(19)
(11)EP 3 511 848 B1

(12)EUROPEAN PATENT SPECIFICATION

(45)Mention of the grant of the patent:
06.09.2023 Bulletin 2023/36

(21)Application number: 19150915.7

(22)Date of filing:  09.01.2019
(51)International Patent Classification (IPC): 
H04L 9/40(2022.01)
H04L 9/32(2006.01)
G06F 21/30(2013.01)
H04W 12/06(2021.01)
(52)Cooperative Patent Classification (CPC):
G06F 21/30; H04L 9/32; H04L 63/08; H04W 12/06

(54)

INDUSTRIAL AUTOMATION DEVICE AND CLOUD SERVICE

INDUSTRIELLE AUTOMATISIERUNGSVORRICHTUNG UND CLOUD-SERVICE

DISPOSITIF D'AUTOMATISATION INDUSTRIELLE ET SERVICE EN NUAGE


(84)Designated Contracting States:
AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

(30)Priority: 10.01.2018 FI 20185028

(43)Date of publication of application:
17.07.2019 Bulletin 2019/29

(73)Proprietor: ABB Schweiz AG
5400 Baden (CH)

(72)Inventors:
  • Hu, Zhongliang
    00380 Helsinki (FI)
  • Kuikka, Toni
    00380 Helsinki (FI)
  • Kohvakka, Mikko
    00380 Helsinki (FI)

(74)Representative: Kolster Oy Ab 
(Salmisaarenaukio 1) P.O. Box 204
00181 Helsinki
00181 Helsinki (FI)


(56)References cited: : 
US-A1- 2015 222 621
US-A1- 2017 223 057
US-A1- 2015 249 659
US-A1- 2018 006 821
  
      
    Note: Within nine months from the publication of the mention of the grant of the European patent, any person may give notice to the European Patent Office of opposition to the European patent granted. Notice of opposition shall be filed in a written reasoned statement. It shall not be deemed to have been filed until the opposition fee has been paid. (Art. 99(1) European Patent Convention).


    Description

    FIELD



    [0001] The present invention relates to industrial automation devices and cloud services.

    BACKGROUND ART



    [0002] The evolvement of networking between computers and computing devices capable to communicate over the Internet without user involvement, has enabled different services. One example of such services is remote monitoring of industrial automation devices by secure cloud services. To connect an industrial automation device, usually with limited user-interaction capabilities, to a secure cloud service that requires some kind of authentication, is challenging.

    SUMMARY



    [0003] The invention is defined by the appended claims. According to an aspect, there is provided the subject matter of the independent claims. Embodiments are defined in the dependent claims.

    [0004] One or more examples of implementations are set forth in more detail in the accompanying drawings and the description below. Other features will be apparent from the description and drawings, and from the claims.

    [0005] Some embodiments provide methods, a computer program product, an apparatus, devices, and a system for providing an industrial automation device with information with which to securely exchange information with a cloud without any hardcoded information in the industrial automation device.

    [0006] US 2015/249659 teaches a solution in which a user of a computing device, for example a mobile phone, first engages the computing device with a client device, which may be a printer, video-game console, credit card terminal, etc. Once the devices are engaged, the client device sends to the computing device a request to grant access to a remote secured resource owned by the user, or otherwise associated with the user. If the user approves to grant the access, the computing device sends to an authorisation service an access grant to obtain for the client an access token to the resource. The authorisation service may or may not authenticate the user. The access token is generated and sent either directly or via the computing device to the client device. The client device uses the token to get access, without the computing device being involved, to the resource owned by the user, for example to print a document or upload a video.

    [0007] US 2018/006821 discloses a solution in which a user of a mobile device wants to pay using his/her mobile device. In the solution, the token is requested by the mobile device for the mobile device from a tokenization computer, which may be a cloud based network. The token is used to pass information with which real account information can be obtained when needed.

    [0008] US 2017/223057 describes a single sing on implementation in which a token is sent to a user device whose user has been authenticated, and the token is for authentication on behalf of the user.

    BRIEF DESCRIPTION OF THE DRAWINGS



    [0009] In the following, exemplary embodiments will be described in greater detail with reference to accompanying drawings, in which

    Figure 1 shows a simplified a system with a block diagram of an exemplified device;

    Figures 2 to 6 are flow charts illustrating different functionalities;

    Figures 7 and 8 illustrate exemplified information exchange; and

    Figures 9 to 11 are schematic block diagrams.


    DETAILED DESCRIPTION OF SOME EMBODIMENTS



    [0010] The following embodiments are exemplary. Although the specification may refer to "an", "one", or "some" embodiment(s) in several locations, this does not necessarily mean that each such reference is to the same embodiment(s), or that the feature only applies to a single embodiment. Single features of different embodiments may also be combined to provide other embodiments.

    [0011] The present invention is applicable to any system that comprises one or more industrial sites comprising one or more industrial automation devices, clouds configured to provide remote services to one or more of the industrial automation devices, directly and/or via remote mobile devices, or via any corresponding device that can locate or locates in an industrial site.

    [0012] An extremely general architecture of an exemplary system 100 is illustrated in Figure 1. Figure 1 is a simplified system architecture only showing some elements, functional entities, which are logical units whose implementation may differ from what is shown, and some equipment. It is apparent to a person skilled in the art that the system comprises any number of shown elements, other equipment, other functions and structures that are not illustrated.

    [0013] In the embodiment illustrated in Figure 1, the system 100 comprises one or more industrial sites 101 (only one illustrated in Figure 1) connected over one or more networks (none shown in Figure 1) to one or more clouds 102 (only one illustrated in Figure 1).

    [0014] In the illustrated example of Figure 1, in the industrial site 101 there is a mobile device 110 of a remote user and one or more industrial automation devices 120 (only one illustrated in the example).

    [0015] The mobile device (MD) 110 refers to a computing device (equipment), that is a portable device, and it may also be referred to as a mobile terminal, user apparatus, user terminal or user device. Portable computing devices (apparatuses) include wireless mobile communication devices operating with or without a subscriber identification module (SIM) in hardware or in software, including, but not limited to, the following types of devices: mobile phone, smart-phone, personal digital assistant (PDA), laptop and/or touch screen computer, tablet (tablet computer), multimedia device, wearable computer and other types of wearable devices, such as clothing and accessories incorporating computer and advanced electronic technologies. The mobile device 110 is configured to support remote maintenance, or at least commissioning (starting up) and configuring (tuning) of industrial automation devices. For that purpose the mobile device 110 comprises a remote support application provided by a remote tool unit 111, and its sub-unit remote registering unit (r-r-u) 111-1 whose functionality will be described in more detail below with Figures 2, 7 and 8. Naturally the sub-unit functionality may be integrated to the remote tool unit functionality.

    [0016] In the illustrated example of Figure 1, an industrial automation device 120 comprises as separate components a panel 121 and an automation device 122.

    [0017] The panel 121 provides one or more interfaces to and from the automation device 122. The panel 121 refers herein to equipment via which parameters of the automation device 122 may be adjusted or acquired, and the functions of the automation device 122 otherwise controlled by a person locating on the site and/or remotely from the cloud 102 (and/or from a separate service center). In other words, the panel is a module providing at least a wireless interface to which the mobile device may connect to, and an interface, wireless or wired, with which to connect to the cloud 102. The panel 121 may be a separate device (as in the illustrated example), or a device detachable connectable to the automation device, or equipment integrated to the automation device. At the simplest the panel may be the mere interfaces. Other examples of the panel include a control panel, smartphone, mobile phone, tablet or laptop computer. At least in the solutions in which the panel 121 is not integrated with the automation device 122, the panel 121 may be located on-site at a close proximity of the automation device 122 to which a connection 106 may be provided via a communication interface by Bluetooth, NFC, WiFi and/or inductive connection (such as an inductive connection according to an inductive power standard (Oi) by the Wireless Power Consortium), for example. However, for a secure connection to the cloud 102, the connection 106 is preferably a wired connection.

