Policy-based secure communication with automatic key management for industrial control and automation systems

Chernoguzov, Alexander; Markham, Thomas R.; Haridas, Harshal S.

Advanced Search OptionsAdvanced Search queries use a traditional Term Search. For more info, see our FAQ.

All Fields:

Patent Title:

Abstract:

Assignee:

Inventor(s):

Patent Number:

Patent Classification (CPC):

All Classifications
A - human necessities
A01 - agriculture
A21 - baking
A22 - butchering
A23 - foods or foodstuffs
A24 - tobacco
A41 - wearing apparel
A42 - headwear
A43 - footwear
A44 - haberdashery
A45 - hand or travelling articles
A46 - brushware
A47 - furniture
A61 - medical or veterinary science
A62 - life-saving
A63 - sports
A99 - subject matter not otherwise provided for in this section
B - performing operations
B01 - physical or chemical processes or apparatus in general
B02 - crushing, pulverising, or disintegrating
B03 - separation of solid materials using liquids or using pneumatic tables or jigs
B04 - centrifugal apparatus or machines for carrying-out physical or chemical processes
B05 - spraying or atomising in general
B06 - generating or transmitting mechanical vibrations in general
B07 - separating solids from solids
B08 - cleaning
B09 - disposal of solid waste
B21 - mechanical metal-working without essentially removing material
B22 - casting
B23 - machine tools
B24 - grinding
B25 - hand tools
B26 - hand cutting tools
B27 - working or preserving wood or similar material
B28 - working cement, clay, or stone
B29 - working of plastics
B30 - presses
B31 - making articles of paper, cardboard or material worked in a manner analogous to paper
B32 - layered products
B33 - additive manufacturing technology
B41 - printing
B42 - bookbinding
B43 - writing or drawing implements
B44 - decorative arts
B60 - vehicles in general
B61 - railways
B62 - land vehicles for travelling otherwise than on rails
B63 - ships or other waterborne vessels
B64 - aircraft
B65 - conveying
B66 - hoisting
B67 - opening, closing {or cleaning} bottles, jars or similar containers
B68 - saddlery
B81 - microstructural technology
B82 - nanotechnology
B99 - subject matter not otherwise provided for in this section
C - chemistry
C01 - inorganic chemistry
C02 - treatment of water, waste water, sewage, or sludge
C03 - glass
C04 - cements
C05 - fertilisers
C06 - explosives
C07 - organic chemistry
C08 - organic macromolecular compounds
C09 - dyes
C10 - petroleum, gas or coke industries
C11 - animal or vegetable oils, fats, fatty substances or waxes
C12 - biochemistry
C13 - sugar industry
C14 - skins
C21 - metallurgy of iron
C22 - metallurgy
C23 - coating metallic material
C25 - electrolytic or electrophoretic processes
C30 - crystal growth
C40 - combinatorial technology
C99 - subject matter not otherwise provided for in this section
D - textiles
D01 - natural or man-made threads or fibres
D02 - yarns
D03 - weaving
D04 - braiding
D05 - sewing
D06 - treatment of textiles or the like
D07 - ropes
D10 - indexing scheme associated with sublasses of section d, relating to textiles
D21 - paper-making
D99 - subject matter not otherwise provided for in this section
E - fixed constructions
E01 - construction of roads, railways, or bridges
E02 - hydraulic engineering
E03 - water supply
E04 - building
E05 - locks
E06 - doors, windows, shutters, or roller blinds in general
E21 - earth drilling
E99 - subject matter not otherwise provided for in this section
F - mechanical engineering
F01 - machines or engines in general
F02 - combustion engines
F03 - machines or engines for liquids
F04 - positive - displacement machines for liquids
F05 - indexing schemes relating to engines or pumps in various subclasses of classes f01-f04
F15 - fluid-pressure actuators
F16 - engineering elements and units
F17 - storing or distributing gases or liquids
F21 - lighting
F22 - steam generation
F23 - combustion apparatus
F24 - heating
F25 - refrigeration or cooling
F26 - drying
F27 - furnaces
F28 - heat exchange in general
F41 - weapons
F42 - ammunition
F99 - subject matter not otherwise provided for in this section
G - physics
G01 - measuring
G02 - optics
G03 - photography
G04 - horology
G05 - controlling
G06 - computing
G07 - checking-devices
G08 - signalling
G09 - education
G10 - musical instruments
G11 - information storage
G12 - instrument details
G16 - information and communication technology [ict] specially adapted for specific application fields
G21 - nuclear physics
G99 - subject matter not otherwise provided for in this section
H - electricity
H01 - basic electric elements
H02 - generation
H03 - basic electronic circuitry
H04 - electric communication technique
H05 - electric techniques not otherwise provided for
H99 - subject matter not otherwise provided for in this section
Y - new / cross sectional technologies
Y02 - technologies or applications for mitigation or adaptation against climate change
Y04 - information or communication technologies having an impact on other technology areas
Y10 - technical subjects covered by former uspc

More Options ...

