Methods, computer systems, and computer program products to prevent malware transmission (secure movement of materials to prevent malware transmission)
The system evaluates and mitigates malware risks in IoT devices by disabling or isolating them in automated material handling environments, preventing malware propagation to industrial robots and other machines.
Patent Information
- Authority / Receiving Office
- JP · JP
- Patent Type
- Patents
- Current Assignee / Owner
- INTERNATIONAL BUSINESS MACHINE CORPORATION
- Filing Date
- 2022-10-18
- Publication Date
- 2026-06-30
AI Technical Summary
Malware propagation from malware-affected IoT devices to industrial robots and other microprocessor-controlled machines in automated material handling environments poses a significant software security risk, potentially occurring through Bluetooth connectivity or ultrasonic signal transmission.
A system that evaluates malware scan reports for IoT devices, disables their wireless communication capabilities or powers them off if affected by malware, and transports them to a safe distance from other devices to prevent malware propagation.
Prevents malware from spreading to industrial robots and other machines by disabling or isolating affected IoT devices, enhancing software security in automated material handling environments.
Smart Images

Figure 0007882611000001 
Figure 0007882611000002 
Figure 0007882611000003
Abstract
Description
Technical Field
[0003] , ,
[0004]
[0001] The present invention generally relates to the field of computing, and more particularly to automated material handling.
Background Art
[0002] Material handling (MH) is the short-distance movement of materials within a building or between a building and a transport vehicle. In MH, a wide range of manual, semi-automatic, and automatic equipment is used. The use of automated equipment for MH includes robotics such as computer-controlled machines (mobile scanning devices, IoT devices, conveyors, etc.), automated guided vehicles, autonomous mobile robots, and industrial robots. MH also includes considerations regarding the protection, storage, and management of materials from manufacturing, warehousing, distribution, consumption, to disposal. Materials may include, in addition to raw materials, computing parts, computing objects, and microprocessor-controlled devices capable of transmitting and receiving data (e.g., IoT (Internet-of-Things) devices).
Summary of the Invention
Problems to be Solved by the Invention
[0003] Provided are a method, a computer system, and a computer program product for secure material movement to prevent the spread of malware.
Means for Solving the Problems
[0004] According to one embodiment, a method, a computer system, and a computer program product for preventing the propagation of malware are provided. The embodiment may include identifying malware scan reports for IoT (Internet-of-Things) devices in an automated material handling (AMH) environment. The embodiment may also include determining whether an IoT device is affected by malware. Depending on whether an IoT device is determined to be affected by malware, the embodiment may include disabling the IoT device. The embodiment may also include instructing an industrial robot to transport the IoT device to a destination in the AMH environment. [Brief explanation of the drawing]
[0005] [Figure 1] This figure shows an exemplary networked computer environment according to at least one embodiment. [Figure 2] This figure shows an operational flowchart for preventing the propagation of malware within a robotic material handling environment in a malware propagation prevention process according to at least one embodiment. [Figure 3] Figure 1 is a functional block diagram of the internal and external components of a computer and server, according to at least one embodiment. [Figure 4] This figure shows a cloud computing environment according to an embodiment of the present invention. [Figure 5] This figure shows an abstraction model layer according to an embodiment of the present invention. [Modes for carrying out the invention]
[0006] These and other objects, features and advantages of the present invention will become apparent from the following detailed description of its exemplary embodiments, which should be read in conjunction with the accompanying drawings. Various features in the drawings are not to scale, as they are illustrations intended to facilitate understanding of the invention by those skilled in the art in conjunction with the detailed description.
[0007] While detailed embodiments of the claimed structures and methods are disclosed herein, it should be understood that the disclosed embodiments are merely illustrative of the claimed structures and methods, which may be embodied in various forms. However, the invention may be embodied in many different forms and should not be construed as being limited to the exemplary embodiments described herein. In the description, well-known features and technical details may be omitted to avoid unnecessarily obscuring the presented embodiments.
[0008] The singular forms "a," "an," and "the" are understood to include the plural unless the context clearly indicates otherwise. Therefore, for example, a reference to "a component surface" includes a reference to one or more such surfaces unless the context clearly indicates otherwise.
[0009] The present invention relates generally to the field of computing, and more particularly to the field of automated material handling. The exemplary embodiments described below provide, in particular, a system, method, and program product for determining whether malware is present in a computing or IoT device that will be handled by a robot or other microprocessor-controlled machine in an automated MH environment, and accordingly partially or completely disabling the computing or IoT device before handling. Thus, these embodiments have the ability to improve the field of automated material handling by preventing detected malware from propagating to robotic and other microprocessor-controlled machines when handling a malware-affected computing or IoT device, and by improving the security of robotic and other microprocessor-controlled machines in an automated MH environment.
[0010] As mentioned earlier, MH refers to the short-distance movement of materials within a building or between a building and a transport vehicle. A wide range of manual, semi-automatic, and automated equipment is used in MH. The use of automated equipment for MH includes computer-controlled machinery (e.g., mobile scanning devices, IoT devices, conveyors, etc.), automated guided vehicles, and robotics such as autonomous mobile robots and industrial robots. MH further involves considering the protection, storage, and management of materials from manufacturing, warehousing, distribution, consumption, and disposal. Materials include raw materials as well as computing parts, computing objects, and microprocessor-controlled devices capable of sending and receiving data (e.g., IoT devices).
