Industrial network certificate recovery by identifying secondary root certificate

US 10,057,072 B2
Filed: 12/31/2014
Issued: 08/21/2018
Est. Priority Date: 12/31/2014
Status: Active Grant

First Claim

Patent Images

1. A programmable device configured for use within an industrial control system, the programmable device comprising:

a memory storing a plurality of Certificate Authority root of trust certificates, the plurality of Certificate Authority root of trust certificates including at least an active Certificate Authority root of trust certificate, a secondary Certificate Authority root of trust certificate, and a tertiary Certificate Authority root of trust certificate stored at the memory in a hierarchical format, wherein in the hierarchical format the tertiary Certificate Authority root of trust certificate is subordinate to the secondary Certificate Authority root of trust certificate;

at least one processor in data communication with the memory and an interface to exchange information within an industrial control network; and

one or more components executable by the at least one processor and collectively configured to;

receive an identifier of the secondary Certificate Authority root of trust certificate of the plurality of Certificate Authority root of trust certificates through the industrial control network according to an industrial protocol;

activate the secondary Certificate Authority root of trust certificate to replace the active Certificate Authority root of trust certificate in response to receiving the identifier through the industrial control network, the active Certificate Authority root of trust certificate being revoked; and

responsive to the activation of the secondary Certificate Authority root of trust certificate, promote the tertiary Certificate Authority root of trust certificate to replace the secondary Certificate Authority root of trust certificate.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

According to various aspects and embodiments, a programmable device configured for use within an industrial control system is provided. The programmable device includes a memory storing a plurality of root certificates, the plurality of root certificates including an active certificate and one or more secondary certificates, and at least one processor coupled to the memory. The at least one processor configured to receive an identifier of a secondary root certificate of the one or more secondary root certificates, and activate the secondary root certificate in response to receiving the identifier.

Citations

20 Claims

1. A programmable device configured for use within an industrial control system, the programmable device comprising:
- a memory storing a plurality of Certificate Authority root of trust certificates, the plurality of Certificate Authority root of trust certificates including at least an active Certificate Authority root of trust certificate, a secondary Certificate Authority root of trust certificate, and a tertiary Certificate Authority root of trust certificate stored at the memory in a hierarchical format, wherein in the hierarchical format the tertiary Certificate Authority root of trust certificate is subordinate to the secondary Certificate Authority root of trust certificate;
  
  at least one processor in data communication with the memory and an interface to exchange information within an industrial control network; and
  
  one or more components executable by the at least one processor and collectively configured to;
  
  receive an identifier of the secondary Certificate Authority root of trust certificate of the plurality of Certificate Authority root of trust certificates through the industrial control network according to an industrial protocol;
  
  activate the secondary Certificate Authority root of trust certificate to replace the active Certificate Authority root of trust certificate in response to receiving the identifier through the industrial control network, the active Certificate Authority root of trust certificate being revoked; and
  
  responsive to the activation of the secondary Certificate Authority root of trust certificate, promote the tertiary Certificate Authority root of trust certificate to replace the secondary Certificate Authority root of trust certificate.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The system according to claim 1, wherein the programmable device includes one of a utility meter, a circuit breaker, a protective relay, a programmable logic controller, a motor controller, and industrial network hardware.
  - 3. The system according to claim 1, wherein the plurality of Certificate Authority root of trust certificates includes one or more Certificate Authority root of trust certificates received from a plurality of certificate authorities.
  - 4. The system according to claim 1, wherein the identifier includes a certificate signed by a private key corresponding to the secondary Certificate Authority root of trust certificate.
  - 5. The system according to claim 4, wherein the one or more components are collectively further configured to:
    - receive a package in association with the certificate, the package including at least one of a configuration file, a firmware update, license information, and a subcomponent upgrade;
      
      validate the certificate using the secondary Certificate Authority root of trust certificate;
      
      decrypt the package using a public key associated with the certificate; and
      
      apply the package to the programmable device.
  - 6. The system according to claim 4, wherein the one or more components are collectively further configured to:
    - receive a replacement Certificate Authority root of trust certificate in association with the certificate;
      
      validate the certificate using the secondary Certificate Authority root of trust certificate;
      
      validate the replacement Certificate Authority root of trust certificate using the certificate; and
      
      store the replacement Certificate Authority root of trust certificate within the plurality of Certificate Authority root of trust certificates responsive to validating the certificate.
  - 7. The system according to claim 1, wherein the one or more components are collectively further configured to dereference the identifier to identify the secondary Certificate Authority root of trust certificate.
  - 8. The system according to claim 7, wherein the identifier includes a certificate signed by a private key corresponding to the secondary Certificate Authority root of trust certificate and the one or more components are collectively configured to dereference the identifier at least in part by validating the certificate using the secondary Certificate Authority root of trust certificate.
  - 9. The system according to claim 7, wherein the one or more components are collectively configured to dereference the identifier at least in part by identifying, within a cross-reference, an association between the identifier and the secondary Certificate Authority root of trust certificate.
  - 10. The system according to claim 7, wherein the identifier includes a certificate signed by a private key corresponding to the secondary Certificate Authority root of trust certificate and the one or more components are collectively further configured to dereference the identifier at least in part by iteratively attempting to validate the certificate using root certificates of the plurality of Certificate Authority root of trust certificates.
  - 11. The system according to claim 1, wherein the one or more components executable by the at least one processor are collectively further configured to remove the active Certificate Authority root of trust certificate responsive to activating the secondary Certificate Authority root of trust certificate.

