公开(公告)号：US09881160B2

公开(公告)日：2018-01-30

申请号：US14805785

申请日：2015-07-22

Applicant: Rockwell Automation Technologies, Inc.

Inventor： Brian A. Batke ,  Jack M. Visoky ,  James J. Kay ,  Scott A. Mintz ,  William B. Cook

IPC: H04L9/32 ,  G06F21/57 ,  G06F21/44 ,  G06F9/445 ,  G06F9/44 ,  G05B19/05

CPC classification number: G06F21/572 ,  G05B19/058 ,  G06F8/61 ,  G06F9/4401 ,  G06F21/44 ,  G06F2221/033

Abstract: A method for installing embedded firmware is provided. The method includes generating one or more firmware file instances and generating one or more digital certificate instances that are separate instances from the firmware file instances. The method includes associating the one or more digital certificate instances with the one or more firmware file instances to facilitate updating signature-unaware modules with signature-aware firmware or to facilitate updating signature-aware modules with signature-unaware firmware.

公开(公告)号：US09122876B2

公开(公告)日：2015-09-01

申请号：US14286106

申请日：2014-05-23

Applicant: Rockwell Automation Technologies, Inc.

Inventor： Brian A. Batke ,  Jack M. Visoky ,  James J. Kay ,  Scott A. Mintz ,  William B. Cook

IPC: H04L9/32 ,  G06F21/57 ,  G06F21/44 ,  G06F9/445 ,  G06F9/44

CPC classification number: G06F21/572 ,  G05B19/058 ,  G06F8/61 ,  G06F9/4401 ,  G06F21/44 ,  G06F2221/033

Abstract: A method for installing embedded firmware is provided. The method includes generating one or more firmware file instances and generating one or more digital certificate instances that are separate instances from the firmware file instances. The method includes associating the one or more digital certificate instances with the one or more firmware file instances to facilitate updating signature-unaware modules with signature-aware firmware or to facilitate updating signature-aware modules with signature-unaware firmware.

Abstract translation: 提供了一种安装嵌入式固件的方法。 该方法包括生成一个或多个固件文件实例并且生成与固件文件实例是分离的实例的一个或多个数字证书实例。 该方法包括将一个或多个数字证书实例与一个或多个固件文件实例相关联，以便于更新具有签名感知固件的签名不知情的模块，或者便于使用签名不知情的固件更新签名感知模块。

公开(公告)号：US20240223610A1

公开(公告)日：2024-07-04

申请号：US18092745

申请日：2023-01-03

Applicant: Rockwell Automation Technologies, Inc.

Inventor： Roch Mikolajczyk ,  Taryl J. Jasper ,  Jack M. Visoky

IPC: H04L9/40

CPC classification number: H04L63/20 ,  H04L63/1441

Abstract: An OT device includes a memory and a processor. The memory stores a first policy, a second policy, and program instructions. The first policy includes a first set of settings associated with the operation of the OT device. The second policy includes a second set of settings associated with the operation of the OT device. The program instructions, when executed by the processor, cause the processor to receive first data associated with a first event, identify a first action in response to the first event based on the first policy, perform the identified first action, receive a command to enforce the second policy and stop enforcing the first policy, receive second data associated with a second event, identify a second action in response to the second event based on the second policy, and perform the identified second action.

公开(公告)号：US20240004372A1

公开(公告)日：2024-01-04

申请号：US17855461

申请日：2022-06-30

Applicant: Rockwell Automation Technologies, Inc.

Inventor： Chirag L. Malkan ,  Yutao Wang ,  Lee A. Lane ,  Eric A. Norrod ,  Jack M. Visoky

IPC: G05B19/418

CPC classification number: G05B19/4183 ,  G05B19/4185

Abstract: Embodiments of this present disclosure include an industrial automation system, including an operational technology (OT) industrial automation device. The OT industrial automation device may perform an operation for the industrial automation system. Further, the OT industrial automation device may receive data comprising instructions related to the operation. Embodiments also include a monitoring device to receive the data; identify the OT industrial automation device based on the data; retrieve one or more rules for providing communications to the OT industrial automation device in response to identifying the OT industrial automation device; and selectively forward the data to the OT industrial automation device based on the one or more rules.

公开(公告)号：US20170214717A1

公开(公告)日：2017-07-27

申请号：US15147667

申请日：2016-05-05

Applicant: Rockwell Automation Technologies, Inc.

Inventor： Michael A. Bush ,  Jack M. Visoky ,  Taryl J. Jasper

IPC: H04L29/06

CPC classification number: H04L63/20 ,  G05B19/0426 ,  G05B19/4185 ,  H04L63/107 ,  Y02P90/18

Abstract: A model-based industrial security policy configuration system implements a plant-wide industrial asset security policy in accordance with security policy definitions provided by a user. The configuration system models the collection of industrial assets for which diverse security policies are to be implemented. An interface allows the user to define security policies for a plant environment at a high-level by grouping the industrial assets into security zones, and defining any additional communication permissions in terms of asset-to-asset, asset-to-zone, or zone-to-zone conduits. Based on the model and these policy definitions, the system generates asset-level security setting instructions configured to set appropriate security settings on one or more of the industrial assets, and deploys these instructions to the appropriate assets in order to implement the defined security policy.

