公开(公告)号：US20240223609A1

公开(公告)日：2024-07-04

申请号：US18092734

申请日：2023-01-03

Applicant: Rockwell Automation Technologies, Inc.

Inventor： Roch Mikolajczyk ,  Taryl J. Jasper ,  Jack M. Visoky

IPC: H04L9/40 ,  G06F9/455

CPC classification number: H04L63/20 ,  G06F9/45508

Abstract: An OT device includes a processor and a memory. The memory stores a first policy, a second policy, and program instructions. The first policy includes a first set of settings associated with operation of the OT device. The second policy includes a second set of settings associated with the operation of the OT device. The program instructions, when executed by the processor, cause the processor to receive data associated with an event, identify a first action in response to the event based on the first policy, perform the identified first action, identify a second action in response to the event based on the second policy, and generate, in response to the first action being different from the second action, a record identifying a difference between the first action and the second action.

公开(公告)号：US20230421615A1

公开(公告)日：2023-12-28

申请号：US17852017

申请日：2022-06-28

Applicant: ROCKWELL AUTOMATION TECHNOLOGIES, INC.

Inventor： Jack M. Visoky ,  Taryl J. Jasper

IPC: H04L9/40

CPC classification number: H04L63/205

Abstract: A system includes a first computing node of a cluster of computing nodes that are part of a container orchestration system, a control system for controlling one or more operations of an operation technology (OT) component, and a second node of the cluster of computing nodes. The control system is communicatively coupled to the first computing node and the OT component. The second computing node may transmit a pod to the first computing node. The pod may cause the first computing node to perform operations that include deploying a container as a digital representation of the OT component, testing a security update on the digital representation, determining that the security update is ready for implementation in the OT component, and transmitting an indication that the security update is available for implementation to the OT component after determining that the security update is ready for implementation.

公开(公告)号：US20190319943A1

公开(公告)日：2019-10-17

申请号：US15951464

申请日：2018-04-12

Applicant: Rockwell Automation Technologies, Inc.

Inventor： Taryl J. Jasper ,  Dukki Chung ,  Jack M. Visoky ,  Michael A. Bush

IPC: H04L29/06 ,  H04W12/06 ,  G05B15/02

Abstract: A secure method for establishing communications to provision modules in an industrial control system generates a certificate signing request to obtain a signed security certificate. A mobile device is located proximate to the module with the certificate signing request, and the mobile device has previously established itself as a secure communication interface on the network. The mobile device establishes a first connection between the module and the mobile device via a short-range protocol and a s second connection between the mobile device and a signing server via a network. The mobile device retrieves the certificate signing request via the first connection and transmits the certificate signing request to the signing server via the second connection. Because the mobile device has previously established itself as a secure interface, the transmission of the certificate signing request to the signing server may be made via a secure connection.

公开(公告)号：US20150324587A1

公开(公告)日：2015-11-12

申请号：US14805785

申请日：2015-07-22

Applicant: Rockwell Automation Technologies, Inc.

Inventor： Brian A. Batke ,  Jack M. Visoky ,  James J. Kay ,  Scott A. Mintz ,  William B. Cook

IPC: G06F21/57 ,  G06F9/445 ,  G06F9/44 ,  G06F21/44

CPC classification number: G06F21/572 ,  G05B19/058 ,  G06F8/61 ,  G06F9/4401 ,  G06F21/44 ,  G06F2221/033

Abstract: A method for installing embedded firmware is provided. The method includes generating one or more firmware file instances and generating one or more digital certificate instances that are separate instances from the firmware file instances. The method includes associating the one or more digital certificate instances with the one or more firmware file instances to facilitate updating signature-unaware modules with signature-aware firmware or to facilitate updating signature-aware modules with signature-unaware firmware.

Abstract translation: 提供了一种安装嵌入式固件的方法。 该方法包括生成一个或多个固件文件实例并且生成与固件文件实例是分离的实例的一个或多个数字证书实例。 该方法包括将一个或多个数字证书实例与一个或多个固件文件实例相关联，以便于更新具有签名感知固件的签名不知情的模块，或者便于使用签名不知情的固件更新签名感知模块。

公开(公告)号：US20140331038A1

公开(公告)日：2014-11-06

申请号：US14286106

申请日：2014-05-23

Applicant: Rockwell Automation Technologies, Inc.

Inventor： Brian A. Batke ,  Jack M. Visoky ,  James J. Kay ,  Scott A. Mintz ,  William B. Cook

IPC: G06F21/57 ,  G06F9/445 ,  G06F9/44

CPC classification number: G06F21/572 ,  G05B19/058 ,  G06F8/61 ,  G06F9/4401 ,  G06F21/44 ,  G06F2221/033

Abstract: A method for installing embedded firmware is provided. The method includes generating one or more firmware file instances and generating one or more digital certificate instances that are separate instances from the firmware file instances. The method includes associating the one or more digital certificate instances with the one or more firmware file instances to facilitate updating signature-unaware modules with signature-aware firmware or to facilitate updating signature-aware modules with signature-unaware firmware.

Abstract translation: 提供了一种安装嵌入式固件的方法。 该方法包括生成一个或多个固件文件实例并且生成与固件文件实例是分离的实例的一个或多个数字证书实例。 该方法包括将一个或多个数字证书实例与一个或多个固件文件实例相关联，以便于更新具有签名感知固件的签名不知情的模块，或者便于使用签名不知情的固件更新签名感知模块。

公开(公告)号：US20240291865A1

公开(公告)日：2024-08-29

申请号：US18113491

申请日：2023-02-23

Applicant: Rockwell Automation Technologies, Inc.

