Single sign-on registration
US-2018316657-A1 · Nov 1, 2018 · US
Method for user administration of a field device
US11297063B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11297063-B2 |
| Application number | US-201916268732-A |
| Country | US |
| Kind code | B2 |
| Filing date | Feb 6, 2019 |
| Priority date | Feb 6, 2018 |
| Publication date | Apr 5, 2022 |
| Grant date | Apr 5, 2022 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
The present disclosure relates to a method for user administration of a field device of process automation technology, comprising the steps of connecting a transport medium, such as a smartphone, to a user database, synchronizing user data from the user database with the transport medium, and connecting the transport medium to the field device. The method also includes transmitting the user data from the transport medium to the field device, checking of the user data by the field device, and granting access to the field device on the basis of verified valid user data.
First claim
Opening claim text (preview).
The invention claimed is: 1. A method for user administration of a field device of process automation technology, comprising steps of: mirroring a user database with a server; connecting a transport device to the user database of the field device; synchronizing user data from the user database of the field device with the transport device, wherein the user data comprises at least one ticket including one or more of the following characteristic data: user name, password, encrypted password, identification of the transport medium, serial number of the field device, rights, revision counter, validity counter, validity from validity counter, validity until validity counter, access type, validity duration, valid from, valid to, date of the ticket creation, and a function code, and wherein the function code includes one of remove, add, and forceflag; connecting the transport device to the field device; transmitting the user data from the transport device to the field device; checking an authenticity of the transmitted user data by the field device, wherein the authenticity of the transmitted user data determines whether the at least one ticket is valid; granting access to the field device on the basis of verified valid user data; storing and updating the user data on the user database of the field device for users having access to the field device. 2. The method of claim 1 , wherein the user data comprise at least one ticket, and wherein the at least one ticket is user-specific and field device-specific. 3. The method of claim 2 , wherein the at least one ticket is created exclusively by the user database. 4. The method of claim 2 , wherein a public key of the field device and a public key of the user database are exchanged via the transport device. 5. The method of claim 4 , wherein the field device computes a shared secret from the public key of the user database and a private key; and wherein the user database computes the shared secret from the public key of the field device and a private key of the user database. 6. The method of claim 5 , wherein the shared secret is exchanged via the transport device. 7. The method of claim 1 , wherein the at least one ticket corresponding to a currently logged-on user at the transport device and including the function code of forceflag is transmitted. 8. The method of claim 1 , wherein the characteristic data is encrypted with a first key derived from the shared secret. 9. The method of claim 8 , wherein the at least one ticket in the field device is encrypted based on the shared secret. 10. The method of claim 9 , wherein the at least one ticket includes a nonce. 11. The method of claim 10 , wherein the at least one ticket includes a message authentication code. 12. The method of claim 11 , wherein the message authentication code is computed and verified with a second key derived from the shared secret. 13. The method of claim 12 , wherein the at least one ticket includes a signature generated from the private key of the user database and verified from the public key of the user database. 14. The method of claim 13 , wherein the at least one ticket is encrypted and authenticated using symmetric keys that each field device shares with the central user database. 15. The method of claim 14 , wherein the at least one ticket is exchanged via an unencrypted channel before the authentication is carried out. 16. The method of claim 15 , wherein the at least one ticket includes payload data information for a key exchange or an authentication protocol. 17. The method of claim 15 , wherein the at least one ticket contains payload data information about a smart card, and wherein the payload data information is sued for a key exchange to an authentication protocol which incorporates keys stored on the smart card. 18. The method of claim 17 , wherein the at least one encrypted ticket includes payload information data about a control device, and wherein the payload data information is used for a key exchange or an authentication protocol which incorporates keys stored on the control device.
Assignees
Inventors
Classifications
involving digital signatures · CPC title
- H04L63/0807Primary
using tickets, e.g. Kerberos (cryptographic mechanisms or cryptographic arrangements for entity authentication using tickets or tokens H04L9/3213) · CPC title
Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes · CPC title
Hash functions, e.g. MD5, SHA, HMAC or f9 MAC · CPC title
using passwords (cryptographic mechanisms or cryptographic arrangements for entity authentication using a predetermined code H04L9/3226) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11297063B2 cover?
- The present disclosure relates to a method for user administration of a field device of process automation technology, comprising the steps of connecting a transport medium, such as a smartphone, to a user database, synchronizing user data from the user database with the transport medium, and connecting the transport medium to the field device. The method also includes transmitting the user dat…
- Who is the assignee on this patent?
- Endress Hauser Conducta Gmbh Co Kg
- What technology area does this patent fall under?
- Primary CPC classification H04L63/0807. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Apr 05 2022 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).