[0011] In automated industrial warehouse or manufacturing environments where industrial robots or other microprocessor-controlled machines handle materials, including computing and IoT devices capable of wirelessly transmitting data, malware propagation from malware-affected computing and IoT devices to components of the automated MH environment (i.e., industrial robots or other microprocessor-controlled machines) can pose an undesirable software security risk. Such malware propagation may be possible, for example, via Bluetooth connectivity or ultrasonic signal transmission. For instance, a Bluetooth-enabled industrial robot or other microprocessor-controlled machine may become inadvertently infected with malware by handling or being in close proximity to a similarly Bluetooth-enabled malware-affected computing or IoT device. A similar result may occur if a malware-affected computing or IoT device transmits an ultrasonic signal containing malware, which is received via the microphone of an industrial robot or other microprocessor-controlled machine. Therefore, it is considered essential to have a system in place to prevent the propagation of malware within an automated MH environment by partially or completely disabling malware-affected computing or IoT devices before they are handled by industrial robots or other microprocessor-controlled machines in the automated MH environment, or by keeping malware-affected computing or IoT devices sufficiently far away from other devices and components of the MH environment while they are being handled, or both.Accordingly, embodiments of the present invention may be particularly advantageous for evaluating malware scan reports of computing or IoT devices handled within an automated MH environment, disabling the wireless communication and / or sound generation capabilities of a computing or IoT device affected by malware before it is handled, distancing a computing or IoT device affected by malware so that it is not within range of wireless malware propagation, and enhancing software security within an automated MH environment. Not all advantages of the present invention need to be incorporated into all embodiments of the present invention.
[0012] According to at least one embodiment, before an IoT device is handled by an industrial robot in an automated material handling (AMH) environment, the proposed system may evaluate the malware scan report of the IoT device to determine whether the IoT device is affected by malware. If it is determined that the IoT device is affected by malware, the proposed system may partially or completely disable the malware-affected IoT device. The malware-affected IoT device may then be handled (e.g., grabbed) by the industrial robot and transported to a destination location. According to at least one other embodiment, if disabling the malware-affected IoT device is unsuccessful or unverifiable, the industrial robot may transport the malware-affected IoT device to a destination location via a travel path identified by the proposed system, which is at a distance from other IoT devices and industrial robots in the AMH environment (e.g., outside Bluetooth communication range).
[0013] The present invention may be a system, method, or computer program product or combination thereof, integrated at any possible level of technical detail. The computer program product may include a computer-readable storage medium storing computer-readable program instructions for causing a processor to perform aspects of the present invention.
[0014] A computer-readable storage medium can be a tangible device capable of holding and storing instructions used by an instruction execution device. Examples of computer-readable storage media may be electronic storage devices, magnetic storage devices, optical storage devices, electromagnetic storage devices, semiconductor storage devices, or appropriate combinations thereof. More specific examples of computer-readable storage media include portable computer diskettes, hard disks, RAM, ROM, EPROM (or flash memory), SRAM, CD-ROM, DVD, memory stick, floppy disk, punch cards, or grooved raised structures, and mechanically encoded devices on which instructions are recorded, and appropriate combinations thereof. Computer-readable storage devices as used herein should not be interpreted as transient signals themselves, such as radio waves or other freely propagating electromagnetic waves, electromagnetic waves propagating through waveguides or other transmission media (e.g., light pulses passing through optical fiber cables), or electrical signals transmitted through wires.
[0015] The computer-readable program instructions described herein can be downloaded from a computer-readable storage medium to each computer device / processor. Alternatively, they can be downloaded to an external computer or external storage device via a network (e.g., the Internet, LAN, WAN, or wireless network, or a combination thereof). The network may include copper transmission cables, optical transmission fibers, wireless transmission, routers, firewalls, switches, gateway computers or edge servers, or a combination thereof. A network adapter card or network interface within each computer device / processor receives computer-readable program instructions from the network and transfers them for storage in a computer-readable storage medium in the respective computer device / processor.
[0016] The computer-readable program instructions for performing the operation of the present invention may be assembler instructions, instruction set architecture (ISA) instructions, machine instructions, machine-dependent instructions, microcode, firmware instructions, state setting data, configuration data for integrated circuits, or source code or object code written in any combination of one or more programming languages, including object-oriented programming languages such as Smalltalk and C++, and procedural programming languages such as the "C" programming language or similar programming languages. The computer-readable program instructions can be executed as a standalone software package, either entirely on the user's computer or partially on the user's computer. Alternatively, they can be executed partially on the user's computer and partially on a remote computer, or entirely on a remote computer or server. In the latter case, the remote computer may be connected to the user's computer via any type of network, including LANs and WANs, or it may be connected to an external computer (for example, via the Internet using an Internet service provider). In some embodiments, electronic circuits, including, for example, programmable logic circuits, field-programmable gate arrays (FPGAs), and programmable logic arrays (PLAs), can execute computer-readable program instructions by utilizing state information of computer-readable program instructions in order to customize the electronic circuits for the purpose of performing aspects of the present invention.
[0017] Embodiments of the present invention are described herein with reference to flowcharts or block diagrams, or both, of methods, apparatus (systems), and computer program products according to embodiments of the present invention. Each block in a flowchart or block diagram, or both, and combinations of blocks in a flowchart or block diagram, or both, are executable by computer-readable program instructions.
[0018] The above computer-readable program instructions may be provided to a processor of a general-purpose computer, a dedicated computer, or other programmable data processing device for the purpose of producing a machine. This creates a means for these instructions, executed via the processor of such computer or other programmable data processing device, to perform functions / operations identified in one or more blocks in a flowchart or block diagram, or both. The above computer-readable program instructions may further be stored in a computer-readable storage medium that can be instructed to function in a particular manner to a computer, a programmable data processing device, or other device, or a combination thereof. This constitutes a product in which the computer-readable storage medium containing the instructions includes instructions for performing functions / operations identified in one or more blocks in a flowchart or block diagram, or both.
[0019] Alternatively, a computer execution process may be generated by loading computer-readable program instructions into a computer, another programmable device, or other device, and having a series of operational steps executed on that computer, other programmable device, or other device. This ensures that the instructions executed on the computer, other programmable device, or other device perform functions / operations identified in one or more blocks in a flowchart, block diagram, or both.
