Centrally managed proxy-based security for legacy automation systems

US 7,950,044 B2
Filed: 09/28/2004
Issued: 05/24/2011
Est. Priority Date: 09/28/2004
Status: Active Grant

First Claim

Patent Images

1. A system that facilitates enhanced security with respect to an industrial automation environment, comprising:

a central access authority embodied on a computer-readable storage medium and executed by one or more processors, the central access authority configured to provide access rules relating to a device; and

a proxy associated with the device configured to receive the access rules from the central access authority if it is determined that the device is not capable of storing the access rules internally, wherein the proxy is configured to directly receive an access request directed to the device and to determine whether the access request is permitted based at least in part upon characteristics of the access request and the access rules,wherein the proxy is further configured to issue a query to the device and to create a fingerprint of the device based on the query, the fingerprint logically linking the proxy to the device, andwherein the proxy is further configured to detect replacement of the device with a replacement device and to employ the fingerprint to confirm that the replacement device is a valid replacement.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system that facilitates enhanced security with respect to an industrial automation environment comprises a legacy device that is existent within an industrial automation system and a central access authority that provides access rules to a proxy. The proxy receives an access request directed to the legacy device and determines whether the access request is permitted based at least in part upon characteristics of the access request and the access rules provided by the central access authority.

46 Citations

View as Search Results

31 Claims

1. A system that facilitates enhanced security with respect to an industrial automation environment, comprising:
- a central access authority embodied on a computer-readable storage medium and executed by one or more processors, the central access authority configured to provide access rules relating to a device; and
  
  a proxy associated with the device configured to receive the access rules from the central access authority if it is determined that the device is not capable of storing the access rules internally, wherein the proxy is configured to directly receive an access request directed to the device and to determine whether the access request is permitted based at least in part upon characteristics of the access request and the access rules,wherein the proxy is further configured to issue a query to the device and to create a fingerprint of the device based on the query, the fingerprint logically linking the proxy to the device, andwherein the proxy is further configured to detect replacement of the device with a replacement device and to employ the fingerprint to confirm that the replacement device is a valid replacement.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 2. The system of claim 1, wherein the proxy is configured to one of permit or deny access to the device based at least in part upon characteristics of the access request and the access rules.
  - 3. The system of claim 1, wherein the characteristics comprise at least one of an identity of an entity requesting access, an identity of the device, a location of origination of the access request, a location of the legacy device, a read-only request, a read/write request, a write-only request, or a time the access request was received by the proxy.
  - 4. The system of claim 1, wherein the proxy is configured to disable access upon inactivity of a pre-determined duration.
  - 5. The system of claim 4, wherein the inactivity is based upon a lack of data flow.
  - 6. The system of claim 4, wherein the inactivity is based upon a link-level disconnection notification.
  - 7. The system of claim 4, wherein the inactivity is determined by pinging an entity that requests access.
  - 8. The system of claim 1, wherein the access request is received from an operator.
  - 9. The system of claim 1, wherein the access request is received from an automation device.
  - 10. The system of claim 1, wherein an inline communication device comprises the proxy.
  - 11. The system of claim 10, wherein the inline communication device is a dongle fitted external to the device.
  - 12. The system of claim 1, wherein the access rules include at least one security policy indicating whether replacement of the device is allowed, and the proxy prohibits communication to the replacement device if the at least one security policy indicates that replacement of the device is not allowed.
  - 13. The system of claim 11, wherein the dongle is attached to an access port of one or more of the device or a remote terminal.
  - 14. The system of claim 1, wherein an information technology (IT) infrastructure device comprises the proxy.
  - 15. The system of claim 14, wherein the IT infrastructure device is one or more of an intelligent switch, a firewall, or a router.
  - 16. The system of claim 1, wherein a server comprises the proxy.
  - 17. The system of claim 1, wherein the proxy is configured to regulate access to a plurality of devices.
  - 18. The system of claim 1, wherein the proxy device is associated with a sensor that monitors whether the device is connected to the proxy.
  - 19. The system of claim 1, wherein the central access authority is configured to query the device to determine whether the device is capable of storing the access rules internally, and to provide the access rules directly to the device if it is determined that the device is capable of storing the access rules, wherein the central access authority provides the access rules to the proxy if it is determined that the device is not capable of storing the access rules internally.
  - 20. The system of claim 18, wherein the sensor is configured to monitor the device at an application level.
  - 21. The system of claim 1, wherein the proxy is configured to communicate with one or more of a disparate proxy or a server upon detection of tampering.
  - 22. The system of claim 1, wherein the central access authority is configured to monitor the proxy, and to take action upon determining that the proxy has been disconnected from the device.
  - 23. The system of claim 1, wherein the characteristics include at least a relative location of an entity requesting the access with respect to the device.

