Scalable and flexible information security for industrial automation

US 8,607,307 B2
Filed: 12/14/2011
Issued: 12/10/2013
Est. Priority Date: 09/30/2004
Status: Active Grant

First Claim

Patent Images

1. A system, comprising:

a memory that stores computer executable instructions; and

a processor, communicatively coupled to the memory, that facilitates execution of thecomputer executable instructions to at least;

associate a factory floor security policy comprising security settings with a plurality of devices on a factory floor;

receive a request to disable security settings of a first device of the plurality of devices on the factory floor for testing, debugging or maintenance, wherein disabling security settings of the first device comprise disabling a first alarm associated with the first device;

determine a security zone comprising the first device and a second device of the plurality of devices,verify the request to disable the security settings within the security zone based on the factory floor security policy;

disable security settings within the security zone and maintain security settings to all other devices of the plurality of devices; and

reinstate the security settings within the security zone in response to completion of the testing, debugging or maintenance,wherein reinstating security settings within the security zone comprise enabling the first alarm associated with the first device and enabling a second alarm associated with the second device within the security zone.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A security system that relates to industrial automation security comprises a component that receives a request to modify security relating to a zone of a factory floor, the zone being less than an entirety of the factory floor. A zonal security component generates security procedures for the zone, the security procedures differ from security procedures implemented on the factory floor outside the zone.

46 Citations

View as Search Results

19 Claims

1. A system, comprising:
- a memory that stores computer executable instructions; and
  
  a processor, communicatively coupled to the memory, that facilitates execution of thecomputer executable instructions to at least;
  
  associate a factory floor security policy comprising security settings with a plurality of devices on a factory floor;
  
  receive a request to disable security settings of a first device of the plurality of devices on the factory floor for testing, debugging or maintenance, wherein disabling security settings of the first device comprise disabling a first alarm associated with the first device;
  
  determine a security zone comprising the first device and a second device of the plurality of devices,verify the request to disable the security settings within the security zone based on the factory floor security policy;
  
  disable security settings within the security zone and maintain security settings to all other devices of the plurality of devices; and
  
  reinstate the security settings within the security zone in response to completion of the testing, debugging or maintenance,wherein reinstating security settings within the security zone comprise enabling the first alarm associated with the first device and enabling a second alarm associated with the second device within the security zone.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system of claim 1, wherein the plurality of devices on the factory floor are arranged in accordance with a hierarchically structured data model and the factory floor security policy is generated in accordance with the hierarchically structured data model.
  - 3. The system of claim 1, wherein the processor further facilitates the execution of the computer-executable instructions to verify the request based on a time or a date.
  - 4. The system of claim 1, wherein the security settings to the security zone are disabled for a time period and, after the time period, the security settings are reinstated to the security zone.
  - 5. The system of claim 1, wherein the request is received in response to the first alarm associated with the first device.
  - 6. The system of claim 1 wherein the request is received in response to an expiry of a set time period for the maintenance, test, or debug of the first device.
  - 7. The system of claim 1, wherein the processor further facilitates the execution of the computer-executable instructions to verify the request based on approval input received by the system.
  - 8. The system of claim 7, wherein the processor further facilitates the execution of the computer-executable instructions to request a verification of the request to be input to the system.
  - 9. The system of claim 1, wherein the processor further facilitates the execution of the computer-executable instructions to verify the request based on an authentication of an origin of the request.
  - 10. The system of claim 1, wherein the processor further facilitates the execution of the computer-executable instructions to employ a proxy server to disable a set of security settings of the second device.

