Device that issues authority for automation systems by issuing an encrypted time pass

US 7,314,169 B1
Filed: 09/29/2004
Issued: 01/01/2008
Est. Priority Date: 09/29/2004
Status: Active Grant

First Claim

Patent Images

1. An industrial automation security system, comprising:

an access ticket relating to an industrial automation system, the access ticket comprises one or more restrictive attributes that restrict access rights to a portion of contents of the industrial automation system, the one or more restrictive attributes correspond to properties of the industrial automation system and properties of a requesting entity;

a component that receives the access ticket and grants access to the industrial automation system and the contents therein according to the one or more restrictive attributes; and

a sensor that senses whether the industrial automation system is communicatively connected to an access authority that issues the access ticket.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An industrial automation security system comprises an access ticket relating to an industrial automation system. The access ticket comprises one or more restrictive attributes that restrict access rights to a portion of contents of the industrial automation system. A component that receives the access ticket grants access to the industrial automation system and the contents therein according to the one or more restrictive attributes.

Citations

33 Claims

1. An industrial automation security system, comprising:
- an access ticket relating to an industrial automation system, the access ticket comprises one or more restrictive attributes that restrict access rights to a portion of contents of the industrial automation system, the one or more restrictive attributes correspond to properties of the industrial automation system and properties of a requesting entity;
  
  a component that receives the access ticket and grants access to the industrial automation system and the contents therein according to the one or more restrictive attributes; and
  
  a sensor that senses whether the industrial automation system is communicatively connected to an access authority that issues the access ticket.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The security system of claim 1, the industrial automation system comprises a programmable logic controller.
  - 3. The security system of claim 1, the one or more restrictive attributes comprises a timeframe that a requesting entity can be granted access.
  - 4. The security system of claim 1, the one or more restrictive attributes comprises a one-time access restriction.
  - 5. The security system of claim 1, the access ticket is issued upon authentication of an identity of a requesting entity.
  - 6. The security system of claim 5, the requesting entity is a human.
  - 7. The security system of claim 5, authentication comprises analyzing at least one of a user name, a password, and a personal identification number provided by the requesting entity.
  - 8. The security system of claim 5, authentication comprises analyzing biometric information provided by the requesting entity.
  - 9. The security system of claim 1, the user is provided with read-only access privileges to at least a portion of the contents of the industrial automation system.
  - 10. The security system of claim 1, the one or more restrictive attributes prevents access to at least a portion of the contents.
  - 11. The security system of claim 1, the one or more restrictive attributes prevents a user from writing to at least a portion of the contents.
  - 12. The security system of claim 1, the access ticket is in a form of a Kerberos ticket.
  - 13. The security system of claim 1, the access authority and the industrial automation system comprise a clocking mechanism, the clocking mechanism of the access authority and the clocking mechanism of the industrial automation system synchronized upon the access authority and the industrial automation system being communicatively connected.
  - 14. The security system of claim 13, the clocking mechanism of the industrial automation system pauses upon a determination that the industrial automation system is not communicatively connected to the access authority.
  - 15. The security system of claim 14, the one or more restrictive attributes comprise a limited time of access.
  - 16. The security system of claim 15, the limited time of access extends upon the industrial automation system and the access authority becoming communicatively disconnected.
  - 17. The security system of claim 1, the industrial automation system comprises a clocking mechanism, the clocking mechanism counts down upon receipt of the access ticket.
  - 18. The security system of claim 17, the industrial automation system prohibits access thereto upon the clocking mechanism counting down to a defined time.