    [0018] The automation device 122 (A_D-n) is a device controlling an industrial process, device, or equipment, according to its settings. However, the details of the controlling functionality of the automation device bear no significance and are therefore not described in detail herein. Further, it should be appreciated that the industrial automation device 120, comprising the panel 121 and the automation device 122, depicts herein any device, machine, equipment, system and a process whose operations and/or service and/or maintenance may be taken care remotely. Examples of such industrial automation devices include drivers, frequency converters, AC/DC modules, DC/AC modules, programmable logic controllers, switches, motion controllers or motion drives, servo motors, soft starters, and heavy equipment, etc. It should be appreciated that in the above only some examples are listed.

    [0019] In the illustrated example the industrial automation device is configured to establish a secure connection 104 to the secure cloud 102. For that purpose the panel 121 comprises a cloud connection unit (c-c-u) 123 and the automation device comprises in a secure memory 124 at least one token for a specific cloud, identified by its address. The secure memory 124 may comprise one or more token-cloud address pairs, for example one token for one cloud, or for one cloud service, and a token-cloud may be associated with information that may contain definitions describing for what the token can be used. For example, a token may allow sending information from the industrial automation device, another token allow receiving information, still a further token allows both, a token allows both and in addition allows setting up parameters of the industrial automation device, just to list couple of examples. Naturally the cloud connection unit 123 may locate in the automation device and/or the secure memory 124 may locate at the panel side. Further, there are several ways how to provide the secure memory and any of them may be used.

    [0020] Connections 103, 104 from the mobile device and the industrial automation device, correspondingly, to the one or more clouds 102 may be same kind of connections, or different connections. The connections 103, 104, or one of them may be a wired connection, a wireless connection, or any combination thereof. The wireless connection to the cloud 102 may be provided by any mobile system, such as GSM, GPRS, LTE, 4G, 5G and beyond, or a combination of a mobile system and a fixed system, like Wi-Fi or Li-Fi providing access to internet and via internet to the service center. The local connection 105 between the mobile device 110 and the industrial automation device 120, or actually to the panel 121, may be provided naturally over a mobile system but it may be provided by a local connection, such as a direct connection, for example using Bluetooth, or a cable, such as an USB cable, or by a local network, like Wi-Fi or Li-Fi.

    [0021] In the illustrated example the secure cloud 102 comprises a service center 130. The service center 130 may be any combination of any user interface, like touch screen or combination of a display and a keypad, and any computing apparatus, or a cloud of computing apparatuses appearing as one computing apparatus, that provides remote support via remote support applications in mobile devices. Examples of such apparatuses include a work station, a laptop computer, a personal computer, and a display with a (cloud) server that may be cloud server. The service center 130 is configured to support secure connections to industrial automation devices. For that purpose the service center 130 comprises a token generation unit (t-g-u) 131 and a token verification unit (t-v-u) 132, whose functionality will be described in more detail below, and in a data storage (memory) 133 valid tokens, each associated in the illustrated example with information on the automation device to which the token has been generated. It should be appreciated that there may be service centers comprising only the token verification unit, and in the memory token information. The stored token information may be the mere token, or the token information may comprise in addition to the token, also one or more of the following: address of the industrial automation device, other identification of the industrial automation device, validity time of the token, access restrictions, time when the token has been generated, just to list few examples. It should be appreciated that any necessary information, like a seed/random number to update the token value may be stored in the token information.

    [0022] The data storage may be any kind of conventional or future data repository, including distributed and centralized storing of data, a cloud-based storage in a cloud environment, managed by any suitable management system (not disclosed separately in Figure 1). The implementation of the data storage, the manner how data is stored, retrieved and updated are irrelevant to the invention, and therefore not described in detail here.

    [0023] The cloud 102 may be a global cloud, an enterprise level cloud, a factory level cloud, for example.

    [0024] Although in the above example it is assumed that secure cloud and secure memory are used, it should be appreciated that non-secure cloud and/or non-secure memory may be used as well, if security risks are not an issue.

    [0025] Figure 2 illustrates an example functionality of the mobile device, or more precisely, the remote registering unit (or the remote support unit). In the Figure 2 an Industrial Internet of Things (IoT) device is used as an example of the industrial automation device, and that the application is started only to register the loT device to a cloud. Naturally the application provided by the remote registering unit can be used for setting other parameters, etc., and for (with) any kind of industrial automation device. Further, it is assumed that the mobile device locates in the industrial site so that it can establish a connection to the IoT device.

    [0026] Referring to Figure 2, in response to a corresponding user input, running of the remote support application, or at least registering application, is started in step 201, and a connection establishment is caused in step 202, without user involvement, from the mobile device to the IoT device. Then the mobile device reads in step 203 identification information from the IoT device to register the IoT device to the cloud. The identification information may, for example, be an automation device serial number, a communication address allocated to the IoT device, or their combination. Depending on an implementation, other information may be read (retrieved) also for the registration process, such as a hardcoded number to be used as a random number, or a random number generated by the IoT device, connection time of the panel, just to list couple of examples. It should be appreciated that any existing infomration may be read, depending on what the remote support application is configured to read for the registration process.

    [0027] The user is also prompted in step 204 to input a cloud selection. For example, a global cloud may be outputted as a default cloud, but the user may input any other cloud, like an enterprise cloud, as the selected cloud. Once the user input indicating the cloud selection is received, establishment of a secure connection to the selected cloud, using, for example, the user inputted address and Diffie-Hellman handshake procedure, is caused in step 206. Then in step 207 user login information to the cloud is obtained in step 207. For example, a username and a password may be obtained. Naturally any other logging information may be used. Further, in the user logging, federated identity management, such as any of single sign-on (SSO) systems that allow a single user authentication process across multiple systems/applications or even enterprises (companies), may be used. Then causing user logging into the cloud service is performed in step 208.

    [0028] In the illustrated example, it is assumed that the user logging succeeds, and the identification information read from the loT device is transferred in step 209 to the cloud service, to register the loT device to the cloud service. Naturally any other information read may also be transferred. As a response, token information is received in step 210 from the cloud service, and forwarding the token information to the loT device is caused in step 211. The forwarded token information contains in addition to the token, also cloud address information received as the selection. Naturally the token information may contain any other information included in the received token information, but the received token information may be different than the forwarded token information.

    [0029] Then, in the illustrated example, no further parameters are set, and hence the remote support application is ended (turned off) in step 212 and connections to the IoT device and to the cloud server are released in step 212.

    [0030] Figures 3 and 4 illustrate example functionalities of the industrial automation device. The functionalities may be performed by the cloud connection unit, or any corresponding unit/sub-unit, such as a set-up unit.

    [0031] Referring to Figure 3, while a connection to a mobile device, or its set-up tool/remote tool, has been established (step 301), and it is detected in step 302 that token information has been received, the token information is stored in step 303 to the secure memory in the industrial automation device. As said above, the token information comprises at least the token and the cloud address. If the token information contains any other information, that is also naturally stored.

    [0032] Referring to Figure 4, a connection establishment to the cloud, i.e. to the cloud service, is started in step 401. The connection establishment may be started because the industrial automation device, as an IoT device, is configured to report some information at certain intervals and/or in response to a certain event to the cloud server, for example. Another example is that a connection establishment request is received from the cloud whose address can be found in the memory. For the connection establishment, token information is read in step 402, and using the token information a secure connection is established in step 403 to the cloud, and information is exchanged in step 404 using the established secure connection.

    [0033] Although in the illustrated example the token is used as authentication information in other implementations it may be used as a shared secret, as a seed to a shared secret, or if stateless HTTP (Hypertext Transfer Protocol) is used, in HTTP messages. In other words, the token can be used as if it were hardcoded to the industrial automation device. Further, the disclosed way to provide the automatic industrial device with token information provides versatile opportunities to use the token, since updating the token is easier and faster than updating a hardcoded token.

