Systems and methods to secure industrial sensors and actuators
First Claim
Patent Images
1. A process control system to facilitate authentication of Input/Output-Link (IO-Link) devices within a process control network, the system comprising:
- a Programmable Logic Controller (PLC) comprising a plurality of IO paths;
a serial link coupled to the PLC, the serial link is configured to operate with an IO-Link;
a plurality of IO-Link devices comprising;
one of a sensor and an actuator coupled to the serial link;
an IO-link device secure transceiver that comprises a memory device to store a private key of a private-public key pair; and
one of an encryption and decryption engine; and
a PLC compute node coupled to the PLC, the compute node configures one of the sensor and actuator, wherein the serial link comprises an IO-Link secure master transceiver coupled to a programmable microcontroller, the IO-Link secure master transceiver comprises a memory device to store a public key of the private-public key pair and is configured to send an authorization request to one of the sensor and actuator, wherein the IO-Link secure transceiver and the IO-Link secure master transceiver use the private and public keys in a cryptographic operation to data provided to or received from the IO-Link secure transceiver or the IO-Link secure master transceiver.
1 Assignment
0 Petitions
Accused Products
Abstract
Various embodiments of the invention provide for secure data communication in industrial process control architectures that employ a network of sensors and actuators. In various embodiments, data is secured by a secure serial transmission system that detects and authenticates IO-Link devices that are equipped with secure transceivers circuits, thereby, ensuring that non-trusted or non-qualified hardware is prevented from connecting to a network and potentially compromising system behavior.
-
Citations
18 Claims
-
1. A process control system to facilitate authentication of Input/Output-Link (IO-Link) devices within a process control network, the system comprising:
-
a Programmable Logic Controller (PLC) comprising a plurality of IO paths; a serial link coupled to the PLC, the serial link is configured to operate with an IO-Link; a plurality of IO-Link devices comprising; one of a sensor and an actuator coupled to the serial link; an IO-link device secure transceiver that comprises a memory device to store a private key of a private-public key pair; and one of an encryption and decryption engine; and a PLC compute node coupled to the PLC, the compute node configures one of the sensor and actuator, wherein the serial link comprises an IO-Link secure master transceiver coupled to a programmable microcontroller, the IO-Link secure master transceiver comprises a memory device to store a public key of the private-public key pair and is configured to send an authorization request to one of the sensor and actuator, wherein the IO-Link secure transceiver and the IO-Link secure master transceiver use the private and public keys in a cryptographic operation to data provided to or received from the IO-Link secure transceiver or the IO-Link secure master transceiver. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method to authenticate an Input/Output-Link (IO-Link) device, the method comprising:
-
detecting the presence of one of a sensor and actuator that comprises an IO-Link secure transceiver; sending an authorization request from an IO-Link secure master transceiver to one of the sensor and actuator that comprises a memory device to store a private key of a private-public key pair, the IO-Link secure master transceiver comprising a memory device to store a public key of the private-public key pair, the IO-Link secure transceiver and the IO-Link secure master transceiver using the private and public keys in a cryptographic operation to data provided to or received from the IO-Link secure transceiver or the IO-Link secure master transceiver; receiving a response signal from an IO-Link device comprising an IO-link device secure transceiver, one of an encryption and decryption engine, and one of the sensor and actuator in response to the authorization request; validating one of the sensor and actuator in the IO-Link device based on the response signal to determine whether one of the sensor and actuator is compatible with another device; and enabling a transmission via a communication channel in response to detecting that the response signal is valid. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A device to authenticate an Input/Output-Link (IO-Link) device, the device comprising:
-
a first IO-Link secure transceiver configured to communicate with a programmable microcontroller, the first IO-Link secure transceiver being configured to send an authorization request to a plurality of IO-Link devices each comprising one of a sensor and an actuator that comprises a second IO-Link secure transceiver, the second IO-Link secure transceiver comprising a memory device to store a private key of the private-public key pair, the IO-Link secure transceiver and the IO-Link secure master transceiver using the private and public keys in a cryptographic operation to data provided to or received from the IO-Link secure transceiver or the IO-Link secure master transceiver; and an authentication module configured to secure data that is transmitted to, or received in response to the authorization request, from the second IO-Link secure transceiver, the authentication module is configured to use the private key and a public key to provide one of an encryption processing and a decryption processing of the data, the authentication module further configured to validate one of the sensor and actuator based on the response signal and determine whether one of the sensor and actuator is compatible with another device. - View Dependent Claims (16, 17, 18)
-
Specification