Invented by David Safford, Atul Kshirsagar, II William David Smith, Richard Paul Messmer, General Electric Co

Blockchain technology has been making waves in the tech industry for the past few years, and for good reason. It offers a secure and decentralized way of storing and verifying data, making it an ideal solution for network security services. The market for blockchain verification for network security services is growing rapidly, and it’s not hard to see why. One of the main advantages of using blockchain technology for network security is its ability to provide a tamper-proof and transparent record of all transactions. This means that any changes made to the data can be easily detected and traced back to their source. This is particularly important for businesses that deal with sensitive data, such as financial institutions and healthcare providers. Another advantage of using blockchain technology for network security is its ability to provide a decentralized system. This means that there is no single point of failure, making it much harder for hackers to breach the system. Additionally, because the system is decentralized, it is much harder for hackers to manipulate the data, as they would need to manipulate multiple copies of the data across the network. The market for blockchain verification for network security services is expected to grow significantly in the coming years. According to a report by MarketsandMarkets, the blockchain in cybersecurity market is expected to grow from $90.4 million in 2020 to $1.6 billion by 2025, at a compound annual growth rate (CAGR) of 70.4%. One of the main drivers of this growth is the increasing number of cyber attacks and data breaches. As more businesses move their operations online, the risk of cyber attacks increases. Blockchain technology offers a secure and decentralized way of protecting against these attacks, making it an attractive solution for businesses looking to improve their network security. Another driver of this growth is the increasing adoption of blockchain technology in other industries. As more businesses begin to use blockchain technology for other purposes, such as supply chain management and digital identity verification, the demand for blockchain verification for network security services is likely to increase as well. In conclusion, the market for blockchain verification for network security services is growing rapidly, and it’s not hard to see why. Blockchain technology offers a secure and decentralized way of storing and verifying data, making it an ideal solution for businesses looking to improve their network security. With the increasing number of cyber attacks and data breaches, the demand for blockchain verification for network security services is only going to increase in the coming years.

The General Electric Co invention works as follows

Accordingly to some embodiments, a system might include a communication port that allows for the exchange of information with a client device connected to an industrial control system. The network security server may be coupled to the communication port by a processor that is adapted to provide network security services for the client device. A computer processor can also be used to record security information about the client devices via a blockchain verification process, such as by registering a validation outcome within a distributed ledger. A network security service could include, for instance, an integrity attestation service that provides software verification for client devices.

Background for Blockchain verification for network security service

The subject matter herein refers to industrial control system and, more specifically, to the security of industrial control system operation.

Industrial control systems are common features of modern industry. They include power generation and transmission systems (e.g. wind, water and gas turbine systems), and manufacturing systems (e.g. petroleum refineries, chemical manufacturing facilities, and the like). An industrial controller can control the operation of such industrial control systems. The industrial controller may control certain devices within the industrial control system, such as sensors, pumps and valves, and report data to it. The industrial controller can also execute instructions (e.g. firmware and/or apps) that allow the industrial controller control the operation (e.g. a gas turbine control system). These instructions could be provided by an industrial controller manufacturer. These instructions can be loaded onto an industrial controller before it is installed in an industrial control system. Industrial controllers may also offer multiple methods for accessing or providing instructions to the controller, such as via a local port or network connection.

An unauthorized party might gain access to an industrial controller, either physically or via a communication network. This could compromise the security of the industrial control platform. An unauthorized party could alter software to make it difficult for an industrial asset to function properly. A network security service (e.g. industrial controllers) may be used to prevent unauthorized access to client device (e.g., software). An attestation server could verify that software on client devices is in good condition. This protection can be bypassed if the network security service is compromised. It would be beneficial to have systems and methods in place to protect the industrial control platform’s network security service.

Accordingly to some embodiments, a system might include a communication port that allows for the exchange of information with a client device connected to an industrial control system. The network security server may be coupled to the communication port by a processor that is adapted to provide network security services for the client device. A computer processor can also be used to record security information about the client devices via a blockchain verification process, such as by registering a validation outcome within a distributed ledger. A network security service could include, for instance, an integrity attestation service that provides software verification for client devices.

Some embodiments include means for exchanging information at a network server with a client device; means to provide a network service for the client; and means to record security information about the client via a blockchain verification process.

Technical effects are possible with certain embodiments of the invention. They include improved and computerized methods to protect an industrial control platform’s network security service. These and other features, as well as others, will be made more clear by the detailed description and the attached drawings.

The following detailed description provides a comprehensive understanding of the embodiments. It will be obvious to those with ordinary skill in art that embodiments can be practiced without the need for these details. Other cases, well-known procedures, components, and circuits are not described in detail to avoid obscured embodiments.

Below are descriptions of specific embodiments according to the invention. The specification may not include all the features of an actual implementation in an attempt to give a brief description. It should be appreciated that in the development of any such actual implementation, as in any engineering or design project, numerous implementation-specific decisions must be made to achieve the developers’ specific goals, such as compliance with system-related and business-related constraints, which may vary from one implementation to another. It should also be noted that although such a development effort may be time-consuming and complex, it would still be routine design, fabrication, or manufacture for people of average skill who have the benefit of this disclosure.

It is possible to control an industrial controller of an industry control system in a secure manner. An unauthorized party could gain access to an industrial controller, either physically or via a communications network. This would allow them to alter the software running at the control and compromise the security of the industrial control platform. An unauthorized party could alter software to make it impossible for an industrial asset to function properly and/or damage other assets. A network security service (e.g. industrial controllers) may be used to prevent unauthorized access to client computers.

