Comfortable and secure with RFID authentication
Field devices in industrial plants have a graded authorisation management and customised authentication mechanisms that prevent the dangerous consequences of incorrect input and unauthorised access to process control. However, these traditional log-in procedures are impractical and time-consuming in cases where staff have to frequently change between operator stations. By equipping its Thin Clients for hazardous and industrial areas with RFID readers, R. STAHL can greatly simplify the authentication process.
Requirements for HMI systems
Continuing digitalisation in the process industry means ever-increasing requirements for operating and monitoring systems when it comes to ensuring reliable access to production processes, process values and system status from the field to the control room. On the one hand, the growing inter-connectedness of automation and communication technology means an increase in data traffic. IoT applications and the need for more efficient use of memory and computer capacity on the other hand drive the virtualisation of formerly hardware-based control and communication architectures. In addition to robust design and reliability, HMIs should therefore also feature flexible access options, mature usability and compatibility with a broad range of key control systems.
Access security – time considerations
Staff of many large-scale systems and operations have to change operator stations frequently. Dynamic access management enabling authorised staff to access processes and systems from different terminals is therefore one of the central security aspects. However, security guidelines require a log-off and log-on with user name and password for every change of system. Adverse conditions such as protective gloves or inaccurately calibrated on-screen keyboards can make the constant log-off / log-on procedures even more cumbersome. Frequently, this leads to counterproductive behaviour, such as staff using passwords without protective function, displaying access codes openly or simply not logging out.
An ergonomic solution to this might be biometric procedures using fingerprints or face recognition to check access authority. This method is useless, however, in sensitive areas where staff have to wear protective clothing, gloves and face masks for hygienic reasons. This is where LogOnPlus comes in, a software that greatly facilitates every-day production processes. LogOnPlus is a modular server-client application that manages log-on control for production applications. Users are, for example, identified through their RFID ID card, authenticated vis-a-vis the company's active directory and then logged on to the target application such as a PLS by LogOnPlus via an application-specific connector.
Contactless RFID authentication
R. STAHL is the only manufacturer on the market that can equip its explosion-proof ORCA Thin Clients with contactless RFID authentication, which reduces the time required for log-on and authorised access to process control and data communication to a minimum. For this, the HMI specialist has developed specific RFID readers for use in Zone 1/21 and 2/22 that are either integrated into the enclosure, available as separate units with USB interface for panel-mounting or are firmly installed under the HMI's front panel, as is the case with the ORCA and SHARK Thin Clients.
The usual log-ons and log-offs in the automation system are no longer necessary due to the RFID access control, which meets current security requirements according to FDA and GAMP. Following the user authentication via card or chip and after a password has been entered, the system will immediately call up the individual, customised start menu with the applications available for the specific user. In addition to transponders with MIFARE, DESFIRE, EV1 or LEGIC Advant, R.STAHL HMI Systems' RFID readers now also support the use of a particularly comfortable log-on system.
Fast, secure log-in
Compatible with many commonly used card readers and distributed control or SCADA systems, LogOnPlus provides integrated RFID authentication via staff ID cards. With this software, access control at the Client will remain active even when the server is down or during maintenance works. Another useful feature is that users can allocate their work ID themselves, without the need for extra administration.
The system allows for a period to be configured as a "smart logon session", during which follow-up log-ins will be accepted without the need for a password, thus enabling faster follow-up log-ins. This way, when users need to log in again during the defined period of time, they merely need to place their pass onto the reader.
Another benefit in terms of safety and compliance is the option of automatically logging off a user when the pass is removed from the reader, making "open systems" a thing of the past. To meet the high standards set for IT security, compliance and QM, there is the option of an audit trail that documents all log-on and log-off processes centrally. In addition, access to the desktop can be locked via a screen keyboard without function keys. Sensitive data are protected via encryption.
Future-proof firmware at IoT level
This uncomplicated RFID integration is one of the features of the modern industrial-grade Remote HMI firmware, which the HMI specialist employs to make its Thin Clients fit for the Industrial Internet of Things. This user-friendly firmware on the basis of Windows 10 Enterprise 2019 LTSC is tailored for the latest developments of digital automation. It ensures the safe, manipulation-proof remote control of virtual or real workstations in a network as a closed system with a uniform operating concept.
All major remote protocols, such as VNC and RDP, are supported. The App concept allows for CITRIX access, protocols such as Delta V Remote Desktop Connection (DRDC), browsers, CCTV apps or any other applications to be operated securely and without modification of the Remote HMI firmware. The firmware provides customised access management with graded authority for access to centrally stored or cloud-based programs and applications.
Slim-line operator stations in industry-specific design
R. STAHL integrates its firmware into the HMIs Thin Clients as a standard. The Thin Clients are based on three different technology platforms, for the chemical and pharmaceutical industry, machine operations and the oil and gas industry, and are available both in explosion-protected design for ATEX- and IECEx-certified operation in Zone 1/21 and 2/22, as well as for standard industrial operation. As such, they represent a particular future-proof and reliable solution for process control and visualisation in hazardous as well as industrial areas in this very popular product segment. The slim-line HMIs can be integrated in redundantly secured network structures, and are available in with various display sizes and resolutions, and optionally as dual screen versions with dual touch.
To ensure high performance, the manufacturer uses the latest high-performance industrial processors and main memory. In addition, the Thin Clients feature optimised hardware functions (Intel VT) for virtualisation environments. The systems' integrated HD graphics chip supports DirectX 11.1 and ensures optimum display quality even with extremely dynamic process images. With the ORCA HMIs, the HMI specialist has also introduced a cleanroom-compatible version with a 22" Widescreen Multitouch Display that meets the criteria for GMP Class C cleanliness.
In short
With its Thin Clients, a firmware tailored to meet the requirements of modern control networks and RFID readers specially developed for hazardous areas, R. STAHL HMI Systems is the only producer of Thin Clients that provides a simplified authentication management with RFID cards in hazardous areas up to Zone 1. The readers’ compatibility with various reader technologies simplifies implementation on sites where staff already have transponder cards for other areas of application.
In addition, the readers' support of LogOnPlus means a noticeable increase in comfort whilst maintaining high security standards. Users are, for example, identified through their RFID ID card, authenticated vis-a-vis the company's active directory and then logged on to the target application, e.g. a PLS, by LogOnPlus via an application-specific connector. On request, the HMI specialist will provide cards and key fobs equipped with tested transponders for use in hazardous areas.