Abstract: Techniques to facilitate protecting control programs used in an industrial automation environment are disclosed herein. In at least one implementation, control system content provided by a primary entity is received along with a primary security authority provided by the primary entity, wherein the primary security authority defines primary usage rights for the control system content granted to a secondary entity. A secondary security authority provided by the secondary entity is received, wherein the secondary security authority defines secondary usage rights for the control system content that further restrict the primary usage rights. A request is received from a user associated with the secondary entity to perform an action associated with the control system content, and the request is processed with the secondary security authority to determine if the user is authorized to perform the action associated with the control system content based on the secondary usage rights.

Abstract: Disclosed herein is a cushioning device that includes a first foam layer including a first top surface and a first bottom surface, the first foam layer including a plurality of first channels located in the first top surface. Further disclosed is a support fluid cell located in each of the plurality of first channels. Moreover, a second foam layer including a second top surface and a second bottom surface is disclosed, the second foam layer including a second channel located in the second top surface. The cushioning device includes a counterbalance fluid cell located in the second channel. The second foam layer is located underneath the first foam layer. The first foam layer, in combination with the support fluid cells, create a support surface configured to support a load of a person.

Abstract: Selectively enabling communication of dual protocol packets from a source device directed to a service of an object class at target devices is provided. Steps can include providing an access control database including an entry correlating a source device, an object class and a service of the object class; from a source device, receiving a dual protocol packet including a frame and a field according to a first network communication protocol and an encapsulated packet of a second network communication protocol; obtaining from the frame, an identification of the source device; obtaining from the encapsulated packet, an identification and a service of an object class to which the encapsulated packet is directed; comparing the identification of the source device, the identification and service of the object class, and the entry of the access control database; and selectively transmitting the dual protocol packet as a function of the comparison.

Abstract: Techniques to facilitate controlling access to objects associated with an industrial automation environment are disclosed. In at least one implementation, a policy set associated with an object type is created, wherein the policy set defines one or more actions that are allowed for at least one user group to perform with respect to the object type. An object of the object type is identified for security configuration, and a selection of the policy set associated with the object type to apply to the object is received. In response to the selection of the policy set, security is configured for the object by applying the policy set associated with the object type to the object.

Abstract: Techniques to facilitate protecting control programs used in an industrial automation environment are disclosed herein. In at least one implementation, control system content provided by a primary entity is received along with a primary security authority provided by the primary entity, wherein the primary security authority defines primary usage rights for the control system content granted to a secondary entity. A secondary security authority provided by the secondary entity is received, wherein the secondary security authority defines secondary usage rights for the control system content that further restrict the primary usage rights. A request is received from a user associated with the secondary entity to perform an action associated with the control system content, and the request is processed with the secondary security authority to determine if the user is authorized to perform the action associated with the control system content based on the secondary usage rights.

Abstract: Techniques to facilitate protecting control programs used in an industrial automation environment are disclosed herein. In at least one implementation, control system content provided by a primary entity is received along with a primary security authority provided by the primary entity, wherein the primary security authority defines primary usage rights for the control system content granted to a secondary entity. A secondary security authority provided by the secondary entity is received, wherein the secondary security authority defines secondary usage rights for the control system content that further restrict the primary usage rights. A request is received from a user associated with the secondary entity to perform an action associated with the control system content, and the request is processed with the secondary security authority to determine if the user is authorized to perform the action associated with the control system content based on the secondary usage rights.

Abstract: Techniques to facilitate protecting control programs used in an industrial automation environment are disclosed herein. In at least one implementation, control system content provided by a primary entity is received along with a primary security authority provided by the primary entity, wherein the primary security authority defines primary usage rights for the control system content granted to a secondary entity. A secondary security authority provided by the secondary entity is received, wherein the secondary security authority defines secondary usage rights for the control system content that further restrict the primary usage rights. A request is received from a user associated with the secondary entity to perform an action associated with the control system content, and the request is processed with the secondary security authority to determine if the user is authorized to perform the action associated with the control system content based on the secondary usage rights.

Abstract: Techniques to facilitate controlling access to objects associated with an industrial automation environment are disclosed. In at least one implementation, a policy set associated with an object type is created, wherein the policy set defines one or more actions that are allowed for at least one user group to perform with respect to the object type. An object of the object type is identified for security configuration, and a selection of the policy set associated with the object type to apply to the object is received. In response to the selection of the policy set, security is configured for the object by applying the policy set associated with the object type to the object.

Abstract: Selectively enabling communication of dual protocol packets from a source device directed to a service of an object class at target devices is provided. Steps can include providing an access control database including an entry correlating a source device, an object class and a service of the object class; from a source device, receiving a dual protocol packet including a frame and a field according to a first network communication protocol and an encapsulated packet of a second network communication protocol; obtaining from the frame, an identification of the source device; obtaining from the encapsulated packet, an identification and a service of an object class to which the encapsulated packet is directed; comparing the identification of the source device, the identification and service of the object class, and the entry of the access control database; and selectively transmitting the dual protocol packet as a function of the comparison.

