One time use password for temporary privilege escalation in a role-based access control (RBAC) system
First Claim
1. A method of operating a computing system to facilitate temporary escalation of access privileges for a machine control program associated with a machine system in an industrial automation environment, the method comprising:
- receiving, in the machine system and from a user, a login request comprising a username and password, wherein the username and the password are associated with the user and are stored on a machine authority of the machine system;
granting, via the machine system, the user an access level to utilize one or more functions of the machine control program corresponding with a role of the user;
receiving, in the machine system and from the user, a request for a temporary access level increase to utilize a protected function of the machine control program associated with the machine system, wherein the protected function corresponds with a temporary role distinct from the role of the user;
in response to the request for the temporary access level increase, generating, via the machine system, an encrypted string comprising a temporary password authorized to allow the user to access the protected function of the machine control program;
providing the encrypted string to the user, wherein the user provides the encrypted string to an administrator and the administrator authenticates the user for the temporary access level increase, decrypts the temporary password, and provides the temporary password to the user;
receiving, in the machine system and from the user, an elevated login request comprising the username and the temporary password authorized to allow the user to access the protected function of the machine control program; and
responsive to receiving the elevated login request, granting, via the machine system, the temporary access level increase to allow the user to utilize the protected function of the machine control program.
1 Assignment
0 Petitions
Accused Products
Abstract
Techniques to facilitate temporary escalation of access privileges for a control program associated with a machine system in an industrial automation environment are disclosed. In at least one implementation, a request is received from a user for a temporary access level increase to utilize protected functions of the control program. An encrypted string is generated comprising a temporary password authorized to access the protected functions of the control program. The encrypted string is provided to the user, wherein the user provides the encrypted string to an administrator and the administrator authenticates the user for the temporary access level increase, decrypts the temporary password, and provides the temporary password to the user. A login request is received from the user with the temporary password, and the temporary access level increase is responsively granted to allow the user to utilize the protected functions of the control program.
30 Citations
20 Claims
-
1. A method of operating a computing system to facilitate temporary escalation of access privileges for a machine control program associated with a machine system in an industrial automation environment, the method comprising:
-
receiving, in the machine system and from a user, a login request comprising a username and password, wherein the username and the password are associated with the user and are stored on a machine authority of the machine system; granting, via the machine system, the user an access level to utilize one or more functions of the machine control program corresponding with a role of the user; receiving, in the machine system and from the user, a request for a temporary access level increase to utilize a protected function of the machine control program associated with the machine system, wherein the protected function corresponds with a temporary role distinct from the role of the user; in response to the request for the temporary access level increase, generating, via the machine system, an encrypted string comprising a temporary password authorized to allow the user to access the protected function of the machine control program; providing the encrypted string to the user, wherein the user provides the encrypted string to an administrator and the administrator authenticates the user for the temporary access level increase, decrypts the temporary password, and provides the temporary password to the user; receiving, in the machine system and from the user, an elevated login request comprising the username and the temporary password authorized to allow the user to access the protected function of the machine control program; and responsive to receiving the elevated login request, granting, via the machine system, the temporary access level increase to allow the user to utilize the protected function of the machine control program. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. One or more computer-readable storage media having program instructions stored thereon to facilitate temporary escalation of access privileges for a machine control program associated with a machine system in an industrial automation environment, wherein the program instructions, when executed by a computing system, direct the computing system to at least:
-
receive, in the machine system and from a user, a login request comprising a username and password, wherein the username and the password are associated with the user and are stored on a machine authority of the machine system; grant, via the machine system, the user an access level to utilize one or more functions of the machine control program corresponding with a role of the user; receive, in the machine system, a request from the user for a temporary access level increase to utilize protected functions of the machine control program associated with the machine system, wherein the protected functions correspond with a temporary role distinct from the role of the user; in response to the request for the temporary access level increase, generate, via the machine system, an encrypted string comprising a temporary password authorized to allow the user to access the protected functions of the machine control program; provide the encrypted string to the user, wherein the user provides the encrypted string to an administrator and the administrator authenticates the user for the temporary access level increase, decrypts the temporary password, and provides the temporary password to the user; and receive, in the machine system and from the user, an elevated login request comprising the username and the temporary password authorized to allow the user to access the protected functions of the machine control program, and responsively grant, via the machine system, the temporary access level increase to allow the user to utilize the protected functions of the machine control program. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. An apparatus to facilitate temporary escalation of access privileges for a machine control program associated with a machine system in an industrial automation environment, the apparatus comprising:
-
one or more computer-readable storage media; and program instructions stored on the one or more computer-readable storage media that, when executed by a processing system, direct the processing system to at least; receive, in the machine system and from a user, a login request comprising a username and password, wherein the username and the password are associated with the user and are stored on a machine authority of the machine system; grant, via the machine system, the user an access level to utilize one or more functions of the machine control program corresponding with a role of the user; receive, in the machine system, a request from the user for a temporary access level increase to utilize a protected function of the machine control program associated with the machine system, wherein the protected function corresponds with a temporary role distinct from the role of the user; in response to the request for the temporary access level increase, generate, via the machine system, an encrypted string comprising a temporary password authorized to allow the user to access the protected function of the machine control program; provide the encrypted string to the user, wherein the user provides the encrypted string to an administrator and the administrator authenticates the user for the temporary access level increase, decrypts the temporary password, and provides the temporary password to the user; and receive, in the machine system and from the user, an elevated login request comprising the username and the temporary password authorized to allow the user to access the protected function of the machine control program, and responsively grant, via the machine system, the temporary access level increase to allow the user to utilize the protected function of the machine control program. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
-
Specification