Method and system for disclosing at least one cryptographic key

文档序号：991705 发布日期：2020-10-20 浏览：6次中文

阅读说明：本技术 用于公开至少一个密码学密钥的方法和系统 (Method and system for disclosing at least one cryptographic key ) 是由 R·法尔克 S·弗里斯于 2019-01-16 设计创作，主要内容包括：用于公开至少一个密码学密钥(KK)的方法以及一种相应系统,所述密码学密钥被用于对第一通信参与者(101)与第二通信参与者(103)之间的至少一个通信连接(110)进行加密,其中：-所述通信参与者(101、103)其中至少一个通信参与者在发布-订阅服务器(120)登记为发布单元(P1)并且至少一个监控装置(130、131)在发布-订阅服务器(120)登记为订阅单元(S1),和在通过发布单元(P1)对密码学密钥(KK)进行接下来的协定的情况下,自动地：-由发布单元(P1)来提供所协定的密码学密钥(KK)给发布-订阅服务器(120)；-由发布-订阅服务器(120)将所协定的密码学密钥(KK)传送给至少一个订阅单元(S1),并且-由订阅单元(S1)利用密码学密钥(KK)来对被加密的通信连接(110)进行解密。(Method for disclosing at least one cryptographic key (KK) which is used for encrypting at least one communication connection (110) between a first communication partner (101) and a second communication partner (103), and corresponding system, wherein: -at least one of the communication partners (101, 103) is registered as a publication unit (P1) at the publish-subscribe server (120) and at least one monitoring device (130, 131) is registered as a subscription unit (S1) at the publish-subscribe server (120), and in case of a following agreement of the cryptographic key (KK) by the publication unit (P1), automatically: -providing the agreed cryptographic key (KK) by the publishing unit (P1) to the publish-subscribe server (120); -transmitting, by the publish-subscribe server (120), the agreed cryptographic key (KK) to at least one subscribing unit (S1), and-decrypting, by the subscribing unit (S1), the encrypted communication connection (110) using the cryptographic key (KK).)

1. Method for disclosing at least one cryptographic key (KK) which is used for encrypting at least one communication connection (110) between a first communication partner (101) and a second communication partner (103),

wherein:

-at least one of the communication participants (101, 103) is registered as a publication unit (P1, P2) at the publish-subscribe server (120) and at least one monitoring device (130, 131) is registered as a subscription unit (S1) at the publish-subscribe server (120), and

in the event of a subsequent agreement on the cryptographic key (KK) by the issuing unit (P1, P2) upon a communication connection (110) being established between the first and the second communication partner (101, 103), automatically:

-providing the agreed cryptographic key (KK) to the publish-subscribe server (120) by a publishing unit (P1);

-transmitting, by said publish-subscribe server (120), said agreed cryptographic key (KK) to said at least one subscription unit (S1), and

-decrypting the encrypted communication connection (110) by the subscription unit (S1) using the cryptographic key (KK).

2. Method according to claim 1, wherein the agreed cryptographic key (KK) is provided by the issuing unit (P1) only for communication connections (110) which meet at least one predefined criterion.

3. The method according to claim 2, wherein as criteria use is made of: an address of a communication partner, a protocol used for the communication connection (110), a domain name of a domain name system used for the communication connection (110), a port number used, or a combination of the mentioned standards.

4. The method according to any of the preceding claims, wherein the agreed cryptographic key (KK) is provided only for communication connections (110) from or to the issuing unit (P1).

5. The method according to any of the preceding claims, wherein an integrity key is additionally provided to the publish-subscribe server (120), wherein the integrity key is used for integrity checking of the communication connection (110).

6. The method of any of the preceding claims, wherein the agreed cryptographic key (KK) is transmitted to the subscribing unit (S1) immediately after establishing the communication connection (110).

7. The method according to any of claims 1 to 5, wherein the agreed cryptographic key (KK) is transmitted to the subscribing unit (S1) only after a predetermined duration has elapsed after the communication connection (110) has been established.

8. The method according to any of the preceding claims, wherein a binding value of the at least one cryptographic key (KK) is provided or transmitted.

