Apparatus and method supporting wireless access to multiple security layers in an industrial control and automation system or other system

US 8,413,227 B2
Filed: 09/05/2008
Issued: 04/02/2013
Est. Priority Date: 09/28/2007
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving a message from a wireless leaf node at a first wireless node, the first wireless node connected to a first wired network, the first wired network associated with a first security layer;

using a tag to identify one or more security layers associated with the message;

determining whether to filter the message;

discarding the message if the message is to be filtered;

if the message is not to be filtered;

transmitting the message over the first wired network when at least one destination of the message is located in the first security layer, wherein the transmitting is based on the one or more identified security layers; and

wirelessly transmitting the message for delivery to a second wireless node when at least one destination of the message is located in a second security layer, the second wireless node associated with a second wired network, the second wired network associated with the second security layer, wherein the wirelessly transmitting is based on the one or more identified security layers;

receiving a second message from a mobile human-machine interface device; and

transmitting the received second message to a Demilitarized Zone (DMZ) for secure routing between two of the security layers;

wherein the first and second wired networks are coupled by a wired router; and

wherein determining whether to filter the message comprises determining whether to filter the message in order to avoid creation of a network loop.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method includes receiving a message at a first wireless node. The first wireless node is associated with a first wired network, and the first wired network is associated with a first security layer. The method also includes transmitting the message over the first wired network when at least one destination of the message is located in the first security layer. The method further includes wirelessly transmitting the message for delivery to a second wireless node when at least one destination of the message is located in a second security layer. The second wireless node is associated with a second wired network, and the second wired network is associated with the second security layer. The first and second security layers may be associated with different security paradigms and/or different security domains. Also, the message could be associated with destinations in the first and second security layers.

60 Citations

View as Search Results

23 Claims

1. A method comprising:
- receiving a message from a wireless leaf node at a first wireless node, the first wireless node connected to a first wired network, the first wired network associated with a first security layer;
  
  using a tag to identify one or more security layers associated with the message;
  
  determining whether to filter the message;
  
  discarding the message if the message is to be filtered;
  
  if the message is not to be filtered;
  
  transmitting the message over the first wired network when at least one destination of the message is located in the first security layer, wherein the transmitting is based on the one or more identified security layers; and
  
  wirelessly transmitting the message for delivery to a second wireless node when at least one destination of the message is located in a second security layer, the second wireless node associated with a second wired network, the second wired network associated with the second security layer, wherein the wirelessly transmitting is based on the one or more identified security layers;
  
  receiving a second message from a mobile human-machine interface device; and
  
  transmitting the received second message to a Demilitarized Zone (DMZ) for secure routing between two of the security layers;
  
  wherein the first and second wired networks are coupled by a wired router; and
  
  wherein determining whether to filter the message comprises determining whether to filter the message in order to avoid creation of a network loop.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 19, 20, 21, 22, 23)
- - 2. The method of claim 1, wherein at least one of:
    - the first and second security layers are associated with different security paradigms; and
      
      the first and second security layers are associated with different security domains.
  - 3. The method of claim 1, wherein the message is associated with at least one destination located in the first security layer and at least one destination located in the second security layer.
  - 4. The method of claim 1, further comprising:
    - using the tag and other contents of the message to identify the one or more security layers associated with the message.
  - 5. The method of claim 4, wherein using the tag and the other contents of the message to identify the one or more security layers comprises:
    - determining that the message is associated with a lower security layer in a process control network when the message comprises process variable data from the wireless leaf node; and
      
      determining that the message is associated with a higher security layer in a business network when the message comprises diagnostic data from the wireless leaf node.
  - 6. The method of claim 1, wherein wirelessly transmitting the message for delivery to the second wireless node comprises one of:
    - wirelessly transmitting the message directly to the second wireless node; and
      
      wirelessly transmitting the message indirectly to the second wireless node through one or more intermediate wireless nodes.
  - 7. The method of claim 1, wherein determining whether to filter the message further comprises blocking one or more specified types of messages.
  - 8. The method of claim 7, wherein:
    - the first wired network comprises a redundant pair of wired networks; and
      
      the one or more specified types of messages comprise heartbeat traffic associated with the redundant pair of wired networks.
  - 19. The method of claim 1, further comprising:
    - identifying, at the first wireless node, whether contents of the message include one of process values and diagnostic information from the wireless leaf node;
      
      if the message contains process values, transmitting the message from the first wireless node to a lower security layer in a process control network; and
      
      if the message contains diagnostic information, transmitting the message from the first wireless node to a higher security layer in a business network.
  - 20. The method of claim 1, wherein the first wireless node separates messages for different network levels using the tag and multiple virtual local area networks.
  - 21. The method of claim 1, wherein the second message comprises a read/write request from the mobile human-machine interface device.
  - 22. The method of claim 1, further comprising:
    - generating the tag using data inserted into the message by the wireless leaf node.
  - 23. The method of claim 1, wherein determining whether to filter the message comprises determining whether the message is a copy of another message received at the first wireless node.