24. A method for enhancing security in an industrial automation system that includes one or more devices, comprising:
- employing one or more processors executing computer-executable instructions stored on a computer-readable storage medium to implement the following acts;
  
  associating a device with a proxy;
  
  creating a fingerprint of the device based on at least one query of the device by the proxy, the fingerprint logically linking the device to the proxy;
  
  providing the proxy with access rules defining access permissions for the device;
  
  receiving, at the proxy, a request from a remote terminal to access the device;
  
  determining whether access to the device is granted or denied to the remote terminal based on the access rules and the request;
  
  detecting that the device has been replaced with a replacement device; and
  
  determining if the replacement device is a valid replacement based at least on the fingerprint.
- View Dependent Claims (25, 26, 27, 28, 29, 30)
- - 25. The method of claim 24, further comprising generating access privileges for the remote terminal based at least in part on a relative location of the remote terminal with respect to the device.
  - 26. The method of claim 24, further comprising:
    - monitoring whether the device is connected to the proxy; and
      
      generating an alarm upon determining that the device has been disconnected from the proxy.
  - 27. The method of claim 24, further comprising:
    - determining if the access privileges preclude replacement of the device;
      
      if the determining determines that the access privileges do not preclude replacement of the device;
      
      checking the replacement device to determine if the replacement device is a valid substitute for the device; and
      
      enabling communication to the replacement device subject to the access privileges; and
      
      if the determining determines that the access privileges preclude replacement of the devices;
      
      prohibiting communication to the replacement device.
  - 28. The method of claim 24, further comprising unlocking a lock associated with a physical barrier that protects the proxy and the device upon receipt of a signal from the proxy.
  - 29. The method of claim 27, wherein the checking the replacement device comprises employing the fingerprint to validate the replacement device.
  - 30. The method of claim 24, further comprising:
    - querying the replacement device in response to the detecting to determine at least one of processing capabilities or memory capabilities of the replacement device;
      
      providing access rules associated with the replacement device directly to the replacement device if the querying determines that the replacement device has sufficient processing and memory capabilities; and
      
      providing the access rules to the proxy if the querying determines that the replacement device does not have sufficient processing and memory capabilities.

31. An apparatus that provides enhanced security, comprising:
- an analysis component configured to maintain one or more access rules defining whether a requesting entity is permitted to access to a first automation device associated with the apparatus, wherein the analysis component is further configured to issue a query to the first automation device and to create a fingerprint of the device that logically links the device to the proxy based on results of the query, and is further configured to employ the fingerprint to confirm validity of a second automation device upon detecting that the first automation device has been replaced by the second automation device; and
  
  an activity sensor configured to monitor activity between the requesting entity and the device if the access rules permit the requesting entity to access the device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Rockwell Automation Technologies Incorporated (Allen-Bradley Co., Inc.)
Original Assignee
Rockwell Automation Technologies Incorporated (Allen-Bradley Co., Inc.)
Inventors
Anderson, Mark B., Bush, Michael A., Batke, Brian A., Brandt, David D.
Primary Examiner(s)
Shiferaw; Eleni A

Application Number

US10/952,317
Publication Number

US 20060085839A1
Time in Patent Office

2,429 Days
Field of Search

726/1, 726/2, 726/9, 726/11, 726/12, 726/34, 726 27- 29, 705/50, 705/79, 709/222
US Class Current

726/2
CPC Class Codes

G05B 19/4185   characterised by the networ...

G05B 2219/31241   Remote control by a proxy o...

H04L 63/0281   Proxies

H04L 63/102   Entity profiles

Y02P 90/02   Total factory control, e.g....

Y02P 90/80   Management or planning

Centrally managed proxy-based security for legacy automation systems

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

46 Citations

31 Claims

Specification

Use Cases

Quick Links

Others

Centrally managed proxy-based security for legacy automation systems

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

46 Citations

31 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others