9. Method according to any of the previous claims, wherein said cryptographic key (KK) is provided in an encrypted manner with a Transmission Key (TK) different from said cryptographic key (KK).

10. The method according to claim 9, wherein the Transmission Key (TK) is a public key or a group key of the monitoring unit (130, 131).

11. The method according to claim 9 or 10, wherein the Transport Key (TK) is transmitted to the communication partner (101) as a publishing unit (P1) via the publish-subscribe server (121) after the communication partner (101) has registered as a second subscribing unit (ST) at the publish-subscribe server (121) for allocating the Transport Key (TK) and at least one monitoring device (130) has registered as a second publishing unit (PT) at the publish-subscribe server (121) for allocating the Transport Key (TK).

12. The method according to any of the preceding claims, wherein a publish-subscribe protocol, in particular the session initiation protocol SIP, the unified architecture protocol OPC UA of the OPC foundation, the extensible messaging and presence protocol XMPP, the advanced message queuing protocol AMQP or the message queuing telemetry transport protocol MQTT, is used for disclosing the cryptographic keys.

13. System for disclosing at least one cryptographic key (KK), wherein the cryptographic key is used for encrypting at least one communication connection (110) between a first communication partner (101) and a second communication partner (103), wherein the system comprises at least one first communication partner (101), at least one second communication partner (103), at least one monitoring device (130, 131) and a publish-subscribe server (120), wherein the system comprises a plurality of cryptographic keys (KK) and a plurality of cryptographic

-the at least one monitoring device (130, 131) is configured such that, upon registration as a subscription unit (S1) at the publish-subscribe server (120), the agreed cryptographic key (KK) is received from the publish-subscribe server (120) and the encrypted communication connection (110) is decrypted using the cryptographic key (KK);

-at least one of the communication partners (101, 103) is configured to register as a publication unit (P1, P2) at the publish-subscribe server (120), and

-providing the agreed cryptographic key (KK) to a publish-subscribe server (120) with each subsequent agreement on the cryptographic key (KK) when establishing a communication connection (110) between the first and the second communication participants (101, 103);

-the publish-subscribe server (120) is configured to transmit the agreed cryptographic key (KK) to a monitoring device (130, 150).

14. The system of claim 13, wherein the system is configured to implement the method of claims 1-12.

15. The system according to claim 13 or 14, wherein the at least one communication participant (101, 103), the monitoring unit (130, 131) and the publish-subscribe server (120, 121) are configured such that a topic-based publish-subscribe method is performed.

16. The system according to any one of claims 13 to 15, wherein the monitoring device (130) is arranged within the communication connection (110).

17. The system according to any one of claims 13 to 15, wherein a connection device (150) is arranged within the communication connection (110) and the monitoring device (131) is constructed as a unit physically separate from the connection device (150) and is connected with the connection device (150).

18. Computer program product directly loadable into the memory of a digital computer, comprising program code portions adapted for performing the steps of the method according to any of claims 1 to 12.

Technical Field

The invention relates to a method, a system and a computer program product for disclosing at least one cryptographic key, wherein the key is used for ensuring a communication connection between a first communication partner and a second communication partner.

Background

Sensitive control and monitoring data are often transmitted via data networks in industrial installations and automation systems. To protect these data in transmission, for example, security protocols such as IPsec/IKEv2 or MACsec are used and in particular the transport layer security protocol TLS is used. In this case, the authenticity of the communication partner is verified and interception and manipulation of the communication connection is prevented depending on the configuration of the protocol. In this regard, a cryptographic key, for example a session key, is usually agreed upon when establishing a connection, with which the transmitted data is encrypted.

On the other hand, however, the following requirements also exist: industrial facilities are monitored, for example, in order to be able to diagnose faulty functions or also faulty management. In some applications there are also requirements that: the control communication is recorded in a "black box recorder" in order to be able to explain the damage process in the event of an accident. There may also be requirements that: and recording the flow of the production process. There is therefore also a need, in particular in industrial automation and control systems, for: a cryptographically protected and in particular encrypted communication connection is monitored.