[0020] The flowcharts and block diagrams in the drawings of this disclosure illustrate the architecture, functionality, and operation of possible implementations of systems, methods, and computer program products according to various embodiments of the present invention. In this regard, each block in a flowchart or block diagram may represent a module, segment, or portion of instructions containing one or more executable instructions for performing a particular logical function. In some other implementations, the functions shown within a block may be executed in an order different from the order shown in each figure. For example, two consecutively shown blocks may actually be executed substantially simultaneously, or in some cases in reverse order, depending on the functions involved. Each block in a block diagram or flowchart, or both, and combinations of multiple blocks in a block diagram or flowchart, or both, are executable by a dedicated hardware-based system that performs a particular function or operation, or executes a combination of dedicated hardware and computer instructions.
[0021] The exemplary embodiments described below provide a system, method, and program product that evaluates a malware scan report of an IoT device to determine whether the IoT device is affected by malware before it is handled by an industrial robot or other microprocessor-controlled machine in an AMH environment, and accordingly, partially or completely disables the IoT device if it is determined to be affected by malware to prevent the propagation of malware from the IoT device to an industrial robot or other microprocessor-controlled machine.
[0022] Referring to FIG. 1, an exemplary networked computer environment 100 according to at least one embodiment is shown. The networked computer environment 100 may include client computing devices 102, a server 112, a robotic IoT device 118, and IoT devices 120 interconnected via a communication network 114. According to at least one implementation, the networked computer environment 100 may include multiple client computing devices 102, robotic IoT devices 118, IoT devices 120, and a server 112, only one of which is shown illustratively for simplicity. Further, in one or more embodiments, the client computing devices 102, the server 112, and the robotic IoT device 118 may each host malware propagation prevention programs 110A, 110B, 110C. In one or more other embodiments, the malware propagation prevention programs 110A, 110B, 110C may be partially hosted on the client computing devices 102, the server 112, and the robotic IoT device 118 such that functionality may be separated between devices.
[0023] The communication network 114 may include various types of communication networks such as a wide area network (WAN), a local area network (LAN), a telecommunications network, a wireless network (e.g., Wi-Fi, Bluetooth), a public switched network or a satellite network, or a combination thereof. The communication network 114 may include connections such as wired, wireless communication links, or fiber optic cables. It can be understood that FIG. 1 provides only an example of one implementation and does not imply any limitations regarding environments in which different embodiments may be implemented. Many changes to the depicted environment may be made based on design and implementation requirements.
[0024] In one embodiment of the present invention, the client computing device 102 may include a processor 104 and a data storage device 106 that host and execute a software program 108 and a malware prevention program 110A, and enable communication with a server 112, a robotic IoT device 118, and an IoT device 120 via a communication network 114. The client computing device 102 may be, for example, a mobile device, a phone, a personal digital assistant, a netbook, a laptop computer, a tablet computer, a desktop computer, or any type of computing device capable of executing a program and accessing a network. As will be described with reference to FIG. 3, the client computing device 102 may include internal components 402a and external components 404a, respectively.
[0025] In an embodiment of the present invention, the server computer 112 may be a laptop computer, a netbook computer, a personal computer (PC), a desktop computer, or a network of any programmable electronic device or any programmable electronic device that hosts and executes a malware prevention program 110B and a database 116, and enables communication with a client computing device 102, a robotic IoT device 118, and an IoT device 120 via a communication network 114. As described with reference to FIG. 3, the server computer 112 may include internal components 402b and external components 404b, respectively. Further, the server 112 may operate in a cloud computing service model such as software as a service (SaaS), platform as a service (PaaS), or infrastructure as a service (IaaS). Further, the server 112 may be deployed in a cloud computing deployment model such as a private cloud, a community cloud, a public cloud, or a hybrid cloud.
[0026] The robotic IoT device 118 may be an IoT-enabled industrial robot or other IoT-enabled microprocessor-controlled machine (e.g., a computer-controlled metal cutting machine, a robot for handling objects in an AMH environment) that is incorporated inside or outside the robot / machine, hosts and runs a malware propagation prevention program 110C, connects to a communication network 114, and has a microphone, camera, barcode scanner, and various other sensors capable of sending and receiving data with client computing devices 102, IoT devices 120, and a server 112. The microphone of the robotic IoT device 118 may include any known microphone in the art for capturing sound output (e.g., ultrasonic signals). The camera of the robotic IoT device 118 may include any known camera in the art for capturing images. According to at least one implementation, the networked computer environment 100 may include multiple robotic IoT devices 118. As illustrated with reference to Figure 3, the robotic IoT device 118 may include internal components 402c and external components 404c, respectively.
[0027] The IoT device 120 may be any IoT-enabled device or microprocessor-controlled computing device / component known in the art that connects to the communication network 114 and can send and receive data with the client computing device 102, the robotic IoT device 118, and the server 112. For example, the IoT device 120 may be, but is not limited to, a smartphone, tablet, laptop, smart thermostat, smart speaker, wearable computing device, and an IoT-enabled component of a computing device or machine. According to at least one implementation, the networked computer environment 100 may include multiple microphone IoT devices 122.
[0028] According to this embodiment, the malware propagation prevention programs 110A, 110B, and 110C may be capable of identifying the source and destination of IoT devices / components handled / transported by industrial robots in an AMH environment, performing and evaluating malware scans on IoT devices / components and industrial robots that have come into contact with them, identifying whether IoT devices / components or industrial robots are affected by malware, partially or completely disabling malware-affected IoT devices / components before they are handled / transported, identifying long-distance travel paths of malware-affected IoT devices / components, and performing contact tracing on malware-affected IoT devices / components or malware-affected industrial robots. The malware propagation prevention method will be described in more detail below with reference to Figure 2.
