Securely transporting data across a data diode for secured process control communications
First Claim
1. A method for securely transporting communications from a process plant to another system via a data diode, the method comprising:
- provisioning a field gateway of the process plant and an edge gateway communicatively connected to the another system, including;
establishing a temporary communication channel between the edge gateway and the field gateway;
receiving a first key at the field gateway from the edge gateway via the temporary communication channel; and
upon the reception of the first key at the field gateway, disestablishing the temporary communication channel;
encrypting, by the field gateway using the first key, an initialization message, the initialization message including a second key that is to be utilized with subsequent messages transmitted by the field gateway to the edge gateway, and the subsequent messages including data generated by the process plant while controlling a process;
providing, by the field gateway, the encrypted initialization message including the second key to the edge gateway via the data diode, the data diode providing unidirectional communications from the field gateway to the edge gateway and the data diode preventing communications from the edge gateway to the field gateway;
encrypting, by the field gateway using the second key, the subsequent messages; and
transmitting, by the field gateway, the encrypted subsequent messages to the other system via the data diode and the edge gateway.
1 Assignment
0 Petitions
Accused Products
Abstract
Securely transporting data across a unidirectional data diode interconnecting a process plant to a remote system includes provisioning, using join key material, a sending device at the plant end of the diode with a receiving device at the remote end. The join key material is used to securely share network key material that is used to encrypt/decrypt messages or packets that are transported across the diode and whose payload includes plant—updated or re-set generated data. The shared network key material is recurrently using the join key material, and the recurrence interval may be based on a tolerance for lost data or other characteristic of an application, service, or consumer of plant data at the remote system.
-
Citations
19 Claims
-
1. A method for securely transporting communications from a process plant to another system via a data diode, the method comprising:
-
provisioning a field gateway of the process plant and an edge gateway communicatively connected to the another system, including; establishing a temporary communication channel between the edge gateway and the field gateway; receiving a first key at the field gateway from the edge gateway via the temporary communication channel; and upon the reception of the first key at the field gateway, disestablishing the temporary communication channel; encrypting, by the field gateway using the first key, an initialization message, the initialization message including a second key that is to be utilized with subsequent messages transmitted by the field gateway to the edge gateway, and the subsequent messages including data generated by the process plant while controlling a process; providing, by the field gateway, the encrypted initialization message including the second key to the edge gateway via the data diode, the data diode providing unidirectional communications from the field gateway to the edge gateway and the data diode preventing communications from the edge gateway to the field gateway; encrypting, by the field gateway using the second key, the subsequent messages; and transmitting, by the field gateway, the encrypted subsequent messages to the other system via the data diode and the edge gateway. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system for securely transporting communications from a process plant to another system, the system comprising:
-
a field gateway having a respective memory and an edge gateway having a respective memory, the field gateway and the edge gateway interconnected via a data diode, and the data diode configured to prevent two-way communications between the field gateway and the edge gateway; a join key that is shared and stored at each of the respective memory of the field gateway and the respective memory of the edge gateway during a provisioning of the field gateway and the edge gateway, the provisioning of the field gateway and the edge gateway including; a creation of a temporary reverse channel across the data diode; a transmission, using the temporary reverse channel, of the join key from the edge gateway to the field gateway based on an authorization of the field gateway via a provisioning user interface; and a tear-down of the temporary reverse channel upon a reception of the join key at the field gateway; and a network key that is encrypted using the join key and that is provided by the field gateway to the edge gateway via the data diode, the network key used to decrypt messages sent from the field gateway to the edge gateway, the messages including data generated by the process plant while controlling a process, wherein network key material is re-synchronized between the field gateway and the edge gateway by using one-way communications from the field gateway to the edge gateway via the data diode. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19)
-
Specification