To meet these requirements, it is possible to transmit control data in an unprotected manner for these applications. The communication can then be monitored, but is no longer protected from third party eavesdropping, let alone manipulation.

It is also known that: for example, in conjunction with the transport layer security protocol (TLS) version 1.2, the so-called Integrity-Only encryption suite is used. Such Integrity-Only cryptographic suites protect the Integrity of the transmitted data Only and ensure the authenticity of the communication partner. However, the confidentiality of the data is not protected, since the useful data is transmitted as plain text, i.e. without encryption. Thus, cryptographically protected communications can be monitored. However, the communication is not encrypted at all, so that the communication can be eavesdropped by any third party. This solution is therefore unsuitable for the transmission of sensitive process data or for the transmission via public networks.

Furthermore, the Multi-Context (Multi-Context) TLS protocol is known. In this case, in the case of a connection set-up in which authentication and key agreement are carried out, the communication partner is signaled that an intermediate component is present. Intermediate components known to both communication partners are therefore included in the agreement of the session keying material. A portion of the session keying material is provided to these intermediate components. In this way, a given intermediate component can decrypt the encrypted data communication during the connection set-up, but the change is detected by the communication partner. This has the following advantages: these intermediate components are known for the participating communication partners and can eavesdrop on the traffic. However, this also has the following disadvantages: these intermediate components must actively participate in the agreement and this therefore leads to a temporally delayed connection set-up. On the other hand, it is also possible for unauthorized third parties to manipulate these intermediate components and thus to make the transmitted data available in the clear.

"Application Level Security for ROS-based applications", 09.10.2016, XP033012009, to DIEBER Bernhard et al, discloses a method in which communication between an Application on a system (ROS) run by a robot or ROS and an applicator of the Application is protected via a Security mechanism at the Application layer. For this purpose, a publish-subscribe server is used, which operates as an authentication (authenticating) server.

PENG WEI et al: "a secure publish/subscribe protocol for Internet of things using identity-based cryptography", 10.12.2016, XP033227673 describes an identity-based password in order to perform authentication and to establish a trust zone with improved security. In this regard, a publish-subscribe server is used, which is configured as an IoT gateway to provide encrypted communications between the publishing unit and the subscribing unit.

Disclosure of Invention

The task of the invention is therefore: the cryptographic key used for encrypting the communication connection is provided flexibly and with less time delay for monitoring the device.

This object is achieved by the measures described in the independent claims. Advantageous embodiments of the invention are shown in the dependent claims.

According to a first aspect, the invention relates to a method for disclosing at least one cryptographic key, which is used for encrypting at least one communication connection between a first communication partner and a second communication partner, wherein at least one of the communication partners is registered as a publishing unit at a publish-subscribe server and at least one monitoring device is registered as a subscribing unit at the publish-subscribe server. Upon subsequent agreement of the cryptographic key by the publishing unit, the agreed cryptographic key is automatically provided by the publishing unit to the publish-subscribe server, which transmits the agreed cryptographic key to the at least one subscribing unit and decrypts the encrypted communication connection with the cryptographic key by the subscribing unit.

The described method makes it possible to transmit the cryptographic key of the communication link to the monitoring unit and to disclose it in a simple manner. It is sufficient for the monitoring unit to register as a subscription unit at the publish-subscribe server once, so that: the communication partner who registers as a subscription unit at the publish-subscribe server decrypts all the following encrypted communication connections and can therefore convert them into plain text. Another advantage is that: a large number of communication partners and also monitoring devices for monitoring can be combined. It is not necessary for the monitoring device to be explicitly additionally integrated into the key agreement of the communication connection and therefore no or only a slight delay in the time of establishing the communication connection is caused. Different monitoring devices can also be added or removed from the monitoring flexibly. The registering of the communication participant as the issuing unit also includes: the communication participants are registered as publication units in the publish-subscribe server by third parties, for example when the publish-subscribe server is configured.