19. A security system for industrial automation systems, comprising:
- an access authority that generates access tickets relating to one or more industrial automation devices, the access authority and the one or more industrial automation devices comprise a clock; and
  
  a component that pauses the clock comprised by the one or more industrial automation devices upon the one or more industrial automation devices becoming disconnected from the access authority.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27)
- - 20. The system of claim 19, further comprising a sensor that monitors whether the one or more industrial automation devices is connected to the access authority.
  - 21. The system of claim 19, the clock comprised by the one or more automation devices restarted upon the one or more industrial automation devices being connected with the access authority.
  - 22. The system of claim 19, the clock comprised by the one or more automation devices synchronized with the clock comprised by the access authority upon the one or more industrial automation devices being connected with the access authority.
  - 23. The system of claim 19, a valid access ticket does not expire upon disconnection of the access authority and the one or more industrial automation devices.
  - 24. The system of claim 19, the access ticket comprises restrictive attributes that restrict access to a portion of contents within the industrial automation device.
  - 25. The system of claim 19, further comprising a user verification component that verifies that a user is authorized to access the one or more industrial automation devices.
  - 26. The system of claim 25, the user verification component analyzes biometric data to determine whether the user is authorized to access the one or more industrial automation devices.
  - 27. The system of claim 25, the user verification component analyzes one or more of a username, password, and personal identification number to determine whether the user is authorized to access the one or more industrial automation devices.

28. A method for securing industrial automation systems, comprising:
- receiving a request to access an industrial automation system;
  
  verifying that an initiator of the request is authorized to access the industrial automation system;
  
  generating an access ticket that comprises restrictive attributes based on the industrial automation system and the initiator of the request;
  
  relaying the access ticket to the industrial automation system, the restrictive attributes limit the initiator'"'"'s access to industrial automation system; and
  
  sensing whether the industrial automation system is communicatively connected to an access authority that issues the access ticket.
- View Dependent Claims (29, 30, 31)
- - 29. The method of claim 28, further comprising restricting access to a portion of contents associated with the industrial automation system.
  - 30. The method of claim 28, further comprising restricting access to the industrial automation system to a single access.
  - 31. The method of claim 28, further comprising analyzing one or more of a username, password, personal identification number, and biometric data to verify that the initiator of the request is authorized to access the industrial automation system.

32. A security system employed in an industrial automation system, comprising:
- means for generating an access ticket with restrictive attributes based on the industrial automation system and a requesting entity;
  
  means for delivering the access ticket to an industrial automation system and restricting access to the industrial automation system based at least in part upon the restrictive attributes; and
  
  means for sensing whether the industrial automation system is communicatively connected to an access authority that issues the access ticket.
- View Dependent Claims (33)
- - 33. The security system of claim 32, further comprising means for encrypting the access ticket.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Rockwell Automation Technologies Incorporated (Rockwell Automation, Inc.)
Original Assignee
Rockwell Automation Technologies Incorporated (Rockwell Automation, Inc.)
Inventors
Anderson, Craig D., Anderson, Mark B., Jasper, Taryl J.
Primary Examiner(s)
FUREMAN, JARED

Application Number

US10/953,945
Time in Patent Office

1,189 Days
Field of Search

235/382, 235/382.5, 713/182, 713/183, 713/184, 713/185, 713/186, 713/150, 726/26, 726/27, 726/28, 726/1
US Class Current

235/382
CPC Class Codes

G05B 2219/24167   Encryption, password, user ...

G06F 21/31   User authentication

G06F 21/32   using biometric data, e.g. ...

G06F 21/445   by mutual authentication, e...

G06F 21/6209   to a single file or object,...

G06F 2221/2129   Authenticate client device ...

G06F 2221/2135   Metering

G06F 2221/2137   Time limited access, e.g. t...

G06F 2221/2141   Access rights, e.g. capabil...

H04L 2209/60   Digital content management,...

H04L 9/12   Transmitting and receiving ...

H04L 9/3213   using tickets or tokens, e....

H04L 9/3226   using a predetermined code,...

H04L 9/3271   using challenge-response

Y02P 90/80   Management or planning

Device that issues authority for automation systems by issuing an encrypted time pass

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

33 Claims

Specification

Solutions

Use Cases

Quick Links

Device that issues authority for automation systems by issuing an encrypted time pass

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

33 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links