摘要 |
Systems, methods, and computer-readable media are disclosed for authentication of networked devices in which a server device may authenticate a client device and/or a client device may authenticate a server device. Authentication credentials may be exchanged by the server device and the client device to enable mutual authentication. Upon authentication of the connection between the server device and the client device, authenticated, and potentially encrypted communications, may be exchanged by the server device and the client device. |
主权项 |
1. A method, comprising:
receiving, by a server device from a client device, a request to initiate communication; communicating, by the server device to the client device, a request for one or more authentication credentials associated with the client device; receiving, by the server device from the client device, the one or more authentication credentials associated with the client device; determining, by the server device, that the one or more authentication credentials associated with the client device satisfies one or more authentication criteria; authenticating, by the server device, the client device based on the determination that the one or more authentication credentials associated with the client device satisfies the one or more authentication criteria, the authenticating allowing the client device to communicate with server device using a secure communication protocol; receiving, by the server device from the client device, a request for a server authentication certificate; generating, by the server device, a request for issuance of the server authentication certificate; transmitting, by the server device, the request for issuance to the certificate authority; dynamically generating, by the certificate authority, the server authentication certificate based at least in part on information previously received from the client device that a user associated with the server device and on whose behalf the request is being generated is authorized to communicate with the client device; receiving, by the server device, the server authentication certificate from the certificate authority; transmitting, by the server device, the server authentication certificate to the client device; identifying, by the server device, user role information included in the client authentication certificate, wherein authenticating the client device comprises authenticating the client device in accordance with the user role information; and receiving, by the server device from the client device and using the secure communication protocol, a request to control processes performed by industrial equipment, wherein the user role information is used to restrict commands requested by the client device. |