Techniques for securing a device for use in or with a process plant include provisioning the device with a key generated at least in part from data indicative of necessary conditions and/or attributes that must be met before the device is allowed access to a network of the process plant. Upon initia
Techniques for securing a device for use in or with a process plant include provisioning the device with a key generated at least in part from data indicative of necessary conditions and/or attributes that must be met before the device is allowed access to a network of the process plant. Upon initialization, the device determines, based on the key, whether or not the necessary conditions are met, and the device isolates itself or accesses the process control network accordingly. Keys and the necessary conditions/attributes indicated therein may be based on, for example, location, time, context, customer, supplier, particular plant, manufacturer, user, data type, device type, and/or other criteria. Additionally, sub-keys associated with a key may be generated from another set of necessary conditions/attributes. Sub-keys may be provided by a different entity than the key provider entity.
대표청구항▼
1. A process control device for use in a process control plant, the process control device comprising: a processor;a non-volatile memory storing data indicative of a set of necessary attributes that are required for the process control device to be allowed to communicate with another device using a
1. A process control device for use in a process control plant, the process control device comprising: a processor;a non-volatile memory storing data indicative of a set of necessary attributes that are required for the process control device to be allowed to communicate with another device using a network of the process control plant, the set of necessary attributes being descriptive of an environment of the process control plant in which the process control device is allowed to communicate with the another device, and the process control plant including at least one field device that performs a respective physical function to control one or more processes executing within the process control plant; andcomputer-executable instructions stored on the non-volatile memory or on another memory of the process control device, the computer-executable instructions being executable by the processor after a boot up of the process control device and prior to the process control device communicating with any other device to at least one of: (i) configure the process control device, or (ii) at least one of transmit or receive data used to control at least one of the one or more processes in the process control plant,wherein the computer-executable instructions, when executed by the processor, cause the process control device to: determine a set of current attributes of a current environment of the process control plant in which the process control device is located after the boot up,determine, based on the data indicative of the set of necessary attributes, whether or not the set of current attributes of the current environment of the process control plant in which the process control device is located adheres to the set of necessary attributes,when the set of current attributes adheres to the set of necessary attributes, allow the process control device to communicate with the another device to at least one of:(i) configure the process control device, or (ii) at least one of transmit or receive real-time data to cause the at least one of the one or more processes to be controlled, and when the set of current attributes does not adhere to the set of necessary attributes, prevent the process control device from communicating with the another device to at least one of: (i) configure the process control device, or (ii) at least one of transmit or receive the real-time data to cause the at least one of the one or more processes to be controlled;wherein the process control device is one of: a field device that performs a respective physical function to control the at least one of the one or more processes executing within the process control plant, a process controller that transmits to or receives from the field device signals corresponding to respective physical function of the field device, or an input/output (I/O) card communicatively connecting the field device and the process controller; andwherein a downloaded configuration configures the process control device with a definition of a behavior of the process control device to control, in conjunction with one or more other process control devices, the at least one of the one or more processes executing within the process control plant when the set of current attributes adheres to the set of necessary attributes. 2. The process control device of claim 1, further comprising a geo-spatial receiver, and wherein: the computer-executable instructions are further executable by the processor to cause the process control device to determine, using the geo-spatial receiver, a current geo-spatial position of process control device, andthe set of necessary attributes corresponding to the environment of the process control plant in which the process control device is located includes a particular geo-spatial area. 3. The process control device of claim 2, wherein: the computer-executable instructions are further executable to cause the process control device to determine a current time, andthe set of necessary attributes corresponding to the environment of the process control plant in which the process control device is located further include a particular time interval corresponding to the particular geo-spatial area. 4. The process control device of claim 1, wherein the non-volatile memory is provisioned with a key for use for use in authenticating the process control device to the network of the process control plant, the key is generated based on a seed, the seed comprises key generation data and a number that is randomly generated or pseudo-randomly generated, and the key generation data is indicative of the set of necessary attributes that are required for the process control device to be allowed to communicate with the another device using the network of the process control plant. 5. The process control device of claim 4, wherein: the key provisioned into the non-volatile memory of the process control device is an encrypted key,the encrypted key is generated by encrypting an unencrypted key, andthe seed is used to generate the unencrypted key. 6. The process control device of claim 4, further comprising additional computer executable instructions that, when executed by the processor, cause the process control device to authenticate with the another device or with a certificate authority using the key provisioned into the non-volatile memory after the set of current attributes have been determined to adhere to the set of necessary attributes and prior to the process control device communicating with the another device to at least one of: (i) configure the device, or (ii) at least one of transmit or receive the real-time data to cause the at least one of the one or more processes to be controlled. 7. The process control device of claim 1, wherein at least a portion of the transmitted or received real-time data is included in a content of a message, and wherein data included in a message integrity field of the message to validate the content of the message is based on the key or is based on a sub-key generated based on the key. 8. The process control device of claim 1, wherein the set of necessary attributes includes at least one of: a type of data transmitted by the process control device to control the at least one of the one or more processes, a type of data received by the process control device to control the at least one of the one or more processes, a manufacturer of the process control device, an identification of the process control plant, an identification of an area of the process control plant, an identification of an organizational entity operating the process control plant, or an identification of a country in which the process control plant is located. 9. The process control device of claim 8, wherein the set of necessary attributes further includes an attribute of a user. 10. The process control device of claim 1, further comprising an interface communicatively connecting the process control device to a centralized or distributed big data appliance, and wherein the process control device provides the real-time data to the centralized or distributed big data appliance.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (63)
Brandt, David D.; Bush, Michael A.; Batke, Brian A.; Anderson, Mark B.; Shearer, Jeffrey A.; Anderson, Craig D., Access control method for disconnected automation systems.