    [0034] Figures 5 and 6 illustrate example functionalities of a cloud, performed by a cloud service center. In the illustrated examples it is assumed that the same cloud performs both functionalities without restricting the disclosed implementations to such a solution. Further, in the examples an Industrial Internet of Things (IoT) device is used as an example of an industrial automation device. It is a straightforward solution to one skilled in the art to implement the solutions to other kind of industrial automation devices.

    [0035] Figure 5 illustrates an example of token generation functionality, i.e. functionality performed by the token generation unit, or any corresponding unit. In the example, it is assumed that a secure connection has been established in step 501 to the mobile device, for example using Diffie-Hellman handshake.

    [0036] When a token related request, such as a request for a token, or request for set up (commission) a new device, for example, is detected in step 502, requesting login information from a user of the mobile device is caused in step 503. For example, a message requesting login information, or a message specifying information needed for token generation, like username and password, may be sent to the mobile device. The login information may be specific for the token generation service, or the same information as used with the remote support application, or within any other specific tool in the remote support application, or with any other application in the mobile device.

    [0037] When the login information of the user is received in step 504, it is checked in step 505, whether or not the user is an authorized user. In other words, it is checked whether the login information matches to one of login information of authorized users. For example, there may be a list of username-password associations, and if the received username-password combination is in the list, the user is an authorized user.

    [0038] If the login information is login information of an authorized user (step 505: yes), the login is accepted in step 506. This includes informing the mobile device correspondingly, and allowing token generation.

    [0039] When IoT device information is received in step 507, a token for the IoT device is generated in step 508. Any known or future ways to generate the token may be used. Sending the generated token to the mobile device is caused in step 509, and the token is also stored in step 510 with corresponding IoT device information. It should be appreciated that it depends on an implementation, what is stored after the token has been generated. It may be that nothing is stored, or the mere token is stored, or further information, like access restrictions or use limitations, just to mention few examples without limiting the solutions to the examples, may be stored. In implementations in which the token has a certain lifetime, an expiry time may be stored with the token as well. Alternatively, storing time of the token may be used to determine whether or not the token has expired.

    [0040] After that the remote support session using the established secure connection may be continued for other purposes, or the secure connection may be released.

    [0041] If the received login information is not login information of an authorized user (step 505: no), the login is rejected in step 511, and the process is ended.

    [0042] As can be seen from the above, the token information is generated only to authorized requesters, and hence the token can be used to authenticate the IoT device.

    [0043] If the same logging information is used as with the remote support application, and if the user, via the mobile device, already has been logged into the remote support, thereby making the login information already available and ensuring that the token is requested by an authorized user, there is no need to re-request the login information but the process may continue after step 502 directly to step 507, or if the token related request already contained the IoT device information, to step 508 to generate the token.

    [0044] Figure 6 illustrates an example of how the generated tokens are utilized in the cloud. More precisely, it illustrates an example of functionality of the token verification unit. In the example it is assumed that information is exchanged over Internet, using Internet protocols, and that a secure connection is an HTTPS connection (HTTPS, Hypertext Transfer Protocol Secure), in which the HTTP data transfer protocol is used with TLS (Transport Layer Security). However, it should be appreciated that any other way to establish a secure connection may be used. Further, the reason why the connection is established, bears no significance. The connection establishment may have been triggered by the IoT device requesting a connection establishment. For example, the IoT device may have been configured to send certain data to the cloud at certain time intervals and/or in response to a certain event being detected. Another example is that the cloud service is configured to acquire data from the IoT device at certain time intervals and/or in response to a certain event being detected and/or in response to a user input requesting a connection establishment to acquire data.

    [0045] Referring to Figure 6, it is detected in step 601 that a secure connection with an IoT device has been established, and token information, or at least a token, is received in step 602.

    [0046] Using the token information stored in the cloud, it is checked in step 603, whether or not the token is a valid one. If the token is valid (step 603: yes), information is exchanged in step 604 using the secure connection. When there is not any more information to exchange, the secure connection is released in step 605.

    [0047] If the token is not valid (step 603: no), the secure connection is released in step 605.

    [0048] Figures 7 and 8 illustrate examples of information exchange. In the examples an Industrial Internet of Things (IoT) device is used as an example of an industrial automation device. It is a straightforward solution to one skilled in the art to implement the solutions to other kind of industrial automation devices. Further, in the examples it is assumed that the industrial automation device is installed in an industrial site of company ABC having cloud service CS1, the industrial automation device being manufactured by company XYZ having cloud service CS2.

    [0049] In the example illustrated in Figure 7 it is further assumed that a person working for company XYZ is in the site to install and set up (commission) the IoT device (IoT_D), using a mobile device MD that comprises a remote support application, or at least remote registering application, i.e. functionality provided by the remote registering unit. However, below the remote support application is used to cover both possibilities. An industrial automation device may be appear as a new one, for example, because of a change of a panel. Also an expiry of a validity period of a token, for example, may cause the industrial automation device to appear as a new one. Naturally the industrial automation device may be a new one. A further assumption in the example of Figure 8 is that the token generation unit is provided by the cloud service of company XYZ only, but cloud service of company ABC, for example a token verification unit in the cloud service of company ABC, allows storing of token information via a mobile device that has been authenticated.

    [0050] Referring to Figure 7, information is exchanged in point 7-0 between the user of MD, i.e. the person that is in the site installing and setting up (commissioning) the IoT device, and a user1 who is working for company ABC. The information may be exchanged orally, by paper, and/or by mobile devices. The information preferably comprises at least address for the cloud service CS1, and information with which the user of MD can be added in point 7-1 as a trusted user and the IoT_D can be added in point 7-1 as a trusted device to CS1, to enable use of federated identity management for the user of MD, and to enable commissioning of IoT_D to CS1.

    [0051] Then, in the illustrated example, the user turns, in point 7-2, the remote support application, or at least remote registering, on, and MD connects to IoT_D and thereby also receives identification information of IoT_D (messages 7-3). (If the user of MD does not have the information required in point 7-1, it may be outputted, or forwarded using any other means at this point, for example.) The remote support application in MD detects in point 7-4 that IoT_D is a new device, and therefore prompts in point 7-4 the user that a set up/registration is needed. In the illustrated example it is assumed that user input accepting the set up, such as "register IoT_D) is received in point 7-4. Then the user is prompted in point 7-4 to provide login information for CS2. Once the login information, i.e. credentials, such as a user name and password has been received in point 7-4, a user logging is performed by messages 7-5 to CS2. In other words, a connection is established and user authenticated.

    [0052] In the illustrated example it is assumed that the authentication (or login) succeeds, and therefore MD creates, in point 7-6, a request for a token for loT_D. The request may be a request to register IoT_D. The request may include at least identification information of IoT_D. The request is sent in message 7-7 to CS2. Message 7-7 triggers token generation, or initial registering, in CS2, which, or its token generation unit, generates in point 7-8 a token. However, in the illustrated example the token is not yet stored but the token, and possible other information, like a validity time, is sent to MD in message 7-9.

    [0053] In response to receiving the token information in message 7-9, MD prompts in point 7-10 for a cloud service address. For example, MD may output "Use default CS address, yes/no, input here the address to be used", wherein the default CS address would a cloud service address in a cloud of company XYZ. In the illustrated example, the address in CS1, i.e, in a cloud of company ABC, is to be used, and it is received in point 7-10. In the example, it is detected therefore in point 7-10 that the received address is not the default one, i.e. the cloud whereto register IoT_D is a different one than the cloud the user is already registered. Therefore information providing a secure access to CS1 is obtained in point 7-10. The obtaining comprises prompting the user to provide the same login information, as in point 7-4, and receiving them. In another implementation the information received for user login in point 7-4 is used herein without separately prompting for it. Then the user logging is performed by messages 7-11 to CS1. In other words, a connection is established and user authenticated.

