Distributed security for industrial networks
First Claim
1. A industrial network, comprising:
- a local area network; and
a security policy implementation point (SPIP) configured to apply policy in the control of network access to at least one factory machine.
10 Assignments
0 Petitions
Accused Products
Abstract
Distributed security for industrial networks is achieved through the implementation of Security Policy Implementation Points (SPIPs) on the network to apply security policy in a distributed fashion to prevent network users from taking action in particular areas of the network. The SPIP integrates with network services to perform authentication and authorization services on behalf of particular factory machines, groups of factory machines, and other industrial network resources. The SPIP also maintains a local access policy to enable emergency access to the factory machines as well as enable local access to attendant programmable logic controllers. The SPIP also includes audit functionality to enable the SPIP to record local accesses and network accesses to maintain a log of users and network devices that have interfaced with the SPIP. The SPIP may also support VPNs, encryption, compression, and numerous other functions to engage in communications on the network.
92 Citations
25 Claims
-
1. A industrial network, comprising:
-
a local area network; and
a security policy implementation point (SPIP) configured to apply policy in the control of network access to at least one factory machine. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 10, 11, 12, 13)
-
-
9. The industrial network of claims, wherein the industrial network is an untrusted network configured to interconnect network services with a plurality of SPIPs associated with factory machines, and wherein the network services are configured to enable operation of the factory machines to be altered through the industrial network.
-
14. A Security Policy Implementation Point (SPIP) for use in an industrial network, comprising:
-
a local path configured to implement a local access policy; and
a network path configured to secure network paths on the industrial network.
-
- 15. The SPIP of claim 15, further comprising programmable logic controller circuitry configured to function to control at least one factory machine.
Specification