is implemented in the form of files.

[0018] The aforementioned entries can be contained in files or other structures (information structures). For example, they can reside as entries in a database system or in main memory, where the database system internally divides the information into multiple files (distributed data system).

[0019] It can be proposed that the information structure within the target network is provided entirely through a computer program, which processes the corresponding instructions. Therefore, this method can be executed by a computer.

[0020] In one implementation, it is advantageous to propose that the request include the name (model, type, etc.) of the terminal device.

[0021] In one implementation, what is efficient in terms of network resources and time consumption is that the plugin merges the same requests, such as those from the same device, and applies only one request and downloads only once during the lookup.

[0022] In one implementation, it can be advantageously proposed that the provision of the information structure within the target network includes sub-steps, wherein

[0023] - Generate messages about available software artifacts in the source network and transmit them to the operator in the target network, wherein each message includes data representing at least one available software artifact.

[0024] - Each message is examined by the operator to determine whether at least one usable software artifact is expected to be downloaded from the source network.

[0025] When it is desired to download at least one available software artifact, the data representing at least one available software artifact is stored in the information structure within the target network, such that each entry represents a software artifact, wherein the information structure within the target network can preferably only be modified by the operator of the target network.

[0026] In one implementation, different messages can be communicated via different software artifacts.

[0027] Furthermore, it is effective to generate requests in the target network at preset time intervals and preferably send them to the source network or proxy system.

[0028] If a connection is established in only one direction—from the target network to the source network—and then disconnected again after the call to the software artifact, the security of the target network can be further improved.

[0029] It can be advantageously stated here that a plugin represents a software artifact downloaded to a target network. Therefore, a cloud server, for example, sees the plugin acting on behalf of an edge device within the target network.

[0030] Furthermore, it is advantageous to propose that the plugin establishes a connection between a target network, such as a client (edge ​​device) in the target network, and a server (e.g., backend) in the source network, so as to download the software artifact directly to the client.

[0031] Furthermore, it is possible to propose that the plugin transmits the downloaded software artifact to at least one device registered in the target network, such as an edge device, wherein the software artifact is preferably subsequently installed on at least one device.

[0032] If the integrity of software artifacts can be checked using plug-ins, further security measures can be taken.

[0033] In this context, what is effective is that integrity checks include signature verification of software artifacts.

[0034] Here, the signature of the downloaded software artifact file can be checked. If this optional check fails, the downloaded artifact can be deleted and an alert can optionally be generated on the client side.

[0035] Effectively, each entry should include: an identifier of the software artifact and / or a cryptographic signature of the software artifact, such as a signature hash of the file content of the software artifact; and / or a description of the time when the software artifact could be downloaded; and / or a textual description, such as a change log.

[0036] In one implementation, it is advantageous to generate a key pair consisting of a private key and a public key, wherein the private key is provided to a source network and the public key is provided to a target network, wherein the software artifact is signed in the source network (before downloading) using a signature generated by means of the private key, and the signature of the signed software artifact is verified by means of the corresponding public key on the device to which the software artifact is targeted in the target network.

[0037] Here, for example, it is possible to apply a private key separately to the signature of each software artifact.

[0038] This, for example, enables end-to-end signing of artifacts by the platform provider using the platform provider's private key to generate artifact signatures on the cloud (in the source network) before artifact download, and enables artifact verification using the public key assigned in the target network before installation at the edge.

[0039] Furthermore, what is effective is that the software artifact is encrypted before downloading and decrypted after downloading.

[0040] In this regard, for example, end-to-end encryption of software artifacts can be achieved by the platform provider using the platform provider's public key before the artifacts are downloaded in the cloud (in the source network), and decryption of software artifacts can be achieved in the target network, such as on an edge device, before installation using the assigned private key.

[0041] Effective in terms of review is to record all steps of the method, wherein each step is preferably timestamped, and the resulting record report is preferably stored in a database contained in the target network.

[0042] Furthermore, it can be advantageously suggested that the plugin at least partially records details of requests and downloads in the log data structure.

[0043] Log data structures can be defined, for example, in the form of log files and are preferably recorded in a persistent or volatile database or archive system.

[0044] Furthermore, this objective is achieved according to the present invention using a plugin of the type described above, wherein the plugin is configured for,

[0045] - Read entries from the information structure within the target network, where each entry represents a software artifact, the download of which is authorized by the operator of the target network.

