Patents by Inventor Taryl J. Jasper
Taryl J. Jasper has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240077852Abstract: An industrial topology discovery system autonomously discovers and documents industrial automation system topologies using orchestrated discovery agents of various types. The topology discovery system can reside on a cloud platform or another high level network and deploy discovery agents on plant networks and devices within an industrial facility. These discovery agents can implement different strategies for discovering system information, and can include agents configured to monitor and report on communication traffic across respective types of networks, agents configured to probe respective device types for identity and configuration information, and other types of agents.Type: ApplicationFiled: September 1, 2022Publication date: March 7, 2024Inventors: Taryl J. Jasper, Charles M. Rischar, Radek Bartman, Eryn Amara Danielle Manela, Clark L. Case, Roman Vitek
-
Publication number: 20240064174Abstract: An enterprise-level security policy management tool receives, via a graphical user interface (GUI), inputs defining a security policy configured to be deployed within an enterprise that operates one or more operational technology (OT) networks, generates the security policy based on the inputs, and transmits the security policy to one or more computing devices running respective other instantiations of the enterprise-level security policy management tool, wherein the respective other instantiations of the enterprise-level security policy management tool are configured to facilitate enforcement of the security policy within the one or more OT networks operated by the enterprise.Type: ApplicationFiled: August 17, 2022Publication date: February 22, 2024Inventors: Dustin A. Molzon, Taryl J. Jasper, Roch Mikolajczyk
-
Publication number: 20240053718Abstract: An industrial topology discovery system autonomously discovers and documents industrial automation system topologies using orchestrated discovery agents of various types. The topology discovery system can reside on a cloud platform or another high level network and deploy discovery agents on plant networks and devices within an industrial facility. These discovery agents can implement different strategies for discovering system information, and can include agents configured to monitor and report on communication traffic across respective types of networks, agents configured to probe respective device types for identity and configuration information, and other types of agents.Type: ApplicationFiled: August 15, 2022Publication date: February 15, 2024Inventors: Taryl J Jasper, Charles M Rischar, Radek Bartman, Roman Vitek
-
Publication number: 20240028009Abstract: A method includes receiving, from an enterprise network, data associated with one or more industrial automation systems operated by an enterprise, wherein the data includes design artifacts of the one or more industrial automation systems, run time data collected from the one or more industrial automation systems, or both, inputting the data to a machine learning-based security policy development engine to generate a set of recommended security policies for the enterprise based on the data, receiving the set of recommended security policies for the one or more industrial automation systems output by the security policy development engine, wherein the set of recommended security policies define access, use, or both, of the one or more industrial automation systems operated by the enterprise; and transmitting the set of recommended security policies to the enterprise.Type: ApplicationFiled: July 21, 2022Publication date: January 25, 2024Inventors: Timothy C. Mirth, Taryl J. Jasper, Terence S. Tenorio, Thaddeus A. Palus
-
Publication number: 20240031445Abstract: Performing multi-layer network discovery of an operational technology (OT) network includes receiving a plurality of discovery data sets, each identifying a respective subset of a plurality of nodes within an OT network having a plurality of network layers, wherein the respective subset of the plurality of nodes for a first discovery data set are disposed within at least two network layers of the plurality of network layers, identifying a set of nodes within the OT network that appear in two or more of the plurality of discovery data sets, generating a holistic discovery data set for the OT network based on the plurality of discovery data sets and the identified set of nodes within the OT network that appear in the two or more of the plurality of discovery data sets, and generating a visualization of the plurality of nodes within the OT network based on the holistic discovery data set.Type: ApplicationFiled: July 19, 2022Publication date: January 25, 2024Inventors: Timothy C. Mirth, Taryl J. Jasper, Terence S. Tenorio, Thaddeus A. Palus
-
Publication number: 20240020741Abstract: A centralized industrial catalog system aggregates product information from disparate sources and globally synchronizes updated catalog information to local versions of the product catalog at customer sites. The catalog system can execute as a service on a cloud platform accessible to end user applications or local catalogs. The catalog system serves as a scalable global authority for known product information for either a single product vendor or for multiple vendors. The industrial catalog system can ensure that local versions of product catalog content is synchronized with high-level sources.Type: ApplicationFiled: July 18, 2022Publication date: January 18, 2024Inventors: Taryl J. Jasper, Charles M. Rischar, Anthony J. DiBlasio, Clark L. Case
-
Publication number: 20240019834Abstract: A security device includes one or more processors and a memory that includes instructions, that when executed by the processors, cause the processors to perform operations. The operations include monitoring data traffic between industrial automation devices in an industrial system and one or more devices in an external network, determining that a first industrial automation device does not include native security features for receiving secure data from the devices in the external network or transmitting secure data to the devices in the external network, and implementing one or more security techniques in response to determining that the first industrial automation device does not include the native security features.Type: ApplicationFiled: July 13, 2022Publication date: January 18, 2024Inventors: Jack M. Visoky, Taryl J. Jasper, Kyle E. Neet, Jessica E. Forguites, William J. Petro, David E. Huffman
-