    [0054] In the illustrated example it is assumed that the authentication (or login) succeeds, and therefore MD creates in point 7-12 at least two messages: one to CS1 and one to IoT_D. In the illustrated example, the remote support application is then turned off (closed) in point 7-15. However, it should be appreciated that other parameters in IoT_D may be set after message 7-13, and/or other information may be retrieved.

    [0055] Message 7-13 is created and sent to IoT_D. MD, or more precisely the remote support application, sends in message 7-13 the received token information, together with the CS address, i.e. in the example the address of CS1, to loT_D. It should be appreciated that creating message 7-13 includes retrieving the token, and other possible information, from message 7-9, and adding the CS address information received in point 7-10 to content part of message 7-13.

    [0056] In response to receiving message 7-13, IoT_D stores in point 7-16, as token information at least the token and the address in the cloud to its secure memory.

    [0057] A request to register IoT_D to CS1 is created in point 7-12 and sent in message 7-14 to CS1. Creating message 7-14 includes adding at least identification information of IoT_D received in message 7-3 and the token received in message 7-9.

    [0058] Message 7-14 triggers registering in CS1 which, or its registration unit, stores in point 7-17 as token information at least the token associated with identification information of IoT_D, already in CS1 as trusted device. (If not indicated as a trusted device, it depends on the implementation whether the token and information of IoT_D will be stored or will not be stored.) Naturally other information, like validity time of the token, may be stored as part of the token information.

    [0059] Since IoT_D and CS1both have proper address information and share the same secret, the token generated in point 7-8, they can exchange information (messages 7-18) with each other.

    [0060] In another example situation, if in point 7-10 the received CS address would have been the default CS address, i.e. CS2, instead of messages 7-11, MD would have sent one or more messages for user logging, which correspond to messages 7-11, to CS2 to inform that the token generated in point 7-8 should be stored with corresponding token information. If the identification information of IoT_D is not sent in message 7-7, it will be sent in a message for user logging. Naturally the identification information of IoT_D may be sent in both messages.

    [0061] In a further example situation, if the register request is actually performed because of resetting the token information, CS1 (and naturally CS2), may be configured to replace an older token associated with the identification information of IoT_D in its memory with the newly generated token, thereby disabling the use of older token.

    [0062] In Figure 7, messages between IoT_D and MD (illustrated with dashed lines) may be sent using a short range wireless connection, examples of which are given above with Figure 1. Messages sent to and from cloud services, i.e. messages between MD and CS1/CS2, depicted with unbroken lines, and messages between IoT_D and CS2, depicted with dot-and-dash lines, may be sent over one or more different and/or the same networks, wireless or wired, or their combination. For example, messages between MD and CS1/CS2, depicted with unbroken lines, may use a high bandwidth channel provided by a cellular communication system, and messages between IoT_D and CS2, depicted with dot-and-dash lines may use a low bandwidth channel provided by another or the same cellular communication system and/or narrowband channel for Internet of Things.

    [0063] In sum, to provide an industrial automation device with a token to be used as authentication information in information exchange between a first cloud service and the industrial automation device, a mobile device is connected to the industrial automation device and to a cloud service that is the first cloud service or a second cloud service. After authenticating the user of the mobile device to the cloud service, a token is generated by the cloud service to the first cloud service, and forwarded via the mobile device to the industrial automation device. If the cloud service that generated the token is the second cloud service, the token is forwarded via the mobile device, after the mobile has been authenticated in the first cloud service, to the first cloud service. Thereafter, immediately or after some time, which may be a long time, the industrial automation device and the first cloud service may communicate directly with each other using the token for authentication, and thereby for information exchange. In other words, a user of a mobile device is authenticated in a cloud service, and after that the mobile device is used to request and convey a token for an industrial automation device, which token will be used for authentication purposes in information exchange between the industrial automation device and a cloud service.

    [0064] Figure 8 illustrates an example of information exchange when IoT_D has been configured at least with a token, token1, to CS1, and with a token, token2, to CS2. In the illustrated example, IoT_D is set up to connect to CS1 to send process or device usage specific data to CS1, and to connect to CS2 to receive updates to firewall, make automatic backups of parameters and settings and send condition monitoring data for predictive maintenance analysis, for example. Applying the procedure with an industrial automation device having plurality of tokens for plurality of cloud services is a straightforward solution to the one skilled in the art.

    [0065] Referring to Figure 8, when IoT_D, or its cloud connection unit, for example, detects in point 8-1 that there is information (specific data) to be sent to CS1, a token associated with CS1, i.e. token1, and the address to be used with CS1 are obtained in point 8-1, and the information is sent in message 8-2, using token1 to establish the connection and authenticate IoT_D in CS1.

    [0066] When message 8-2 is received, CS1 detects in point 8-3 that the token, token1 is a valid one, and therefore the received information (specific data) is stored in point 8-3.

    [0067] When CS2 detects in point 8-4 that there are updates for parameter values, for example, to be sent to IoT_D, a token associated with IoT_D, i.e. token2, and the address to be used with IoT_D are obtained in point 8-4, and the updates are sent in message 8-5, using token2 to establish the connection and authenticate CS2 in loT_D.

    [0068] When message 8-5 is received, IoT_D detects in point 8-6 that the token, token2 is a valid one and also valid for set ups, and therefore parameters are updated in point 8-6 according to the values received in messages 8-5. In addition, the connection is used to exchange also other information (messages 8-7).

    [0069] Although the connections between IoT_D and CS1 and between IoT_D and CS2 in the above examples are illustrated as short time connections, and happening at different time, the connections may exist simultaneously, and/or exist a long time.

    [0070] As is evident from the above, industrial automation devices may be provided with a token on a fly, for example, during set up. Hence, there is no need to provide the industrial automation device (or the panel) with the token as a hardcoded token when the industrial automation device (or to the panel) is manufactured. Neither the industrial automation device needs to be provided with a user interface via which the token could be inputted manually. Further advantage is that if a man-in-the-middle succeeds to figure out the content of the token, the token may be made invalid and a new token issued in a very prompt and secure way.

    [0071] Thanks to prompting the user to select and input the cloud address, and sending it as part of token information to the industrial automation device, it is easy to configure the industrial automation device to communicate with one or more wanted clouds. Further, there is no need to configure the cloud address during manufacturing to the industrial automation device (or to the panel) as a hardcoded address.

    [0072] As can be seen from the above, the provisioning of the token and use of the token are separate processes, the only link being that the token has to be provisioned before it can be used once or multiple times. In the token provisioning, the mobile device obtains the token on behalf of the industrial automation device, if authentication of the user of the mobile device succeeds. However, the use of the token is not linked to the user of the mobile device and his/her authentication information, the user and the mobile device are not part of the use process of the token. In other words, when the token is used for authentication between the industrial automation device and the cloud service, the mobile device is not involved, and whether the user of the mobile device is authenticated or not, or signed in or not, at the time the token is used, is not checked. This means that a possible federated identity management of the user can be utilized only in the provisioning, but it cannot be utilized for authentication between the industrial automation device and the cloud service.

    [0073] The steps, points, messages (i.e. information exchange) and related functions described above in Figures 2 to 8 are in no absolute chronological order, and some of the steps/points/information exchange may be performed simultaneously or in an order differing from the given one. Other functions can also be executed between the steps/points or within the steps/points, and other information may be sent. Some of the steps/points/information exchange or part of the steps/points/information exchange can also be left out or replaced by a corresponding step/point/information exchange or part of the step/point/information exchange.

