METHOD AND SYSTEM FOR ACCESSING DEVICES IN A SECURE MANNER
First Claim
1. Method of accessing a system device of an industrial control system, comprising:
- issuing, by a ticket server, an access ticket with a user'"'"'s access rights to the system device;
granting, by the system device, user access to the system device according to the access rights;
storing the access ticket and a user credential on a mobile memory;
physically moving and coupling the mobile memory to an authenticating device;
authenticating the user by the authenticating device, based on the user credential stored on the mobile memory; and
transmitting the access rights from the mobile memory to the system device.
1 Assignment
0 Petitions
Accused Products
Abstract
The present disclosure is concerned with a secure and trustable way of accessing devices in an embedded device environment with no network connectivity to outside service. This type of access to access-critical embedded devices by a user or service technician is controlled by way of a mobile memory or access-ticket storage i.e., such as a physical token. The token can, for example, be a smartcard or USB stick with appropriate memory for storing a user credential(s) or user identification such as a password or fingerprint. In an exemplary embodiment, a user can acquire an electronic access ticket with a suitable expiration period from a centralized ticket or access authorization server before travelling to the access-critical device, or to a location communicatively connected to the latter. The access ticket can contain access rights of the user with respect to one or several access-critical devices, and can be stored on the mobile memory. The access rights can be evaluated by the access-critical devices upon authentication of the identity of the user, based on the user credential(s), by an authenticating device to which the mobile memory can be coupled.
-
Citations
16 Claims
-
1. Method of accessing a system device of an industrial control system, comprising:
-
issuing, by a ticket server, an access ticket with a user'"'"'s access rights to the system device; granting, by the system device, user access to the system device according to the access rights; storing the access ticket and a user credential on a mobile memory; physically moving and coupling the mobile memory to an authenticating device; authenticating the user by the authenticating device, based on the user credential stored on the mobile memory; and transmitting the access rights from the mobile memory to the system device. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A control system for controlling a system device of an industrial process to grant user access according to centrally managed access rights of the user, the control system comprising:
-
a ticket server for issuing an access ticket with a user'"'"'s access rights to a system device of an industrial process; mobile memory means for storing the access ticket with a user credential; and an authenticating device for coupling with the mobile memory means, for authenticating a user based on the user credential stored on the mobile memory means, and for transmitting the access rights to the system device. - View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
Specification