Cryptographic protected communication system with multiplexed cryptographic cryptopipe modules
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
G06F-009/00
H04L-009/28
H04L-009/08
H04L-029/06
출원번호
US-0710606
(2012-12-11)
등록번호
US-8935523
(2015-01-13)
발명자
/ 주소
Osburn, III, Douglas C.
출원인 / 주소
DJ Inventions, LLC
대리인 / 주소
Buskop Law Group, PC
인용정보
피인용 횟수 :
6인용 특허 :
27
초록▼
An auditable cryptographic protected communication system for connecting an enterprise server to a plurality of industrial devices using messaging protocols for each industrial device enabling the industrial devices to receive commands and transmit status and measurement data using the individual de
An auditable cryptographic protected communication system for connecting an enterprise server to a plurality of industrial devices using messaging protocols for each industrial device enabling the industrial devices to receive commands and transmit status and measurement data using the individual device messaging protocols over a network.
대표청구항▼
1. An auditable cryptographic protected communication system for connecting an enterprise server to a plurality of industrial devices, each industrial device using at least one messaging protocol for each industrial device enabling the industrial devices to receive commands and transmit status and m
1. An auditable cryptographic protected communication system for connecting an enterprise server to a plurality of industrial devices, each industrial device using at least one messaging protocol for each industrial device enabling the industrial devices to receive commands and transmit status and measurement data using the at least one messaging protocol for each industrial device over a network, wherein the auditable cryptographic protected communication system comprises: a. at least one enterprise server having at least one enterprise processor and an enterprise data storage, wherein the at least one enterprise server communicates to a plurality of industrial devices connected to the network using in-band messages using a multiplexed cryptopipe;b. computer instructions in the enterprise data storage comprising: (i) a cryptographic manager tool in the enterprise data storage comprising: 1. computer instructions to form a plurality of virtual cryptographic modules;2. a plurality of virtual cryptographic modules wherein each virtual cryptographic module comprises: i. computer instructions to receive in-band plain text status and measurement data in the messaging protocol of the industrial device from the physical cryptographic module;ii. computer instructions to transmit in-band decrypted commands to the physical cryptographic module;iii. computer instructions to transmit out-of-band plain text status and measurement data or encrypted messaging to the physical cryptographic module;iv. computer instructions to receive out-of-band encrypted or plain text status and measurement data or encrypted messaging from the physical cryptographic module;v. computer instructions to receive encrypted out-of-band performance log on performance of the physical cryptographic modules, to copy the encrypted out-of-band performance log forming an additional encrypted out-of-band performance log, to pass one encrypted out-of-band performance log through the enterprise server to form a tamper resistant performance log, and to decrypt the other encrypted out-of-band performance log;vi. computer instructions to generate cryptographic keys by the virtual cryptographic module, using a member of the group comprising: an event wherein security is uncertain; an event wherein security is compromised; a cryptographic time outs; or combinations thereof;(ii) computer instructions to form a multiplexed cryptopipe;(iii) a multiplexed cryptopipe;(iv) computer instructions to use the multiplexed cryptopipe to communicate between the plurality of virtual cryptographic modules and the plurality of industrial devices simultaneously;(v) computer instructions to monitor, configure and reconfigure online and on demand, continuously, multiplexed cryptographic pipe;(vi) computer instructions to monitor, configure, reconfigure online and on demand, continuously, the plurality of physical cryptographic modules, simultaneously;(vii) computer instructions to monitor, configure, reconfigure online and on demand, continuously, the plurality of virtual cryptographic modules simultaneously;(viii) a library of virtual cryptographic module settings; and(ix) a library of physical cryptographic module settings;c. a plurality of physical cryptographic modules, wherein one of the physical cryptographic module connects to one of the industrial devices, and wherein, each physical cryptographic module comprises: (i) a physical cryptographic module processor;(ii) a physical cryptographic module data storage connected to the physical cryptographic module processor, wherein the physical cryptographic module data storage comprises: 1. computer instructions to receive in-band plain text status and measurement data in the messaging protocol of the industrial device from the industrial device;2. computer instructions to transmit in-band decrypted commands to the industrial device, in communication therewith;3. computer instructions for receiving encrypted messaging in-band from the enterprise server;4. computer instructions for transmitting encrypted messaging in-band to the enterprise server from the physical cryptographic module;5. computer instructions to receive out-of-band plain text status and measurement data or encrypted messaging from the enterprise server to the physical cryptographic module;6. computer instructions to transmit out-of-band plain text status and measurement data or encrypted messaging to the enterprise server;7. computer instructions to transmit encrypted out-of-band log data on performance of the physical cryptographic module; and8. computer instructions to generate cryptographic keys for: i. digital signatures in authentication certificates;ii. cryptographic key exchanges; andiii. cryptographic communication sessions between the plurality of physical cryptographic modules and the enterprise server without human intervention;d. wherein each of the physical cryptographic modules communicates between one of the enterprise servers and one of the industrial devices using in-band messages and a messaging protocol of each industrial device, and communicates out-of-band messages between at least one of the enterprise servers to each physical cryptographic module. 2. The auditable cryptographic protected communication system of claim 1, wherein the enterprise data storage further comprises: computer instructions to form a plurality of cryptopipes as components of the multiplexed cryptopipe, wherein each cryptopipe communicates between a physical cryptographic module and the enterprise server. 3. The auditable cryptographic protected communication system of claim 1, wherein the device communication from the industrial device comprises: a. a cryout;b. a callout;c. an exception report;d. an unsolicited message; ande. combinations thereof. 