Digital rights management system and method
First Claim
1. A certificate authority device, comprising:
- a memory that stores executable instructions; and
a processor, coupled to the memory, that facilitates execution of the executable instructions to perform operations, comprising;
communicating with an automation device and a control device via a local area network consisting of a set of networked devices comprising the certificate authority device, the control device, and the automation device, that communicate via a local area network protocol;
generating for the control device a digital certificate that cryptographically authenticates an identity of the control device;
determining that the control device is authorized to modify an automation program that is executed by the automation device based on defined privileges linked to the digital certificate of the control device;
facilitating presentation of the defined privileges via a user interface; and
receiving, via the user interface, input data representative of a change to the defined privileges.
1 Assignment
0 Petitions
Accused Products
Abstract
An architecture for application of digital rights management to industrial automation devices including programmable logic controllers (PLCs), I/O devices, and communication adapters is provided. Digital rights management involves a set of technologies for controlling and managing access to device objects and/or programs such as ladder logic programs. Access to automation device objects and/or programs can be managed by downloading rules of use that define user privileges with respect to automation devices and utilizing digital certificates, among other things, to verify the identity of a user desiring to interact with device programs, for example. The architecture can provide for secure transmission of messages to and amongst automation devices utilizing public key cryptography associated with digital certificates.
38 Citations
20 Claims
-
1. A certificate authority device, comprising:
-
a memory that stores executable instructions; and a processor, coupled to the memory, that facilitates execution of the executable instructions to perform operations, comprising; communicating with an automation device and a control device via a local area network consisting of a set of networked devices comprising the certificate authority device, the control device, and the automation device, that communicate via a local area network protocol; generating for the control device a digital certificate that cryptographically authenticates an identity of the control device; determining that the control device is authorized to modify an automation program that is executed by the automation device based on defined privileges linked to the digital certificate of the control device; facilitating presentation of the defined privileges via a user interface; and receiving, via the user interface, input data representative of a change to the defined privileges. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A first automation device, comprising:
-
a memory that stores computer executable instructions; and a processor, communicatively coupled to the memory, that facilitates execution of the computer executable instructions to perform operations, comprising; receiving, from a second automation device, a message instructing a modification of an automation program related to the first automation device, wherein the message comprises sender data indicative of the second automation device; receiving, from a certificate authority device, digital certificate data that was issued by the certificate authority device, wherein the certification data certifies an identity of the second automation device; based on the digital certificate data, verifying the message was transmitted by the second automation device, wherein the first automation device, the second automation device, and the certificate authority device are communicatively coupled via a local area network consisting of a set of a set of networked device that communicate via a local area network protocol; determining that the second automation device is authorized to facilitate the modification of the automation program based on defined privileges linked to the digital certificate data; facilitating presentation of the defined privileges via a user interface; and receiving input data representative of a change to the defined privileges via the user interface. - View Dependent Claims (11, 12, 19, 20)
-
-
13. A method, comprising:
-
receiving, by a system comprising a processor, a request to access automation data representative of a program that is executed by an automation device or a process that is performed by the automation device, wherein the request is from a requesting device; receiving, by the system, digital certificate data corresponding to the requesting device, wherein the digital certificate data cryptographically authenticates an identity of the requesting device, and wherein the digital certificate data is generated by a certificate authority device; matching, by the system, the digital certificate data to a list of access rights for the program or the process; determining, by the system, a level of access to the automation data is satisfied based on the matching; and granting, by the system, the level of access to the automation data, wherein the level of access is granted to the requesting device in response to the determining, wherein the system, the requesting device, and the certificate authority device are communicatively coupled via a local area network consisting of a set of networked device that communicate via a local area network protocol; facilitating presentation of the list of access rights via a user interface; and receiving, via the user interface, input data representative of a change to the list of access rights. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification