Systems and methods for providing security operations in a work machine
First Claim
1. A system for managing communications between one or more on-board modules associated with a work machine and connected to one or more on-board data links and one or more off-board systems connected to one or more off-board data links, the system comprising:
- a first off-board system connected to a first off-board data link, wherein the off-board module is remotely located from the work machine; and
a gateway embedded in the work machine including;
a communication application that uses a translation table stored in the gateway for converting information from a first protocol format to a second protocol format, and a firewall application that is configured to perform, when executed by a processor, a firewall process that controls access to proprietary information associated with the work machine, wherein the firewall process determines whether a message received from the first off-board system is authorized based on a profile associated with the first off-board system, whether a message received from the first off-board module includes a parameter identifier corresponding to one of a number of parameter identifiers included in the translation table, and denies access to the proprietary information based on at least one of (i) a determination that the parameter identifier in the data message does not correspond to one of the number of parameter identifiers in the translation table and (ii) the profile associated with the off-board system.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and system are provided to perform a process of managing communications in an environment including a work machine having one or more on-board data links connected to one or more on-board modules and a gateway, and one or more off-board data links connected to one or more off-board systems and the gateway. In one embodiment, the process includes receiving a request generated by a first off-board system and transmitted on a first off-board data link and invoking a firewall application that performs a firewall process. The firewall process may include identifying a destination device associated with the request and determining whether the request is authorized based on a profile associated with the first off-board system. Also, the process may include determining whether the request includes a parameter identifier that matches a parameter identifier included in a memory location maintained by the gateway, and based on the profile and parameter identifier determinations, denying or granting access to proprietary information associated with the work machine.
136 Citations
23 Claims
-
1. A system for managing communications between one or more on-board modules associated with a work machine and connected to one or more on-board data links and one or more off-board systems connected to one or more off-board data links, the system comprising:
-
a first off-board system connected to a first off-board data link, wherein the off-board module is remotely located from the work machine; and
a gateway embedded in the work machine including;
a communication application that uses a translation table stored in the gateway for converting information from a first protocol format to a second protocol format, and a firewall application that is configured to perform, when executed by a processor, a firewall process that controls access to proprietary information associated with the work machine, wherein the firewall process determines whether a message received from the first off-board system is authorized based on a profile associated with the first off-board system, whether a message received from the first off-board module includes a parameter identifier corresponding to one of a number of parameter identifiers included in the translation table, and denies access to the proprietary information based on at least one of (i) a determination that the parameter identifier in the data message does not correspond to one of the number of parameter identifiers in the translation table and (ii) the profile associated with the off-board system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method for managing communications in an environment including a work machine having one or more on-board data links connected to one or more on-board modules and a gateway, and one or more off-board data links connected to one or more off-board systems and the gateway, the method performed by the gateway comprising:
-
receiving a request generated by a first off-board system and transmitted on a first off-board data link; and
invoking a firewall application that performs a firewall process including the steps of;
identifying a destination device associated with the request, determining whether the request is authorized based on a profile associated with the first off-board system, determining whether the request includes a parameter identifier that matches a parameter identifier included in a memory location maintained by the gateway, and denying or granting access to proprietary information based on the two determining steps. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A computer-readable medium including instruction for performing, when executed by a processor, a method for managing communications in an environment including a work machine having one or more on-board data links connected to one or more on-board modules and a gateway, and one or more off-board data links connected to one or more off-board systems and the gateway, the method performed by the gateway comprising:
-
receiving a request generated by a first off-board system and transmitted on a first off-board data link; and
invoking a firewall application that performs a firewall process including the steps of;
identifying a destination device associated with the request, determining whether the request is authorized based on a profile associated with the first off-board system, determining whether the request includes a parameter identifier that matches a parameter identifier included in a memory location maintained by the gateway, and denying or granting access to proprietary information based on the two determining steps.
-
Specification