Industrial control metadata engine

US 9,798,319 B2
Filed: 05/27/2008
Issued: 10/24/2017
Est. Priority Date: 05/27/2008
Status: Active Grant

First Claim

Patent Images

1. An industrial control system, comprising:

a processor; and

a memory communicatively coupled to the processor, the memory having stored therein computer executable components, comprising;

an analysis component configured to;

evaluate a risk associated with disclosing a subset of metadata to a first industrial control device in the industrial control system, wherein the metadata describes at least one operational capability of a second industrial control device implemented in the industrial control system;

assign a security rating to the risk; and

estimate, using an artificial intelligence algorithm, a value indicative of how valuable the subset of the metadata is to the first industrial control device based upon at least one criterion associated with the first industrial control device; and

a selection component configured to;

determine whether to disclose the subset of metadata to the first industrial control device based upon the security rating and the estimated value, and;

in response to a determination that the subset of metadata should be disclosed to the first industrial control device, make the subset of metadata available to the first industrial control device, orin response to a determination that the subset of metadata should not be disclosed to the first industrial control device, prevent access to the subset of metadata by the first industrial control device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In an industrial control setting, different components can have information that can be valuable to various entities, such as other components, technicians, and the like. A decision can be made as to what information should be available to entities and a determination can be made if the information should be published in a directory or be discoverable. Security can be taken into account in determining if information should be published and decision making can employ adaptive learning, such that a publish and/or discovery decision criterion can be modified based on the learning.

29 Citations

20 Claims

1. An industrial control system, comprising:
- a processor; and
  
  a memory communicatively coupled to the processor, the memory having stored therein computer executable components, comprising;
  
  an analysis component configured to;
  
  evaluate a risk associated with disclosing a subset of metadata to a first industrial control device in the industrial control system, wherein the metadata describes at least one operational capability of a second industrial control device implemented in the industrial control system;
  
  assign a security rating to the risk; and
  
  estimate, using an artificial intelligence algorithm, a value indicative of how valuable the subset of the metadata is to the first industrial control device based upon at least one criterion associated with the first industrial control device; and
  
  a selection component configured to;
  
  determine whether to disclose the subset of metadata to the first industrial control device based upon the security rating and the estimated value, and;
  
  in response to a determination that the subset of metadata should be disclosed to the first industrial control device, make the subset of metadata available to the first industrial control device, orin response to a determination that the subset of metadata should not be disclosed to the first industrial control device, prevent access to the subset of metadata by the first industrial control device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The industrial control system of claim 1, wherein the metadata further describes at least one of a service provided by the second industrial control device, a relationship of the second industrial control device with an entity, or a dependency of the second industrial control device.
  - 3. The industrial control system of claim 1, wherein the selection component is further configured to assign respective weights to the assigned security rating and the estimated value for the determination of whether to disclose the subset of metadata to the first industrial control device.
  - 4. The industrial control system of claim 1, wherein the risk relates to at least one of a likelihood of the first industrial control device requesting the metadata, a security characteristic of the metadata, volatility of the metadata, a potential damage resulting from disclosing the subset of the metadata, or a likelihood of the subset of metadata being accessed by an undesirable entity.
  - 5. The industrial control system of claim 1, wherein the selection component is further configured to:
    - analyze historical information related to access of the metadata; and
      
      determine whether to disclose the subset of metadata to the first industrial control device based upon the security rating, the estimated value, and the analyzed historical information.
  - 6. The industrial control system of claim 1, wherein the selection component is further configured to accept user input overriding a determination by the selection component on whether to disclose the subset of metadata to the first industrial control device.
  - 7. The industrial control system of claim 1, wherein the selection component is further configured to, in response to determining to disclose the subset of the metadata, determine whether the subset of the metadata is to be published to a directory accessible by the first industrial control device or be discoverable by the first industrial control device.
  - 8. The industrial control system of claim 1, wherein the at least one criterion comprises a failure rate of the other module resulting from metadata requests from the first industrial control device.
  - 9. The industrial control system of claim 1, wherein the at least one criterion comprises a contextual characteristic associated with the first industrial control device.

