Authentication for licensing in an embedded system

US 8,015,409 B2
Filed: 01/26/2007
Issued: 09/06/2011
Est. Priority Date: 09/29/2006
Status: Active Grant

First Claim

Patent Images

1. An industrial automation system, comprising:

one or more processors communicatively coupled to one or more memory, the one or more memory having stored therein computer-executable instructions to implement the system, including;

at least one client license component granted by a license generating component (LGC) to permit access to a portion of an industrial control component; and

at least one client component configured to employ a protocol that is based in part on an asymmetric key exchange to facilitate authentication and access by the client to the portion of the industrial control component, wherein the protocol comprises;

the at least one client component is further configured to transmit the at least one client license component to the industrial control component;

the at least one client component is further configured to receive a device license component from the industrial control component;

the at least one client component is further configured to authenticate the device license component, and to transmit a client challenge to the industrial control component;

the at least one client component is further configured to receive a device challenge and a response to the client challenge from the industrial control component;

the at least one client component is further configured to authenticate the response to the client challenge, decode the device challenge, and transmit a response for the device challenge to the industrial control component; and

the at least one client component is further configured to receive a session response from the industrial control component indicating whether a session has been established between the at least one client device and the industrial control component.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An industrial automation system is provided. This includes at least one license component that is granted by a third party to permit access to a portion of an industrial control component. At least one protocol component that is based in part on a private key exchange facilitates authentication and access to the portion of the industrial control component.

22 Citations

View as Search Results

28 Claims

1. An industrial automation system, comprising:
- one or more processors communicatively coupled to one or more memory, the one or more memory having stored therein computer-executable instructions to implement the system, including;
  
  at least one client license component granted by a license generating component (LGC) to permit access to a portion of an industrial control component; and
  
  at least one client component configured to employ a protocol that is based in part on an asymmetric key exchange to facilitate authentication and access by the client to the portion of the industrial control component, wherein the protocol comprises;
  
  the at least one client component is further configured to transmit the at least one client license component to the industrial control component;
  
  the at least one client component is further configured to receive a device license component from the industrial control component;
  
  the at least one client component is further configured to authenticate the device license component, and to transmit a client challenge to the industrial control component;
  
  the at least one client component is further configured to receive a device challenge and a response to the client challenge from the industrial control component;
  
  the at least one client component is further configured to authenticate the response to the client challenge, decode the device challenge, and transmit a response for the device challenge to the industrial control component; and
  
  the at least one client component is further configured to receive a session response from the industrial control component indicating whether a session has been established between the at least one client device and the industrial control component.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The system of claim 1, the asymmetric key exchange is associated with at least one of a private or public key component.
  - 3. The system of claim 1, at least one of the device license component or the at least one client license component is a digital certificate.
  - 4. The system of claim 3, the digital certificate comprises at least one of a header section, a license section, or an attributes section.
  - 5. The system of claim 3, the digital certificate comprises at least one of a public key component or a digital signature component.
  - 6. The system of claim 3, the digital certificate comprises a at least one of certificate length, a certificate type, or a certificate version component.
  - 7. The system of claim 3, the digital certificate comprises at least one of a license count, a license list, a license key, or a license instance.
  - 8. The system of claim 3, the digital certificate comprises at least one of an attribute type, and attribute length, or an attribute data component.
  - 9. The system of claim 1, at least one of the industrial control component or the at least one client component comprises a revocation list that provides information indicating previously granted client and device license components that have been revoked.
  - 10. The system of claim 9, the at least one of the industrial control component or the at least one client component determines that the client license or device license component is invalid if the client license or device license component is included in the revocation list.
  - 11. The system of claim 1, the protocol further comprising at least one of a sequential number generator or a random number generator.
  - 12. The system of claim 1, the protocol further comprising a number used only one (nonce) generator to facilitate authentication, wherein the device challenge includes a nonce.
  - 13. The system of claim 1, the protocol further comprising at least one of a SHA-1 component, a concatenation component, or a random number generator.
  - 14. The system of claim 1, the protocol further comprising an asymmetric encryption or decryption algorithm.
  - 15. The system of claim 1, the protocol further comprising at least one of a challenge component, a certificate component, or a response component.

