| 发明名称 |
Securing Devices to Process Control Systems |
| 摘要 |
Techniques for securing a device for use in or with a process plant include provisioning the device with a key generated at least in part from data indicative of necessary conditions and/or attributes that must be met before the device is allowed access to a network of the process plant. Upon initialization, the device determines, based on the key, whether or not the necessary conditions are met, and the device isolates itself or accesses the process control network accordingly. Keys and the necessary conditions/attributes indicated therein may be based on, for example, location, time, context, customer, supplier, particular plant, manufacturer, user, data type, device type, and/or other criteria. Additionally, sub-keys associated with a key may be generated from another set of necessary conditions/attributes. Sub-keys may be provided by a different entity than the key provider entity. |
| 申请公布号 |
US2016327942(A1) |
申请公布日期 |
2016.11.10 |
| 申请号 |
US201615212399 |
申请日期 |
2016.07.18 |
| 申请人 |
FISHER-ROSEMOUNT SYSTEMS, INC. |
发明人 |
Nixon Mark J.;Beoughter Ken J.;Christensen Daniel D.;Chen Deji;Moore, JR. James H. |
| 分类号 |
G05B19/418;H04L9/08;H04L9/32 |
主分类号 |
G05B19/418 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A method for securing devices in a process control plant, the method comprising:
determining, at a computing device, a seed used to generate a key, the seed at least partially based on a number that is randomly generated or pseudo-randomly generated; determining, at the computing device, key generation data, wherein:
the key generation data is indicative of a set of necessary conditions that are required for a host device that is provisioned with the key to communicate using a network of the process control plant to at least one of: (i) configure the host device, (ii) transmit real-time data to cause a process to be controlled in the process control plant, or (iii) receive real-time data to cause the process to be controlled, andthe set of necessary conditions includes one or more characteristics of an environment in which the host device is able to be located; generating, at the computing device, the key from the seed and the key generation data; and causing, by the computing device, a process control device to be provisioned with the generated key so that the provisioned process control device is the host device, and so that the provisioned process control device authenticates to the network using the generated key and based on a comparison of the set of necessary conditions and a set of current conditions corresponding to a current environment in which the provisioned process control device is located upon boot-up. |
| 地址 |
Round Rock TX US |