SYSTEMS AND METHODS FOR AUTOMATICALLY DEPLOYING SECURITY UPDATES IN AN OPERATIONS TECHNOLOGY NETWORK
Publication number: 20230421615Abstract: A system includes a first computing node of a cluster of computing nodes that are part of a container orchestration system, a control system for controlling one or more operations of an operation technology (OT) component, and a second node of the cluster of computing nodes. The control system is communicatively coupled to the first computing node and the OT component. The second computing node may transmit a pod to the first computing node. The pod may cause the first computing node to perform operations that include deploying a container as a digital representation of the OT component, testing a security update on the digital representation, determining that the security update is ready for implementation in the OT component, and transmitting an indication that the security update is available for implementation to the OT component after determining that the security update is ready for implementation.Type: ApplicationFiled: June 28, 2022Publication date: December 28, 2023Inventors: Jack M. Visoky, Taryl J. Jasper -
Patent number: 11294351Abstract: An automation control system is provided that includes one or more components. The components include an embedded execution engine that is configured to execute one or more commands based upon data communicated to the one or more components from another component of the automation control system. The data is representative of a change to an object in the control system.Type: GrantFiled: March 7, 2019Date of Patent: April 5, 2022Assignee: Rockwell Automation Technologies, Inc.Inventors: Douglas J. Reichard, Joseph Bronikowski, Michael D. Kalan, Steven John Kowal, Subbian Govindaraj, Taryl J. Jasper, Kenneth S. Plache, Douglas W. Reid, Charles Rischar
-
Patent number: 11271974Abstract: A device may include a communication component that may communicatively couple to a first network. The device may also include a processor that may transmit a first signal via the communication component to a network address translation (NAT) system, the first signal including a first request to discover a server device. The NAT system may communicatively couple to the first network and a second network, such that the first network is inaccessible to the second network. The processor may then receive location data associated with the server device and transmit a second signal addressed to the server device based on the location data. The second signal is transmitted to the NAT system, such that the second signal may include a second request for a security policy from the server device. The processor may then receive the security policy via the NAT system and adjust one or more communication operations based on the security policy.Type: GrantFiled: April 30, 2020Date of Patent: March 8, 2022Assignee: Rockwell Automation Technologies, Inc.Inventors: Jack M. Visoky, David E. Huffman, Taryl J. Jasper
-
Patent number: 11212322Abstract: An industrial security policy configuration system generates and implements security policies for industrial automation systems based on design data for the industrial systems generated by device manufacturers, system integrators, original equipment manufacturers, or the owners of the industrial assets during the design of the industrial systems. the collected design data to a security rule set defining device-level communication privileges. The system translates the collected design data to a security rule set defining device-level communication privileges, which are then translated to a comprehensive set of security policies customized to the requirements of the industrial systems represented by the design data. By leveraging the rich set of available design data to identify or infer security requirements and generate suitable security configurations, the system can mitigate the need to manually configure security policies based on human judgments regarding normal and abnormal network traffic.Type: GrantFiled: October 10, 2018Date of Patent: December 28, 2021Assignee: ROCKWELLL AUTOMATION TECHNOLOGIES, INC.Inventors: Alex L. Nicoll, Kyle Crum, Taryl J. Jasper, Michael A. Bush, Jack M. Visoky
-
Publication number: 20210344725Abstract: A device may include a communication component that may communicatively couple to a first network. The device may also include a processor that may transmit a first signal via the communication component to a network address translation (NAT) system, the first signal including a first request to discover a server device. The NAT system may communicatively couple to the first network and a second network, such that the first network is inaccessible to the second network. The processor may then receive location data associated with the server device and transmit a second signal addressed to the server device based on the location data. The second signal is transmitted to the NAT system, such that the second signal may include a second request for a security policy from the server device. The processor may then receive the security policy via the NAT system and adjust one or more communication operations based on the security policy.Type: ApplicationFiled: April 30, 2020Publication date: November 4, 2021Inventors: Jack M. Visoky, David E. Huffman, Taryl J. Jasper
-
Patent number: 10721223Abstract: A secure method for establishing communications to provision modules in an industrial control system generates a certificate signing request to obtain a signed security certificate. A mobile device is located proximate to the module with the certificate signing request, and the mobile device has previously established itself as a secure communication interface on the network. The mobile device establishes a first connection between the module and the mobile device via a short-range protocol and a s second connection between the mobile device and a signing server via a network. The mobile device retrieves the certificate signing request via the first connection and transmits the certificate signing request to the signing server via the second connection. Because the mobile device has previously established itself as a secure interface, the transmission of the certificate signing request to the signing server may be made via a secure connection.Type: GrantFiled: April 12, 2018Date of Patent: July 21, 2020Assignee: Rockwell Automation Technologies, Inc.Inventors: Taryl J. Jasper, Dukki Chung, Jack M. Visoky, Michael A. Bush
-