Inventor： Roch Mikolajczyk ,  Jack M. Visoky ,  Taryl J. Jasper

IPC: H04L9/40

CPC classification number: H04L63/20 ,  H04L63/10 ,  H04L63/1416 ,  H04L63/1441

Abstract: An OT device includes a processor and a memory, accessible by the processor. The memory stores a first policy that includes a first set of settings associated with operation of the OT device. The memory also stores instructions that, when executed by the processor, cause the processor to enforce the first policy, receive a second policy and an indication of a trigger, wherein the second policy comprises a second set of settings associated with the operation of the OT device, receive an indication that the trigger is enabled, determine that the trigger is true, and, in response to the receiving the indication that the trigger is enabled and the determining that the trigger is true, enforce the second policy.

公开(公告)号：US20240160720A1

公开(公告)日：2024-05-16

申请号：US18318468

申请日：2023-05-16

Applicant: Rockwell Automation Technologies, Inc.

Inventor： Taryl J. Jasper ,  Jack M. Visoky ,  Ankur Mohan ,  David E. Huffman ,  Donald P. McCoy ,  David D. Brandt

IPC: G06F21/52

CPC classification number: G06F21/52

Abstract: Technology disclosed herein describes a system and method for aggregating event information in an industrial automation system for analysis and response. In an implementation, industrial automation devices perform industrial automation processes in an industrial automation environment. A computing device receives event data relating to events that occurred on an associated industrial automation device of the industrial automation devices. The computing device normalizes the event data to generate normalized event data which describes the events. The computing device supplements the normalized event data with context information relevant to the associated industrial automation device to generate complete event data. The computing device identifies an anomaly for an industrial automation device of the industrial automation devices based on analyzing the complete event data associated with the industrial automation device. In response to identifying an anomaly, the computing device performs an action to mitigate damage from the anomaly.

公开(公告)号：US11768479B2

公开(公告)日：2023-09-26

申请号：US17037997

申请日：2020-09-30

Applicant: Rockwell Automation Technologies, Inc.

Inventor： Kyle E. Neet ,  Jack M. Visoky ,  Krzysztof Glensk ,  Jonathan D. Bradford

IPC: G05B19/05 ,  G06F11/00 ,  G05B19/042 ,  G06F11/16 ,  G05B19/406 ,  G06F21/60 ,  H04L9/40

CPC classification number: G05B19/406 ,  G06F21/602 ,  H04L63/166 ,  H04L63/20 ,  G05B2219/31449

Abstract: Secure data transmission between an input device and both industrial controllers in a high-availability system utilizes a secure connection established between the primary industrial controller and the input device. Data required to establish the secure connection is stored on the primary controller as part of the connection data corresponding to the secure connection. The input device transmits data to the primary controller over the secure connection according to the desired level of security. The primary controller transmits the connection data defining the secure connection to the secondary controller. If a failure occurs in the primary controller, the secondary controller establishes a connection to the input device using the connection data for the secure connection, such that the secondary controller may assume responsibility for the controller end of the secure connection. The primary controller transmits the input signals to the secondary controller via the dedicated connection between controllers.

公开(公告)号：US20230006821A1

公开(公告)日：2023-01-05

申请号：US17932388

申请日：2022-09-15

Applicant: Rockwell Automation Technologies, Inc.

Inventor： Jack M. Visoky ,  Diane E. Golden ,  Benjamin H. Nave

IPC: H04L9/08 ,  G05B19/418 ,  H04L9/00 ,  H04L9/32

Abstract: Techniques to facilitate feature licensing of an industrial controller employed in an industrial automation environment are disclosed. In one implementation, a first private key unique to an industrial controller and a security certificate is stored in a hardware root of trust within the controller. The security certificate is signed by a certificate authority for authenticating the controller. After being authenticated, the industrial controller receives a device information package provided by the certificate authority. The device information package is encrypted with a first public key paired with the first private key and signed using a second private key assigned to the certificate authority. The controller validates the device information package using a second public key paired with the second private key and decrypts the package using the first private key. One or more functions of the industrial controller are enabled based on a license included in the device information package.

公开(公告)号：US20220100165A1

公开(公告)日：2022-03-31

申请号：US17037997

申请日：2020-09-30

Applicant: Rockwell Automation Technologies, Inc.

Inventor： Kyle E. Neet ,  Jack M. Visoky ,  Krzysztof Glensk ,  Jonathan D. Bradford

IPC: G05B19/406 ,  H04L29/06 ,  G06F21/60

Abstract: Secure data transmission between an input device and both industrial controllers in a high-availability system utilizes a secure connection established between the primary industrial controller and the input device. Data required to establish the secure connection is stored on the primary controller as part of the connection data corresponding to the secure connection. The input device transmits data to the primary controller over the secure connection according to the desired level of security. The primary controller transmits the connection data defining the secure connection to the secondary controller. If a failure occurs in the primary controller, the secondary controller establishes a connection to the input device using the connection data for the secure connection, such that the secondary controller may assume responsibility for the controller end of the secure connection. The primary controller transmits the input signals to the secondary controller via the dedicated connection between controllers.