Processing

Please wait...

PATENTSCOPE will be unavailable a few hours for maintenance reason on Saturday 31.10.2020 at 7:00 AM CET
Settings

Settings

Goto Application

1. WO2019055235 - SYSTEM AND METHOD TO CHECK AUTOMATION SYSTEM PROJECT SECURITY VULNERABILITIES

Publication Number WO/2019/055235
Publication Date 21.03.2019
International Application No. PCT/US2018/049093
International Filing Date 31.08.2018
IPC
H04L 29/06 2006.01
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
29Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/-H04L27/136
02Communication control; Communication processing
06characterised by a protocol
H04L 29/08 2006.01
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
29Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/-H04L27/136
02Communication control; Communication processing
06characterised by a protocol
08Transmission control procedure, e.g. data link level control procedure
CPC
G06F 11/3672
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
11Error detection; Error correction; Monitoring
36Preventing errors by testing or debugging software
3668Software testing
3672Test management
G06F 16/951
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
16Information retrieval; Database structures therefor; File system structures therefor
90Details of database functions independent of the retrieved data types
95Retrieval from the web
951Indexing; Web crawling techniques
G06F 21/577
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
577Assessing vulnerabilities and evaluating computer system security
G06F 2221/033
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
2221Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
033Test or assess software
G06F 8/77
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
8Arrangements for software engineering
70Software maintenance or management
77Software metrics
G06N 20/00
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
NCOMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS
20Machine learning
Applicants
  • SIEMENS CORPORATION [US]/[US]
Inventors
  • SONG, Zhen
  • MAJEED, Rizwan
  • MARTINEZ CANEDO, Arquimedes
  • REN, Guannan
  • QUIROS ARAYA, Gustavo Arturo
Agents
  • BRINK JR., John D.
Priority Data
62/558,54014.09.2017US
Publication Language English (EN)
Filing Language English (EN)
Designated States
Title
(EN) SYSTEM AND METHOD TO CHECK AUTOMATION SYSTEM PROJECT SECURITY VULNERABILITIES
(FR) SYSTÈME ET PROCÉDÉ POUR VÉRIFIER DES VULNÉRABILITÉS DE SÉCURITÉ DE PROJET DE SYSTÈME D'AUTOMATISATION
Abstract
(EN)
A system for checking security vulnerabilities for automation system design includes a security database, an Internet crawler application, and security service application. The security database stores descriptions of known software vulnerabilities related to an automation system. The Internet crawler application is configured to systematically browse the Internet to find new software vulnerabilities related to the automation system and index the new software vulnerability into the security database. The security service application retrieves, from the security database, potential software vulnerabilities related to a hardware/software configuration of the automation system. The security service application also identifies policies related to the potential vulnerabilities. Each policy describes a potential vulnerability and action to be performed in response to detection of the potential vulnerabilities. The security service applies the policies to the hardware/software configuration and software code corresponding to an automation application to identify actual vulnerabilities that can be displayed to a user.
(FR)
L'invention concerne un système de vérification de vulnérabilités de sécurité pour une conception d'un système d'automatisation, ledit système comprenant une base de données de sécurité, une application de robot d'indexation Internet et une application de service de sécurité. La base de données de sécurité mémorise des descriptions de vulnérabilités logicielles connues associées à un système d'automatisation. L'application de robot d'indexation Internet est configurée pour explorer systématiquement Internet pour trouver de nouvelles vulnérabilités logicielles associées au système d'automatisation et pour indexer la nouvelle vulnérabilité logicielle dans la base de données de sécurité. L'application de service de sécurité récupère, à partir de la base de données de sécurité, des vulnérabilités logicielles potentielles liées à une configuration matérielle/logicielle du système d'automatisation. L'application de service de sécurité identifie également des politiques associées aux vulnérabilités potentielles. Chaque politique décrit une vulnérabilité potentielle et une action à mener en réponse à la détection des vulnérabilités potentielles. Le service de sécurité applique les politiques à la configuration matérielle/logicielle et au code logiciel correspondant à une application d'automatisation pour identifier les vulnérabilités réelles qui peuvent être affichées à un utilisateur.
Also published as
Latest bibliographic data on file with the International Bureau