The cryptographic key is therefore disclosed via a publish-subscribe message model, in which case the publishing unit does not directly address the message, here the cryptographic key, to the actual recipient, i.e. the subscribing unit, but instead sends the message to be published for the given topic to an intermediately connected proxy unit, also referred to as a message broker or here a publish-subscribe server, without knowledge of the subscribing unit. Accordingly, the subscribing unit informs the publish-subscribe server of its interest in messages on the topic without knowing the detailed sender, i.e., the publishing unit. In the method described here, the predefined subject is the disclosure of cryptographic keys. In the present method, a message to be published containing a cryptographic key is therefore received in the publish-subscribe server from the communication partner as a publishing unit with respect to the topic "disclosure of the cryptographic key" and forwarded to the monitoring unit which has registered as a subscribing unit for this topic.

In an advantageous embodiment, the agreed cryptographic key is provided only by the issuing unit for a communication link which meets at least one predefined criterion.

By means of the predefined criteria, the monitoring can be flexibly adapted to different requirements. Monitoring can thus be reduced to a specific communication connection, so that the public situation can be reduced to a minimum.

In an advantageous embodiment, the address of the communication partner, for example the IP address, the protocol used for the communication connection, the domain name of the domain name system used for the communication connection, the port number used or a combination of the mentioned criteria is used as a criterion.

Thus, the disclosure of cryptographic keys may be limited to a specific application, a specific communication partner or also to a communication provider.

In an advantageous embodiment, the agreed cryptographic key is provided only for the communication connection from or to the issuing unit.

This enables the communication participants to be monitored in a targeted manner for incoming or outgoing communication links.

In an advantageous embodiment, an integrity key is additionally provided to the publish-subscribe server, wherein the integrity key is used for integrity checking of the communication connection.

This has the following advantages: in particular, an integrity check of the communication connection can also be performed.

In an advantageous embodiment, the agreed cryptographic key is transmitted to the subscribing unit immediately after the communication connection has been established or only after a predetermined time duration has elapsed.

Thus, for example, a communication connection can only be monitored in a time-shifted manner or after the end of the current communication connection. Therefore, communication connections with highly sensitive data can only be decrypted and monitored with a time offset. On the other hand, flexible operation of time-critical transmitted data is enabled.

In an advantageous embodiment, a binding value (Bindungswert) of the at least one cryptographic key is provided or transmitted.

The binding value, often also referred to as a commitment value, may be, for example, a hash value of a cryptographic key.

This has the following advantages: it can be checked whether both communication partners actually obtain the same key. However, the key component transmitted in the case of a Diffie Hellman key exchange (schlusselkonente) can also be used as commitment value.

In an advantageous embodiment, the cryptographic key is provided or transmitted in an encrypted manner using a transmission key different from the cryptographic key, in particular a public key or a group key of the subscription unit.

The use of a transport key has the following advantages: such that authorization for access to the current cryptographic key is separate from distribution via the publish-subscribe server. Thus, for example, the authorization for accessing the current cryptographic key can be made dependent on the availability of the respective public key or group key in the communication partner. Thus, even if the monitoring device subscribes to the publish-subscribe server, it can use the cryptographic key only if the communication partner encrypts it with its corresponding public key. In the case of a group key as a transmission key, the monitoring device can only monitor the communication link of the communication partner who uses the same group key as the monitoring device.

In an advantageous embodiment, the transmission key is transmitted to the communication partner as a publishing unit via the publish-subscribe server after the communication partner has registered as a second subscribing unit at the publish-subscribe server for assigning the transmission key and the at least one monitoring device has registered as a second publishing unit at the publish-subscribe server for assigning the transmission key.

This has the following advantages: no different distribution mechanism is required for distributing the public key and the transport key. The distribution of the transmission key can be flexibly designed similarly to the distribution of the public key.

In an advantageous embodiment, for the disclosure of the cryptographic keys, a publish-subscribe protocol, in particular the session initiation protocol SIP, the unified architecture protocol OPC-UA of the OPC foundation, the extensible messaging and presence protocol XMPP, the advanced message queue protocol AMQP or the message queue telemetry transport protocol MQTT are used.

This has the following advantages: a widely used protocol is provided for performing the method, which also supports the publish and subscribe process.