Baier, John J.; Jasper, Taryl J.; Campbell, John T.; McGreevy, Robert J.; Palmieri, Jr., Frank Anthony; Herbst, Robert J., Adaptive industrial systems via embedded historian data.
Tambascio, Kevin; Hall, Kenwood H.; Baier, John J.; Dorgelo, Eric G.; Rischar, Charles M.; Johnson, David K., Alarm/event encryption in an industrial environment.
Baier, John J.; Jasper, Taryl J.; Campbell, John T.; McGreevy, Robert J.; Palmieri, Jr., Frank Anthony; Herbst, Robert J., Contextualization for historians in industrial systems.
Campbell, Jr., John T.; Glavach, Mark A.; Miller, Scott A.; Overstreet, Keith A.; Sadowski, Randall P.; Sturrock, David T., Data mining of unfiltered controller data.
Baier, John Joseph; Bromley, Clifton Harold; Hobbs, Mark; Schouten, Teunis Hendrik; Reichard, Douglas James; Gordon, Kevin George; Jasper, Taryl Jon; McGreevy, Robert Joseph; Fuller, Bruce Gordan, Dynamically generating visualizations in industrial automation environment as a function of context and state information.
Jones, Derek W.; Dogul, James E.; Galera, Richard; Rollins, George E.; Schuster, George K.; Nair, Suresh; Delcher, Ray C., Electronic token to provide sequential event control and monitoring.
Gilbert, Stephen; Beoughter, Ken J.; Lucas, J. Michael; Tennyson, Hao; Nixon, Mark J., Graphic element with multiple visualizations in a process environment.
Lucas, John Michael; Nixon, Mark J.; Zhou, Ling; Enver, Alper T.; Webb, Arthur, Graphics integration into a process configuration and control environment.
Baier, John Joseph; Gordon, Kevin George; Hobbs, Mark David; Fevang, Monte Leroy; Schouten, Teunis Hendrik; Kui, Karen, Human-machine interface support of remote viewing sessions.
Tanikoshi Koichiro (Hitachi JPX) Tani Masayuki (Hitachinaka JPX) Yamaashi Kimiya (Hitachi JPX) Uchigasaki Harumi (Hitachinaka JPX) Futakawa Masayasu (Hitachi JPX) Horita Masato (Hitachi JPX) Kuzunuki, Information terminal system getting information based on a location and a direction of a portable terminal device.
Cook, Colin N.B.; Saxby, Donald T.; Johnson, Randall C., Method and apparatus for providing enhanced resolution display for display telephones and PDAs.
Kretschmann Robert J., Mobile human/machine interface for use with industrial control systems for controlling the operation of process executed on spatially separate machines.
Nick, Mitchell R.; Nault, Chandler C.; O'Brien, Nick; Teff, Michael G.; Biba, Scott I.; Younger, Charles T.; Schweitzer, Chad, Navigation aid for low-visibility environments.
Nixon Mark ; Jundt Larry O. ; Havekost Robert B. ; Ottenbacher Ron, Process control system for monitoring and displaying diagnostic information of multiple distributed devices.
Nixon Mark ; Havekost Robert B. ; Jundt Larry O. ; Stevenson Dennis ; Ott Michael G. ; Webb Arthur,GBX ; Lucas Mike,GBX ; Hoffmaster James, Process control system for versatile control of multiple process devices of various device types.
Nixon Mark ; Krivoshein Ken D. ; Shepard John R. ; Christensen Dan D. ; Schleiss Duncan, Process control system including a method and apparatus for automatically sensing the connection of devices to a network.
Nixon Mark ; Havekost Robert B. ; Jundt Larry O. ; Stevenson Dennis ; Ott Michael G. ; Webb Arthur,GB2 ; Lucas Mike,GB2, Process control system user interface including selection of multiple control languages.
