METHOD OF OPERATING A COMPUTER-CONTROLLED DEVICE FOR ESTABLISHING A SECURE DATA COMMUNICATION IN A DISTRIBUTED CONTROL SYSTEM OF A PASSENGER TRANSPORTATION ARRANGEMENT

摘要

A method of operating a computer-controlled first device (15) for establishing a secure data communication (23) between the computer-controlled first device (15) and a computer-controlled second device (17) in a distributed control system (27) of a passenger transportation arrangement (1) is proposed. The method comprises: (i) generating an encryption key including e.g. a key pair with a public and a private key; (ii) creating credentials in form of a certificate such as an X509 certificate based on the generated encryption key; (iii) preparing a certificate signing request CSR and dispatching the CSR to a certificate authority CA (21) via a secured data communication path (25), wherein the CA (21) is based on a public key infrastructure PKI (19) operated by an operator of the passenger transportation arrangement (1); (iv) receiving the certificate back from the CA (21), wherein the received certificate is signed by the CA (21) with a signature using a private key being a secret held by the operator of the passenger transportation arrangement (1); (v) establishing the secure data communication (23) with the computer-controlled second device (17) by transmitting the credentials to the second device (17), wherein the second device (17) accepts establishing the secure data communication (23) upon verification of the signature of the credentials, wherein the verification of the signature of the credentials is executed using a public key of the operator of the passenger transportation arrangement (1).