Data classification and management for risk mitigation
US-9141658-B1 · Sep 22, 2015 · US
Industrial control metadata engine
US9798319B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9798319-B2 |
| Application number | US-12759808-A |
| Country | US |
| Kind code | B2 |
| Filing date | May 27, 2008 |
| Priority date | May 27, 2008 |
| Publication date | Oct 24, 2017 |
| Grant date | Oct 24, 2017 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
In an industrial control setting, different components can have information that can be valuable to various entities, such as other components, technicians, and the like. A decision can be made as to what information should be available to entities and a determination can be made if the information should be published in a directory or be discoverable. Security can be taken into account in determining if information should be published and decision making can employ adaptive learning, such that a publish and/or discovery decision criterion can be modified based on the learning.
First claim
Opening claim text (preview).
What is claimed is: 1. An industrial control system, comprising: a processor; and a memory communicatively coupled to the processor, the memory having stored therein computer executable components, comprising: an analysis component configured to: evaluate a risk associated with disclosing a subset of metadata to a first industrial control device in the industrial control system, wherein the metadata describes at least one operational capability of a second industrial control device implemented in the industrial control system; assign a security rating to the risk; and estimate, using an artificial intelligence algorithm, a value indicative of how valuable the subset of the metadata is to the first industrial control device based upon at least one criterion associated with the first industrial control device; and a selection component configured to: determine whether to disclose the subset of metadata to the first industrial control device based upon the security rating and the estimated value, and: in response to a determination that the subset of metadata should be disclosed to the first industrial control device, make the subset of metadata available to the first industrial control device, or in response to a determination that the subset of metadata should not be disclosed to the first industrial control device, prevent access to the subset of metadata by the first industrial control device. 2. The industrial control system of claim 1 , wherein the metadata further describes at least one of a service provided by the second industrial control device, a relationship of the second industrial control device with an entity, or a dependency of the second industrial control device. 3. The industrial control system of claim 1 , wherein the selection component is further configured to assign respective weights to the assigned security rating and the estimated value for the determination of whether to disclose the subset of metadata to the first industrial control device. 4. The industrial control system of claim 1 , wherein the risk relates to at least one of a likelihood of the first industrial control device requesting the metadata, a security characteristic of the metadata, volatility of the metadata, a potential damage resulting from disclosing the subset of the metadata, or a likelihood of the subset of metadata being accessed by an undesirable entity. 5. The industrial control system of claim 1 , wherein the selection component is further configured to: analyze historical information related to access of the metadata; and determine whether to disclose the subset of metadata to the first industrial control device based upon the security rating, the estimated value, and the analyzed historical information. 6. The industrial control system of claim 1 , wherein the selection component is further configured to accept user input overriding a determination by the selection component on whether to disclose the subset of metadata to the first industrial control device. 7. The industrial control system of claim 1 , wherein the selection component is further configured to, in response to determining to disclose the subset of the metadata, determine whether the subset of the metadata is to be published to a directory accessible by the first industrial control device or be discoverable by the first industrial control device. 8. The industrial control system of claim 1 , wherein the at least one criterion comprises a failure rate of the other module resulting from metadata requests from the first industrial control device. 9. The industrial control system of claim 1 , wherein the at least one criterion comprises a contextual characteristic associated with the first industrial control device. 10. A method, comprising: evaluating, by a device including a processor, a risk associated with exposing at least one portion of metadata to a first industrial control device installed in an industrial control system, wherein the metadata describes at least one operational capability of a second industrial control device implemented in the industrial control system; assigning, by the device, a security rating to the risk; estimating, by the device, using an artificial intelligence algorithm, a value indicative of how valuable the at least one portion of the metadata is to the first industrial control device based upon at least one criterion associated with the first industrial control device; and determining, by the device, whether to expose the at least one portion of metadata to the first industrial control device based upon the security rating and the estimated value, and: in response to determining that the subset of metadata should be disclosed to the first industrial control device, make the subset of metadata available to the first industrial control device, or in response to determining that the subset of metadata should not be disclosed to the first industrial control device, prevent access to the subset of metadata by the first industrial control device. 11. The method of claim 10 , further comprising: analyzing historical information related to access of the metadata; and wherein the determining comprises determining whether to disclose the at least one portion of the metadata to the first industrial control device based upon the security rating, the estimated value, and the analyzed historical information. 12. The method of claim 10 , further comprising, in response to determining to disclose the at least one portion of the metadata to the first industrial control device, determining whether the at least one portion of the metadata is to be published to a directory accessible by the first industrial control device or be discoverable by the first industrial control device. 13. The method of claim 10 , wherein the at least one criterion comprises a component failure rate of the first industrial control device resulting from metadata requests from the first industrial control device. 14. A non-transitory computer-readable medium having instructions stored thereon that, in response to execution, cause at least one device including a processor to perform operations comprising: evaluating a risk associated with exposing at least one portion of the metadata to a first industrial control device installed in an industrial control system, wherein the metadata describes at least one operational capability of a second industrial control device in the industrial control system; assigning a security rating to the risk; and predicting, using an artificial intelligence algorithm, a value indicative of how valuable the at least one portion of the metadata is to the first industrial control device based upon at least one criterion associated with the first industrial control device; and determining whether to expose the at least one portion of metadata to the first industrial control device based upon the security rating and the predicted value, and: in response to determining that the subset of metadata should be disclosed to the first industrial control device, make the subset of metadata available to the first industrial control device, or in response to determining that the subset of metadata should not be disclosed to the first industrial control device, prevent access to the subset of metadata by the first industrial control device. 15. The non-transitory computer-readable medium of claim 14 , further comprising: analyzing historical information related to access of the metadata; and wherein the determining comprises determining whether to disclose the at least one portion of the metadata to the first industri
Assignees
Inventors
Classifications
- G05B19/41845Primary
characterised by system universality, reconfigurability, modularity · CPC title
PCD profinet component description, field device description module · CPC title
Cross-Sectional Technologies · mapped topic
Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS] · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9798319B2 cover?
- In an industrial control setting, different components can have information that can be valuable to various entities, such as other components, technicians, and the like. A decision can be made as to what information should be available to entities and a determination can be made if the information should be published in a directory or be discoverable. Security can be taken into account in dete…
- Who is the assignee on this patent?
- Vasko David A, Staron Raymond J, Rischar Charles Martin, and 8 more
- What technology area does this patent fall under?
- Primary CPC classification G05B19/41845. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Oct 24 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).