[0029] Referring here to Figure 2, an operational flowchart for preventing malware propagation in the malware propagation prevention process 200 is shown according to at least one embodiment. In 202, the malware propagation prevention (MPP) programs 110A, 110B, and 110C identify IoT devices / components (e.g., IoT device 120) to be handled (e.g., operated or transported) by an industrial robot (e.g., robotic IoT device 118) in the AMH environment, according to a handling request. The MPP programs 110A, 110B, and 110C may also identify attributes of the IoT devices / components, such as source and destination. Furthermore, in 202, the MPP programs 110A, 110B, and 110C may identify further attributes of the IoT devices / components, including a unique identifier, role / description, handling request / instruction, and existing wireless communication capabilities (e.g., Bluetooth module, ultrasonic signal module) or lack thereof. According to at least one embodiment, MPP programs 110A, 110B, and 110C may identify or receive the aforementioned attributes via scanning a barcode or Quick Response (QR) code (registered trademark) of an IoT device / component, or via Bluetooth signal exchange between the industrial robot and the IoT device / component. MPP programs 110A, 110B, and 110C may instruct an industrial robot to scan a barcode or QR code via its barcode scanner or camera, and receive scan information from the industrial robot.
[0030] According to at least one other embodiment, MPP programs 110A, 110B, and 110C may identify or receive attribute information for all IoT devices / components present in the AMH environment during the inventory process. Furthermore, as part of the inventory process, MPP programs 110A, 110B, and 110C may perform malware scans (e.g., wireless malware scans) of all IoT devices / components and all industrial robots present in the AMH environment using known antivirus software solutions. MPP programs 110A, 110B, and 110C may store the results of the malware scans of IoT devices / components and industrial robots in a data storage device 106 or database 116. Also, during the inventory process, MPP programs 110A, 110B, and 110C may identify or receive attribute information for all industrial robots present in the AMH environment, including a unique identifier, role / description, and existing wireless communication capabilities. Industrial robots may also have their own barcodes or QR codes that can provide attribute information. All computing devices within the AMH (i.e., client computing devices, servers, industrial robots, and IoT devices / components) may be capable of wireless communication with one another.
[0031] In step 204, MPP programs 110A, 110B, and 110C identify malware scan reports for the IoT devices / components identified in step 202 before they are handled by industrial robots. According to at least one embodiment, MPP programs 110A, 110B, and 110C may access malware scan reports for IoT devices / components from a data storage device 106 or a database 116. According to at least one other embodiment, MPP programs 110A, 110B, and 110C may perform malware scans on IoT devices / components and generate corresponding scan reports that may be stored in the data storage device 106 or a database 116. MPP programs 110A, 110B, and 110C may perform malware scans on IoT devices / components via computers in the AMH environment (e.g., client computing devices 102, server 112) or industrial robots (e.g., robotic IoT device 118).
[0032] Next, in step 206, MPP programs 110A, 110B, and 110C determine whether the IoT device / component is affected by malware. In making this determination, MPP programs 110A, 110B, and 110C evaluate the identified malware scan report of the IoT device / component and determine whether malware has been detected within the IoT device / component (e.g., whether a malware flag is present in the scan report). Depending on whether it is determined that the IoT device / component is affected by malware (branch "Y" in step 206), the malware propagation prevention process 200 may proceed to step 208. Depending on whether it is determined that the IoT device / component is not affected by malware (branch "N" in step 206), MPP programs 110A, 110B, and 110C may allow the malware propagation prevention process 200 to proceed to step 214, leaving the IoT device / component active (i.e., powered on and capable of wireless communication with other IoT devices / components and industrial robots in the AMH environment) while it is being handled by the industrial robot.
[0033] In step 208, MPP programs 110A, 110B, and 110C disable the identified wireless communication capabilities (e.g., Bluetooth communication, ultrasonic signal transmission) of the IoT device / component. Existing wireless communication capabilities of the IoT device / component may be identified in step 202 or during the inventory process described above.
[0034] In step 210, MPP programs 110A, 110B, and 110C determine whether the disabling of the wireless communication function was successful. Depending on whether the disabling of the wireless communication function was successful (branch "Y" in step 210), MPP programs 110A, 110B, and 110C may allow the IoT device / component to remain powered on while being handled by the industrial robot, and the malware propagation prevention process 200 may proceed to step 214. Depending on whether the disabling of the wireless communication function was unsuccessful (branch "N" in step 210), the malware propagation prevention process 200 may proceed to step 212.
[0035] According to at least one other embodiment, if the wireless communication capabilities of an IoT device / component cannot be identified, or if it is determined that disabling the identified wireless communication capabilities of an IoT device / component was unsuccessful or unverified, the MPP programs 110A, 110B, and 110C may completely power off the IoT device / component. Furthermore, the MPP programs 110A, 110B, and 110C may disable the wireless communication capabilities of an industrial robot (e.g., a Bluetooth module or ultrasonic microphone) before handling the IoT device / component.
[0036] In 212, MPP programs 110A, 110B, and 110C identify long-distance travel paths when a malware-affected IoT device / component is handled by an industrial robot to its destination. The long-distance travel path may be a path traversed by the industrial robot to the destination of the IoT device / component, maintaining a sufficient distance from other IoT devices / components and industrial robots within the AMH environment. The sufficient distance may be greater than the wireless transmission range of the IoT device / component (e.g., the transmission range of Bluetooth or ultrasonic signals). Furthermore, according to at least one embodiment, MPP programs 110A, 110B, and 110C may perform contact tracing as the malware-affected IoT device / component or malware-affected industrial robot is handled or moved within the AMH environment. The contact tracing may include information such as a unique identifier of the malware-affected IoT device / component or industrial robot, and unique identifiers of other IoT devices / components or industrial robots within the AMH environment that have physically come into contact with or are within wireless transmission range of the malware-affected IoT device / component or industrial robot. Contact tracing information may be stored in a data storage device 106 or a database 116.
