CRYPTOGRAPHIC AUTHENTICATION PROTOCOL

US 20080077976A1
Filed: 09/27/2006
Published: 03/27/2008
Est. Priority Date: 09/27/2006
Status: Abandoned Application

First Claim

Patent Images

1. An authentication protocol for an industrial automation system, comprising:

at least one industrial control component that communicates security information across a network; and

at least one protocol component that employs mutual authentication data that is based in part on a private key exchange to facilitate authentication of the industrial control component via the network.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An authentication protocol for an industrial automation system is provided. This includes at least one industrial control component that communicates security information across a network. At least one protocol component is provided that employs mutual authentication data that is based in part on a private key exchange to facilitate authentication of the industrial control component via the network.

137 Citations

View as Search Results

37 Claims

1. An authentication protocol for an industrial automation system, comprising:
- at least one industrial control component that communicates security information across a network; and
  
  at least one protocol component that employs mutual authentication data that is based in part on a private key exchange to facilitate authentication of the industrial control component via the network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The system of claim 1, the private key exchange is a symmetric key exchange.
  - 3. The system of claim 1, the private key exchange is associated with a public key component.
  - 4. The system of claim 1, further comprising employing a reduced subset of cryptographic primitives to facilitate authentication.
  - 5. The system of claim 1, the protocol component employs a cryptographic authentication protocol.
  - 6. The system of claim 1, further comprising a component to negotiate private session keys and provide encryption of subsequent transmissions.
  - 7. The system of claim 1, the protocol component includes provisions for session management including signing and encryption functions.
  - 8. The system of claim 1, a concatenation component to combine of strings of authentication characters.
  - 9. The system of claim 1, further comprising at least one hash algorithm that is employed with the protocol component.
  - 10. The system of claim 9, the hash algorithm includes an SHA-1 protocol.
  - 11. The system of claim 1, the protocol component further comprising a Random Number Generator to facilitate protocol security.
  - 12. The system of claim 1, the protocol component further comprising a sequential number generator that produces a next sequential number from a number generated in a previous call.
  - 13. The system of claim 1, the protocol component further comprising a nonce generator to facilitate mutual authentication.
  - 14. The system of claim 1, further comprising a component that provides an asymmetric public and private key encryption and decryption standard.
  - 15. The system of claim 1, further comprising a component to generate a digital signature.

16. A computer readable medium having a data structure stored thereon to facilitate authentication in an industrial automation environment, comprising:
- a first data field to specify nonce information for a first control entity;
  
  a second data field to specify nonce information for a second control entity; and
  
  a third data field that concatenates the nonce information for the first control entity and the second control entity in order to generate a symmetric key for an authentication.
- View Dependent Claims (17, 18)
- - 17. The computer readable medium of claim 16, the symmetric key is employed to digitally sign a transmission or to encrypt one or more subsequent transmissions.
  - 18. The computer readable medium of claim 16, further comprising a negotiation field that is associated with a transmission.

19. An authentication method for industrial control components, comprising:
- validating digital certificates between at least two entities;
  
  validating encrypted nonces between the at least two entities; and
  
  establishing a session between the at least two entities based in part on the digital signatures, the encrypted nonces, and at least a portion of an authentication sequence that includes a private session key.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28)
- - 20. The method of claim 19, further comprising combining the private session key with a public session key.
  - 21. The method of claim 19, further comprising combining at least two encrypted nonces to form a symmetric authentication exchange.
  - 22. The method of claim 19, further comprising exchanging the digital certificates between the at least two entities.
  - 23. The method of claim 19, further comprising exchanging the encrypted nonces between the at least two entities.
  - 24. The method of claim 19, further comprising employing a public key to validate a signature associated with the digital certificates.
  - 25. The method of claim 24, further comprising resetting an authentication protocol if a signature is determined invalid.
  - 26. The method of claim 19, further comprising exchanging a nonce after at least one validation procedure.
  - 27. The method of claim 26, further comprising decoding the nonce.
  - 28. The method of claim 19, further comprising enabling a communications session after validating a digital signature and decoding a nonce.

29. An authentication system for an industrial control environment, comprising:
- means for generating certificates across an industrial control network;
  
  means for generating nonces in response to the digital signatures; and
  
  means for negotiating a communications session based on a concatenated key associated with the nonces.
- View Dependent Claims (30)
- - 30. The system of claim 29, further comprising means for processing a private session key and a public session key.

31. A computer readable medium having computer readable instructions stored thereon, comprising:
- exchanging one or more digital certificates between at least two entities;
  
  exchanging one or more encrypted nonces between the at least two entities; and
  
  establishing a communications session between the at least two entities based in part on a symmetric session key formed from at least two of the encrypted nonces.
- View Dependent Claims (32, 33, 34, 35, 36, 37)
- - 32. The computer readable medium of claim 31, further comprising presenting a certificate based upon a request.
  - 33. The computer readable medium of claim 31, further comprising including a logical or physical address of a device within an authentication exchange.
  - 34. The computer readable medium of claim 33, further comprising including a unique authentication phase in the authentication exchange.
  - 35. The computer readable medium of claim 31, further comprising employing a component to track invalid certificates.
  - 36. The computer readable medium of claim 31, further comprising employing a certificate version number in an authentication exchange.
  - 37. The computer readable medium of claim 31, further comprising employing a revocation certificate in an authentication exchange.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Rockwell Automation Technologies Incorporated (Allen-Bradley Co., Inc.)
Original Assignee
Rockwell Automation Technologies Incorporated (Allen-Bradley Co., Inc.)
Inventors
Schulz, Glenn B.

Application Number

US11/535,773
Publication Number

US 20080077976A1
Time in Patent Office

Days
Field of Search
US Class Current

726/5
CPC Class Codes

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 9/0822   using key encryption key

H04L 9/3249   using RSA or related signat...

H04L 9/3263   involving certificates, e.g...

H04L 9/3273   for mutual authentication n...

CRYPTOGRAPHIC AUTHENTICATION PROTOCOL

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

137 Citations

37 Claims

Specification

Solutions

Use Cases

Quick Links

CRYPTOGRAPHIC AUTHENTICATION PROTOCOL

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

137 Citations

37 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links