Nixon Mark ; Havekost Robert B. ; Jundt Larry O. ; Ott Michael G. ; Webb Arthur,GBX ; Stevenson Dennis ; Lucas Mike,GBX ; Beoughter Ken J., Process control system using a control strategy implemented in a layered hierarchy of control modules.
Nixon Mark ; Havekost Robert B. ; Jundt Larry O. ; Stevenson Dennis ; Ott Michael G. ; Webb Arthur,GBX ; Lucas Mike,GBX, Process control system using a process control strategy distributed among multiple control elements.
Nixon Mark ; Havekost Robert B. ; Jundt Larry O. ; Stevenson Dennis ; Ott Michael G. ; Webb Arthur,GBX ; Lucas Mike,GBX, Process control system using a process control strategy distributed among multiple control elements.
Nixon Mark ; Havekost Robert B. ; Jundt Larry O. ; Stevenson Dennis ; Ott Michael G. ; Webb Arthur,GB2 ; Lucas Mike,GB2, Process control system using standard protocol control of standard devices and nonstandard devices.
Nixon Mark ; Havekost Robert B. ; Jundt Larry O. ; Stevenson Dennis ; Ott Michael G. ; Webb Arthur,GBX ; Lucas Mike,GBX, Process control system using standard protocol control-of standard devices and non-standard devices.
Chand, Sujeet; Farchmin, David W.; Baier, John J.; Kalan, Michael D.; Marquardt, Randall A.; Morse, Richard A.; Briant, Stephen C., Scalable and flexible information security for industrial automation.
Govrin, David; Peer, Boaz; Sosna, David; Greenberg, Guy, System and method for analyzing and utilizing data, by executing complex analytical models in real time.
Grewal,Ardaman S.; Hamilton,Jeffery L., System and methodology facilitating data warehousing of controller images in a distributed industrial controller environment.
Batke, Brian Alan; Baier, John Joseph; Morse, Richard Alan; Callaghan, David Michael, System and methodology providing multi-tier security for network data with industrial control components.
Batke, Brian Alan; Baier, John Joseph; Morse, Richard Alan; Callaghan, David Michael, System and methodology providing multi-tier-security for network data exchange with industrial control components.
Shi, Yurong; Richardson, David Alan; Brown, Russell Clinton; Likes, Donald Craig; Patty, Richard Bruce, System and software for data collection and process control in semiconductor manufacturing and method thereof.
Nixon, Mark J.; Ott, Michael G.; Jundt, Larry O.; Lucas, John Michael; Stevenson, Dennis L.; Stevenson, legal representative, Nancy, System for configuring a process control environment.
Paul F. McLaughlin ; Jethro F. Steinman ; Ken Gorman ; Muslim G. Kanji ; Joseph P. Felix, Systems and methods for accessing data using a cyclic publish/subscribe scheme with report by exception.
Wilkinson, Jr., John C.; Hall, Kenwood Henry; Jasper, Taryl Jon; Kalan, Michael Dean, Unique identification of entities of an industrial control system.
Nixon, Mark J.; Blevins, Terrence L.; Christensen, Daniel D.; Muston, Paul Richard; Beoughter, Ken J., Collecting and delivering data to a big data machine in a process control system.
Nixon, Mark J.; Blevins, Terrence L.; Christensen, Daniel D.; Muston, Paul Richard; Beoughter, Ken J., Collecting and delivering data to a big data machine in a process control system.
Nixon, Mark J.; Blevins, Terrence L.; Christensen, Daniel D.; Muston, Paul Richard; Beoughter, Ken J., Collecting and delivering data to a big data machine in a process control system.
Nixon, Mark J.; Blevins, Terrence; Christensen, Daniel Dean; Muston, Paul Richard; Beoughter, Ken, Collecting and delivering data to a big data machine in a process control system.
Zornio, Peter; Nixon, Mark J.; Wojsznis, Wilhelm K.; Lucas, Michael J.; Muston, Paul R.; Rotvold, Eric D.; Blevins, Terrence L.; Law, Gary K., Data pipeline for process control system analytics.
Blevins, Terrence L.; Wojsznis, Wilhelm K.; Nixon, Mark J.; Muston, Paul Richard, Determining associations and alignments of process elements and measurements in a process.
Nixon, Mark J.; Beoughter, Ken J.; Christensen, Daniel D., Method and apparatus for seamless state transfer between user interface devices in a mobile control room.
Nixon, Mark J.; Beoughter, Ken J.; Christensen, Daniel D., Method and apparatus for seamless state transfer between user interface devices in a mobile control room.
Nixon, Mark J.; Beoughter, Ken J.; Christensen, Daniel D., Method and apparatus for seamless state transfer between user interface devices in a mobile control room.
Zornio, Peter; Nixon, Mark J.; Wojsznis, Wilhelm K.; Lucas, J. Michael; Rotvold, Eric D.; Blevins, Terrence L.; Muston, Paul Richard; Law, Gary K., Regional big data in process control systems.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.