Industrial protocol system authentication and firewall
First Claim
1. An industrial controller with a processor executing a program stored in a non-transitory computer-readable storage medium wherein the program instructs the processor to perform the following steps:
- (a) in response to a transaction request to the industrial controller from a client device, determine if an authenticated common industrial protocol (CIP) connection has been established with the client device, and allow further access to the industrial controller by the client device if an authenticated CIP connection has been established;
(b) if an authenticated CIP connection has not been established, randomly generate an exchange key and send the exchange key to the client device in response to the transaction request;
(c) combine the exchange key with a locally stored pass key to produce an authentication code; and
(d) compare a challenge key received from the client device to the authentication code to determine a match between the challenge key and the authentication code;
wherein a successful match between the challenge key and the authentication code allows the client device to further access the industrial controller using a CIP connection.
1 Assignment
0 Petitions
Accused Products
Abstract
Aspects of the present invention provide machines, systems, and methods in which industrial control systems may be secured from compromise and/or disruption via authentication and firewall. In particular, an industrial controller may: randomly generate an exchange key and send the exchange key to a client device in response to a transaction request originating from the client device; combine the exchange key with a locally stored pass key to produce an authentication code; and compare a challenge key received from the client device to the authentication code to determine a match between the challenge key and the authentication code. A successful match between the challenge key and the authentication code may allow the client device to further access the industrial controller using a common industrial protocol (CIP), and a failed match between the challenge key and the authentication code may prevent the client device from further access to the industrial controller.
9 Citations
20 Claims
-
1. An industrial controller with a processor executing a program stored in a non-transitory computer-readable storage medium wherein the program instructs the processor to perform the following steps:
-
(a) in response to a transaction request to the industrial controller from a client device, determine if an authenticated common industrial protocol (CIP) connection has been established with the client device, and allow further access to the industrial controller by the client device if an authenticated CIP connection has been established; (b) if an authenticated CIP connection has not been established, randomly generate an exchange key and send the exchange key to the client device in response to the transaction request; (c) combine the exchange key with a locally stored pass key to produce an authentication code; and (d) compare a challenge key received from the client device to the authentication code to determine a match between the challenge key and the authentication code; wherein a successful match between the challenge key and the authentication code allows the client device to further access the industrial controller using a CIP connection. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A secure method for communicating with an industrial controller comprising:
-
(a) in response to a transaction request to the industrial controller from a client device, determining if an authenticated common industrial protocol (CIP) connection has been established with the client device, and allowing further access to the industrial controller by the client device if an authenticated CIP connection has been established; (b) if an authenticated CIP connection has not been established, randomly generating an exchange key and sending the exchange key to the client device in response to the transaction request; (c) combining the exchange key with a locally stored pass key to produce an authentication code; (d) comparing a challenge key received from the client device to the authentication code to determining a match between the challenge key and the authentication code; and (e) allowing the client device to further access the industrial controller using a CIP connection following a successful match between the challenge key and the authentication code. - View Dependent Claims (20)
-
Specification