US 12,355,866 B2
Communicating securely with devices in a distributed control system
Jeffrey S. Gilton, Cincinnati, OH (US); Douglas R. Nichols, Kentwood, MI (US); Mark E. Hingsbergen, Fairfield Township, OH (US); and Matthew B. Pfenninger, Cincinnati, OH (US)
Assigned to General Electric Company, Evendale, OH (US)
Filed by General Electric Company, Schenectady, NY (US)
Filed on Jun. 6, 2023, as Appl. No. 18/206,194.
Application 18/206,194 is a division of application No. 17/030,682, filed on Sep. 24, 2020, granted, now 11,711,206.
Claims priority of provisional application 62/906,355, filed on Sep. 26, 2019.
Prior Publication US 2023/0318812 A1, Oct. 5, 2023
Int. Cl. H04L 9/08 (2006.01); H04L 9/32 (2006.01)
CPC H04L 9/0825 (2013.01) [H04L 9/0822 (2013.01); H04L 9/0841 (2013.01); H04L 9/3247 (2013.01)] 9 Claims
OG exemplary drawing
 
1. A distributed control system, comprising a first computer and a second computer, wherein:
a server public-private key pair comprising a server public key and a server private key is associated with the first computer;
one or more device public-private key pairs, each comprising a device public key and a device private key, are associated with the second computer;
an authorization public-private key pair comprising an authorization public key and an authorization private key is associated with the distributed control system;
a server key signature comprises the server public key signed with the authorization private key;
a device key signature comprises the device public key signed with the authorization private key; and
the first computer and the second computer perform a method to establish a session key for engaging in semi-secure encrypted communications with each other, the method comprising:
with the first computer, generating a server nonce;
transmitting the server public key, the server key signature, and the server nonce from the first computer to the second computer;
with the second computer, verifying the server public key, signing the server nonce with the device private key, resulting in a server nonce signature, and generating a device nonce;
after verifying the server public key, transmitting the server nonce, the server nonce signature, the device public key, the device key signature, and the device nonce from the second computer to the first computer;
with the first computer, verifying the server nonce, verifying the device public key, generating the session key, encrypting the session key with the device public key, resulting in an encrypted session key, and signing a combination of the device nonce and the session key with the server private key, resulting in a combined signature;
transmitting the device nonce, the combined signature, and the encrypted session key from the first computer to the second computer;
and with the second computer, verifying the device nonce, decrypting the encrypted session key with the device private key, resulting in a decrypted session key, and verifying the decrypted session key.