Securely transporting data across a data diode for secured process control communications

US 10,270,745 B2
Filed: 10/24/2016
Issued: 04/23/2019
Est. Priority Date: 10/24/2016
Status: Active Grant

First Claim

Patent Images

1. A method for securely transporting communications from a process plant to another system via a data diode, the method comprising:

provisioning a field gateway of the process plant and an edge gateway communicatively connected to the another system, including;

establishing a temporary communication channel between the edge gateway and the field gateway;

receiving a first key at the field gateway from the edge gateway via the temporary communication channel; and

upon the reception of the first key at the field gateway, disestablishing the temporary communication channel;

encrypting, by the field gateway using the first key, an initialization message, the initialization message including a second key that is to be utilized with subsequent messages transmitted by the field gateway to the edge gateway, and the subsequent messages including data generated by the process plant while controlling a process;

providing, by the field gateway, the encrypted initialization message including the second key to the edge gateway via the data diode, the data diode providing unidirectional communications from the field gateway to the edge gateway and the data diode preventing communications from the edge gateway to the field gateway;

encrypting, by the field gateway using the second key, the subsequent messages; and

transmitting, by the field gateway, the encrypted subsequent messages to the other system via the data diode and the edge gateway.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Securely transporting data across a unidirectional data diode interconnecting a process plant to a remote system includes provisioning, using join key material, a sending device at the plant end of the diode with a receiving device at the remote end. The join key material is used to securely share network key material that is used to encrypt/decrypt messages or packets that are transported across the diode and whose payload includes plant—updated or re-set generated data. The shared network key material is recurrently using the join key material, and the recurrence interval may be based on a tolerance for lost data or other characteristic of an application, service, or consumer of plant data at the remote system.

Citations

19 Claims

1. A method for securely transporting communications from a process plant to another system via a data diode, the method comprising:
- provisioning a field gateway of the process plant and an edge gateway communicatively connected to the another system, including;
  
  establishing a temporary communication channel between the edge gateway and the field gateway;
  
  receiving a first key at the field gateway from the edge gateway via the temporary communication channel; and
  
  upon the reception of the first key at the field gateway, disestablishing the temporary communication channel;
  
  encrypting, by the field gateway using the first key, an initialization message, the initialization message including a second key that is to be utilized with subsequent messages transmitted by the field gateway to the edge gateway, and the subsequent messages including data generated by the process plant while controlling a process;
  
  providing, by the field gateway, the encrypted initialization message including the second key to the edge gateway via the data diode, the data diode providing unidirectional communications from the field gateway to the edge gateway and the data diode preventing communications from the edge gateway to the field gateway;
  
  encrypting, by the field gateway using the second key, the subsequent messages; and
  
  transmitting, by the field gateway, the encrypted subsequent messages to the other system via the data diode and the edge gateway.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein establishing the temporary communication channel comprises establishing the temporary communication channel through the data diode, and wherein a message via which the first key is received via the temporary communication channel is an only message transmitted from the edge gateway to the field gateway via the data diode.
  - 3. The method of claim 1, wherein providing the encrypted initialization message including the second key comprises providing the encrypted initialization message including a randomly generated key.
  - 4. The method of claim 1, wherein the second key is a network key, and the method further comprises re-synchronizing the network key between the field gateway and the edge gateway.
  - 5. The method of claim 4, wherein re-synchronizing the network key between the field gateway and the edge gateway comprises periodically re-synchronizing the network key between the field gateway and the edge gateway.
  - 6. The method of claim 4, wherein the subsequent messages are a first set of subsequent messages, and wherein re-synchronizing the network key between the field gateway and the edge gateway comprises:
    - providing, by the field gateway to the edge gateway, a third key to be utilized with a second set of subsequent messages transmitted by the field gateway to the edge gateway, the third key encrypted using the first key, and the third key being a re-synchronized network key;
      
      encrypting, by the field gateway using the re-synchronized network key, the second set of subsequent messages;
      
      transmitting, by the field gateway to the edge gateway via the data diode, the encrypted second set of subsequent messages; and
      
      deactivating the second key.
  - 7. The method of claim 6, wherein the second key and the third key are respectively randomly generated.
  - 8. The method of claim 6, wherein the re-synchronized network key is a first resynchronized network key, and wherein re-synchronizing the network key between the field gateway in the edge gateway further comprises:
    - providing, by the field gateway to the edge gateway, a fourth key to be utilized with a third set of subsequent messages transmitted by the field gateway to the edge gateway, the fourth key encrypted using the first key, and the fourth key being a second re-synchronized network key;
      
      encrypting, by the field gateway using the second re-synchronized network key, the third set of subsequent messages;
      
      transmitting, by the field gateway to the edge gateway via the data diode, the encrypted third set of subsequent messages; and
      
      deactivating the third key.
  - 9. The method of claim 1, wherein:
    - providing the encrypted initialization message including the second key comprises providing the encrypted initialization message including the second key and a packet counter; and
      
      encrypting the subsequent messages using the second key comprises encrypting a particular subsequent message by using the second key and a value of the packet counter corresponding to the particular subsequent message as nonce material.