Another aspect of the invention relates to a system for disclosing at least one cryptographic key used for encrypting at least one communication connection between a first communication partner and a second communication partner, comprising at least one first communication partner, at least one second communication partner, at least one monitoring device and a publish-subscribe server, wherein

-the at least one monitoring device is configured such that, when the publish-subscribe server registers as a subscription unit, it receives the agreed cryptographic key from the publish-subscribe server and decrypts the encrypted communication connection using the cryptographic key (KK);

-at least one of the plurality of communication participants is configured to register as a publication unit at a publish-subscribe server, and

-providing the agreed cryptographic key to the publish-subscribe server with each subsequent agreement on the cryptographic key; and is

The publish-subscribe server is configured to transmit the agreed cryptographic key to the monitoring device.

In an advantageous embodiment, the system is designed such that the method is carried out according to the method described.

In an advantageous embodiment, the at least one subscription unit, the at least one publication unit and the publish-subscribe server are configured to execute a topic-based publish-subscribe method.

This has the following advantages: one or more publish-subscribe servers can perform multiple publish-subscribe methods. This means that: the subscribing unit is capable of subscribing to a plurality of topics and obtaining information accordingly from communication participants registered as publishing units for that topic. On the other hand, the communication participants may be registered as subscribing units or publishing units for different topics. In this way, the assignment of the cryptographic keys and the assignment of the transmission keys can be carried out, for example, in opposite transmission directions between the communication partner and the monitoring unit.

In an advantageous embodiment, the monitoring device is arranged within the communication link.

In an advantageous embodiment, the connection device is arranged within the communication connection and the monitoring device is designed as a physically separate component from the connection device (150) and is connected to the communication device.

This has the following advantages: a plurality of connection devices can be connected to one or a small number of monitoring devices and thus enables the monitoring of the communication connections conducted via the various connection devices to be monitored centrally.

Another aspect of the present invention relates to a computer program product directly loadable into the memory of a digital computer, comprising program code portions adapted to perform the steps of the described method.

Drawings

Embodiments of the system according to the invention and of the method according to the invention are shown by way of example in the drawings and are further elucidated on the basis of the description that follows. Wherein:

fig. 1 shows a first embodiment of a system according to the invention in a block diagram;

fig. 2 shows a second exemplary embodiment of a system according to the invention in a block diagram with a monitoring device outside the communication link;

fig. 3 shows in a block diagram a third embodiment of the system according to the invention, comprising a public transmission key;

fig. 4 shows a first embodiment of the method according to the invention in the form of a message flow diagram, and

fig. 5 shows a second exemplary embodiment of the method according to the present invention for disclosing a transmission key as a message flow diagram.

Detailed Description

The devices described in the following, for example communication partners, monitoring devices or publish-subscribe servers, can be implemented in hardware or software technology or in a combined manner as a hardware-software design. In the case of an implementation in hardware technology, the respective unit can be designed as a device or as a part of a device, for example as a computer or microprocessor or control computer. In the case of implementation in software technology, the respective units can be constructed as computer program products, functions, routines, parts of program code or executable objects. In the case of implementation in the form of hardware-software cooperation design techniques, the respective unit can be configured in part as a device or as a part of a device, for example as a computer or microprocessor or control computer, and in part as a computer program product. A function, a routine, a portion of program code, or an executable object.

The system 100 shown in fig. 1 represents, for example, an industrial installation, such as a traffic safety network or an automation system, in which the communication partners 101, 102, 103 exchange data via an internal private communication network 141 or also via a public communication network 140. For transmitting data, in particular security protocols are used, such as the transport layer security protocol TLS or the datagram transport layer security protocol DTLS or security protocols such as IPsec/IKEv2 or MACsec. The communication partners 101 and 102 can be configured, for example, as field devices of an automation system. The communication participant 103 may, for example, be an outsourced device that provides services to the system 100. For the exchange of data, a communication connection 110 is established between the first communication partner 101 and the second communication partner 103, as an example, by means of a security protocol. Is transmitted encrypted via the communication connection 110 in order to prevent manipulation and eavesdropping of the communication. The monitoring unit 130 of the system 100 is configured in such a way that the encrypted communication link 110 is decrypted and provided for storage or further evaluation.

