Unique identification of entities of an industrial control system
First Claim
Patent Images
1. A method of installing an industrial automation device in an industrial automation network, comprising:
- communicating industrial automation device information across an industrial automation network to an identification authority component, the industrial automation device information including a type of industrial automation device being installed and at least one functionality of the industrial automation device being installed, wherein the functionality of the industrial automation device is at least one of a role or a level of criticality of the industrial automation device in an industrial automation process;
issuing an industrial automation device identification credential based at least in part on the industrial automation device information communicated across the industrial automation network, the industrial automation device identification credential including a device identifier to uniquely identify the industrial automation device and an identification authority component identifier to uniquely identify an identification authority component that issues the industrial automation device identification credential; and
establishing communication with the industrial automation device across the industrial automation network and receiving operational credentials including an access control list associated with the industrial automation device from the identification authority component in response to authenticating the industrial automation device identification credential.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems and methods are provided for issuing unique identification credentials to a plurality of devices, and their constituent components, in an industrial control system. Identification credentials are granted by an identification authority and conveyed to each of the credentialed devices and/or component through an identity token. The identification credentials include (1) a unique device identifier, (2) an identification authority component identifier, and (3) an indication of the location of the identification authority component. To secure the issued credentials, such credentials are encrypted and the identification token can be embedded with biometrics features. Identification credentials provide for the following prominent features: (i) Secure access to a device form a client and (ii) determination a topology of a set of credentialed devices in an industrial control system. The topology is network agnostic and facilitates organizational modeling of processes in the industrial control system.
-
Citations
14 Claims
-
1. A method of installing an industrial automation device in an industrial automation network, comprising:
-
communicating industrial automation device information across an industrial automation network to an identification authority component, the industrial automation device information including a type of industrial automation device being installed and at least one functionality of the industrial automation device being installed, wherein the functionality of the industrial automation device is at least one of a role or a level of criticality of the industrial automation device in an industrial automation process; issuing an industrial automation device identification credential based at least in part on the industrial automation device information communicated across the industrial automation network, the industrial automation device identification credential including a device identifier to uniquely identify the industrial automation device and an identification authority component identifier to uniquely identify an identification authority component that issues the industrial automation device identification credential; and establishing communication with the industrial automation device across the industrial automation network and receiving operational credentials including an access control list associated with the industrial automation device from the identification authority component in response to authenticating the industrial automation device identification credential. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A non-transitory computer-readable medium having instructions stored thereon that, in response to execution, cause at least one device to perform operations comprising:
-
communicating industrial automation device information across an industrial automation network to an identification authority component, the industrial automation device information including a type of industrial automation device being installed and at least one functionality of the industrial automation device being installed, wherein the functionality of the industrial automation device is at least one of a role or a level of criticality of the industrial automation device in an industrial automation process; issuing an industrial automation device identification credential based at least in part on the industrial automation device information communicated across the industrial automation network, the industrial automation device identification credential including a device identifier to uniquely identify the industrial automation device and an identification authority component identifier to uniquely identify an identification authority component that issues the industrial automation device identification credential; and establishing communication with the industrial automation device across the industrial automation network and receiving operational credentials including an access control list associated with the industrial automation device from the identification authority component in response to authenticating the industrial automation device identification credential. - View Dependent Claims (8, 9, 10)
-
-
11. A system for installing an industrial automation device in an industrial automation network, comprising:
an identification authority component configured to; receive industrial automation device information across an industrial automation network, the industrial automation device information including a type of industrial automation device being installed and at least one functionality of the industrial automation device being installed, wherein the functionality of the industrial automation device is at least one of a role or a level of criticality of the industrial automation device in an industrial automation process; issue an industrial automation device identification credential based at least in part on the industrial automation device information communicated across the industrial automation network, the industrial automation device identification credential including a device identifier to uniquely identify the industrial automation device and an identification authority component identifier to uniquely identify the identification authority component; authenticate communication between a component and the industrial automation device across the industrial automation network based on the industrial automation device identification credential; and transmit operational credentials to the industrial automation device. - View Dependent Claims (12)
-
13. A system for installing an industrial automation device in an industrial automation network, comprising:
-
means for communicating industrial automation device information across an industrial automation network to an identification authority component, the industrial automation device information including a type of industrial automation device being installed and at least one functionality of the industrial automation device being installed, wherein the functionality of the industrial automation device is at least one of a role or a level of criticality of the industrial automation device in an industrial automation process; means for issuing an industrial automation device identification credential based at least in part on the industrial automation device information communicated across the industrial automation network, the industrial automation device identification credential including a device identifier to uniquely identify the industrial automation device and an identification authority component identifier to uniquely identify an identification authority component that issues the industrial automation device identification credential; and means for establishing communication with the industrial automation device across the industrial automation network and receiving operational credentials including an access control list associated with the industrial automation device from the identification authority component in response to authenticating the industrial automation device identification credential.
-
-
14. A system for installing an industrial automation device in an industrial automation network, comprising:
the industrial automation device configured to; transmit industrial automation device information across an industrial automation network to an identification authority component, the industrial automation device information including a type of industrial automation device being installed and at least one functionality of the industrial automation device being installed, wherein the functionality of the industrial automation device is at least one of a role or a level of criticality of the industrial automation device in an industrial automation process; receive from the identification authority component an industrial automation device identification credential based at least in part on the industrial automation device information communicated across the industrial automation network, the industrial automation device identification credential including a device identifier to uniquely identify the industrial automation device and an identification authority component identifier to uniquely identify the identification authority component; and establish communication with a component across the industrial automation network and receiving operational credentials including an access control list associated with the industrial automation device from the identification authority component based on the industrial automation device identification credential.
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeRockwell Automation Technologies Incorporated (Rockwell Automation, Inc.)
-
Original AssigneeRockwell Automation Technologies Incorporated (Rockwell Automation, Inc.)
-
InventorsWilkinson, John C. Jr., Hall, Kenwood Henry, Jasper, Taryl Jon, Kalan, Michael Dean
-
Primary Examiner(s)DADA, BEEMNET W
-
Application NumberUS11/861,082Publication NumberTime in Patent Office1,897 DaysField of Search726/9, 726/4, 726/27, 713/172, 713/186, 713/155, 713/156, 713/168US Class Current713/155CPC Class CodesH04L 2209/60 Digital content management,...H04L 2209/805 Lightweight hardware, e.g. ...H04L 63/0807 using tickets, e.g. Kerbero...H04L 9/3231 Biological data, e.g. finge...H04L 9/3234 involving additional secure...
