Patents by Inventor Craig D. Anderson
Craig D. Anderson has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10862902Abstract: Automation security in a networked-based industrial controller environment is implemented. Various components, systems and methodologies are provided to facilitate varying levels of automation security in accordance with security analysis tools, security validation tools and/or security learning systems. The security analysis tool receives abstract factory models or descriptions for input and generates an output that can include security guidelines, components, topologies, procedures, rules, policies, and the like for deployment in an automation security network. The validation tools are operative in the automation security network, wherein the tools perform security checking and/or auditing functions, for example, to determine if security components are in place and/or in suitable working order.Type: GrantFiled: July 19, 2016Date of Patent: December 8, 2020Assignee: ROCKWELL AUTOMATION TECHNOLOGIES, INC.Inventors: David D. Brandt, Kenwood Hall, Mark Burton Anderson, Craig D. Anderson, George Bradford Collins
-
Patent number: 10091208Abstract: Selectively enabling communication of dual protocol packets from a source device directed to a service of an object class at target devices is provided. Steps can include providing an access control database including an entry correlating a source device, an object class and a service of the object class; from a source device, receiving a dual protocol packet including a frame and a field according to a first network communication protocol and an encapsulated packet of a second network communication protocol; obtaining from the frame, an identification of the source device; obtaining from the encapsulated packet, an identification and a service of an object class to which the encapsulated packet is directed; comparing the identification of the source device, the identification and service of the object class, and the entry of the access control database; and selectively transmitting the dual protocol packet as a function of the comparison.Type: GrantFiled: May 27, 2016Date of Patent: October 2, 2018Assignee: ROCKWELL AUTOMATION TECHNOLOGIES, INC.Inventors: David D Brandt, Brian A Batke, Bryan L Singer, Craig D Anderson, Glenn B Schulz, Michael A Bush, John C Wilkinson, Jr., Ramdas M Pai, Steven J Scott
-
Publication number: 20160330222Abstract: Automation security in a networked-based industrial controller environment is implemented. Various components, systems and methodologies are provided to facilitate varying levels of automation security in accordance with security analysis tools, security validation tools and/or security learning systems. The security analysis tool receives abstract factory models or descriptions for input and generates an output that can include security guidelines, components, topologies, procedures, rules, policies, and the like for deployment in an automation security network. The validation tools are operative in the automation security network, wherein the tools perform security checking and/or auditing functions, for example, to determine if security components are in place and/or in suitable working order.Type: ApplicationFiled: July 19, 2016Publication date: November 10, 2016Inventors: David D. Brandt, Kenwood Hall, Mark Burton Anderson, Craig D. Anderson, George Bradford Collins
-
Publication number: 20160277416Abstract: Selectively enabling communication of dual protocol packets from a source device directed to a service of an object class at target devices is provided. Steps can include providing an access control database including an entry correlating a source device, an object class and a service of the object class; from a source device, receiving a dual protocol packet including a frame and a field according to a first network communication protocol and an encapsulated packet of a second network communication protocol; obtaining from the frame, an identification of the source device; obtaining from the encapsulated packet, an identification and a service of an object class to which the encapsulated packet is directed; comparing the identification of the source device, the identification and service of the object class, and the entry of the access control database; and selectively transmitting the dual protocol packet as a function of the comparison.Type: ApplicationFiled: May 27, 2016Publication date: September 22, 2016Inventors: DAVID D BRANDT, BRIAN A BATKE, BRYAN L SINGER, CRAIG D ANDERSON, GLENN B SCHULZ, MICHAEL A BUSH, JOHN C WILKINSON, RAMDAS M PAI, STEVEN J SCOTT
-
Patent number: 9412073Abstract: Automation security in a networked-based industrial controller environment is implemented. Various components, systems and methodologies are provided to facilitate varying levels of automation security in accordance with security analysis tools, security validation tools and/or security learning systems. The security analysis tool receives abstract factory models or descriptions for input and generates an output that can include security guidelines, components, topologies, procedures, rules, policies, and the like for deployment in an automation security network. The validation tools are operative in the automation security network, wherein the tools perform security checking and/or auditing functions, for example, to determine if security components are in place and/or in suitable working order.Type: GrantFiled: April 7, 2015Date of Patent: August 9, 2016Assignee: ROCKWELL AUTOMATION TECHNOLOGIES, INC.Inventors: David D. Brandt, Kenwood Hall, Mark Burton Anderson, Craig D. Anderson, George Bradford Collins