    [0074] The techniques and methods described herein may be implemented by various means so that a device/an apparatus configured to support token provisioning and its usage on at least partly on what is disclosed above with any of Figures 1 to 8, including implementing one or more functions/operations of a corresponding device described above with an embodiment/example, for example by means of any of Figures 2 to 8, comprises not only prior art means, but also means for implementing the one or more functions/operations of a corresponding functionality described with an embodiment/example, for example by means of any of Figures 2 to 8, and the device may comprise separate means for each separate function/operation, or means may be configured to perform two or more functions/operations. For example, one or more of the means and/or the remote registering unit and/or the remote tool unit and/or the cloud connection unit and/or the token generation unit and/or the token verification unit described above may be implemented in hardware (one or more devices), firmware (one or more devices), software (one or more modules), or combinations thereof. For a hardware implementation, the device(s) or apparatus(es) of embodiments may be implemented within one or more application-specific integrated circuits (ASICs), digital signal processors (DSPs), digital signal processing devices (DSPDs), programmable logic devices (PLDs), field programmable gate arrays (FPGAs), processors, controllers, microcontrollers, microprocessors, logic gates, other electronic units designed to perform the functions described herein by means of Figures 2 to 8, or a combination thereof. For firmware or software, the implementation can be carried out through modules of at least one chipset (e.g. procedures, functions, and so on) that perform the functions described herein. The software codes may be stored in a memory unit and executed by processors. The memory unit may be implemented within the processor or externally to the processor. In the latter case, it can be communicatively coupled to the processor via various means, as is known in the art. Additionally, the components described herein may be rearranged and/or complemented by additional components in order to facilitate the achievements of the various aspects, etc., described with regard thereto, and they are not limited to the precise configurations set forth in the given figures, as will be appreciated by one skilled in the art.

    [0075] Figure 9 provides an apparatus (device) according to some embodiments of the invention. Figure 9 illustrates an apparatus configured to carry out the functions described above in connection with the mobile device. Each apparatus 900 may comprise one or more communication control circuitry, such as at least one processor 902, and at least one memory 904, including one or more algorithms 903, such as a computer program code (software) wherein the at least one memory and the computer program code (software) are configured, with the at least one processor, to cause the apparatus to carry out any one of the exemplified functionalities of the mobile device. The apparatus may further comprise different communication interfaces 901 and one or more user interfaces 901'.

    [0076] Figure 10 provides an apparatus (device) according to some embodiments of the invention. Figure 10 illustrates an apparatus configured to carry out the functions described above in connection with the cloud or cloud service. Each apparatus 1000 may comprise one or more communication control circuitry, such as at least one processor 1002, and at least one memory 1004, including one or more algorithms 1003, such as a computer program code (software) wherein the at least one memory and the computer program code (software) are configured, with the at least one processor, to cause the apparatus to carry out any one of the exemplified functionalities of the cloud (cloud service). The apparatus may further comprise different communication interfaces 1001 and one or more user interfaces 1001'.

    [0077] Figure 11 provides an apparatus (device) according to some embodiments of the invention. Figure 11 illustrates an apparatus configured to carry out the functions described above in connection with the industrial automation device. Each apparatus 1100 may comprise one or more communication control circuitry, such as at least one processor 1102, and at least one memory 1104, including one or more algorithms 1103, such as a computer program code (software) wherein the at least one memory and the computer program code (software) are configured, with the at least one processor, to cause the apparatus to carry out any one of the exemplified functionalities of the industrial automation device. The apparatus may further comprise different communication interfaces 1101. Although not illustrated in Figure 11, the apparatus may comprise also one or more user interfaces 1101'.

    [0078] Referring to Figures 9, 10 and 11, at least one of the communication control circuitries in the apparatus 900, 1000, 1100 is configured to provide the remote registering unit and/or the remote tool unit and/or the cloud connection unit and/or the token generation unit and/or the token verification unit, correspondingly, or any corresponding sub-unit, and to carry out functionalities, described above by means of any of Figures 2 to 8, by one or more circuitries.

    [0079] The memory 904, 1004, 1104 or part of it may be implemented using any suitable data storage technology, such as semiconductor based memory devices, flash memory, magnetic memory devices and systems, optical memory devices and systems, fixed memory and removable memory.

    [0080] The one or more communication interfaces 901, 1001, 1101 may comprise hardware and/or software for realizing communication connectivity according to one or more communication protocols. The communication interface may provide the apparatus with communication capabilities to communicate over a local connection and/or local connections and/or in a cellular communication system and/or in a fixed network, and enable communication between different apparatuses. The communication interface 901, 1001, 1101 may comprise standard well-known components.

    [0081] As used in this application, the term 'circuitry' refers to all of the following: (a) hardware-only circuit implementations, such as implementations in only analog and/or digital circuitry, and (b) combinations of circuits and software (and/or firmware), such as (as applicable): (i) a combination of processor(s) or (ii) portions of processor(s)/software including digital signal processor(s), software, and memory(ies) that work together to cause an apparatus to perform various functions, and (c) circuits, such as a microprocessor(s) or a portion of a micro-processor(s), that require software or firmware for operation, even if the software or firmware is not physically present. This definition of 'circuitry' applies to all uses of this term in this application. As a further example, as used in this application, the term 'circuitry' would also cover an implementation of merely a processor (or multiple processors) or a portion of a processor and its (or their) accompanying software and/or firmware. The term 'circuitry' would also cover, for example and if applicable to the particular element, a baseband integrated circuit or applications processor integrated circuit for a user apparatus or a similar integrated circuit in a device.

    [0082] In an embodiment, the at least one processor, the memory, and the computer program code form processing means or comprises one or more computer program code portions for carrying out one or more operations according to any one of the embodiments of Figures 2 to 8 or operations thereof.

    [0083] Embodiments as described may also be carried out in the form of a computer process defined by a computer program or portions thereof. Embodiments of the methods described in connection with Figures 2 to 8 may be carried out by executing at least one portion of a computer program comprising corresponding instructions. The computer program may be stored on a computer program distribution medium readable by a computer or a processor. The computer program medium may be, for example but not limited to, a record medium, computer memory, read-only memory, electrical carrier signal, telecommunications signal, and software distribution package, for example. The computer program medium may be a non-transitory medium. Coding of software for carrying out the embodiments as shown and described is well within the scope of a person of ordinary skill in the art.

    [0084] Even though the invention has been described above with reference to examples according to the accompanying drawings, it is clear that the invention is not restricted thereto but can be modified in several ways within the scope of the appended claims. Therefore, all words and expressions should be interpreted broadly and they are intended to illustrate, not to restrict, the embodiment. It will be obvious to a person skilled in the art that, as technology advances, the inventive concept can be implemented in various ways. Further, it is clear to a person skilled in the art that the described embodiments may, but are not required to, be combined with other embodiments in various ways.


    Claims

    1. A method comprising at least:

    authenticating (7-5) a user of a remote support application for remote support of industrial automation devices, the remote support application running in a mobile device, at a first cloud service;

    establishing, after successful authentication of the user, a remote support session between the mobile device and the first cloud service;

    receiving (7-7), at the first cloud service, in the remote support session, from the mobile device, a request for a token for a second cloud service for an industrial automation device and industrial automation device information of the industrial automation device, wherein the second cloud service is another cloud service for the industrial automation device than the first cloud service;

    generating (7-8) at the first cloud service a token to be used as authentication information required to send data from the industrial automation device to the second cloud service or to receive data in the industrial automation device from the second cloud service, or to acquire, by the second cloud service, data from the industrial automation device, the mobile device not being involved in the information exchange; and

    causing sending (7-9) at least the token for the industrial automation device to the mobile device.


     
    2. A method comprising at least:

    authenticating (7-11) a user of a mobile device at a second cloud service for an industrial automation device;

    receiving (7-14), at the second cloud service, from the mobile device, after successful authentication of the user of the mobile device, a token for the industrial automation device and industrial automation device information of the industrial automation device, wherein the token has been generated by a first cloud service, which is another cloud service than the second cloud service;

    storing (7-17) the token for the industrial automation device to the second cloud service; and

    communicating (7-18), by the second cloud service, without involvement of the mobile device, with the industrial automation device using the token to authenticate the industrial automation device to the second cloud service or the second cloud service to the industrial automation device to, after successful authentication, receive data from the industrial automation device or send data to the industrial automation device, or acquire, by the second cloud service, data from the industrial automation device.