[0046] - Represents the source network in receiving requests from the target network regarding the availability of new software artifacts.

[0047] - For each request, search the information structure within the target network for at least one entry that matches the request, and

[0048] - Depending on whether there is at least one matching entry in the information structure within the target network, either invoke the software artifact represented in at least one matching request entry, or block the request.

[0049] Here, the plugin can have corresponding code and the information structure inside the target network can have a structure that matches the plugin's code, so that the plugin and the information structure inside the target network match each other, and it makes it easy to read entries from the information structure inside the target network.

[0050] In one implementation, it is possible to propose that the plugin be constructed as a firewall, such as a proxy firewall (i.e., having all the functionality of a firewall), or include at least a portion of firewall rules.

[0051] Furthermore, the objective of the present invention is achieved by utilizing a system of the type described above, wherein the system includes a source network, a target network, a proxy system arranged between the target network and the source network, and an information structure within the target network, wherein the proxy system includes the aforementioned plug-in and the information structure contains entries, wherein each entry represents a software artifact, the download of the software artifact is permitted by the operator of the target network, and the system preferably includes additional components, such as software and hardware components, for implementing the steps of the aforementioned method. Attached Figure Description

[0052] The present invention will now be described and illustrated in detail with reference to the embodiments shown in the accompanying drawings. Herein are shown:

[0053] Figure 1 It is the first IT environment, and

[0054] Figure 2 It is a second IT environment.

[0055] Elements that have the same or the same function in the embodiments and drawings can be respectively provided with the same markings. Detailed Implementation

[0056] Figure 1 Examples of highly simplified information technology environments (IT environments or IT ecosystems) are shown, in which the methods according to the invention can be implemented.

[0057] The IT system 1 shown can include a source network QN, a target network ZN, and an agent system PS deployed between the target network and the source network.

[0058] For example, it can be proposed that devices registered in the target network ZN can only be accessed from the source network through the proxy system PS.

[0059] The source network QN can include a cloud computing or edge management platform that is associated with the target network ZN and, for example, manages multiple edge devices.

[0060] The target network ZN can be constructed, for example, as a local network of an automated industrial facility, particularly a production facility, and includes one or more computing units, such as IoT devices, particularly edge devices ED, which are registered in the target network. The computing units can be configured to process, collect, store, and transmit data about operation, such as the production of equipment, to the source network QN, etc. This data can be, for example, process data. The list of tasks that can be performed by the computing units is not final.

[0061] Furthermore, the target network can include one or more subnetworks (not shown here). An example of such a subnetwork could be a machine network of machines (e.g., machine tools or robots). The machine can be equipped with an integrated camera, on which image processing software can be installed.

[0062] One or more such machines can correspond to one of the aforementioned computing units (e.g., edge devices) in order to obtain data from one or more machines.

[0063] Each computing unit (ED) can connect to the agent system via one or more data transmission channels.

[0064] For example, the target network can be designed such that the computing units ED do not communicate with each other, but only with the associated machine(s) and agent system PS.

[0065] A proxy system (PS) can include one or more proxy components, each of which can be configured as a software or hardware component. Proxy components can be configured as, for example, a dedicated proxy server or a general proxy. Furthermore, proxy components can be configured as a proxy firewall.

[0066] Hardware components can be designed separately in terms of structure.

[0067] For example, the agent system PS can include individual agent components associated with all the aforementioned computing units ED. Here, these agent components can be provided by the manufacturer of the computing units ED. In one implementation, the manufacturer of the computing units ED can also be a service / platform provider SP, which provides services / platforms related to the source network QN.

[0068] For example, such a proxy component can handle the communication between the computing unit and the source network QN in the simplest case, that is, forwarding data (without filtering) from the computing unit to the source network QN and from the source network QN to the corresponding computing unit.

[0069] In addition, in order to filter and control general traffic, proxy systems (PS) can include proxy firewalls, for example.

