INDUSTRIAL SECURITY AGENT PLATFORM
First Claim
1. A system comprising:
- an industrial control network;
one or more controller devices, each controller device operable to control one or more operational devices connected to the industrial control network;
one or more emulators, each emulator configured to communicate with a respective controller device, and each emulator configured to reference a respective profile that includes information about security capabilities of the respective controller device; and
an encryption relay processor operable to facilitate communication to and from each emulator over the industrial control network, the encryption relay processor executing a cryptographic function for a communication between the emulator and a node on the industrial control network when the respective controller device is incapable of performing the cryptographic function.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems, methods, and apparatus, including computer programs encoded on computer storage media, for facilitating communication in an industrial control network. A system includes an industrial control network, one or more controller devices, one or more emulators, and an encryption relay processor. Each controller device can be operable to control one or more operational devices connected to the industrial control network. Each emulator can be configured to communicate with a respective controller device, and each emulator can be configured to reference a respective profile that includes information about security capabilities of the respective controller device. The encryption relay processor can be operable to facilitate communication to and from each emulator over the industrial control network. The encryption relay processor can execute a cryptographic function for a communication between the emulator and a node on the industrial control network when the respective controller device is incapable of performing the cryptographic function.
144 Citations
20 Claims
-
1. A system comprising:
-
an industrial control network; one or more controller devices, each controller device operable to control one or more operational devices connected to the industrial control network; one or more emulators, each emulator configured to communicate with a respective controller device, and each emulator configured to reference a respective profile that includes information about security capabilities of the respective controller device; and an encryption relay processor operable to facilitate communication to and from each emulator over the industrial control network, the encryption relay processor executing a cryptographic function for a communication between the emulator and a node on the industrial control network when the respective controller device is incapable of performing the cryptographic function. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer-implemented method for facilitating communication in an industrial control network, the method being executed by one or more processors and comprising:
-
receiving, from a site security server, an encrypted query for a controller device; determining that the controller device is incapable of performing a cryptographic operation; after determining that the controller device is incapable of performing a cryptographic operation, decrypting the query for the controller device and providing the decrypted query to the controller device; in response to receiving an unencrypted query response from the controller device, encrypting the query response; and providing the encrypted query response to the site security server. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A non-transitory computer-readable storage medium coupled to one or more processors and having instructions stored thereon which, when executed by the one or more processors, cause the one or more processors to perform operations for facilitating communication in an industrial control network, the operations comprising:
-
receiving, from a site security server, an encrypted query for a controller device; determining that the controller device is incapable of performing a cryptographic operation; after determining that the controller device is incapable of performing a cryptographic operation, decrypting the query for the controller device and providing the decrypted query to the controller device; in response to receiving an unencrypted query response from the controller device, encrypting the query response; and providing the encrypted query response to the site security server. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification