Security model for industrial devices

US 9,043,600 B2
Filed: 07/03/2013
Issued: 05/26/2015
Est. Priority Date: 10/15/2010
Status: Active Grant

First Claim

Patent Images

1. An apparatus, comprising:

a processor;

a memory communicatively coupled to processor, the memory having stored therein computer-executable instructions, comprising;

a protocol buffer component configured to;

receive a first series of bytes representing a token request having credential information from a requestor;

de-serialize the first series of bytes into a token request protocol message object retaining the credential information, wherein the token request protocol message object is formatted according to a Protocol Buffer definition;

convert the token request protocol message object into a second token request protocol message object having a first format associated with an external entity; and

a security token service configured to;

send the second token request protocol message object to the external entity;

receive a first protocol buffer security token, having a representation not formatted according to the Protocol Buffer definition, from the external entity;

convert the first protocol buffer security token into a second protocol buffer security token structured in accordance with the Protocol Buffer definition;

serialize the second protocol buffer security token into a second series of bytes; and

communicate the second series of bytes as a response to the token request.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and/or methods are described relating to a security model that provides interoperability with foreign security domains while remaining scalable to small embedded devices. A security token service is provided, which is configured to issue, renew, and/or validate security tokens in response to a token request. A communication protocol, corresponding message structures, and the security tokens are defined in accordance with protocol buffer definitions.

Citations

20 Claims

1. An apparatus, comprising:
- a processor;
  
  a memory communicatively coupled to processor, the memory having stored therein computer-executable instructions, comprising;
  
  a protocol buffer component configured to;
  
  receive a first series of bytes representing a token request having credential information from a requestor;
  
  de-serialize the first series of bytes into a token request protocol message object retaining the credential information, wherein the token request protocol message object is formatted according to a Protocol Buffer definition;
  
  convert the token request protocol message object into a second token request protocol message object having a first format associated with an external entity; and
  
  a security token service configured to;
  
  send the second token request protocol message object to the external entity;
  
  receive a first protocol buffer security token, having a representation not formatted according to the Protocol Buffer definition, from the external entity;
  
  convert the first protocol buffer security token into a second protocol buffer security token structured in accordance with the Protocol Buffer definition;
  
  serialize the second protocol buffer security token into a second series of bytes; and
  
  communicate the second series of bytes as a response to the token request.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The apparatus of claim 1, wherein the Protocol Buffer definition is programming language neutral, execution platform neutral, and extensible.
  - 3. The apparatus of claim 1, further comprising a cryptography component configured to verify a digital signature attached to the token request.
  - 4. The apparatus of claim 3, wherein the cryptography component is further configured to digitally sign the first protocol buffer security token.
  - 5. The apparatus of claim 1, wherein the security token component further comprises an authentication component configured to validate the credential information with a data store that stores account information.
  - 6. The apparatus of claim 1, further comprising a protocol buffer compiler configured to compile the Protocol Buffer definition into a serialization mechanism configured to serialize token request protocol message objects into series'"'"' of bytes.
  - 7. The apparatus of claim 1, further comprising a protocol buffer compiler configured to compile the Protocol Buffer definition into a de-serialization mechanism configured to de-serialize series of bytes into token request protocol message objects.
  - 8. The apparatus of claim 1, further comprising a protocol buffer compiler configured to compile the Protocol Buffer definition into a data access mechanism configured to access data in token request protocol message objects.

9. A method, comprising:
- obtaining, by a device including a processor, a token request, as a series of bytes, that includes credential information to be authenticated;
  
  de-serializing, by the device, the series of bytes to obtain the token request as an object structured in accordance with a Protocol Buffer definition;
  
  converting, by the device, the token request, structured in accordance with the Protocol Buffer definition, into a second token request having a format associated with an external entity;
  
  sending, by the device, the second token request to the external entity;
  
  receiving, by the device, a first security token, having a representation not formatted according to the Protocol Buffer definition, from the external entity;
  
  converting, by the device, the first security token into a second security token structured in accordance with the Protocol Buffer definition;
  
  serializing, by the device, the second security token into a byte stream; and
  
  communicating, by the device, the byte stream as a response to the token request.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The method of claim 9, further comprising verifying, by the device, a digital signature attached to the token request.
  - 11. The method of claim 10, further comprising, by the device, digitally signing the first protocol buffer security token.
  - 12. The method of claim 9, further comprising compiling, by the device, the Protocol Buffer definition into a serialization mechanism configured to serialize objects structured in accordance with the Protocol Buffer definition into series'"'"' of bytes.
  - 13. The method of claim 9, further comprising compiling, by the device, the Protocol Buffer definition into a de-serialization mechanism configured to de-serialize byte streams into objects structured in accordance with the Protocol Buffer definition.
  - 14. The method of claim 9, further comprising compiling, by the device, the Protocol Buffer definition into a data access mechanism configured to access data in objects structured in accordance with the Protocol Buffer definition.

15. A non-transitory computer-readable medium having instructions stored thereon that, in response to execution, cause at least one device including a processor to perform operations comprising:
- receiving a token request, as first byte stream, that includes credential information to be authenticated;
  
  de-serializing the first byte stream to obtain the credential information as a first object structured in accordance with a Protocol Buffer definition;
  
  converting the first object into a second object, having a format associated with an external entity;
  
  sending the second object to the external entity;
  
  receiving a first security token, having a representation not formatted according to the Protocol Buffer definition, from the external entity;
  
  converting the first security token into a second security token structured in accordance with the Protocol Buffer definition;
  
  serializing the second security token into a second byte stream; and
  
  sending the second byte stream as a response to the token request.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The non-transitory computer-readable medium of claim 15, the operations further comprising verifying a digital signature attached to the token request.
  - 17. The non-transitory computer-readable medium of claim 16, the operations further comprising digitally signing the first protocol buffer security token.
  - 18. The non-transitory computer-readable medium of claim 15, the operations further comprising compiling the Protocol Buffer definition into a serialization mechanism configured to serialize objects structured in accordance with the Protocol Buffer definition into series'"'"' of bytes.
  - 19. The non-transitory computer-readable medium of claim 15, the operations further comprising compiling the Protocol Buffer definition into a de-serialization mechanism configured to de-serialize byte streams into objects structured in accordance with the Protocol Buffer definition.
  - 20. The non-transitory computer-readable medium of claim 15, the operations further comprising compiling the Protocol Buffer definition into a data access mechanism configured to access data in objects structured in accordance with the Protocol Buffer definition.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Rockwell Automation Technologies Incorporated (Rockwell Automation, Inc.)
Original Assignee
Rockwell Automation Technologies Incorporated (Rockwell Automation, Inc.)
Inventors
Jasper, Taryl J., Miller, Michael B., Brandt, Robert A.
Primary Examiner(s)
BROWN, ANTHONY D

Application Number

US13/934,701
Publication Number

US 20130298217A1
Time in Patent Office

692 Days
Field of Search

713/172, 713/159, 726/9, 726/20
US Class Current

713/172
CPC Class Codes

G06F 21/34   involving the use of extern...

H04L 63/0853   using an additional device,...

H04L 63/20   for managing network securi...

Security model for industrial devices

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Security model for industrial devices

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links