For a secure first start-up of devices, it is often necessary to generate or set up key material for the security functions of the device. It is similarly necessary to establish specific security associations. One example is the characterization of one client apparatus on a specific other server apparatus with which a connection may successfully be set up. In the case of a secure connection, the characterization may be based on a certificate of the remote station. The aim of the characterization is to restrict the communication partners from the perspective of the client apparatus to one server apparatus or one specific group of server apparatuses. Client apparatuses may be for example a field device, an intelligent meter such as a smart meter or a smart metering gateway, an automation station or a client apparatus of a time synchronization protocol (NTP). Corresponding server apparatuses are for example, a substation control unit, a data concentrator, a power transformer operating system server or an NTP server.
A known characterization method, for example of an RFID tag on an RFID reader, is carried out by moving the RFID tag toward the RFID reader, so that the RFID tag is recognized via near field communication (NFC) by the RFID reader and vice versa. Both the tag and the reader then store the communication partner and verify the communication partner during the next connection set-up. In a further known characterization method, for example in the setting up of a virtual LAN, a fixed address or a fixed identifier of the server apparatus with which a communication is permitted is specified administratively to a client apparatus. In a third known example of a characterization method, in the case of a communication via an encrypted network connection that is set up using a Secure Shell Protocol SSH, a fingerprint of the certificate of the first connection is stored in the client apparatus. The fingerprint of a certificate is, for example, a checksum that is formed over the entire certificate. In the event of further connection set-up requests, a check is carried out via a comparison of the fingerprint of the received further certificate with the stored fingerprint of the first certificate to determine whether the same certificate is involved.
If the validity of the certificate expires or if the secret key of a server apparatus is compromised, the certificate is then replaced. Certificates may be updated or renewed, for example, by an operating system update. On the other hand, root certificates, for example, are exchanged, for example via a Trust Anchor Management Protocol (TAMP) or via a local device management. All settings and stored data may also be deleted and therefore stored certificates may also be deleted and therefore the characterization may be cancelled, for example by a manual pressing of a button on the client apparatus.
It may similarly occur that a server apparatus suddenly fails and is replaced by a different server apparatus. Similarly, a changeover of a client apparatus between two domains of an operator may be required, for example to connect a conspicuous client apparatus from a server apparatus in a live system to a server apparatus in a test system for maintenance.