SYSTEM AND METHOD FOR SYNCHRONIZING SECURITY SETTINGS OF CONTROL SYSTEMS

US 20090187969A1
Filed: 01/22/2008
Published: 07/23/2009
Est. Priority Date: 01/22/2008
Status: Active Grant

First Claim

Patent Images

1. A method for communicating data between a first control system and a second control system, said first control system operable for controlling a first process having first security data in a first data security format for limiting access to said first process, comprising the steps of:

modifying said first security data from being in said first data security format into modified security data in a modified security format, said modified security format compatible with said second control system;

subsequent to said modifying step, receiving a request from a user of said second control system, said request including a user type and at least one process parameter associated with said first process for information regarding said process parameter or to change a value of said process parameter;

referencing said user type and said process parameter to said modified security data; and

based on results of said referencing, blocking or allowing said request.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for communicating data between a first and second control system (FCS and SCS). FCS (202) controls a first process (FP) having first security data (FSD) in a first data security format (FDSF). The method involves modifying the FSD (214) from being in the FDSF into modified security data (MSD) in a modified security format (MSDF) compatible with SCS (226). Subsequent to the modifying, a request is received from an SCS user. The request includes a user type, process parameter (PP) associated with the FP, and request for information regarding the PP or a request to change a PP value. The method also involves referencing the user type and PP to the MSD. The method further involves blocking or allowing the request based on results of the referencing. If results indicate that the request is allowed, then an access level can be impersonated for changing the PP value in FCS.

Citations

18 Claims

1. A method for communicating data between a first control system and a second control system, said first control system operable for controlling a first process having first security data in a first data security format for limiting access to said first process, comprising the steps of:
- modifying said first security data from being in said first data security format into modified security data in a modified security format, said modified security format compatible with said second control system;
  
  subsequent to said modifying step, receiving a request from a user of said second control system, said request including a user type and at least one process parameter associated with said first process for information regarding said process parameter or to change a value of said process parameter;
  
  referencing said user type and said process parameter to said modified security data; and
  
  based on results of said referencing, blocking or allowing said request.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method according to claim 1, further comprising the step of retrieving a custom security settings data file from said first control system, wherein said custom security settings data file contains said first security data operable for identifying a plurality of said process parameters that a plurality of said user types are allowed or not allowed to change.
  - 3. The method according to claim 2, wherein said plurality of user types include a program user type, an engineer user type, a supervisor user type, or an operator user type.
  - 4. The method according to claim 1, further comprising the step of retaining said modified security data for subsequent use in determining whether to allow a value of said process parameter to be changed by said user.
  - 5. The method according to claim 4, further comprising the step of referencing further comprises determining whether said value of said process parameter is allowed to be changed by said user type.
  - 6. The method according to claim 5, further comprising the step of communicating with said first control system utilizing an impersonated access level to change said value of said process parameter if it is determined that said value of said process parameter can be changed by said user type.
  - 7. The method according to claim 6, further comprising the step of writing said value of said process parameter into a memory device of said first control system.
  - 8. The method according to claim 5, further comprising the step of denying said request to change a value of said process parameter if it is determined that said process parameter is not allowed to be changed by said user type.
  - 9. The method according to claim 1, wherein said first and second computing systems comprise industrial plant control systems.

10. A control system, comprising:
- a first control system operable for controlling a first process having first security data in a first data security format for limiting access to said first process;
  
  a second control system configured to enable a user request including a user type and at least one process parameter associated with said first process for information regarding said at least one process parameter or to change a value of said at least one process parameter; and
  
  an intermediary processing device coupled between said first and second control systems, said intermediary processing device configured for (a) modifying said first security data from being in said first data security format into modified security data in a modified security format compatible with said second control system, (b) receiving said user request from a user of said second control system, (c) referencing said user type and said process parameter to said modified security data, and (d) blocking or allowing said user request based on results of said referencing.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The control system according to claim 10, wherein said intermediary processing device is further configured for retrieving a custom security settings data file from said first control system, wherein said custom security settings data file contains said first security data identifying a plurality of said process parameters that a plurality of said user types are allowed or not allowed to change.
  - 12. The control system according to claim 11, wherein said plurality of user types include a program user type, an engineer user type, a supervisor user type, or an operator user type.
  - 13. The control system according to claim 10, wherein said intermediary processing device is further configured for retaining said modified security data for subsequent use in determining whether to allow a value of said process parameter to be changed by said user.
  - 14. The control system according to claim 13, wherein said intermediary processing device is further configured for determining whether said value of said process parameter is allowed to be changed by said user.
  - 15. The control system according to claim 14, wherein said intermediary processing device is further configured for communicating with said first control system utilizing an impersonated access level to change said value of said parameter if it is determined that said value of said process parameter can be changed by said user.
  - 16. The control system according to claim 15, wherein said intermediary processing device is further configured for writing said value of said process parameter into a memory device of said first control system.
  - 17. The control system according to claim 14, wherein said intermediary processing device is further configured for denying said request to change a value of said process parameter if it is determined that said process parameter is not allowed to be changed by said user.
  - 18. The control system according to claim 10, wherein said first and second control systems comprise industrial plant control systems.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Honeywell International Inc.
Original Assignee
Honeywell International Inc.
Inventors
Roby, Steven, DeFord, Leslie Lee

Granted Patent

US 8,276,186 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/3
CPC Class Codes

G06F 21/6218   to a system of files or obj...

H04L 63/105   Multiple levels of security

H04L 63/20   for managing network securi...

SYSTEM AND METHOD FOR SYNCHRONIZING SECURITY SETTINGS OF CONTROL SYSTEMS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR SYNCHRONIZING SECURITY SETTINGS OF CONTROL SYSTEMS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links