公开(公告)号：US08738894B2

公开(公告)日：2014-05-27

申请号：US13867246

申请日：2013-04-22

Applicant: Rockwell Automation Technologies, Inc.

Inventor： Brian A. Batke ,  Jack M. Visoky ,  James J. Kay ,  Scott A. Mintz ,  William B. Cook

IPC: G06F9/00

CPC classification number: G06F21/572 ,  G05B19/058 ,  G06F8/61 ,  G06F9/4401 ,  G06F21/44 ,  G06F2221/033

Abstract: A method for installing embedded firmware is provided. The method includes generating one or more firmware file instances and generating one or more digital certificate instances that are separate instances from the firmware file instances. The method includes associating the one or more digital certificate instances with the one or more firmware file instances to facilitate updating signature-unaware modules with signature-aware firmware or to facilitate updating signature-aware modules with signature-unaware firmware.

Abstract translation: 提供了一种安装嵌入式固件的方法。 该方法包括生成一个或多个固件文件实例并且生成与固件文件实例是分离的实例的一个或多个数字证书实例。 该方法包括将一个或多个数字证书实例与一个或多个固件文件实例相关联，以便于更新具有签名感知固件的签名不知情的模块，或者便于使用签名不知情的固件更新签名感知模块。

公开(公告)号：US20240019834A1

公开(公告)日：2024-01-18

申请号：US17864017

申请日：2022-07-13

Applicant: ROCKWELL AUTOMATION TECHNOLOGIES, INC

Inventor： Jack M. Visoky ,  Taryl J. Jasper ,  Kyle E. Neet ,  Jessica E. Forguites ,  William J. Petro ,  David E. Huffman

IPC: G05B19/05 ,  G05B19/418 ,  H04L9/40

CPC classification number: G05B19/058 ,  G05B19/4185 ,  H04L63/1416

Abstract: A security device includes one or more processors and a memory that includes instructions, that when executed by the processors, cause the processors to perform operations. The operations include monitoring data traffic between industrial automation devices in an industrial system and one or more devices in an external network, determining that a first industrial automation device does not include native security features for receiving secure data from the devices in the external network or transmitting secure data to the devices in the external network, and implementing one or more security techniques in response to determining that the first industrial automation device does not include the native security features.

公开(公告)号：US11271974B2

公开(公告)日：2022-03-08

申请号：US16863699

申请日：2020-04-30

Applicant: Rockwell Automation Technologies, Inc.

Inventor： Jack M. Visoky ,  David E. Huffman ,  Taryl J. Jasper

IPC: H04L29/06 ,  H04L61/25

Abstract: A device may include a communication component that may communicatively couple to a first network. The device may also include a processor that may transmit a first signal via the communication component to a network address translation (NAT) system, the first signal including a first request to discover a server device. The NAT system may communicatively couple to the first network and a second network, such that the first network is inaccessible to the second network. The processor may then receive location data associated with the server device and transmit a second signal addressed to the server device based on the location data. The second signal is transmitted to the NAT system, such that the second signal may include a second request for a security policy from the server device. The processor may then receive the security policy via the NAT system and adjust one or more communication operations based on the security policy.

公开(公告)号：US11212322B2

公开(公告)日：2021-12-28

申请号：US16156305

申请日：2018-10-10

Applicant: Rockwell Automation Technologies, Inc.

Inventor： Alex L. Nicoll ,  Kyle Crum ,  Taryl J. Jasper ,  Michael A. Bush ,  Jack M. Visoky

IPC: H04L29/06

Abstract: An industrial security policy configuration system generates and implements security policies for industrial automation systems based on design data for the industrial systems generated by device manufacturers, system integrators, original equipment manufacturers, or the owners of the industrial assets during the design of the industrial systems. the collected design data to a security rule set defining device-level communication privileges. The system translates the collected design data to a security rule set defining device-level communication privileges, which are then translated to a comprehensive set of security policies customized to the requirements of the industrial systems represented by the design data. By leveraging the rich set of available design data to identify or infer security requirements and generate suitable security configurations, the system can mitigate the need to manually configure security policies based on human judgments regarding normal and abnormal network traffic.

公开(公告)号：US20210344725A1

公开(公告)日：2021-11-04

申请号：US16863699

申请日：2020-04-30

Applicant: Rockwell Automation Technologies, Inc.

Inventor： Jack M. Visoky ,  David E. Huffman ,  Taryl J. Jasper

IPC: H04L29/06 ,  H04L29/12

Abstract: A device may include a communication component that may communicatively couple to a first network. The device may also include a processor that may transmit a first signal via the communication component to a network address translation (NAT) system, the first signal including a first request to discover a server device. The NAT system may communicatively couple to the first network and a second network, such that the first network is inaccessible to the second network. The processor may then receive location data associated with the server device and transmit a second signal addressed to the server device based on the location data. The second signal is transmitted to the NAT system, such that the second signal may include a second request for a security policy from the server device. The processor may then receive the security policy via the NAT system and adjust one or more communication operations based on the security policy.