| 发明名称 |
Control System Security Appliance |
| 摘要 |
A widespread security strategy for industrial control networks is physical isolation of the network, also known as an “air gap.” But the network might still be infected with unauthorized software if, say, an infected USB drive were to be plugged into one of the network's computers. The invention relates to a security module placed between the network and a device in the network. Each security module in the network mimics the Internet protocol (IP) configuration of its protected device. Each security module includes a private encryption key and a signed public key that it automatically shares with other security modules discovered on the network. These keys permit the security module to perform asymmetric point-to-point encryption of traffic from the protected device to the corresponding security module for a target device node and to detect (and thus block) unauthorized devices. |
| 申请公布号 |
US2014298008(A1) |
申请公布日期 |
2014.10.02 |
| 申请号 |
US201313851597 |
申请日期 |
2013.03.27 |
| 申请人 |
National Oilwell Varco, L.P. |
发明人 |
Hulick Kent Erin |
| 分类号 |
H04L29/06 |
主分类号 |
H04L29/06 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A method—executed by a SECURITY MODULE (200) in an industrial control NETWORK (100)—of processing an INFORMATION STREAM for possible delivery to a DEVICE (105), referred to as a protected device;
in which the information stream consists of one or more PORTIONS; and in which the method comprises the following: (a) The security module receives the information stream from the network; (b) The security module tests for one or more of the following conditions and, if such testing indicates that a tested condition exists, then the security module discards the information stream:
(1) whether the information stream is not addressed to the protected device;(2) whether the source of the information stream does not match any listed source in a list of allowed sources; and(3) whether the information stream has been modified in transit; (c) For each of one or more portions of the information stream, the security module tests for one or more of the following conditions and, if such testing indicates that any of the tested conditions is present, then the security module discards that portion of the information stream:
(1) whether that portion of the information stream does not conform to any listed industrial COMMUNICATIONS PROTOCOL in a list of allowed protocols; and(2) whether the information content of that portion of the information stream includes one or more INSTRUCTIONS for the protected device; and (d) The security module sends the contents of the undiscarded portions of the information stream, if any, to the protected device. |
| 地址 |
US |
