Systems and methods to secure industrial sensors and actuators

US 10,095,858 B2
Filed: 03/24/2014
Issued: 10/09/2018
Est. Priority Date: 10/28/2013
Status: Active Grant

First Claim

Patent Images

1. A process control system to facilitate authentication of Input/Output-Link (IO-Link) devices within a process control network, the system comprising:

a Programmable Logic Controller (PLC) comprising a plurality of IO paths;

a serial link coupled to the PLC, the serial link is configured to operate with an IO-Link;

a plurality of IO-Link devices comprising;

one of a sensor and an actuator coupled to the serial link;

an IO-link device secure transceiver that comprises a memory device to store a private key of a private-public key pair; and

one of an encryption and decryption engine; and

a PLC compute node coupled to the PLC, the compute node configures one of the sensor and actuator, wherein the serial link comprises an IO-Link secure master transceiver coupled to a programmable microcontroller, the IO-Link secure master transceiver comprises a memory device to store a public key of the private-public key pair and is configured to send an authorization request to one of the sensor and actuator, wherein the IO-Link secure transceiver and the IO-Link secure master transceiver use the private and public keys in a cryptographic operation to data provided to or received from the IO-Link secure transceiver or the IO-Link secure master transceiver.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Various embodiments of the invention provide for secure data communication in industrial process control architectures that employ a network of sensors and actuators. In various embodiments, data is secured by a secure serial transmission system that detects and authenticates IO-Link devices that are equipped with secure transceivers circuits, thereby, ensuring that non-trusted or non-qualified hardware is prevented from connecting to a network and potentially compromising system behavior.

Citations

18 Claims

1. A process control system to facilitate authentication of Input/Output-Link (IO-Link) devices within a process control network, the system comprising:
- a Programmable Logic Controller (PLC) comprising a plurality of IO paths;
  
  a serial link coupled to the PLC, the serial link is configured to operate with an IO-Link;
  
  a plurality of IO-Link devices comprising;
  
  one of a sensor and an actuator coupled to the serial link;
  
  an IO-link device secure transceiver that comprises a memory device to store a private key of a private-public key pair; and
  
  one of an encryption and decryption engine; and
  
  a PLC compute node coupled to the PLC, the compute node configures one of the sensor and actuator, wherein the serial link comprises an IO-Link secure master transceiver coupled to a programmable microcontroller, the IO-Link secure master transceiver comprises a memory device to store a public key of the private-public key pair and is configured to send an authorization request to one of the sensor and actuator, wherein the IO-Link secure transceiver and the IO-Link secure master transceiver use the private and public keys in a cryptographic operation to data provided to or received from the IO-Link secure transceiver or the IO-Link secure master transceiver.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system according to claim 1, wherein the IO-Link secure master transceiver comprises multiple output ports to communicate secure data with multiple IO-Link secure transceiver devices in a point-to-point configuration.
  - 3. The system according to claim 1, wherein the IO-Link secure device transceiver comprises one of an encryption and decryption engine.
  - 4. The system according to claim 1, wherein the IO-Link secure master transceiver is configured to operate with both authenticated and unauthenticated IO-Link devices.
  - 5. The system according to claim 1, wherein the programmable microcontroller is electrically isolated by an optocoupler.
  - 6. The system according to claim 1, wherein the serial link generates security and authentication functions that enable secure communication with one of the sensor and actuator via a communication channel.
  - 7. The system according to claim 6, wherein the communication channel is a three-conductor cable.

8. A method to authenticate an Input/Output-Link (IO-Link) device, the method comprising:
- detecting the presence of one of a sensor and actuator that comprises an IO-Link secure transceiver;
  
  sending an authorization request from an IO-Link secure master transceiver to one of the sensor and actuator that comprises a memory device to store a private key of a private-public key pair, the IO-Link secure master transceiver comprising a memory device to store a public key of the private-public key pair, the IO-Link secure transceiver and the IO-Link secure master transceiver using the private and public keys in a cryptographic operation to data provided to or received from the IO-Link secure transceiver or the IO-Link secure master transceiver;
  
  receiving a response signal from an IO-Link device comprising an IO-link device secure transceiver, one of an encryption and decryption engine, and one of the sensor and actuator in response to the authorization request;
  
  validating one of the sensor and actuator in the IO-Link device based on the response signal to determine whether one of the sensor and actuator is compatible with another device; and
  
  enabling a transmission via a communication channel in response to detecting that the response signal is valid.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method according to claim 8, further comprising disabling the transmission via the communication channel in response to detecting that the response signal is invalid.
  - 10. The method according to claim 8, wherein sending the authorization request comprises sending secret data.
  - 11. The method according to claim 8, wherein validating comprises applying a security protocol to enabling the transmission.
  - 12. The method according to claim 8, further comprising converting the response signal prior to processing.
  - 13. The method according to claim 8, wherein one of the sensor and actuator is enabled by a communications module.
  - 14. The method according to claim 8, further comprising transmitting encrypted data between one of the sensor and actuator and a master transceiver.

15. A device to authenticate an Input/Output-Link (IO-Link) device, the device comprising:
- a first IO-Link secure transceiver configured to communicate with a programmable microcontroller, the first IO-Link secure transceiver being configured to send an authorization request to a plurality of IO-Link devices each comprising one of a sensor and an actuator that comprises a second IO-Link secure transceiver, the second IO-Link secure transceiver comprising a memory device to store a private key of the private-public key pair, the IO-Link secure transceiver and the IO-Link secure master transceiver using the private and public keys in a cryptographic operation to data provided to or received from the IO-Link secure transceiver or the IO-Link secure master transceiver; and
  
  an authentication module configured to secure data that is transmitted to, or received in response to the authorization request, from the second IO-Link secure transceiver, the authentication module is configured to use the private key and a public key to provide one of an encryption processing and a decryption processing of the data, the authentication module further configured to validate one of the sensor and actuator based on the response signal and determine whether one of the sensor and actuator is compatible with another device.
- View Dependent Claims (16, 17, 18)
- - 16. The device according to claim 15, wherein the data comprises one of diagnostic data, status data, and messages communicated using a protocol.
  - 17. The device according to claim 15, wherein the first TO-Link secure transceiver is embedded in a control module.
  - 18. The device according to claim 15, wherein the programmable microcontroller comprises memory that is configured to store data transmitted over a serial link.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Maxim Integrated Products, Inc. (Analog Devices, Inc.)
Original Assignee
Maxim Integrated Products, Inc. (Analog Devices, Inc.)
Inventors
Haija, Samer A., Yanamadala, Chowdary Subbayya, Kurkowski, Hal
Primary Examiner(s)
Edwards, Linglan E

Application Number

US14/223,735
Publication Number

US 20150121507A1
Time in Patent Office

1,660 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/44   Program or device authentic...

G06F 2211/008   Public Key, Asymmetric Key,...

H04L 67/12   specially adapted for propr...

H04L 9/30   Public key, i.e. encryption...

H04L 9/32   including means for verifyi...

Systems and methods to secure industrial sensors and actuators

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods to secure industrial sensors and actuators

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links