An attestation server may verify the integrity and functionality of software on different client devices. Sometimes, an attestation server may generate a report (e.g. for a security administrator) which provides the results of a software integrity assessment. FIG. FIG. The display shows a version 110 of the attestation service along with information about client devices (e.g., client identifiers and record dates and times). A status might be displayed 100 for the client device, such as secure, warning (potentially compromise), or compromised.

In some cases, icons or links might be added to the display 100. These icons and links can be selected using a touchscreen or computer mouse pointer 150. This will display either a summary or more detailed display of data. FIG. FIG. 2 shows more information about a runtime attestation report. The display also includes signature error information (210) which indicates that the attestation server detected no unsigned software, invalid signatures, or missing keys. Each of these data items are shown in FIG. 2). Display 200 also contains an actual integrity value 220 as well as a reported integrity. These can be used to compare the display 200 and determine whether the controller has been compromised (as shown in FIG. 2. No problem was found because the actual integrity value matches the reported integrity.

FIG. “FIG. FIG. 3). The attestation server detected that unsigned software 310 was associated with the controller (as indicated in the?1?). The attestation server has detected unsigned software 310 is associated with the controller (as indicated by the?1? 3). FIG. FIG. 4 shows a display 400 that illustrates more details about a run-time certificate report for a compromised client device. The reported integrity value for the controller, 410, is incorrectly used to determine that the controller has been compromised. An attestation server report may contain additional information, such as details about the hash of platform configuration registry values.

The network security servers 510 could be associated with, for instance, a Personal Computer (PC)? “, laptop computer, enterprise server, server farm and/or database. An “automated” server may be described as a? According to some embodiments, an?automated? network security server 510 could automatically provide a service to the client device 520. It may also record security information via a Blockchain verification process. The term “automated” is used herein. Automated can refer to actions that are performed without the intervention of a human.

As used in this document, devices, including those that are associated with the network security servers 510, may exchange information over any communication network that may be one or more of a Local Area Networks (?LAN)? ), a Metropolitan Area Network? ), a Wide Area Network? ), a Wide Area Network (?WAN?). ), a proprietary network. 4) A Public Switched Telephone Network? ), a Wireless Application Protocol?WAP? network, a Bluetooth network and/or a wireless LAN network. network, a Bluetooth network, a wireless LAN network, and/or an Internet Protocol (?IP?) Any device described in this article may communicate with one or more of these communication networks.

The network security servers 510 can store and/or retrieve data from data storage. Data stores could, for instance, store electronic records that represent security information, such as client device identifiers, measured values, dates and times, etc. Data stores can be stored locally or remotely from the network security servers 510. FIG. 5 shows one network security server (510). FIG. 5 shows a single network security server 510, but any number of these devices can be included. The embodiments of this invention allow for multiple devices to be combined. In some embodiments, for example, the network security server (510), data stores, or client devices may be combined and/or comprise one apparatus.

Note: The system 500 in FIG. “5 is only an example and may not be used in conjunction with other elements or components. Some embodiments of the system 500 include elements that automatically support interactive user interface displays and network security services. FIG. FIG. 6 shows an example of a method 600 that could be performed by any or all elements of the 500 system described in relation to FIG. 5 or any other system according to some embodiments. These flow charts do not indicate a set order for the steps. Embodiments of the invention can be used in any order. Any of the methods described in this document can be executed by hardware, software or any combination thereof. A computer-readable storage medium can store instructions that, when executed by a machine, result in performance according any of the embodiments herein.

A network security server can exchange information with a client device at S610. In some embodiments, the network server could be an attestation service that generates an attestation report for remote clients. An attestation report may include, for instance, a client ID, a recorded time and date, and an attest status. This status can indicate whether the remote client is in a secure, warning, or compromised status. The phrase “remote client device” is used herein. The phrase “remote client device” could refer to, for instance, a computer, tablet computer, server computer, or smartphone. gateway, embedded smart building automation device and/or digital rights management device.

At S620 the network security server might provide a network service for the client device. The network security service could be an integrity service that provides software verification to the client device. Some embodiments of the software being checked are associated with a program running on the client device. For example, a Basic Input Output? (?IO?) System (?BIOS?) System (?BIOS? ), an Operating System (?OS?

At S630 the network security server might record security information about client devices via a blockchain verification process. The recording at S630 could include the registration of a validation result in a distributed ledger. Some embodiments claim that the recording at S630 is associated to a smart contract transaction. This records a device authentication status, a validation haveh, a device identification, and an attestation server ID. A string of alphanumeric characters may be used to represent the smart contract. In some cases, the registration can be linked with a public key used by an attestation server. The security information can be stored securely at multiple locations around the globe by recording it via a blockchain verification process. An unauthorized party may not be able to corrupt data at all storage locations simultaneously, so it is unlikely that this will happen. According to certain embodiments, the recorded information could be associated with a Trusted platform Module (?TPM?) The remote client device provides a hardware root for trust that allows for a trusted and measured boot to the industrial control system. The TPM might sign Platform Configuration Register (??PCR?). Values as evidence of integrity

Note: The attestation report or blockchain verification process may be associated with different network configurations, including a single cloud-hosted topology network, multiple cloud-hosted topologies network, and/or participant-hosted intranet environments. An attestation server is the example used in this document. However, embodiments can be associated with any type of network security service such as a firewall log or Certificate of Authority (?CA). ), etc.

Click here to view the patent on Google Patents.