公开(公告)号：US10432647B2

公开(公告)日：2019-10-01

申请号：US15634820

申请日：2017-06-27

Applicant: Honeywell International Inc.

Inventor： Chandirasekaran Dhakshinamoorthy ,  Lekshmi Premkumar ,  Rod Stein ,  Satheesh Kumar Bhuvaneswaran ,  Prosanta Mondal

IPC: H04L29/06 ,  H04W4/70

Abstract: A method and apparatus for identifying malicious activity. At least one memory is configured to store historical communication data. At least one processor is configured to retrieve the historical communication data related to communications between a server and a plurality of clients in a system. The processor is further configured to cluster the historical communication data to group communications of the historical communication data. The processor is further configured to identify a plurality of patterns that indicate malicious activity based on the grouped communications. The processor is further configured to receive current communication data. The processor is further configured to determine whether the current communication data matches the one of the plurality of patterns. The processor is further configured to, responsive to a grouped element of the grouped communications matching the pattern, identifying a group of communications between the server and the plurality of clients as the malicious activity.

公开(公告)号：US09928362B2

公开(公告)日：2018-03-27

申请号：US14273225

申请日：2014-05-08

Applicant: HONEYWELL INTERNATIONAL INC.

Inventor： Praveen Kumar Singh ,  Rod Stein

IPC: G06F21/00 ,  G06F21/45 ,  H04L29/06 ,  G06F21/31 ,  G06F9/54 ,  H04L29/08 ,  H04L29/14 ,  G06F21/33 ,  G06F21/62

CPC classification number: G06F21/45 ,  G06F9/54 ,  G06F21/31 ,  G06F21/335 ,  G06F21/6236 ,  H04L63/0281 ,  H04L63/0807 ,  H04L63/083 ,  H04L67/12 ,  H04L67/141 ,  H04L67/2876 ,  H04L69/40

Abstract: A system, method and computer program product for dynamically changing access tokens in a communication system. A client computer system is communicatively coupled by a communication channel to at least one target server. The client computer system includes a processor connected to a storage device that has a non-transitory machine-readable storage medium. The storage device stores a connection failure recovery program. The client computer system is programmed to implement the connection failure recovery program. The client computer system initiates a session by transmitting a first request for a connection to the target server using a first token type such as a client security token and if the first request fails, transmits a second request for a connection to the target server using a different token type.

公开(公告)号：US20210389968A1

公开(公告)日：2021-12-16

申请号：US17346809

申请日：2021-06-14

Applicant: Honeywell International Inc.

Inventor： Joseph Majewski ,  Ivan Rares ,  Daniel Giorgis ,  Robin Wilderson ,  Rod Stein ,  Robert E. Flasher ,  Srinivasa Rangan ,  Raymond A. Richards ,  Amod Kamat ,  Upender Paravastu

IPC: G06F9/455 ,  G06F9/50 ,  H04W84/02

Abstract: An edge controller may be used for obtaining device data from one or more local devices at a local facility and to provide a representation of at least some of the device data to a remote server. The edge controller may include a network communication port, a cellular communication port and a device communication port. A controller is operatively coupled to the network communication port, the cellular communication port and the device communication port and is configured to receive configuration information and to install the received configuration information on the edge controller. The installed configuration information configures the controller to obtain the device data from the one or more local devices and to send a representation of at least some of the device data to the remote server.

公开(公告)号：US09456046B2

公开(公告)日：2016-09-27

申请号：US14273185

申请日：2014-05-08

Applicant: HONEYWELL INTERNATIONAL INC.

Inventor： Praveen Kumar Singh ,  Rod Stein ,  Paras Rajkumar Jatkar ,  Mohit Kumar Agarwal ,  Manibhushan Reddy Pottem ,  Madhavan Sundara

IPC: G06F15/16 ,  H04L29/08 ,  H04L29/06 ,  G06F9/54

CPC classification number: H04L67/28 ,  G06F9/54 ,  H04L67/1097 ,  H04L67/141 ,  H04L67/42

Abstract: A system and method which dynamically generate proxy connections in a communication system. A client computer system has a processor that is coupled by a communications path including at least one proxy connection to a first target server. An algorithm for dynamically generating proxy connections is stored in machine readable storage. The algorithm is implemented by the processor causing the client computer system to execute generating an additional one of the proxy connections in response to receiving a request and to generate a program identifier which identifies the additional proxy connection. The processor determines if the program identifier is a unique program identifier. If the program identifier is not unique, the processor changes the identifier to render it a modified program identifier so that it is unique and stores the program identifier or the modified program identifier to a configuration file at the client computer system.

