Mobile device authentication
First Claim
1. A system for mobile device authentication, the system comprising:
- a public-facing server configured to interface with a mobile device; and
a secure server configured to interface with the public-facing server via a perimeter network;
and an authorization station configured to interface with the secure server via a control system network, the authorization station comprising processing circuitry configured to;
establish authorization limits for the mobile device;
generate an authentication key associated with the authorization limits;
provide the authentication key and an identifier of the mobile device to the secure server;
generate an authorization code comprising an encoded version of the authentication key and an address of the public-facing server; and
provide the authorization code to the mobile device to establish authentication for the mobile device to receive data from the control system network as constrained by the authorization limits;
wherein the public-facing server is configured to;
receive a request from the mobile device, perform an initial authentication check of the request, forward the request to the secure server based on determining that the request passes the initial authentication check of the request, and return the data to the mobile device;
wherein the authorization code is provided to the mobile device by a visual indication detectable by a camera of the mobile device.
2 Assignments
0 Petitions
Accused Products
Abstract
One aspect of the invention is a system for mobile device authentication. The system includes a public-facing server configured to interface with a mobile device. The system also includes a secure server configured to interface with the public-facing server and an authorization station. The authorization station includes processing circuitry configured to establish authorization limits for the mobile device and generate an authentication key associated with the authorization limits. The processing circuitry is further configured to provide the authentication key and an identifier of the mobile device to the secure server, and generate an authorization code including an encoded version of the authentication key and an address of the public-facing server. The processing circuitry is also configured to provide the authorization code to the mobile device to establish authentication for the mobile device to receive data from a control system network as constrained by the authorization limits.
-
Citations
14 Claims
-
1. A system for mobile device authentication, the system comprising:
-
a public-facing server configured to interface with a mobile device; and
a secure server configured to interface with the public-facing server via a perimeter network;and an authorization station configured to interface with the secure server via a control system network, the authorization station comprising processing circuitry configured to;
establish authorization limits for the mobile device;generate an authentication key associated with the authorization limits; provide the authentication key and an identifier of the mobile device to the secure server; generate an authorization code comprising an encoded version of the authentication key and an address of the public-facing server; and provide the authorization code to the mobile device to establish authentication for the mobile device to receive data from the control system network as constrained by the authorization limits; wherein the public-facing server is configured to;
receive a request from the mobile device, perform an initial authentication check of the request, forward the request to the secure server based on determining that the request passes the initial authentication check of the request, and return the data to the mobile device;wherein the authorization code is provided to the mobile device by a visual indication detectable by a camera of the mobile device. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for mobile device authentication, the method comprising:
-
establishing, by processing circuitry of an authorization station, authorization limits for a mobile device, wherein the authorization station interfaces with a secure server via a control system network, the secure server interfaces with a public-facing server via a perimeter network, and the public-facing server interfaces with the mobile device; generating, by the processing circuitry, an authentication key associated with the authorization limits; providing the authentication key and an identifier of the mobile device to the secure server; generating an authorization code comprising an encoded version of the authentication key and an address of the public-facing server; and providing the authorization code to the mobile device to establish authentication for the mobile device to receive data from the control system network as constrained by the authorization limits; wherein the authorization limits comprise one or more of;
access to plant summary data, access to device maintenance data, access to plant documentation, access to specific sets of control system set points, ability to change at least one of the control system set points, and access to maintenance logs;wherein the authorization code is provided to the mobile device by a visual indication detectable by a camera of the mobile device. - View Dependent Claims (8, 9, 10, 11)
-
-
12. A computer program product for mobile device authentication, the computer program product including a non-transitory computer readable medium storing instructions for causing processing circuitry to implement a method, the method comprising:
-
establishing authorization limits for a mobile device; generating an authentication key associated with the authorization limits; providing the authentication key and an identifier of the mobile device to a secure server; generating an authorization code comprising an encoded version of the authentication key and an address of a public-facing server; and providing the authorization code to the mobile device to establish authentication for the mobile device to receive data from a control system network as constrained by the authorization limits; wherein the authorization limits comprise one or more of;
access to plant summary data, access to device maintenance data, access to plant documentation, access to specific sets of control system set points, ability to change at least one of the control system set points, and access to maintenance logs;wherein the authorization code is provided to the mobile device by a visual indication detectable by a camera of the mobile device. - View Dependent Claims (13, 14)
-
Specification