10. A method, comprising:
- evaluating, by a device including a processor, a risk associated with exposing at least one portion of metadata to a first industrial control device installed in an industrial control system, wherein the metadata describes at least one operational capability of a second industrial control device implemented in the industrial control system;
  
  assigning, by the device, a security rating to the risk;
  
  estimating, by the device, using an artificial intelligence algorithm, a value indicative of how valuable the at least one portion of the metadata is to the first industrial control device based upon at least one criterion associated with the first industrial control device; and
  
  determining, by the device, whether to expose the at least one portion of metadata to the first industrial control device based upon the security rating and the estimated value, and;
  
  in response to determining that the subset of metadata should be disclosed to the first industrial control device, make the subset of metadata available to the first industrial control device, orin response to determining that the subset of metadata should not be disclosed to the first industrial control device, prevent access to the subset of metadata by the first industrial control device.
- View Dependent Claims (11, 12, 13)
- - 11. The method of claim 10, further comprising:
    - analyzing historical information related to access of the metadata; and
      
      wherein the determining comprises determining whether to disclose the at least one portion of the metadata to the first industrial control device based upon the security rating, the estimated value, and the analyzed historical information.
  - 12. The method of claim 10, further comprising, in response to determining to disclose the at least one portion of the metadata to the first industrial control device, determining whether the at least one portion of the metadata is to be published to a directory accessible by the first industrial control device or be discoverable by the first industrial control device.
  - 13. The method of claim 10, wherein the at least one criterion comprises a component failure rate of the first industrial control device resulting from metadata requests from the first industrial control device.

14. A non-transitory computer-readable medium having instructions stored thereon that, in response to execution, cause at least one device including a processor to perform operations comprising:
- evaluating a risk associated with exposing at least one portion of the metadata to a first industrial control device installed in an industrial control system, wherein the metadata describes at least one operational capability of a second industrial control device in the industrial control system;
  
  assigning a security rating to the risk; and
  
  predicting, using an artificial intelligence algorithm, a value indicative of how valuable the at least one portion of the metadata is to the first industrial control device based upon at least one criterion associated with the first industrial control device; and
  
  determining whether to expose the at least one portion of metadata to the first industrial control device based upon the security rating and the predicted value, and;
  
  in response to determining that the subset of metadata should be disclosed to the first industrial control device, make the subset of metadata available to the first industrial control device, orin response to determining that the subset of metadata should not be disclosed to the first industrial control device, prevent access to the subset of metadata by the first industrial control device.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The non-transitory computer-readable medium of claim 14, further comprising:
    - analyzing historical information related to access of the metadata; and
      
      wherein the determining comprises determining whether to disclose the at least one portion of the metadata to the first industrial control device based upon the security rating, the predicted value, and the analyzed historical information.
  - 16. The non-transitory computer-readable medium of claim 14, the operations further comprising, in response to determining to disclose the at least one portion of the metadata to the first industrial control device, determining whether the at least one portion of the metadata is to be published to a directory accessible by the first industrial control device or be discoverable by the first industrial control device.
  - 17. The non-transitory computer-readable medium of claim 16, the operations further comprising accepting user input overriding a determination by the selection component on whether to disclose the at least one portion of the metadata to the first industrial control device.
  - 18. The non-transitory computer-readable medium of claim 14, wherein the at least one criterion comprises a failure rate of the first industrial control device resulting from metadata requests from the first industrial control device.

19. A system comprising:
- means for evaluating a risk associated with disclosing a subset of metadata to a first industrial control device installed in an industrial control system, wherein the metadata describes an operational capability of a second industrial control device in an industrial control system;
  
  means for associating a security rating to the risk;
  
  means for estimating, using an artificial intelligence algorithm, a value indicative of how valuable the subset of the metadata is to the first industrial control device based upon at least one criterion associated with the first industrial control device; and
  
  means for determining whether to disclose the subset of metadata to the first industrial control device based upon the security risk and the estimated value, and;
  
  in response to determining that the subset of metadata should be disclosed to the first industrial control device, make the subset of metadata available to the first industrial control device, orin response to determining that the subset of metadata should not be disclosed to the first industrial control device, prevent access to the subset of metadata by the first industrial control device.
- View Dependent Claims (20)
- - 20. The system of claim 19, wherein the at least one criterion comprises a component failure rate of the entity resulting from metadata requests from the first industrial control device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Rockwell Automation Technologies Incorporated (Allen-Bradley Co., Inc.)
Original Assignee
Rockwell Automation Technologies Incorporated (Allen-Bradley Co., Inc.)
Inventors
Vasko, David A., Staron, Raymond J., Rischar, Charles Martin, Hall, Kenwood H., Govindaraj, Subbian, Kretschmann, Robert J., Kalan, Michael D., D'Mura, Paul R., Jasper, Taryl J., Liberman, Eugene
Primary Examiner(s)
Lu, Kuen

Application Number

US12/127,598
Publication Number

US 20090300021A1
Time in Patent Office

3,437 Days
Field of Search

707636, 707803, 707781, 370389
US Class Current
CPC Class Codes

G05B 19/41845   characterised by system uni...

G05B 2219/31134   PCD profinet component desc...

Y02P 90/02   Total factory control, e.g....

Industrial control metadata engine

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

29 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Industrial control metadata engine

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

29 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others