Policy-based secure communication with automatic key management for industrial control and automation systems
US-9503478-B2 · Nov 22, 2016 · US
Custom security policies for multiple objects
US9767308B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9767308-B2 |
| Application number | US-201615167479-A |
| Country | US |
| Kind code | B2 |
| Filing date | May 27, 2016 |
| Priority date | May 29, 2015 |
| Publication date | Sep 19, 2017 |
| Grant date | Sep 19, 2017 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Techniques to facilitate controlling access to objects associated with an industrial automation environment are disclosed. In at least one implementation, a policy set associated with an object type is created, wherein the policy set defines one or more actions that are allowed for at least one user group to perform with respect to the object type. An object of the object type is identified for security configuration, and a selection of the policy set associated with the object type to apply to the object is received. In response to the selection of the policy set, security is configured for the object by applying the policy set associated with the object type to the object.
First claim
Opening claim text (preview).
What is claimed is: 1. A method of operating a computing system to facilitate controlling access to objects associated with an industrial automation environment, the method comprising: creating a policy set associated with an object type, wherein the policy set defines one or more actions that are allowed for at least one user group to perform with respect to the object type and the one or more actions comprise modifying properties associated with the object type; identifying an object of the object type for security configuration; receiving a selection of the policy set associated with the object type to apply to the object; and in response to the selection of the policy set, configuring security for the object by applying the policy set associated with the object type to the object. 2. The method of claim 1 wherein the object type comprises a controller object type and the policy set associated with the object type comprises a controller policy set. 3. The method of claim 2 wherein identifying the object of the object type for security configuration comprises creating a controller project file, and wherein configuring security for the object by applying the policy set comprises applying the controller policy set to the controller project file. 4. The method of claim 1 wherein the one or more actions that are allowed for the at least one user group to perform on the object type comprise adding tags associated with the object type. 5. The method of claim 1 wherein the one or more actions that are allowed for the at least one user group to perform on the object type comprise modifying routine code. 6. The method of claim 1 wherein the one or more actions that are allowed for the at least one user group to perform on the object type comprise deleting tags associated with the object type. 7. The method of claim 1 wherein the object type comprises a human-machine interface (HMI) object type. 8. One or more computer-readable storage media having program instructions stored thereon to facilitate controlling access to objects associated with an industrial automation environment, wherein the program instructions, when executed by a computing system, direct the computing system to at least: create a policy set associated with an object type, wherein the policy set defines one or more actions that are allowed for at least one user group to perform with respect to the object type and the one or more actions comprise modifying properties associated with the object type; identify an object of the object type for security configuration; receive a selection of the policy set associated with the object type to apply to the object; and in response to the selection of the policy set, configure security for the object by applying the policy set associated with the object type to the object. 9. The one or more computer-readable storage media of claim 8 wherein the object type comprises a controller object type and the policy set associated with the object type comprises a controller policy set. 10. The one or more computer-readable storage media of claim 9 wherein the program instructions direct the computing system to identify the object of the object type for security configuration by directing the computing system to create a controller project file, and wherein the program instructions direct the computing system to configure security for the object by directing the computing system to apply the controller policy set to the controller project file. 11. The one or more computer-readable storage media of claim 8 wherein the one or more actions that are allowed for the at least one user group to perform on the object type comprise adding tags associated with the object type. 12. The one or more computer-readable storage media of claim 8 wherein the one or more actions that are allowed for the at least one user group to perform on the object type comprise modifying routine code. 13. The one or more computer-readable storage media of claim 8 wherein the one or more actions that are allowed for the at least one user group to perform on the object type comprise deleting tags associated with the object type. 14. The one or more computer-readable storage media of claim 8 wherein the object type comprises a human-machine interface (HMI) object type. 15. An apparatus to facilitate controlling access to objects associated with an industrial automation environment, the apparatus comprising: one or more computer-readable storage media; and program instructions stored on the one or more computer-readable storage media that, when executed by a processing system, direct the processing system to at least: create a policy set associated with an object type, wherein the policy set defines one or more actions that are allowed for at least one user group to perform with respect to the object type and the one or more actions comprise modifying properties associated with the object type; identify an object of the object type for security configuration; receive a selection of the policy set associated with the object type to apply to the object; and in response to the selection of the policy set, configure security for the object by applying the policy set associated with the object type to the object. 16. The apparatus of claim 15 wherein the object type comprises a controller object type and the policy set associated with the object type comprises a controller policy set. 17. The apparatus of claim 16 wherein the program instructions direct the processing system to identify the object of the object type for security configuration by directing the processing system to create a controller project file, and wherein the program instructions direct the processing system to configure security for the object by directing the processing system to apply the controller policy set to the controller project file. 18. The apparatus of claim 15 wherein the one or more actions that are allowed for the at least one user group to perform on the object type comprise adding tags associated with the object type. 19. The apparatus of claim 15 wherein the one or more actions that are allowed for the at least one user group to perform on the object type comprise modifying routine code. 20. The apparatus of claim 15 wherein the one or more actions that are allowed for the at least one user group to perform on the object type comprise deleting tags associated with the object type.
Assignees
Inventors
Classifications
- G06F21/6218Primary
to a system of files or objects, e.g. local or distributed file system or database · CPC title
Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9767308B2 cover?
- Techniques to facilitate controlling access to objects associated with an industrial automation environment are disclosed. In at least one implementation, a policy set associated with an object type is created, wherein the policy set defines one or more actions that are allowed for at least one user group to perform with respect to the object type. An object of the object type is identified for…
- Who is the assignee on this patent?
- Rockwell Automation Tech Inc
- What technology area does this patent fall under?
- Primary CPC classification G06F21/6218. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Sep 19 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).