Video surveillance systems using out of band key exchange
US-12177293-B2 · Dec 24, 2024 · US
Apparatus and method for establishing secure communication with redundant device after switchover
US9961054B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9961054-B2 |
| Application number | US-201414311572-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jun 23, 2014 |
| Priority date | Jan 29, 2014 |
| Publication date | May 1, 2018 |
| Grant date | May 1, 2018 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A method includes transitioning a device in an industrial process control and automation system from a secondary role to a primary role during a switchover and, in response to the switchover, clearing one or more security values stored by the device. The method also includes receiving a message at the device from a network node and, in response to determining that no security association is associated with the received message or the network node, exchanging security credentials and establishing a trust relationship with the network node. Transitioning the device includes assuming a network address of another device that previously operated in the primary role, that previously communicated with the network node, and that previously had a security association with the network node. Clearing the security value(s) can prevent the device from having the trust relationship associated with the network node when the device receives the message from the network node.
First claim
Opening claim text (preview).
What is claimed is: 1. A method comprising: detecting, at a first device, a failure associated with a second device that operated in a primary role, communicated with a network node in an industrial process control and automation system, and had a security association with the network node; prior to a switchover, synchronizing the first device with the second device as the second device communicates with the network node; in response to detecting the failure, transitioning the first device from a secondary role to the primary role during the switchover and clearing one or more security values stored by the first device and used while in the secondary role; receiving a message at the first device from the network node; and in response to determining that no security association is associated with the received message or the network node, exchanging security credentials and establishing a trust relationship with the network node; wherein transitioning the first device comprises assuming a network address of the second device. 2. The method of claim 1 , wherein clearing the one or more security values comprises: flushing one or more Security Parameters Index (SPI) values, one or more authentication keys, and one or more communication policies from at least one memory of the first device. 3. The method of claim 1 , wherein: receiving the message comprises receiving an encapsulation security payload from the network node; and the method further comprises determining that no security association is associated with the received encapsulation security payload. 4. The method of claim 1 , wherein establishing the trust relationship comprises establishing the trust relationship using Internet Protocol Security (IPsec). 5. The method of claim 1 , wherein the security credentials comprise one or more authentication keys. 6. The method of claim 1 , wherein clearing the one or more security values prevents the first device from having the trust relationship associated with the network node when the first device receives the message from the network node. 7. The method of claim 1 , wherein the first device comprises one of a redundant set of process controllers or servers. 8. A device comprising: at least one memory configured to store one or more security values; and at least one processing device configured to: detect a failure associated with a second device that operated in a primary role, communicated with a network node in an industrial process control and automation system, and had a security association with the network node, wherein the at least one processing device is configured to synchronize the device with the second device as the second device communicates with the network node prior to a switchover; in response to detecting the failure, transition the device from a secondary role to the primary role during the switchover and clear the one or more security values, the one or more security values used while in the secondary role; receive a message from the network node; and in response to determining that no security association is associated with the received message or the network node, exchange security credentials and establish a trust relationship with the network node; wherein the at least one processing device is configured to transition the device by assuming a network address of the second device. 9. The device of claim 8 , wherein the at least one processing device is configured to flush one or more Security Parameters Index (SPI) values, one or more authentication keys, and one or more communication policies from the at least one memory. 10. The device of claim 9 , wherein: the at least one processing device is configured to receive an encapsulation security payload from the network node; and the at least one processing device is further configured to determine that no security association is associated with the received encapsulation security payload. 11. The device of claim 8 , wherein the at least one processing device is configured to establish the trust relationship using Internet Protocol Security (IPsec). 12. The device of claim 8 , wherein the security credentials comprise one or more authentication keys. 13. The device of claim 8 , wherein the at least one processing device is configured to clear the one or more security values in order to prevent the device from having the trust relationship associated with the network node when the device receives the message from the network node. 14. A non-transitory computer readable medium containing a computer program, the computer program comprising instructions that when executed cause at least one processing device of a first device to: detect a failure associated with a second device that operated in a primary role, communicated with a network node in an industrial process control and automation system, and had a security association with the network node; prior to a switchover, synchronize the first device with the second device as the second device communicates with the network node; in response to detecting the failure, transition the first device from a secondary role to the primary role during the switchover and clear one or more security values stored by the first device and used while in the secondary role; receive a message at the first device from the network node; and in response to determining that no security association is associated with the received message or the network node, exchange security credentials and establish a trust relationship with the network node; wherein the instructions that when executed cause the at least one processing device to transition the first device comprise instructions that when executed cause the first device to assume a network address of the second device. 15. The non-transitory computer readable medium of claim 14 , wherein: the instructions that when executed cause the at least one processing device to receive the message comprise instructions that when executed cause the at least one processing device to receive an encapsulation security payload from the network node; and the non-transitory computer readable medium further contains instructions that when executed cause the at least one processing device to determine that no security association is associated with the received encapsulation security payload. 16. The non-transitory computer readable medium of claim 14 , wherein the instructions that when executed cause the at least one processing device to clear the one or more security values comprise instructions that when executed cause the at least one processing device to flush one or more Security Parameters Index (SPI) values, one or more authentication keys, and one or more communication policies from at least one memory of the first device. 17. The non-transitory computer readable medium of claim 14 , wherein the instructions that when executed cause the at least one processing device to clear the one or more security values in order to prevent the first device from having the trust relationship associated with the network node when the first device receives the message from the network node. 18. The non-transitory computer readable medium of claim 14 , wherein the instructions that when executed cause the at least one processing device to establish the trust relationship comprise instructions that when executed cause the at least one processing device to establish the trust relationship using Internet Protocol Security (IPsec). 19. The non-transitory computer readable medium of claim 14
Assignees
Inventors
Classifications
for recovering from a failure of a protocol instance or entity, e.g. service redundancy protocols, protocol state redundancy or protocol service redirection (management of faults, events, alarms or notifications in data switching networks H04L41/06) · CPC title
at the network layer · CPC title
- H04L63/061Primary
for key exchange, e.g. in peer-to-peer networks (cryptographic mechanisms or cryptographic arrangements for key agreement H04L9/0838) · CPC title
by dynamic selection of recovery network elements, e.g. replacement by the most appropriate element after failure · CPC title
involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved (negotiation of communication capabilities H04L69/24) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9961054B2 cover?
- A method includes transitioning a device in an industrial process control and automation system from a secondary role to a primary role during a switchover and, in response to the switchover, clearing one or more security values stored by the device. The method also includes receiving a message at the device from a network node and, in response to determining that no security association is ass…
- Who is the assignee on this patent?
- Honeywell Int Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/061. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue May 01 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).