METHOD FOR OPERATING A FIELD DEVICE

Abstract

A method for operating a field device is disclosed, the field device having settings and/or functions classified into different security levels, where one of the settings and/or functions of the field device is selected by a user, at least one security measure is implemented depending upon the security level with which the selected setting and/or function is associated, and the security measure determines whether the selected setting and/or function of the field device is released for the user.

Claims

1. A method of operating a field device, the method comprising: selecting one of a plurality of settings and/or functions of the field device, the selecting being performed by a user, wherein the plurality of settings and/or functions of the field device are classified into separate security levels; executing at least one security measure, the at least one security measure depending upon the security level associated with the selected setting and/or function; and determining whether the security measure was executed successfully, wherein upon determining that the security measure was executed successfully, releasing the field device for the user.

2. The method of claim 1, wherein a first number of security measures are executed when a first setting and/or function belonging to a first security level is selected, wherein a second number of security measures are executed when a second setting and/or function belonging to a second security level is selected, and wherein the second number exceeds the first number.

3. The method of claim 1, the method further comprising establishing whether the user is in proximity to the field device a first security measure.

4. The method of claim 1, the method further comprising detecting a first number of biometric features via a first security measure, wherein the first number of biometric features are a first identifier for identifying the user.

5. The method of claim 4, the method further comprising detecting a second number of biometric features via a second security measure, wherein the second number of biometric features are a second identifier for identifying the user.

6. The method of claim 5, wherein whether the selected setting and/or function is released for the user is further determined using the first and/or second security measure using the first and/or second identifier.

7. The method of claim 2, wherein the second security measure is executed instead of the first security measure when the selected setting and/or function belongs to a second security level that is higher than the first security level, to which belongs at least one other setting and/or function of the field device.

8. The method of claim 2, wherein the second security measure is executed in addition to the first security measure when the selected setting and/or function belongs to a second security level that is higher than the first security level, to which belongs at least one other setting and/or function of the field device.

9. The method of claim 5, wherein whether the selected setting and/or function is released for the user is further determined based on a comparison of the detected first and/or second identifier with a first and/or second identifier stored as a reference in the field device, a server or an operator device.

10. The method of claim 9, the method further comprising authenticating and/or to authorizing the user via the first and/or second number of biometric features to make an adjustment to a selected setting and/or to execute a selected function using an application on the operator device.

11. The method of claim 10, the method further comprising, after the authenticating and/or to authorizing, enabling the user to select or execute the selected settings and/or functions of a specific security level on multiple field devices.

12. The method of claim 10, wherein the comparison is between the detected first and/or second identifier and a first and/or second identifier stored on a server, or between the corresponding encryptions, wherein the server is located on a unit remote from the operator device and the application on the operator device is a client.

13. The method of claim 9, wherein the selected setting and/or function is selected via a first communication connection between the operator device and the field device, and wherein at least one part of the detected biometric features is transmitted via a second communication connection between the operator device and the server.

14. The method of claim 1, wherein biometric features of a single biometric characteristic are detected as a first identifier.

15. The method of claim 14, wherein a second identifier is detected, and wherein the biometric features of a biometric characteristic different than the first identifier are detected as a second identifier.

16. An arrangement comprising: a field device having a plurality of settings and/or functions of a field device, wherein the plurality of settings and/or functions of the field device are classified into separate security levels and are selectable by a user; and an operator device operable by the user, wherein the field device and the operator device are configured to cooperatively enable the user to select one of the plurality of settings and/or functions of the field device, to execute at least one security measure, the at least one security measure depending upon the security level associated with the selected setting and/or function, and to determine whether the security measure was executed successfully, wherein upon determining that the security measure was executed successfully, releasing the field device for the user.

17. The arrangement of claim 16, the arrangement further comprising a server, the server configured to enable the user, cooperatively with the field device and the operator device, to select one of the plurality of settings and/or functions of the field device, to execute at least one security measure, the at least one security measure depending upon the security level associated with the selected setting and/or function, and to determine whether the security measure was executed successfully, wherein upon determining that the security measure was executed successfully, releasing the field device for the user.

