Process installation network intrusion detection and prevention
First Claim
Patent Images
1. A process communication device comprising:
- a process communication interface configured to communicate with at least one field device on a process communication loop in accordance with a process communication protocol;
a controller coupled to the process communication interface;
a rules store coupled to the controller, the rules store having at least one process communication packet rule that is based on the process communication protocola device description store coupled to the controller, the device description store having at least one device description related to a process variable measured by the at least one field device and wherein the at least one field device is described by the at least one device description stored in the device description store; and
wherein the controller applies the at least one process communication packet rule and the at least one device description to at least one process communication packet received from the process communication interface, and generates event information when a process communication packet fails the at least one process communication packet rule or if the at least one communication packet is not in accordance with the at least one device description for the at least one field device; and
a network interface coupled to the controller, wherein the controller is configured to forward the process communication packet through the network interface if the process communication packet passes all process communication packet rules.
1 Assignment
0 Petitions
Accused Products
Abstract
A process communication device includes a process communication interface for communicating on a process communication loop in accordance with a process communication protocol. A controller is coupled to the process communication interface. A rules store is coupled to the controller, and has at least one process communication packet rule that is based on the process communication protocol. The controller applies the at least one process communication packet rule to at least one process communication packet received from the process communication interface, and generates event information when a process communication packet fails at least one process communication packet rule.
19 Citations
16 Claims
-
1. A process communication device comprising:
-
a process communication interface configured to communicate with at least one field device on a process communication loop in accordance with a process communication protocol; a controller coupled to the process communication interface; a rules store coupled to the controller, the rules store having at least one process communication packet rule that is based on the process communication protocol a device description store coupled to the controller, the device description store having at least one device description related to a process variable measured by the at least one field device and wherein the at least one field device is described by the at least one device description stored in the device description store; and wherein the controller applies the at least one process communication packet rule and the at least one device description to at least one process communication packet received from the process communication interface, and generates event information when a process communication packet fails the at least one process communication packet rule or if the at least one communication packet is not in accordance with the at least one device description for the at least one field device; and a network interface coupled to the controller, wherein the controller is configured to forward the process communication packet through the network interface if the process communication packet passes all process communication packet rules. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method of providing process communication protection, the method comprising;
-
obtaining at least one process communication packet sent from a field device in accordance with a process communication protocol; applying at least one rule against the process communication packet, wherein the at least one rule is based on the process communication protocol; applying at least a second rule against the process communication packet, wherein the at least a second rule is based upon a device description for the field device related to a process variable measured by the at least one field device; and determining an event based on whether the at least one process communication packet passed each of the at least one rule and at least a second rule; and selectively forwarding the at least one process communication packet based on whether the at least one process communication packet passed each of the at least one rule. - View Dependent Claims (13)
-
-
14. A process communication device comprising:
-
a process communication interface configured to communicate with at least one process device on a process communication loop in accordance with a process communication protocol; a controller coupled to the process communication interface; a device description store coupled to the controller, the device description store having at least one process communication packet rule that is based on a device description related to a process variable measured by the at least one field device for the at least one process device; and wherein the controller applies the at least one process communication packet rule to at least one process communication packet received from the process communication interface, and generates event information when a process communication packet fails at least one process communication packet rule; and a network interface coupled to the controller, wherein the controller is configured to forward the process communication packet through the network interface if the process communication packet passes all process communication packet rules.
-
-
15. A method of providing process communication protection, the method comprising;
-
obtaining at least one process communication packet in accordance with a process communication protocol, wherein the at least one process communication packet carries communication to or from at least one field device; retrieving a device description from a device description store in a process communication security device which describes the at least one field device related to a process variable measured by the at least one field device; applying at least one rule against the process communication packet, wherein the at least one rule is based the retrieved device description; determining an event based on whether the at least one process communication packet passed each of the at least one rule; and selectively forwarding the at least one process communication packet based on whether the at least one process communication packet passed each of the at least one rule. - View Dependent Claims (16)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeRosemount Incorporated (Emerson Electric Company)
-
Original AssigneeRosemount Incorporated (Emerson Electric Company)
-
InventorsRotvold, Eric D., Potter, Jeff D.
-
Primary Examiner(s)Khajuria, Shripal
-
Assistant Examiner(s)Choudhury, Faisal
-
Application NumberUS13/272,394Publication NumberTime in Patent Office1,594 DaysField of Search370/389US Class Current1/1CPC Class CodesH04L 63/0245 Filtering by information in...H04L 63/0281 ProxiesH04L 63/1416 Event detection, e.g. attac...H04L 67/12 specially adapted for propr...H04L 67/303 Terminal profilesH04W 12/122 Counter-measures against at...H04W 12/125 Protection against power ex...H04W 84/18 Self-organising networks, e...
