CN104322038B - 用于增强控制系统安全性的系统和方法 - Google Patents

用于增强控制系统安全性的系统和方法 Download PDF

Info

Publication number
CN104322038B
CN104322038B CN201480001306.7A CN201480001306A CN104322038B CN 104322038 B CN104322038 B CN 104322038B CN 201480001306 A CN201480001306 A CN 201480001306A CN 104322038 B CN104322038 B CN 104322038B
Authority
CN
China
Prior art keywords
user
mapping
opcua
server
certificate
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201480001306.7A
Other languages
English (en)
Chinese (zh)
Other versions
CN104322038A (zh
Inventor
S.J.布朗
R.W.肖
J.M.埃默里
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
General Electric Company PLC
Original Assignee
General Electric Co
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by General Electric Co filed Critical General Electric Co
Publication of CN104322038A publication Critical patent/CN104322038A/zh
Application granted granted Critical
Publication of CN104322038B publication Critical patent/CN104322038B/zh
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates
    • G06F21/335User authentication using certificates for accessing specific resources, e.g. using Kerberos tickets
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B11/00Automatic controllers
    • G05B11/01Automatic controllers electric
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/102Entity profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S40/00Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
    • Y04S40/18Network protocols supporting networked applications, e.g. including control of end-device applications over a network
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S40/00Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
    • Y04S40/20Information technology specific aspects, e.g. CAD, simulation, modelling, system security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computing Systems (AREA)
  • Software Systems (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Automation & Control Theory (AREA)
  • Testing And Monitoring For Control Systems (AREA)
CN201480001306.7A 2013-01-24 2014-01-07 用于增强控制系统安全性的系统和方法 Active CN104322038B (zh)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US13/749,670 2013-01-24
US13/749,670 US8997186B2 (en) 2013-01-24 2013-01-24 System and method for enhanced control system security
PCT/US2014/010454 WO2014116411A1 (en) 2013-01-24 2014-01-07 System and method for enhanced control system security

Publications (2)

Publication Number Publication Date
CN104322038A CN104322038A (zh) 2015-01-28
CN104322038B true CN104322038B (zh) 2016-04-27

Family

ID=50073425

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201480001306.7A Active CN104322038B (zh) 2013-01-24 2014-01-07 用于增强控制系统安全性的系统和方法

Country Status (5)

Country Link
US (1) US8997186B2 (enExample)
EP (1) EP2865168B1 (enExample)
JP (1) JP6605959B2 (enExample)
CN (1) CN104322038B (enExample)
WO (1) WO2014116411A1 (enExample)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11592798B2 (en) 2017-01-16 2023-02-28 Sicpa Holding Sa Systems and methods for controlling production and/or distribution lines

Families Citing this family (22)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2825922A1 (en) * 2012-03-15 2015-01-21 Schneider Electric Industries SAS Device address management in an automation control system
US20140228976A1 (en) * 2013-02-12 2014-08-14 Nagaraja K. S. Method for user management and a power plant control system thereof for a power plant system
US9058470B1 (en) * 2013-03-04 2015-06-16 Ca, Inc. Actual usage analysis for advanced privilege management
US10114939B1 (en) * 2014-09-22 2018-10-30 Symantec Corporation Systems and methods for secure communications between devices
TR201906576T4 (tr) * 2015-03-27 2019-05-21 Buehler Ag Geb Adapte edilebilir çapraz tesis kontrolü ve yönlendirme sistemi ve ilgili yöntemi.
DE102015205833A1 (de) * 2015-03-31 2016-10-06 Siemens Aktiengesellschaft Einweg-Koppelvorrichtung, Anfrageeinrichtung und Verfahren zum rückwirkungsfreien Übertragen von Daten
US20180203437A1 (en) 2015-04-17 2018-07-19 Tulip Interfaces, Inc. Containerized communications gateway
EP3402152B1 (de) * 2017-05-08 2019-10-16 Siemens Aktiengesellschaft Anlagenspezifisches, automatisiertes zertifikatsmanagement
KR101803919B1 (ko) * 2017-05-19 2017-12-04 주식회사 에스알에너지 에너지 통합 모니터링 장치, 그 방법 및 에너지 통합 모니터링을 하기 위한 프로그램을 저장하는 저장매체
US10735966B2 (en) * 2017-08-30 2020-08-04 General Electric Company Cloud enrollment initiation via separate device
DE102018101203A1 (de) * 2018-01-19 2019-07-25 Wago Verwaltungsgesellschaft Mbh Automatisierungsgerät und Verfahren zum optimierten Zugriff auf eine Variable
EP3585028A1 (de) 2018-06-20 2019-12-25 Siemens Aktiengesellschaft Verfahren zur anbindung eines endgerätes in eine vernetzbare rechner-infrastruktur
EP3585027B1 (de) * 2018-06-20 2021-11-03 Siemens Aktiengesellschaft Verfahren zur anbindung eines endgerätes an eine vernetzbare rechner-infrastruktur
CN108829321A (zh) * 2018-06-22 2018-11-16 珠海市君天电子科技有限公司 页面的快速编辑方法、装置及电子设备
US11057240B2 (en) 2018-12-20 2021-07-06 Rolls-Royce North American Technologies Inc. Method and process for securing an executable image
EP3672197A1 (en) * 2018-12-20 2020-06-24 Rolls-Royce Corporation Secure engine communication
CN109831354B (zh) * 2019-01-22 2020-08-21 浙江工业大学 基于opc ua工业通讯协议的虚拟调试系统
US11837100B2 (en) * 2019-06-29 2023-12-05 Rumfert, Llc Method and system for pre-flight programming of a remote identification (remote ID) system for monitoring the flight of an unmanned aircraft system (UAS) in the national airspace system (NAS)
EP3820105B1 (de) * 2019-11-11 2023-03-15 Siemens Aktiengesellschaft Verfahren und system zur sicheren zeitsynchronisation
CN111600739B (zh) * 2020-03-31 2022-08-02 吉利汽车研究院(宁波)有限公司 Opc ua地址空间模型中关联节点的同步更新方法
EP3907960B1 (en) * 2020-05-07 2024-07-03 ABB Schweiz AG Method of enabling a secure communication to a target device over a network
EP3952201A1 (en) 2020-08-07 2022-02-09 ABB Schweiz AG Trust establishment through certificate management in open platform communications unified architecture

