Security architecture for a process control platform executing applications

US 20020199123A1
Filed: 06/24/2002
Published: 12/26/2002
Est. Priority Date: 06/22/2001
Status: Abandoned Application

First Claim

Patent Images

1. A security component within a supervisory process control and manufacturing information system comprising:

a set of user roles corresponding to different types of users within the information system;

a set of security groups defining a set of security permissions with regard to a set of objects, wherein each security group includes an access definition relating the security permissions to at least one of the set of user roles; and

a set of user accounts assigned to at least one of the defined roles thereby indirectly defining access rights with regard to the set of objects having restricted access within the system;

wherein the security permissions are assigned at an object attribute level.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A security component within a supervisory process control and manufacturing information system comprising a set of user roles corresponding to different types of users within the information system, a set of security groups defining a set of security permissions with regard to a set of objects, wherein each security group includes an access definition relating the security permissions to at least one of the set of user roles, and a set of user accounts assigned to at least one of the defined roles thereby indirectly defining access rights with regard to the set of objects having restricted access within the system. The security permissions within the supervisory process control and manufacturing information system are assigned at an object attribute level.

Citations

18 Claims

1. A security component within a supervisory process control and manufacturing information system comprising:
- a set of user roles corresponding to different types of users within the information system;
  
  a set of security groups defining a set of security permissions with regard to a set of objects, wherein each security group includes an access definition relating the security permissions to at least one of the set of user roles; and
  
  a set of user accounts assigned to at least one of the defined roles thereby indirectly defining access rights with regard to the set of objects having restricted access within the system;
  
  wherein the security permissions are assigned at an object attribute level.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 17, 18)
- - 2. The security component of claim 1, wherein the information system is distributable to a plurality of networked computer devices.
  - 3. The security component of claim 1, wherein the information system has a layered architecture.
  - 4. The security component of claim 3, wherein the layered architecture comprises application objects that model entities within a process control system, engine objects that host execution of the applications in a runtime environment, and platform objects corresponding to a physical computer system component for executing the engine objects and associated application objects and wherein the platform objects host at least one of the engine objects.
  - 5. The security component of claim 4, wherein the engine objects and platform objects address aspects of the application relating to the physical computing device configurations upon which the application executes, and wherein the application objects execute independently of the physical computing device configurations.
  - 6. The security component of claim 4, wherein the application objects communicate on the same computing device through engine objects and communications across a network of computing devices are supported by the platform objects thereby insulating communications between application objects from the topology of a computer system within which the application objects execute.
  - 7. The security component of claim 1, wherein each user has a user profile.
  - 8. The security component of claim 7, wherein the user profile contains security-related information and at least one role.
  - 9. The security component of claim 8, wherein the at least one role grants permissions to the user to perform specific activities.
  - 10. The security component of claim 9, wherein the permissions are operation permissions.
  - 11. The security component of claim 10, wherein the operation permissions comprise security groups.
  - 12. The security component of claim 11, wherein the security groups comprise objects.
  - 13. The security component of claim 12, wherein the objects comprise at least one attribute and each attribute has a security classification.
  - 14. The security component of claim 13, wherein the security classification of each attribute defines the users that may write to the attribute.
  - 15. The security component of claim 13, wherein the at least one attribute are designed to be accessed by multiple users.
  - 17. The method of editing an attribute of claim 16, further comprising the step of requesting a second authentication.
  - 18. The method of editing an attribute of claim 17, further comprising the step of requesting the authentication of a third party.

16. A method of editing an attribute of a security component within a supervisory process control and manufacturing information system, the method comprising:
- receiving the authentication materials from a user;
  
  obtaining the proposed changes to the attribute;
  
  checking the permissions of the user inputting the proposed changes;
  
  accepting the proposed changes in the event that the permissions of the user are validated; and
  
  denying the proposed changes in the event that the permissions of the user are invalidated.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Invensys Systems Incorporated (Invensys PLC)
Original Assignee
Wonderware Corporation (Schneider Electric SE)
Inventors
Mody, Pankaj H., McIntyre, James P., Kasajian, Kenneth, Sowell, Timothy, Resnick, Robert M.

Application Number

US10/179,095
Publication Number

US 20020199123A1
Time in Patent Office

Days
Field of Search
US Class Current

726/3
CPC Class Codes

G06F 21/30   Authentication, i.e. establ...

G06F 21/6209   to a single file or object,...

G06F 21/6218   to a system of files or obj...

H04L 63/101   Access control lists [ACL]

H04L 63/104   Grouping of entities

Security architecture for a process control platform executing applications

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Security architecture for a process control platform executing applications

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links