16. A non-transitory computer readable medium having computer executable instructions stored thereon to facilitate licensing in an industrial automation environment, comprising instructions for:
- obtaining a client certificate from at least one third party component, wherein the client certificate is associated with a client component;
  
  sending the client certificate to an industrial control component;
  
  receiving a device license component from the industrial control component;
  
  authenticating the device license component and transmitting a client challenge to the industrial control component;
  
  receiving a device challenge and a response to the client challenge from the industrial control component;
  
  authenticating the response to the client challenge, decoding the device challenge and transmitting a response for the device challenge to the industrial control component; and
  
  receiving a session response from the industrial control component indicating whether a session has been established with the industrial control component.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The non-transitory computer readable medium of claim 16, further comprising instructions for employing a revocation list that provides information indicated previously granted at least one of client or device certificates that have been revoked in order to authenticate the client certificate.
  - 18. The non-transitory computer readable medium of claim 16, further comprising instructions for determining that the client or device certificate is invalid if the client or device certificate is included in the revocation list.
  - 19. The non-transitory computer readable medium of claim 16, further comprising instructions for establishing a session between the client component and the industrial control component.
  - 20. The non-transitory computer readable medium of claim 16, further comprising instructions for employing a public key to validate a signature associated with the digital certificates.

21. A licensing method for industrial control components, comprising:
- obtaining a client certificate from at least one third party component, wherein the client certificate is associated with a client component;
  
  sending the client certificate to an industrial control component;
  
  receiving a device license component from the industrial control component;
  
  authenticating the device license component and transmitting a client challenge to the industrial control component;
  
  receiving a device challenge and a response to the client challenge from the industrial control component;
  
  authenticating the response to the client challenge, decoding the device challenge, and transmitting a response for the device challenge to the industrial control component; and
  
  receiving a session response from the industrial control component indicating whether a session has been established with the industrial control component.
- View Dependent Claims (22, 23, 24, 25, 26, 27)
- - 22. The method of claim 21, employing a revocation list that provides information indicated previously granted at least one of client or device certificates that have been revoked in order to authenticate the client certificate.
  - 23. The method of claim 22, determining that the client or device certificate is invalid if the client or device certificate is included in the revocation list.
  - 24. The method of claim 21, further comprising establishing a session between the client component and the industrial control component.
  - 25. The method of claim 21, further comprising employing a public key to validate a signature associated with the digital certificates.
  - 26. The method of claim 25, further comprising generating an error message if the signature is determined invalid.
  - 27. The method of claim 21, the device challenge includes a number used only one (nonce).

28. A licensing system for an industrial control environment, comprising:
- means for issuing a client certificate, wherein the client certificate is associated with a client component;
  
  means for sending the client certificate to an industrial control component;
  
  means for receiving a device license component from the industrial control component;
  
  means for authenticating the device license component and transmitting a client challenge to the industrial control component;
  
  means for receiving a device challenge and a response to the client challenge from the industrial control component;
  
  means for authenticating the response to the client challenge, decoding the device challenge, and transmitting a response for the device challenge to the industrial control component; and
  
  means for receiving a session response from the industrial control component indicating whether a session has been established with the industrial control component.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Rockwell Automation Technologies Incorporated (Allen-Bradley Co., Inc.)
Original Assignee
Rockwell Automation Technologies Incorporated (Allen-Bradley Co., Inc.)
Inventors
Perrotto, Nicholas L. Jr., Schulz, Glenn B., Wilkinson, John C. Jr., Visoky, Jack M., Meeker, James A., Tambascio, Kevin M., Kalan, Michael D., Jasper, Taryl J.
Primary Examiner(s)
Truong; Thanhnga B
Assistant Examiner(s)
HOLMES, ANGELA R

Application Number

US11/627,477
Publication Number

US 20080082449A1
Time in Patent Office

1,684 Days
Field of Search

705/59, 713/171, 713/173, 713/175, 713/168, 713/182, 713/189, 713/156, 717/177
US Class Current

713/173
CPC Class Codes

H04L 63/0442   wherein the sending and rec...

H04L 63/0823   using certificates cryptogr...

H04L 9/0825   using asymmetric-key encryp...

H04L 9/3247   involving digital signatures

H04L 9/3263   involving certificates, e.g...

H04L 9/3273   for mutual authentication n...

Authentication for licensing in an embedded system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

22 Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication for licensing in an embedded system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

22 Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links