Security settings and indications of controllers
First Claim
1. A security assurance system for a building controller comprising:
- a controller having a locked mode and an exposed mode relative to outside connections such as internet, the controller including a security monitor configured to determine whether the controller is in the locked mode or the exposed mode; and
wherein;
the locked mode comprises at least one item of a group consisting of one or more security settings and policies that meet predetermined standards, and an entity designated to assume responsibility to assure that security settings and policies meet the predetermined standards;
the exposed mode comprises at least one item of a group consisting of an absence of security settings and policies that meet the predetermined standards, and an absence of an entity designated to assure that the security settings and policies meet the predetermined standards;
the security monitor determines whether the controller is in the locked mode or the exposed mode based on the items related to security settings and policies and a presence or the absence of the entity designated to assure the security settings and policies meet the predetermined standards; and
the controller comprises an indicator that reveals whether the controller is in the locked mode or the exposed mode.
0 Assignments
0 Petitions
Accused Products
Abstract
A system and approach having security assurance for a controller relative to outside connections such as internet. The controller may have locked and exposed modes. A locked mode may mean that the system is correctly configured in that security related settings meet minimum standards. For example, the controller is protected through sufficiently strong user accounts and passwords whether entered or by default. Also, there may be an entity, such as person or organization that has responsibility for securing the controller against undesired intrusions. In the exposed mode, where the system may be incorrectly configured, the controller may shut down some or all of the functionality that has relevance to remote access. In the exposed mode, a built-in web server may show one or more screens that allow one to access the controller. There may be security indicators, such as lights that indicate whether the controller is exposed or locked.
9 Citations
17 Claims
-
1. A security assurance system for a building controller comprising:
-
a controller having a locked mode and an exposed mode relative to outside connections such as internet, the controller including a security monitor configured to determine whether the controller is in the locked mode or the exposed mode; and wherein; the locked mode comprises at least one item of a group consisting of one or more security settings and policies that meet predetermined standards, and an entity designated to assume responsibility to assure that security settings and policies meet the predetermined standards; the exposed mode comprises at least one item of a group consisting of an absence of security settings and policies that meet the predetermined standards, and an absence of an entity designated to assure that the security settings and policies meet the predetermined standards; the security monitor determines whether the controller is in the locked mode or the exposed mode based on the items related to security settings and policies and a presence or the absence of the entity designated to assure the security settings and policies meet the predetermined standards; and the controller comprises an indicator that reveals whether the controller is in the locked mode or the exposed mode. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method, for monitoring security fitness of a building controller, comprising:
-
providing a building controller connectable to an external communication system; providing one or more visual indicators of status of a configuration from a security perspective of the building controller, the one or more visual indicators of status selected from the group consisting of one or more indicator lights and a dashboard; checking a configuration of one or more items from a group consisting of a firewall, a network interface, virtual private networks, security credentials, communication ports, a user database, and a connectivity status to the external communication system; and determining whether the building controller is in a locked mode or an exposed mode based on whether or not the configuration of one or more items meets security criteria; and wherein; the building controller is in the exposed mode when a configuration of one or more items does not meet the security criteria; and wherein the building controller is in the locked mode when the configuration of one or more items meets the security criteria. - View Dependent Claims (15, 16, 17)
-
Specification