SYSTEM AND METHODOLOGY PROVIDING MULTI-TIER SECURITY FOR NETWORK DATA WITH INDUSTRIAL CONTROL COMPONENTS

US 20090222885A1
Filed: 05/13/2009
Published: 09/03/2009
Est. Priority Date: 06/04/2002
Status: Active Grant

First Claim

Patent Images

1. An industrial control system, comprising:

an industrial controller that communicates with a network based in part on at least one configured security layer; and

the at least one configured security layer mapped to at least one of a respective area or module associated with the industrial controller, the mapping relates the at least one configured security layer to at least one security component that facilitates varying levels of data access to the industrial controller, the at least one configured security layer is associated with at least one of similar security components or dissimilar security components.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention relates to a system and methodology facilitating network security and data access in an industrial control environment. An industrial control system is provided that includes an industrial controller to communicate with a network. At least one security layer can be configured in the industrial controller, wherein the security layer can be associated with one or more security components to control and/or restrict data access to the controller. An operating system manages the security layer in accordance with a processor to limit or mitigate communications from the network based upon the configured security layer or layers.

78 Citations

View as Search Results

20 Claims

1. An industrial control system, comprising:
- an industrial controller that communicates with a network based in part on at least one configured security layer; and
  
  the at least one configured security layer mapped to at least one of a respective area or module associated with the industrial controller, the mapping relates the at least one configured security layer to at least one security component that facilitates varying levels of data access to the industrial controller, the at least one configured security layer is associated with at least one of similar security components or dissimilar security components.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The system of claim 1, wherein, the at least one security component includes a trust component to authenticate a trust relationship between a remote system.
  - 3. The system of claim 1, wherein, the at least one security component includes an encryption component that at least one of provides data encryption, or authenticates or authorizes at least one of a user or a device.
  - 4. The system of claim 3, wherein, the encryption component is employed to at least one of encapsulate or encrypt a control protocol.
  - 5. The system of claim 1, wherein, the at least one security component includes a policy component that comprises at least one of a security parameter, at least one rule, at least one filter, a filter list, an authentication method, a tunnel parameter, or a connection type.
  - 6. The system of claim 1, further comprising, a user policy store that stores data, which is utilized to configure the at least one security component.
  - 7. The system of claim 6, wherein, the data is configured by a user and includes at least one of system-based policies or associated rules for granting, permitting or denying access to at least one of the industrial controller or components associated with the industrial controller.
  - 8. The system of claim 1, further comprising, at least one of, a security components store to store the at least one security component, or a security mappings store to relate the at least one configured security layer to at least one of an area within the industrial controller or a module associated with the industrial controller.
  - 9. The system of claim 1, wherein, the at least one security component includes a locking component to at least one of grant or prevent access to the industrial controller.
  - 10. The system of claim 1, wherein, the at least one security component includes a Virtual Private Network (VPN) component to facilitate communications between the industrial controller and one or more VPN devices by establishing trust between the industrial controller and the one or more VPN devices.
  - 11. The system of claim 1, wherein, the at least one security component includes a virus detection component that analyzes and discards potentially harmful files or data that are received at the industrial controller.

12. A method to facilitate secure data exchange in an industrial controller network, comprising:
- determining a mapping for communication associated with an industrial controller;
  
  determining one or more security layers associated with the mapping; and
  
  associating the one or more security layers with one or more security components that are configured for a respective security layer.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
- - 13. The method of claim 12, further comprising, mapping a trust component, an encryption component and a policy component.
  - 14. The method of claim 12, further comprising, creating a private network across a public network to provide access to the industrial controller.
  - 15. The method of claim 12, further comprising, detecting viruses on the industrial controller.
  - 16. The method of claim 12, further comprising, segmenting at least one of an area or a device associated with the industrial controller in according to the mapping.
  - 17. The method of claim 12, further comprising, configuring a locking component to at least one of grant or prevent access to the industrial controller.
  - 18. The method of claim 12, further comprising, segmenting a plurality of security areas wherein respective areas are identified with an associated security layer or layers having respective security components.
  - 19. The method of claim 12, further comprising, establishing communications with a network device based in part on at least one of the mapping, the one or more security layers or the associated security components configured for each of the one or more security layers.

20. An industrial control system, comprising:
- means for storing one or more security layers associated with an industrial controller, the one or more security layers include at least one of configurable or selectable security protocols;
  
  means for mapping each of the one or more security layers to at least one of a respective area or module associated with the industrial controller; and
  
  means for establishing communications with a network device based in part on at least one of the mapping, the one or more security layers or associated security components selected for each of the one or more security layers.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Rockwell Automation Technologies Incorporated (Allen-Bradley Co., Inc.)
Original Assignee
Rockwell Automation Technologies Incorporated (Allen-Bradley Co., Inc.)
Inventors
Baier, John Joseph, Batke, Brian Alan, Morse, Richard Alan, Callaghan, David Michael

Granted Patent

US 8,190,888 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

H04L 63/061   for key exchange, e.g. in p...

H04L 63/0823   using certificates cryptogr...

H04L 63/16   Implementing security featu...

SYSTEM AND METHODOLOGY PROVIDING MULTI-TIER SECURITY FOR NETWORK DATA WITH INDUSTRIAL CONTROL COMPONENTS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

78 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHODOLOGY PROVIDING MULTI-TIER SECURITY FOR NETWORK DATA WITH INDUSTRIAL CONTROL COMPONENTS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

78 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links