APPARATUS AND METHOD FOR ESTABLISHING SEAMLESS SECURE COMMUNICATIONS BETWEEN COMPONENTS IN AN INDUSTRIAL CONTROL AND AUTOMATION SYSTEM

摘要

A method includes establishing, using a connection policy at a first device, a security association with a second device of an industrial process control and automation system. The method also includes, once the security association is established, activating a process data policy at the first device. The security association is established during first and second types of negotiations. The process data policy is activated during the second type of negotiation without the first type of negotiation. The second type of negotiation is faster than the first type of negotiation. The connection policy defines a communication channel between the devices using a non-process communication port of the first device. The process data policy defines a communication channel between the devices for real-time industrial process data. The first type of negotiation could include an IKE main mode negotiation, and the second type of negotiation could include an IKE quick mode negotiation.

主权项

1. A method comprising:
establishing, using a connection policy at a first device, a security association with a second device of an industrial process control and automation system; and once the security association is established, activating a process data policy at the first device; wherein the security association is established during first and second types of negotiations and the process data policy is activated during the second type of negotiation without the first type of negotiation, the second type of negotiation faster than the first type of negotiation; wherein the connection policy defines a communication channel between the devices using a non-process communication port of the first device; and wherein the process data policy defines a communication channel between the devices for real-time industrial process data.