A method for providing access information for access to a field device for process automation is disclosed. The method includes the steps of determining, at a users operating device, at least one access information issued to the user for an access to at least one field device via the operating device, assigning, at the users operating device, a further user to the determined at least one access information, and sending an access permission comprising information relating to the determined at least one access information and to the further user assigned to the determined access information such that the determined at least one access information is provided to the further user based on the access permission.

A method for performing a safe guard detection of unexpected operations launched by an operator for a manufacturing execution system (MED system) is based on a first database containing a set of operations, a set of operators, calendar information for a shift and calendar information for the equipment of the MES-system. The MES-systems further has a second database containing a login history of carried out logins of the operator. The detection of a malicious operation is carried out as to whether the operation complies with a set of rules defining allowed operations or with a learning module, in which specific roles of operators are contained and whether an operation complies with a specific role. In case of non-compliance, the operation is stored as an entry in an event trace file for generating alerts.

A method for execution of a function of a field device includes: selecting a function to be performed from a selection list of functions available to a process control system, and communicating the selected function to a service unit; paying a payment amount specified for the function and confirming the payment to the service unit; determining a derived time value of a service unit and an enable code, and transmitting the enable code to the process control system; forwarding the enable code to the field device; determining a derived time value of the field device, and checking the enable code using the derived time value to determine whether the enable code is generated by the service unit, and determining the function from the enable code; and executing an executable code corresponding to the function in the event the enable code is verified as being generated by the service unit.

A method for providing access information for access to a field device for process automation is disclosed. The method includes the steps of determining, at a users operating device, at least one access information issued to the user for an access to at least one field device via the operating device, assigning, at the users operating device, a further user to the determined at least one access information, and sending an access permission comprising information relating to the determined at least one access information and to the further user assigned to the determined access information such that the determined at least one access information is provided to the further user based on the access permission.

A method for providing an access key for a field device of automation technology, wherein the access key controls accessing of the field device, includes: producing an individual key; storing the individual key in a database together with an identification feature of the field device; storing the individual key in the field device which is to be unlocked based on an input access key; ascertaining at least the identification feature of the field device for which the access key is to be provided; and forming/producing/generating the access key, such that it includes at least one hash value, wherein the hash value is formed at least from the individual key read-out from the database with the assistance of the ascertained identification feature.

A method for providing access information for access to a field device for process automation is disclosed. The method includes the steps of determining, at a users operating device, at least one access information issued to the user for an access to at least one field device via the operating device, assigning, at the users operating device, a further user to the determined at least one access information, and sending an access permission comprising information relating to the determined at least one access information and to the further user assigned to the determined access information such that the determined at least one access information is provided to the further user based on the access permission.

A method for performing a safe guard detection of unexpected operations launched by an operator for a manufacturing execution system (MED system) is based on a first database containing a set of operations, a set of operators, calendar information for a shift and calendar information for the equipment of the MES-system. The MES-systems further has a second database containing a login history of carried out logins of the operator. The detection of a malicious operation is carried out as to whether the operation complies with a set of rules defining allowed operations or with a learning module, in which specific roles of operators are contained and whether an operation complies with a specific role. In case of non-compliance, the operation is stored as an entry in an event trace file for generating alerts.

An equipment isolation system (10) for remotely isolating equipment (20, 21, 210, 250) in a plant comprising equipment (20, 21, 210, 250) energisable by an energy source and a control system (50) for controlling operation of said equipment (20, 21, 210, 250) and isolation of said equipment from said energy source to an isolated state by an operator, wherein said control system (50, 260, 700) includes an identification device (790) for an operator to provide operator identification data; and a processor for comparing said operator identification data with stored identification data (261) for operators authorised to use the equipment isolation system (10) wherein said control system (50, 260, 700) is configured to enable use of the equipment isolation system (10) by said operator only where the processor matches operator identification data provided to the identification device (790) and said stored identification data (261).

A method for providing an access key for a field device of automation technology, wherein the access key controls accessing of the field device, includes: producing an individual key; storing the individual key in a database together with an identification feature of the field device; storing the individual key in the field device which is to be unlocked based on an input access key; ascertaining at least the identification feature of the field device for which the access key is to be provided; and forming/producing/generating the access key, such that it includes at least one hash value, wherein the hash value is formed at least from the individual key read-out from the database with the assistance of the ascertained identification feature.

Techniques to facilitate temporary escalation of access privileges for a control program associated with a machine system in an industrial automation environment are disclosed. In at least one implementation, a request is received from a user for a temporary access level increase to utilize protected functions of the control program. An encrypted string is generated comprising a temporary password authorized to access the protected functions of the control program. The encrypted string is provided to the user, wherein the user provides the encrypted string to an administrator and the administrator authenticates the user for the temporary access level increase, decrypts the temporary password, and provides the temporary password to the user. A login request is received from the user with the temporary password, and the temporary access level increase is responsively granted to allow the user to utilize the protected functions of the control program.