US 12,244,738 B2
Methods, devices and systems for managing user authentication in IIoT environments using hardware tokens
Maria Krovatkina, Houston, TX (US); Anh Dang, Houston, TX (US); Muhammad Moeen Yaqoob, Houston, TX (US); and Felipe Klein, Houston, TX (US)
Assigned to SCHLUMBERGER TECHNOLOGY CORPORATION, Sugar Land, TX (US)
Appl. No. 18/694,817
Filed by Schlumberger Technology Corporation, Sugar Land, TX (US)
PCT Filed Oct. 22, 2021, PCT No. PCT/US2021/056130
§ 371(c)(1), (2) Date Mar. 22, 2024,
PCT Pub. No. WO2023/069106, PCT Pub. Date Apr. 27, 2023.
Prior Publication US 2024/0396748 A1, Nov. 28, 2024
Int. Cl. H04L 9/32 (2006.01); H04L 9/08 (2006.01); G06F 21/31 (2013.01); G06F 21/41 (2013.01); H04L 9/40 (2022.01)
CPC H04L 9/3271 (2013.01) [H04L 9/0825 (2013.01); H04L 9/3234 (2013.01); G06F 21/31 (2013.01); G06F 21/41 (2013.01); H04L 9/0863 (2013.01); H04L 9/40 (2022.05); H04L 63/0815 (2013.01); H04L 63/0853 (2013.01); H04L 63/0884 (2013.01)] 14 Claims
OG exemplary drawing
 
1. A method for user authentication on a gateway device located at an industrial site or facility, the gateway device including a southbound data communication interface to at least one local area network (LAN) at the industrial site or facility and a northbound data communication interface to at least one wide area network (WAN), the method comprising:
i) at the gateway device, receiving a user request communicated via the LAN from a user system or device connected to the LAN;
ii) at the gateway device, checking that the gateway device is operating in a disconnected operational mode in response to the user request;
iii) at the gateway device, selectively initiating a user authentication protocol when the gateway device is operating in the disconnected operational mode, wherein the user authentication protocol uses secret information stored in a user hardware token registered at the gateway device uniquely assigned to a particular user, wherein the secret information stored in the user hardware token comprises a secret key, and wherein the user authentication protocol also uses other user information associated with the secret information of the user hardware token and stored in the gateway device via interaction of an administrator user with the gateway device;
iv) at the gateway device, before registering the user hardware token, authenticating the administrator user using the user authentication protocol that requires administrator secret information stored in a master hardware token connected to a system or device operated by the administrator user, wherein:
the user authentication protocol that requires the administrator secret information stored in the master hardware token is used when the gateway device is operating in the disconnected operational mode; and
the master hardware token is uniquely associated with a particular gateway device and used for authenticating the administrator user on the particular gateway device and permitting the administrator user to manage user hardware tokens via interaction with the particular gateway device; and
v) at the gateway device, selectively authenticating the particular user based at least in part on results of the user authentication protocol.