18. A computer program product comprising program code means that, when executed, serve to implement the program code configured to be executed on a field device, a server and/or an operator device to enable a user to select one of a plurality of settings and/or functions of the field device, to execute at least one security measure, the at least one security measure depending upon a security level associated with the selected setting and/or function, and to determine whether the security measure was executed successfully, wherein upon determining that the security measure was executed successfully, releasing the field device for the user, wherein the plurality of settings and/or functions of the field device are classified into separate security levels.

Description

BRIEF DESCRIPTION OF THE DRAWINGS

[0037] The present disclosure is explained in more detail based upon the following drawings. Illustrated are:

[0038] FIG. 1 shows a schematic depiction of an embodiment of the present disclosure, in which a user receives access to a field device in a facility by means of an operator device; and

[0039] FIG. 2 shows a schematic depiction of an operator device by means of which a detection of biometric features is implemented.

DETAILED DESCRIPTION

[0040] FIG. 1 shows a schematic depiction of a facility with a user BE who, on site at a facility A, wants to gain access to one of the field devices F1 by means of an operator device BG.

[0041] For this purpose, under the circumstances, it is first necessary to register the user BE. For this, user BE registers with a server S in order to be able to download an application for his operator device BG. After the successful registration, the user BE receives, for example, an identification code sent from the server S. The user BE can subsequently download the application (commonly referred to as an “app,” for example) to his operator device BG.

[0042] In order for the application to be functional, the identification code must be specified at least once, e.g., on the operator device BG. After the successful input of the identification code, a security measure is then implemented, for example, in the form of a palm scan. The scan is preferably implemented for the maximum security level, i.e., as many details (minutiae, for example) are read over the duration of the scan as are defined for this security level. An encoding may then be generated from the data of the palm scan by means of an algorithm. The identification code and the encoding of the palm scan (which serves as an identifier) for the maximum security level are stored for the user BE as a reference, for example, on the operator device BG. The information for the authentication, i.e., identification code and the encoding of the palm print, are therefore stored on the operator device BG via the algorithm.

[0043] In order to now obtain access to the field device F1, with its settings and/or functions, the user BE starts the application on his operator device BG. For example, all connection-ready field devices F1, F2, F3 are thereby presented to the user BE as a list—what may be referred to as a LiveList. The user BE selects a field device F1 from the list. After the connection selection, the application may open a page on the operator device BG by means of which the user BE may authenticate himself, e.g., by means of one of the proposed security measures. A palm scan (already mentioned above) may be used for this authentication, for example. The palm scan may then be compared with the stored palm scan in order to check the identity of the user BE.

[0044] The function or setting for which a person must identify himself may be stored beforehand in the application on the operator device BG and/or the field device F1.

[0045] Depending upon the set security level, the user must hold his hand longer or only very briefly in the grid of a display D, which is, for example, in the form of a hand template L, as shown in FIG. 2. With this, security levels may be implemented that require different time periods. The longer that the scan is implemented, the more hand features (for example, minutiae) may be identified.

[0046] The application on the operator device BG calculates an encoding for the detected features using the algorithm mentioned. This encoding is compared with the data of the registration process, i.e., the reference determined there.

[0047] Given agreement, the application then authenticates the user BE and releases the invoked setting and/or function. The user BE may thus make adjustments to the field device F1 and/or invoke functions. The proposed method may also be used for access authentication to the application itself, such that the at least one security measure is executed before the execution of the application on the operator device BG.

[0048] The communication between the field device F1 and the operator device BG (i.e., communication K1), or between the operator device BG and the server S (i.e., communication K2), may thereby preferably be done in an encrypted fashion.

[0049] The detected biometric data, e.g., the data of the palm scan, may be sent to the server in the form of an encrypted media stream. The authentication of the user BE is then subsequently implemented at the server S. In addition to this, the connection to the server S may be protected by a firewall.

[0050] It is also possible to use speech, not only for the operation of an application, but also for using a speech sample of the user BE for authentication of the user BE.

[0051] Embodiments of the present disclosure may also be used to provide a secure facility. In FIG. 1, the dashed line A represents a barrier (a wall or photoelectric barrier, for example) against unauthorized persons or systems.

