-
公开(公告)号:US11245699B2
公开(公告)日:2022-02-08
申请号:US16655663
申请日:2019-10-17
IPC分类号: H04L29/06
摘要: The present disclosure pertains to systems and methods of restricting access to devices utilizing tokens. In some embodiments, a system may include a user requesting a token, ensuring the user requesting a token has the permission to request the token and is not the user approving the token. In some embodiments, the system may include the user granting the token, wherein the user granting the token is not the user receiving the token. The system ensures that the user accessing the device has the permission to access the device. Additionally, the system decreases the opportunities for insider attacks and increases the resistance to credential theft attacks. Further, the system increases the accountability for changes and the ability to review changes.
-
公开(公告)号:US11012442B2
公开(公告)日:2021-05-18
申请号:US16381592
申请日:2019-04-11
发明人: Josh Powers , Rhett Smith , Robert Meine , Dennis Gammel
摘要: The present disclosure pertains to systems and methods of handling Address Resolution Protocol (ARP) responses in a software defined network (SDN). In one embodiment, a system may comprise a controller in a control plane to generate an address store comprising information associated with a plurality of devices in communication with the SDN. The controller may also program a plurality of network devices in a data plane based on a plurality of communication flows. The network devices may forward traffic according to the plurality of communication flows received from the controller. The network device may also receive: a request from the first device for information associated with the second device, determine that the first device is authorized to communicate with the second device based on the plurality of communication flows, and generate a response to the request comprising the information associated with the second device based on the address store.
-
公开(公告)号:US20220158826A1
公开(公告)日:2022-05-19
申请号:US17099894
申请日:2020-11-17
发明人: Colin Gordon , Dennis Gammel
摘要: A system includes an entropy device configured to generate and distribute input entropy data and an intelligent electronic device (IED) of an electric power distribution system. The IED is configured to perform operations that include receiving the input entropy data distributed by the entropy device, generating a set of keys using the input entropy data, and establishing a Media Access Control Security (MACsec) communication link using the set of keys.
-
4.发明申请公开(公告)号:US20220116391A1
公开(公告)日:2022-04-14
申请号:US17065940
申请日:2020-10-08
发明人: Colin Gordon , Dennis Gammel
IPC分类号: H04L29/06
摘要: A system includes an intelligent electronic device (IED) and a proxy device communicatively coupled to the TED via a Media Access Control (MACsec) communication link. The proxy device is configured to perform operations that include receiving permissions data, receiving a request to perform an action associated with the TED, determining whether the action is authorized based on the permissions data, and transmitting data to the TED via the MACsec communication link in response to determining that the action is authorized.
-
公开(公告)号:US11075908B2
公开(公告)日:2021-07-27
申请号:US16414928
申请日:2019-05-17
发明人: Dennis Gammel , James A. Lester
IPC分类号: H04L29/06
摘要: The present disclosure pertains to systems and methods for improving security and simplifying authentication in a software defined network (“SDN”). In various embodiments, the systems and methods disclosed herein may be applied in operational technology networks, such as those used in electrical power systems. In one embodiment, a device to be authenticated may be in communication with a network device. The network device may receive authentication credentials from the device to be authenticated and may communicate the authentication credentials to an authenticator. The authenticator may assess and approve the authentication credentials and communicate approval of the authentication credentials to the network device. The network device may implement a plurality of communication flows associated with the device to be authenticated.
-
公开(公告)号:US20210120001A1
公开(公告)日:2021-04-22
申请号:US16655663
申请日:2019-10-17
IPC分类号: H04L29/06
摘要: The present disclosure pertains to systems and methods of restricting access to devices utilizing tokens. In some embodiments, a system may include a user requesting a token, ensuring the user requesting a token has the permission to request the token and is not the user approving the token. In some embodiments, the system may include the user granting the token, wherein the user granting the token is not the user receiving the token. The system ensures that the user accessing the device has the permission to access the device. Additionally, the system decreases the opportunities for insider attacks and increases the resistance to credential theft attacks. Further, the system increases the accountability for changes and the ability to review changes.
-
公开(公告)号:US20190273653A1
公开(公告)日:2019-09-05
申请号:US16248959
申请日:2019-01-16
发明人: Dennis Gammel , Rhett Smith
摘要: A software-defined network controller (SDN controller) defines a first network flow to be selectively implemented by a networking device according to a first network operation profile. The SDN controller defines a second network flow to be selectively implemented by the networking device according to a second network operation profile. A memory device of the networking device may store at least first and second network operation profiles for selective implementation based on network packet characteristic matching and/or a “trigger alarm” event. The first network operation profile is implemented when an incoming network packet matches a pre-defined and/or customizable network packet characteristic match template. The second network operation profile is implemented when a “trigger alarm” event is received. A network operation profile may execute a write action to latch, or otherwise trigger, a physical alarm of a networking device or associated device.
-
8.发明申请公开(公告)号:US20190173754A1
公开(公告)日:2019-06-06
申请号:US15833468
申请日:2017-12-06
发明人: Rhett Smith , Dennis Gammel
IPC分类号: H04L12/24 , H04L12/715 , H04L12/851 , H04L12/721
摘要: A software-defined network controller (SDN controller) defines a first network flow to be selectively implemented by a networking device according to a first network operation profile. The SDN controller defines a second network flow to be selectively implemented by the networking device according to a second network operation profile. The first and second network operation profiles are stored within a memory of the networking device to be selectively implemented based on the status of a profile selection input on the networking device. The profile selection input is a contact input in some embodiments. When the contact input is de-asserted, the networking device implements the first network flow according to the first network operation profile. When the contact input is asserted, the networking device implements the second network flow according to the second network operation profile.
-
公开(公告)号:US20170046895A1
公开(公告)日:2017-02-16
申请号:US14823219
申请日:2015-08-11
IPC分类号: G07C9/00
CPC分类号: G07C9/00134 , G07C9/00174 , G07C9/00571 , G07C9/0069 , G07C2209/04 , H04W4/08 , H04W4/80
摘要: Systems and methods are disclosed that provide for management of resources of one or more systems included in an access-controlled area of a distributed site of an electric power delivery system. In certain embodiments, one or more users entering and access-controlled area may be identified via physical access control credentials provided to an associated access control system. A determination may be made as to whether the users have access rights to one or more hardware and/or software resources of systems included in the access-controlled area. Based on the determination, control signals may be generated by the access control system to enable and/or disable associated resources.
摘要翻译: 公开了提供对包括在电力输送系统的分布式站点的访问控制区域中的一个或多个系统的资源的管理的系统和方法。 在某些实施例中,可以通过提供给相关联的访问控制系统的物理访问控制凭证来识别一个或多个用户输入和访问控制区域。 可以确定用户是否具有对包括在访问控制区域中的系统的一个或多个硬件和/或软件资源的访问权限。 基于该确定,控制信号可以由访问控制系统生成以启用和/或禁用相关资源。
-
公开(公告)号:US11570179B2
公开(公告)日:2023-01-31
申请号:US17151481
申请日:2021-01-18
发明人: Colin Gordon , Paul Stoaks , Dennis Gammel
摘要: A key server device obtains authorization information of a user associated with an intelligent electronic device (IED). The key server communicates the authorization information to the IED, via a Media Access Control Security (MACsec) Key Agreement (MKA) protocol to allow the IED to authenticate the user. The key server receives one or more commands from the user. The key server communicates the one or more commands to the IED to allow the IED to perform operations based on the one or more commands.
-
-
-
-
-
-
-
-
-
搜索结果
37 条记录 (耗时 0.025 秒)
