Policy-based secure communication with automatic key management for industrial control and automation systems

Title: Policy-based secure communication with automatic key management for industrial control and automation systems

Full Record
Other Related Research

Abstract

A method includes generating at least one access vector associated with a specified device in an industrial process control and automation system. The specified device has one of multiple device roles. The at least one access vector is generated based on one or more communication policies defining communications between one or more pairs of devices roles in the industrial process control and automation system, where each pair of device roles includes the device role of the specified device. The method also includes providing the at least one access vector to at least one of the specified device and one or more other devices in the industrial process control and automation system in order to control communications to or from the specified device.

Inventors:: Chernoguzov, Alexander; Markham, Thomas R.; Haridas, Harshal S.

Issue Date:: 2016-11-22

Research Org.:: Honeywell International Inc. Morris Plains, NJ (United States)

Sponsoring Org.:: USDOE

OSTI Identifier:: 1333212

Patent Number(s):: 9503478

Application Number:: 14/309,251

Assignee:: Honeywell International Inc. (Morris Plains, NJ)

Patent Classifications (CPCs):: H - ELECTRICITY H04 - ELECTRIC COMMUNICATION TECHNIQUE H04L - TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION

G - PHYSICS G05 - CONTROLLING G05B - CONTROL OR REGULATING SYSTEMS IN GENERAL

Show more

H - ELECTRICITY H04 - ELECTRIC COMMUNICATION TECHNIQUE H04L - TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
H04L63/105 - {Multiple levels of security}
H04L63/08 - {for supporting authentication of entities communicating through a packet data network
H04L63/104 - {Grouping of entities}
H04L63/101 - {Access control lists [ACL]}

G - PHYSICS G05 - CONTROLLING G05B - CONTROL OR REGULATING SYSTEMS IN GENERAL
G05B19/0428 - {Safety, monitoring
G05B19/4185 - {characterised by the network communication}

H - ELECTRICITY H04 - ELECTRIC COMMUNICATION TECHNIQUE H04L - TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
H04L63/062 - {for key distribution, e.g. centrally by trusted party
H04L63/20 - {for managing network security
H04L63/10 - {for controlling access to network resources
H04L63/06 - {for supporting key management in a packet data network
H04L67/12 - {adapted for proprietary or special purpose networking environments, e.g. medical networks, sensor networks, networks in a car or remote metering networks

Show less

DOE Contract Number:: OE0000544

Resource Type:: Patent

Resource Relation:: Patent File Date: 2014 Jun 19

Country of Publication:: United States

Language:: English

Subject:: 47 OTHER INSTRUMENTATION; 99 GENERAL AND MISCELLANEOUS

Citation Formats


                    Chernoguzov, Alexander, Markham, Thomas R., and Haridas, Harshal S.. Policy-based secure communication with automatic key management for industrial control and automation systems.  United States: N. p., 2016. 
        Web.

Copy to clipboard


                    Chernoguzov, Alexander, Markham, Thomas R., & Haridas, Harshal S.. Policy-based secure communication with automatic key management for industrial control and automation systems.  United States.

Copy to clipboard


                    Chernoguzov, Alexander, Markham, Thomas R., and Haridas, Harshal S.. Tue .  
        "Policy-based secure communication with automatic key management for industrial control and automation systems".  United States.  https://www.osti.gov/servlets/purl/1333212.

Copy to clipboard


                    
@article{osti_1333212,

  title        = {Policy-based secure communication with automatic key management for industrial control and automation systems},

  author       = {Chernoguzov, Alexander and Markham, Thomas R. and Haridas, Harshal S.},

  abstractNote = {A method includes generating at least one access vector associated with a specified device in an industrial process control and automation system. The specified device has one of multiple device roles. The at least one access vector is generated based on one or more communication policies defining communications between one or more pairs of devices roles in the industrial process control and automation system, where each pair of device roles includes the device role of the specified device. The method also includes providing the at least one access vector to at least one of the specified device and one or more other devices in the industrial process control and automation system in order to control communications to or from the specified device.},

  doi          = {},

  journal      = {},
number       = ,

  volume       = ,

  place        = {United States},

  year         = {2016},

  month        = {11}

}

Copy to clipboard

Patent:

View Patent

Save / Share:

Export Metadata

Save to My Library

Similar Records in DOE Patents and OSTI.GOV collections:

Secure multi-party communication with quantum key distribution managed by trusted authority

Patent Hughes, Richard John; Nordholt, Jane Elizabeth; Peterson, Charles Glen

Techniques and tools for implementing protocols for secure multi-party communication after quantum key distribution ("QKD") are described herein. In example implementations, a trusted authority facilitates secure communication between multiple user devices. The trusted authority distributes different quantum keys by QKD under trust relationships with different users. The trusted authority determines combination keys using the quantum keys and makes the combination keys available for distribution (e.g., for non-secret distribution over a public channel). The combination keys facilitate secure communication between two user devices even in the absence of QKD between the two user devices. With the protocols, benefits of QKD aremore »« less
Full Text Available
Secure multi-party communication with quantum key distribution managed by trusted authority

Patent Hughes, Richard John; Nordholt, Jane Elizabeth; Peterson, Charles Glen

Techniques and tools for implementing protocols for secure multi-party communication after quantum key distribution ("QKD") are described herein. In example implementations, a trusted authority facilitates secure communication between multiple user devices. The trusted authority distributes different quantum keys by QKD under trust relationships with different users. The trusted authority determines combination keys using the quantum keys and makes the combination keys available for distribution (e.g., for non-secret distribution over a public channel). The combination keys facilitate secure communication between two user devices even in the absence of QKD between the two user devices. With the protocols, benefits of QKD aremore »« less
Full Text Available
Secure multi-party communication with quantum key distribution managed by trusted authority

Patent Nordholt, Jane Elizabeth; Hughes, Richard John; Peterson, Charles Glen

Techniques and tools for implementing protocols for secure multi-party communication after quantum key distribution ("QKD") are described herein. In example implementations, a trusted authority facilitates secure communication between multiple user devices. The trusted authority distributes different quantum keys by QKD under trust relationships with different users. The trusted authority determines combination keys using the quantum keys and makes the combination keys available for distribution (e.g., for non-secret distribution over a public channel). The combination keys facilitate secure communication between two user devices even in the absence of QKD between the two user devices. With the protocols, benefits of QKD aremore »« less
Full Text Available
Systems and methods for monitoring traffic on industrial control and building automation system networks

Patent Jenkins, Chris

Technologies relating to monitoring communications traffic to detect potential attacks on industrial control system networks and building automation system networks are described herein. In an embodiment, a monitoring device receives a plurality of communications from a control network. The monitoring device transmits the communications to a computing device. Based on the communications, the computing device generates a listing of devices that communicated by way of the control network over a period of time, and computes a volume of traffic between each pair of devices in the listing of devices. The computing device then outputs a graphical user interface (GUI) bymore »« less
Full Text Available
Devices, base stations, and methods for communicating scheduling requests via an underlay control channel in a wireless communication system

Patent Moradi, Hussein; Farhang, Behrouz

Wireless communication systems, base stations, and user equipment are disclosed that enable communication of scheduling requests via an underlay control channel that has an energy below a noise level of the spectrum. The scheduling requests may be sent and received at any time, including during downlink and uplink data communication periods of the base station.
Full Text Available

Similar Records