Removable security modules and related methods
First Claim
Patent Images
1. A removable security module for use with a first process control device and a second process control device, comprising:
- a body to be removably coupled to the first process control device or the second process control device;
a memory disposed in the body, the memory to store a first secret; and
a processing unit disposed in the body and coupled to the memory, the processing unit to;
read authentication information from the first process control device;
perform a comparison to compare the authentication information to the first secret;
authenticate the first process control device based on the comparison;
determine whether a request or command associated with a first operator has been received;
generate and provide a second secret to a second operator;
receive an action from the second operator to return the second secret to the first operator or to the security module;
authorize the first control device to process the request or command when the second secret is returned; and
enable the second process control device to operate after being coupled to the module after the module is removed from the first process control device without authenticating the second process control device.
1 Assignment
0 Petitions
Accused Products
Abstract
Example removable security modules for use with process control devices and related methods are disclosed. An example removable security module includes a body configured to be removably coupled to the process control device and a memory disposed in the body with a shared secret stored in the memory. The example removable security module also includes a processing unit disposed in the body, coupled to the memory and configured to read information from the process control device, compare the information to the shared secret and authenticate the process control device based on the comparison.
-
Citations
30 Claims
-
1. A removable security module for use with a first process control device and a second process control device, comprising:
-
a body to be removably coupled to the first process control device or the second process control device; a memory disposed in the body, the memory to store a first secret; and a processing unit disposed in the body and coupled to the memory, the processing unit to; read authentication information from the first process control device; perform a comparison to compare the authentication information to the first secret; authenticate the first process control device based on the comparison; determine whether a request or command associated with a first operator has been received; generate and provide a second secret to a second operator; receive an action from the second operator to return the second secret to the first operator or to the security module; authorize the first control device to process the request or command when the second secret is returned; and enable the second process control device to operate after being coupled to the module after the module is removed from the first process control device without authenticating the second process control device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A plurality of removable security modules for use with a process control device in a process system, wherein each of the modules comprises:
-
a body to be removably coupled to the process control device; a memory disposed in the body, the memory to store a first secret; and a processing unit disposed in the body and coupled to the memory, the processing unit to; read authentication information from the process control device; perform a comparison to compare the authentication information to the first secret; authenticate the process control device based on the comparison; determine whether a communication associated with a first operator has been received; generate and provide a second secret to a second operator; receive an action from the second operator to return the second secret to the first operator or to the security module; authorize the process control device to process the communication when the second secret is returned; and change an authorization setting for other devices to communicate with the process control device without modifying the software of the process control device, wherein the authorization setting is to prevent the process control device from processing an unauthorized communication. - View Dependent Claims (14, 15, 16, 17, 18, 19, 26)
-
-
20. A method of securing a process control device with a removable security module, the method comprising:
-
reading authentication information in the process control device via a first security module; performing a comparison to compare the authentication information to a first secret stored in a memory of the first security module; authenticating the process control device and providing a first security measure to the process control device based on the comparison via the first security module; determining whether a communication associated with a first operator has been received; generating and providing a second secret to a second operator; receiving an action from the second operator to return the second secret to the first operator or to the first security module; authorizing the process control device to process the communication when the second secret is returned; removing the first security module; and providing a second security measure to the process control device via a second security module coupled to the process control device without re-authenticating the process control device. - View Dependent Claims (21, 22, 23, 24, 25, 30)
-
-
27. A distributed process control system comprising:
-
a plurality of process control devices, wherein each of the process control devices includes software; a first removable security module having a first processor to; read authentication information from at least one of the process control devices; perform a comparison to compare the authentication information to a first secret; authenticate the at least one of the process control devices based on the comparison; authorize one or more applications for use with the at least one of the process control devices; and prevent first unauthorized communications to the at least one of the process control devices with a first security measure; and a second removable security module having a second processor to prevent second unauthorized communications to the at least one of the process control devices with a second security measure without the second processor reconfiguring the software of the at least one of the process control devices, wherein the first processor or the second processor is to determine whether a two-person authorization of one or more applications is needed, wherein at least one of the first processor or the second processor performs the two-person authorization by; determining whether a communication associated with a first person has been received; generating and providing a second secret to a second person; receiving an action from the second person to return the second secret to the first person or to the corresponding removable security module; and authorizing the at least one of the process control devices to process the communication when the second secret is returned. - View Dependent Claims (28, 29)
-
Specification