公开(公告)号：US20210126937A1

公开(公告)日：2021-04-29

申请号：US16665678

申请日：2019-10-28

Applicant: General Electric Company

Inventor： Austars Raymond Schnore, JR. ,  Safayet Nizam Uddin AHMED ,  David Safford ,  Krzysztof KEPA ,  Willard Monten WISEMAN ,  Kevin B. KENNY ,  William David SMITH, III ,  Masako YAMADA

IPC: H04L29/06 ,  H04L9/06 ,  G06F16/23 ,  G06Q20/36

Abstract: A cyber-security improvement platform database may store electronic records including information, received from remote submitting devices, associated with vulnerability data for computing elements. Information associated with first vulnerability data for a first computing element may be retrieved from the database and verified. Information about the first vulnerability data may then be recorded in a secure, distributed transaction ledger, and a crypto-currency payment may be transferred in connection with the recorded information. Similarly, the electronic records may further include fix data for computing elements. In this case, first fix data associated with the first vulnerability data may be retrieved, verified, and applied in connection with the first computing element. Additional information, about the first fix data, may then be recorded in the transaction ledger and an additional crypto-currency payment may be transferred in connection with the recorded additional information.

公开(公告)号：US10706179B2

公开(公告)日：2020-07-07

申请号：US15866798

申请日：2018-01-10

Applicant: General Electric Company

Inventor： Krzysztof Michal Kepa ,  Willard Monten Wiseman ,  David Safford ,  Wesley Michael Skeffington ,  William David Smith, II

IPC: G06F21/72 ,  G06F21/73 ,  G06F21/57 ,  H04L9/08 ,  H04L9/32 ,  H04L9/06 ,  G06F21/60 ,  H04L9/30

Abstract: The example embodiments are directed to a system and method for secure provisioning of secrets into MPSoC devices using untrusted third-party systems. In one example, the method includes generating a random number sequence from a true random number generator to produce secret information, storing the secret information in an on-chip secure storage, encrypting, in a device and using public key encryption, the secret information to generate an encrypted message, and transmitting the encrypted message to a third-party system.

公开(公告)号：US20180004953A1

公开(公告)日：2018-01-04

申请号：US15198281

申请日：2016-06-30

Applicant: General Electric Company

Inventor： William David Smith, II ,  Safayet Nizam Uddin Ahmed ,  Joseph Czechowski, III ,  David Safford

IPC: G06F21/57 ,  H04L9/08 ,  G06F9/455 ,  H04L29/06 ,  H04L9/32

CPC classification number: G06F21/575 ,  G06F9/45558 ,  G06F21/57 ,  G06F21/78 ,  G06F2009/45562 ,  G06F2221/034 ,  H04L9/0897 ,  H04L9/3268 ,  H04L63/1441 ,  H04L63/20 ,  H04L2209/127

Abstract: According to some embodiments, an overall chain-of-trust may be established for an industrial control system. Secure hardware may be provided, including a hardware security module coupled to or integrated with a processor of the industrial control system to provide a hardware root-of-trust. Similarly, secure firmware associated with a secure boot mechanism such that the processor executes a trusted operating system, wherein the secure boot mechanism includes one or more of a measured boot, a trusted boot, and a protected boot. Objects may be accessed via secure data storage, and data may be exchanged via secure communications in accordance with information stored in the hardware security model.

公开(公告)号：US11349872B2

公开(公告)日：2022-05-31

申请号：US16695797

申请日：2019-11-26

Applicant: GENERAL ELECTRIC COMPANY

Inventor： William David Smith, II ,  Krzysztof Kepa ,  David Safford

IPC: H04L9/40 ,  G06F21/60

Abstract: A secure communication path device includes a first secure communication validator providing a one-way communication path from a security domain by implementing a secure protocol parser, a second secure communication validator providing a one-way communication path from a second security domain by implementing a secure second protocol parser. Each validator including respective serial/de-serializer units providing a unidirectional communication path from their respective security domain. The device hardware segregating respective communications of the security domains within the secure communication path device.

公开(公告)号：US10210333B2

公开(公告)日：2019-02-19

申请号：US15198281

申请日：2016-06-30

Applicant: General Electric Company

Inventor： William David Smith, II ,  Safayet Nizam Uddin Ahmed ,  Joseph Czechowski, III ,  David Safford

IPC: G06F21/57 ,  G06F21/78 ,  G06F9/455 ,  H04L9/08 ,  H04L9/32 ,  H04L29/06

Abstract: According to some embodiments, an overall chain-of-trust may be established for an industrial control system. Secure hardware may be provided, including a hardware security module coupled to or integrated with a processor of the industrial control system to provide a hardware root-of-trust. Similarly, secure firmware associated with a secure boot mechanism such that the processor executes a trusted operating system, wherein the secure boot mechanism includes one or more of a measured boot, a trusted boot, and a protected boot. Objects may be accessed via secure data storage, and data may be exchanged via secure communications in accordance with information stored in the hardware security model.