Industrial protocol system authentication and firewall
First Claim
1. An industrial controller comprising a processor executing a program stored in a non-transitory computer-readable storage medium operable to:
- determine whether an authenticated network connection has been established between the industrial controller and a client device; and
if an authenticated network connection has been established, allow the client device to access to the industrial controller, and if an authenticated network connection has not been established;
(a) randomly generate an exchange key;
(h) send the exchange key to the client device;
(c) combine the exchange key with a locally stored pass key to produce an authentication code;
(d) compare a challenge key received from the client device to the authentication code to determine whether a match between the challenge key and the authentication code exists; and
(e) if a match between the challenge key and the authentication code exists, allow the client device to access to the industrial controller.
1 Assignment
0 Petitions
Accused Products
Abstract
Aspects of the present invention provide machines, systems, and methods in which industrial control systems may be secured from compromise and/or disruption via authentication and firewall. In particular, an industrial controller may: randomly generate an exchange key and send the exchange key to a client device in response to a transaction request originating from the client device; combine the exchange key with a locally stored pass key to produce an authentication code; and compare a challenge key received from the client device to the authentication code to determine a match between the challenge key and the authentication code. A successful match between the challenge key and the authentication code may allow the client device to further access the industrial controller using a common industrial protocol (CIP), and a failed match between the challenge key and the authentication code may prevent the client device from further access to the industrial controller.
-
Citations
20 Claims
-
1. An industrial controller comprising a processor executing a program stored in a non-transitory computer-readable storage medium operable to:
-
determine whether an authenticated network connection has been established between the industrial controller and a client device; and if an authenticated network connection has been established, allow the client device to access to the industrial controller, and if an authenticated network connection has not been established; (a) randomly generate an exchange key; (h) send the exchange key to the client device; (c) combine the exchange key with a locally stored pass key to produce an authentication code; (d) compare a challenge key received from the client device to the authentication code to determine whether a match between the challenge key and the authentication code exists; and (e) if a match between the challenge key and the authentication code exists, allow the client device to access to the industrial controller. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A secure method for communicating with an industrial controller comprising:
-
determining whether an authenticated network connection has been established between the industrial controller and a client device; and if an authenticated network connection has been established, allowing the client device to access to the industrial controller, and if an authenticated network connection has not been established; (a) randomly generating an exchange key; (b) sending the exchange key to the client device; (c) combining the exchange key with a locally stored pass key to produce an authentication code; (d) comparing a challenge key received from the client device to the authentication code to determine whether a match between the challenge key and the authentication code exists; and (e) if a match between the challenge key and the authentication code exists, allowing the client device to access to the industrial controller. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
-
17. A programmable logic controller (PLC) for controlling an industrial process or machine, the PLC comprising a processor executing a program stored in a non-transitory computer-readable storage medium operable to:
- in response to a transaction request from a client device over a network, determine whether an authenticated network connection has been established between the PLC and the client device; and
if an authenticated network connection has been established, allow the client device to access to the PLC, and if an authenticated network connection has not been established; (a) randomly generate an exchange key; (b) send the exchange key to the client device; (c) combine the exchange key with a locally stored pass key to produce an authentication code; (d) compare a challenge key received from the client device to the authentication code to determine whether a match between the challenge key and the authentication code exists; and (e) if a match between the challenge key and the authentication code exists, allow the client device to access to the PLC. - View Dependent Claims (18, 19, 20)
- in response to a transaction request from a client device over a network, determine whether an authenticated network connection has been established between the PLC and the client device; and
Specification