11. An apparatus, comprising:
- a memory that stores a hierarchically structured representation of a factory floor comprising a plurality of devices and computer executable instructions; and
  
  a processor, coupled to the memory, that facilitates execution of the computer executable instructions to at least;
  
  apply security settings associated with a factory floor security policy to the plurality of devices according to the hierarchically structured representation;
  
  receive a request to disable security settings of a first device of the plurality of devices, wherein the request is related to a testing procedure of the first device, a debugging procedure of the first device or a maintenance procedure of the first device, wherein disabling security settings of the first device comprise disabling a first alarm associated with the first device;
  
  determine a security zone comprising the first device and a second device of the plurality of devices based on a relationship between the first device and the second device defined in the hierarchically structured representation;
  
  verify the request to disable the security settings within the security zone based on the factory floor security policy;
  
  disable security settings within the security zone, wherein disabling security settings within the security zone comprise disabling first alarm associated with the first device and disabling a second alarm associated with the second device within the security zone;
  
  maintain security settings to other devices of the plurality of devices; and
  
  reinstate the security settings within the security zone after completion of the testing procedure of the first device, the debugging procedure of the first device or the maintenance procedure of the first device;
  
  wherein reinstating security settings within the security zone comprise enabling the first alarm associated with the first device and enabling a second alarm associated with the second device within the security zone.
- View Dependent Claims (12, 13)
- - 12. The apparatus of claim 11, wherein the processor further facilitates the execution of the instructions to further verify the request based on a time or a date.
  - 13. The apparatus of claim 11, wherein the the security settings to the security zone are disabled for a time period and, after the time period, the security settings to the security zone are reinstated.

14. A method, comprising:
- receiving, by a system comprising a processing device, a request to disable security procedures of a first device on a factory floor, wherein the request is related to a testing procedure of the first device, a debugging procedure of the first device or a maintenance procedure of the first device, wherein the security procedures of the first device comprise a first alarm associated with the first device;
  
  querying a hierarchical data representation of a plurality of devices on the factory floorfor a second device linked to the first device in a manufacturing operation based on the request;
  
  setting a security zone comprising the first device and the second device;
  
  verifying the request to disable the security settings within the security zone based on the factory floor security policy;
  
  disabling security procedures of other devices within the security zone, wherein disabling the security settings within the security zone comprise disabling the first alarm associated with the first device and disabling a second alarm associated with the second device within the security zone;
  
  maintaining security procedures for other devices of the plurality of devices; and
  
  reinstating the security procedures within the security zone in response to determining that the testing procedure of the first device, the debugging procedure of the first device or the maintenance procedure of the first device has completed;
  
  wherein reinstating security settings within the security zone comprise enabling the first alarm associated with the first device and enabling a second alarm associated with the second device within the security zone.
- View Dependent Claims (15, 16, 17, 18, 19)
- - 15. The method of claim 14, further comprising:
    - receiving an indication that the security procedures are reinstatable to the first device; and
      
      reinstating a security procedure to the devices in the security zone related to the first device in response to the receiving of the indication.
  - 16. The method of claim 14, further comprising verifying the security zone based on a device location or a time.
  - 17. The method of claim 14, further comprising receiving, by the processing device, an external input indicating an approval to disable the security procedures of all devices within the security zone.
  - 18. The method of claim 14, further comprising authenticating an entity initiating the request.
  - 19. The method of claim 14, wherein the disabling further comprises employing a proxy server to disable a set of security procedures of the second device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Rockwell Automation Technologies Incorporated (Allen-Bradley Co., Inc.)
Original Assignee
Rockwell Automation Technologies Incorporated (Allen-Bradley Co., Inc.)
Inventors
Chand, Sujeet, Farchmin, David W., Baier, John J., Kalan, Michael D., Marquardt, Randall A., Morse, Richard A., Briant, Stephen C.
Primary Examiner(s)
PHAM, LUU T

Application Number

US13/325,492
Publication Number

US 20120089240A1
Time in Patent Office

727 Days
Field of Search

726/1, 700/79, 707/10
US Class Current

726/1
CPC Class Codes

H04L 63/10 for controlling access to d...

Y02P 90/80 Management or planning

Scalable and flexible information security for industrial automation

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

46 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Scalable and flexible information security for industrial automation

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

46 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links