System and method for connecting closed, secure production network

US 8,341,277 B2
Filed: 07/03/2007
Issued: 12/25/2012
Est. Priority Date: 07/03/2007
Status: Expired due to Fees

First Claim

Patent Images

1. A system, comprising:

a server implemented with a processor and configured to create a plurality of virtual networks such that a separate virtual network is created for each separate individual tool or group of tools in a production facility, wherein each separate individual tool or group of tools is vendor specific and proprietary to the vendor;

another server configured to;

store information related to each of the plurality of virtual networks and each separate individual tool or group of tools in the corresponding virtual network of the plurality of virtual networks, and which virtual network for each separate individual tool or group of tools a client is authorized to access;

receive a request from the client to gain access to at least one of the separate individual tool or group of tools;

access the at least one of the separate individual tool or group of tools via a corresponding virtual network of the plurality of virtual networks; and

permit the client to communicate with the least one of the separate individual tool or group of tools when the client is authorized to access the least one of the separate individual tool or group of tools, while isolating other individual tools or other groups of tools from the client which are non-authorized,wherein;

when the client is authorized to access the at least one of the separate individual tool or group of tools, the server provides authentication and tool routing information to the client in order to gain access to the at least one separate individual tool or group of tools via the corresponding virtual network, andthe authentication and the tool routing information provide access to the corresponding virtual network, while isolating the at least one of the separate individual tool or group of tools from the other individual tools or the groups of tools.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for providing connectivity to a closed, secure production network, and computer program products for executing the same and, more particularly, to a system and method for creating a virtual network to provide communication with remote tools. The system includes a server configured to create a virtual network for tools in a production facility and provide authentication and tool routing information to a client in order to gain access to the tools in the virtual network. The virtual network isolates each tool of the tools from each other.

72 Citations

View as Search Results

21 Claims

1. A system, comprising:
- a server implemented with a processor and configured to create a plurality of virtual networks such that a separate virtual network is created for each separate individual tool or group of tools in a production facility, wherein each separate individual tool or group of tools is vendor specific and proprietary to the vendor;
  
  another server configured to;
  
  store information related to each of the plurality of virtual networks and each separate individual tool or group of tools in the corresponding virtual network of the plurality of virtual networks, and which virtual network for each separate individual tool or group of tools a client is authorized to access;
  
  receive a request from the client to gain access to at least one of the separate individual tool or group of tools;
  
  access the at least one of the separate individual tool or group of tools via a corresponding virtual network of the plurality of virtual networks; and
  
  permit the client to communicate with the least one of the separate individual tool or group of tools when the client is authorized to access the least one of the separate individual tool or group of tools, while isolating other individual tools or other groups of tools from the client which are non-authorized,wherein;
  
  when the client is authorized to access the at least one of the separate individual tool or group of tools, the server provides authentication and tool routing information to the client in order to gain access to the at least one separate individual tool or group of tools via the corresponding virtual network, andthe authentication and the tool routing information provide access to the corresponding virtual network, while isolating the at least one of the separate individual tool or group of tools from the other individual tools or the groups of tools.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 18, 19, 20, 21)
- - 2. The system of claim 1, wherein the server is configured to create a firewall between the client and the server.
  - 3. The system of claim 1, wherein the each separate individual tool or the group of tools are on a private, non-advertised, network.
  - 4. The system of claim 1, wherein the another server is a host server configured to provide client credentials to the server.
  - 5. The system of claim 4, wherein the server receives the credentials from the host server and sends the authentication and the tool routing information to the client based on the credentials.
  - 6. The system of claim 5, wherein the server sends the authentication and the tool routing information directly to the client.
  - 7. The system of claim 5, wherein the server sends the authentication and the tool routing information to the client through the host server.
  - 8. The system of claim 5, wherein the client and server communicate through one of TCP/IP communications, a LAN, and a WAN.
  - 9. The system of claim 1, wherein the server uses Multi-protocol Label Switching (MPLS) technology to set up the at least one virtual network.
  - 10. The system of claim 1, wherein:
    - the each separate individual tool or the group of tools each have a secure local server that only allows access to a corresponding individual tool or corresponding group of tools in order to provide isolation of the each separate individual tool or the group of tools from one another;
      
      the server is configured to create the separate virtual networks for the each separate individual tool or the group of tools such that routing between the client and the each separate individual tool or the group of tools is independent from one another in order to maintain the isolation of the individual tool or the group of tools from one another and the client is only able to gain access to the individual tool or the group of tools in which the client has authority to access; and
      
      the another server is a host server that is aware of the separate virtual networks and is configured to communicate natively with tools or groups of tools through the separate virtual networks.
  - 11. The system of claim 10, wherein:
    - the host server is aware of the client and the each separate individual tool or the group of tools that the client is authorized to access;
      
      the client engages a client authentication against the host server when the client wants to access the individual tool or the group of tools the client is authorized to access, and the host server is capable of authenticating the client for authorized access; and
      