[0070] The source network can be constructed, for example, as the Internet or a cloud. For instance, a back-end computing unit (BE) can exist in the cloud, which—from a communication technology perspective—is located near the target network (ZN). The back-end computing unit (BE) can be constructed, for example, as a back-end server, corresponding to the target network and, for example, representing the source network, receiving, processing, and managing requests from the target network. The back-end server can also be provided to the target network (ZN) as a computing resource in the cloud. Thus, it can be considered that the entire communication between the source network (QN) and the target network (ZN) runs through such a back-end server on the source network side. Furthermore, the back-end computing unit (BE) can provide the necessary software artifacts for the computing units in the target network.

[0071] The back-end computing unit (BE) can be, for example, part of the aforementioned edge computing platform, and is managed by the source network.

[0072] The target network ZN includes an internal information structure WL containing entries, such as multiple records. Each entry represents a software artifact, and the download of the software artifact is authorized by the operator (OP) of the target network ZN. This information structure can be called a "download whitelist" or simply a "whitelist".

[0073] Preferably, different entries represent different software artifacts.

[0074] Each entry may include: an identifier of the software artifact and / or a cryptographic signature of the software artifact, such as a signature hash of the file content of the software artifact; and / or a description of the point in time when the software artifact could be downloaded; and / or a textual description, such as a change log.

[0075] Software artifacts can be constructed, for example, as software packages.

[0076] Each software package can be formed distinctly differently, for example as a firmware installation file (binary file), an edge application installation file (binary file), a configuration file (JSON text file), an analysis model (PMML / Plain-XML / JSON file / archived file containing so-called TensorFlow SavedModel / continuous tuning basis / logic-based model description logic constraints, etc.), a so-called boot file containing information to enhance the edge device ED for communicating with the cloud or a specific cloud platform, etc.

[0077] Furthermore, each software package can be constructed as a pure container without any file wrapping. Containers can exist and be transported in various formats (e.g., XML, JSON, unformatted text, binary encoding). Such containers can be, for example,: JSON fragments for edge device firmware or edge applications, which may contain changes to edge-local user or status management or limit the maximum amount of working memory allowed for the edge application; lists of work instructions (so-called task information) that the corresponding edge device ED should execute, such as instructions for downloading additional information from the cloud; instructions for restarting the edge device ED or for implementing actions of connected devices (stopping the machine / configuring smart sensors / driving actuators); and instructions for performing data processing operations and / or for requesting data streams on the edge device ED and / or data already stored on the edge device.

[0078] In addition, it is possible to specify the time point at which the corresponding software artifact can be provided in each entry.

[0079] In order to control the download of software artifacts from the source network QN to the target network ZN, the agent system, such as the agent component associated with the computing unit ED, includes plug-in PL or software extension or (software) add-on module.

[0080] The plugin settings are used to read entries from the information structure WL inside the target network, representing the source network QN to receive requests from the target network ZN regarding the availability of new software artifacts. For each request, it searches for at least one entry matching the request in the information structure WL inside the target network, and depending on whether there is at least one matching entry in the information structure WL inside the target network, it either invokes the software artifact represented in the entry of at least one matching request, or blocks the request.

[0081] In one implementation, an asset or edge device (ED) in the target network can, on behalf of a server in the source network (QN), request a proxy system (PS) including a plugin (PL) for invoking software artifacts. Here, it can be proposed that each asset or edge device either sends the request to the proxy system (PS) and forwards it to the plugin (PL), or sends it directly to the plugin (PL). In communication between the proxy system (PS) (including the plugin (PL)) and the source network (QN) (cloud), only one possibility always exists: the plugin (PL) (not the proxy system (PS)) must enforce control of the connection to either the source network (QN) or the cloud.

[0082] Here, the agent system PS can be transparent or not transparent to the computing unit ED.

[0083] In one implementation, the agent system PS can apply the interface of the plug-in PL to manage, for example, starting or stopping the plug-in during its lifecycle, preferably only when the agent system PS (or agent component PK) starts or stops itself.

[0084] In one implementation, the agent system PS can be configured so that it does not have to participate in the actual communication between the target network ZN (asset or edge device ED) and the source network QN (cloud), but can only manage the plug-in PL.

[0085] In one implementation, the proxy system PS is configured to accept requests from the target network ZN (e.g., an asset or edge device ED) and forward them to the plugin PL. The plugin PL then directly handles communication with the source network QN (cloud), and downloaded artifacts are first returned to the proxy system PS, which then delivers the artifacts to the invoked asset or edge device ED. Effectively, an additional interface can be implemented in the plugin PL, through which the proxy system PS can transmit all relevant information for communication with the source network QN, such as artifact-related addresses (e.g., IP addresses and ports) in the source network QN, the syntax and semantics of the invocation in the source network QN (e.g., HTTPS requests with information for artifact identification), and security features (e.g., so-called security tokens for authentication and authorization in the source network QN).