In general, when a communication connection is established, a cryptographic key KK, for example a session key, is determined by means of a security protocol, with which the data to be transmitted are encrypted. The cryptographic key KK of the monitoring device 130 must therefore be known in order to be able to decrypt and evaluate the encrypted data.

According to the invention, the disclosure of the at least one cryptographic key KK is carried out by a publish-subscribe method, in particular a topic-based publish-subscribe method. In this regard, at least one of the communication partners 101 and 103 of the communication link 110, here only the communication partner 101, is configured in such a way that it registers as a publication unit P1 at the publish-subscribe server 120. These communication participants may also be registered at the publish-subscribe server 120 or pre-configured at the publish-subscribe server 120 by third parties. The communication device 101, which is designed as a publishing unit P1, is designed to forward the at least one cryptographic key, i.e. the cryptographic key, to the publish-subscribe server 120 in a defined key-publishing Event, the so-called Event.

One or more monitoring units, in fig. 1 monitoring unit 130, are configured to register as subscribing units, in this case subscribing unit S1, at publish-subscribe server 120. The publish-subscribe server 120 is here so configured as to communicate data between the publish unit P1 and the subscribe unit S1.

Preferably, the monitoring device and the at least one communication participant are registered with the publish-subscribe server 120 for a certain topic. By this theme is specified: what information or message should be transmitted, here for example the cryptographic key KK. In the present case, this publish-subscribe topic is, for example, "public cryptography key KK". In the example shown, the cryptographic key KK is thus transmitted by the publishing unit P1 to the publish-subscribe server 120, see arrow 105. In the publish-subscribe server 120, the cryptographic key KK is transmitted to the subscription unit S1, i.e. the monitoring device 130, in accordance with predefined criteria and criteria for the communication connection, such as forwarding of time delays, see arrow 106. These criteria are, for example, the connection protocol or address used to establish the communication connection, here, for example, an IP address or MAC address, or a port number of the communication partner 103 or an addressed DNS server name, or also the authority of one of these partners participating in the respective communication.

The communicating party 101 registered as the publishing unit P1, after registering once as the publishing unit P1, automatically transmits the agreed cryptographic key KK to the publish-subscribe server 120 each time a connection setup is subsequently made.

The monitoring device 130 can be constructed, for example, in a firewall, via which the communication connection 110 is routed to the communication partner 103 connected via the public network 140.

Furthermore, the publish-subscribe server 120 may be provided with only an encryption key, or additionally an integrity key, which is used for encrypting data to be transmitted over the communication connection 110, wherein the integrity key is used for integrity checking of the communication connection. The agreed-upon cryptographic key KK may also be provided only for communication connections 110 originating from the issuing unit P1 or only for incoming issuing units P1 or for outgoing and incoming communication connections 110.

It is also possible to: instead of the real cryptographic key KK, a bound value of the key, often also referred to as a commit value, is transmitted. The binding value may be, for example, a hash value of the cryptographic key KK. The true cryptographic key is only transmitted to the issue unit S1 at a later point in time. From this binding key it can be checked whether the correct cryptographic key KK is provided afterwards. Thus, the third party can check whether not only the publish-subscribe server but also the subscribing unit actually obtained the same key. The third party may for example be a verification device, which is used for auditing or recording.

Fig. 2 shows a system 200 in which the monitoring device 131 is not arranged directly within the communication connection 110. The monitoring apparatus 131, which is registered as the publication unit S1 at the publish-subscribe server 120 as a recipient of the cryptographic key in the system 200, is connected to the connection apparatus 150. The connection device 150 is arranged within the communication link 110 and forwards encrypted data of the communication link 110. The monitoring unit 150 here comprises, for example, a mirror output 151, which copies and forwards the encrypted data transmitted over the communication connection 110 to the monitoring unit 131. The cryptographic key KK is here transmitted by the publish-subscribe server 120 to the monitoring unit 131 as subscription unit S1, see arrow 107. This may be done via a separate connection between the publish-subscribe server 120 and the monitoring device 131. However, the cryptographic key may also be transmitted by the publish-subscribe server 120 to the monitoring device 131 via the connecting device 150. In this case, this cryptographic key KK can be forwarded to the monitoring apparatus 131 via the mirror output 151.

