Secure Password Management for the Siemens TIA Portal

Share:

Siemens has developed a Totally Integrated Automation Portal (TIA Portal®) that provides unrestricted access to their complete range of digitalized automation services, from digital planning and integrated engineering to transparent operation. With the TIA Portal, engineers can benefit from a shorter time-to-market thanks to innovative simulation tools, boost the productivity of their plants with additional diagnostic and energy management functions, and enjoy greater flexibility made possible with more coordinated teamwork.

Siemens customers rely on the TIA Portal to program their programmable logic controllers. To do so, they use programming languages that are compliant with the IEC 61131 standard. Part 3 of this standard relates to the use of ladder diagrams, function block diagrams, structured text, instruction lists, and sequential function charts. The building blocks can be any one of four different types:

  • OB – Organization Block
  • FB – Function Block
  • FC – Function
  • DB – Data Block

The first three types can be password protected. A generic password protection solution is usually not strong enough by nature. By comparison, the password management solution based on CodeMeter is extremely robust.

Architectural Details

The solution consists of several intertwined software and hardware elements:

  • CodeMeter License Central, the cloud and database-derived solution for license lifecycle management
  • CodeMeter WebDepot, the user portal for license activation
  • CodeMeter Keyring Password Manager, the tool for user, password and entitlement management
  • CodeMeter Keyring for TIA Portal Password Provider, the interface module between CodeMeter technology and the TIA Portal
  • CodeMeter Sticks, the USB hardware secure elements where passwords are stored

Each Siemens customer that avails himself of this solution will go through this simple sequence:

  • They identify a person who is granted the rights of a super user.
  • The super user is the only individual who is entitled to create passwords and related restrictions for using, changing, or revoking passwords. For this purpose, he would use CodeMeter Keyring Password Manager, which interfaces with CodeMeter License Central - the solution that generates strong passwords automatically. The level of security is such that not even the super user knows any of the passwords.
  • The super user assigns passwords to the users still using CodeMeter Keyring Password Manager. Once again, the tool connects to CodeMeter License Central, the real engine where the associations between users and passwords are made and stored.
  • Each user is handed a CodeMeter Stick and delivered a ticket (e.g. by email). The users then connect to CodeMeter WebDepot and activate their passwords; the passwords are then transferred from CodeMeter License Central to the CodeMeter Stick they received (provided the stick is plugged into their computer). Each stick can contain multiple passwords. After this straightforward procedure, they can start making use of the password protection. Just like the super user, the users themselves are unaware of the contents of each password.
  • Whenever the users employ a password, CodeMeter Keyring for TIA Portal Password Provider comes into the picture to ensure that the passwords stored in the stick are applied to the right projects stored in the TIA Portal. The users can assign passwords to the specific building blocks of their choice.
  • Over the lifecycle of a project, the role of the working groups may change: Passwords can thus be time-limited, changed, or revoked to ensure that only authorized users have their hands on the project at each stage.

Interested in protecting your projects on Siemens TIA Portal? Then contact our sales team.

TIA Portal is a registered trademark of Siemens

To top