摘要 |
<p>The present invention is concerned with a secure and trustable way of accessing devices in an embedded device environment with no network connectivity to any outside service. This type of access to access-critical embedded devices by a user or service technician is controlled by way of a mobile memory or access-ticket storage means, i.e. a physical token such as a smartcard or USB stick with appropriate memory for storing user credentials or user identification means such as a password or fingerprint. The user acquires an electronic access ticket with a suitable expiration period from a centralized ticket or access authorization server before travelling to the access-critical device, or to a location communicatively connected to the latter. The access ticket contains the access rights of the user with respect to one or several access-critical devices and is likewise stored on the mobile memory means. The access rights are evaluated by the access-critical devices upon authentication of the identity of the user, based on the user credentials, by an authenticating device to which the mobile memory means is coupled.</p> |