Abstract: Selectively enabling communication of dual protocol packets from a source device directed to a service of an object class at target devices is provided. Steps can include providing an access control database including an entry correlating a source device, an object class and a service of the object class; from a source device, receiving a dual protocol packet including a frame and a field according to a first network communication protocol and an encapsulated packet of a second network communication protocol; obtaining from the frame, an identification of the source device; obtaining from the encapsulated packet, an identification and a service of an object class to which the encapsulated packet is directed; comparing the identification of the source device, the identification and service of the object class, and the entry of the access control database; and selectively transmitting the dual protocol packet as a function of the comparison.

Abstract: For creating a hierarchical representation, generating functionality for a given asset, and effectuating the functionality, one or more processors to create a hierarchical representation in a data repository of a plurality of assets communicating on at least one network and employed to perform manufacturing within an industrial environment. The one or more processors analyze an electronic document that corresponds to the given asset and generate a functionality of the given asset from the electronic document. The one or more processors determine whether the hierarchical representation is organized according respective functionalities of the plurality of assets or respective physical locations of the plurality of assets in the industrial environment. The one or more processors effectuate the functionality of the given asset in response to a selection of the given asset and the functionality of the given asset.

Abstract: Selectively enabling communication of dual protocol packets from a source device directed to a service of an object class at target devices is provided. Steps can include providing an access control database including an entry correlating a source device, an object class and a service of the object class; from a source device, receiving a dual protocol packet including a frame and a field according to a first network communication protocol and an encapsulated packet of a second network communication protocol; obtaining from the frame, an identification of the source device; obtaining from the encapsulated packet, an identification and a service of an object class to which the encapsulated packet is directed; comparing the identification of the source device, the identification and service of the object class, and the entry of the access control database; and selectively transmitting the dual protocol packet as a function of the comparison.

Abstract: Method and apparatus for use with systems including networked resources where communication between resources is via dual packet protocols wherein a first protocol includes a frame that specifies a destination device/resource and a data field and the second protocol specifies a final destination device/resource and includes a data field, where the second packets are encapsulated in the first protocol packet frames, the method including specifying access control information for resources, for each first protocol packet transmitted on the network, intercepting the first protocol packet prior to the first protocol destination resource, examining a subset of the additional embedded packet information to identify one of the intermediate path resources and the final destination resource, identifying the access control information associated with the identified at least one of the intermediate path resources and the final destination resource and restricting transmission of the first protocol packet as a function of

Abstract: Methods and apparatus for controlling access in an electronic network include receiving a communication from a source device, the communication comprising a first protocol packet having first protocol packet information including a first protocol destination resource identifier, wherein a second protocol packet is embedded in the first protocol packet; retrieving at least one access rule based on at least one characteristic of the second protocol packet; applying the at least one access rule to at least one characteristic of the first protocol packet to determine an access rule outcome; and controlling access of the communication to a first protocol destination resource associated with the first protocol destination resource identifier according to the access rule outcome.

Abstract: Method and apparatus for use with systems including networked resources where communication between resources is via dual packet protocols wherein a first protocol includes a frame that specifies a destination device/resource and a data field and the second protocol specifies a final destination device/resource and includes a data field, where the second packets are encapsulated in the first protocol packet frames, the method including specifying access control information for resources, for each first protocol packet transmitted on the network, intercepting the first protocol packet prior to the first protocol destination resource, examining a subset of the additional embedded packet information to identify one of the intermediate path resources and the final destination resource, identifying the access control information associated with the identified at least one of the intermediate path resources and the final destination resource and restricting transmission of the first protocol packet as a function of

Abstract: Method and apparatus for use with systems including networked resources where communication between resources is via dual packet protocols wherein a first protocol includes a frame that specifies a destination device/resource and a data field and the second protocol specifies a final destination device/resource and includes a data field, where the second packets are encapsulated in the first protocol packet frames, the method including specifying access control information for resources, for each first protocol packet transmitted on the network, intercepting the first protocol packet prior to the first protocol destination resource, examining a subset of the additional embedded packet information to identify one of the intermediate path resources and the final destination resource, identifying the access control information associated with the identified at least one of the intermediate path resources and the final destination resource and restricting transmission of the first protocol packet as a function of

Abstract: Method and apparatus for use with systems including networked resources where communication between resources is via dual packet protocols wherein a first protocol includes a frame that specifies a destination device/resource and a data field and the second protocol specifies a final destination device/resource and includes a data field, where the second packets are encapsulated in the first protocol packet frames, the method including specifying access control information for resources, for each first protocol packet transmitted on the network, intercepting the first protocol packet prior to the first protocol destination resource, examining a subset of the additional embedded packet information to identify one of the intermediate path resources and the final destination resource, identifying the access control information associated with the identified at least one of the intermediate path resources and the final destination resource and restricting transmission of the first protocol packet as a function of

Abstract: Method and apparatus for use with systems including networked resources where communication between resources is via dual packet protocols wherein a first protocol includes a frame that specifies a destination device/resource and a data field and the second protocol specifies a final destination device/resource and includes a data field, where the second packets are encapsulated in the first protocol packet frames, the method including specifying access control information for resources, for each first protocol packet transmitted on the network, intercepting the first protocol packet prior to the first protocol destination resource, examining a subset of the additional embedded packet information to identify one of the intermediate path resources and the final destination resource, identifying the access control information associated with the identified at least one of the intermediate path resources and the final destination resource and restricting transmission of the first protocol packet as a function of

Abstract: An industrial automation system is provided. This includes at least one license component that is granted by a third party to permit access to a portion of an industrial control component. At least one protocol component that is based in part on a private key exchange facilitates authentication and access to the portion of the industrial control component.

Abstract: The invention includes a method including the steps of specifying access control information for resources, for each first protocol packet transmitted on the network, intercepting the first protocol packet prior to a first protocol destination resource, examining embedded packet information to identify at least one of the intermediate path resources and the final destination resource, identifying the access control information associated with the identified at least one of the intermediate path resources and the final destination resource and restricting transmission of the first protocol packet as a function of the identified access control information.

Abstract: The claimed subject matter provides a system and/or method that facilitates verifying an asset within an industrial environment based upon a programmatically defined state. A sensing component can determine a state of a process that corresponds to a programmatically defined state. A verification component can verify an asset associated with the process upon the sensing component that determines the state of the process.

Abstract: An industrial automation system is provided. This includes at least one license component that is granted by a third party to permit access to a portion of an industrial control component. At least one protocol component that is based in part on a private key exchange facilitates authentication and access to the portion of the industrial control component.

Abstract: An authentication protocol for an industrial automation system is provided. This includes at least one industrial control component that communicates security information across a network. At least one protocol component is provided that employs mutual authentication data that is based in part on a private key exchange to facilitate authentication of the industrial control component via the network.

Abstract: The claimed subject matter provides a system and/or method that facilitates asset management within an industrial environment. A data repository can retain a hierarchical representation of at least one asset persisted within a computer-readable medium. A receiver component can receive an input related to a selection of at least one asset and a respective asset management functionality. A management component can automatically effectuate the requested asset management functionality with respect to the asset within the industrial environment.