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101026481A (zh) * 2006-02-21 2007-08-29 华为技术有限公司 一种集中用户安全管理方法及装置
CN101060520A (zh) * 2006-04-21 2007-10-24 盛趣信息技术(上海)有限公司 基于Token的SSO认证系统

Family Cites Families (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5774652A (en) 1995-09-29 1998-06-30 Smith; Perry Restricted access computer system
DE69736283T2 (de) 1996-03-22 2007-06-28 Actividentity Europe S.A. Zugangskontrollsystem zu einer funktion, in der die chiffrierung mehrere dynamische veränderliche enthält
JP2002135867A (ja) * 2000-10-20 2002-05-10 Canon Inc 遠隔操作システム
JP2005157845A (ja) * 2003-11-27 2005-06-16 Mitsubishi Electric Corp サーバシステム、クライアントサーバシステム、及びクライアントサーバシステムへのログイン方法
WO2005069823A2 (en) 2004-01-15 2005-08-04 Jun Song Centralized transactional security audit for enterprise systems
JP2006119860A (ja) * 2004-10-21 2006-05-11 Hitachi Kiden Kogyo Ltd プラント設備における操作認証システム
JP4807562B2 (ja) 2005-11-25 2011-11-02 横河電機株式会社 プラント制御システム
US7652990B2 (en) * 2005-11-29 2010-01-26 Alcatel-Lucent Usa Inc. Method and apparatus for providing quality of service level in broadband communications systems
JP5003118B2 (ja) 2006-11-27 2012-08-15 横河電機株式会社 制御システム及びマルチキャスト通信方法
US20100031321A1 (en) 2007-06-11 2010-02-04 Protegrity Corporation Method and system for preventing impersonation of computer system user
DE102007062985B4 (de) 2007-12-21 2014-01-02 Abb Research Ltd. Verfahren und Einrichtung zur Kommunikation gemäß dem Standardprotokoll OPC UA in einem Client-Server-System
DE102008011191A1 (de) 2008-02-26 2009-08-27 Abb Research Ltd. Client/Server-System zur Kommunikation gemäß dem Standardprotokoll OPC UA und mit Single Sign-On Mechanismen zur Authentifizierung sowie Verfahren zur Durchführung von Single Sign-On in einem solchen System
US8121707B2 (en) 2009-04-14 2012-02-21 General Electric Company Method for download of sequential function charts to a triple module redundant control system
US8387145B2 (en) 2009-06-08 2013-02-26 Microsoft Corporation Blocking malicious activity using blacklist
US9122764B2 (en) * 2010-03-24 2015-09-01 Fisher-Rosemount Systems, Inc. Methods and apparatus to access process data stored on a server

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101026481A (zh) * 2006-02-21 2007-08-29 华为技术有限公司 一种集中用户安全管理方法及装置
CN101060520A (zh) * 2006-04-21 2007-10-24 盛趣信息技术(上海)有限公司 基于Token的SSO认证系统

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11592798B2 (en) 2017-01-16 2023-02-28 Sicpa Holding Sa Systems and methods for controlling production and/or distribution lines

Also Published As

Publication number Publication date
US20140208390A1 (en) 2014-07-24
CN104322038A (zh) 2015-01-28
JP2016506002A (ja) 2016-02-25
EP2865168A1 (en) 2015-04-29
JP6605959B2 (ja) 2019-11-13
US8997186B2 (en) 2015-03-31
EP2865168B1 (en) 2016-06-29
WO2014116411A1 (en) 2014-07-31

Similar Documents

Publication Publication Date Title
CN104322038B (zh) 用于增强控制系统安全性的系统和方法
US10419413B2 (en) Systems and methods for secure operation of an industrial controller
JP5593416B2 (ja) コントローラを保護するためのシステムおよび方法
US11627151B2 (en) Industrial asset cyber-attack detection algorithm verification using secure, distributed ledger
US8321933B2 (en) Securing electronic control unit code
JP6370092B2 (ja) 航空プラットフォームにおけるサイバーセキュリティ脅威の分析に使用する方法及びシステム
JP6285107B2 (ja) 工業制御システムに対するセキュリティ事象をロギングするためのシステムおよび方法
US20140040431A1 (en) Systems and methods for an opc ua server
US8484752B2 (en) Verifying authenticity of electronic control unit code
JP2014238830A (ja) アプリケーション開発及び展開のためのシステム及び方法
CN105518549B (zh) 用于将自动化控制系统对接到外部系统的系统和方法
CN103377328A (zh) 用于控制工业控制系统的文件执行的系统和方法
US8972797B2 (en) System and method for application debugging
EP2657802A2 (en) System and method for configuration and management of power plant assets
CN115967510A (zh) 基于工业互联网的远程设备运维系统和方法
WO2006137126A1 (ja) 雛形プログラム管理サーバ、雛形プログラム管理システム及び雛形プログラム管理ネットワーク

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20231227

Address after: Swiss Baden

Patentee after: GENERAL ELECTRIC CO. LTD.

Address before: New York State, USA

Patentee before: General Electric Co.

TR01 Transfer of patent right