Cryptographic protected communication system with multiplexed cryptographic cryptopipe modules

US 8,935,523 B1
Filed: 12/11/2012
Issued: 01/13/2015
Est. Priority Date: 07/18/2012
Status: Active Grant

First Claim

Patent Images

1. An auditable cryptographic protected communication system for connecting an enterprise server to a plurality of industrial devices, each industrial device using at least one messaging protocol for each industrial device enabling the industrial devices to receive commands and transmit status and measurement data using the at least one messaging protocol for each industrial device over a network, wherein the auditable cryptographic protected communication system comprises:

a. at least one enterprise server having at least one enterprise processor and an enterprise data storage, wherein the at least one enterprise server communicates to a plurality of industrial devices connected to the network using in-band messages using a multiplexed cryptopipe;

b. computer instructions in the enterprise data storage comprising;

(i) a cryptographic manager tool in the enterprise data storage comprising;

1. computer instructions to form a plurality of virtual cryptographic modules;

2. a plurality of virtual cryptographic modules wherein each virtual cryptographic module comprises;

i. computer instructions to receive in-band plain text status and measurement data in the messaging protocol of the industrial device from the physical cryptographic module;

ii. computer instructions to transmit in-band decrypted commands to the physical cryptographic module;

iii. computer instructions to transmit out-of-band plain text status and measurement data or encrypted messaging to the physical cryptographic module;

iv. computer instructions to receive out-of-band encrypted or plain text status and measurement data or encrypted messaging from the physical cryptographic module;

v. computer instructions to receive encrypted out-of-band performance log on performance of the physical cryptographic modules, to copy the encrypted out-of-band performance log forming an additional encrypted out-of-band performance log, to pass one encrypted out-of-band performance log through the enterprise server to form a tamper resistant performance log, and to decrypt the other encrypted out-of-band performance log;

vi. computer instructions to generate cryptographic keys by the virtual cryptographic module, using a member of the group comprising;

an event wherein security is uncertain;

an event wherein security is compromised;

a cryptographic time outs;

or combinations thereof;

(ii) computer instructions to form a multiplexed cryptopipe;

(iii) a multiplexed cryptopipe;

(iv) computer instructions to use the multiplexed cryptopipe to communicate between the plurality of virtual cryptographic modules and the plurality of industrial devices simultaneously;

(v) computer instructions to monitor, configure and reconfigure online and on demand, continuously, multiplexed cryptographic pipe;

(vi) computer instructions to monitor, configure, reconfigure online and on demand, continuously, the plurality of physical cryptographic modules, simultaneously;

(vii) computer instructions to monitor, configure, reconfigure online and on demand, continuously, the plurality of virtual cryptographic modules simultaneously;

(viii) a library of virtual cryptographic module settings; and

(ix) a library of physical cryptographic module settings;

c. a plurality of physical cryptographic modules, wherein one of the physical cryptographic module connects to one of the industrial devices, and wherein, each physical cryptographic module comprises;

(i) a physical cryptographic module processor;

(ii) a physical cryptographic module data storage connected to the physical cryptographic module processor, wherein the physical cryptographic module data storage comprises;

1. computer instructions to receive in-band plain text status and measurement data in the messaging protocol of the industrial device from the industrial device;

2. computer instructions to transmit in-band decrypted commands to the industrial device, in communication therewith;

3. computer instructions for receiving encrypted messaging in-band from the enterprise server;

4. computer instructions for transmitting encrypted messaging in-band to the enterprise server from the physical cryptographic module;

5. computer instructions to receive out-of-band plain text status and measurement data or encrypted messaging from the enterprise server to the physical cryptographic module;

6. computer instructions to transmit out-of-band plain text status and measurement data or encrypted messaging to the enterprise server;

7. computer instructions to transmit encrypted out-of-band log data on performance of the physical cryptographic module; and

8. computer instructions to generate cryptographic keys for;

i. digital signatures in authentication certificates;

ii. cryptographic key exchanges; and

iii. cryptographic communication sessions between the plurality of physical cryptographic modules and the enterprise server without human intervention;

d. wherein each of the physical cryptographic modules communicates between one of the enterprise servers and one of the industrial devices using in-band messages and a messaging protocol of each industrial device, and communicates out-of-band messages between at least one of the enterprise servers to each physical cryptographic module.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An auditable cryptographic protected communication system for connecting an enterprise server to a plurality of industrial devices using messaging protocols for each industrial device enabling the industrial devices to receive commands and transmit status and measurement data using the individual device messaging protocols over a network.

