Stefan Bamberg, Senior Key Account & Partner Manager at Wibu-Systems, explains the background.

What is the purpose of the password management solution?

Stefan Bamberg: The secure password management solution "CodeMeter Keyring for TIA Portal" is used to protect IP and content, such as function blocks, functions and organizational blocks. It enables users to protect their IP from unauthorized copying. The user writes the IP source code, compiles it and transfers it to the machine. Our solution then secures access to the source code to ensure the authenticity of the software.

What made the password management solution for the TIA Portal necessary?

Stefan Bamberg: The source code is password-protected on the user interface of the TIA Portal. This function has been available in the TIA Portal from the very beginning, but it is based on simply typing in the password. Since version 14, the TIA Portal has had a password API with which third-party providers can transfer passwords to the TIA Portal via an interface and make them usable there.

Siemens provided us with the password API for the development of "CodeMeter Keyring for TIA Portal". With "CodeMeter Keyring for TIA Portal" as a solution for the Siemens password API, passwords can be generated and managed securely. The passwords are generated in the system behind it and stored in a CodeMeter dongle as a "secure anchor". The solution is based on "CodeMeter License Central", a server-based tool for creating, managing and delivering licenses. It is adapted to password protection as a new application in such a way that the license has effectively become an authentication by means of a password. With "CodeMeter License Central", this can then be distributed worldwide around the clock. In the end, we took the "CodeMeter License Central" system and adapted it to the application. In doing so, we created a local console for password management in the companies.

How exactly does "CodeMeter Keyring for TIA Portal" work?

How exactly does "CodeMeter Keyring for TIA Portal" work?

Stefan Bamberg: One person in the company is designated as the "Super User", who is authorized to create and distribute passwords, but does not know the passwords themselves. With the "Password Manager" component, the super user generates a password and the corresponding password activation code (ticket) via "CodeMeter License Central", which is transmitted to a user via a secure e-mail. The user who has received the e-mail with the code goes to the "CodeMeter WebDepot" with the browser, activates the code there and has the password saved directly in their CodeMeter dongle. This works with all CodeMeter dongles, including the latest version "CmStick/BMI" with pSLC flash memory (pseudo single-level cell memory technology) and USB 3.1 connection.

The data, i.e. licenses, authentication and passwords, are transferred to the dongle using a secure file exchange procedure in "CodeMeter License Central". The data is generated on the server side via a virtual machine, which - configured by Wibu-Systems - runs on the customer's premises or is hosted by Wibu-Systems. The server must therefore be a system in which virtual machines can run.

What security measures for the passwords in the TIA Portal has Siemens itself integrated in addition to its password API?

Stefan Bamberg: Apart from the password API and our "CodeMeter Keyring for TIA Portal", Siemens has also added its own restriction functions. Depending on the restriction set, passwords may neither be changed nor removed. This is Siemens' response to the problem of passwords simply being passed on or even disappearing.

What motivated Wibu-Systems to develop the solution?

Stefan Bamberg: For example, we wanted to enable machine manufacturers to protect their machines from users or unauthorized third parties making unwanted changes to the source code. In the food industry, liability law can very quickly come into play if, for example, the products in the machine are also cooked and are no longer heated sufficiently to increase output after a change to the source code. By specifically assigning passwords to CmDongles, manufacturers can also use the solution to virtually certify certain service companies in order to keep out service companies that do not enjoy the manufacturer's trust.

Has Wibu-Systems also developed comparable protection solutions for control systems from other manufacturers?

Stefan Bamberg: Yes, because manufacturers and users are increasingly making sure that PLC systems can offer such encryption solutions. The Codesys automation software from 3S Smart Software Solutions has integrated such a solution, as does the "Logix Designer" engineering software from Rockwell Automation.

Is "CodeMeter Keyring for TIA Portal" distributed by Wibu-Systems or by Siemens?

Stefan Bamberg: Wibu-Systems distributes the solution for the Siemens password API. As an open interface, the API is open to all certified manufacturers.

Have applications already been implemented with "CodeMeter Keyring for TIA Portal"?

Stefan Bamberg: Yes, there are already several companies that rely on this technology.

Is "CodeMeter Keyring for TIA Portal" the first joint project between Wibu-Systems and Siemens?

Stefan Bamberg: No, there are a number of joint projects, but it is another major step in the cooperation between the two companies.

Wibu-Systems at embedded world 2019: Hall 4, Stand 360