PLANT COMMUNICATION NETWORK

US 20150195250A1
Filed: 03/18/2015
Published: 07/09/2015
Est. Priority Date: 06/01/2010
Status: Abandoned Application

First Claim

Patent Images

1. A plant communication network comprising:

a plurality of end devices; and

a plurality of multilayer switches connected to the end devices that direct transmission of data packets between the end devices, wherein each switch comprises;

a plurality of communication ports for receiving and transmitting data packets in different data formats;

a data format translator that receives data packets configured in different data formats via the ports and reconfigures the data to a common data format;

an application aware engine that receives data packets in the common format and inspects content of the received packets at a plurality of OSI layers to determine if they represent a security threat; and

a wire speed packet switch that directs packets, which the application aware engine determines do not represent a security threat, to their destinations;

wherein the switches monitor signals transmitted over the network to determine if they exhibit temporal and/or spatial aberrations that indicates a security breach of the network.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An embodiment of the disclosure provides a communication network having a plurality of end devices protected by multilayer switches that receive data packets in different formats for transmission to the end devices, translate received data packets to a common data format for inspection to determine if they pose a security threat, and if they do not pose a threat, forward the data packets to their end device destinations.

7 Citations

View as Search Results

11 Claims

1. A plant communication network comprising:
- a plurality of end devices; and
  
  a plurality of multilayer switches connected to the end devices that direct transmission of data packets between the end devices, wherein each switch comprises;
  
  a plurality of communication ports for receiving and transmitting data packets in different data formats;
  
  a data format translator that receives data packets configured in different data formats via the ports and reconfigures the data to a common data format;
  
  an application aware engine that receives data packets in the common format and inspects content of the received packets at a plurality of OSI layers to determine if they represent a security threat; and
  
  a wire speed packet switch that directs packets, which the application aware engine determines do not represent a security threat, to their destinations;
  
  wherein the switches monitor signals transmitted over the network to determine if they exhibit temporal and/or spatial aberrations that indicates a security breach of the network.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The plant communication network according to claim 1 wherein if a security breach is indicated a switch of the plurality of switches generates a security alarm indicating a possible security breach.
  - 3. The plant communication network according to claim 2 wherein the switch of the plurality of switches that generates the security alarm transmits the security alarm to other switches of the plurality of switches.
  - 4. The plant communication network according to claim 3 wherein a switch that receives the security alarm initiates a protective action responsive to the security alarm.
  - 5. The plant communication network according to claim 2 and comprising a network management system (NMS) and the switch of the plurality of switches that generates the alarm transmits the alarm to the NMS.
  - 6. The plant communication network according to claim 5 wherein the NMS initiates protective action responsive to the security alarm.

7. A multilayer switch comprising:
- a plurality of communication ports for receiving and transmitting data packets in different data formats;
  
  a data format translator that receives data packets configured in different data formats via the ports and reconfigures the data to a common data format;
  
  an application aware engine that receives data packets in the common format and inspects content of the received packets at a plurality of OSI layers to determine if they represent a security threat; and
  
  a wire speed packet switch that directs packets, which the application aware engine determines do not represent a security threat, to their destinations;
  
  wherein the switch is configured to monitor signals transmitted over a network to which it is connected to determine if they exhibit temporal and/or spatial aberrations that indicates a security breach of the network.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The multilayer switch according to claim 7 wherein if a security breach is indicated the switch generates a security alarm indicating a possible security breach.
  - 9. The multilayer switch according to claim 8 wherein the switch that generates the security alarm transmits the security alarm to at least another multilayer switch connected to the network.
  - 10. The multilayer switch according to claim 9 wherein the switch is configured to initiate a protective action responsive to receiving a security alarm transmitted from another multilayer switch.
  - 11. The multilayer switch according to claim 8 wherein the switch that generates the security alarm transmits the security alarm to at a network management system (NMS) connected to the network, the NMS being configured to initiate protective action responsive to the security alarm.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Radiflow Ltd. (Haci Ömer Sabanci Holding AS)
Original Assignee
Radiflow Ltd. (Haci Ömer Sabanci Holding AS)
Inventors
BARDA, Ilan, HOREV, Rafi

Application Number

US14/660,958
Publication Number

US 20150195250A1
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G05B 19/418   Total factory control, i.e....

G06F 3/04817   using icons graphical or vi...

H04L 63/0236   Filtering by address, proto...

H04L 63/0245   Filtering by information in...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1441   Countermeasures against mal...

H04L 67/10   in which an application is ...

PLANT COMMUNICATION NETWORK

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

7 Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

PLANT COMMUNICATION NETWORK

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

7 Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links