| CPC H04L 63/0884 (2013.01) [H04L 9/0838 (2013.01); H04L 9/3226 (2013.01); H04L 63/061 (2013.01); H04L 63/166 (2013.01); H04L 2463/082 (2013.01)] | 13 Claims |
|
1. A method for logging a user into a device for a power generation plant, using a service gateway, wherein an access authorization of the user for the device is stored on the service gateway, comprising:
authenticating the user on the service gateway,
sending a device access request using an access device from the user to the service gateway specifying an identifier of the device for the power generation plant,
comparing a device secret stored on the service gateway with a copy of the device secret generated using the device secret and stored on the device, via an SRP protocol, wherein the comparison is carried out via a data connection between the access device of the user and the service gateway, and a data connection between the access device of the user and the device for the power generation plant, wherein, when the comparison is successful,
a session key is agreed between the device and the service gateway via the SRP protocol, and
the user logs into the device using the access device,
wherein the data connection between the access device of the user and the service gateway and/or the data connection between the access device of the user and the device is set up via an encrypted and authenticated TLS connection using a cipher suite ensuring Perfect Forward Secrecy.
|