Search

EP-4738769-A2 - ENDPOINT AND PROTOCOL FOR TRUSTED DIGITAL MANUFACTURING

EP4738769A2EP 4738769 A2EP4738769 A2EP 4738769A2EP-4738769-A2

Abstract

An endpoint for trusted fabrication, the endpoint including at least one secure controller configured for connection to a wide area network; and at least one untrusted controller configured for local communication, wherein the endpoint is configured for connection to a fabricator and further configured to receive digitally-signed data specifying at least one item for manufacture; verify the digitally-signed data; and direct the fabricator to manufacture the at least one item after verifying the digitally signed data. A method for trusted on-demand manufacturing, the method including receiving, at an endpoint connected to a fabricator, digitally signed data describing at least one item for manufacture; verifying, at the endpoint, the digitally signed data; and manufacturing the at least one item using the digitally signed data after verifying the digitally signed data, wherein the endpoint comprises at least one secure controller and at least one untrusted controller.

Inventors

  • BLATE, Alex
  • STRONG, Eric
  • GOSS, Garrett
  • BENNETT, DOUGLAS
  • MAXWELL, MARK

Assignees

  • Blate, Alex
  • Strong, Eric
  • Goss, Garrett
  • Bennett, Douglas
  • Maxwell, Mark

Dates

Publication Date
20260506
Application Date
20210505

Claims (15)

  1. An endpoint comprising: at least one secure controller configured for connection to a network; and at least one untrusted controller configured for local communication, wherein the endpoint is configured for connection to an entity and further configured to: receive digitally signed data specifying an instruction for the entity; verify the digitally signed data; direct the entity to execute the instruction after verifying the digitally signed data, and the secure controller has a cryptographic trust relationship with at least one source of the digitally signed data.
  2. The endpoint of claim 1, wherein the secure controller is configured to be unmodifiable by a user.
  3. The endpoint of claim 1, wherein the untrusted controller is configured to be modifiable by a user.
  4. The endpoint of claim 1, wherein the digitally signed data is also encrypted.
  5. The endpoint of claim 4, wherein the digitally signed data is encrypted using a key associated with the endpoint.
  6. The endpoint of claim 1, wherein the at least one secure controller and the at least one untrusted controller are electrically isolated from each other.
  7. The endpoint of claim 1, wherein the endpoint and the entity are co-located.
  8. A method comprising: receiving, at an endpoint connected to an entity, digitally signed data describing an instruction for the entity; verifying, at the endpoint, the digitally signed data; and executing, via the entity, the instruction after verifying the digitally signed data, wherein the endpoint comprises at least one secure controller configured for connection to a network, and at least one untrusted controller configured for local communication, wherein the secure controller has a cryptographic trust relationship with at least one source of the digitally signed data.
  9. The method of claim 8, wherein the digitally signed data is encrypted with a public key associated with the endpoint.
  10. The method of claim 8, wherein the secure controller is configured to be unmodifiable by a user.
  11. The method of claim 8, wherein the untrusted controller is configured to be modifiable by a user.
  12. The method of claim 8, wherein the digitally signed data is also encrypted.
  13. The method of claim 12, wherein the digitally signed data is encrypted using a key associated with the endpoint.
  14. The method of claim 8, wherein: the instruction comprises one or more files; and the entity's execution of the instruction comprises: reading, via the entity, the one or more files from the untrusted controller; and processing, via the entity the one or more files read from the untrusted controller.
  15. The method of claim 8, wherein: the instruction comprises one or more files; and the entity's execution of the instruction comprises: sending, from the untrusted controller, the one or more files to the entity; and processing, via the entity, the one or more files sent from the untrusted controller.

Description

CROSS-REFERENCE TO RELATED APPLICATIONS The present application claims the benefit of and priority to United States provisional application no. 63/020,191, filed on May 5, 2020, the entire disclosure of which is hereby incorporated by reference as if set forth in its entirety herein. TECHNICAL FIELD Embodiments described herein relate to methods and systems for trusted on-demand manufacturing and, more particularly but not exclusively, to methods and systems for verifying digitally signed data at a fabricator before manufacturing an item. BACKGROUND The supply chains for modern fabrication methods, such as additive manufacturing (AM) and computer-numerically controlled (CNC) machining, include both physical raw materials and digital data elements. The digital data elements include configuration and low-level manufacturing instructions for the respective machinery and control, in whole or in significant part, the dimensional, mechanical, and sometimes material characteristics of produced items. Digital manufacturing (DM) includes these highly-data-driven manufacturing and fabrication processes. A familiar example of DM is 3D printing, wherein a computer (digital) model of an item is directly fabricated or "printed" on a 3D printer. To produce a particular item, a manufacturer needs the data elements for that item and a compatible DM machine; likewise, any change to the data elements will result in changes to the item produced - and such changes may be non-obvious to the user. From a security standpoint, DM, writ large, has a larger attack surface than traditional manufacturing. New attack vectors in DM include disclosure or modification of data files (e.g., CAD models, AM artifacts, g code, machine parameters, etc.). Any modifications to data elements may also make it difficult to enforce process controls to ensure, for example, a given part's material, mechanical, and functional properties are substantially identical and invariant to when, where, or by whom it is manufactured. Traceability (or a fully-fledged digital twin) is important for some parts (e.g., in aviation); this means that, for a given instance of a part, a manufacturer needs to be able to determine when, where, and by whom it was fabricated, what design files were used, what inspection criteria were applied, etc. Capturing and retrieving this type of information is a well-established process for traditionally manufactured parts, but the temporal and spatial decoupling of design, fabrication, and commissioning of digitally- and additively manufactured parts makes traceability more difficult. At present, DM machines themselves are problematic from a cybersecurity standpoint: they typically contain sophisticated computer systems designed for standalone or industrial/commercial networked deployment but are not designed (or necessarily intended) to meet the rigorous cybersecurity certifications typically required for network deployment in defense, medical, aerospace, and other safety-critical environments and/or are not trusted more generally. The computer systems themselves can be threat vectors if connected to internal networks. As a result, in many sensitive environments DM machines are "air-gapped" from sensitive networks and DM artifacts (data) are transported via read-only media (such as CD ROMs). More generally, even in less-stringent cybersecurity regulatory contexts, uncontrolled copies of DM artifacts are a vector for industrial espionage, sabotage, leaks of trade secrets, etc. and can lead to bypasses of quality control processes, policy/regulatory controls, etc. Specifically, the vulnerabilities introduced by uncontrolled copies of DM data and isolated DM machines include privacy, authenticity, controls, readiness, agility, and convenience. If not physically secured or destroyed, malicious actors could gain access to the data on the media. Security breaches, e.g., on the user's computer, could allow an attacker to alter DM/AM artifacts leading, e.g., to a part failing while in service. The user may, with good intentions, "tweak" or modify DM artifacts, thereby compromising process controls. At present, there is no secure way to digitally close the feedback loop (e.g., between fabrication and the overall production process) for traceability, intellectual property (IP) protections, quality analysis, etc. The process itself is cumbersome and inconvenient for the user - compared, for example, to the user clicking "print" in a web portal and printing the part on any authorized machine in the world, just like one can do with networked printers. From a commercial standpoint, DM enables new markets wherein, rather than purchasing prefabricated items, users could purchase licenses to fabricate items on their own machinery. However, the seller, instead of delivering a physical item, is delivering data (analogous to licensed software). The commercial viability of such markets will depend on the enforcement of contractual terms, such as quantity l