REAL-TIME INDUSTRIAL FIREWALL
First Claim
1. A system that provides secure communication between an automation control network and devices external thereto, comprising:
- a monitoring component that inspects at least a portion of an instance of electronic communication to or from an automation control network and a network external thereto; and
a filtering component that selectively admits or denies propagation of the instance of electronic communication based on the inspection, an application-level communication security criterion, and information specified in a related request or response communication compliant with the security criterion.
1 Assignment
0 Petitions
Accused Products
Abstract
Providing for employing a real time firewall to secure components of an automation control network from unauthorized communication to or from such components is disclosed herein. A monitoring component can inspect at least a portion of an instance of communication directed toward or originating from a component of the automation control network. Such inspection can, e.g., be a deep packet inspection based on information received from a communication request and/or response protocol. A filtering component can selectively admit or deny propagation of the instance of communication based on the inspection and a predetermined security criterion. In such a manner, the subject innovation can provide for limited access to network components from office network machines and for securing components of an automation control network from influence by unauthorized entities.
91 Citations
20 Claims
-
1. A system that provides secure communication between an automation control network and devices external thereto, comprising:
-
a monitoring component that inspects at least a portion of an instance of electronic communication to or from an automation control network and a network external thereto; and a filtering component that selectively admits or denies propagation of the instance of electronic communication based on the inspection, an application-level communication security criterion, and information specified in a related request or response communication compliant with the security criterion. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A system that facilitates secure configuration and control of components of an automation network, comprising:
-
means for addressing a component of an automation network, that establishes a tiered command structure mapped to functions, capabilities, parameters, or diagnostics of the component, or combinations thereof, and means for rejecting communication that terminates a data packet routed to the component of the automation network and containing at least a portion of information related to the tiered command structure, if the data packet does not comply with a security policy. - View Dependent Claims (13, 14, 15, 16)
-
-
17. A method for protecting components of an automation control network from unauthorized communication or interference, comprising:
-
establishing at least one application-level relationship between a device external to and components of an automation control network; employing a value of a communication request as a signature for deep packet inspection of a data packet related to the request, inbound to the automation control network or a component thereof, and discarding the data packet if the deep packet inspection indicates the packet is not legitimate. - View Dependent Claims (18, 19, 20)
-
Specification