In the system 200 there is additionally a second communication participant 103 registered as a publication unit P2 at the publish-subscribe server 120. In this case, the second communication partner 103 also issues cryptographic keys or components of the cryptographic key KK agreed on for the communication connection 110 that are known to the second communication partner. Both the first communication partner 101 and the second communication partner 103 are registered as publishing units P1, P2, so that it is also possible to transmit only the component of the cryptographic key KK to the subscribing unit S1. The subscription unit S1 can determine the cryptographic key KK used in the communication connection 110 itself from the transmitted component. For example, the components of the transmitted cryptographic key KK may be encrypted components exchanged in the Diffie-Hellman encryption method (versaslelungskomponent).

Fig. 3 shows a system 300, which corresponds to the system 100 in fig. 1. The first communication partner 101 registers here as a publish unit P1 at the publish-subscribe server 120. The monitoring unit 130 is disposed within the communication connection 110 to be monitored and registered as a subscription unit S1 at the publish-subscribe server 120.

A second publish-subscribe server 121 is additionally disposed in the system 300 in addition to the publish-subscribe server 120 to be configured for public transport keys. The publish-subscribe server 121 is configured correspondingly to the publish-subscribe server 120 already described, but implements a publish-subscribe method for the second topic, i.e. "exchange of transmission keys between the first communication partner 101 and the monitoring unit 130". The monitoring device 130 registers in the publish-subscribe server 121 as a second publish unit PT for a second topic, whereas the first communication partner 101 registers in the publish-subscribe server 121 as a second subscribe unit ST for a second topic. The monitoring device 130 issues the transmission key TK in the following manner: the monitoring device 130 transmits the transmission key to the publish-subscribe server 121, see arrow 108. In the event of an event set up in the publish-subscribe server 121, the publish-subscribe server 121 transmits the transmission key TK to the first communication partner 101, see arrow 109. Such an Event, also referred to as Event, is, for example, a registration of the first communication partner 101 with the publish-subscribe server 120 for the topic "publish cryptographic key KK".

In an advantageous embodiment, the publish-subscribe server 121 and the publish-subscribe server 120 are configured to be integrated in the same hardware. The communicating subscriber 101 as a second subscribing unit ST thus automatically obtains the transport key TK of the monitoring unit 130 as a publishing unit PT. If the monitoring apparatus 130 changes the transport key TK, the transport key is therefore transmitted again from the monitoring apparatus 130 as the second publishing unit PT to the publish-subscribe server 121.

Fig. 4 now shows the described method by means of a message flow of the publish-subscribe protocol, which controls the transmission of the information required for this purpose. As a publish-subscribe protocol, for example, the session initiation protocol SIP, the uniform architecture protocol of the OPC foundation, also known for short as OPC UA, the extensible messaging and presence protocol XMPP or the advanced message queue protocol AMQP or MQTT can be used for carrying out these method steps.

In the publish-subscribe server 120, in a first method step M0, the first communication participant 101 registers as a publishing unit P1 with respect to the publish-subscribe topic "cryptographic key" sublkk. This can take place actively via the message exchange M0, as is illustrated in fig. 4 by the dashed arrow. The first communication participant 101 may also be configured to register with the publish-subscribe server 120 as a publish unit P1. In the case where the communicating party is actively registered at the publish-subscribe server 120, it may be advantageous to dynamically add publication units or also de-register publication units without additional configuration to the publish-subscribe server 120.