-
Patent number: 9369436Abstract: Method and apparatus for use with systems including networked resources where communication between resources is via dual packet protocols wherein a first protocol includes a frame that specifies a destination device/resource and a data field and the second protocol specifies a final destination device/resource and includes a data field, where the second packets are encapsulated in the first protocol packet frames, the method including specifying access control information for resources, for each first protocol packet transmitted on the network, intercepting the first protocol packet prior to the first protocol destination resource, examining a subset of the additional embedded packet information to identify one of the intermediate path resources and the final destination resource, identifying the access control information associated with the identified at least one of the intermediate path resources and the final destination resource and restricting transmission of the first protocol packet as a function ofType: GrantFiled: May 15, 2014Date of Patent: June 14, 2016Assignee: Rockwell Automation Technologies, Inc.Inventors: David D Brandt, Brian A Batke, Bryan L Singer, Craig D Anderson, Glenn B Schulz, Michael A Bush, John C Wilkinson, Jr., Ramdas M Pai, Steven J Scott
-
Publication number: 20150213369Abstract: Automation security in a networked-based industrial controller environment is implemented. Various components, systems and methodologies are provided to facilitate varying levels of automation security in accordance with security analysis tools, security validation tools and/or security learning systems. The security analysis tool receives abstract factory models or descriptions for input and generates an output that can include security guidelines, components, topologies, procedures, rules, policies, and the like for deployment in an automation security network. The validation tools are operative in the automation security network, wherein the tools perform security checking and/or auditing functions, for example, to determine if security components are in place and/or in suitable working order.Type: ApplicationFiled: April 7, 2015Publication date: July 30, 2015Applicant: ROCKWELL AUTOMATION TECHNOLOGIES, INC.Inventors: David D. Brandt, Kenwood Hall, Mark Burton Anderson, Craig D. Anderson, George Bradford Collins
-
Patent number: 9009084Abstract: The present invention relates to a system and methodology facilitating automation security in a networked-based industrial controller environment. Various components, systems and methodologies are provided to facilitate varying levels of automation security in accordance with security analysis tools, security validation tools and/or security learning systems. The security analysis tool receives abstract factory models or descriptions for input and generates an output that can include security guidelines, components, topologies, procedures, rules, policies, and the like for deployment in an automation security network. The validation tools are operative in the automation security network, wherein the tools perform security checking and/or auditing functions, for example, to determine if security components are in place and/or in suitable working order.Type: GrantFiled: August 23, 2012Date of Patent: April 14, 2015Assignee: Rockwell Automation Technologies, Inc.Inventors: David D. Brandt, Kenwood Hall, Mark Burton Anderson, Craig D. Anderson, George Bradford Collins
-
Publication number: 20150067844Abstract: The present invention relates to a system and methodology facilitating automation security in a networked-based industrial controller environment. Various components, systems and methodologies are provided to facilitate varying levels of automation security in accordance with security analysis tools, security validation tools and/or security learning systems. The security analysis tool receives abstract factory models or descriptions for input and generates an output that can include security guidelines, components, topologies, procedures, rules, policies, and the like for deployment in an automation security network. The validation tools are operative in the automation security network, wherein the tools perform security checking and/or auditing functions, for example, to determine if security components are in place and/or in suitable working order.Type: ApplicationFiled: November 6, 2014Publication date: March 5, 2015Inventors: David D. Brandt, Kenwood Hall, Mark Burton Anderson, Craig D. Anderson, George Bradford Collins
-
Patent number: 8909926Abstract: The present invention relates to a system and methodology facilitating automation security in a networked-based industrial controller environment. Various components, systems and methodologies are provided to facilitate varying levels of automation security in accordance with security analysis tools, security validation tools and/or security learning systems. The security analysis tool receives abstract factory models or descriptions for input and generates an output that can include security guidelines, components, topologies, procedures, rules, policies, and the like for deployment in an automation security network. The validation tools are operative in the automation security network, wherein the tools perform security checking and/or auditing functions, for example, to determine if security components are in place and/or in suitable working order.Type: GrantFiled: September 12, 2003Date of Patent: December 9, 2014Assignee: Rockwell Automation Technologies, Inc.Inventors: David D. Brandt, Kenwood Hall, Mark Burton Anderson, Craig D. Anderson, George Bradford Collins