[0037] In 214, MPP programs 110A, 110B, and 110C instruct an industrial robot to handle an IoT device / component and move it to its destination. According to at least one embodiment in which the IoT device / component is malware-free, the destination of the IoT device / component may be a storage location. In such embodiments, MPP programs 110A, 110B, and 110C may prevent the IoT device / component from being affected by malware by either disabling the wireless communication function of the IoT device / component or by turning off the power to the IoT device / component.
[0038] According to at least one other embodiment in which an IoT device / component is affected by malware, MPP programs 110A, 110B, and 110C may instruct an industrial robot to handle the IoT device / component and move it to its destination via a specified long-distance travel route. Furthermore, MPP programs 110A, 110B, and 110C may identify a remote storage location outside the wireless transmission range of other IoT devices / components or industrial robots within the AMH environment as the destination for the malware-affected IoT device / component. If MPP programs 110A, 110B, and 110C determine that the IoT device / component is affected by malware, they may change the IoT device / component's previous destination to the remote storage location.
[0039] In another embodiment, the destination of an IoT device / component may be a second industrial robot for further handling the IoT device / component according to its handling requests / instructions (e.g., assembly operations). In such an embodiment, before the second industrial robot receives the IoT device / component from the first industrial robot (i.e., the industrial robot currently handling the IoT device / component), the MPP programs 110A, 110B, and 110C may instruct the second industrial robot to access a malware scan of the IoT device / component from the data storage device 106 or database 116, or to perform another malware scan of the IoT device / component and generate another scan report. The MPP programs 110A, 110B, and 110C may then evaluate the accessed or generated scan report to determine whether the IoT device / component is affected by malware and proceed as described above. A malware scan of the IoT device / component may be performed each time the IoT device / component is moved between industrial robots in the AMH environment.
[0040] Furthermore, in such embodiments, before the first industrial robot transfers the IoT device / component to the second industrial robot, the MPP programs 110A, 110B, and 110C may instruct the first industrial robot to access a malware scan for the second industrial robot from the data storage device 106 or database 116, and may instruct the first industrial robot to perform a malware scan for the second industrial robot and generate a scan report. The MPP programs 110A, 110B, and 110C may then evaluate the accessed or generated scan report to determine whether the second industrial robot is affected by malware. If the second industrial robot is affected by malware, the MPP programs 110A, 110B, and 110C may disable the second industrial robot and instruct the first industrial robot to attempt to transfer the IoT device / component to another industrial robot having the same role as the second industrial robot. If the second industrial robot is not affected by malware, the MPP programs 110A, 110B, and 110C may instruct the first industrial robot to transfer the IoT device / component to the second industrial robot for further handling. Similarly, before the second industrial robot receives the IoT device / component from the first industrial robot, the MPP programs 110A, 110B, and 110C may instruct the second industrial robot to access a malware scan of the first industrial robot from the data storage device 106 or database 116, or to perform a malware scan of the first industrial robot and generate a scan report. The MPP programs 110A, 110B, and 110C may then evaluate the accessed or generated scan report to determine whether the first industrial robot is affected by malware. If the first industrial robot is affected by malware, the MPP programs 110A, 110B, and 110C may disable the wireless communication capabilities of the first industrial robot and instruct the second industrial robot not to accept IoT devices / components.Furthermore, MPP programs 110A, 110B, and 110C may instruct a first industrial robot to move IoT devices / components to a remote storage location. If the first industrial robot is not affected by malware, MPP programs 110A, 110B, and 110C may instruct a second industrial robot to receive IoT devices / components for further handling.
[0041] Figure 2 is merely an example of one implementation and should be understood as not implying any limitations on how different embodiments may be implemented. Many changes to the depicted environment may be made based on design and implementation requirements.
[0042] Figure 3 is a block diagram 400 of the internal and external components of the client computing device 102, server 112, and robotic IoT device 118 shown in Figure 1, according to an embodiment of the present invention. It should be understood that Figure 3 provides only an example of one implementation and does not imply any limitations regarding the environment in which different embodiments may be implemented. Many changes to the depicted environment may be made based on design and implementation requirements.
[0043] The data processing systems 402 and 404 represent any electronic device capable of executing machine-readable program instructions. The data processing systems 402 and 404 may also represent smartphones, computer systems, PDAs, or other electronic devices. Examples of computing systems, environments, or configurations, or combinations thereof, that may be represented by the data processing systems 402 and 404 include, but are not limited to, personal computer systems, server computer systems, thin clients, thick clients, handheld or laptop devices, multiprocessor systems, microprocessor-based systems, network PCs, minicomputer systems, IoT devices, industrial robots, and distributed cloud computing environments including any of the systems or devices described above.
[0044] The client computing device 102, the server 112, and the robotic IoT device 118 may include sets of internal components 402a, b, c and external components 404a, b, c as illustrated in Figure 3. Each set of internal components 402 includes one or more processors 420, one or more computer-readable RAMs 422, one or more computer-readable ROMs 424 on one or more buses 426, and one or more operating systems 428 and one or more computer-readable tangible storage devices 430. One or more operating systems 428, software programs 108 and MPP program 110A in the client computing device 102, MPP program 110B in the server 112, and MPP program 110C in the robotic IoT device 118 are stored on each of the one or more computer-readable tangible storage devices 430 for execution by one or more of the respective processors 420 via one or more of the respective RAMs 422 (typically including cache memory). In the embodiment shown in Figure 3, each of the computer-readable tangible storage devices 430 is a magnetic disk storage device of an internal hard drive. Alternatively, each of the computer-readable tangible storage devices 430 is a semiconductor storage device such as a ROM 424, EPROM, or flash memory, or any other computer-readable tangible storage device capable of storing computer programs and digital information.
