Systems and methods for controlling file execution for industrial control systems
First Claim
Patent Images
1. A system, comprising:
- a build system processor configured to;
generate a private encryption key;
embed the private encryption key in at least one of a plurality of source files, wherein each of the plurality of source files comprises instructions configured to be executed by an industrial controller processor of an industrial controller;
generate a plurality of binary files from the plurality of source files, wherein at least one of the plurality of binary files includes the private encryption key;
construct a whitelist file comprising a plurality of hash key values respectively determined for the plurality of binary files; and
encrypt the whitelist file using the private key to provide an encrypted whitelist file.
6 Assignments
0 Petitions
Accused Products
Abstract
A system includes a build system processor configured to generate a private encryption key and configured to add the private encryption key to at least one of a plurality of source files. Each of the plurality of source files includes instructions configured to be executed by an industrial controller processor. The processor is also configured to generate a plurality of binary files from the plurality of source files. The processor is further configured to construct a whitelist file including first hash key values determined for the plurality of binary files and configured to encrypt the whitelist file using the private key to provide an encrypted whitelist file.
63 Citations
20 Claims
-
1. A system, comprising:
a build system processor configured to; generate a private encryption key; embed the private encryption key in at least one of a plurality of source files, wherein each of the plurality of source files comprises instructions configured to be executed by an industrial controller processor of an industrial controller; generate a plurality of binary files from the plurality of source files, wherein at least one of the plurality of binary files includes the private encryption key; construct a whitelist file comprising a plurality of hash key values respectively determined for the plurality of binary files; and encrypt the whitelist file using the private key to provide an encrypted whitelist file. - View Dependent Claims (2, 3, 4, 5, 6, 7, 19, 20)
-
8. A method, comprising:
-
generating a plurality of executable files from a plurality of source files, wherein the plurality of executable files comprise instructions to be executed by an industrial controller, and wherein the plurality of executable files include a private key that is embedded in at least one of the plurality of source files; determining a respective hash key value for each of the plurality of executable files; generating a whitelist file comprising the hash key values for each of the plurality of executable files; and encrypting the whitelist file using the private key to provide an encrypted whitelist file. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A tangible, non-transitory, computer-readable medium comprising instructions configured to be executed by a processor of an industrial controller, the instructions comprising:
-
instructions to determine an encryption key value via execution of a first binary file of a plurality of binary files, wherein the first binary file was generated from a source file having the encryption key value embedded within; instructions to use the determined encryption key value to decrypt a whitelist file, wherein the whitelist file comprises a plurality of whitelisted hash key values that respectively correspond to the plurality of binary files; instructions to determine a hash key value for a second binary file of the plurality of binary files; and instructions to block execution of the second binary file when the determined hash key value is not located among the plurality of whitelisted hash key values. - View Dependent Claims (15, 16, 17, 18)
-
Specification