[0086] Requests regarding the availability of new software artifacts can be generated, for example, by means of a computing unit ED. These requests can be sent directly to the agent system PS, particularly the agent component of the associated corresponding computing unit ED.

[0087] These requests can be pre-set, preferably generated at regular time intervals. For example, each edge device (ED) can send requests for new software artifacts to the agent system (PS) every hour or every day.

[0088] To invoke a software artifact, a connection can be established from the target network ZN to the source network QN. The establishment and / or detachment of this connection can also be achieved through the plugin PL, which initiates a corresponding request to a server in QN as a request to download the software artifact / multiple software artifacts. The requested software artifact can then be provided as a response to the request, provided that the requested software artifact exists in the source network QN and the plugin PL and / or the requesting edge device are correctly authorized by the requesting server in QN and granted the right to invoke the software artifact in QN.

[0089] In one implementation, a request can be designed as a request from the plugin PL to a server in the source network QN and follows, for example, a so-called "request-response" pattern.

[0090] Here, the plugin PL can first establish a request structure (e.g., an HTTPS request) containing all the information that the server in the source network QN can use to determine which software artifact is being requested; for this, the artifact's artifact ID or a sufficiently accurate description is generally sufficient. Additionally, a security feature (e.g., a JSON WebToken) can be assigned to the request. Using this security feature, the requested server in the source network QN can authenticate and authorize the plugin PL and, preferably, the asset or edge device ED that originally made the call. The server in the source network QN can thus ensure, for example, that the identifier preset by the plugin PL (and optionally by one or more edge devices ED) is correct, and that the plugin PL (and optionally by one or more edge devices ED) has the right to obtain the software artifact.

[0091] Finally, the request can be sent to a server in the origin network QN. This server can process the request, for example, after successfully checking security features (e.g., finding or generating the requested software artifact in the QN) and responding with a response (e.g., an HTTPS response).

[0092] Subsequently, the response from the server in the source network QN can be transmitted to the plugin PL and distributed from the plugin to one or more assets or edge devices according to its original request, thus enabling the aforementioned request / response protocol. For example, distribution to multiple assets, such as edge devices, can be implemented within the scope of artifact caching.

[0093] Therefore, in addition to the identification information (e.g., IDs / IDs or URLs) of the software artifact requested via the edge device ED, the plugin PL also has all the information required to actually invoke the software artifact for download from the cloud. This information can be obtained by the plugin, for example, by means of the "command" design pattern known in the prior art, such as part of the so-called "four-person" software architecture pattern.

[0094] Plug-in PLs can download software artifacts to, for example, plug-ins, agent systems, or directly to the corresponding computing units.

[0095] When downloading to the plugin or agent system PS, the plugin PL, representing the corresponding computing unit, first downloads the software artifact to the plugin or agent, and from there, regardless of the connection with QN, continues to distribute the downloaded software artifact to the corresponding computing unit.

[0096] In order to directly download software artifacts to the edge device (ED), the plugin can establish a connection between the client (ED) in the target network ZN and the server (BE) in the source network QN.

[0097] Once the software artifact arrives at the corresponding computing unit ED, it can be installed on it.

[0098] also, Figure 1 An embodiment according to the present invention is shown. Method steps are marked with arrows.

[0099] In the first step S1, a message is generated in the source network QN via an available software artifact and transmitted to the operator OP of the target network ZN.

[0100] Message transmission can be achieved, for example, through a service / platform provider (SP). All possible methods can be considered. For example, the SP can send letters, emails, push notifications, SMS messages, or similar messages to the operator (OP). Furthermore, message transmission can be automated (e.g., by linking to the OP's asset management system, such as SAP).

[0101] Each message contains data representing at least one available software artifact. It is also possible to inform the operator (OP) about multiple available software artifacts in a single message.

