OPERATOR ACTION AUTHENTICATION IN AN INDUSTRIAL CONTROL SYSTEM

US 20150046697A1
Filed: 10/20/2014
Published: 02/12/2015
Est. Priority Date: 08/06/2013
Status: Active Grant

First Claim

Patent Images

1. A secure industrial control system, comprising:

an action originator;

an action authenticator configured to sign an action request generated by the action originator; and

a communications/control module in communication with one or more industrial elements, the communications/control module being configured to receive the signed action request, verify the authenticity of the signed action request, and perform a requested action when the authenticity of the signed action request is verified.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Operator actions and/or other commands or requests are secured via an authentication path from an action originator to a communications/control module or any other industrial element/controller. In implementations, an industrial control system includes an action authenticator configured to sign an action request generated by the action originator. The destination communications/control module or any other industrial element/controller is configured to receive the signed action request, verify the authenticity of the signed action request, and perform a requested action when the authenticity of the signed action request is verified.

104 Citations

View as Search Results

20 Claims

1. A secure industrial control system, comprising:
- an action originator;
  
  an action authenticator configured to sign an action request generated by the action originator; and
  
  a communications/control module in communication with one or more industrial elements, the communications/control module being configured to receive the signed action request, verify the authenticity of the signed action request, and perform a requested action when the authenticity of the signed action request is verified.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 14, 15, 16)
- - 2. The industrial control system of claim 1, wherein the action originator comprises at least one of:
    - an operator interface;
      
      an engineering interface;
      
      a local application interface;
      
      or a remote application interface.
  - 3. The secure industrial control system of claim 1, wherein the action authenticator comprises a portable encryption device including:
    - a storage medium with a private key stored thereon; and
      
      a processor configured to sign the action request with the private key.
  - 4. The secure industrial control system of claim 3, wherein the processor comprises an encrypted microprocessor.
  - 5. The secure industrial control system of claim 3, wherein the portable encryption device comprises a smart card.
  - 6. The secure industrial control system of claim 1, wherein the action authenticator comprises a secured workstation.
  - 7. The secure industrial control system of claim 6, wherein the secured workstation is accessible via at least one of:
    - a physical key;
      
      a portable encryption device;
      
      or a biometric cryptography device.
  - 8. The secure industrial control system of claim 1, wherein the action authenticator comprises a device lifecycle management system.
  - 9. The secure industrial control system of claim 1, wherein the action authenticator is further configured to encrypt the action request.
  - 10. The secure industrial control system of claim 1, wherein the communications/control module incudes:
    - a processor; and
      
      a virtual key switch that enables the processor to run the action request when the authenticity of the signed action request is verified.
  - 11. The secure industrial control system of claim 1, wherein the communications/control module and the action authenticator are further configured to perform an authentication sequence.
  - 12. The secure industrial control system of claim 1, wherein the one or more industrial elements include at least one of:
    - a communications/control module;
      
      an input/output module;
      
      a power module;
      
      a field device;
      
      a switch;
      
      a workstation;
      
      or a physical interconnect device.
  - 14. The communications/control module of claim 11, further comprising:
    - a virtual key switch that enables the processor to run the action request when the authenticity of the signed action request is verified.
  - 15. The communications/control module of claim 11, wherein the set of instructions further includes instructions to decrypt the signed action request.
  - 16. The communications/control module of claim 11, wherein the instructions to perform the requested action when the authenticity of the signed action request is verified include:
    - instructions to control a communicatively coupled industrial element including at least one of;
      
      a communications/control module;
      
      an input/output module;
      
      a power module;
      
      a field device;
      
      a switch;
      
      a workstation;
      
      or a physical interconnect device.

13. A communications/control module, comprising:
- at least one processor; and
  
  a non-transitory medium bearing a set of instructions executable by the at least one processor, the set of instructions including instructions to;
  
  receive an action request initiated by an action originator and signed by an action authenticator;
  
  verify the authenticity of the signed action request; and
  
  perform a requested action when the authenticity of the signed action request is verified.

17. A method of authenticating a requested action, comprising:
- signing an action request with an action authenticator;
  
  sending the signed action request to a communications/control module;
  
  verifying the authenticity of the signed action request; and
  
  performing a requested action with the communications/control module when the authenticity of the signed action request is verified.
- View Dependent Claims (18, 19, 20)
- - 18. The method of claim 17, further comprising:
    - encrypting the action request with the action authenticator; and
      
      decrypting the action request with the communications/control module.
  - 19. The method of claim 17, wherein the action authenticator comprises at least one of:
    - a portable encryption device;
      
      a secured workstation;
      
      or a device lifecycle management system.
  - 20. The method of claim 17, wherein performing the requested action with the communications/control module when the authenticity of the signed action request is verified includes:
    - controlling an industrial element according to the action request, the industrial element including at least one of;
      
      a communications/control module;
      
      an input/output module;
      
      a power module;
      
      a field device;
      
      a switch;
      
      a workstation;
      
      or a physical interconnect device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Analog Devices, Inc.
Original Assignee
Bedrock Automation Platforms, Inc. (Analog Devices, Inc.)
Inventors
Clish, Timothy, Calvin, James G., Rooyakkers, Albert, Galpin, Samuel

Granted Patent

US 10,834,094 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/155
CPC Class Codes

G05B 19/0425   Safety, monitoring

G05B 2219/23342   Pluggable rom, smart card

G05B 2219/24162   Biometric sensor, fingerpri...

G05B 2219/24167   Encryption, password, user ...

G06F 2212/175   Industrial control system

G09C 1/00   Apparatus or methods whereb...

H04L 63/0853   using an additional device,...

H04L 63/0884   by delegation of authentica...

H04L 63/12   Applying verification of th...

H04L 9/3234   involving additional secure...

H04L 9/3247   involving digital signatures

OPERATOR ACTION AUTHENTICATION IN AN INDUSTRIAL CONTROL SYSTEM

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

104 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

OPERATOR ACTION AUTHENTICATION IN AN INDUSTRIAL CONTROL SYSTEM

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

104 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links