IPC분류정보
국가/구분 |
United States(US) Patent
등록
|
국제특허분류(IPC7판) |
|
출원번호 |
US-0552396
(2012-07-18)
|
등록번호 |
US-8364950
(2013-01-29)
|
발명자
/ 주소 |
|
출원인 / 주소 |
|
인용정보 |
피인용 횟수 :
1 인용 특허 :
22 |
초록
▼
An auditable cryptographic protected communication system for connecting an enterprise server to a plurality of industrial devices using messaging protocols for each industrial device enabling the industrial devices to receive commands and transmit status and measurement data using the individual de
An auditable cryptographic protected communication system for connecting an enterprise server to a plurality of industrial devices using messaging protocols for each industrial device enabling the industrial devices to receive commands and transmit status and measurement data using the individual device messaging protocols over a network.
대표청구항
▼
1. An auditable cryptographic protected communication system for connecting an enterprise server to a plurality of industrial devices using at least one messaging protocol for each industrial device enabling the industrial devices to receive commands and transmit status and measurement data using th
1. An auditable cryptographic protected communication system for connecting an enterprise server to a plurality of industrial devices using at least one messaging protocol for each industrial device enabling the industrial devices to receive commands and transmit status and measurement data using the at least one messaging protocol for each industrial device over a network, wherein the auditable cryptographic protected communication system comprises: a. the enterprise server having an enterprise processor and an enterprise data storage, wherein the enterprise server communicates in each messaging protocol of each industrial device connected to the network using in-band and out-of-band messages;b. a plurality of physical cryptographic modules, each physical cryptographic module has a physical cryptographic module processor with a physical cryptographic module data storage, and wherein the plurality of physical cryptographic modules are disposed between the enterprise server and each industrial device for communicating in-band messages to each industrial device using the messaging protocol of each industrial device, and wherein each physical cryptographic module data storage comprises: (i) computer instructions to receive in-band plain text status and measurement data in the messaging protocol of the industrial device in communication therewith;(ii) computer instructions to transmit in-band decrypted commands to the industrial device, in communication therewith;(iii) computer instructions for providing encrypted messaging both in-band and out-of-band from the industrial device, in communication therewith, using the messaging protocol of the industrial device; and(iv) computer instructions to generate cryptographic keys for: 1. digital signatures in authentication certificates;2. cryptographic key exchanges; and3. cryptographic communication sessions between the plurality of physical cryptographic modules and a cryptographic manager tool without human intervention, allowing online encryption and decryption of plain text commands, status and measurement data, messages, log information, and alarm messages, without turning off any operating industrial devices, and without turning off the enterprise server and while creating an auditable communication pathway from enterprise server to operating industrial devices; andc. the cryptographic manager tool for communication between the plurality of physical cryptographic modules and the enterprise server for in-band and out-of-band communication with each of the physical cryptographic modules, for in-band and out-of-band communication with the industrial devices, wherein the cryptographic manager tool resides in the enterprise data storage or in a second data storage of a second server having a second processor, on the network, wherein the cryptographic manager tool comprises: (i) a plurality of virtual cryptographic modules, wherein each virtual cryptographic module comprises: 1. computer instructions to receive plain text commands from the enterprise server to start at least one virtual cryptographic module of the plurality of virtual cryptographic modules and provide routine commands to the at least one virtual cryptographic module during operation;2. computer instructions to receive plain text setting commands from the cryptographic manager tool;3. computer instructions to transmit plain text information to the cryptographic manager tool;4. computer instructions to transmit in-band plain text commands during start up to the physical cryptographic module;5. computer instructions to transmit out-of-band plain text commands during start up to the physical cryptographic module;6. computer instructions to receive in-band plain text and status and measurement data from the physical cryptographic module during start up;7. computer instructions to receive out-of-band plain text messages from the physical cryptographic module during start up;8. computer instructions to receive out-of-band encrypted log information with status and measurement data from the physical cryptographic module;9. computer instructions to receive out-of-band alarm messages from the physical cryptographic module;10. computer instructions to transmit out-of-band encrypted commands to the physical cryptographic module;11. computer instructions to receive in-band encrypted status and measurement data from the physical cryptographic module;12. computer instructions to transmit in-band encrypted commands to the physical cryptographic module;13. computer instructions to transmit encrypted collected log information to the enterprise server; and14. computer instructions to transmit decrypted status and measurement data in the messaging protocol of the industrial device from the industrial device to the enterprise server;(ii) computer instructions to monitor, configure and reconfigure online and on demand, continuously, a plurality of cryptographic pipes simultaneously;(iii) computer instructions to monitor, configure, and reconfigure online and on demand, continuously, the plurality of physical cryptographic modules, simultaneously;(iv) computer instructions