[0102] In the second step S2, each message is examined by the operator (OP) to determine whether it is expected to download at least one usable software artifact from the source network QN. If it is expected to download at least one usable software artifact, data representing that at least one usable software artifact is stored in a whitelist, thus making each entry a separate software artifact. The represented data can include, for example, an identifier, a cryptographic signature, and a description of the software artifact. The aforementioned checking of messages and storing entries in the whitelist WL can also be performed automatically, thereby enabling the whitelist to be automatically provided, for example, by means of a software program.

[0103] To enhance the security of the target network ZN, the operator (OP) and, preferably, personnel or software programs of the target network ZN determined by the operator, have the exclusive right to modify the whitelist (WL).

[0104] Steps S1 and S2 can form a sub-step that provides a whitelist.

[0105] In the third step S3, the plug-in PL, representing the source network QN, receives a request from the computer unit ED of the target network ZN regarding the availability of a new software artifact, which is preferably installable on the corresponding computer unit ED.

[0106] In the fourth step S4, the plugin PL accesses the whitelist WL (preferably without changing the whitelist) and compares each request with the entries in the whitelist WL to find at least one, preferably all, matching entries in the whitelist.

[0107] In step S5, the plugin PL (if consistent) calls the software artifact, which marks the matching entry or blocks the request if no consistent entry is found.

[0108] In one implementation, the plugin PL can trigger / initialize or allow the download of the software artifact, wherein the download itself can be performed by means of the agent system PS or a corresponding agent component.

[0109] In addition, the plugin can temporarily collect and store requests in the request structure, such as in the request file or the request database on the proxy system PS, or in volatile memory, and compare the request structure with the whitelist WL only after a preset time (cache timeout) or only after the request structure reaches a preset size.

[0110] In the sixth step S6, the plug-in is able to receive the software artifact (e) on behalf of the edge device ED and store it on the agent system PS, for example, in persistent memory or in volatile memory.

[0111] The stored software artifacts can be allocated to the computing unit ED by the plug-in PL in a separate step S7. This can be done in an optimized manner, for example, at a predetermined time when the machine associated with the computing unit is not running, or when the target network ZN has a low load, or at a specific time planned by the operator OP.

[0112] Furthermore, IT system 1 can have additional components (not shown) for automatically implementing all steps S1 to S8. In particular, IT system can include software with an instruction list, wherein IT system 1 implements steps S1 to S8 when these instructions are processed by one or more processors in IT system.

[0113] Figure 2 Another embodiment of the invention is shown. The following description is essentially limited to... Figure 1 The differences in implementation methods, wherein the same elements, features, method steps and functions are described in detail. Figure 1 The embodiments have already been demonstrated in the description.

[0114] Figure 2 The schematically illustrated IT environment 10 also includes a plug-in (PL) and a whitelist (WL). Here, the agent system (PS) includes an agent component (PK) capable of communicating directly (i.e., without additional intermediate components) with the computing unit (ED) and a gateway component (GW) connecting the agent component (PK) to route settings and control the amount of data transmitted between the agent component (PK) and the source network (QN). The agent component (PK) can be provided, for example, by a service or platform provider (SP) and / or by the manufacturer of the computing unit (ED). The gateway component (GW) can be provided, for example, by the operator (OP) of the target network (ZN).

[0115] The gateway component (GW) can be configured as an API gateway.

[0116] The proxy component PK includes not only the plugin PL, but also the whitelist WL. In another implementation, such as Figure 1 The whitelist WL shown can represent independent components that are preferably controlled by the operator (OP).

[0117] In order to download the permitted software artifact, the plug-in PL forwards the corresponding request to the gateway component GW (step 51), where the plug-in acts on behalf of the target network ZN and retrieves the software artifact in the back-end computing unit BE (step 52).

[0118] Before being released to the gateway component GW, the back-end computing unit BE is able to sign and / or encrypt the software artifact (step S60).

[0119] To this end, a key pair consisting of a private key and a public key can be generated, wherein the private key is provided to the source network QN, such as the backend computing unit BE, and the public key is provided to the target network ZN, such as the proxy component PK, the plug-in PL, or the computing unit ED. The software artifact can be signed in the source network QN, for example, using the signature generated by the private key, via the backend computing unit BE.

[0120] Another option is to verify the signature of the software artifact using the corresponding public key on the edge device ED in the target network ZN, where the software artifact is forwarded to the edge device via the plug-in PL.

