ONE TIME USE PASSWORD FOR TEMPORARY PRIVILEGE ESCALATION IN A ROLE-BASED ACCESS CONTROL (RBAC) SYSTEM

US 20160352752A1
Filed: 05/12/2016
Published: 12/01/2016
Est. Priority Date: 05/29/2015
Status: Active Grant

First Claim

Patent Images

1. A method of operating a computing system to facilitate temporary escalation of access privileges for a control program associated with a machine system in an industrial automation environment, the method comprising:

receiving a request from a user for a temporary access level increase to utilize protected functions of the control program;

generating an encrypted string comprising a temporary password authorized to access the protected functions of the control program;

providing the encrypted string to the user, wherein the user provides the encrypted string to an administrator and the administrator authenticates the user for the temporary access level increase, decrypts the temporary password, and provides the temporary password to the user; and

receiving from the user a login request with the temporary password authorized to access the protected functions of the control program, and responsively granting the temporary access level increase to allow the user to utilize the protected functions of the control program.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques to facilitate temporary escalation of access privileges for a control program associated with a machine system in an industrial automation environment are disclosed. In at least one implementation, a request is received from a user for a temporary access level increase to utilize protected functions of the control program. An encrypted string is generated comprising a temporary password authorized to access the protected functions of the control program. The encrypted string is provided to the user, wherein the user provides the encrypted string to an administrator and the administrator authenticates the user for the temporary access level increase, decrypts the temporary password, and provides the temporary password to the user. A login request is received from the user with the temporary password, and the temporary access level increase is responsively granted to allow the user to utilize the protected functions of the control program.

84 Citations

View as Search Results

10 Claims

1. A method of operating a computing system to facilitate temporary escalation of access privileges for a control program associated with a machine system in an industrial automation environment, the method comprising:
- receiving a request from a user for a temporary access level increase to utilize protected functions of the control program;
  
  generating an encrypted string comprising a temporary password authorized to access the protected functions of the control program;
  
  providing the encrypted string to the user, wherein the user provides the encrypted string to an administrator and the administrator authenticates the user for the temporary access level increase, decrypts the temporary password, and provides the temporary password to the user; and
  
  receiving from the user a login request with the temporary password authorized to access the protected functions of the control program, and responsively granting the temporary access level increase to allow the user to utilize the protected functions of the control program.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1 wherein generating the encrypted string comprises generating the temporary password authorized to access the protected functions of the control program and including the temporary password in the encrypted string.
  - 3. The method of claim 1 wherein generating the encrypted string comprises generating the encrypted string comprising the temporary password and the temporary access level increase requested by the user.
  - 4. The method of claim 1 wherein the control program comprises controller program code that directs an industrial controller to drive the machine system.

5. One or more computer-readable storage media having program instructions stored thereon to facilitate temporary escalation of access privileges for a control program associated with a machine system in an industrial automation environment, wherein the program instructions, when executed by a computing system, direct the computing system to at least:
- receive a request from a user for a temporary access level increase to utilize protected functions of the control program;
  
  generate an encrypted string comprising a temporary password authorized to access the protected functions of the control program;
  
  provide the encrypted string to the user, wherein the user provides the encrypted string to an administrator and the administrator authenticates the user for the temporary access level increase, decrypts the temporary password, and provides the temporary password to the user; and
  
  receive from the user a login request with the temporary password authorized to access the protected functions of the control program, and responsively grant the temporary access level increase to allow the user to utilize the protected functions of the control program.
- View Dependent Claims (6, 7)
- - 6. The one or more computer-readable storage media of claim 5 wherein the program instructions direct the computing system to generate the encrypted string by directing the computing system to generate the temporary password authorized to access the protected functions of the control program and include the temporary password in the encrypted string.
  - 7. The one or more computer-readable storage media of claim 5 wherein the program instructions direct the computing system to generate the encrypted string by directing the computing system to generate the encrypted string comprising the temporary password and the temporary access level increase requested by the user.

8. An apparatus to facilitate temporary escalation of access privileges for a control program associated with a machine system in an industrial automation environment, the apparatus comprising:
- one or more computer-readable storage media; and
  
  program instructions stored on the one or more computer-readable storage media that, when executed by a processing system, direct the processing system to at least;
  
  receive a request from a user for a temporary access level increase to utilize protected functions of the control program;
  
  generate an encrypted string comprising a temporary password authorized to access the protected functions of the control program;
  
  provide the encrypted string to the user, wherein the user provides the encrypted string to an administrator and the administrator authenticates the user for the temporary access level increase, decrypts the temporary password, and provides the temporary password to the user; and
  
  receive from the user a login request with the temporary password authorized to access the protected functions of the control program, and responsively grant the temporary access level increase to allow the user to utilize the protected functions of the control program.
- View Dependent Claims (9, 10)
- - 9. The apparatus of claim 8 wherein the program instructions direct the processing system to generate the encrypted string by directing the processing system to generate the temporary password authorized to access the protected functions of the control program and include the temporary password in the encrypted string.
  - 10. The apparatus of claim 8 wherein the program instructions direct the processing system to generate the encrypted string by directing the processing system to generate the encrypted string comprising the temporary password and the temporary access level increase requested by the user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Rockwell Automation Technologies Incorporated (Allen-Bradley Co., Inc.)
Original Assignee
Rockwell Automation Technologies Incorporated (Allen-Bradley Co., Inc.)
Inventors
Bush, Michael A., Case, Clark L., Jasper, Taryl J.

Granted Patent

US 10,075,450 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G05B 2219/24154   Password with time limited ...

H04L 63/0428   wherein the data content is...

H04L 63/0838   using one-time-passwords

H04L 63/105   Multiple levels of security

ONE TIME USE PASSWORD FOR TEMPORARY PRIVILEGE ESCALATION IN A ROLE-BASED ACCESS CONTROL (RBAC) SYSTEM

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

84 Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

ONE TIME USE PASSWORD FOR TEMPORARY PRIVILEGE ESCALATION IN A ROLE-BASED ACCESS CONTROL (RBAC) SYSTEM

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

84 Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links