9. An apparatus comprising:
- a wired network interface configured to communicate over a first wired network, the first wired network associated with a first security layer;
  
  a wireless network interface configured to communicate over a wireless network; and
  
  a controller configured to;
  
  receive a message from a wireless leaf node through the wireless network interface;
  
  identify one or more security layers associated with the message;
  
  determine whether to filter the message;
  
  discard the message if the message is to be filtered;
  
  if the message is not to be filtered;
  
  based on the one or more identified security layers, initiate transmission of the message by the wired network interface over the first wired network when at least one destination is located in the first security layer; and
  
  based on the one or more identified security layers, initiate transmission of the message by the wireless network interface over the wireless network when at least one destination of the message is located in a second security layer associated with a second wired network;
  
  receive a second message from a mobile human-machine interface device; and
  
  transmit the received second message to a Demilitarized Zone (DMZ) for secure routing between two of the security layers;
  
  wherein the controller is configured to determine whether to filter the message by determining whether to filter the message in order to avoid creation of a network loop when the first and second wired networks are coupled by a wired router.
- View Dependent Claims (10, 11, 12)
- - 10. The apparatus of claim 9, wherein the wireless network interface is configured to transmit the message to a second apparatus associated with the second wired network.
  - 11. The apparatus of claim 9, wherein the controller is configured to determine whether the message has at least one destination located in the first security layer using the tag and at least one of:
    - the at least one destination of the message and contents of the message.
  - 12. The apparatus of claim 9, wherein:
    - the wired network interface comprises two Ethernet interfaces configured to communicate over a redundant pair of wired Ethernet networks; and
      
      the wireless network interface comprises multiple wireless transceivers, each of the wireless transceivers configured to communicate with different types of wireless devices.

13. A system comprising:
- multiple security layers, the security layers associated with multiple wired networks; and
  
  multiple gateway nodes, each gateway node coupled to one of the wired networks and associated with one of the security layers, wherein each of the gateway nodes is configured to;
  
  receive a message from a wireless leaf node;
  
  use a tag to identify one or more of the security layers associated with the message;
  
  determine whether to filter the message;
  
  discard the message if the message is to be filtered;
  
  if the message is not to be filtered;
  
  based on the one or more identified security layers, transmit the message over its associated wired network when at least one destination of the message is located in its associated security layer; and
  
  based on the one or more identified security layers, wirelessly transmit the message for delivery to another of the gateway nodes when at least one destination of the message is located in a different one of the security layers;
  
  receive a second message from a mobile human-machine interface device; and
  
  transmit the received second message to a Demilitarized Zone (DMZ) for secure routing between two of the security layers;
  
  wherein each gateway is configured to determine whether to filter the message by determining whether to filter the message in order to avoid creation of a network loop when at least two of the wired networks are coupled by a wired router.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The system of claim 13, wherein at least one of:
    - at least some of the security layers are associated with different security paradigms; and
      
      at least some of the security layers are associated with different security domains.
  - 15. The system of claim 13, further comprising:
    - multiple wireless leaf nodes configured to provide multiple messages to the gateway nodes.
  - 16. The system of claim 15, wherein:
    - at least one of the gateway nodes and the leaf nodes is configured to identify one or more security layers associated with each message; and
      
      the gateway nodes are configured to route the messages based on the one or more identified security layers for each message.
  - 17. The system of claim 13, wherein at least two of the gateway nodes are coupled to a common one of the wired networks and are configured to be active at a common time.

18. A non-transitory computer readable medium embodying a computer program, the computer program comprising:
- computer readable program code for receiving a message from a wireless leaf node at a first wireless node, the first wireless node connected to a first wired network, the first wired network associated with a first security layer;
  
  computer readable program code for using a tag to identify one or more security layers associated with the message;
  
  computer readable program code for determining whether to filter the message;
  
  computer readable program code for discarding the message if the message is to be filtered;
  
  computer readable program code for, if the message is not to be filtered;
  
  initiating, based on the one or more identified security layers, transmission of the message over the first wired network when at least one destination of the message is located in the first security layer; and
  
  initiating, based on the one or more identified security layers, wireless transmission of the message for delivery to a second wireless node when at least one destination of the message is located in a second security layer, the second wireless node associated with a second wired network, the second wired network associated with the second security layer;
  
  computer readable program code for receiving a second message from a mobile human-machine interface device; and
  
  computer readable program code for transmitting the received second message to a Demilitarized Zone (DMZ) for secure routing between two of the security layers;
  
  wherein the computer readable program code for determining whether to filter the message comprises computer readable program code for determining whether to filter the message in order to avoid creation of a network loop when the first and second wired networks are coupled by a wired router.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Honeywell International Inc.
Original Assignee
Honeywell International Inc.
Inventors
Chen, Yu-Gene T.
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
Sanders, Stephen

Application Number

US12/205,156
Publication Number

US 20090086692A1
Time in Patent Office

1,670 Days
Field of Search

726/13
US Class Current

726/13
CPC Class Codes

H04L 63/105   Multiple levels of security

H04L 67/10   in which an application is ...

H04L 67/12   specially adapted for propr...

H04W 12/086   using security domains

H04W 12/088   using filters or firewalls

Apparatus and method supporting wireless access to multiple security layers in an industrial control and automation system or other system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

60 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Apparatus and method supporting wireless access to multiple security layers in an industrial control and automation system or other system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

60 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links