[0121] The aforementioned key allocation describes the signing requirements for the software artifact in the source network QN and the integrity check of the signed software artifact in the target network ZN. For encryption of the software artifact, the key allocation for asymmetric encryption is the opposite. In another implementation, encrypted transmission can be achieved using symmetric encryption.

[0122] After downloading (software artifact step 71) and forwarding it to the agent component PK via the gateway component GW (step 72), the plug-in PL can check the integrity of the software artifact (step S8). Integrity checks can include, for example, verification of the software artifact's signature. This integrity check can also be performed alternatively or additionally on the edge device ED in another implementation.

[0123] Regardless of integrity checks, the agent component PK can locally cache downloaded software artifacts, enabling them to be delivered (optimized for internet compatibility) to multiple edge devices ED.

[0124] If the optional check fails, the downloaded software artifact whose signature cannot be verified can be deleted, and optionally, for example, an alarm can be generated in the target network ZN and sent to the operator OP.

[0125] If the integrity check is successful, the software artifact can be forwarded to the corresponding edge device (ED) (step S9).

[0126] The computing unit can decrypt the software artifact (step 10) after receiving it (if the software artifact is transmitted in encrypted form), and then install the software artifact.

[0127] Furthermore, it is possible to record all steps of the method, wherein each step is preferably timestamped, and the resulting record report is preferably stored in a database contained in the target network ZN.

[0128] In addition, the plugin is able to log at least partially the details of requests and downloads in the log file.

[0129] The type of examination of all details in the database can be used to assess the provability and non-repudiation of each step of the method.

[0130] Combination Figure 2 The described implementation, for example, enables end-to-end encryption of software artifacts by the platform provider SP before downloading the artifacts on the cloud using the platform provider's public key, and enables decryption by means of the private key belonging to the target network ZN, for example, between computing units ED.

[0131] also, Figure 2 The described implementations, for example, enable end-to-end integrity backup of software artifacts from the perspective of platform provider (SP) and / or operator (OP), in which the artifact is cryptographically signed before being downloaded from the cloud and its integrity is checked based on its signature (e.g., a hash value calculation of the artifact file) before being installed on an edge device (ED).

[0132] Plugins can be constructed as firewalls, such as proxy firewalls, which have all the functionalities of a firewall.

[0133] Although the invention has been set forth and described in detail with reference to preferred embodiments, the invention is not limited to the disclosed examples. Variations of the invention can be derived by those skilled in the art without departing from its scope. In particular, the described systems and plug-ins can be improved by the features described or claimed by the reference methods, and vice versa.

Claims

1. A method for transferring software artifacts from a source network (QN) to a target network (ZN), wherein, A proxy system (PS) is provided between the target network and the source network, wherein the proxy system (PS) includes a plugin (PL), wherein transmission is controlled on the target network side by means of the plugin (PL), wherein... - Provide an information structure (WL) within the target network, wherein the information structure contains entries, each entry representing a software artifact, the download of which is permitted by the operator of the target network (ZN). With the help of the aforementioned plug-in (PL): - Read the entry from the information structure (WL) within the target network. - Representing the source network (QN), receiving a request from the target network (ZN) regarding the availability of a new software artifact. Its features are, - Using the plugin, for each request, at least one entry matching the request is searched in the information structure (WL) within the target network, and - Depending on whether at least one matching entry exists in the information structure (WL) within the target network, invoke the software artifact represented in at least one matching entry of the request or block the request, wherein - To invoke the software artifact, a connection is established only in one direction from the target network (ZN) to the source network (QN), and the connection is disconnected again after the invocation.

2. The method according to claim 1, wherein, The provision of the information structure (WL) within the target network includes sub-steps, in which... - In the source network (QN), messages about available software artifacts are generated and transmitted to the operator in the target network (ZN), wherein each message includes data characterizing at least one available software artifact. - The operator (OP) examines each message to determine whether it is expected to download at least one usable software artifact from the source network (QN). When it is desired to download at least one available software artifact, the data representing at least one available software artifact is stored in the information structure (WL) within the target network, so that each entry represents the software artifact respectively.

3. The method according to claim 2, wherein, The information structure (WL) within the target network can only be modified by the operator (OP) of the target network (ZN).

4. The method according to claim 1, wherein, The request is generated in the target network (ZN) at a preset time interval and sent to the source network (QN) or the proxy system (PS).

