Password authentication
US-9769179-B2 · Sep 19, 2017 · US
One time use password for temporary privilege escalation in a role-based access control (RBAC) system
US10075450B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10075450-B2 |
| Application number | US-201615153663-A |
| Country | US |
| Kind code | B2 |
| Filing date | May 12, 2016 |
| Priority date | May 29, 2015 |
| Publication date | Sep 11, 2018 |
| Grant date | Sep 11, 2018 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Techniques to facilitate temporary escalation of access privileges for a control program associated with a machine system in an industrial automation environment are disclosed. In at least one implementation, a request is received from a user for a temporary access level increase to utilize protected functions of the control program. An encrypted string is generated comprising a temporary password authorized to access the protected functions of the control program. The encrypted string is provided to the user, wherein the user provides the encrypted string to an administrator and the administrator authenticates the user for the temporary access level increase, decrypts the temporary password, and provides the temporary password to the user. A login request is received from the user with the temporary password, and the temporary access level increase is responsively granted to allow the user to utilize the protected functions of the control program.
First claim
Opening claim text (preview).
What is claimed is: 1. A method of operating a computing system to facilitate temporary escalation of access privileges for a machine control program associated with a machine system in an industrial automation environment, the method comprising: receiving, in the machine system and from a user, a login request comprising a username and password, wherein the username and the password are associated with the user and are stored on a machine authority of the machine system; granting, via the machine system, the user an access level to utilize one or more functions of the machine control program corresponding with a role of the user; receiving, in the machine system and from the user, a request for a temporary access level increase to utilize a protected function of the machine control program associated with the machine system, wherein the protected function corresponds with a temporary role distinct from the role of the user; in response to the request for the temporary access level increase, generating, via the machine system, an encrypted string comprising a temporary password authorized to allow the user to access the protected function of the machine control program; providing the encrypted string to the user, wherein the user provides the encrypted string to an administrator and the administrator authenticates the user for the temporary access level increase, decrypts the temporary password, and provides the temporary password to the user; receiving, in the machine system and from the user, an elevated login request comprising the username and the temporary password authorized to allow the user to access the protected function of the machine control program; and responsive to receiving the elevated login request, granting, via the machine system, the temporary access level increase to allow the user to utilize the protected function of the machine control program. 2. The method of claim 1 wherein granting the temporary access level increase comprises granting the temporary access level increase for only a single elevated login request. 3. The method of claim 1 wherein generating the encrypted string further comprises generating the encrypted string comprising the temporary role. 4. The method of claim 1 wherein the machine control program comprises controller program code that directs an industrial controller to drive the machine system. 5. The method of claim 1 wherein granting the temporary access level increase comprises granting the temporary access level increase for a predetermined time period. 6. The method of claim 1 wherein receiving the request for the temporary access level increase comprises receiving the request for the temporary access level increase via a function of the one or more functions of the machine control program corresponding with the role of the user. 7. One or more computer-readable storage media having program instructions stored thereon to facilitate temporary escalation of access privileges for a machine control program associated with a machine system in an industrial automation environment, wherein the program instructions, when executed by a computing system, direct the computing system to at least: receive, in the machine system and from a user, a login request comprising a username and password, wherein the username and the password are associated with the user and are stored on a machine authority of the machine system; grant, via the machine system, the user an access level to utilize one or more functions of the machine control program corresponding with a role of the user; receive, in the machine system, a request from the user for a temporary access level increase to utilize protected functions of the machine control program associated with the machine system, wherein the protected functions correspond with a temporary role distinct from the role of the user; in response to the request for the temporary access level increase, generate, via the machine system, an encrypted string comprising a temporary password authorized to allow the user to access the protected functions of the machine control program; provide the encrypted string to the user, wherein the user provides the encrypted string to an administrator and the administrator authenticates the user for the temporary access level increase, decrypts the temporary password, and provides the temporary password to the user; and receive, in the machine system and from the user, an elevated login request comprising the username and the temporary password authorized to allow the user to access the protected functions of the machine control program, and responsively grant, via the machine system, the temporary access level increase to allow the user to utilize the protected functions of the machine control program. 8. The one or more computer-readable storage media of claim 7 wherein the program instructions that direct the computing system to grant the temporary access level increase direct the computing system to grant the temporary access level increase for only a single elevated login request. 9. The one or more computer-readable storage media of claim 7 wherein the program instructions that direct the computing system to generate the encrypted string direct the computing system to generate the encrypted string comprising the temporary role. 10. The one or more computer-readable storage media of claim 7 wherein the program instructions that direct the computing system to grant the temporary access level increase direct the computing system to grant the temporary access level increase for a predetermined time period. 11. The one or more computer-readable storage media of claim 7 wherein the program instructions that direct the computing system to grant the temporary access level increase direct the computing system to grant the temporary access level increase for a predetermined number of elevated login requests. 12. The one or more computer-readable storage media of claim 7 wherein the program instructions that direct the computing system to receive the request for the temporary access level increase direct the computing system to receive the request for the temporary access level increase via a function of the one or more functions of the machine control program corresponding with the role of the user. 13. An apparatus to facilitate temporary escalation of access privileges for a machine control program associated with a machine system in an industrial automation environment, the apparatus comprising: one or more computer-readable storage media; and program instructions stored on the one or more computer-readable storage media that, when executed by a processing system, direct the processing system to at least: receive, in the machine system and from a user, a login request comprising a username and password, wherein the username and the password are associated with the user and are stored on a machine authority of the machine system; grant, via the machine system, the user an access level to utilize one or more functions of the machine control program corresponding with a role of the user; receive, in the machine system, a request from the user for a temporary access level increase to utilize a protected function of the machine control program associated with the machine system, wherein the protected function corresponds with a temporary role distinct from the role of the user; in response to the request for the temporary access level increase, generate, via the machine system, an encrypted string comprising a temporary password authorized to allow the user to access the protected function of the machine control program; provide the encrypted
Assignees
Inventors
Classifications
using one-time-passwords · CPC title
Password with time limited access to system, protect protocol · CPC title
- H04L63/105Primary
Multiple levels of security · CPC title
wherein the data content is protected, e.g. by encrypting or encapsulating the payload · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10075450B2 cover?
- Techniques to facilitate temporary escalation of access privileges for a control program associated with a machine system in an industrial automation environment are disclosed. In at least one implementation, a request is received from a user for a temporary access level increase to utilize protected functions of the control program. An encrypted string is generated comprising a temporary passw…
- Who is the assignee on this patent?
- Rockwell Automation Tech Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/105. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Sep 11 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).