Title: Policy-based secure communication with automatic key management for industrial control and automation systems

Abstract

A method includes generating at least one access vector associated with a specified device in an industrial process control and automation system. The specified device has one of multiple device roles. The at least one access vector is generated based on one or more communication policies defining communications between one or more pairs of devices roles in the industrial process control and automation system, where each pair of device roles includes the device role of the specified device. The method also includes providing the at least one access vector to at least one of the specified device and one or more other devices in the industrial process control and automation system in order to control communications to or from the specified device.

Inventors:: Chernoguzov, Alexander; Markham, Thomas R.; Haridas, Harshal S.

Issue Date:: 2016-11-22

Research Org.:: Honeywell International Inc. Morris Plains, NJ (United States)

Sponsoring Org.:: USDOE

OSTI Identifier:: 1333212

Patent Number(s):: 9503478

Application Number:: 14/309,251

Assignee:: Honeywell International Inc. (Morris Plains, NJ)

Patent Classifications (CPCs):: G - PHYSICS G05 - CONTROLLING G05B - CONTROL OR REGULATING SYSTEMS IN GENERAL

H - ELECTRICITY H04 - ELECTRIC COMMUNICATION TECHNIQUE H04L - TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION

Show more

G - PHYSICS G05 - CONTROLLING G05B - CONTROL OR REGULATING SYSTEMS IN GENERAL
G05B19/0428 - {Safety, monitoring
G05B19/4185 - {characterised by the network communication}

H - ELECTRICITY H04 - ELECTRIC COMMUNICATION TECHNIQUE H04L - TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
H04L63/06 - {for supporting key management in a packet data network
H04L63/062 - {for key distribution, e.g. centrally by trusted party
H04L63/08 - {for supporting authentication of entities communicating through a packet data network
H04L63/10 - {for controlling access to network resources
H04L63/101 - {Access control lists [ACL]}
H04L63/104 - {Grouping of entities}
H04L63/105 - {Multiple levels of security}
H04L63/20 - {for managing network security
H04L67/12 - {adapted for proprietary or special purpose networking environments, e.g. medical networks, sensor networks, networks in a car or remote metering networks

Show less

DOE Contract Number:: OE0000544

Resource Type:: Patent

Resource Relation:: Patent File Date: 2014 Jun 19

Country of Publication:: United States

Language:: English

Subject:: 47 OTHER INSTRUMENTATION; 99 GENERAL AND MISCELLANEOUS

Citation Formats


                    Chernoguzov, Alexander, Markham, Thomas R., and Haridas, Harshal S. Policy-based secure communication with automatic key management for industrial control and automation systems.  United States: N. p., 2016. 
        Web.

Copy to clipboard


                    Chernoguzov, Alexander, Markham, Thomas R., & Haridas, Harshal S. Policy-based secure communication with automatic key management for industrial control and automation systems.  United States.

Copy to clipboard


                    Chernoguzov, Alexander, Markham, Thomas R., and Haridas, Harshal S. Tue .  
        "Policy-based secure communication with automatic key management for industrial control and automation systems".  United States.  https://www.osti.gov/servlets/purl/1333212.

Copy to clipboard


                    
@article{osti_1333212,

  title        = {Policy-based secure communication with automatic key management for industrial control and automation systems},

  author       = {Chernoguzov, Alexander and Markham, Thomas R. and Haridas, Harshal S.},

  abstractNote = {A method includes generating at least one access vector associated with a specified device in an industrial process control and automation system. The specified device has one of multiple device roles. The at least one access vector is generated based on one or more communication policies defining communications between one or more pairs of devices roles in the industrial process control and automation system, where each pair of device roles includes the device role of the specified device. The method also includes providing the at least one access vector to at least one of the specified device and one or more other devices in the industrial process control and automation system in order to control communications to or from the specified device.},

  doi          = {},

  journal      = {},
number       = ,

  volume       = ,

  place        = {United States},

  year         = {2016},

  month        = {11}

}

Copy to clipboard

Patent:

Save / Share:

Export Metadata

Save to My Library

Works referenced in this record:

Access control system and method therefor
patent, June 2001

Assaleh, Khaled; Campbell, William M.
US Patent Document 6,243,695
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/6243695

Method and apparatus for providing a dynamic resource role model for subscriber-requester based protocols in a home automation and control system
patent, January 2006

Gonzales, Greg; Baker, Brian D.
US Patent Document 6,990,379
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/6990379

Method for device dependent access control for device independent web content
patent, February 2010

Yan, Shunguo
US Patent Document 7,657,946
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/7657946

Translating role-based access control policy to resource authorization policy
patent, February 2013

McPherson, Dave M.; Paramasivam, Muthukrishnan; Leach, Paul J.
US Patent Document 8,381,306
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/8381306