[0052] Every user BE who desires access to the facility in order to modify or check the facility status (for example, field device settings, PCL program, etc.) must first register once via the hand scanner C by inputting his personal identification code, for example, and/or implementing a security measure (in the form of the palm scan, as shown in FIG. 1). The input of the identification code and/or of the palm scan may thereby be observed and documented by an authorized person, in order to guarantee that the identification code may be uniquely associated with the palm scan. This information is stored on the server S together with the authorization data entered for the user for his access rights.

[0053] The operation of one of the field devices F1 in the facility A by means of an operator device BG may then take place as follows:

[0054] A user BE authenticates himself for the first time outside of the facility by means of a palm scan at the palm reader scanner C and specifies his identification code, which is received from an authorized location for example, a personnel office or a security authority of the facility. The palm scan implemented for the highest security level, i.e., the highest number of palm features at all security levels, is detected.

[0055] The access data, in the form of the palm scan and the identification code, are subsequently transmitted from the palm reader scanner C to the server S.

[0056] The physical and/or logical access restriction is released, and the now-authenticated user BE receives access to the facility. The authenticated user BE may then establish a connection to a field device F1 for example, via an application on the operator device BG.

[0057] The user BE may then select one of the field devices F1 by means of the application on the operator device BG. A palm scan may then take place as a security measure by means of the operator device BG, as depicted in FIG. 2. The features of the current security level (which, for example, are predetermined by the invoked function of the field device and serve as an identifier for the user BE) that are detected by means of the security measure are sent to the server S in the form of a stream, for example. There, the information may be compared with the access data that were detected in the registration, and an authentication algorithm may be implemented.

[0058] The user BE may thus be authenticated by the server S. His degree of authorization may likewise be stored on the server S. After an authentication has taken place, the user BE may connect with the field device F1 and implement functions within the scope of the granted authorization.

[0059] The palm scan, or the detection of other or additional biometric characteristics, may, alternatively, be implemented, not by the operator device BG or an application thereon, but rather by the field device F1. For example, the field device F1 may have a camera (not shown), and the processing logic for executing the method of the present disclosure may be implemented in the firmware of the field device F1. Alternatively, the processing logic may also be placed on a server S, and the server receives the data detected by means of the camera in the form of a data stream sent from the field device F1, or the field device F1 calculates an encoding of the camera data and transmits this to the server S.

[0060] The field device F1 may thereby be connected via a field bus FB with additional field devices F2, F3, F, such as, for example, additional sensors and/or actuators. A control unit that serves to control the process in the facility may be connected to the field bus FB and communicate with the field devices. The control unit SE may in turn be connected with a superordinate first network N1, to which are connected additional computers RE that serve for operation of the facility A. For example, it may be what is known as an engineering station. These computers RE may likewise be connected with one another and with the server S via a superordinate second network N2, which server S serves to authorize and/or authenticate a user BE, for example.

METHOD FOR OPERATING A FIELD DEVICE

Inventors

Cpc classification

Classification Explorer

H04W12/06

ELECTRICITY

Classification Explorer

H04W12/088

ELECTRICITY

Classification Explorer

G06F2221/2113

PHYSICS

Classification Explorer

G07C9/37

PHYSICS

Classification Explorer

H04L63/0861

ELECTRICITY

Classification Explorer

H04L67/12

ELECTRICITY

Classification Explorer

G06F21/31

PHYSICS

Classification Explorer

H04L63/105

ELECTRICITY

Classification Explorer

G05B2219/25428

PHYSICS

Classification Explorer

Y02P90/02

GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS

Classification Explorer

G07C2209/04

PHYSICS

Classification Explorer

H04L2463/082

ELECTRICITY

Classification Explorer

G05B19/4183

PHYSICS

Classification Explorer

G05B19/042

PHYSICS

Classification Explorer

G06F2221/2149

PHYSICS

International classification

Classification Explorer

H04L29/06

ELECTRICITY

Classification Explorer

G05B19/042

PHYSICS

Classification Explorer

G06F21/54

PHYSICS

Abstract

Claims

Description