公开(公告)号：US10706179B2

公开(公告)日：2020-07-07

申请号：US15866798

申请日：2018-01-10

Applicant: General Electric Company

Inventor： Krzysztof Michal Kepa ,  Willard Monten Wiseman ,  David Safford ,  Wesley Michael Skeffington ,  William David Smith, II

IPC: G06F21/72 ,  G06F21/73 ,  G06F21/57 ,  H04L9/08 ,  H04L9/32 ,  H04L9/06 ,  G06F21/60 ,  H04L9/30

Abstract: The example embodiments are directed to a system and method for secure provisioning of secrets into MPSoC devices using untrusted third-party systems. In one example, the method includes generating a random number sequence from a true random number generator to produce secret information, storing the secret information in an on-chip secure storage, encrypting, in a device and using public key encryption, the secret information to generate an encrypted message, and transmitting the encrypted message to a third-party system.

公开(公告)号：US20180004953A1

公开(公告)日：2018-01-04

申请号：US15198281

申请日：2016-06-30

Applicant: General Electric Company

Inventor： William David Smith, II ,  Safayet Nizam Uddin Ahmed ,  Joseph Czechowski, III ,  David Safford

IPC: G06F21/57 ,  H04L9/08 ,  G06F9/455 ,  H04L29/06 ,  H04L9/32

CPC classification number: G06F21/575 ,  G06F9/45558 ,  G06F21/57 ,  G06F21/78 ,  G06F2009/45562 ,  G06F2221/034 ,  H04L9/0897 ,  H04L9/3268 ,  H04L63/1441 ,  H04L63/20 ,  H04L2209/127

Abstract: According to some embodiments, an overall chain-of-trust may be established for an industrial control system. Secure hardware may be provided, including a hardware security module coupled to or integrated with a processor of the industrial control system to provide a hardware root-of-trust. Similarly, secure firmware associated with a secure boot mechanism such that the processor executes a trusted operating system, wherein the secure boot mechanism includes one or more of a measured boot, a trusted boot, and a protected boot. Objects may be accessed via secure data storage, and data may be exchanged via secure communications in accordance with information stored in the hardware security model.

公开(公告)号：US20210120418A1

公开(公告)日：2021-04-22

申请号：US16660345

申请日：2019-10-22

Applicant: General Electric Company

Inventor： Abdul Jabbar ,  William David Smith, II

IPC: H04W12/08 ,  H04W12/06 ,  H04L29/06

Abstract: A network access control system includes a communication device and an authorization system. The communication device is configured to communicate time-critical messages through a time-sensitive network during scheduled time windows. The communication device is further configured to be communicatively connected to a candidate device and to receive a network access request from the candidate device while blocking the candidate device from communicating through the time-sensitive network. The authorization system is communicatively connected to the communication device and configured to authorize the candidate device via a multi-factor authentication protocol that requires a user of the candidate device to successfully provide multiple identification factors. In response to the authorization system authorizing the candidate device, the communication device is configured to grant the candidate device restricted access to one or more of send or receive approved messages through the time-sensitive network.

公开(公告)号：US10747579B2

公开(公告)日：2020-08-18

申请号：US16281375

申请日：2019-02-21

Applicant: General Electric Company

Inventor： Daniel White Sexton ,  Austars Raymond Schnore, Jr. ,  William David Smith, II ,  Wesley Michael Skeffington ,  Joel Frederick Markham

IPC: G06F9/46 ,  G06F9/50 ,  G06F21/62

Abstract: Provided are a device and method for allocating system resources. In one example, the method includes identifying resources that are available from a plurality of devices included in a system, allocating available resources of the plurality of devices to a plurality of components operating in the system, the allocating comprising reserving a set of resources from the plurality of devices in the system for each respective component, from among the plurality of components, based on operating requirements included in the metadata of the respective component, and managing the system based on the allocated resources. By allocating resources to components executing in the system, in advance, and preventing other components from consuming those resources, the system can operate with improved stability.

公开(公告)号：US11349872B2

公开(公告)日：2022-05-31

申请号：US16695797

申请日：2019-11-26

Applicant: GENERAL ELECTRIC COMPANY

Inventor： William David Smith, II ,  Krzysztof Kepa ,  David Safford

IPC: H04L9/40 ,  G06F21/60

Abstract: A secure communication path device includes a first secure communication validator providing a one-way communication path from a security domain by implementing a secure protocol parser, a second secure communication validator providing a one-way communication path from a second security domain by implementing a secure second protocol parser. Each validator including respective serial/de-serializer units providing a unidirectional communication path from their respective security domain. The device hardware segregating respective communications of the security domains within the secure communication path device.

公开(公告)号：US10261838B2

公开(公告)日：2019-04-16

申请号：US15234569

申请日：2016-08-11

Applicant: General Electric Company

Inventor： Daniel White Sexton ,  Austars Raymond Schnore, Jr. ,  William David Smith, II ,  Wesley Michael Skeffington ,  Joel Frederick Markham

IPC: G06F9/46 ,  G06F9/50 ,  G06F21/62

Abstract: Provided are a device and method for allocating system resources. In one example, the method includes identifying resources that are available from a plurality of devices included in a system, allocating available resources of the plurality of devices to a plurality of components operating in the system, the allocating comprising reserving a set of resources from the plurality of devices in the system for each respective component, from among the plurality of components, based on operating requirements included in the metadata of the respective component, and managing the system based on the allocated resources. By allocating resources to components executing in the system, in advance, and preventing other components from consuming those resources, the system can operate with improved stability.

公开(公告)号：US10210333B2

公开(公告)日：2019-02-19

申请号：US15198281

申请日：2016-06-30

Applicant: General Electric Company

Inventor： William David Smith, II ,  Safayet Nizam Uddin Ahmed ,  Joseph Czechowski, III ,  David Safford

IPC: G06F21/57 ,  G06F21/78 ,  G06F9/455 ,  H04L9/08 ,  H04L9/32 ,  H04L29/06

Abstract: According to some embodiments, an overall chain-of-trust may be established for an industrial control system. Secure hardware may be provided, including a hardware security module coupled to or integrated with a processor of the industrial control system to provide a hardware root-of-trust. Similarly, secure firmware associated with a secure boot mechanism such that the processor executes a trusted operating system, wherein the secure boot mechanism includes one or more of a measured boot, a trusted boot, and a protected boot. Objects may be accessed via secure data storage, and data may be exchanged via secure communications in accordance with information stored in the hardware security model.

公开(公告)号：US11716626B2

公开(公告)日：2023-08-01

申请号：US16660345

申请日：2019-10-22

Applicant: General Electric Company

Inventor： Abdul Jabbar ,  William David Smith, II

IPC: H04L9/00 ,  H04W12/084 ,  H04W12/06 ,  H04L9/40

CPC classification number: H04W12/084 ,  H04L63/08 ,  H04L63/105 ,  H04W12/06 ,  H04L2463/082

Abstract: A network access control system includes a communication device and an authorization system. The communication device is configured to communicate time-critical messages through a time-sensitive network during scheduled time windows. The communication device is further configured to be communicatively connected to a candidate device and to receive a network access request from the candidate device while blocking the candidate device from communicating through the time-sensitive network. The authorization system is communicatively connected to the communication device and configured to authorize the candidate device via a multi-factor authentication protocol that requires a user of the candidate device to successfully provide multiple identification factors. In response to the authorization system authorizing the candidate device, the communication device is configured to grant the candidate device restricted access to one or more of send or receive approved messages through the time-sensitive network.