5. The method according to any one of claims 1 to 4, wherein, The plugin (PL) represents the target network (ZN) downloading the software artifact.

6. The method according to claim 5, wherein, The plugin (PL) establishes a connection between the target network (ZN) and a server in the source network (QN) to download the software artifact.

7. The method according to claim 6, wherein, The plug-in (PL) establishes a connection between at least one device registered in the target network (ZN) and a server in the source network (QN) to download the software artifact.

8. The method according to claim 5, wherein, The plugin (PL) transmits the downloaded software artifact to at least one device registered in the target network (ZN).

9. The method according to claim 8, wherein, The software artifact is then installed on at least one of the devices (ED).

10. The method according to any one of claims 1 to 4, wherein, The software artifact is inspected for integrity using the plugin (PL).

11. The method according to claim 10, wherein, Integrity checks include signature verification of the software artifact.

12. The method according to any one of claims 1 to 4, wherein, Each entry in the information structure (WL) within the target network includes: an identifier of the software artifact and / or a cryptographic signature of the software artifact, and / or a description of the time point at which the software artifact can be downloaded, and / or a textual description.

13. The method according to claim 12, wherein, The cryptographic signature of the software artifact is the signature hash value of the file content of the software artifact, and the text description is the change log.

14. The method according to any one of claims 1 to 4, wherein, A key pair consisting of a private key and a public key is generated, wherein the private key is provided to the source network (QN) and the public key is provided to the target network, wherein the software artifact is signed in the source network (QN) using a signature generated by means of the private key, and the signature of the signed software artifact is verified on the corresponding public key on the device (ED) to which the software artifact is targeted in the target network (ZN).

15. The method according to any one of claims 1 to 4, wherein, The software artifact is encrypted before downloading and decrypted after downloading.

16. The method according to any one of claims 1 to 4, wherein, All steps of the method are recorded, each step being timestamped, and the resulting record report is stored in a database contained within the target network (ZN).

17. The method according to any one of claims 1 to 4, wherein, The plugin (PL) at least partially records details of requests and downloads in the log data structure.

18. The method according to claim 17, wherein, The log data structure is limited to log files.

19. The method of claim 17, wherein, The log data structure is recorded in a persistent or volatile database or archive system.

20. The method according to any one of claims 1 to 4, wherein, The information structure (WL) within the target network is implemented in the form of a file.

21. The method according to any one of claims 1 to 4, wherein, The entries are constructed as entries in a distributed database system.

22. The method according to claim 21, wherein, The database system is configured with an information structure for dividing the entries into multiple target networks.

23. The method according to any one of claims 1 to 4, wherein, The provision of the information structure (WL) within the network is implemented entirely through a computer program that processes the corresponding instructions.

24. The method according to any one of claims 1 to 4, wherein, The request includes the name of the terminal device.

25. The method according to claim 24, wherein, The name of the terminal device is the type or model of the terminal device.

26. The method according to any one of claims 1 to 4, wherein, When the requests are the same, the plugin merges the identical requests and applies only one request during the lookup and downloads it only once.

27. A plug-in (PL) for a proxy system (PS), wherein, The proxy system is deployed between the target network (ZN) and the source network (QN), wherein the plug-in (PL) is configured to, - Read entries from the information structure (WL) within the target network, where each entry represents a software artifact, the download of which is permitted by the operator (OP) of the target network (ZN). - Representing the source network (QN), receiving a request from the target network (ZN) to the source network (QN) regarding the availability of a new software artifact. - For each request, search for at least one entry matching the request in the information structure (WL) within the target network, and - Depending on whether at least one matching entry exists in the information structure (WL) within the target network, invoke the software artifact represented in at least one matching entry of the request or block the request. In order to invoke the software artifact, a connection is established only in one direction from the target network (ZN) to the source network (QN), and the connection is disconnected again after the invocation.

28. An IT system (1, 10) comprising a source network (QN), a target network (ZN), a proxy system (PS) deployed between the target network and the source network, and an information structure (WL) within the target network, wherein, The agent system (PS) includes a plug-in (PL) according to claim 27 and the information structure contains entries, wherein each entry represents a software artifact, the download of which is permitted by the operator (OP) of the target network (ZN), wherein the IT system includes additional components for implementing the steps of the method according to any one of claims 1 to 26.

Images