Digital rights management system and method -> Monitor Keywords
Fresh Patents
Monitor Patents Patent Organizer How to File a Provisional Patent Browse Inventors Browse Industry Browse Agents Browse Locations
     new ** File a Provisional Patent ** 
site info Site News  |  monitor Monitor Keywords  |  monitor archive Monitor Archive  |  organizer Organizer  |  account info Account Info  |  
10/13/05 | 29 views | #20050229004 | Prev - Next | USPTO Class 713 | About this Page  713 rss/xml feed  monitor keywords

Digital rights management system and method

USPTO Application #: 20050229004
Title: Digital rights management system and method
Abstract: The present invention concerns application of digital rights management to industrial automation devices including programmable logic controllers (PLCs), I/O devices, and communication adapters. Digital rights management involves a set of technologies for controlling and managing access to device objects and/or programs such as ladder logic programs. Access to automation device objects and/or programs can be managed by downloading rules of use that define user privileges with respect to automation devices and utilizing digital certificates, among other things, to verify the identity of a user desiring to interact with device programs, for example. Furthermore, the present invention provides for secure transmission of messages to and amongst automation devices utilizing public key cryptography associated with digital certificates.
(end of abstract)
Agent: Susan M. Donahue Rockwell Automation - Milwaukee, WI, US
Inventor: David M. Callaghan
USPTO Applicaton #: 20050229004 - Class: 713185000 (USPTO)
Related Patent Categories: Electrical Computers And Digital Processing Systems: Support, System Access Control Based On User Identification By Cryptography, Using Record Or Token
The Patent Description & Claims data below is from USPTO Patent Application 20050229004.
Brief Patent Description - Full Patent Description - Patent Application Claims  monitor keywords



TECHNICAL FIELD

[0001] The present invention relates generally to industrial control systems and more particularly towards digital rights management and secure communication to and amongst industrial automation devices.

BACKGROUND

[0002] Industrial controllers are special-purpose computers utilized for controlling industrial processes, manufacturing equipment, and other factory automation, such as data collection or networked systems. In accordance with a control program, the industrial controller, having an associated processor (or processors), measures one or more process variables or inputs reflecting the status of a controlled system, and changes outputs effecting control of such system. The inputs and outputs may be binary, (e.g., on or off), as well as analog inputs and outputs assuming a continuous range of values.

[0003] Measured inputs received from such systems and the outputs transmitted by the systems generally pass through one or more input/output (I/O) modules. These I/O modules serve as an electrical interface to the controller and may be located proximate to or remote from the controller including remote network interfaces to associated systems. Inputs and outputs may be recorded in an I/O table in processor memory, wherein input values may be asynchronously read from one or more input modules and output values written to the I/O table for subsequent communication to the control system by specialized communications circuitry (e.g., back plane interface, communications module). Output modules may interface directly with one or more control elements, by receiving an output from the I/O table to control a device such as a motor, valve, solenoid, amplifier, and the like.

[0004] At the core of the industrial control system, is a logic processor such as a Programmable Logic Controller (PLC) or PC-based controller. Programmable Logic Controllers for instance, are programmed by systems designers to operate manufacturing processes via user-designed logic programs or user programs. The user programs are stored in memory and generally executed by the PLC in a sequential manner although instruction jumping, looping and interrupt routines, for example, are also common. Associated with the user program are a plurality of memory elements or variables that provide dynamics to PLC operations and programs. These variables can be user-defined and can be defined as bits, bytes, words, integers, floating point numbers, timers, counters and/or other data types to name but a few examples.

[0005] Presently, industrial control systems have no viable means of controlling and managing access to industrial control programs and documents. Furthermore, there is little or no mechanism to secure communications to and amongst industrial control devices. In fact, one could purchase automation device control software load it on a computer and if they gain access to a local industrial system network could upload, download, and otherwise manipulate the operations of substantially all automation devices therein. Failure to provide reliable and secure communication devices such as controllers and I/O devices can at the very least be fiscally detrimental to a company employing such systems as some company employees could inadvertently or intentionally make changes to systems that cause a plant to shut down of operate inefficiently. Moreover, in today's world of corporate espionage and terrorism, vulnerable factory systems make for tempting targets. In extreme cases, vulnerable manufacturing systems can expose secure information such as trade secret processes. Moreover, the infiltration of malicious programs can result in catastrophic property damage and possibly loss of human life. Accordingly, there is a need in the art for a system and method of secure device communications and digital rights management in industrial control systems.

SUMMARY OF THE INVENTION

[0006] The following presents a simplified summary of the invention in order to provide a basic understanding of some aspects of the invention. This summary is not an extensive overview of the invention. It is not intended to identify key/critical elements of the invention or to delineate the scope of the invention. Its sole purpose is to present some concepts of the invention in a simplified form as a prelude to the more detailed description that is presented later.