[0045] Each set of internal components 402a, b, and c also includes an R / W drive or interface 432 for reading from and writing to one or more portable computer-readable tangible storage devices 438, such as CD-ROMs, DVDs, memory sticks, magnetic tapes, magnetic disks, optical disks, or semiconductor storage devices. Software programs, such as MPP programs 110A, 110B, and 110C, can be stored in one or more of the respective portable computer-readable tangible storage devices 438, read via their respective R / W drives or interfaces 432, and loaded into their respective hard drives 430.
[0046] Each set of internal components 402a, b, and c also includes a network adapter or interface 436, such as a TCP / IP adapter card, a wireless Wi-Fi interface card, or a 3G or 4G wireless interface card, or other wired or wireless communication links. The software program 108 and MPP program 110A in the client computing device 102, the MPP program 110B in the server 112, and the MPP program 110C in the robotic IoT device 118 can be downloaded from an external computer to the client computing device 102, server 112, and robotic IoT device 118 via a network (e.g., the Internet, a local area network, or another wide area network) and their respective network adapters or interfaces 436. From the network adapter or interface 436, the software program 108 and MPP program 110A in the client computing device 102, the MPP program 110B in the server 112, and the MPP program 110C in the robotic IoT device 118 are loaded onto their respective hard drives 430. The network may consist of copper wires, optical fibers, wireless transmission, routers, firewalls, switches, gateway computers or edge servers, or a combination thereof.
[0047] Each set of external components 404a, b, and c may include a computer display monitor 444, a keyboard 442, and a computer mouse 434. External components 404a, b, and c may also include a touchscreen, virtual keyboard, touchpad, pointing device, and other human interface devices. Each set of internal components 402a, b, and c also includes a device driver 440 for interface with the computer display monitor 444, the keyboard 442, and the computer mouse 434. The device driver 440, the R / W drive or interface 432, and the network adapter or interface 436 consist of hardware and software (stored in storage device 430 or ROM 424 or both).
[0048] While this disclosure includes a detailed description of cloud computing, it should be understood that implementations of the teachings described herein are not limited to cloud computing environments. Rather, embodiments of the present invention can be implemented in combination with any other type of computing environment that is currently known or may be developed in the future.
[0049] Cloud computing is a service delivery model that enables convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, network bandwidth, servers, processing, memory, storage, applications, virtual machines, and services) that can be rapidly provisioned and released with minimal administrative effort or interaction with service providers. This cloud model may include at least five characteristics, at least three service models, and at least four deployment models.
[0050] The characteristics are as follows: On-demand self-service: Cloud consumers can unilaterally prepare computing power, such as server time and network storage, automatically as needed, without requiring human interaction with service providers. Broad network access: Computing power is available over the network and accessible through standard mechanisms. This facilitates utilization by heterogeneous thin or thick client platforms (e.g., mobile phones, laptops, PDAs). Resource pooling: A provider's computing resources are pooled and delivered to multiple consumers using a multi-tenant model. Various physical and virtual resources are dynamically allocated and reallocated as needed. Generally, consumers have a sense of location independence because they do not manage or know the exact location of the resources provided. However, consumers may be able to identify the location at a higher level of abstraction (e.g., country, state, data center). Rapid Elasticity: Computing power can be prepared quickly and flexibly, allowing it to scale out automatically and immediately, and to be quickly released and scale in immediately. To consumers, the computing power available for preparation often appears unlimited and can be purchased in any quantity at any time. Measured Services: Cloud systems leverage metric capabilities at a certain level of abstraction, appropriate for the type of service (e.g., storage, processing, bandwidth, active user accounts), to automatically control and optimize resource usage. Resource usage can be monitored, controlled, and reported, providing transparency to both service providers and consumers.
[0051] The service model is as follows: Software as a Service (SaaS): The functionality offered to consumers is the ability to use the provider's applications running on a cloud infrastructure. These applications can be accessed from various client devices via thin client interfaces such as web browsers (e.g., webmail). Consumers do not manage or control the underlying cloud infrastructure, including the network, servers, operating systems, storage, or even individual application functions, except for configuring a limited number of user-specific applications. Platform as a Service (PaaS): The functionality offered to consumers is the ability to deploy applications they have created or acquired to cloud infrastructure using programming languages and tools supported by the provider. Consumers do not manage or control the underlying cloud infrastructure, including networks, servers, operating systems, and storage, but they can control the deployed applications and, in some cases, the configuration of their hosting environment. Infrastructure as a Service (IaaS): The functionality provided to consumers is the provision of processors, storage, networking, and other basic computing resources that enable consumers to deploy and run any software, including operating systems and applications. Consumers do not manage or control the underlying cloud infrastructure, but they can control the operating system, storage, and deployed applications, and in some cases, partially control certain network components (e.g., host firewalls).
[0052] The deployment model is as follows: Private Cloud: This cloud infrastructure is operated exclusively for a specific organization. This cloud infrastructure can be managed by that organization or a third party and can reside on-premises or off-premises. Community Cloud: This cloud infrastructure is shared by multiple organizations to support a specific community with common interests (e.g., mission, security requirements, policies, and compliance). This cloud infrastructure can be managed by the organization or a third party and can reside on-premises or off-premises. Public Cloud: This cloud infrastructure is provided to a large number of people or large industry groups and is owned by organizations that sell cloud services. Hybrid Cloud: This cloud infrastructure combines two or more cloud models (private, community, or public). While maintaining the unique entities of each model, they are bound together by standards or individual technologies to achieve data and application portability (e.g., cloud bursting for load balancing across clouds).
[0053] Cloud computing environments are service-oriented environments that emphasize statelessness, low coupling, modularity, and semantic interoperability. At the core of cloud computing is the infrastructure, which includes a network of interconnected nodes.