4. The auditable cryptographic protected communication system of claim 1, wherein the enterprise data storage further comprises computer instructions to manage the multiplexed cryptopipe in real time 24 hours a day, 7 days a week performing multiplexed and demultiplexed communications between the enterprise server and the virtual cryptographic module. 5. The auditable cryptographic protected communication system of claim 1, wherein the physical cryptographic module further comprising computer instructions to manage the multiplexed cryptopipe in real time 24 hours a day, 7 days a week performing multiplexed and demultiplexed communications between the enterprise server and the virtual cryptographic module. 6. The auditable cryptographic protected communication system of claim 1, further comprising computer instructions in the enterprise data storage to present the status and errors related to the multiplexed cryptopipe in real time 24 hours a day, 7 days a week tracking the multiplexed communication, demultiplexed communication, and combinations thereof; between the enterprise server and the physical cryptographic module as an executive dashboard viewable by a user. 7. The auditable cryptographic protected communication system of claim 1, further comprising a security enclosure around each physical cryptographic module with connected industrial device creating a tamperproof environment. 8. The auditable cryptographic protected communication system of claim 7, further comprising a tamper detection means connected to the security enclosure, wherein the tamper detection means comprises a sensor, a processor connected to the sensor and a tamper detection means data storage connected to the processor, wherein the tamper detection data storage comprises: a. computer instructions that detect when the security enclosure is opened;b. computer instructions that provide an audible alarm when computer instructions indicate the security enclosure is open;c. computer instructions provide a visual alarm when computer instructions indicate the security enclosure is open; andd. computer instructions activate a digital alarm and notification system that provides a message to a user via a network that computer instructions have detected that the security enclosure is open. 9. The auditable cryptographic protected communication system of claim 3, wherein the cryout is an electronic messaging alarm, an activated automated phone call, an exception report, a text message, an email or combinations thereof. 10. The auditable cryptographic protected communication system of claim 1, wherein the enterprise data storage comprises a library of cryptographic module protocols for out-of-band communication with the cryptographic manager tool. 11. The auditable cryptographic protected communication system of claim 1, wherein the library of virtual cryptographic module settings includes a member of the group consisting of: a pipe local IP address, pipe time outs, a pipe remote IP address, a pipe buffer size, a pipe listen IP address, a local port, a remote port, a pipe protocol, a pipe auto-enable, and combinations thereof. 12. The auditable cryptographic protected communication system of claim 1, wherein the library of physical cryptographic module settings includes a member of the group consisting of: a tag, a mac address, a lock status, a host port, a device port, closed connection time outs, inter-character time outs, a graphic user ID (GUID), a date created, a date last synched, a number of synchronization, a serial number, a status flag, a status string, a note, and combinations thereof. 13. The auditable cryptographic protected communication system of claim 12, wherein the host port is an RS232 port, an RS485 port, an RS422 port, an Ethernet port, a TCPIP port, or a mesh radio network port. 14. The auditable cryptographic protected communication system of claim 12, wherein the device port is an RS232 port, an RS485 port, an RS422 port, an Ethernet port, a TCPIP port, or a mesh radio network port. 15. The auditable cryptographic protected communication system of claim 1, wherein the out-of-band encrypted log information with status and measurement data from the physical cryptographic module comprises performance information and information that indicates a breach of security simultaneously. 16. The auditable cryptographic protected communication system of claim 1, wherein the enterprise server communicates with the plurality of industrial devices over a plurality of different networks simultaneously, consecutively, or combinations thereof or from a computing cloud, or combinations thereof. 17. The auditable cryptographic protected communication system of claim 16, wherein the plurality of different networks simultaneously, consecutively or combinations thereof comprise: a radio/cellular network, a worldwide network, satellite network, a corporate network, and a local area control network. 18. The auditable cryptographic protected communication system of claim 1, wherein the physical cryptographic module data storage further comprises computer instructions for receiving and encrypting in-band plain text logs from an industrial device forming received in-band encrypted logs. 19. The auditable cryptographic protected communication system of claim 18, wherein the physical cryptographic module data storage further comprises computer instructions for transmitting the received in-band encrypted logs to the enterprise server. 20. The auditable cryptographic protected communication system of claim 19, wherein the enterprise data storage further comprises computer instructions for copying the received in-band encrypted logs forming additional received in-band encrypted logs, and for passing one of the received in-band encrypted logs through the enterprise server forming tamper resistant received in-band encrypted logs, and for decrypting the other received in-band encrypted logs.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (27)
Kelly,Joseph P.; Yannacone, Jr.,Victor John; Cerchione, deceased,Angelo J., Collection and distribution of maritime data.
Blackett, Andrew W.; Gilbert, Bryan J.; Van Gorp, John C.; Teachman, Michael E.; Yeo, Jeffrey W., Communications architecture for intelligent electronic devices.
Hawkes,Philip Michael; Hsu,Raymond T.; Rezaiifar,Ramin; Rose,Gregory G.; Bender,Paul E.; Wang,Jun; Quick, Jr.,Roy Franklin; Mahendran,Arungundram C.; Agashe,Parag A., Method and apparatus for security in a data processing system.
Lewis Robert W. ; Tanner Matthew A. ; Walker Timothy K., Object-oriented computer program, system, and method for developing control schemes for facilities.
Davis, Jay; Zak, Michael; Ruditsky, Sasha; Levent-Levi, Tsahi, Systems, methods, and media for retransmitting data using the secure real-time transport protocol.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.