-
Publication number: 20140259099Abstract: Methods and apparatus for controlling access in an electronic network include receiving a communication from a source device, the communication comprising a first protocol packet having first protocol packet information including a first protocol destination resource identifier, wherein a second protocol packet is embedded in the first protocol packet; retrieving at least one access rule based on at least one characteristic of the second protocol packet; applying the at least one access rule to at least one characteristic of the first protocol packet to determine an access rule outcome; and controlling access of the communication to a first protocol destination resource associated with the first protocol destination resource identifier according to the access rule outcome.Type: ApplicationFiled: May 23, 2014Publication date: September 11, 2014Inventors: David D. Brandt, Brian A. Batke, Bryan L. Singer, Craig D. Anderson, Glenn B. Schulz, Michael A. Bush, John C. Wilkinson, JR., Ramdas M. Pai, Steven J. Scott
-
Publication number: 20140250493Abstract: Method and apparatus for use with systems including networked resources where communication between resources is via dual packet protocols wherein a first protocol includes a frame that specifies a destination device/resource and a data field and the second protocol specifies a final destination device/resource and includes a data field, where the second packets are encapsulated in the first protocol packet frames, the method including specifying access control information for resources, for each first protocol packet transmitted on the network, intercepting the first protocol packet prior to the first protocol destination resource, examining a subset of the additional embedded packet information to identify one of the intermediate path resources and the final destination resource, identifying the access control information associated with the identified at least one of the intermediate path resources and the final destination resource and restricting transmission of the first protocol packet as a function ofType: ApplicationFiled: May 15, 2014Publication date: September 4, 2014Inventors: David D. Brandt, Brian A. Batke, Bryan L. Singer, Craig D. Anderson, Glenn B. Schulz, Michael A. Bush, John C. Wilkinson, JR., Ramdas M. Pai, Steven J. Scott
-
Publication number: 20140250520Abstract: Method and apparatus for use with systems including networked resources where communication between resources is via dual packet protocols wherein a first protocol includes a frame that specifies a destination device/resource and a data field and the second protocol specifies a final destination device/resource and includes a data field, where the second packets are encapsulated in the first protocol packet frames, the method including specifying access control information for resources, for each first protocol packet transmitted on the network, intercepting the first protocol packet prior to the first protocol destination resource, examining a subset of the additional embedded packet information to identify one of the intermediate path resources and the final destination resource, identifying the access control information associated with the identified at least one of the intermediate path resources and the final destination resource and restricting transmission of the first protocol packet as a function ofType: ApplicationFiled: May 15, 2014Publication date: September 4, 2014Inventors: David D. Brandt, Brian A. Batke, Bryan L. Singer, Craig D. Anderson, Glenn B. Schulz, Michael A. Bush, John C. Wilkinson, JR., Ramdas M. Pai, Steven J. Scott
-
Patent number: 8774186Abstract: Method and apparatus for use with systems including networked resources where communication between resources is via dual packet protocols wherein a first protocol includes a frame that specifies a destination device/resource and a data field and the second protocol specifies a final destination device/resource and includes a data field, where the second packets are encapsulated in the first protocol packet frames, the method including specifying access control information for resources, for each first protocol packet transmitted on the network, intercepting the first protocol packet prior to the first protocol destination resource, examining a subset of the additional embedded packet information to identify one of the intermediate path resources and the final destination resource, identifying the access control information associated with the identified at least one of the intermediate path resources and the final destination resource and restricting transmission of the first protocol packet as a function ofType: GrantFiled: July 14, 2011Date of Patent: July 8, 2014Assignee: Rockwell Automation Technologies, Inc.Inventors: David D. Brandt, Brian A. Batke, Bryan L. Singer, Craig D. Anderson, Glenn B. Schulz, Michael A. Bush, John C. Wilkinson, Jr., Ramdas M. Pai, Steven J. Scott
-