Abstract translation: 一种在通信系统中动态生成代理连接的系统和方法。 客户端计算机系统具有通过包括至少一个代理连接的通信路径耦合到第一目标服务器的处理器。 用于动态生成代理连接的算法存储在机器可读存储器中。 该算法由处理器实现，导致客户端计算机系统响应于接收到请求而执行生成另外一个代理连接，并且生成识别附加代理连接的程序标识符。 处理器确定程序标识符是否是唯一的程序标识符。 如果程序标识符不是唯一的，则处理器改变标识符以使其成为修改的程序标识符，使得其是唯一的，并且将程序标识符或修改的程序标识符存储在客户端计算机系统上的配置文件中。

公开(公告)号：US10819722B2

公开(公告)日：2020-10-27

申请号：US15927617

申请日：2018-03-21

Applicant: HONEYWELL INTERNATIONAL INC.

Inventor： Chandirasekaran Dhakshinamoorthy ,  Basavaraju Vasamurthy ,  Rod Stein

IPC: H04L29/06 ,  G06F21/62 ,  G06N20/00

Abstract: A method of securing data in an industrial processing facility (IPF) includes creating a private blockchain (PB) using a OPC UA standard functionality and storing the PB in an OPC UA address space adding it to an OPC UA communication protocol framework including edge-nodes coupled to a cloud-based or edge-located data storage. The edge-nodes are PB participant nodes, and a regulator or leader assigns them a single role as a blockmaker, block voter, or observer. The hash in the public ledger is updated once a new block is validated by a majority of the block voters, and the new block is propagated to all PB participant nodes. The regulator, leader or observer utilizes a time bound majority voting consensus to determine whether the PB participant nodes come to a consensus on a current state in the storage medium, and if a consensus the new block added to the public ledger.

公开(公告)号：US20180375880A1

公开(公告)日：2018-12-27

申请号：US15634820

申请日：2017-06-27

Applicant: Honeywell International Inc.

Inventor： Chandirasekaran Dakshinamoorthy ,  Lekshmi Premkumar ,  Rod Stein ,  Satheesh Kumar Bhuvaneswaran ,  Prosanta Mondal

IPC: H04L29/06

CPC classification number: H04L63/1416 ,  H04L63/1425 ,  H04W4/70

Abstract: A method and apparatus for identifying malicious activity. At least one memory is configured to store historical communication data. At least one processor is configured to retrieve the historical communication data related to communications between a server and a plurality of clients in a system. The processor is further configured to cluster the historical communication data to group communications of the historical communication data. The processor is further configured to identify a plurality of patterns that indicate malicious activity based on the grouped communications. The processor is further configured to receive current communication data. The processor is further configured to determine whether the current communication data matches the one of the plurality of patterns. The processor is further configured to, responsive to a grouped element of the grouped communications matching the pattern, identifying a group of communications between the server and the plurality of clients as the malicious activity.

公开(公告)号：US20250150334A1

公开(公告)日：2025-05-08

申请号：US18672045

申请日：2024-05-23

Applicant: Honeywell International Inc.

Inventor： Rod Stein ,  Mohammad Areef Penukonda

IPC: H04L41/0686 ,  H04L41/0631

Abstract: Examples of techniques to enable transmission of alarm data in an industrial automation setting using a publish-subscribe communication system within an Open Platform Communications Unified Architecture (OPC UA) framework. In an example, the alarm data, initially encoded in OPC UA format, is collected from an OPC UA server over a client-server communication system. This data is then re-encoded into a target format compatible with a publish-subscribe communication network. The re-encoding process involves decoding a value from the alarm data based on OPC UA specifications and assigning the decoded value to a preidentified field in the target format. The re-encoded alarm data is then assigned to a message payload of a Message Queuing Telemetry Transport (MQTT) packet, which is subsequently published to an MQTT broker.