     
    3. A method comprising at least:

    establishing (7-3), by a mobile device, a connection to an industrial automation device;

    retrieving (7-3), by the mobile device, device information from the industrial automation device;

    running in the mobile device a remote support application for remote support of industrial automation devices;

    authenticating (7-5), by the mobile device, a user of the remote support application with a first cloud service;

    establishing, after successful authentication of the user, a remote support session between the mobile device and the first cloud service;

    prompting (7-10), by the mobile device, the user of the mobile device to provide information on a cloud service for which a token for the industrial automation device is to be requested;

    receiving (7-10), as the information, a second cloud service, wherein the second cloud service for the industrial automation device is another cloud service than the first cloud service;

    causing sending (7-7) in the remote support session the device information of the industrial automation device from the mobile device to the first cloud service with a request for a token for the second cloud service for the industrial automation device;

    receiving (7-9), by the mobile device, from the cloud service, in the remote support session, a token for the industrial automation device to be used as authentication information required to send data from the industrial automation device to the second cloud service or to receive data in the industrial automation device from the second cloud service, or to acquire, by the second cloud service, data from the industrial automation device, the mobile device not being involved in the information exchange; and

    forwarding (7-13), by the mobile device, to the industrial automation device, the token for the industrial automation device and information on the second cloud service with which to use the token, the information comprising a cloud address of the second cloud service.


     
    4. A method according to claim 3, further comprising in response to the
    cloud service inputted by the user of the mobile device being the second cloud service:

    authenticating (7-11), by the mobile device, a user of the mobile device with the second cloud service;

    causing sending (7-14), by the mobile device, the token and the device information to the second cloud service.


     
    5. A method comprising at least:

    establishing (7-3), by an industrial automation device, a connection with a mobile device;

    receiving (7-13), by the industrial automation device, without having requested, a token and information on a cloud service for the industrial device from the mobile device over the connection, the information comprising a cloud address of the cloud service;

    storing (7-16), by the industrial automation device, the token and the information on the cloud service to a memory, which comprises one or more token-cloud address pairs; and

    exchanging (7-18), by the industrial automation device, after successful authentication with the cloud service using the token as authentication information, information with the cloud service to receive data from the cloud service or send data to the cloud service, or to acquire, by the second cloud service, data from the industrial automation device ,the information exchange not using the connection with the mobile device and not involving the mobile device.


     
    6. A method according to claim 5, further comprising:

    receiving (7-16), by the industrial automation device, with the token and information on the cloud service, additional information indicating information for which exchange the token is to be used; and

    selecting (8-6), by the industrial automation device, the token and cloud service to be used based on the information to be exchanged.


     
    7. A computer program product (903, 1003, 1103) comprising program instructions, which, when run on a computing apparatus, causes the computing apparatus to perform a method according to any of the preceding claims.
     
    8. An apparatus (130, 1000) providing a cloud service and comprising means for implementing a method according to claim 1 or 2.
     
    9. A mobile device (110, 900) comprising means for implementing a method according to claim 3 or 4.
     
    10. An industrial automation device (120, 1100) comprising means for implementing a method according to claim 5 or 6.
     
    11. A system (100) comprising:

    one or more clouds (103) comprising two or more apparatuses according to claim 8, wherein at least one of the apparatuses is a token generating apparatus configured to implement at least a method according to claim 1 and one of the apparatuses is configured to implement at least a method according to claim 2 or 3;

    one or more industrial sites (102), an industrial site comprising one or more industrial automation devices (120) according to claim 10 and configured to connect to one or more of the one or more apparatuses in the one or more clouds; and

    one or more mobile devices (110) according to claim 9 and configured to connect at least to the token generating apparatus and, when in the industrial site (102), to at least one of the one or more industrial automation devices (120).


     


    Ansprüche

    1. Verfahren, das mindestens die folgenden Vorgänge umfasst:

    Authentifizieren (7-5) eines Benutzers einer Fernunterstützungsanwendung zur Fernunterstützung von industriellen Automatisierungsvorrichtungen, wobei die Fernunterstützungsanwendung auf einem mobilen Gerät bei einem ersten Cloud-Dienst ausgeführt wird;

    Aufbauen, nach erfolgreicher Authentifizierung des Benutzers, einer Fernunterstützungssitzung zwischen dem mobilen Gerät und dem ersten Cloud-Dienst;

    Empfangen (7-7), beim ersten Cloud-Dienst, in der Fernunterstützungssitzung, vom mobilen Gerät, einer Anforderung nach einem Tokens für einen zweiten Cloud-Dienst für eine industrielle Automatisierungsvorrichtung und Informationen, über die industrielle Automatisierungsvorrichtung, der industriellen Automatisierungsvorrichtung, wobei der zweite Cloud-Dienst ein anderer Cloud-Dienst für die industrielle Automatisierungsvorrichtung ist als der erste Cloud-Dienst;

    Erzeugen (7-8) eines Tokens beim ersten Cloud-Dienst, das als Authentifizierungsinformationen zu verwenden ist, die erforderlich sind, um Daten von der industriellen Automatisierungsvorrichtung an den zweiten Cloud-Dienst zu senden oder Daten in der industriellen Automatisierungsvorrichtung vom zweiten Cloud-Dienst zu empfangen, oder durch den zweiten Cloud-Dienst Daten von der industriellen Automatisierungsvorrichtung zu erfassen, wobei das mobile Gerät nicht am Informationsaustausch beteiligt ist; und

    Veranlassen des Sendens (7-9) mindestens des Tokens für die industrielle Automatisierungsvorrichtung an das mobile Gerät.


     
    2. Verfahren, das mindestens die folgenden Vorgänge umfasst:

    Authentifizieren (7-11) eines Benutzers eines mobilen Geräts bei einem zweiten Cloud-Dienst für eine industrielle Automatisierungsvorrichtung;

    Empfangen (7-14), beim zweiten Cloud-Dienst, vom mobilen Gerät, nach erfolgreicher Authentifizierung des Benutzers des mobilen Geräts, eines Tokens für die industrielle Automatisierungsvorrichtung und von Informationen, über die industrielle Automatisierungsvorrichtung, der industriellen Automatisierungsvorrichtung, wobei das Token von einem ersten Cloud-Dienst erzeugt wird, der ein anderer Cloud-Dienst als der zweite Cloud-Dienst ist;

    Speichern (7-17) des Tokens für die industrielle Automatisierungsvorrichtung im zweiten Cloud-Dienst; und

    Kommunikation (7-18), durch den zweiten Cloud-Dienst, ohne Beteiligung des mobilen Geräts, mit der industriellen Automatisierungsvorrichtung unter Verwendung des Tokens zum Authentifizieren der industriellen Automatisierungsvorrichtung gegenüber dem zweiten Cloud-Dienst oder des zweiten Cloud-Dienstes gegenüber der industriellen Automatisierungsvorrichtung zum, nach erfolgreicher Authentifizierung, Empfangen von Daten von der industriellen Automatisierungsvorrichtung oder Senden von Daten an die industrielle Automatisierungsvorrichtung oder Erfassen, durch den zweiten Cloud-Dienst, von Daten von der industriellen Automatisierungsvorrichtung.