Abstract: Method and apparatus for use with systems including networked resources where communication between resources is via dual packet protocols wherein a first protocol includes a frame that specifies a destination device/resource and a data field and the second protocol specifies a final destination device/resource and includes a data field, where the second packets are encapsulated in the first protocol packet frames, the method including specifying access control information for resources, for each first protocol packet transmitted on the network, intercepting the first protocol packet prior to the first protocol destination resource, examining a subset of the additional embedded packet information to identify one of the intermediate path resources and the final destination resource, identifying the access control information associated with the identified at least one of the intermediate path resources and the final destination resource and restricting transmission of the first protocol packet as a function of

Abstract: Disclosed herein is a cushioning device that includes a first foam layer including a first top surface and a first bottom surface, the first foam layer including a plurality of first channels located in the first top surface. Further disclosed is a support fluid cell located in each of the plurality of first channels. Moreover, a second foam layer including a second top surface and a second bottom surface is disclosed, the second foam layer including a second channel located in the second top surface. The cushioning device includes a counterbalance fluid cell located in the second channel. The second foam layer is located underneath the first foam layer. The first foam layer, in combination with the support fluid cells, create a support surface configured to support a load of a person.

Abstract: Disclosed herein is a cushioning device. The cushioning device includes a plurality of support fluid cells between a head end and a foot end of a support surface. The plurality of support fluid cells is configured for supporting a load of a person. Each of the plurality of support fluid cells includes a reforming element. The cushioning device includes a counterbalance system that has a structure configured to transfer fluid from a first support fluid cell located at a first location along the support surface to a first counterbalance fluid cell located at a second location when the pressure is increased in the first support fluid cell of the support surface. The first counterbalance fluid cell is positioned for counterbalancing a load on the plurality of support fluid cells of the support surface.

Abstract: Methods and apparatus for controlling access in an electronic network include receiving a communication from a source device, the communication comprising a first protocol packet having first protocol packet information including a first protocol destination resource identifier, wherein a second protocol packet is embedded in the first protocol packet; retrieving at least one access rule based on at least one characteristic of the second protocol packet; applying the at least one access rule to at least one characteristic of the first protocol packet to determine an access rule outcome; and controlling access of the communication to a first protocol destination resource associated with the first protocol destination resource identifier according to the access rule outcome.

Abstract: Method and apparatus for use with systems including networked resources where communication between resources is via dual packet protocols wherein a first protocol includes a frame that specifies a destination device/resource and a data field and the second protocol specifies a final destination device/resource and includes a data field, where the second packets are encapsulated in the first protocol packet frames, the method including specifying access control information for resources, for each first protocol packet transmitted on the network, intercepting the first protocol packet prior to the first protocol destination resource, examining a subset of the additional embedded packet information to identify one of the intermediate path resources and the final destination resource, identifying the access control information associated with the identified at least one of the intermediate path resources and the final destination resource and restricting transmission of the first protocol packet as a function of

Abstract: Method and apparatus for use with systems including networked resources where communication between resources is via dual packet protocols wherein a first protocol includes a frame that specifies a destination device/resource and a data field and the second protocol specifies a final destination device/resource and includes a data field, where the second packets are encapsulated in the first protocol packet frames, the method including specifying access control information for resources, for each first protocol packet transmitted on the network, intercepting the first protocol packet prior to the first protocol destination resource, examining a subset of the additional embedded packet information to identify one of the intermediate path resources and the final destination resource, identifying the access control information associated with the identified at least one of the intermediate path resources and the final destination resource and restricting transmission of the first protocol packet as a function of

Abstract: Method and apparatus for use with systems including networked resources where communication between resources is via dual packet protocols wherein a first protocol includes a frame that specifies a destination device/resource and a data field and the second protocol specifies a final destination device/resource and includes a data field, where the second packets are encapsulated in the first protocol packet frames, the method including specifying access control information for resources, for each first protocol packet transmitted on the network, intercepting the first protocol packet prior to the first protocol destination resource, examining a subset of the additional embedded packet information to identify one of the intermediate path resources and the final destination resource, identifying the access control information associated with the identified at least one of the intermediate path resources and the final destination resource and restricting transmission of the first protocol packet as a function of

Abstract: Systems and methods are provided for issuing unique identification credentials to a plurality of devices, and their constituent components, in an industrial control system. Identification credentials are granted by an identification authority and conveyed to each of the credentialed devices and/or component through an identity token. The identification credentials include (1) a unique device identifier, (2) an identification authority component identifier, and (3) an indication of the location of the identification authority component. To secure the issued credentials, such credentials are encrypted and the identification token can be embedded with biometrics features. Identification credentials provide for the following prominent features: (i) Secure access to a device form a client and (ii) determination a topology of a set of credentialed devices in an industrial control system. The topology is network agnostic and facilitates organizational modeling of processes in the industrial control system.

Abstract: Method and apparatus for use with systems including networked resources where communication between resources is via dual packet protocols wherein a first protocol includes a frame that specifies a destination device/resource and a data field and the second protocol specifies a final destination device/resource and includes a data field, where the second packets are encapsulated in the first protocol packet frames, the method including specifying access control information for resources, for each first protocol packet transmitted on the network, intercepting the first protocol packet prior to the first protocol destination resource, examining a subset of the additional embedded packet information to identify one of the intermediate path resources and the final destination resource, identifying the access control information associated with the identified at least one of the intermediate path resources and the final destination resource and restricting transmission of the first protocol packet as a function of

Abstract: An industrial automation system is provided. This includes at least one license component that is granted by a third party to permit access to a portion of an industrial control component. At least one protocol component that is based in part on a private key exchange facilitates authentication and access to the portion of the industrial control component.

Abstract: The invention includes a method including the steps of specifying access control information for resources, for each first protocol packet transmitted on the network, intercepting the first protocol packet prior to a first protocol destination resource, examining embedded packet information to identify at least one of the intermediate path resources and the final destination resource, identifying the access control information associated with the identified at least one of the intermediate path resources and the final destination resource and restricting transmission of the first protocol packet as a function of the identified access control information.