Present-day products offer complex service and maintenance functions by means of which device parameters can be changed and errors diagnosed or eliminated. Utilization of such functions can assume a high level of training in maintenance technicians. These products are frequently devices which must meet product safety requirements. It is of importance especially in this context to be able to ensure that maintenance work or service performances can only be carried out by users who have a corresponding training or corresponding knowledge. Otherwise, the performance of maintenance and service functions could lead to considerable safety problems. One example for such products is medical products.
Service functions on a particular device or product must, therefore, be protected and secured in such a manner that the manufacturer can be sure that they can only be used by users authorized by the manufacturer and trained to an up-to-date level. Furthermore, it is also an important business model to enable service and maintenance tasks to be performed temporarily on a device for a reward. It is, therefore, desirable to ensure that the acquired maintenance achievement can only be performed on the specific device and not on other devices of the same type and/or the acquired maintenance achievement can be performed only within the agreed period of time and/or the credential of the acquired maintenance achievement can only be issued by the manufacturer himself.
The authorization can be produced, for example, by the manufacturer of the devices. For example, the operator of the devices can only be authorized by the manufacturer if he meets the corresponding criteria. Depending on the quality of the functions, various authorizations must be checked. An authorization limited in time would be desirable in order to be able to assume the respective up-to-date level of training of the maintenance technician. Authorization can be understood to mean data which define what can be done for how long on the device.
In order to be able to provide a possible authorization limited in time, it must be issued newly time and again by the manufacturer of the products. A permanent on-line link of the product with the manufacturer leads to increased costs, however, and increased computing capacities required. Furthermore, not all devices meet the corresponding conditions in order to be able to accept, and process complicated authorization information items.