| 发明名称 | Role-based access control permissions | ||
| 摘要 | Devices, systems, and methods for role-based access control permissions are disclosed. One method includes a policy decision point that receives up-to-date security context information from one or more outside sources to determine whether to grant access for a data client to a portion of the system and creates an access vector including the determination; receiving, via a policy agent, a request by the data client for access to the portion of the computing system by the data client, wherein the policy agent checks to ensure there is a session established with communications and user/application enforcement points; receiving, via communications policy enforcement point, the request from the policy agent, wherein the communications policy enforcement point determines whether the data client is an authorized node, based upon the access vector received from the policy decision point; and receiving, via the user/application policy enforcement point, the request from the communications policy enforcement point. | ||
| 申请公布号 | US9635029(B2) | 申请公布日期 | 2017.04.25 |
| 申请号 | US201213682428 | 申请日期 | 2012.11.20 |
| 申请人 | Honeywell International Inc. | 发明人 | Staggs Kevin P.;Markham Thomas R.;Hull Roskos Julie J.;Chernoguzov Alexander |
| 分类号 | H04L29/06;G06F21/62 | 主分类号 | H04L29/06 |
| 代理机构 | Brooks, Cameron & Huebsch, PLLC | 代理人 | Brooks, Cameron & Huebsch, PLLC |
| 主权项 | 1. A method for providing role-based access control permissions, comprising: executing, by a processor, instructions stored on a memory to receive up-to-date security context information from one or more outside sources, including a certificate authority; executing, by the processor, instructions stored on the memory to receive a request made by a user interface for access to a portion of an industrial control system by the user interface; executing, by the processor, instructions stored on the memory to create an access vector responsive to the request for access; executing, by the processor, instructions stored on the memory to check to ensure there is a session established with a communications enforcement point and a user/application enforcement point; executing, by the processor, instructions stored on the memory to determine whether the user interface is an authorized node based upon the access vector; executing, by the processor, instructions stored on the memory to determine whether the user interface is using a proper application and whether the user is authorized, based upon the access vector; maintaining the access vector in a list of access vectors created; and maintaining a list of attempts to access the portion of the industrial control system that were blocked by a vector. | ||
| 地址 | Morris Plains NJ US | ||