News Column

Patent Issued for In-Line Security Device

June 19, 2014

By a News Reporter-Staff News Editor at Computer Weekly News -- A patent by the inventor Doggett, David (Arlington, MA), filed on August 18, 2008, was published online on June 3, 2014, according to news reporting originating from Alexandria, Virginia, by VerticalNews correspondents.

Patent number 8745268 is assigned to Schneider Electric USA, Inc. (Palatine, IL).

The following quote was obtained by the news editors from the background information supplied by the inventors: "A system, which monitors or controls a manufacturing plant, may be used to perform a variety of different tasks and may include different end devices that were designed without sufficient security mechanisms. For example, an industrial network of computer systems and components may be used in controlling and/or monitoring industrial systems. Such industrial systems can be used in connection with manufacturing, power generation, energy distribution, waste handling, transportation, telecommunications, and water treatment. The industrial network may be connected and accessible through other networks, both directly and indirectly, including a corporate network and the Internet. The industrial network may thus be susceptible to both internal and external cyber-attacks and non-intentional actions that still disrupt the performance/operation of the system. As a preventive measure from external cyber-attacks, firewalls or other security measures may be taken to separate the industrial network from other networks. However, the industrial network is still vulnerable since such security measures are not foolproof in the prevention of external attacks by viruses, worms, Trojans and other forms of malicious code as well as computer hacking, intrusions, insider attacks, errors, and omissions may occur. Additionally, an infected laptop, for example, can bypass the firewall by connecting to the industrial network using a modem, direct connection, or by a virtual private network (VPN). The laptop may then introduce worms or other forms of malicious code into the industrial network. Moreover, a laptop may be connected directly to the network behind the firewall.

"One approach, in accordance with prior art, is to monitor events of the industrial network and accordingly raise alerts. The industrial network may perform a threat assessment and respond in accordance with the threat assessment. A wide variety of conditions relating to performance, health and security information about the industrial network as well as other factors reflecting conditions external to the industrial network may be taken into account. However, the monitoring of alarms is an alert capability that can be used to trigger actions to prevent access but, by itself, does not prevent access.

"Many industrial Ethernet end devices have very little or no security because either the end devices were designed and deployed before security was an issue or because the end devices are based on limited resources and security was not included in the design. Consequently, a security device is needed that provides sufficient security for each end device in an industrial network by protecting existing devices that are currently installed as well as new devices that lack needed security features."

In addition to the background information obtained for this patent, VerticalNews journalists also obtained the inventor's summary information for this patent: "An aspect of the invention provides apparatuses, computer-readable media, and systems for providing security to an end device by a security device that interfaces to a network. The security device is typically installed in front of the end device through a network cable. The combination of the end device and the security device appear as a single secure end device from the network having a network address of the original end device.

"With another aspect of the invention, a security device includes a first communications port that receives a message (which may comprise one or more packets) designated for an end device, a second communications port that connects directly to the end device, and a processor that is connected to the first and second communications ports. The processor is configured to determine whether to pass the message to the end device based on at least one security consideration through the second communications port and to provide at least one service that is not originally supported on the end device.

"With another aspect of the invention, when a message is associated with the at least one service not originally supported on the end device, a security device may provide the service by exchanging data with the end device using a native protocol of the end device, converting the data to a required protocol, and returning a response to a sender of the message.

"With another aspect of the invention, a security device utilizes different security actions based on the request type of a received message and/or identification of the sender."

URL and more information on this patent, see: Doggett, David. In-Line Security Device. U.S. Patent Number 8745268, filed August 18, 2008, and published online on June 3, 2014. Patent URL:

Keywords for this news article include: Schneider Electric USA Inc.

Our reports deliver fact-based news of research and discoveries from around the world. Copyright 2014, NewsRx LLC

For more stories covering the world of technology, please see HispanicBusiness' Tech Channel

Source: Computer Weekly News

Story Tools Facebook Linkedin Twitter RSS Feed Email Alerts & Newsletters