公开(公告)号：US20190297101A1

公开(公告)日：2019-09-26

申请号：US15927617

申请日：2018-03-21

Applicant: HONEYWELL INTERNATIONAL INC.

Inventor： Chandirasekaran Dhakshinamoorthy ,  Basavaraju Vasamurthy ,  Rod Stein

IPC: H04L29/06 ,  G06F21/62 ,  G06N99/00

Abstract: A method of securing data in an industrial processing facility (IPF) includes creating a private blockchain (PB) using a OPC UA standard functionality and storing the PB in an OPC UA address space adding it to an OPC UA communication protocol framework including edge-nodes coupled to a cloud-based or edge-located data storage. The edge-nodes are PB participant nodes, and a regulator or leader assigns them a single role as a blockmaker, block voter, or observer. The hash in the public ledger is updated once a new block is validated by a majority of the block voters, and the new block is propagated to all PB participant nodes. The regulator, leader or observer utilizes a time bound majority voting consensus to determine whether the PB participant nodes come to a consensus on a current state in the storage medium, and if a consensus the new block added to the public ledger.

公开(公告)号：US09442786B2

公开(公告)日：2016-09-13

申请号：US14302011

申请日：2014-06-11

Applicant: HONEYWELL INTERNATIONAL INC.

Inventor： Praveen Kumar Singh ,  Rod Stein ,  Shubhi Gogna ,  Ashish Patil

IPC: G06F11/00 ,  G06F11/07 ,  G06F11/34

CPC classification number: G06F11/076 ,  G06F11/0709 ,  G06F11/0748 ,  G06F11/0757 ,  G06F11/0766 ,  G06F11/0772 ,  G06F11/079 ,  G06F11/0793 ,  G06F11/1443 ,  G06F11/3031 ,  G06F11/34 ,  G06F11/3409 ,  G06F11/3495 ,  G06F2201/88

Abstract: A system and method of diagnosing and correcting errors in a server computer. A server computer is coupled by a communication path to a client computer. A storage device stores a diagnostic error detecting and correcting program and the server computer is programmed to implement the diagnostic error detecting and correcting program. The server computer detects several selected operating parameters during operation of the server process and determines if at least a first of the selected operating parameters are outside a pre-determined specification for the selected operating parameters. In response to the selected operating parameters being outside the pre-determined specification, the server computer notifies the client computer of an error with the server process. The server computer can also detect communication errors and attempt to restore communications by modifying communication parameter(s).

Abstract translation: 一种在服务器计算机中诊断和纠正错误的系统和方法。 服务器计算机通过通信路径耦合到客户端计算机。 存储装置存储诊断错误检测和校正程序，并且服务器计算机被编程以实现诊断错误检测和校正程序。 服务器计算机在服务器进程的操作期间检测几个选定的操作参数，并且确定所选择的操作参数中的至少第一个是否在所选操作参数的预定规范之外。 响应于所选择的操作参数在预定规范之外，服务器计算机通过服务器进程通知客户端计算机的错误。 服务器计算机还可以检测通信错误，并尝试通过修改通信参数来恢复通信。

公开(公告)号：US20250141976A1

公开(公告)日：2025-05-01

申请号：US18938342

申请日：2024-11-06

Applicant: Honeywell International Inc.

Inventor： Rod Stein ,  Surinder Kumar

IPC: H04L67/562

Abstract: Examples techniques of data provisioning in an industrial facility are described. A first data broker receives from a client, a request for data from a data source. A second data broker samples the data from the data source at a sampling interval specified in the request and publishes the sampled data to an upstream data broker at publishing interval specified in the request. The upstream data broker is an intermediate data broker positioned between the first data broker and the second data broker in a hierarchical chain data brokers implemented in a communication network of the 10 industrial facility. The intermediate data broker configured to receive the published data and transmit the received data to the first data broker at a sampling and publishing intervals less than the second data broker.