Method for Granting an Access Authorization for a Computer-Based Object in an Automation System, Computer Program and Automation System
    1.
    发明申请
    Method for Granting an Access Authorization for a Computer-Based Object in an Automation System, Computer Program and Automation System 失效
    在自动化系统,计算机程序和自动化系统中授予基于计算机的对象的访问授权的方法

    公开(公告)号:US20100071029A1

    公开(公告)日:2010-03-18

    申请号:US12557597

    申请日:2009-09-11

    IPC分类号: G06F21/00 G06F7/00

    摘要: An access authorization for a computer-based object in an automation system comprising a plurality of network nodes is granted using a control file which is structured in line with a scheme for a markup language for granting access authorizations and which maps a hierarchic tree structure. In this case, access authorizations are mapped in an object model which has a hierarchic tree structure. A relevant subtree from the object model is ascertained for a selected network node, at which services are provided using computer-based objects, or when access to a computer-based object is requested, by an access guideline service. The control file is produced from the ascertained relevant subtree. The control file produced is made available for the selected network node or for access to the computer-based object.

    摘要翻译: 使用控制文件授予包括多个网络节点的自动化系统中的基于计算机的对象的访问授权,所述控制文件根据用于授予访问授权并且映射分层树结构的标记语言的方案来构造。 在这种情况下,访问权限被映射到具有分层树结构的对象模型中。 对于所选择的网络节点确定来自对象模型的相关子树,使用基于计算机的对象提供服务,或者当通过访问指南服务请求访问基于计算机的对象时。 控制文件由确定的相关子树生成。 生成的控制文件可用于所选网络节点或访问基于计算机的对象。

    Method for Granting Authorization to Access a Computer-Based Object in an Automation System, Computer Program, and Automation System
    2.
    发明申请
    Method for Granting Authorization to Access a Computer-Based Object in an Automation System, Computer Program, and Automation System 审中-公开
    授权访问自动化系统,计算机程序和自动化系统中基于计算机的对象的方法

    公开(公告)号:US20120117380A1

    公开(公告)日:2012-05-10

    申请号:US13061893

    申请日:2009-09-02

    IPC分类号: H04L29/06 G06F21/00 H04L9/32

    摘要: An identifier is determined for a control program, and the identifier is encrypted based on a private digital key associated with a control and monitoring unit of the automation system to grant authorization to access a computer-based object in an automation system. A first service of the automation system is provided based on the computer-based object, and a second service of the automation system is provided based on the control program. The encrypted identifier is decrypted when being transmitted to an authentication service and is verified by the authentication service. If the verification process has been successful, the authentication service transmits a temporarily valid token to the second service. When the control program requests access to the computer-based object, the token is transmitted to the first service for checking purposes. The control program is granted access to the computer-based object if the result of the checking process is positive.

    摘要翻译: 为控制程序确定标识符,并且基于与自动化系统的控制和监视单元相关联的专用数字密钥来加密标识符,以授权访问自动化系统中的基于计算机的对象。 基于计算机对象提供自动化系统的第一服务,并且基于控制程序提供自动化系统的第二服务。 被加密的标识符在被传送到认证服务时被解密并被认证服务验证。 如果验证过程成功,则认证服务向第二服务发送临时有效的令牌。 当控制程序请求访问基于计算机的对象时,令牌被发送到第一服务以进行检查。 如果检查过程的结果为正,则允许控制程序访问基于计算机的对象。

    Method for granting an access authorization for a computer-based object in an automation system, computer program and automation system
    3.
    发明授权
    Method for granting an access authorization for a computer-based object in an automation system, computer program and automation system 失效
    在自动化系统,计算机程序和自动化系统中授予基于计算机的对象的访问授权的方法

    公开(公告)号:US08701202B2

    公开(公告)日:2014-04-15

    申请号:US12557597

    申请日:2009-09-11

    IPC分类号: G06F21/00 G06F21/62

    摘要: An access authorization for a computer-based object in an automation system comprising a plurality of network nodes is granted using a control file which is structured in line with a scheme for a markup language for granting access authorizations and which maps a hierarchic tree structure. In this case, access authorizations are mapped in an object model which has a hierarchic tree structure. A relevant subtree from the object model is ascertained for a selected network node, at which services are provided using computer-based objects, or when access to a computer-based object is requested, by an access guideline service. The control file is produced from the ascertained relevant subtree. The control file produced is made available for the selected network node or for access to the computer-based object.