     
    3. Verfahren, das mindestens die folgenden Vorgänge umfasst:

    Aufbauen (7-3), durch ein mobiles Gerät, einer Verbindung zu einer industriellen Automatisierungsvorrichtung;

    Abrufen (7-3), durch das mobile Gerät, von Vorrichtungsinformationen aus der industriellen Automatisierungsvorrichtung;

    Ausführen, auf dem mobilen Gerät, einer Fernunterstützungsanwendung zur Fernunterstützung von industriellen Automatisierungsvorrichtungen;

    Authentifizieren (7-5), durch das mobile Gerät, eines Benutzers der Fernunterstützungsanwendung bei einem ersten Cloud-Dienst;

    Aufbauen, nach erfolgreicher Authentifizierung des Benutzers, einer Fernunterstützungssitzung zwischen dem mobilen Gerät und dem ersten Cloud-Dienst;

    Auffordern (7-10), durch das mobile Gerät, des Benutzers des mobilen Geräts zum Bereitstellen von Informationen über einen Cloud-Dienst, für den ein Token für die industrielle Automatisierungsvorrichtung anzufordern ist;

    Empfangen (7-10), als die Informationen, eines zweiten Cloud-Dienstes, wobei der zweite Cloud-Dienst für die industrielle Automatisierungsvorrichtung ein anderer Cloud-Dienst als der erste Cloud-Dienst ist;

    Veranlassen des Sendens (7-7), in der Fernunterstützungssitzung, der Vorrichtungsinformationen der industriellen Automatisierungsvorrichtung vom mobilen Gerät an den ersten Cloud-Dienst mit einer Anforderung nach einem Token für den zweiten Cloud-Dienst für die industrielle Automatisierungsvorrichtung;

    Empfangen (7-9), durch das mobile Gerät, vom Cloud-Dienst, in der Fernunterstützungssitzung, eines Tokens für die industrielle Automatisierungsvorrichtung, das als Authentifizierungsinformationen zu verwenden ist, die erforderlich sind, um Daten von der industriellen Automatisierungsvorrichtung an den zweiten Cloud-Dienst zu senden oder Daten in der industriellen Automatisierungsvorrichtung vom zweiten Cloud-Dienst zu empfangen oder durch den zweiten Cloud-Dienst Daten von der industriellen Automatisierungsvorrichtung zu erfassen, wobei das mobile Gerät nicht am Informationsaustausch beteiligt ist; und

    Weiterleiten (7-13), durch das mobile Gerät, an die industrielle Automatisierungsvorrichtung, des Tokens für die industrielle Automatisierungsvorrichtung und von Informationen über den zweiten Cloud-Dienst, mit dem der Token zu verwenden ist, wobei die Informationen eine Cloud-Adresse des zweiten Cloud-Dienstes umfassen.


     
    4. Verfahren nach Anspruch 3, ferner umfassend, als Reaktion auf den vom Benutzer des mobilen Geräts eingegebenen Cloud-Dienst als den zweiten Cloud-Dienst:

    Authentifizieren (7-11), durch das mobile Gerät, eines Benutzers des mobilen Geräts beim zweiten Cloud-Dienst;

    Veranlassen des Sendens (7-14), durch das mobile Gerät, des Tokens und der Vorrichtungsinformationen an den zweiten Cloud-Dienst.


     
    5. Verfahren, das mindestens die folgenden Vorgänge umfasst:

    Aufbauen (7-3), durch eine industrielle Automatisierungsvorrichtung, einer Verbindung mit einem mobilen Gerät;

    Empfangen (7-13), ohne Anforderung durch die industrielle Automatisierungsvorrichtung, eines Tokens und von Informationen über einen Cloud-Dienst für die industrielle Vorrichtung vom mobilen Gerät über die Verbindung, wobei die Informationen eine Cloud-Adresse des Cloud-Dienstes umfassen;

    Speichern (7-16), durch die industrielle Automatisierungsvorrichtung, des Tokens und der Informationen über den Cloud-Dienst in einem Speicher, der ein oder mehrere Token-Cloud-Adresspaare umfasst; und

    Austauschen (7-18), durch die industrielle Automatisierungsvorrichtung, nach erfolgreicher Authentifizierung beim Cloud-Dienst unter Verwendung des Tokens als Authentifizierungsinformationen, von Informationen mit dem Cloud-Dienst zum Empfangen von Daten vom Cloud-Dienst oder zum Senden von Daten an den Cloud-Dienst, oder zum Erfassen, durch den zweiten Cloud-Dienst, von Daten aus der industriellen Automatisierungsvorrichtung, wobei der Informationsaustausch nicht die Verbindung mit dem mobilen Gerät verwendet und das mobile Gerät nicht einbezieht.


     
    6. Verfahren nach Anspruch 5, ferner umfassend:

    Empfangen (7-16), durch die industrielle Automatisierungsvorrichtung, mit dem Token und den Informationen über den Cloud-Dienst, von zusätzlichen Informationen, die Informationen angeben, für welchen Austausch das Token zu verwenden ist; und

    Auswählen (8-6), durch die industrielle Automatisierungsvorrichtung, des zu verwendenden Tokens und des zu verwendenden Cloud-Dienstes auf der Grundlage der auszutauschenden Informationen.


     
    7. Computerprogrammprodukt (903, 1003, 1103), umfassend Programmanweisungen, die bei ihrer Ausführung auf einer Rechenvorrichtung die Rechenvorrichtung veranlassen, ein Verfahren nach einem der vorhergehenden Ansprüche durchzuführen.
     
    8. Vorrichtung (130, 1000), die einen Cloud-Dienst bereitstellt und Mittel zum Implementieren eines Verfahrens nach Anspruch 1 oder 2 umfasst.
     
    9. Mobiles Gerät (110, 900), umfassend Mittel zum Implementieren eines Verfahrens nach Anspruch 3 oder 4.
     
    10. Industrielle Automatisierungsvorrichtung (120, 1100), umfassend Mittel zum Implementieren eines Verfahrens nach Anspruch 5 oder 6.
     
    11. System (100), umfassend:

    eine oder mehrere Clouds (103), die zwei oder mehrere Vorrichtungen nach Anspruch 8 umfassen, wobei mindestens eine der Vorrichtungen eine Token-Erzeugungsvorrichtung ist, die dafür ausgelegt ist, mindestens ein Verfahren nach Anspruch 1 zu implementieren, und eine der Vorrichtungen dafür ausgelegt ist, mindestens ein Verfahren nach Anspruch 2 oder 3 zu implementieren;

    eine oder mehrere industrielle Anlagen (102), wobei eine industrielle Anlage eine oder mehrere industrielle Automatisierungsvorrichtungen (120) nach Anspruch 10 umfasst und dafür ausgelegt ist, sich mit einer oder mehreren von der einen oder den mehreren Vorrichtungen in der einen oder den mehreren Clouds zu verbinden; und

    ein oder mehrere mobile Geräte (110) nach Anspruch 9, die dafür ausgelegt sind, sich zumindest mit der Token-Erzeugungsvorrichtung zu verbinden und, wenn sie sich an der industriellen Anlage (102) befinden, sich mit mindestens einem von der einen oder den mehreren industriellen Automatisierungsvorrichtungen (120) zu verbinden.


     


    Revendications

    1. Procédé comprenant au moins :

    l'authentification (7-5) d'un utilisateur d'une application de téléassistance de dispositifs d'automatisation industrielle, l'application de téléassistance s'exécutant sur un dispositif mobile, au niveau d'un premier service en nuage ;

    l'établissement, après authentification réussie de l'utilisateur, d'une session de téléassistance entre le dispositif mobile et le premier service en nuage ;

    la réception (7-7), au niveau du premier service en nuage, dans la session de téléassistance, en provenance du dispositif mobile, d'une demande concernant un jeton pour un deuxième service en nuage pour un dispositif d'automatisation industrielle et d'informations de dispositif d'automatisation industrielle du dispositif d'automatisation industrielle, le deuxième service en nuage étant un autre service en nuage pour le dispositif d'automatisation industrielle que le premier service en nuage ;

    la génération (7-8) au niveau du premier service en nuage d'un jeton à utiliser en tant qu'informations d'authentification requises pour l'envoi de données du dispositif d'automatisation industrielle au deuxième service en nuage ou pour la réception de données dans le dispositif d'automatisation industrielle en provenance du deuxième service en nuage, ou pour l'acquisition, par le deuxième service en nuage, de données en provenance du dispositif d'automatisation industrielle, le dispositif mobile n'étant pas impliqué dans l'échange d'informations ; et

    l'envoi (7-9) au moins du jeton pour le dispositif d'automatisation industrielle au dispositif mobile.


