Flexible security control environment
US-9323245-B2 · Apr 26, 2016 · US
Secondary security authority
US9613195B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9613195-B2 |
| Application number | US-201615160976-A |
| Country | US |
| Kind code | B2 |
| Filing date | May 20, 2016 |
| Priority date | May 29, 2015 |
| Publication date | Apr 4, 2017 |
| Grant date | Apr 4, 2017 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Techniques to facilitate protecting control programs used in an industrial automation environment are disclosed herein. In at least one implementation, control system content provided by a primary entity is received along with a primary security authority provided by the primary entity, wherein the primary security authority defines primary usage rights for the control system content granted to a secondary entity. A secondary security authority provided by the secondary entity is received, wherein the secondary security authority defines secondary usage rights for the control system content that further restrict the primary usage rights. A request is received from a user associated with the secondary entity to perform an action associated with the control system content, and the request is processed with the secondary security authority to determine if the user is authorized to perform the action associated with the control system content based on the secondary usage rights.
First claim
Opening claim text (preview).
What is claimed is: 1. A method of operating a computing system to facilitate protecting control programs used in an industrial automation environment, the method comprising: receiving control system content provided by a primary entity, wherein the control system content comprises controller program code that directs an industrial controller to drive a machine system; receiving a primary security authority provided by the primary entity, wherein the primary security authority defines primary usage rights for the control system content granted to a secondary entity; receiving a secondary security authority provided by the secondary entity, wherein the secondary security authority defines secondary usage rights for the control system content that further restrict the primary usage rights granted to the secondary entity by the primary entity in the primary security authority; receiving a request from a user associated with the secondary entity to perform an action associated with the control system content; processing the request with the primary security authority to determine if the secondary entity is authorized to perform the action associated with the control system content based on the primary usage rights; if the secondary entity is not authorized by the primary security authority to perform the action associated with the control system content based on the primary usage rights, then denying the request to perform the action; if the secondary entity is authorized by the primary security authority to perform the action associated with the control system content based on the primary usage rights, then processing the request with the secondary security authority to determine if the user is authorized to perform the action associated with the control system content based on the secondary usage rights; if the user is authorized by the secondary security authority to perform the action associated with the control system content based on the secondary usage rights, then granting the request to perform the action; and if the user is not authorized by the secondary security authority to perform the action associated with the control system content based on the secondary usage rights, then denying the request to perform the action. 2. The method of claim 1 wherein the secondary usage rights define control system content permissions for one or more user groups associated with the secondary entity. 3. The method of claim 1 wherein the primary security authority grants permissions for the control system content to one or more user groups associated with the primary entity. 4. The method of claim 3 wherein the secondary security authority restricts one or more of the permissions for the control system content granted to the one or more user groups associated with the primary entity in the primary security authority. 5. One or more computer-readable storage media having program instructions stored thereon to facilitate protecting control programs used in an industrial automation environment, wherein the program instructions, when executed by a computing system, direct the computing system to at least: receive control system content provided by a primary entity, wherein the control system content comprises controller program code that directs an industrial controller to drive a machine system; receive a primary security authority provided by the primary entity, wherein the primary security authority defines primary usage rights for the control system content granted to a secondary entity; receive a secondary security authority provided by the secondary entity, wherein the secondary security authority defines secondary usage rights for the control system content that further restrict the primary usage rights granted to the secondary entity by the primary entity in the primary security authority; receive a request from a user associated with the secondary entity to perform an action associated with the control system content; process the request with the primary security authority to determine if the secondary entity is authorized to perform the action associated with the control system content based on the primary usage rights; if the secondary entity is not authorized by the primary security authority to perform the action associated with the control system content based on the primary usage rights, then deny the request to perform the action; if the secondary entity is authorized by the primary security authority to perform the action associated with the control system content based on the primary usage rights, then process the request with the secondary security authority to determine if the user is authorized to perform the action associated with the control system content based on the secondary usage rights; if the user is authorized by the secondary security authority to perform the action associated with the control system content based on the secondary usage rights, then grant the request to perform the action; and if the user is not authorized by the secondary security authority to perform the action associated with the control system content based on the secondary usage rights, then deny the request to perform the action. 6. The one or more computer-readable storage media of claim 5 wherein the secondary usage rights define control system content permissions for one or more user groups associated with the secondary entity. 7. The one or more computer-readable storage media of claim 5 wherein the primary security authority grants permissions for the control system content to one or more user groups associated with the primary entity. 8. An apparatus to facilitate protecting control programs used in an industrial automation environment, the apparatus comprising: one or more computer-readable storage media; and program instructions stored on the one or more computer-readable storage media that, when executed by a processing system, direct the processing system to at least: receive control system content provided by a primary entity, wherein the control system content comprises controller program code that directs an industrial controller to drive a machine system; receive a primary security authority provided by the primary entity, wherein the primary security authority defines primary usage rights for the control system content granted to a secondary entity; receive a secondary security authority provided by the secondary entity, wherein the secondary security authority defines secondary usage rights for the control system content that further restrict the primary usage rights granted to the secondary entity by the primary entity in the primary security authority; receive a request from a user associated with the secondary entity to perform an action associated with the control system content; process the request with the primary security authority to determine if the secondary entity is authorized to perform the action associated with the control system content based on the primary usage rights; if the secondary entity is not authorized by the primary security authority to perform the action associated with the control system content based on the primary usage rights, then deny the request to perform the action; if the secondary entity is authorized by the primary security authority to perform the action associated with the control system content based on the primary usage rights, then process the request with the secondary security authority to determine if the user is authorized to perform the action associated with the control system content based on the secondary usage rights; if the user is authorized by the secondary security authority to perform the action associated with the control system content based on the secondary usage
Assignees
Inventors
Classifications
characterised by program execution, i.e. part program or machine function execution, e.g. selection of a program · CPC title
Supervisor, leader, workstation controller, automation, machine control · CPC title
- G06F21/31Primary
User authentication · CPC title
Grouping of entities · CPC title
Several levels of security, passwords · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9613195B2 cover?
- Techniques to facilitate protecting control programs used in an industrial automation environment are disclosed herein. In at least one implementation, control system content provided by a primary entity is received along with a primary security authority provided by the primary entity, wherein the primary security authority defines primary usage rights for the control system content granted to…
- Who is the assignee on this patent?
- Rockwell Automation Tech Inc
- What technology area does this patent fall under?
- Primary CPC classification G06F21/31. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Apr 04 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 4 related publications on this page (citations in our corpus or others sharing the same primary CPC).