INDUSTRIAL SECURITY AGENT PLATFORM

US 20160087958A1
Filed: 08/28/2015
Published: 03/24/2016
Est. Priority Date: 09/23/2014
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

an enterprise network;

one or more operational technology networks, each operational technology network including one or more controller devices, each controller device operable to control one or more operational devices within an operational technology network;

for each of the one or more operational technology networks, a respective site security server and a respective security relay server, the security relay server operable to facilitate secure communication between the one or more controller devices of the operational technology network and its corresponding site security server; and

a management server, the management server being a node on the enterprise network and being operable to communicate with each site security server.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems, methods, and apparatus, including computer programs encoded on computer storage media, for facilitating secure communication. A system for facilitating secure communication includes an enterprise network, one or more operational technology networks, and a management server. Each of the operational technology networks can include one or more controller devices operable to control one or more operational devices, and can include a respective site security server and a respective security relay server. The security relay server can be operable to facilitate secure communication between controller devices of the operational technology network and its corresponding site security server. The management server can be a node on the enterprise network and can be operable to communicate with each site security server.

89 Citations

View as Search Results

20 Claims

1. A system comprising:
- an enterprise network;
  
  one or more operational technology networks, each operational technology network including one or more controller devices, each controller device operable to control one or more operational devices within an operational technology network;
  
  for each of the one or more operational technology networks, a respective site security server and a respective security relay server, the security relay server operable to facilitate secure communication between the one or more controller devices of the operational technology network and its corresponding site security server; and
  
  a management server, the management server being a node on the enterprise network and being operable to communicate with each site security server.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The system of claim 1, wherein each security relay server is a node on its respective operational technology network, and wherein each site security server is a node on a perimeter network.
  - 3. The system of claim 1, wherein each site security sever includes a dedicated port for communication with the management server.
  - 4. The system of claim 1, wherein communication between each site security server and the management server is encrypted.
  - 5. The system of claim 1, wherein the management server is operable to aggregate information from each of the operational technology networks.
  - 6. The system of claim 1, wherein the management server is operable to provide configuration data to each of the controller devices of each of the operational technology networks.

7. A computer-implemented method for facilitating secure communication, the method being executed by one or more processors and comprising:
- providing, for presentation at an interface device, identification information related to controller devices of an operational technology network;
  
  receiving, from the interface device, a request for additional information related to each controller device of a selected subset of controller devices of the operational technology network;
  
  for each controller device of the selected subset of controller devices, generating a query corresponding to the request for additional information, including translating the request for additional information into a query format that is recognizable by the controller device;
  
  encrypting the generated query and providing the encrypted query to a security relay server for the selected subset of controller devices;
  
  receiving encrypted additional information related to the selected subset of controller devices, from the security relay server; and
  
  decrypting and providing additional information related to the selected subset of controller devices for presentation at the interface device.
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. The computer-implemented method of claim 7, further comprising authenticating a user of the interface device, wherein providing identification information for presentation at the interface device includes providing information related to controller devices for which user access is authenticated.
  - 9. The computer-implemented method of claim 7, wherein the request for additional information related to the selected subset of controller devices of the operational technology network is a request for production activity.
  - 10. The computer-implemented method of claim 7, wherein generating the query corresponding to the request for additional information includes examining content associated with the request and validating the request.
  - 11. The computer-implemented method of claim 7, wherein the encrypted query is provided to the security relay server through a firewall.
  - 12. The computer-implemented method of claim 7, wherein the encrypted additional information related to the selected subset of controller devices is received from the security relay server through a firewall.
  - 13. The computer-implemented method of claim 7, further comprising aggregating the additional information related to the selected subset of controller devices and providing aggregated additional information for presentation at the interface device.

14. A non-transitory computer-readable storage medium coupled to one or more processors and having instructions stored thereon which, when executed by the one or more processors, cause the one or more processors to perform operations for facilitating secure communication, the operations comprising:
- providing, for presentation at an interface device, identification information related to controller devices of an operational technology network;
  
  receiving, from the interface device, a request for additional information related to each controller device of a selected subset of controller devices of the operational technology network;
  
  for each controller device of the selected subset of controller devices, generating a query corresponding to the request for additional information, including translating the request for additional information into a query format that is recognizable by the controller device;
  
  encrypting the generated query and providing the encrypted query to a security relay server for the selected subset of controller devices;
  
  receiving encrypted additional information related to the selected subset of controller devices, from the security relay server; and
  
  decrypting and providing additional information related to the selected subset of controller devices for presentation at the interface device.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The non-transitory computer-readable storage medium of claim 14, the operations further comprising authenticating a user of the interface device, wherein providing identification information for presentation at the interface device includes providing information related to controller devices for which user access is authenticated.
  - 16. The non-transitory computer-readable storage medium of claim 14, wherein the request for additional information related to the selected subset of controller devices of the operational technology network is a request for production activity.
  - 17. The non-transitory computer-readable storage medium of claim 14, wherein generating the query corresponding to the request for additional information includes examining content associated with the request and validating the request.
  - 18. The non-transitory computer-readable storage medium of claim 14, wherein the encrypted query is provided to the security relay server through a firewall.
  - 19. The non-transitory computer-readable storage medium of claim 14, wherein the encrypted additional information related to the selected subset of controller devices is received from the security relay server through a firewall.
  - 20. The non-transitory computer-readable storage medium of claim 14, the operations further comprising aggregating the additional information related to the selected subset of controller devices and providing aggregated additional information for presentation at the interface device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Accenture Global Services Limited (Accenture PLC)
Original Assignee
Accenture Global Services Limited (Accenture PLC)
Inventors
Negm, Walid, Solderitsch, James J., Modi, Shimon, Luo, Song, Mulchandani, Shaan, Hassanzadeh, Amin

Granted Patent

US 9,870,476 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/602   Providing cryptographic fac...

H04L 2209/76   Proxy, i.e. using intermedi...

H04L 63/0209   Architectural arrangements,...

H04L 63/08   for authentication of entit...

H04L 63/10   for controlling access to d...

H04L 63/20   for managing network securi...

H04L 9/0894   Escrow, recovery or storing...

INDUSTRIAL SECURITY AGENT PLATFORM

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

89 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

INDUSTRIAL SECURITY AGENT PLATFORM

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

89 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links