Automation devices, systems, architectures, and methods for energy management and other applications
patent, April 2013

Clayton, Randy; Noppinger, Kenneth
US Patent Document 8,429,435
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/8429435

Method and system for managing security policies
patent, May 2015

Lang, Ulrich; Schreiner, Rudolf
US Patent Document 9,043,861
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/9043861

System and architecture for electronic permissions and security policies for resources in a data system
patent, December 2015

Doermann, Matthew Andreas; Wootton, Alan T.; Briguglio, Louise Elizabeth
US Patent Document 9,218,502
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/9218502

Similar Records in DOE Patents and OSTI.GOV collections:

Secure multi-party communication with quantum key distribution managed by trusted authority

Patent Nordholt, Jane Elizabeth; Hughes, Richard John; Peterson, Charles Glen

Techniques and tools for implementing protocols for secure multi-party communication after quantum key distribution ("QKD") are described herein. In example implementations, a trusted authority facilitates secure communication between multiple user devices. The trusted authority distributes different quantum keys by QKD under trust relationships with different users. The trusted authority determines combination keys using the quantum keys and makes the combination keys available for distribution (e.g., for non-secret distribution over a public channel). The combination keys facilitate secure communication between two user devices even in the absence of QKD between the two user devices. With the protocols, benefits of QKD aremore » « less
Full Text Available
Secure multi-party communication with quantum key distribution managed by trusted authority

Patent Hughes, Richard John; Nordholt, Jane Elizabeth; Peterson, Charles Glen

Techniques and tools for implementing protocols for secure multi-party communication after quantum key distribution ("QKD") are described herein. In example implementations, a trusted authority facilitates secure communication between multiple user devices. The trusted authority distributes different quantum keys by QKD under trust relationships with different users. The trusted authority determines combination keys using the quantum keys and makes the combination keys available for distribution (e.g., for non-secret distribution over a public channel). The combination keys facilitate secure communication between two user devices even in the absence of QKD between the two user devices. With the protocols, benefits of QKD aremore » « less
Full Text Available
Secure multi-party communication with quantum key distribution managed by trusted authority

Patent Hughes, Richard John; Nordholt, Jane Elizabeth; Peterson, Charles Glen

Techniques and tools for implementing protocols for secure multi-party communication after quantum key distribution ("QKD") are described herein. In example implementations, a trusted authority facilitates secure communication between multiple user devices. The trusted authority distributes different quantum keys by QKD under trust relationships with different users. The trusted authority determines combination keys using the quantum keys and makes the combination keys available for distribution (e.g., for non-secret distribution over a public channel). The combination keys facilitate secure communication between two user devices even in the absence of QKD between the two user devices. With the protocols, benefits of QKD aremore » « less
Full Text Available
Systems and methods for monitoring traffic on industrial control and building automation system networks

Patent Jenkins, Chris

Technologies relating to monitoring communications traffic to detect potential attacks on industrial control system networks and building automation system networks are described herein. In an embodiment, a monitoring device receives a plurality of communications from a control network. The monitoring device transmits the communications to a computing device. Based on the communications, the computing device generates a listing of devices that communicated by way of the control network over a period of time, and computes a volume of traffic between each pair of devices in the listing of devices. The computing device then outputs a graphical user interface (GUI) bymore » « less
Full Text Available
Systems and methods for automatic data management for an asynchronous task-based runtime

Patent Baskaran, Muthu Manikandan; Meister, Benoit J.; Pradelle, Benoit

A compilation system can define, at compile time, the data blocks to be managed by an Even Driven Task (EDT) based runtime/platform, and can also guide the runtime/platform on when to create and/or destroy the data blocks, so as to improve the performance of the runtime/platform. The compilation system can also guide, at compile time, how different tasks may access the data blocks they need in a manner that can improve performance of the tasks.
Full Text Available

Similar Records

Title: Policy-based secure communication with automatic key management for industrial control and automation systems

Abstract

Citation Formats

Access control system and method therefor patent, June 2001

Method and apparatus for providing a dynamic resource role model for subscriber-requester based protocols in a home automation and control system patent, January 2006

Method for device dependent access control for device independent web content patent, February 2010

Translating role-based access control policy to resource authorization policy patent, February 2013

Automation devices, systems, architectures, and methods for energy management and other applications patent, April 2013

Method and system for managing security policies patent, May 2015

System and architecture for electronic permissions and security policies for resources in a data system patent, December 2015

Access control system and method therefor
patent, June 2001

Method and apparatus for providing a dynamic resource role model for subscriber-requester based protocols in a home automation and control system
patent, January 2006

Method for device dependent access control for device independent web content
patent, February 2010

Translating role-based access control policy to resource authorization policy
patent, February 2013

Automation devices, systems, architectures, and methods for energy management and other applications
patent, April 2013

Method and system for managing security policies
patent, May 2015

System and architecture for electronic permissions and security policies for resources in a data system
patent, December 2015