    摘要翻译: 使用控制文件授予包括多个网络节点的自动化系统中的基于计算机的对象的访问授权,所述控制文件根据用于授予访问授权并且映射分层树结构的标记语言的方案来构造。 在这种情况下,访问权限被映射到具有分层树结构的对象模型中。 对于所选择的网络节点确定来自对象模型的相关子树,使用基于计算机的对象提供服务,或者当通过访问指南服务请求访问基于计算机的对象时。 控制文件由确定的相关子树生成。 生成的控制文件可用于所选网络节点或访问基于计算机的对象。

    Method for providing control information for a distributed operation in an automation system, computer program and automation system
    4.
    发明授权
    Method for providing control information for a distributed operation in an automation system, computer program and automation system 有权
    在自动化系统,计算机程序和自动化系统中提供分布式操作的控制信息的方法

    公开(公告)号:US08959645B2

    公开(公告)日:2015-02-17

    申请号:US13063434

    申请日:2009-09-02

    IPC分类号: G06F21/00 H04L12/40 G06F9/54

    CPC分类号: H04L12/40013 G06F9/547

    摘要: A distributed operation is performed using at least one first and second computer-based object, wherein control information is used to influence or determine a property, a function of the first and/or second computer-based objects. The control information includes details of a parameter identifier, a value associated with the parameter identifier, a range of validity and a remote access attribute. The control information is provided in a retrievable manner, according to the included range of validity, in a memory organized according to ranges of validity and is associated with the first computer-based object. During a function or service call for performing the distributed operation, which is sent from the first computer-based object to the second, the control information is transmitted to the second computer-based object, provided in a retrievable manner in the memory organized according to the ranges of validity and associated with the second computer-based object.

    摘要翻译: 使用至少一个第一和第二基于计算机的对象来执行分布式操作,其中控制信息用于影响或确定属性,第一和/或第二计算机对象的功能。 控制信息包括参数标识符的细节,与参数标识符相关联的值,有效范围和远程访问属性。 根据所包含的有效范围,在根据有效范围组织的存储器中以可检索的方式提供控制信息,并且与第一基于计算机的对象相关联。 在用于执行从第一基于计算机的对象发送到第二计算机的对象的分布式操作的功能或服务呼叫期间,将控制信息发送到以可回收方式提供的第二计算机对象,该存储器根据 有效范围与第二台计算机对象相关联。

    Method for Providing Control Information for a Distributed Operation in an Automation System, Computer Program and Automation System
    5.
    发明申请
    Method for Providing Control Information for a Distributed Operation in an Automation System, Computer Program and Automation System 有权
    在自动化系统,计算机程序和自动化系统中为分布式操作提供控制信息的方法

    公开(公告)号:US20110314080A1

    公开(公告)日:2011-12-22

    申请号:US13063434

    申请日:2009-09-02

    IPC分类号: G06F15/16

    CPC分类号: H04L12/40013 G06F9/547

    摘要: A distributed operation in an automation system is performed using at least one first and second computer-based object. The control information is used to influence or determine a property, a function of the first and/or second computer-based objects. The control information includes details of a parameter identifier, a value associated with the parameter identifier, a range of validity and a remote access attribute. The control information is provided in a retrievable manner, according to the included range of validity, in a memory unit organized according to ranges of validity and is associated with the first computer-based object. During a function or service call for performing the distributed operation, which is sent from the first computer-based object to the second, the control information is transmitted to the second computer-based object, provided in a retrievable manner in a memory unit organized according to the ranges of validity and associated with the second computer-based object.

    摘要翻译: 使用至少一个第一和第二基于计算机的对象来执行自动化系统中的分布式操作。 控制信息用于影响或确定属性,第一和/或第二计算机对象的功能。 控制信息包括参数标识符的细节,与参数标识符相关联的值,有效范围和远程访问属性。 根据所包含的有效范围,在根据有效范围组织的存储器单元中以可检索的方式提供控制信息,并且与第一基于计算机的对象相关联。 在用于执行从第一基于计算机的对象发送到第二计算机的对象的分布式操作的功能或服务呼叫期间,控制信息被发送到以可回收的方式提供在基于第二计算机的对象中的组织的存储器单元中 到有效范围并与第二计算机对象相关联。