[0054] Here, Figure 4 shows an exemplary cloud computing environment 50. As shown in the figure, the cloud computing environment 50 includes one or more cloud computing nodes 100. Local computer devices used by cloud consumers (e.g., PDAs or mobile phones 54A, desktop computers 54B, laptop computers 54C, or automotive computer systems 54N, or a combination thereof) can communicate with these nodes. The nodes 100 can communicate with each other. The nodes 100 can be grouped physically or virtually (not shown) in one or more networks, such as the private, community, public, or hybrid clouds or a combination thereof. This allows the cloud computing environment 50 to provide infrastructure, platforms, or software as a service, or a combination thereof, and cloud consumers do not need to maintain resources for these on their local computer devices. Note that the types of computer devices 54A-N shown in Figure 4 are merely examples, and it should be understood that the computing nodes 100 and the cloud computing environment 50 can communicate with any type of electronic device via any type of network or network addressable connection (e.g., using a web browser) or both.
[0055] Here, Figure 5 shows a set of functional abstraction layers 600 provided by the cloud computing environment 50. It should be understood that the components, layers, and functions shown in Figure 5 are illustrative only, and the embodiments of the present invention are not limited to these. As illustrated, the following layers and corresponding functions are provided.
[0056] The hardware and software layer 60 includes hardware components and software components. Examples of hardware components include a mainframe 61, a reduced instruction set computer (RISC) architecture-based server 62, server 63, blade server 64, storage 65, and a network and network components 66. In some embodiments, the software components include network application server software 67 and database software 68.
[0057] The virtualization layer 70 provides an abstraction layer. From this layer, for example, the following virtual entities can be provided: virtual servers 71, virtual storage 72, virtual networks 73 including virtual private networks, virtual applications and operating systems 74, and virtual clients 75.
[0058] As an example, the management layer 80 can provide the following functions: Resource preparation 81 enables the dynamic procurement of computing resources and other resources used to perform tasks within the cloud computing environment. Metering and pricing 82 enables cost tracking as resources are used within the cloud computing environment and billing or invoicing for the consumption of these resources. As an example, these resources may include licenses for application software. Security enables not only protection of data and other resources, but also identification and verification of cloud consumers and tasks. The user portal 83 provides consumers and system administrators with access to the cloud computing environment. Service level management 84 enables the allocation and management of cloud computing resources to ensure that requested service levels are met. Service Level Agreement (SLA) planning and execution 85 enables the pre-arrangement and procurement of cloud computing resources that are expected to be needed in the future in accordance with the SLA.
[0059] Workload layer 90 provides examples of the capabilities available to the cloud computing environment. Examples of workloads and capabilities that can be provided from this layer include mapping and navigation 91, software development and lifecycle management 92, virtual classroom education delivery 93, data analytics processing 94, transaction processing 95, and malware propagation prevention 96. Malware propagation prevention 96 may relate to preventing the wireless propagation of malware from a malware-affected device to other devices.
[0060] The descriptions of various embodiments of the present invention are presented for illustrative purposes only and are not intended to be exhaustive, nor are they intended to limit the disclosed embodiments. It will be apparent to those skilled in the art that many modifications and changes are possible without departing from the scope of the described embodiments. The terms used herein have been selected to best describe the principles of the embodiments, their practical application to market-based technologies, or technical improvements, or to enable those skilled in the art to understand the embodiments described herein.
Claims
1. A computer-based method for preventing the propagation of malware, wherein the method comprises: Identifying malware scan reports for IoT (Internet-of-Things) devices in an automated material handling (AMH) environment, To determine whether the IoT device is affected by malware, In response to determining that the IoT device is affected by malware, the IoT device is disabled, To determine whether the disabling of the IoT device was successful, Upon determining that the deactivation of the IoT device has been successful, the industrial robot is instructed to transport the IoT device to its destination within the AMH environment. In response to determining that the deactivation of the IoT device was unsuccessful, a long-distance travel route is identified, and the industrial robot is instructed to transport the IoT device to a distant storage location via the identified long-distance travel route. Includes, The method wherein the long-distance travel path is a traversal path that maintains a distance from other IoT devices and industrial robots in the AMH environment that is greater than the wireless transmission range of the IoT device, and the remote storage location is a location outside the wireless transmission range of other IoT devices or industrial robots in the AMH environment.
2. The method according to claim 1, wherein disabling the IoT device includes disabling the wireless communication capability of the IoT device or turning off the power to the IoT device.
3. The method according to claim 1, wherein identifying the malware scan report for the IoT device includes accessing the malware scan report from a stored location or performing a malware scan on the IoT device to generate the malware scan report for the IoT device.
4. The method according to claim 1, further comprising performing contact tracing of the IoT device in response to determining that the IoT device is affected by malware, wherein the contact tracing includes collecting information including unique identifiers of other IoT devices or industrial robots in the AMH environment that have been in physical contact with or are within the wireless transmission range of the IoT device.
5. A computer-based method for preventing the propagation of malware, wherein the method comprises: Identifying malware scan reports for IoT (Internet-of-Things) devices in an automated material handling (AMH) environment, To determine whether the IoT device is affected by malware, In response to determining that the IoT device is affected by malware, the IoT device is disabled, Instructing an industrial robot to transport the IoT device to a destination within the AMH environment, The first industrial robot is instructed to transfer the IoT device to the second industrial robot within the aforementioned AMH environment. Identify the malware scan report of the IoT device and determine whether the IoT device is affected by malware. Identify the malware scan report of the first industrial robot and determine whether the first industrial robot is affected by malware, Identify the malware scan report for the second industrial robot and determine whether the second industrial robot is affected by malware, In response to determining that the second industrial robot is affected by malware, the first industrial robot is instructed not to transfer the IoT device to the second industrial robot, In response to determining that the first industrial robot or the IoT device is affected by malware, the second industrial robot is instructed not to accept the movement of the IoT device from the first industrial robot, Methods that include...