[0007] One aspect of the present invention relates to a system and method of digital rights management for automation devices. An access component can be employed by select individuals or entities to define access rules. Access rules define the rights and privileges of individual users or entities with respect to automation devices programs, processes and other documents. For example, user A could be allowed to modify a ladder-logic program, while user B could only be allowed to view portions thereof. In addition, it should be appreciated that one or more individuals or entities can be identified by their role or position within an automation system. Hence, access rules can be defined based on roles. For example, only administrators are allowed to modify a program. Furthermore, digital certificates can be employed to facilitate identification of individuals and/or entities desirous of accessing or manipulating automation device programs, for instance. Additionally, other identification mechanisms can be employed separately or in combination with certificates to aid in identifying particular users including but not limited to subscriber identification module cards (SIM cards) and biometrics.

[0008] Another aspect of the invention provides for secure communication to and amongst industrial automation devices including controllers and I/O devices or modules. According to one aspect of the present invention, messages such as commands, programs, and data transfer are securely communicated employing public-key cryptography. In accordance therewith, automation devices can encrypt messages with a private key associated with and held in confidence by a particular device. Such a key can be built into an automation device (as well as other information and components such as the corresponding public key) according to a particular aspect of the invention. Alternatively, the key can be retrieved from a certification component, as described below. A message receiving automation device can then utilize a public key related to a particular private key to decrypt and subsequently read and/or process the sent message.

[0009] According to another aspect of the subject invention, a certification component can be employed locally within an industrial automation system. The certification component provides a local trusted authority to verify the identity of devices. In other words, I/O devices can identify themselves to controllers as real with a degree of certainty provided by the trusted certification component and controllers can identify themselves as real and deserving of trust to I/O devices. The certification component, therefore, provides a local mechanism to prevent spoofing or impersonation by malevolent persons or entities within a public key infrastructure.

[0010] According to another aspect, the subject invention can employ digital signatures to authenticate transmitted messages. In particular, hash functions or algorithms can be applied to a message to produce a message digest, which can be transmitted with the message and information regarding the hash function utilized to generate the message digest. Upon receipt of the digitally signed message component, the receiving automation device can employ provided hash information to generate a message digest utilizing the received message. If the message digest does not match the message digest provided with the sent message then a user or entity should be notified that the data has been corrupted during transmission.

[0011] According to still another aspect of the present invention, certificates can be utilized in conjunction with digital signatures to provide optimal security for communications between and amongst industrial automation devices.

[0012] The present invention is advantageous in that it provides a mechanism for secure communications amongst automaton devices, does not require Internet connectivity, or employment and payment of a third party provider of certificate authority service (e.g., VeriSign.TM.). Furthermore, access to and use of automation devices programs and other documents can be securely managed utilizing certificates as one mechanism for identifying users or entities.

[0013] To the accomplishment of the foregoing and related ends, certain illustrative aspects of the invention are described herein in connection with the following description and the annexed drawings. These aspects are indicative of various ways in which the invention may be practiced, all of which are intended to be covered by the present invention. Other advantages and novel features of the invention may become apparent from the following detailed description of the invention when considered in conjunction with the drawings.

BRIEF DESCRIPTION OF THE DRAWINGS

[0014] The foregoing and other aspects of the invention will become apparent from the following detailed description and the appended drawings described in brief hereinafter.

[0015] FIG. 1 is a schematic block diagram of digital rights management system in accordance with an aspect of the subject invention.

[0016] FIG. 2 is a schematic block diagram of a secure method of communications utilizing a certification component in accordance with an aspect of the present invention.

[0017] FIG. 3 is a schematic block diagram of an exemplary certificate component in accordance with an aspect of the present invention.

[0018] FIG. 4 is a schematic block diagram of a certificate management system in accordance with an aspect of the subject invention.

[0019] FIG. 5 is a schematic block diagram of an automation device communication system in accordance with an aspect of the present invention.

[0020] FIG. 6 is a schematic block diagram of a digital signature generation system in accordance with an aspect of the subject invention.

Continue reading...
Full patent description for Digital rights management system and method

Brief Patent Description - Full Patent Description - Patent Application Claims
Click on the above for other options relating to this Digital rights management system and method patent application.
###
monitor keywords

How KEYWORD MONITOR works... a FREE service from FreshPatents
1. Sign up (takes 30 seconds). 2. Fill in the keywords to be monitored.
3. Each week you receive an email with patent applications related to your keywords.  
Start now! - Receive info on patent apps like Digital rights management system and method or other areas of interest.
###


Previous Patent Application:
System and method for distributing personal identification numbers over a computer network
Next Patent Application:
Security badge arrangement
Industry Class:
Electrical computers and digital processing systems: support

###

Design/code © 2008 FreshContext LLC/Freshpatents.com. Website Terms and Conditions - Also read: About this Page
Patent data source: patents published by the United States Patent and Trademark Office (USPTO)
Information published here is for research/educational purposes only (and in conjunction with our Keyword Monitor) and is not meant to be used in place of the full USPTO patent document/images or a comprehensive patent archive search. Complete official applications are on file at the USPTO and often contain additional data/images (Freshpatents is currently text-only). FreshPatents.com is not affiliated with or endorsed by the USPTO or firms/individuals or products/designs/ideas related to listed patents.
FreshPatents.com Support
Thank you for viewing the Digital rights management system and method patent info.
IP-related news and info


Results in 1.2521 seconds


Other interesting Feshpatents.com categories:
Medical: Surgery Surgery(2) Surgery(3) Drug Drug(2) Prosthesis Dentistry