      the host server is further configured that once the client is authenticated, the host server enables all routers with an appropriate label between the host server and the separate virtual network configured for the individual tool or the group of tools that the client wants to gain access to enabling the host server to be a part of the separate virtual network such that the client can access the tool or the group of tools and remain unable to gain access to other individual tools or other groups of tools.
  - 12. The system of claim 1, wherein the server is configured to block off all network traffic going to a private network from systems in an offline room.
  - 18. The system of claim 11, wherein the host server is further configured that once the client is authenticated, the host server enables all of the routers with the appropriate labels between the host server, the separate virtual network configured for the individual tool or the group of tools, and the corresponding secure local server that the client wants to gain access to such that the secure local server continues to provide isolation of the individual tool or the group of tools from the other individual tools or other groups of tools.
  - 19. The system of claim 18, wherein the host server is configured to block off all network traffic going to the secure local servers except for network traffic going through the plurality of virtual networks.
  - 20. The system of claim 1, wherein:
    - the information regarding which separate individual tool or group of tools the client is authorized to access is access credentials;
      
      the another server is further configured to provide the server with information regarding the at least one of the separate individual tool or group of tools that the client requested access to and the access credentials of the client; and
      
      the server is further configured to determine whether the client is authorized to access the at least one of the separate individual tool or group of tools based on the information regarding the at least one of the separate individual tool or group of tools that the client requested access to and the access credentials of the client.
  - 21. The system of claim 20, wherein:
    - the another server is further configured to;
      
      receive the authentication and tool routing information from the client; and
      
      gain access to the separate individual tool or group of tools that the client requested access to in the corresponding virtual network of the plurality of virtual networks; and
      
      the another server has connection information related to each separate individual tool or group of tools for communicating natively with each separate individual tool or group of tools.

13. A method, comprising:
- receiving client credentials and tool access information, the tool access information being associated with tools that are vendor specific, proprietary to the vendor, and residing in a private, non-advertised network;
  
  creating a plurality of virtual networks such that a separate virtual network is created for each tool, wherein each tool residing in the private, non-advertised network is an isolated node;
  
  storing information related to each of the plurality of virtual networks and each tool in at least one of the plurality of virtual networks, and the tool access information that provides which virtual network for each tool or tools a client is authorized to access;
  
  receiving a request from the client to gain access to a tool;
  
  accessing the tool via a corres onding virtual network of the plurality of virtual networks;
  
  when the client is authorized to access the tool, sending authentication and routing information to the client in order to permit the client to communicate with the tool, while isolating other individual tools or other groups of tools from the client which are non-authorized; and
  
  providing access to the tool in the corresponding virtual network, wherein the access to the tool is provided to a single authenticated tool or tools, while isolating the other individual tools or the other group of tools in the plurality of virtual networks.
- View Dependent Claims (14, 15, 16)
- - 14. The method of claim 13, wherein the sending of the authentication and the routing information is sent directly to the client.
  - 15. The method of claim 13, wherein the sending of the authentication and the routing information is sent to the client through a host server.
  - 16. The method of claim 13, further comprising creating a firewall between a server and the client.

17. A computer program product for creating a virtual network in a production facility for private, non-advertised tools, the computer program product including computer program code stored on a computer readable storage memoryfor causing a computer to implement a method, comprising:
- creating a plurality of virtual networks such that a separate virtual network is created for each tool, wherein each tool is vendor specific, proprietary to the vendor, and an isolated node on a private non-advertised network;
  
  storing information related to each of the plurality of virtual networks and each tool in the corresponding virtual network of the plurality of virtual networks, and which virtual network for each tool or tools a client is authorized to access;
  
  receiving a request from the client to gain access to at least one tool;
  
  accessing the at least one tool via a corresponding virtual network of the plurality of virtual networks;
  
  when the client is authorized to access the at least one tool, sending authentication and routing information to the client for the requested at least one tool in the private non-advertised network in order to permit the client to communicate with the tool, while isolating other individual tools or other groups of tools from the client which are non-authorized; and
  
  providing access to the requested at least one tool in the corresponding virtual network, wherein the access to the requested at least one tool is provided to a single authenticated tool or tools, while isolating the other individual tools or groups of tools in the plurality of virtual networks.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Choudhury, Ziyad A.
Primary Examiner(s)
Tiv, Backhean
Assistant Examiner(s)
Mejia, Anthony

Application Number

US11/772,880
Publication Number

US 20090013030A1
Time in Patent Office

2,002 Days
Field of Search

709/229, 709/217, 709/219, 709/227
US Class Current

709/229
CPC Class Codes

G06F 21/6218   to a system of files or obj...

H04L 12/4641   Virtual LANs, VLANs, e.g. v...

H04L 45/02   Topology update or discovery

H04L 63/08   for authentication of entit...

System and method for connecting closed, secure production network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

72 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for connecting closed, secure production network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

72 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links