Systems, methods, and apparatus, including computer programs encoded on computer storage media, for facilitating secure communication. A system for facilitating secure communication includes an enterprise network, one or more operational technology networks, and a management server. Each of the oper
Systems, methods, and apparatus, including computer programs encoded on computer storage media, for facilitating secure communication. A system for facilitating secure communication includes an enterprise network, one or more operational technology networks, and a management server. Each of the operational technology networks can include one or more controller devices operable to control one or more operational devices, and can include a respective site security server and a respective security relay server. The security relay server can be operable to facilitate secure communication between controller devices of the operational technology network and its corresponding site security server. The management server can be a node on the enterprise network and can be operable to communicate with each site security server.
대표청구항▼
1. A system comprising: an enterprise network;one or more operational technology networks, each operational technology network including one or more controller devices, each controller device operable to control one or more operational devices within an operational technology network;for each of the
1. A system comprising: an enterprise network;one or more operational technology networks, each operational technology network including one or more controller devices, each controller device operable to control one or more operational devices within an operational technology network;for each of the one or more operational technology networks, a respective site security server and a respective security relay server, the site security server being a node on a perimeter network, the security relay server being a node on its respective operational technology network, and being operable to facilitate secure communication between the one or more controller devices of the operational technology network and its corresponding site security server, wherein the security relay server includes, for at least one controller device, a corresponding device emulator that is configured to handle communications with the at least one controller device when the at least one controller device is incapable of performing a cryptographic function; anda management server, the management server being a node on the enterprise network and being operable to communicate with each site security server. 2. The system of claim 1, wherein each site security sever includes a dedicated port for communication with the management server. 3. The system of claim 1, wherein communication between each site security server and the management server is encrypted. 4. The system of claim 1, wherein the management server is operable to aggregate information from each of the operational technology networks. 5. The system of claim 1, wherein the management server is operable to provide configuration data to each of the controller devices of each of the operational technology networks. 6. The system of claim 1, wherein the corresponding device emulator is a virtual security entity that is implemented by one or more software components of the security relay server. 7. A computer-implemented method for facilitating secure communication, the method being executed by one or more processors and comprising: providing, for presentation at an interface device, identification information related to controller devices of an operational technology network;receiving, from the interface device, a request for additional information related to each controller device of a selected subset of controller devices of the operational technology network;for each controller device of the selected subset of controller devices, generating a query corresponding to the request for additional information, including: (i) examining content associated with the request for additional information;(ii) determining that the request for additional information is of a valid format and that one or more parameters associated with the request are valid parameters; and(iii) translating the request for additional information into a query format that is recognizable by the controller device;encrypting the generated query and providing the encrypted query to a security relay server for the selected subset of controller devices, wherein the security relay server includes, for at least one controller device of the selected subset of controller devices, a corresponding device emulator that is configured to handle communications with the at least one controller device when the at least one controller device is incapable of decrypting the encrypted query, encrypting additional information, or both;receiving encrypted additional information related to the selected subset of controller devices, from the security relay server; anddecrypting and providing additional information related to the selected subset of controller devices for presentation at the interface device. 8. The computer-implemented method of claim 7, further comprising authenticating a user of the interface device, wherein providing identification information for presentation at the interface device includes providing information related to controller devices for which user access is authenticated. 9. The computer-implemented method of claim 7, wherein the request for additional information related to the selected subset of controller devices of the operational technology network is a request for production activity. 10. The computer-implemented method of claim 7, wherein the encrypted query is provided to the security relay server through a firewall. 11. The computer-implemented method of claim 7, wherein the encrypted additional information related to the selected subset of controller devices is received from the security relay server through a firewall. 12. The computer-implemented method of claim 7, further comprising aggregating the additional information related to the selected subset of controller devices and providing aggregated additional information for presentation at the interface device. 13. The computer-implemented method of claim 7, wherein the corresponding device emulator is a virtual security entity that is implemented by one or more software components of the security relay server. 14. A non-transitory computer-readable storage medium coupled to one or more processors and having instructions stored thereon which, when executed by the one or more processors, cause the one or more processors to perform operations for facilitating secure communication, the operations comprising: providing, for presentation at an interface device, identification information related to controller devices of an operational technology network;receiving, from the interface device, a request for additional information related to each controller device of a selected subset of controller devices of the operational technology network;for each controller device of the selected subset of controller devices, generating a query corresponding to the request for additional information, including: (i) examining content associated with the request for additional information;(ii) determining that the request for additional information is of a valid format and that one or more parameters associated with the request are valid parameters; and(iii) translating the request for additional information into a query format that is recognizable by the controller device;encrypting the generated query and providing the encrypted query to a security relay server for the selected subset of controller devices, wherein the security relay server includes, for at least one controller device of the selected subset of controller devices, a corresponding device emulator that is configured to handle communications with the at least one controller device when the at least one controller device is incapable of decrypting the encrypted query, encrypting additional information, or both;receiving encrypted additional information related to the selected subset of controller devices, from the security relay server; anddecrypting and providing additional information related to the selected subset of controller devices for presentation at the interface device. 15. The non-transitory computer-readable storage medium of claim 14, the operations further comprising authenticating a user of the interface device, wherein providing identification information for presentation at the interface device includes providing information related to controller devices for which user access is authenticated. 16. The non-transitory computer-readable storage medium of claim 14, wherein the request for additional information related to the selected subset of controller devices of the operational technology network is a request for production activity. 17. The non-transitory computer-readable storage medium of claim 14, wherein the encrypted query is provided to the security relay server through a firewall. 18. The non-transitory computer-readable storage medium of claim 14, wherein the encrypted additional information related to the selected subset of controller devices is received from the security relay server through a firewall. 19. The non-transitory computer-readable storage medium of claim 14, the operations further comprising aggregating the additional information related to the selected subset of controller devices and providing aggregated additional information for presentation at the interface device. 20. The non-transitory computer-readable storage medium of claim 14, wherein the corresponding device emulator is a virtual security entity that is implemented by one or more software components of the security relay server.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (29)
Redmond, Doug; McDaniel, Ray; Sallee, Duane, Classification and web-based presentation of oil and gas SCADA data.
Blackett, Andrew W.; Gilbert, Bryan J.; Van Gorp, John C.; Teachman, Michael E.; Yeo, Jeffrey W., Communications architecture for intelligent electronic devices.
Swales Andrew G. ; Papadopoulos A. Dean ; Tanzman Allan, System for a modular terminal input/output interface for communicating messaging application layer over encoded ethernet to transport layer.
Chandramohan, Vijay; Jain, Sushant; Kumar, Alok; Raghuraman, Anand, Systems and methods for testing a central controller in a centrally managed network.
Nix, John A., Systems and methods for “machine-to-machine” (M2M) communications between modules, servers, and an application using public key infrastructure (PKI).
※ AI-Helper는 부적절한 답변을 할 수 있습니다.