10. A system for securely transporting communications from a process plant to another system, the system comprising:
- a field gateway having a respective memory and an edge gateway having a respective memory, the field gateway and the edge gateway interconnected via a data diode, and the data diode configured to prevent two-way communications between the field gateway and the edge gateway;
  
  a join key that is shared and stored at each of the respective memory of the field gateway and the respective memory of the edge gateway during a provisioning of the field gateway and the edge gateway, the provisioning of the field gateway and the edge gateway including;
  
  a creation of a temporary reverse channel across the data diode;
  
  a transmission, using the temporary reverse channel, of the join key from the edge gateway to the field gateway based on an authorization of the field gateway via a provisioning user interface; and
  
  a tear-down of the temporary reverse channel upon a reception of the join key at the field gateway; and
  
  a network key that is encrypted using the join key and that is provided by the field gateway to the edge gateway via the data diode, the network key used to decrypt messages sent from the field gateway to the edge gateway, the messages including data generated by the process plant while controlling a process,wherein network key material is re-synchronized between the field gateway and the edge gateway by using one-way communications from the field gateway to the edge gateway via the data diode.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 11. The system of claim 10, wherein the interconnection of the field gateway in the edge gateway through the data diode is a secured, UDP communication connection.
  - 12. The system of claim 10, wherein the join key is encrypted.
  - 13. The system of claim 10, wherein the provisioning of the field gateway and the edge gateway further includes an authentication, via the provisioning user interface, of a user to at least one of the field gateway or the edge gateway.
  - 14. The system of claim 10, wherein at least one of the join key or the network key is randomly generated.
  - 15. The system of claim 14, wherein:
    - a network packet counter is provided by the field gateway in conjunction with the network key to the edge gateway; and
      
      a decryption of a particular message at the edge gateway uses the network key and an updated value of the network packet counter corresponding to the particular message.
  - 16. The system of claim 10, wherein:
    - the network key is a first network key; and
      
      the re-synchronization of the network key material between the field gateway and the edge gateway by using the one-way communications comprises a transmission, from the field gateway to the edge gateway via the data diode, of a second network key for decrypting subsequent messages sent from the field gateway to the edge gateway.
  - 17. The system of claim 16, wherein the network key material includes the first network key and a first network packet counter, and wherein the resynchronized network key material includes the second network key and a second network packet counter.
  - 18. The system of claim 10, wherein the resynchronization of the network key material between the field gateway and the edge gateway is periodic.
  - 19. The system of claim 18, wherein a duration of a periodicity of the resynchronization is based on at least one of a tolerance for lost data or a characteristic of an application in communicative connection with the edge gateway, the application being a consumer of at least some of the data generated by the process plant while controlling the process.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fisher-Rosemount Systems Incorporated (Emerson Electric Company)
Original Assignee
Fisher-Rosemount Systems Incorporated (Emerson Electric Company)
Inventors
Rotvold, Eric, Nixon, Mark J.
Primary Examiner(s)
Cribbs, Malcolm

Application Number

US15/332,690
Publication Number

US 20180115528A1
Time in Patent Office

911 Days
Field of Search

None
US Class Current
CPC Class Codes

H04L 12/66   Arrangements for connecting...

H04L 2209/76   Proxy, i.e. using intermedi...

H04L 63/0209   Architectural arrangements,...

H04L 63/0428   wherein the data content is...

H04L 63/065   for group communications cr...

H04L 67/12   specially adapted for propr...

H04L 9/0822   using key encryption key

H04L 9/0827   involving distinctive inter...

H04L 9/0869   involving random numbers or...

H04L 9/14   using a plurality of keys o...

H04W 12/041   Key generation or derivation

H04W 12/088   using filters or firewalls

H04W 4/70   Services for machine-to-mac...

Y02P 90/02   Total factory control, e.g....

Securely transporting data across a data diode for secured process control communications

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Securely transporting data across a data diode for secured process control communications

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links