64 Citations

View as Search Results

20 Claims

1. An auditable cryptographic protected communication system for connecting an enterprise server to a plurality of industrial devices, each industrial device using at least one messaging protocol for each industrial device enabling the industrial devices to receive commands and transmit status and measurement data using the at least one messaging protocol for each industrial device over a network, wherein the auditable cryptographic protected communication system comprises:
- a. at least one enterprise server having at least one enterprise processor and an enterprise data storage, wherein the at least one enterprise server communicates to a plurality of industrial devices connected to the network using in-band messages using a multiplexed cryptopipe;
  
  b. computer instructions in the enterprise data storage comprising;
  
  (i) a cryptographic manager tool in the enterprise data storage comprising;
  
  1. computer instructions to form a plurality of virtual cryptographic modules;
  
  2. a plurality of virtual cryptographic modules wherein each virtual cryptographic module comprises;
  
  i. computer instructions to receive in-band plain text status and measurement data in the messaging protocol of the industrial device from the physical cryptographic module;
  
  ii. computer instructions to transmit in-band decrypted commands to the physical cryptographic module;
  
  iii. computer instructions to transmit out-of-band plain text status and measurement data or encrypted messaging to the physical cryptographic module;
  
  iv. computer instructions to receive out-of-band encrypted or plain text status and measurement data or encrypted messaging from the physical cryptographic module;
  
  v. computer instructions to receive encrypted out-of-band performance log on performance of the physical cryptographic modules, to copy the encrypted out-of-band performance log forming an additional encrypted out-of-band performance log, to pass one encrypted out-of-band performance log through the enterprise server to form a tamper resistant performance log, and to decrypt the other encrypted out-of-band performance log;
  
  vi. computer instructions to generate cryptographic keys by the virtual cryptographic module, using a member of the group comprising;
  
  an event wherein security is uncertain;
  
  an event wherein security is compromised;
  
  a cryptographic time outs;
  
  or combinations thereof;
  
  (ii) computer instructions to form a multiplexed cryptopipe;
  
  (iii) a multiplexed cryptopipe;
  
  (iv) computer instructions to use the multiplexed cryptopipe to communicate between the plurality of virtual cryptographic modules and the plurality of industrial devices simultaneously;
  
  (v) computer instructions to monitor, configure and reconfigure online and on demand, continuously, multiplexed cryptographic pipe;
  
  (vi) computer instructions to monitor, configure, reconfigure online and on demand, continuously, the plurality of physical cryptographic modules, simultaneously;
  
  (vii) computer instructions to monitor, configure, reconfigure online and on demand, continuously, the plurality of virtual cryptographic modules simultaneously;
  
  (viii) a library of virtual cryptographic module settings; and
  
  (ix) a library of physical cryptographic module settings;
  
  c. a plurality of physical cryptographic modules, wherein one of the physical cryptographic module connects to one of the industrial devices, and wherein, each physical cryptographic module comprises;
  
  (i) a physical cryptographic module processor;
  
  (ii) a physical cryptographic module data storage connected to the physical cryptographic module processor, wherein the physical cryptographic module data storage comprises;
  
  1. computer instructions to receive in-band plain text status and measurement data in the messaging protocol of the industrial device from the industrial device;
  
  2. computer instructions to transmit in-band decrypted commands to the industrial device, in communication therewith;
  
  3. computer instructions for receiving encrypted messaging in-band from the enterprise server;
  
  4. computer instructions for transmitting encrypted messaging in-band to the enterprise server from the physical cryptographic module;
  
  5. computer instructions to receive out-of-band plain text status and measurement data or encrypted messaging from the enterprise server to the physical cryptographic module;
  
  6. computer instructions to transmit out-of-band plain text status and measurement data or encrypted messaging to the enterprise server;
  
  7. computer instructions to transmit encrypted out-of-band log data on performance of the physical cryptographic module; and
  
  8. computer instructions to generate cryptographic keys for;
  
  i. digital signatures in authentication certificates;
  
  ii. cryptographic key exchanges; and
  
  iii. cryptographic communication sessions between the plurality of physical cryptographic modules and the enterprise server without human intervention;
  
  d. wherein each of the physical cryptographic modules communicates between one of the enterprise servers and one of the industrial devices using in-band messages and a messaging protocol of each industrial device, and communicates out-of-band messages between at least one of the enterprise servers to each physical cryptographic module.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 2. The auditable cryptographic protected communication system of claim 1, wherein the enterprise data storage further comprises:
    - computer instructions to form a plurality of cryptopipes as components of the multiplexed cryptopipe, wherein each cryptopipe communicates between a physical cryptographic module and the enterprise server.
  - 3. The auditable cryptographic protected communication system of claim 1, wherein the device communication from the industrial device comprises:
    - a. a cryout;
      
      b. a callout;
      
      c. an exception report;
      
