System and method for authentication and fail-safe transmission of safety messages

US 20040059917A1
Filed: 02/07/2003
Published: 03/25/2004
Est. Priority Date: 02/07/2002
Status: Active Grant

First Claim

Patent Images

1. A safety message generation apparatus comprising:

a sensor disposed to generate state information; and

a safety layer for creating a safety message using said state information and for generating a digital signature based upon said safety message, said digital signature enabling authentication of said safety message subsequent to transmission through a communications network.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for fail-safe transmission of safety messages through communication channels containing non-safety-certified equipment is disclosed herein. Consistent with the disclosed method, digital signatures and/or encryption are used to authenticate both the origin and content of the safety messages. A watchdog timer ensures transition to a safe state if authenticated messages are not received periodically. In a particular implementation, the disclosed method includes generating a safety message indicating the state of a sensor. A digital signature is then generated to sign this safety message. The method further includes communicating the safety message and the digital signature to an actuator. Upon receipt, the safety message is authenticated using the digital signature. A watchdog timer ensures transition to a safe state if authenticated messages are not received periodically.

26 Citations

View as Search Results

18 Claims

1. A safety message generation apparatus comprising:
- a sensor disposed to generate state information; and
  
  a safety layer for creating a safety message using said state information and for generating a digital signature based upon said safety message, said digital signature enabling authentication of said safety message subsequent to transmission through a communications network.
- View Dependent Claims (2, 3, 4, 5, 6, 16, 18)
- - 2. The safety message generation apparatus of claim 1 wherein said safety layer generates said digital signature by signing said safety message using a private key associated with said sensor, said digital signature being verifiable using a public key.
  - 3. The safety message generation apparatus of claim 1 wherein said safety layer creates a message digest based upon said state information, said message digest being signed using a private key in order to generate said digital signature.
  - 4. The safety message generation apparatus of claim 1 further including a safety application operative to monitor a state of said sensor and to generate said state information accordingly.
  - 5. The safety message generation apparatus of claim 1 wherein said safety layer adds sequence number information to said state information in connection with creating said safety message.
  - 6. The safety message generation apparatus of claim 1 wherein said safety layer adds time stamp information to said state information in connection with creating said safety message.
  - 16. The apparatus of claim 1 wherein said sensor includes a safety-certified layer incorporating said safety layer and a non-safety-certified layer.
  - 18. The method of claim 17 or claim 1 wherein said destination node includes a safety-certified layer and a non-safety-certified layer.

7. A method for fail-safe transmission of safety messages in a network environment said method comprising:
- generating a safety message at a source node;
  
  creating a digital signature based upon said safety message; and
  
  communicating said safety message and said digital signature to a destination node, said digital signature enabling authentication of said safety message as received.
- View Dependent Claims (8, 9, 10, 11, 12, 17)
- - 8. The method of claim 7, wherein said creating a digital signature includes:
    - generating a message digest by condensing said safety message using a hash function; and
      
      signing said message digest using a private key.
  - 9. The method of claim 8, wherein:
    - said source node generates an authenticating message digest using said hash function and said safety message; and
      
      said destination node verifies said digital signature using said authenticating message digest and a public key corresponding to said private key.
  - 10. The method of claim 9 wherein said destination node transitions to a safe state if said safety messages are not received on a periodic basis.
  - 11. The method of claim 7 wherein said safety message includes a sequence number or time stamp.
  - 12. The method of claim 7 further including:
    - receiving additional state information indicative of a subsequent state of said sensor;
      
      generating an additional safety message using said additional state information, said additional safety message containing a sequence number or time stamp;
      
      creating an additional digital signature based upon said additional safety message; and
      
      communicating said additional safety message and additional digital signature to said destination node.
  - 17. The method of claim 7 wherein said source node includes a safety-certified layer disposed to generate said safety message and a non-safety-certified layer.

13. A system for fail-safe transmission of safety messages in a network environment including a communications network, said system comprising:
- an intelligent sensor apparatus including a sensor and;
  
  a first safety-certified application, a first safety-certified layer, a first non-safety-certified layer wherein said first safety-certified layer is operative to generate a safety message and associated digital signature based upon state information received from said sensor;
  
  means for transmitting said safety message and said associated digital signature over said communications network; and
  
  an intelligent actuator apparatus communicatively coupled to said intelligent sensor via said communications network, said intelligent actuator including an actuator, and a second safety-certified application, a second safety-certified layer and a second non-safety-certified layer wherein said second safety-certified layer is operative to use said digital signature in order to verify authenticity of said safety message communicated over said network and thereby enable said actuator to perform an action in accordance with said state information.

14. A method for fail-safe transmission of safety messages from a sensor to an actuator entity, said method comprising the steps of:
- generating a safety message representative of a status of said sensor;
  
  creating a message digest based upon said safety message;
  
  generating a digital signature using said message digest; and
  
  communicating said digital signature and said safety message to said actuator entity, said digital signature enabling authentication of said safety message as received at said actuator entity.
- View Dependent Claims (15)
- - 15. The method of claim 14 wherein said digital signature is generated by signing said message digest using a private key associated with said sensor, said digital signature being verifiable using a public key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Schneider Electric Systems USA, Inc. (Schneider Electric SE)
Original Assignee
Invensys Systems Incorporated (Invensys PLC)
Inventors
Powers, Leslie

Granted Patent

US 7,590,848 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/176
CPC Class Codes

G06F 21/606   by securing the transmissio...

H04L 63/0442   wherein the sending and rec...

H04L 63/12   Applying verification of th...

H04L 63/123   received data contents, e.g...

H04L 9/3236   using cryptographic hash fu...

System and method for authentication and fail-safe transmission of safety messages

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

26 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for authentication and fail-safe transmission of safety messages

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

26 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links