SECURITY SETTINGS AND INDICATIONS OF CONTROLLERS

US 20160014156A1
Filed: 07/10/2014
Published: 01/14/2016
Est. Priority Date: 07/10/2014
Status: Active Grant

First Claim

Patent Images

1. A security assurance system for a building controller comprising:

a controller having a locked mode and an exposed mode; and

wherein;

the locked mode comprises at least one item of a group consisting of one or more security settings and policies that meet predetermined standards, and an entity designated to assume the responsibility to assure that the security settings and policies meet the predetermined standards; and

the exposed mode comprises at least one item of a group consisting of an absence of security settings and policies that meet the predetermined standards, and an absence of an entity designated to assure that the security settings and policies meet the predetermined standards.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and approach having security assurance for a controller relative to outside connections such as internet. The controller may have locked and exposed modes. A locked mode may mean that the system is correctly configured in that security related settings meet minimum standards. For example, the controller is protected through sufficiently strong user accounts and passwords whether entered or by default. Also, there may be an entity, such as person or organization that has responsibility for securing the controller against undesired intrusions. In the exposed mode, where the system may be incorrectly configured, the controller may shut down some or all of the functionality that has relevance to remote access. In the exposed mode, a built-in web server may show one or more screens that allow one to access the controller. There may be security indicators, such as lights that indicate whether the controller is exposed or locked.

12 Citations

View as Search Results

22 Claims

1. A security assurance system for a building controller comprising:
- a controller having a locked mode and an exposed mode; and
  
  wherein;
  
  the locked mode comprises at least one item of a group consisting of one or more security settings and policies that meet predetermined standards, and an entity designated to assume the responsibility to assure that the security settings and policies meet the predetermined standards; and
  
  the exposed mode comprises at least one item of a group consisting of an absence of security settings and policies that meet the predetermined standards, and an absence of an entity designated to assure that the security settings and policies meet the predetermined standards.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The system of claim 1, wherein the controller comprises a security monitor having an automatic remote notification mechanism that notifies an entity designated to assume responsibility for security of the controller, upon detection of a security threat or misconfiguration of the controller.
  - 3. The system of claim 2, wherein the security monitor has a manual selector to initiate the automatic remote notification mechanism.
  - 4. The system of claim 1, wherein a security policy that meets the predetermined standards incorporates an entity designated to assume a responsibility to assure that the security settings and policies meet the predetermined standards.
  - 5. The system of claim 4, wherein in the exposed mode, the controller shuts down a functionality having relevance for remote access.
  - 6. The system of claim 4, wherein:
    - the controller comprises a web-server that provides a screen for display and entities; and
      
      the web-server permits a user to enter a media access control (MAC) address or a serial number of the controller so that the user can access and adjust the security settings to meet the predetermined standards.
  - 7. The system of claim 4, wherein:
    - the controller comprises a web-server that provides a screen for display and entities; and
      
      wherein;
      
      the web-server permits a user to enter a MAC address of the controller or a serial number;
      
      an email address is entered on the screen of the entity designated to assure that the security settings and policies meet the predetermined standards;
      
      the controller verifies that the MAC or serial number is valid or does a timeout if the MAC or serial number is invalid;
      
      if the MAC or serial number is valid, then the controller sends an email with a random code to the email address entered on the screen; and
      
      the entity enters the code on the screen to result in an unlocking of the controller and another screen that reveals access to the security settings which can be adjusted to meet the predetermined standards.
  - 8. The system of claim 7, wherein the security settings comprise what entity is to receive notifications of one or more items from a group consisting of detected cyber-attacks, cyber health status of the controller, a number of failed logons, a new client internet protocol (IP) address, and a port probe by a remote host to be selected to activate monitoring of suspect activities.
  - 9. The system of claim 8, wherein a failed MAC address, serial number, random code, user account or password are prevented from being sent out by the controller over the internet.
  - 10. The system of claim 1, wherein the security settings are saved and the controller is locked relative to the security settings.
  - 11. The system of claim 1, wherein the controller comprises an indicator that reveals whether the controller is in the locked mode or the exposed mode.
  - 12. The system of claim 1, wherein a security structure of the controller comprises:
    - one or more web pages;
      
      the locked mode and the exposed mode;
      
      a storage of security settings;
      
      a monitoring of potential attack vector surface events;
      
      a timestamp of the events;
      
      ora transmission of the events to the entity designated to monitor the controller.
  - 13. The system of claim 6, wherein:
    - a case in which an account, a password, or a code is lost, the MAC address or serial number of the controller is entered in a screen of the display to gain access to the security settings; and
      
      the security settings are eliminated and security settings are setup again anew.

14. A method, for monitoring security fitness of a building controller, comprising:
- providing a building controller connectable to an external communication system;
  
  providing one or more visual indicators of status of a configuration from a security perspective of the building controller;
  
  checking a configuration of one or more items from a group consisting of a firewall, a network interface, virtual private networks, security credentials, communication ports, a user database, and a connectivity status to the external communication system; and
  
  wherein a configuration that is acceptable from the security perspective meets predetermined security criteria.
- View Dependent Claims (15, 16, 17)
- - 15. The method of claim 14, wherein if a configuration of an item fails to meet the predetermined security criteria, then the item of the configuration is regarded as misconfigured.
  - 16. The method of claim 14, wherein a configuration from the security perspective is monitored internally with one or more built-in, standalone algorithms, or monitored externally of one or more build-in cooperative algorithms in cooperation with of an external client or server.
  - 17. The method of claim 14, further comprising providing a dashboard that incorporates the one or more visual indicators of the status of the configuration from a security perspective of the building controller.

18. A security indicator mechanism comprising:
- a device; and
  
  wherein the device comprises;
  
  a processor;
  
  a network interface connected to the processor;
  
  a user database memory connected to the processor and connectable to a web; and
  
  a security monitor connected to the network interface, the user database memory, and the processor.
- View Dependent Claims (19, 20, 21, 22)
- - 19. The mechanism of claim 18, further comprising a security indicator connected to the security monitor.
  - 20. The mechanism of claim 19, wherein:
    - the security indicator exhibits a first light if there is a security issue detected; and
      
      the security indicator exhibits a second light or no light if there is an absence of a security issue detected.
  - 21. The mechanism of claim 18, wherein:
    - if the device is incorrectly configured, the device is vulnerable to a security breach; and
      
      if the device is correctly configured, then the device is safe from a security breach.
  - 22. The mechanism of claim 21, wherein the device is correctly configured if appropriate security configuration parameters are setup in the device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Honeywell International Inc.
Original Assignee
Honeywell International Inc.
Inventors
Roosli, Philipp A., Heine, Daniel

Granted Patent

US 9,967,281 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 63/0209   Architectural arrangements,...

H04L 63/1441   Countermeasures against mal...

H04L 63/20   for managing network securi...

SECURITY SETTINGS AND INDICATIONS OF CONTROLLERS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

12 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

SECURITY SETTINGS AND INDICATIONS OF CONTROLLERS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

12 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links