     
    2. Procédé comprenant au moins :

    l'authentification (7-11) d'un utilisateur d'un dispositif mobile au niveau d'un deuxième service en nuage pour un dispositif d'automatisation industrielle ;

    la réception (7-14), au niveau du deuxième service en nuage, en provenance du dispositif mobile, après authentification réussie de l'utilisateur du dispositif mobile, d'un jeton pour le dispositif d'automatisation industrielle et d'informations de dispositif d'automatisation industrielle du dispositif d'automatisation industrielle, le jeton ayant été généré par un premier service en nuage, qui est un autre service en nuage que le deuxième service en nuage ;

    le stockage (7-17) du jeton pour le dispositif d'automatisation industrielle vis-à-vis du deuxième service en nuage ; et

    la communication (7-18), par le deuxième service en nuage, sans implication du dispositif mobile, avec le dispositif d'automatisation industrielle en utilisant le jeton pour authentifier le dispositif d'automatisation industrielle vis-à-vis du deuxième service en nuage ou le deuxième service en nuage vis-à-vis du dispositif d'automatisation industrielle pour, après authentification réussie, la réception de données en provenance du dispositif d'automatisation industrielle ou l'envoi de données au dispositif d'automatisation industrielle, ou l'acquisition, par le deuxième service en nuage, de données en provenance du dispositif d'automatisation industrielle.


     
    3. Procédé comprenant au moins :

    l'établissement (7-3), par un dispositif mobile, d'une connexion à un dispositif d'automatisation industrielle ;

    la récupération (7-3), par le dispositif mobile, d'informations de dispositif en provenance du dispositif d'automatisation industrielle ;

    l'exécution, dans le dispositif mobile, d'une application de téléassistance pour une téléassistance de dispositifs d'automatisation industrielle ;

    l'authentification (7-5), par le dispositif mobile, d'un utilisateur de l'application de téléassistance auprès d'un premier service en nuage ;

    l'établissement, après authentification réussie de l'utilisateur, d'une session de téléassistance entre le dispositif mobile et le premier service en nuage ;

    l'invitation (7-10), par le dispositif mobile, de l'utilisateur du dispositif mobile à fournir des informations concernant un service en nuage pour lequel un jeton pour le dispositif d'automatisation industrielle doit être demandé ;

    la réception (7-10), en tant qu'informations, d'un deuxième service en nuage, le deuxième service en nuage pour le dispositif d'automatisation industrielle étant un autre service en nuage que le premier service en nuage ;

    l'envoi (7-7), dans la session de téléassistance, des informations de dispositif du dispositif d'automatisation industrielle, du dispositif mobile au premier service en nuage, avec une demande concernant un jeton pour le deuxième service en nuage pour le dispositif d'automatisation industrielle ;

    la réception (7-9), par le dispositif mobile, en provenance du service en nuage, dans la session de téléassistance, d'un jeton pour le dispositif d'automatisation industrielle à utiliser en tant qu'informations d'authentification requises pour l'envoi de données du dispositif d'automatisation industrielle au deuxième service en nuage ou pour la réception de données dans le dispositif d'automatisation industrielle en provenance du deuxième service en nuage, ou pour l'acquisition, par le deuxième service en nuage, de données en provenance du dispositif d'automatisation industrielle, le dispositif mobile n'étant pas impliqué dans l'échange d'informations ; et

    le transfert (7-13), par le dispositif mobile, au dispositif d'automatisation industrielle, du jeton pour le dispositif d'automatisation industrielle et d'informations concernant le deuxième service en nuage avec lequel utiliser le jeton, les informations comprenant une adresse dans le nuage du deuxième service en nuage.


     
    4. Procédé selon la revendication 3, comprenant en outre, en réponse au fait que le service en nuage introduit par l'utilisateur du dispositif mobile est le deuxième service en nuage :

    l'authentification (7-11), par le dispositif mobile, d'un utilisateur du dispositif mobile auprès du deuxième service en nuage ;

    l'envoi (7-14), par le dispositif mobile, du jeton et des informations de dispositif au deuxième service en nuage.


     
    5. Procédé comprenant au moins :

    l'établissement (7-3), par un dispositif d'automatisation industrielle, d'une connexion à un dispositif mobile ;

    la réception (7-13), par le dispositif d'automatisation industrielle, sans l'avoir demandé, d'un jeton et d'informations concernant un service en nuage pour le dispositif industriel en provenance du dispositif mobile sur la connexion, les informations comprenant une adresse dans le nuage du service en nuage ;

    le stockage (7-16), par le dispositif d'automatisation industrielle, du jeton et des informations concernant le service en nuage dans une mémoire, qui comprend une ou plusieurs paires d'adresses dans le nuage ; et

    l'échange (7-18), par le dispositif d'automatisation industrielle, après authentification réussie auprès du service en nuage au moyen du jeton en tant qu'informations d'authentification, d'informations avec le service en nuage pour la réception de données en provenance du service en nuage ou l'envoi de données au service en nuage, ou l'acquisition, par le deuxième service en nuage, de données en provenance du dispositif d'automatisation industrielle, l'échange d'informations n'utilisant pas la connexion avec le dispositif mobile et n'impliquant pas le dispositif mobile.


     
    6. Procédé selon la revendication 5, comprenant en outre :

    la réception (7-16), par le dispositif d'automatisation industrielle, avec la jeton et les informations concernant le service en nuage, d'informations additionnelles indiquant des informations pour l'échange desquelles le jeton doit être utilisé ; et

    la sélection (8-6), par le dispositif d'automatisation industrielle, du jeton et du service en nuage à utiliser en fonction des informations à échanger.


     
    7. Produit de programme informatique (903, 1003, 1103) comprenant des instructions de programme qui, lorsqu'elles sont exécutées sur un appareil informatique, font en sorte que l'appareil informatique exécute un procédé selon l'une quelconque des revendications précédentes.
     
    8. Appareil (130, 1000) offrant un service en nuage et comprenant des moyens pour la mise en œuvre d'un procédé selon la revendication 1 ou 2.
     
    9. Dispositif mobile (110, 900) comprenant des moyens pour la mise en œuvre d'un procédé selon la revendication 3 ou 4.
     
    10. Dispositif d'automatisation industrielle (120, 1100) comprenant des moyens pour la mise en œuvre d'un procédé selon la revendication 5 ou 6.
     
    11. Système (100) comprenant :

    un ou plusieurs nuages (103) comprenant deux appareils ou plus selon la revendication 8, au moins l'un des appareils étant un appareil de génération de jeton configuré pour mettre en œuvre au moins un procédé selon la revendication 1 et l'un des appareils étant configuré pour mettre en œuvre au moins un procédé selon la revendication 2 ou 3 ;

    un ou plusieurs sites industriels (102), un site industriel comprenant un ou plusieurs dispositifs d'automatisation industrielle (120) selon la revendication 10 et configurés pour se connecter à un ou plusieurs des un ou plusieurs appareils dans lesdits un ou plusieurs nuages ; et

    un ou plusieurs dispositifs mobiles (110) selon la revendication 9 et configurés pour se connecter au moins à l'appareil de génération de jeton et, lorsqu'ils sont sur le site industriel (102), à au moins l'un desdits un ou plusieurs dispositifs d'automatisation industrielle (120) .


     




    Drawing

















    Cited references

    REFERENCES CITED IN THE DESCRIPTION



    This list of references cited by the applicant is for the reader's convenience only. It does not form part of the European patent document. Even though great care has been taken in compiling the references, errors or omissions cannot be excluded and the EPO disclaims all liability in this regard.

    Patent documents cited in the description