to monitor, configure, and reconfigure online and on demand, continuously, the plurality of virtual cryptographic modules simultaneously;(v) computer instructions to generate cryptographic keys for: 1. digital signatures in authentication certificates;2. cryptographic key exchanges; and3. cryptographic communication sessions between the plurality of virtual cryptographic modules and the plurality of physical cryptographic modules, without human intervention, allowing online encryption and decryption of plain text commands, status and measurement data, messages, log information, and alarm messages without turning off any operating industrial devices, and without turning off the enterprise server and while creating an auditable communication pathway from the enterprise server to operating industrial devices;(vi) computer instructions to transmit plain text setting information to at least one cryptographic pipe of the plurality of cryptographic pipes;(vii) computer instructions to receive plain text setting information from at least one cryptographic pipe of the plurality of cryptographic pipes;(viii) a library of virtual cryptographic module settings;(ix) a library of physical cryptographic module settings;(x) computer instructions to schedule generation of cryptographic keys by the virtual cryptographic module, by the physical cryptographic module, or combinations thereof, using cryptographic time outs; and(xi) the plurality of cryptographic pipes, wherein at least one cryptographic pipe of the plurality of cryptographic pipes communicates with at least one virtual cryptographic module of the plurality of virtual cryptographic modules. 2. The auditable cryptographic protected communication system of claim 1, further comprising a security enclosure creating a tamperproof enclosure around each physical cryptographic module. 3. The auditable cryptographic protected communication system of claim 2, wherein the security enclosure is an explosion proof, weather proof enclosure. 4. The auditable cryptographic protected communication system of claim 2, further comprising a tamper detection means connected to an input/output of the security enclosure, wherein the tamper detection means detects access to the security enclosure. 5. The auditable cryptographic protected communication system of claim 4, wherein the tamper detection means comprises a member of the group consisting of: computer instructions that detect when the security enclosure is opened, a circuit that indicates when the circuit is no longer complete, a sensor connected to one or more security programs when the security enclosure is breached, an audible alarm connected to one or more security programs when the security enclosure is breached, a visual alarm connected to one or more security programs when the security enclosure is breached, a digital alarm and notification system that provides a message when the security enclosure is breached, an electronic messaging alarm that indicates when the security enclosure is breached, an activated automated phone call connected to one or more security programs when the security enclosure is breached, a software program that generates exception reports when the security enclosure is breached, a text message connected to one or more security programs when the security enclosure is breached, an email connected to one or more security programs when the security enclosure is breached, or combinations thereof. 6. The auditable cryptographic protected communication system of claim 1 wherein the enterprise server comprises a library of cryptographic module protocols for out-of-band communication with the cryptographic manager tool. 7. The auditable cryptographic protected communication system of claim 1, wherein the library of virtual cryptographic module settings includes a member of the group consisting of: a pipe local IP address, pipe time outs, a pipe remote IP address, a pipe buffer size, a pipe listen IP address, a local port, a remote port, a pipe protocol, a pipe auto-enable, and combinations thereof. 8. The auditable cryptographic protected communication system of claim 1, wherein the library of physical cryptographic module settings includes a member of the group consisting of: a tag, a mac address, a lock status, a host port, a device port, closed connection time outs, inter-character time outs, a graphic user ID (GUID), a date created, a date last synched, a number of synchronization, a serial number, a status flag, a status string, a note, and combinations thereof. 9. The auditable cryptographic protected communication system of claim 8, wherein the host port is an RS232 port, an RS485 port, an RS422 port, an Ethernet port, a TCPIP port, or a mesh radio network port. 10. The auditable cryptographic protected communication system of claim 8, wherein the device port is an RS232 port, an RS485 port, an RS422 port, an Ethernet port, a TCPIP port, or a mesh radio network port. 11. The auditable cryptographic protected communication system of claim 1, wherein each cryptographic pipe comprises: a. computer instructions to provide encrypted messaging both in-band and out-of-band from the cryptographic manager tool to the physical cryptographic modules using messaging protocols of each industrial device; andb. computer instructions to provide decrypted messaging both in-band and out-of-band, from the physical cryptographic modules to the cryptographic manager tool. 12. The auditable cryptographic protected communication system of claim 1, wherein the out-of-band encrypted log information with status and measurement data from the physical cryptographic module comprises performance information and information that indicates a breach of security simultaneously. 13. The auditable cryptographic protected communication system of claim 1, wherein the enterprise server communicates with the plurality of industrial devices over a plurality of different networks simultaneously, consecutively, or combinations thereof. 14. The auditable cryptographic protected communication system of claim 13, wherein the plurality of different networks comprise: a radio/cellular network, a worldwide network, a corporate network, and a local area control network.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.