US 12,335,271 B2
System, method and program for an industrial control system having assets that require different authentication and authorization levels for access
Takashi Ogura, Tokyo (JP); Junya Fujita, Tokyo (JP); Mitsuaki Ishiba, Tokyo (JP); and Toshihiko Nakano, Tokyo (JP)
Assigned to HITACHI, LTD., Tokyo (JP)
Filed by Hitachi, Ltd., Tokyo (JP)
Filed on Apr. 24, 2023, as Appl. No. 18/138,191.
Claims priority of application No. 2022-093882 (JP), filed on Jun. 9, 2022.
Prior Publication US 2023/0403284 A1, Dec. 14, 2023
Int. Cl. G06F 21/62 (2013.01); G06F 21/60 (2013.01); H04L 9/40 (2022.01); G06F 21/45 (2013.01); G06F 21/71 (2013.01)
CPC H04L 63/105 (2013.01) [H04L 63/0876 (2013.01)] 8 Claims
OG exemplary drawing
 
1. An authentication and authorization system that determines authentication and authorization to be used for performing authentication and/or authorization on an asset associated with a target system, which is an industrial control system, the authentication and authorization system comprising:
a storage device that stores management data and a software program; and
a processor that, upon executing the software program using the management data, configures the processor to:
acquire an authentication and authorization request for requesting the authentication and/or authorization when a request source asset requests a request destination asset to execute predetermined processing,
analyze the authentication and authorization request to specify at least one of asset statuses indicating target matters of the authentication and/or authorization for the request source asset and the request destination asset, a request level indicating a degree of confirmation required for the authentication and/or authorization in response to the authentication and authorization request, and a relationship between the request source asset and the request destination asset, and
determine the authentication and authorization to be used for the authentication and/or authorization in response to the authentication and authorization request, based on the specified at least one of the asset statuses, the request level, and the relationship,
wherein the management data includes asset status data including the asset statuses of the assets, and
wherein the processor is configured to analyze the authentication and authorization request to learn the request source asset and the request destination asset, and refers to the asset status data to specify the asset statuses of the request source asset and the request destination asset,
wherein the management data further includes authentication and authorization data that enables extraction of the authentication and authorization to be used for the authentication and/or authorization between the request source asset and the request destination asset, based on the asset statuses of the request source asset and the request destination asset, the request level, and the relationship between the request source asset and the request destination asset, and
wherein the processor is configured to determine the authentication and authorization to be used for the authentication and/or authorization in response to the authentication and authorization request with reference to the authentication and authorization data, based on the specified at least one of the asset statuses, the request level, and the relationship.