US 11,956,274 B1
System and method for implementing a secure configuration of controllers and instruments in a networked system
Keith Charles Thompson, Fort Collins, CO (US); and Joseph Eugene Mueller, Loveland, CO (US)
Assigned to KEYSIGHT TECHNOLOGIES, INC., Santa Rosa, CA (US)
Filed by Keysight Technologies, Inc., Santa Rosa, CA (US)
Filed on Mar. 2, 2021, as Appl. No. 17/189,634.
Int. Cl. H04L 9/40 (2022.01)
CPC H04L 63/166 (2013.01) [H04L 63/0823 (2013.01)] 19 Claims
OG exemplary drawing
 
1. A method of implementing a secure configuration of a networked system for secure communications over a control network,
the networked system including at least one instrument for performing corresponding tasks, and at least one controller for controlling functions of the at least one instrument, the method comprising:
providing a secure instrument configuration (SIC) server on a computer,
wherein the SIC server is in communication with each of the at least one controller and the at least one instrument over a communication network different from the control network;
receiving identification of the at least one controller and the at least one instrument via a user interface with the SIC server;
writing controller secure configuration information from the SIC server to the at least one controller over the communication network using an interface on the at least one controller between the SIC server and the at least one controller, the controller secure configuration information comprising controller authentication data and at least one authentication method for the controller to authenticate the at least one instrument, and/or one or more credentials of the at least one controller acceptable by the at least one instrument for identifying the at least one controller;
writing instrument secure configuration information from the SIC server to the at least one instrument over the communication network using an interface on the at least one instrument between the SIC server and the at least one instrument, the instrument secure configuration information comprising instrument authentication data and at least one authentication method to be supported by the at least one instrument for the at least one instrument to authenticate the at least one controller;
communicating, by the SIC server, with the at least one controller to initiate implementation of the secure configuration, wherein the at least one controller establishes a secure connection with the at least one instrument over the control network using the controller secure configuration information and the instrument secure configuration information; and
offering, by the SIC server and after the implementation of the secure configuration is complete, third party services to the at least one instrument and the at least one controller enabling the at least one instrument and the at least one controller to perform authentication by interrogating the SIC server at run-time, and wherein the SIC server checks site credentials for the third party services and informs the at least one instrument and the at least one controller whether to accept the third party services.