In step M1, the monitoring apparatus 130 registers as a subscription unit S1 with respect to publishing the subscription topic "cryptographic key" sublkk at the publish-subscribe server 120. Next, in step M2, during the establishment of the communication connection, for example via the TLS protocol, authentication and key agreement is carried out between the first communication partner 101 and the second communication partner 103. The cryptographic key KK negotiated here can be, for example, a session key and is known to the two communication partners 101, 103. In step M3, the first communication partner 101, which is registered in the publish-subscribe server 120 as a publish unit P1, transmits the agreed cryptographic key KK to the publish-subscribe server 120, for example, with an indication of the connection or session identity and the identities of the first and second communication partners. The publish-subscribe server 120 forwards the cryptographic key KK and, for example, the session identification, the identifications of the first and second communication participants 101, 103 to the monitoring device 130 as a subscribing unit S1 in the event negotiated for the publish-subscribe topic "cryptographic key", see step M4. In the monitoring unit 130, the data communication of the communication connection between the first communication partner 101 and the second communication partner 103 is now decoded and analyzed in step M5. The evaluation of the decoded data traffic can take place here directly after decoding or at a later point in time.

In order to enable the cryptographic key KK to be transmitted in a protected manner from the communication partner 101 to the publish-subscribe server 120 and from there onward to the monitoring device 130, the transmission key TK can already be transmitted from the publish-subscribe server 120 to the first communication partner 101 when registering for the publish-subscribe topic "cryptographic key" in method step M0. This is not explicitly shown in fig. 4 in order to ensure visibility. The transmission key TK may be preconfigured, for example, in the publish-subscribe server 120 for the publish-subscribe topic "cryptographic key" and in the monitoring unit 130.

Alternatively to the preconfigured transmission key TK, the transmission key TK can now be provided to the first communication partner 101, as shown in fig. 5, in relation to the publish-subscribe topic "transmission key" substk, likewise via a publish-subscribe method. Not shown here are: the monitoring means 130 is configured as a second publication unit PT in the second publish-subscribe server 121 or is dynamically registered as a second publication unit PT in the second publish-subscribe server 121. In return, the communication partner 101, 102 or 103 monitored by the monitoring apparatus 130 is allowed to register as a subscription unit ST. This is exemplarily depicted as method step N1 for the first communication partner 101 as a second subscription unit ST.

If the first transport key or the updated transport key TK is present in the monitoring unit 130, see N2, the monitoring device 130 transmits the transport key TK as a second publishing unit PT in method step N3 to the second publish-subscribe server 121. The second publish-subscribe server, upon occurrence of the event specified for the second publish-subscribe topic "transport key", forwards this transport key TK to all the second subscribing units ST, here the first communication participants 101, in step N4. If the first communication partner 101 and the communication partner 103 agree on the cryptographic key KK for the communication connection, see M2, the first communication partner 101 then uses the transmission key TK for encrypting the agreed cryptographic key KK and as an issuing unit P1 for the subject "cryptographic key" the encrypted cryptographic key KK_TKTo the first publish-subscribe server 120, see step M31. The publish-subscribe server 120 will encrypt the cryptographic key KK with the transport key TK_TKForwarded to the monitoring device 130 as subscribing unit S1, see step M41. The monitoring device 130 can now use the transmission key TK known per se to encrypt the cryptographic key KK_TKDecryption is performed and the cryptographic key KK is used for decrypting the communication connection to be monitored, see step M51. Alternatively, it is also possibleThe registration of the communicating party 101 for the publish-subscribe topic "transfer key" is carried out after the monitoring means 130 have registered (see method step M1) for the publish-subscribe topic "transfer key" with the publish-subscribe server 120.

The described method for disclosing at least one cryptographic key has the advantage that: the method should be simple to implement and may use widely used protocols as publish-subscribe protocols. A plurality of communication partners can effectively provide cryptographic keys and the communication connections of these communication partners can be monitored. At the same time, various monitoring devices can be effectively and simply incorporated for decryption and monitoring of the transmitted data. Furthermore, there is a simple possibility due to the publish-subscribe server: it is recorded which monitoring units obtained which cryptographic keys. Likewise, monitoring can be performed by a monitoring device which is not itself within the communication connection.

All the described and/or illustrated features can be advantageously combined with one another within the scope of the invention. The invention is not limited to the described embodiments.

The claims (modification according to treaty clause 19)