12. A method comprising:
- storing, at a programmable device having a memory, a plurality of Certificate Authority root of trust certificates, the plurality of Certificate Authority root of trust certificates including at least an active Certificate Authority root of trust certificate, a secondary Certificate Authority root of trust certificate, and a tertiary Certificate Authority root of trust certificate stored in a hierarchical format, wherein in the hierarchical format the tertiary Certificate Authority root of trust certificate is subordinate to the secondary Certificate Authority root of trust certificate;
  
  receiving, at the programmable device having the memory, an identifier of the secondary Certificate Authority root of trust certificate of the plurality of Certificate Authority root of trust certificates through an industrial control network according to an industrial protocol;
  
  activating the secondary Certificate Authority root of trust certificate to replace the active Certificate Authority root of trust certificate in response to receiving the identifier through the industrial control network, the active Certificate Authority root of trust certificate being revoked; and
  
  responsive to the activation of the secondary Certificate Authority root of trust certificate, promoting the tertiary Certificate Authority root of trust certificate to replace the secondary Certificate Authority root of trust certificate.
- View Dependent Claims (13, 14, 15, 16, 17, 18)
- - 13. The method according to claim 12, wherein the identifier includes a certificate signed by a private key corresponding to the secondary Certificate Authority root of trust certificate.
  - 14. The method according to claim 13, further comprising:
    - receiving a package in association with the certificate, the package including at least one of a configuration file, a firmware update, license information, and a subcomponent upgrade;
      
      validating the certificate using the secondary Certificate Authority root of trust certificate;
      
      decrypting the package using a public key associated with the certificate; and
      
      applying the package to the programmable device.
  - 15. The method according to claim 13, further comprising:
    - receiving a replacement Certificate Authority root of trust certificate in association with the certificate;
      
      validating the certificate using the secondary Certificate Authority root of trust certificate;
      
      validating the replacement Certificate Authority root of trust certificate using the certificate; and
      
      storing the replacement Certificate Authority root of trust certificate within the plurality of Certificate Authority root of trust certificates responsive to validating the certificate.
  - 16. The method according to claim 12, further comprising:
    - dereferencing the identifier to identify the secondary Certificate Authority root of trust certificate.
  - 17. The method according to claim 16, wherein dereferencing the identifier includes identifying, within a cross-reference, an association between the identifier and the secondary Certificate Authority root of trust certificate.
  - 18. The method according to claim 16, wherein the identifier includes a certificate signed by a private key corresponding to the secondary Certificate Authority root of trust certificate and dereferencing the identifier includes iteratively attempting to validate the certificate using root certificates of the plurality of Certificate Authority root of trust certificates.

19. A non-transitory computer readable medium having stored thereon sequences of instruction including instructions that will cause at least one processor to:
- store, at a programmable device having a memory, a plurality of Certificate Authority root of trust certificates, the plurality of Certificate Authority root of trust certificates including at least an active Certificate Authority root of trust certificate, a secondary Certificate Authority root of trust certificate, and a tertiary Certificate Authority root of trust certificate in a hierarchical format, wherein in the hierarchical format the tertiary Certificate Authority root of trust certificate is subordinate to the secondary Certificate Authority root of trust certificate;
  
  receive, at the programmable device, an identifier of the secondary Certificate Authority root of trust certificate of the plurality of Certificate Authority root of trust certificates through an industrial control network according to an industrial protocol;
  
  activate the secondary Certificate Authority root of trust certificate to replace the active Certificate Authority root of trust certificate in response to receiving the identifier through the industrial control network, the active Certificate Authority root of trust certificate being revoked; and
  
  responsive to the activation of the secondary Certificate Authority root of trust certificate, promote the tertiary Certificate Authority root of trust certificate to replace the secondary Certificate Authority root of trust certificate.
- View Dependent Claims (20)
- - 20. The computer readable medium according to claim 19, wherein the identifier includes a certificate signed by a private key corresponding to the secondary Certificate Authority root of trust certificate.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Schneider Electric USA, Inc. (Schneider Electric SE)
Original Assignee
Schneider Electric USA, Inc. (Schneider Electric SE)
Inventors
Pyle, Michael W.
Primary Examiner(s)
Patel, Haresh N

Application Number

US14/587,812
Publication Number

US 20160191253A1
Time in Patent Office

1,329 Days
Field of Search

380 28, 380 44, 380 30
US Class Current
CPC Class Codes

H04L 63/0823   using certificates cryptogr...

H04L 9/14   using a plurality of keys o...

H04L 9/3263   involving certificates, e.g...

H04W 12/04   Key management, e.g. using ...

Industrial network certificate recovery by identifying secondary root certificate

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Industrial network certificate recovery by identifying secondary root certificate

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links