US 12,476,973 B2
Authentication/authorization framework for a process control or automation system
Antonio Ubach, Round Rock, TX (US); Narayanan Doraiswamy, Round Rock, TX (US); Sean Hernandez, Round Rock, TX (US); Mark J. Nixon, Thorndale, TX (US); Sireesha Dakoju, Round Rock, TX (US); Krishna Joshi, Round Rock, TX (US); and Matthew Villarrubia, Round Rock, TX (US)
Assigned to FISHER-ROSEMOUNT SYSTEMS, INC., Round Rock, TX (US)
Filed by FISHER-ROSEMOUNT SYSTEMS, INC., Round Rock, TX (US)
Filed on Sep. 28, 2023, as Appl. No. 18/374,557.
Application 18/374,557 is a continuation in part of application No. 18/223,395, filed on Jul. 18, 2023, granted, now 12,228,897.
Claims priority of provisional application 63/418,006, filed on Oct. 20, 2022.
Claims priority of provisional application 63/417,861, filed on Oct. 20, 2022.
Claims priority of provisional application 63/398,441, filed on Aug. 16, 2022.
Claims priority of provisional application 63/390,238, filed on Jul. 18, 2022.
Prior Publication US 2024/0031370 A1, Jan. 25, 2024
Int. Cl. G06F 15/173 (2006.01); G05B 19/042 (2006.01); H04L 9/40 (2022.01)
CPC H04L 63/101 (2013.01) [G05B 19/042 (2013.01); H04L 63/0807 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A system for authorizing entities to resources in a process control or automation system, the system comprising:
an authorization database storing indications of a respective set of role permissions for each role of a plurality of roles of the process control or automation system and indications of a respective set of roles for each entity of a plurality of entities of the process control or automation system;
an authorization service of the process control or automation system, the authorization service having read-only permissions for the authorization database and comprising a set of computer-executable instructions stored on one or more computer-readable media that, when executed by one or more processors, cause the system to, based on a request of an entity to access a resource of the process control or automation system:
determine a role of the requesting entity and access the authorization database to determine a set of role permissions of the role of the requesting entity, the requesting entity included in the plurality of entities and the requesting entity being a virtual or logical component of the process control or automation system implemented using an instantiated micro-encapsulated execution environment (MEEE);
grant access of the requesting entity to the resource when the set of role permissions and a set of resource access permissions for the resource are in accordance; and
deny access of the requesting entity to the resource when the set of role permissions and the set of resource access permissions are not in accordance; and
an entity administration service having read and write permissions for the authorization database, the entity administration service invoked by agents of the process control or automation system via a respective application programming interface (API) to at least one of:
define one or more roles included in the plurality of roles;
define respective mappings of the one or more roles to the respective sets of role permissions of the one or more roles;
define respective mappings of one or more entities included in the plurality of entities to the respective sets of roles of the one or more entities; or
define respective scopes of access of the one or more roles to respective one or more resources.