System and method for synchronizing security settings of control systems
First Claim
1. A method for communicating data between a first control system and a second control system, said first control system operable for controlling a first process having first security data in a first data security format for limiting access to said first process, comprising the steps of:
- modifying, by a computing device, said first security data retrieved from a memory device associated with said first control system from being in said first data security format into modified security data in a modified security format, said modified security format compatible with said second control system;
subsequent to said modifying step, receiving a request from a user of said second control system, said request including a user type and for permission to change a value of a process parameter associated with said first process;
retrieving a custom security settings data file from said first control system, wherein said custom security settings data file contains said first security data operable for identifying a plurality of said process parameters that a plurality of said user types are allowed or not allowed to change;
referencing said user type and said process parameter to said modified security data and determining whether said value of said process parameter is allowed to be changed by said user type;
based on results of said referencing, blocking or allowing said request for permission to change said value of said process parameter,wherein if it is determined that said value of said process parameter is allowed to be changed by said user type, communicating with said first control system utilizing an impersonated access level that raises an access level for said user beyond an access level based on said user type of said user to enable changing said value of said process parameter; and
wherein if it is determined that said value of said process parameter is allowed to be changed by said user type, providing said user of said second control system with a limited access right, said limited access right to enable only said changing said value of said process parameter.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for communicating data between a first and second control system (FCS and SCS). FCS (202) controls a first process (FP) having first security data (FSD) in a first data security format (FDSF). The method involves modifying the FSD (214) from being in the FDSF into modified security data (MSD) in a modified security format (MSDF) compatible with SCS (226). Subsequent to the modifying, a request is received from an SCS user. The request includes a user type, process parameter (PP) associated with the FP, and request for information regarding the PP or a request to change a PP value. The method also involves referencing the user type and PP to the MSD. The method further involves blocking or allowing the request based on results of the referencing. If results indicate that the request is allowed, then an access level can be impersonated for changing the PP value in FCS.
-
Citations
13 Claims
-
1. A method for communicating data between a first control system and a second control system, said first control system operable for controlling a first process having first security data in a first data security format for limiting access to said first process, comprising the steps of:
-
modifying, by a computing device, said first security data retrieved from a memory device associated with said first control system from being in said first data security format into modified security data in a modified security format, said modified security format compatible with said second control system; subsequent to said modifying step, receiving a request from a user of said second control system, said request including a user type and for permission to change a value of a process parameter associated with said first process; retrieving a custom security settings data file from said first control system, wherein said custom security settings data file contains said first security data operable for identifying a plurality of said process parameters that a plurality of said user types are allowed or not allowed to change; referencing said user type and said process parameter to said modified security data and determining whether said value of said process parameter is allowed to be changed by said user type; based on results of said referencing, blocking or allowing said request for permission to change said value of said process parameter, wherein if it is determined that said value of said process parameter is allowed to be changed by said user type, communicating with said first control system utilizing an impersonated access level that raises an access level for said user beyond an access level based on said user type of said user to enable changing said value of said process parameter; and wherein if it is determined that said value of said process parameter is allowed to be changed by said user type, providing said user of said second control system with a limited access right, said limited access right to enable only said changing said value of said process parameter. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A control system, comprising:
-
a first control system including a first processor and a first computer memory storing computer executable instructions that when executed by the first processor cause the processor to perform the step of controlling a first process having first security data in a first data security format for limiting access to said first process; a second control system including a second processor and a second computer memory storing computer executable instructions that when executed by the second processor cause the processor to perform the step of enabling a user request including a user type and a request for permission to change a value of a process parameter associated with said first process; and an intermediary processing device coupled between said first and second control systems, said intermediary processing device including a third processor and a third computer memory storing computer executable instructions that when executed by the third processor cause the processor to perform the steps of; modifying said first security data from being in said first data security format into modified security data in a modified security format compatible with said second control system, receiving said user request from a user of said second control system, retrieving a custom security settings data file from said first control system, wherein said custom security settings data file contains said first security data identifying a plurality of said process parameters that a plurality of said user types are allowed or not allowed to change, referencing said user type and said process parameter to said modified security data, blocking or allowing said user request for permission to change said value of said process parameter based on results of said referencing, if it is determined that said value of said process parameter is allowed to be changed by said user type, communicating with said first control system utilizing an impersonated access level that raises an access level for said user beyond an access level based on said user type of said user to enable changing said value of said process parameter, and if it is determined that said value of said process parameter is allowed to be changed by said user type, providing said user of said second control system with a limited access right, said limited access right to enable only said changing said value of said process parameter. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A method for communicating data between distributed control systems (DCSs), comprising:
-
providing a first DCS and a second DCS both including application specific modules connected to each other, industrial equipment, and user interfaces connected via a local control network, wherein said first DCS is operable for controlling a first process having first security data in a first data security format stored on a memory device associated with said first DCS for limiting access to said first industrial process; modifying, by a computing device, said first security data retrieved from said memory device from being in said first data security format into modified security data in a modified security format, said modified security format compatible with said second DCS; subsequent to said modifying step, receiving a request from a user of said second DCS, said request including a user type and for permission to change a value of a process parameter associated with said first process; retrieving a custom security settings data file from said first DCS, wherein said custom security settings data file contains said first security data operable for identifying a plurality of said process parameters that a plurality of said user types are allowed or not allowed to change; referencing said user type and said process parameter to said modified security data and determining whether said value of said process parameter is allowed to be changed by said user type, and based on results of said referencing, blocking or allowing said request for permission to change said value of said process parameter, wherein if it is determined that said value of said process parameter is allowed to be changed by said user type, communicating with said first DCS utilizing an impersonated access level that raises an access level for said user beyond an access level based on said user type of said user to enable changing said value of said process parameter, and wherein if it is determined that said value of said process parameter is allowed to be changed by said user type, providing said user of said second control system with a limited access right, said limited access right to enable only said changing said value of said process parameter.
-
Specification