Publication number: 20130031037Abstract: The present invention relates to a system and methodology facilitating automation security in a networked-based industrial controller environment. Various components, systems and methodologies are provided to facilitate varying levels of automation security in accordance with security analysis tools, security validation tools and/or security learning systems. The security analysis tool receives abstract factory models or descriptions for input and generates an output that can include security guidelines, components, topologies, procedures, rules, policies, and the like for deployment in an automation security network. The validation tools are operative in the automation security network, wherein the tools perform security checking and/or auditing functions, for example, to determine if security components are in place and/or in suitable working order.Type: ApplicationFiled: August 23, 2012Publication date: January 31, 2013Applicant: ROCKWELL AUTOMATION TECHNOLOGIES, INC.Inventors: David D. Brandt, Kenwood Hall, Mark Burton Anderson, Craig D. Anderson, George Bradford Collins
-
Publication number: 20110283350Abstract: Method and apparatus for use with systems including networked resources where communication between resources is via dual packet protocols wherein a first protocol includes a frame that specifies a destination device/resource and a data field and the second protocol specifies a final destination device/resource and includes a data field, where the second packets are encapsulated in the first protocol packet frames, the method including specifying access control information for resources, for each first protocol packet transmitted on the network, intercepting the first protocol packet prior to the first protocol destination resource, examining a subset of the additional embedded packet information to identify one of the intermediate path resources and the final destination resource, identifying the access control information associated with the identified at least one of the intermediate path resources and the final destination resource and restricting transmission of the first protocol packet as a function ofType: ApplicationFiled: July 14, 2011Publication date: November 17, 2011Inventors: David D. Brandt, Brian A. Batke, Bryan L. Singer, Craig D. Anderson, Glenn B. Schulz, Michael A. Bush, John C. Wilkinson, JR., Ramdas M. Pai, Steven J. Scott
-
Patent number: 7990967Abstract: The invention includes a method including the steps of specifying access control information for resources, for each first protocol packet transmitted on the network, intercepting the first protocol packet prior to a first protocol destination resource, examining embedded packet information to identify at least one of the intermediate path resources and the final destination resource, identifying the access control information associated with the identified at least one of the intermediate path resources and the final destination resource and restricting transmission of the first protocol packet as a function of the identified access control information.Type: GrantFiled: January 6, 2006Date of Patent: August 2, 2011Assignee: Rockwell Automation Technologies, Inc.Inventors: David D. Brandt, Brian A. Batke, Bryan L. Singer, Craig D. Anderson, Glenn B. Schulz, Michael A. Bush, John C. Wilkinson, Jr., Ramdas M. Pai, Steven J. Scott
-
Patent number: 7716489Abstract: A security system for disconnected automation devices comprises a central access control authority that provides access regulations that are received by a portable unit. An analysis component that determines whether access should be provided to a disconnected system based at least in part upon the access regulations. In accordance with an aspect of the present invention, for example, the access regulations can restrict access to a disconnected device for a particular timeframe.Type: GrantFiled: September 29, 2004Date of Patent: May 11, 2010Assignee: Rockwell Automation Technologies, Inc.Inventors: David D. Brandt, Michael A. Bush, Brian A. Batke, Mark B. Anderson, Jeffrey A. Shearer, Craig D. Anderson
-
Patent number: 7314169Abstract: An industrial automation security system comprises an access ticket relating to an industrial automation system. The access ticket comprises one or more restrictive attributes that restrict access rights to a portion of contents of the industrial automation system. A component that receives the access ticket grants access to the industrial automation system and the contents therein according to the one or more restrictive attributes.Type: GrantFiled: September 29, 2004Date of Patent: January 1, 2008Assignee: Rockwell Automation Technologies, Inc.Inventors: Taryl J. Jasper, Mark B. Anderson, Craig D. Anderson
-
Publication number: 20040117624Abstract: The present invention relates to a system and methodology facilitating automation security in a networked-based industrial controller environment. Various components, systems and methodologies are provided to facilitate varying levels of automation security in accordance with security analysis tools, security validation tools and/or security learning systems. The security analysis tool receives abstract factory models or descriptions for input and generates an output that can include security guidelines, components, topologies, procedures, rules, policies, and the like for deployment in an automation security network. The validation tools are operative in the automation security network, wherein the tools perform security checking and/or auditing functions, for example, to determine if security components are in place and/or in suitable working order.Type: ApplicationFiled: September 12, 2003Publication date: June 17, 2004Inventors: David D. Brandt, Kenwood Hall, Mark Burton Anderson, Craig D. Anderson, George Bradford Collins