Industrial network certificate recovery by identifying secondary root certificate
First Claim
Patent Images
1. A programmable device configured for use within an industrial control system, the programmable device comprising:
- a memory storing a plurality of Certificate Authority root of trust certificates, the plurality of Certificate Authority root of trust certificates including at least an active Certificate Authority root of trust certificate, a secondary Certificate Authority root of trust certificate, and a tertiary Certificate Authority root of trust certificate stored at the memory in a hierarchical format, wherein in the hierarchical format the tertiary Certificate Authority root of trust certificate is subordinate to the secondary Certificate Authority root of trust certificate;
at least one processor in data communication with the memory and an interface to exchange information within an industrial control network; and
one or more components executable by the at least one processor and collectively configured to;
receive an identifier of the secondary Certificate Authority root of trust certificate of the plurality of Certificate Authority root of trust certificates through the industrial control network according to an industrial protocol;
activate the secondary Certificate Authority root of trust certificate to replace the active Certificate Authority root of trust certificate in response to receiving the identifier through the industrial control network, the active Certificate Authority root of trust certificate being revoked; and
responsive to the activation of the secondary Certificate Authority root of trust certificate, promote the tertiary Certificate Authority root of trust certificate to replace the secondary Certificate Authority root of trust certificate.
1 Assignment
0 Petitions
Accused Products
Abstract
According to various aspects and embodiments, a programmable device configured for use within an industrial control system is provided. The programmable device includes a memory storing a plurality of root certificates, the plurality of root certificates including an active certificate and one or more secondary certificates, and at least one processor coupled to the memory. The at least one processor configured to receive an identifier of a secondary root certificate of the one or more secondary root certificates, and activate the secondary root certificate in response to receiving the identifier.
-
Citations
20 Claims
-
1. A programmable device configured for use within an industrial control system, the programmable device comprising:
-
a memory storing a plurality of Certificate Authority root of trust certificates, the plurality of Certificate Authority root of trust certificates including at least an active Certificate Authority root of trust certificate, a secondary Certificate Authority root of trust certificate, and a tertiary Certificate Authority root of trust certificate stored at the memory in a hierarchical format, wherein in the hierarchical format the tertiary Certificate Authority root of trust certificate is subordinate to the secondary Certificate Authority root of trust certificate; at least one processor in data communication with the memory and an interface to exchange information within an industrial control network; and one or more components executable by the at least one processor and collectively configured to; receive an identifier of the secondary Certificate Authority root of trust certificate of the plurality of Certificate Authority root of trust certificates through the industrial control network according to an industrial protocol; activate the secondary Certificate Authority root of trust certificate to replace the active Certificate Authority root of trust certificate in response to receiving the identifier through the industrial control network, the active Certificate Authority root of trust certificate being revoked; and responsive to the activation of the secondary Certificate Authority root of trust certificate, promote the tertiary Certificate Authority root of trust certificate to replace the secondary Certificate Authority root of trust certificate. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method comprising:
-
storing, at a programmable device having a memory, a plurality of Certificate Authority root of trust certificates, the plurality of Certificate Authority root of trust certificates including at least an active Certificate Authority root of trust certificate, a secondary Certificate Authority root of trust certificate, and a tertiary Certificate Authority root of trust certificate stored in a hierarchical format, wherein in the hierarchical format the tertiary Certificate Authority root of trust certificate is subordinate to the secondary Certificate Authority root of trust certificate; receiving, at the programmable device having the memory, an identifier of the secondary Certificate Authority root of trust certificate of the plurality of Certificate Authority root of trust certificates through an industrial control network according to an industrial protocol; activating the secondary Certificate Authority root of trust certificate to replace the active Certificate Authority root of trust certificate in response to receiving the identifier through the industrial control network, the active Certificate Authority root of trust certificate being revoked; and responsive to the activation of the secondary Certificate Authority root of trust certificate, promoting the tertiary Certificate Authority root of trust certificate to replace the secondary Certificate Authority root of trust certificate. - View Dependent Claims (13, 14, 15, 16, 17, 18)
-
-
19. A non-transitory computer readable medium having stored thereon sequences of instruction including instructions that will cause at least one processor to:
-
store, at a programmable device having a memory, a plurality of Certificate Authority root of trust certificates, the plurality of Certificate Authority root of trust certificates including at least an active Certificate Authority root of trust certificate, a secondary Certificate Authority root of trust certificate, and a tertiary Certificate Authority root of trust certificate in a hierarchical format, wherein in the hierarchical format the tertiary Certificate Authority root of trust certificate is subordinate to the secondary Certificate Authority root of trust certificate; receive, at the programmable device, an identifier of the secondary Certificate Authority root of trust certificate of the plurality of Certificate Authority root of trust certificates through an industrial control network according to an industrial protocol; activate the secondary Certificate Authority root of trust certificate to replace the active Certificate Authority root of trust certificate in response to receiving the identifier through the industrial control network, the active Certificate Authority root of trust certificate being revoked; and responsive to the activation of the secondary Certificate Authority root of trust certificate, promote the tertiary Certificate Authority root of trust certificate to replace the secondary Certificate Authority root of trust certificate. - View Dependent Claims (20)
-
Specification