System and methodology providing multi-tier-security for network data exchange with industrial control components
First Claim
Patent Images
1. An industrial control system, comprising:
- an industrial controller that communicates with a network;
at least one security layer configured in the industrial controller, the security layer associated with at least one security component further comprising at least one of a trust component to authenticate a trust relationship between a remote system and the industrial controller, an encryption component to provide data encryption, and a policy component to facilitate varying levels of data access to the industrial controller, and including user interface editing parameters;
1 to M mappings that relate a plurality of security layers configured in the industrial controller to at least one security component per layer, the security layers are associated with at least one of similar security components and dissimilar security components, M being an integer;
a security layer store to map security layers to security components;
an operating system to manage the at least one security layer, the at least one security component stored in accordance with the operating system and an associated memory subsystem; and
a processor to execute the operating system, the processor limits communications from the network based in part on the configured security layer.
1 Assignment
0 Petitions
Accused Products
Abstract
The present invention relates to a system and methodology facilitating network security and data access in an industrial control environment. An industrial control system is provided that includes an industrial controller to communicate with a network. At least one security layer can be configured in the industrial controller, wherein the security layer can be associated with one or more security components to control and/or restrict data access to the controller. An operating system manages the security layer in accordance with a processor to limit or mitigate communications from the network based upon the configured security layer or layers.
-
Citations
31 Claims
-
1. An industrial control system, comprising:
-
an industrial controller that communicates with a network; at least one security layer configured in the industrial controller, the security layer associated with at least one security component further comprising at least one of a trust component to authenticate a trust relationship between a remote system and the industrial controller, an encryption component to provide data encryption, and a policy component to facilitate varying levels of data access to the industrial controller, and including user interface editing parameters; 1 to M mappings that relate a plurality of security layers configured in the industrial controller to at least one security component per layer, the security layers are associated with at least one of similar security components and dissimilar security components, M being an integer; a security layer store to map security layers to security components; an operating system to manage the at least one security layer, the at least one security component stored in accordance with the operating system and an associated memory subsystem; and a processor to execute the operating system, the processor limits communications from the network based in part on the configured security layer. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A method to facilitate secure data exchange in an industrial controller network, comprising:
-
mapping at least one security component, based at least on encryption technology, that relates respective areas and/or modules associated with an industrial controller to at least one security layer in the industrial controller, the mapping is associated with at least one policy and/or rule that define when the mapping is active; associating a plurality of security layers to at least one security component per layer through 1 to M mappings, the plurality of security layers are associated with at least one of similar security components or dissimilar security components, M is an integer; storing a mapping as a configuration to define communications access to the industrial controller, including potential areas within the industrial controller and/or associated modules that interact with the industrial controller; and communicating to the industrial controller in accordance with the stored mapping. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
-
-
31. An industrial control system, comprising:
-
a plurality of remote devices communicating on a network; an industrial controller that communicates with the remote devices; a plurality of security layers stored in the industrial controller, the security layers associated with at least one security component further comprising at least one of a trust component to authenticate a trust relationship between a remote device and the industrial controller, an encryption component to provide data encryption, and a policy component to facilitate varying levels of data access to the industrial controller and including user interface editing parameters; 1 to M mappings that relate a plurality of security layers configured in the industrial controller to at least one security component per layer, the security layers are associated with at least one of similar security components and dissimilar security components, M being an integer; a security layer store residing in the industrial controller to map security layers to security components; an operating system to configure the security layers, the at least one security component stored in accordance with the operating system and an associated memory subsystem; and a processor to execute the operating system, the processor limits communications from the remote devices based in part on the configured security layers.
-
Specification