METHOD AND SYSTEM FOR ACCESSING DEVICES IN A SECURE MANNER

US 20100186075A1
Filed: 03/12/2010
Published: 07/22/2010
Est. Priority Date: 09/12/2007
Status: Abandoned Application

First Claim

Patent Images

1. Method of accessing a system device of an industrial control system, comprising:

issuing, by a ticket server, an access ticket with a user'"'"'s access rights to the system device;

granting, by the system device, user access to the system device according to the access rights;

storing the access ticket and a user credential on a mobile memory;

physically moving and coupling the mobile memory to an authenticating device;

authenticating the user by the authenticating device, based on the user credential stored on the mobile memory; and

transmitting the access rights from the mobile memory to the system device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present disclosure is concerned with a secure and trustable way of accessing devices in an embedded device environment with no network connectivity to outside service. This type of access to access-critical embedded devices by a user or service technician is controlled by way of a mobile memory or access-ticket storage i.e., such as a physical token. The token can, for example, be a smartcard or USB stick with appropriate memory for storing a user credential(s) or user identification such as a password or fingerprint. In an exemplary embodiment, a user can acquire an electronic access ticket with a suitable expiration period from a centralized ticket or access authorization server before travelling to the access-critical device, or to a location communicatively connected to the latter. The access ticket can contain access rights of the user with respect to one or several access-critical devices, and can be stored on the mobile memory. The access rights can be evaluated by the access-critical devices upon authentication of the identity of the user, based on the user credential(s), by an authenticating device to which the mobile memory can be coupled.

Citations

16 Claims

1. Method of accessing a system device of an industrial control system, comprising:
- issuing, by a ticket server, an access ticket with a user'"'"'s access rights to the system device;
  
  granting, by the system device, user access to the system device according to the access rights;
  
  storing the access ticket and a user credential on a mobile memory;
  
  physically moving and coupling the mobile memory to an authenticating device;
  
  authenticating the user by the authenticating device, based on the user credential stored on the mobile memory; and
  
  transmitting the access rights from the mobile memory to the system device.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method according to claim 1, comprising:
    - signing the access ticket by the ticket server, and authenticating the access ticket by the authenticating device.
  - 3. The method according to claim 1, comprising:
    - authenticating the user by the authenticating device and distributing access rights to plural system devices connected to the authenticating device.
  - 4. The method according to claim 3, comprising:
    - accessing the system devices via the authenticating device; and
      
      encrypting communication between the authenticating device and the system devices.
  - 5. The method according to claim 1, comprising:
    - storing, on the system device, restricted access rights for emergency.

6. A control system for controlling a system device of an industrial process to grant user access according to centrally managed access rights of the user, the control system comprising:
- a ticket server for issuing an access ticket with a user'"'"'s access rights to a system device of an industrial process;
  
  mobile memory means for storing the access ticket with a user credential; and
  
  an authenticating device for coupling with the mobile memory means, for authenticating a user based on the user credential stored on the mobile memory means, and for transmitting the access rights to the system device.
- View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 7. The control system according to claim 6, wherein the authenticating device is the system device.
  - 8. The control system according to claim 6, wherein the authenticating device is an operator workstation of a substation in a substation automation system.
  - 9. The control system according to claim 8, comprising:
    - a secure station bus for accessing the system device via the operator workstation.
  - 10. The control system according to claim 6, wherein the authenticating device is a ticket distributor distributing access rights to plural system devices connected to the authenticating device.
  - 11. The control system according to claim 7, wherein the authenticating device is an operator workstation of a substation in a substation automation system.
  - 12. The control system according to claim 10, wherein the authenticating device is an operator workstation of a substation in a substation automation system.
  - 13. The control system according to claim 11, comprising:
    - a secure station bus for accessing the system device via the operator workstation.
  - 14. The control system according to claim 12, comprising:
    - a secure station bus for accessing the system device via the operator workstation.
  - 15. The control system according to claim 6, in combination with:
    - at least one system device.
  - 16. The system according to claim 6, in combination with:
    - plural system devices, each of which is an access critical device of the industrial process.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
ABB Technology AG (ABB Limited)
Original Assignee
ABB Technology AG (ABB Limited)
Inventors
Hohlbaum, Frank, Braendle, Markus

Application Number

US12/722,738
Publication Number

US 20100186075A1
Time in Patent Office

Days
Field of Search
US Class Current

726/7
CPC Class Codes

G06F 21/31   User authentication

G06F 21/32   using biometric data, e.g. ...

G06F 21/33   using certificates

G06F 21/335   for accessing specific reso...

G06F 21/34   involving the use of extern...

G06F 21/6218   to a system of files or obj...

G06F 2221/2137   Time limited access, e.g. t...

G06F 2221/2149   Restricted operating enviro...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0853   using an additional device,...

Y04S 40/20   Information technology spec...

METHOD AND SYSTEM FOR ACCESSING DEVICES IN A SECURE MANNER

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND SYSTEM FOR ACCESSING DEVICES IN A SECURE MANNER

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links