	US 11,934,507 B2
	Project-oriented certificate management
Benjamin Lutz, Pfinztal (DE); and Anna Palmin, Karlsruhe (DE)
Assigned to SIEMENS AKTIENGESELLSCHAFT, Munich (DE)
Appl. No. 16/978,234
Filed by Siemens Aktiengesellschaft, Munich (DE)
PCT Filed Mar. 7, 2019, PCT No. PCT/EP2019/055763 § 371(c)(1), (2) Date Sep. 4, 2020, PCT Pub. No. WO2019/170829, PCT Pub. Date Sep. 12, 2019.
Claims priority of application No. 18160968 (EP), filed on Mar. 9, 2018.
Prior Publication US 2020/0410080 A1, Dec. 31, 2020
Int. Cl. G06F 21/33 (2013.01); G06F 21/44 (2013.01); G06Q 10/10 (2023.01); G06Q 30/00 (2023.01); G06Q 30/018 (2023.01); H04L 9/32 (2006.01); H04L 29/08 (2006.01); H04L 69/322 (2022.01); H04L 67/02 (2022.01)

CPC G06F 21/33 (2013.01) [G06F 21/445 (2013.01); G06Q 10/103 (2013.01); G06Q 30/0185 (2013.01); H04L 9/3265 (2013.01); H04L 69/322 (2013.01); H04L 67/02 (2013.01)]

4 Claims

1. A method for project-related authentication of a device in a control system for a technical installation in the context of an engineering project, the control system including an operator system server having at least one first local registration authority, a process data archive including at least one software inventory and one certification authority formed on a project-related basis with a first hierarchy and a second hierarchy, the first hierarchy issuing project-related device certificates for devices, and the second hierarchy issuing project-related operational certificates for devices, the method comprising:

a) establishing information via one of the at least one first local registration authority and at least one second local registration authority of an engineering station to determine which communication protocols are supported by the device and are active during an authentication of the device within the control system;

b) requesting a project-related device certificate at the first hierarchy of the certification authority via one of the at least one first local registration authority and the at least one second local registration authority of the engineering station in an event one of the at least one first local registration authority the at least one second local registration authority of the engineering station verifies that a particular project-related device certificate is supported by the device and is active;

c) storing the project-related device certificate in a sub-inventory of the at least software inventory of the control system assigned to the engineering project;

d) requesting a project-related operational certificate via a device at one of the at least one first local registration authority and the at least one second local registration authority of the engineering station;

e) checking, via one of the at least one first local registration authority and the at least one second local registration authority of the engineering station, whether a corresponding project-related device certificate is stored in a sub-inventory of the software inventory of the control system assigned to the engineering project for the device issuing the request in the context of the engineering project in which the device is issuing the request;

f) requesting a project-related operational certificate at the first hierarchy of the certification authority via one of the at least one first local registration authority and the at least one second local registration authority of the engineering station in the event one of the at least one first local registration authority and the at least one second local registration authority of the engineering station verifies that a particular project-related operational certificate is supported by the device and is active; and

g) forwarding the project-related operational certificate from the first hierarchy of the certification authority to the device.