Peripheral mode for convertible laptops
US-2018165429-A1 · Jun 14, 2018 · US
Apparatus and method for preventing unintended or unauthorized peripheral device connectivity by requiring authorized human response
US11301548B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11301548-B2 |
| Application number | US-201815928577-A |
| Country | US |
| Kind code | B2 |
| Filing date | Mar 22, 2018 |
| Priority date | Jun 16, 2017 |
| Publication date | Apr 12, 2022 |
| Grant date | Apr 12, 2022 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A method includes detecting a connection attempt from a device, quarantining the device to prevent the device from substantially interacting with a host system, and determining whether the device requires verification while the device is quarantined. The method also includes, in response to determining that the device requires verification, presenting at least one authorization challenge to a user while the device is quarantined. The at least one authorization challenge requests that the user provide at least one specified response. The method further includes, in response to determining that the device requires verification, determining whether the user correctly provided the at least one specified response while the device is quarantined, granting access to the device in response to determining that the user correctly provided the at least one specified response, and continuing to quarantine the device in response to determining that the user did not correctly provide the at least one specified response.
First claim
Opening claim text (preview).
What is claimed is: 1. A method comprising: detecting a connection attempt of an industrial control or automation component to an industrial control system over a network, wherein the industrial control or automation component is configured to communicate with the industrial control system using one or more industrial messaging and communications protocols over the network, wherein the one or more industrial messaging and communications protocols comprises one or more of OPC, MODBUS, PRO-FIBUS, HART, and FIELDBUS; in response to detecting the connection attempt, automatically quarantining at least some communications of the industrial control or automation component over the network using a network filter rather than or in addition to a bus filter driver to prevent the industrial control or automation component from fully communicating with the industrial control system over the network; with the at least some communications of the industrial control or automation component quarantined, determining whether the industrial control or automation component requires verification; and in response to determining that the industrial control or automation component requires verification: presenting at least one authorization challenge to a user with the at least some communications of the industrial control or automation component quarantined, the at least one authorization challenge requesting that the user provide at least one specified response; determining whether the user correctly provided the at least one specified response with the at least some communications of the industrial control or automation component quarantined; releasing the quarantine on the at least some communications of the industrial control or automation component in response to determining that the user correctly provided the at least one specified response; and continuing to quarantine the at least some communications of the industrial control or automation component in response to determining that the user did not correctly provide the at least one specified response. 2. The method of claim 1 , further comprising: claiming the industrial control or automation component using an authentication subsystem while the at least some communications of the industrial control or automation component are quarantined; wherein the authentication subsystem is configured to initiate presentation of the at least one authorization challenge and to determine whether the user correctly provided the at least one specified response. 3. The method of claim 2 , further comprising: removing at least part of the authentication subsystem from a communication path of the industrial control or automation component after the quarantine on the at least some communications of the industrial control or automation component is released. 4. The method of claim 1 , further comprising: in response to determining that the industrial control or automation component requires verification, displaying information about the industrial control or automation component to a user while the at least some communications of the industrial control or automation component are quarantined. 5. The method of claim 1 , further comprising: generating an identification specification for the industrial control or automation component using data received from the industrial control or automation component over the network before or during the quarantining of the at least some communications of the industrial control or automation component. 6. The method of claim 5 , wherein: determining whether the industrial control or automation component requires verification comprises comparing the identification specification to previously-approved or pre-approved identification specifications, the previously-approved or pre-approved identification specifications associated with previously-approved or pre-approved industrial control or automation components or groups or classes of industrial control or automation component; and determining that the industrial control or automation component requires verification in response to determining that the identification specification does not match any of the previously-approved or pre-approved identification specifications. 7. The method of claim 1 , wherein: quarantining the at least some communications of the industrial control or automation component comprises allowing the industrial control or automation component to interact with the industrial control system over the network in order to identify one or more drivers to be used with the industrial control or automation component; and the method further comprises displaying information about the industrial control or automation component to a user while the at least some communications of the industrial control or automation component are quarantined, wherein at least part of the information is based at least in part on the one or more identified drivers. 8. An apparatus comprising at least one processor and at least one memory storing instructions that when executed by the at least one processor causes the at least one processor to: detect a connection attempt from an industrial control or automation component with an industrial control system over a network; automatically quarantine at least some communications of the industrial control or automation component using a network filter rather than or in addition to a bus filter driver in response to detecting the connection attempt to prevent the industrial control or automation component from fully communicating with the industrial control system over the network; while the at least some communications of the industrial control or automation component are quarantined, determine whether the industrial control or automation component requires verification; and in response to determining that the industrial control or automation component requires verification: present at least one authorization challenge to a user while the at least some communications of the industrial control or automation component are quarantined, the at least one authorization challenge including a displayed authorization code and a request that the user enter the displayed authorization code; determine whether the user correctly entered the displayed authorization code while the at least some communications of the industrial control or automation component is quarantined; releasing the quarantine on the at least some communications of the industrial control or automation component in response to determining that the user correctly entered the displayed authorization code; and continue to quarantine the at least some communications of the industrial control or automation component in response to determining that the user did not correctly enter the displayed authorization code. 9. The apparatus of claim 8 , wherein the at least one processor is further configured to: execute an authentication subsystem configured to quarantine the at least some communications of the industrial control or automation component; and claim the industrial control or automation component using the authentication subsystem while the at least some communications of the industrial control or automation component are quarantined; and wherein the authentication subsystem is configured to initiate presentation of the at least one authorization challenge and to determine whether the user correctly provided the displayed authorization code. 10. The apparatus of claim 9 , wherein the at least one processor is further configured to remove at least part of the authentication subsystem from a communication path of the industrial control or automation component after the quarantine on the at least some c
Assignees
Inventors
Classifications
Structures or tools for the administration of authentication · CPC title
Program or device authentication · CPC title
- G06F21/31Primary
User authentication · CPC title
to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11301548B2 cover?
- A method includes detecting a connection attempt from a device, quarantining the device to prevent the device from substantially interacting with a host system, and determining whether the device requires verification while the device is quarantined. The method also includes, in response to determining that the device requires verification, presenting at least one authorization challenge to a u…
- Who is the assignee on this patent?
- Honeywell Int Inc, Osr Open Systems Resources Inc
- What technology area does this patent fall under?
- Primary CPC classification G06F21/31. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Apr 12 2022 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 11 related publications on this page (citations in our corpus or others sharing the same primary CPC).