The installation or commissioning or, as the case may be, the operation of a device or a component in a distributed structure such as a network, e.g. a power distribution network, generally necessitates an authentication of a user using or accessing the device or component, typically a service technician. For this purpose use is often made of authorization schemes which ensure or are intended to ensure that a service technician acting in an administrator role is not only authenticated, but in addition is also authorized to perform specific actions or initiate specific measures.
In prior art approaches an authorization is performed either at local level or using special online authentication services such as Kerberos, for example.
In Kerberos, a user wanting to use a service that requires authorization requests a Kerberos server to issue a ticket which is then presented to the service. In return, the service checks the ticket and grants access to the service. With Kerberos there are accordingly three parties involved: a client, a server providing a service that the client wishes to use, and a Kerberos server. The Kerberos service authenticates both the server to the client and the client to the server. Furthermore, the Kerberos server itself also authenticates itself to the client and server and itself verifies their identity. Kerberos also uses approvals, referred to as tickets or grants, for authentication purposes. In order to be able to use the Kerberos service a client must first log on to the Kerberos server. The client requests a so-called Ticket Granting Ticket (TGT) from the Kerberos server. To that end the user of the client must either enter a password, authenticate him-/herself by means of a certificate and associated private key or the TGT is requested directly at the time of user login. With the TGT, the client is able to request further tickets for services without having to authenticate itself again. A so-called session key is also negotiated for the purpose of communication between client and Kerberos server. This key can be used for encrypting the data traffic. In order to be able to use a service supported by Kerberos, the client requests a further ticket. The client then sends said ticket to the service, which checks whether it should grant the client access. In this case too a session key is agreed and the identity of client, server and Kerberos server verified.
A disadvantageous aspect of this arrangement is that Kerberos can only be used in online scenarios.
The following exemplary scenario, which relates to a preferably local administration of a transformer substation control device and its associated outdoor or field equipment in a power distribution network, illustrates the problems resulting herefrom.
In order to perform certain administrative tasks relating, for example, to specific actions such as, say, switchover measures, an authorization of the service technician is required. Depending on the online status of the control device that is to be administered it is possible that the device that is to be administered or the component that is to be switched over is not able to obtain authorization information from a control center or command station or to request said information from such a control entity.
For such cases the service technician should be able to present or provide an authorization approval, even if the transformer substation is offline. Consequently the service technician is recommended to carry the authorization approval along with him, although it must also be possible for the approval to be withdrawn within twenty-four hours.