6. A computer system, wherein the computer system is The computer system includes one or more processors, one or more computer-readable memories, one or more computer-readable tangible storage media, and program instructions stored in at least one of the one or more computer-readable tangible storage media so as to be executed by at least one of the one or more processors via at least one of the one or more computer-readable memories, Identifying malware scan reports for IoT (Internet-of-Things) devices in an automated material handling (AMH) environment, To determine whether the IoT device is affected by malware, In response to determining that the IoT device is affected by malware, the IoT device is disabled, To determine whether the disabling of the IoT device was successful, Upon determining that the deactivation of the IoT device has been successful, the industrial robot is instructed to transport the IoT device to its destination within the AMH environment. In response to determining that the deactivation of the IoT device was unsuccessful, a long-distance travel route is identified, and the industrial robot is instructed to transport the IoT device to a distant storage location via the identified long-distance travel route. A method including the following is possible: A computer system wherein the long-distance travel path is a traversal path that maintains a distance from other IoT devices and industrial robots in the AMH environment that is greater than the wireless transmission range of the IoT device, and the remote storage location is a location outside the wireless transmission range of other IoT devices or industrial robots in the AMH environment.
7. The computer system according to claim 6, wherein disabling the IoT device includes disabling the wireless communication capability of the IoT device or turning off the power to the IoT device.
8. The computer system according to claim 6, wherein identifying the malware scan report of the IoT device includes accessing the malware scan report from a stored location or performing a malware scan of the IoT device to generate the malware scan report of the IoT device.
9. The computer system according to claim 6, further comprising performing contact tracing of the IoT device in response to determining that the IoT device is affected by malware, wherein the contact tracing includes collecting information including unique identifiers of other IoT devices or industrial robots in the AMH environment that have been in physical contact with or are within the wireless transmission range of the IoT device.
10. A computer system, wherein the computer system is The computer system includes one or more processors, one or more computer-readable memories, one or more computer-readable tangible storage media, and program instructions stored in at least one of the one or more computer-readable tangible storage media so as to be executed by at least one of the one or more processors via at least one of the one or more computer-readable memories, Identifying malware scan reports for IoT (Internet-of-Things) devices in an automated material handling (AMH) environment, To determine whether the IoT device is affected by malware, In response to determining that the IoT device is affected by malware, the IoT device is disabled, Instructing an industrial robot to transport the IoT device to a destination within the AMH environment, The first industrial robot is instructed to transfer the IoT device to the second industrial robot within the aforementioned AMH environment. Identify the malware scan report of the IoT device and determine whether the IoT device is affected by malware. Identify the malware scan report of the first industrial robot and determine whether the first industrial robot is affected by malware, Identify the malware scan report for the second industrial robot and determine whether the second industrial robot is affected by malware, In response to determining that the second industrial robot is affected by malware, the first industrial robot is instructed not to transfer the IoT device to the second industrial robot, In response to determining that the first industrial robot or the IoT device is affected by malware, the second industrial robot is instructed not to accept the movement of the IoT device from the first industrial robot, A computer system capable of performing methods including those mentioned above.
11. A computer program, wherein the computer program is The method includes program instructions, the program instructions are executable by a processor capable of executing the method, and the method is Identifying malware scan reports for IoT (Internet-of-Things) devices in an automated material handling (AMH) environment, To determine whether the IoT device is affected by malware, In response to determining that the IoT device is affected by malware, the IoT device is disabled, To determine whether the disabling of the IoT device was successful, Upon determining that the deactivation of the IoT device has been successful, the industrial robot is instructed to transport the IoT device to its destination within the AMH environment. In response to determining that the deactivation of the IoT device was unsuccessful, a long-distance travel route is identified, and the industrial robot is instructed to transport the IoT device to a distant storage location via the identified long-distance travel route. Includes, A computer program wherein the long-distance travel path is a traversal path that maintains a distance from other IoT devices and industrial robots in the AMH environment that is greater than the wireless transmission range of the IoT device, and the remote storage location is a location outside the wireless transmission range of other IoT devices or industrial robots in the AMH environment.
12. The computer program according to claim 11, wherein disabling the IoT device includes disabling the wireless communication function of the IoT device or turning off the power to the IoT device.
13. The computer program according to claim 11, wherein identifying the malware scan report of the IoT device includes accessing the malware scan report from a stored location or performing a malware scan of the IoT device to generate the malware scan report of the IoT device.
14. The computer program according to claim 11, further comprising performing contact tracing of the IoT device in response to determining that the IoT device is affected by malware, wherein the contact tracing includes collecting information including unique identifiers of other IoT devices or industrial robots in the AMH environment that have been in physical contact with or are within the wireless transmission range of the IoT device.
15. A computer program, wherein the computer program is The method includes program instructions, the program instructions are executable by a processor capable of executing the method, and the method is Identifying malware scan reports for IoT (Internet-of-Things) devices in an automated material handling (AMH) environment, To determine whether the IoT device is affected by malware, In response to determining that the IoT device is affected by malware, the IoT device is disabled, Instructing an industrial robot to transport the IoT device to a destination within the AMH environment, The first industrial robot is instructed to transfer the IoT device to the second industrial robot within the aforementioned AMH environment. Identify the malware scan report of the IoT device and determine whether the IoT device is affected by malware. Identify the malware scan report of the first industrial robot and determine whether the first industrial robot is affected by malware, Identify the malware scan report for the second industrial robot and determine whether the second industrial robot is affected by malware, In response to determining that the second industrial robot is affected by malware, the first industrial robot is instructed not to transfer the IoT device to the second industrial robot, In response to determining that the first industrial robot or the IoT device is affected by malware, the second industrial robot is instructed not to accept the movement of the IoT device from the first industrial robot, A computer program that includes [this].