      d. an unsolicited message; and
      
      e. combinations thereof.
  - 4. The auditable cryptographic protected communication system of claim 1, wherein the enterprise data storage further comprises computer instructions to manage the multiplexed cryptopipe in real time 24 hours a day, 7 days a week performing multiplexed and demultiplexed communications between the enterprise server and the virtual cryptographic module.
  - 5. The auditable cryptographic protected communication system of claim 1, wherein the physical cryptographic module further comprising computer instructions to manage the multiplexed cryptopipe in real time 24 hours a day, 7 days a week performing multiplexed and demultiplexed communications between the enterprise server and the virtual cryptographic module.
  - 6. The auditable cryptographic protected communication system of claim 1, further comprising computer instructions in the enterprise data storage to present the status and errors related to the multiplexed cryptopipe in real time 24 hours a day, 7 days a week tracking the multiplexed communication, demultiplexed communication, and combinations thereof;
    - between the enterprise server and the physical cryptographic module as an executive dashboard viewable by a user.
  - 7. The auditable cryptographic protected communication system of claim 1, further comprising a security enclosure around each physical cryptographic module with connected industrial device creating a tamperproof environment.
  - 8. The auditable cryptographic protected communication system of claim 7, further comprising a tamper detection means connected to the security enclosure, wherein the tamper detection means comprises a sensor, a processor connected to the sensor and a tamper detection means data storage connected to the processor, wherein the tamper detection data storage comprises:
    - a. computer instructions that detect when the security enclosure is opened;
      
      b. computer instructions that provide an audible alarm when computer instructions indicate the security enclosure is open;
      
      c. computer instructions provide a visual alarm when computer instructions indicate the security enclosure is open; and
      
      d. computer instructions activate a digital alarm and notification system that provides a message to a user via a network that computer instructions have detected that the security enclosure is open.
  - 9. The auditable cryptographic protected communication system of claim 3, wherein the cryout is an electronic messaging alarm, an activated automated phone call, an exception report, a text message, an email or combinations thereof.
  - 10. The auditable cryptographic protected communication system of claim 1, wherein the enterprise data storage comprises a library of cryptographic module protocols for out-of-band communication with the cryptographic manager tool.
  - 11. The auditable cryptographic protected communication system of claim 1, wherein the library of virtual cryptographic module settings includes a member of the group consisting of:
    - a pipe local IP address, pipe time outs, a pipe remote IP address, a pipe buffer size, a pipe listen IP address, a local port, a remote port, a pipe protocol, a pipe auto-enable, and combinations thereof.
  - 12. The auditable cryptographic protected communication system of claim 1, wherein the library of physical cryptographic module settings includes a member of the group consisting of:
    - a tag, a mac address, a lock status, a host port, a device port, closed connection time outs, inter-character time outs, a graphic user ID (GUID), a date created, a date last synched, a number of synchronization, a serial number, a status flag, a status string, a note, and combinations thereof.
  - 13. The auditable cryptographic protected communication system of claim 12, wherein the host port is an RS232 port, an RS485 port, an RS422 port, an Ethernet port, a TCPIP port, or a mesh radio network port.
  - 14. The auditable cryptographic protected communication system of claim 12, wherein the device port is an RS232 port, an RS485 port, an RS422 port, an Ethernet port, a TCPIP port, or a mesh radio network port.
  - 15. The auditable cryptographic protected communication system of claim 1, wherein the out-of-band encrypted log information with status and measurement data from the physical cryptographic module comprises performance information and information that indicates a breach of security simultaneously.
  - 16. The auditable cryptographic protected communication system of claim 1, wherein the enterprise server communicates with the plurality of industrial devices over a plurality of different networks simultaneously, consecutively, or combinations thereof or from a computing cloud, or combinations thereof.
  - 17. The auditable cryptographic protected communication system of claim 16, wherein the plurality of different networks simultaneously, consecutively or combinations thereof comprise:
    - a radio/cellular network, a worldwide network, satellite network, a corporate network, and a local area control network.
  - 18. The auditable cryptographic protected communication system of claim 1, wherein the physical cryptographic module data storage further comprises computer instructions for receiving and encrypting in-band plain text logs from an industrial device forming received in-band encrypted logs.
  - 19. The auditable cryptographic protected communication system of claim 18, wherein the physical cryptographic module data storage further comprises computer instructions for transmitting the received in-band encrypted logs to the enterprise server.
  - 20. The auditable cryptographic protected communication system of claim 19, wherein the enterprise data storage further comprises computer instructions for copying the received in-band encrypted logs forming additional received in-band encrypted logs, and for passing one of the received in-band encrypted logs through the enterprise server forming tamper resistant received in-band encrypted logs, and for decrypting the other received in-band encrypted logs.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
DJ Osburn Management LLC
Original Assignee
DJ Inventions, LLC
Inventors
Osburn, Douglas C. III
Primary Examiner(s)
NGUYEN, THU HA T

Application Number

US13/710,606
Time in Patent Office

763 Days
Field of Search

713/153, 713/189, 713/194, 713/201, 726/4
US Class Current

713/153
CPC Class Codes

G05B 19/042   using digital processors G0...

G05B 2219/25205   Encrypt communication

H04L 63/0428   wherein the data content is...

H04L 63/20   for managing network securi...

H04L 67/12   specially adapted for propr...

H04L 69/14   Multichannel or multilink p...

H04L 9/0838   Key agreement, i.e. key est...

Cryptographic protected communication system with multiplexed cryptographic cryptopipe modules

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

64 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Cryptographic protected communication system with multiplexed cryptographic cryptopipe modules

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

64 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links