| 发明名称 | Firewall method and apparatus for industrial systems | ||
| 摘要 | Method and apparatus for use with systems including networked resources where communication between resources is via dual packet protocols wherein a first protocol includes a frame that specifies a destination device/resource and a data field and the second protocol specifies a final destination device/resource and includes a data field, where the second packets are encapsulated in the first protocol packet frames, the method including specifying access control information for resources, for each first protocol packet transmitted on the network, intercepting the first protocol packet prior to the first protocol destination resource, examining a subset of the additional embedded packet information to identify one of the intermediate path resources and the final destination resource, identifying the access control information associated with the identified at least one of the intermediate path resources and the final destination resource and restricting transmission of the first protocol packet as a function of the identified access control information. | ||
| 申请公布号 | US9369436(B2) | 申请公布日期 | 2016.06.14 |
| 申请号 | US201414278225 | 申请日期 | 2014.05.15 |
| 申请人 | Rockwell Automation Technologies, Inc. | 发明人 | Brandt David D;Batke Brian A;Singer Bryan L;Anderson Craig D;Schulz Glenn B;Bush Michael A;Wilkinson, Jr. John C;Pai Ramdas M;Scott Steven J |
| 分类号 | H04L12/28;H04L29/06 | 主分类号 | H04L12/28 |
| 代理机构 | Quarles & Brady LLP | 代理人 | Quarles & Brady LLP |
| 主权项 | 1. An apparatus for selectively transmitting communications between a source device linked to a network and a target device linked to the network, the target device including at least one object and at least one service, and each communication specifying the at least one object and the at least one service related to the target device, the apparatus comprising: a firewall programmable to perform the steps of: interfacing with an access control database that correlates the source device with a plurality of target devices, objects, and services, the access control database including the target device, object, and service information, where the correlated plurality of target devices includes correlated target devices that the source device can access, and correlated services include services that the source device can initiate at a correlated object; receiving at least one communication transmitted from the source device to the target device; decapsulating the at least one communication to identify the target device and the related at least one object and the at least one service; comparing the identified target device, the related at least one object and the at least one service with the target device, object, and service information in the access control database; and selectively transmitting the at least one communication to the target device as a function of the comparing step. | ||
| 地址 | Mayfield Heights OH US | ||