Patent number: 10678950Abstract: Industrial controller modules are configured with security components that implement backplane-level security protocols, thereby preventing installation of unauthorized modular devices on the backplane of an industrial controller. When a modular device is installed in the controller's chassis and interface with the backplane, security components in the processor module or other supervisory module initiates exchange of authentication data with the modular device via the backplane. The authentication data can comprise one or more security challenges to which the modular device must respond correctly before the modular device is permitted to operate on the backplane. These backplane-level security protocols can prevent installation of rogue modules that may be used to collect proprietary control data or interfere with control processes.Type: GrantFiled: January 26, 2018Date of Patent: June 9, 2020Assignee: Rockwell Automation Technologies, Inc.Inventors: Michael A. Bush, Taryl J. Jasper, Kevin M. Tambascio
-
Publication number: 20200120143Abstract: An industrial security policy configuration system generates and implements security policies for industrial automation systems based on design data for the industrial systems generated by device manufacturers, system integrators, original equipment manufacturers, or the owners of the industrial assets during the design of the industrial systems. the collected design data to a security rule set defining device-level communication privileges. The system translates the collected design data to a security rule set defining device-level communication privileges, which are then translated to a comprehensive set of security policies customized to the requirements of the industrial systems represented by the design data. By leveraging the rich set of available design data to identify or infer security requirements and generate suitable security configurations, the system can mitigate the need to manually configure security policies based on human judgments regarding normal and abnormal network traffic.Type: ApplicationFiled: October 10, 2018Publication date: April 16, 2020Inventors: Alex L. Nicoll, Kyle Crum, Taryl J. Jasper, Michael A. Bush, Jack M. Visoky
-
Publication number: 20190319943Abstract: A secure method for establishing communications to provision modules in an industrial control system generates a certificate signing request to obtain a signed security certificate. A mobile device is located proximate to the module with the certificate signing request, and the mobile device has previously established itself as a secure communication interface on the network. The mobile device establishes a first connection between the module and the mobile device via a short-range protocol and a s second connection between the mobile device and a signing server via a network. The mobile device retrieves the certificate signing request via the first connection and transmits the certificate signing request to the signing server via the second connection. Because the mobile device has previously established itself as a secure interface, the transmission of the certificate signing request to the signing server may be made via a secure connection.Type: ApplicationFiled: April 12, 2018Publication date: October 17, 2019Inventors: Taryl J. Jasper, Dukki Chung, Jack M. Visoky, Michael A. Bush
-
Publication number: 20190236313Abstract: Industrial controller modules are configured with security components that implement backplane-level security protocols, thereby preventing installation of unauthorized modular devices on the backplane of an industrial controller. When a modular device is installed in the controller's chassis and interface with the backplane, security components in the processor module or other supervisory module initiates exchange of authentication data with the modular device via the backplane. The authentication data can comprise one or more security challenges to which the modular device must respond correctly before the modular device is permitted to operate on the backplane. These backplane-level security protocols can prevent installation of rogue modules that may be used to collect proprietary control data or interfere with control processes.Type: ApplicationFiled: January 26, 2018Publication date: August 1, 2019Inventors: Michael A. Bush, Taryl J. Jasper, Kevin M. Tambascio
-
Publication number: 20190204805Abstract: An automation control system is provided that includes one or more components. The components include an embedded execution engine that is configured to execute one or more commands based upon data communicated to the one or more components from another component of the automation control system. The data is representative of a change to an object in the control system.Type: ApplicationFiled: March 7, 2019Publication date: July 4, 2019Inventors: Douglas J. Reichard, Joseph Bronikowski, Michael D. Kalan, Steven John Kowal, Subbian Govindaraj, Taryl J. Jasper, Kenneth S. Plache, Douglas w. Reid, Charles Rischar
-
Patent number: 10228679Abstract: An automation control system is provided that includes one or more components. The components include an embedded execution engine that is configured to execute one or more commands based upon data communicated to the one or more components from another component of the automation control system. The data is representative of a change to an object in the control system.Type: GrantFiled: October 29, 2012Date of Patent: March 12, 2019Assignee: Rockwell Automation Technologies, Inc.Inventors: Douglas J. Reichard, Joseph Bronikowski, Michael D. Kalan, Steven John Kowal, Subbian Govindaraj, Taryl J. Jasper, Kenneth S. Plache, Douglas W. Reid, Charles Rischar
-
Patent number: 10097585Abstract: A model-based industrial security policy configuration system implements a plant-wide industrial asset security policy in accordance with security policy definitions provided by a user. The configuration system models the collection of industrial assets for which diverse security policies are to be implemented. An interface allows the user to define security policies for a plant environment at a high-level by grouping the industrial assets into security zones, and defining any additional communication permissions in terms of asset-to-asset, asset-to-zone, or zone-to-zone conduits. Based on the model and these policy definitions, the system generates asset-level security setting instructions configured to set appropriate security settings on one or more of the industrial assets, and deploys these instructions to the appropriate assets in order to implement the defined security policy.Type: GrantFiled: May 5, 2016Date of Patent: October 9, 2018Assignee: Rockwell Automation Technologies, Inc.Inventors: Michael A. Bush, Jack M. Visoky, Taryl J. Jasper