Patent application number | Description | Published |
20100037069 | Integrated Cryptographic Security Module for a Network Node - A system that provides a cryptographic unit that generates secret keys that are not directly accessible to software executed by a controller. The cryptographic unit can include a restrictor device, a finite state machine, a random number generator communicatively and a memory. The memory stores values generated by the random number generator. The restrictor device and the finite state machine include hardware logic that restricts access or changes to the contents of the memory. | 02-11-2010 |
20100037293 | Systems and Methods for Security in a Wireless Utility Network - Methods and systems a provided for security in a wireless utility network. The methods and systems use different levels of trust to securely enroll new nodes into a network through other nodes acting as proxies. A node's security state with respect to another node in the network is categorized into one of several trust levels. A node responds to certain requests, actions or messages depending based on its trust level with the other entity. Initially, a node is not trusted. A first trust level is established based on a digital certificate that is stored in a node when the node is manufactured. A second trust level is established based on a second digital certificate obtained from a certifying authority while a node is in the first trust level. A node with a verified second certificate can be fully enrolled in the network and participate as a network node with minimal or no constraints. | 02-11-2010 |
20110040960 | Method and System for Securely Updating Field Upgradeable Units - Devices and methods for securely upgrading devices, such as field upgradeable units, are disclosed. In response to receiving an update object, a device may determine whether a predefined location of memory includes a predetermined value. Based on the value in the predefined location, the device may store the received update object in a verification portion of the memory. After verifying the authenticity of the update object, the device may copy the update object from the verification portion of the memory to an inactive portion. The inactive portion of the memory can be swapped with an active portion of the memory, such that the inactive portion becomes active. | 02-17-2011 |
20120036250 | System, Method and Program for Detecting Anomalous Events in a Utility Network - A utility network communication device is provided to detect whether anomalous events occur with respect to at least one node in a utility network. The communication device has recorded therein threshold operating information and situational operating information. The threshold operating information includes data indicative of configured acceptable operating parameters of the nodes in the utility network based on respective locational information of the nodes. The situational information includes data indicative of configured operation data expected to be received from nodes in the utility network during a predetermined time period, based on a condition and/or event occurring during the predetermined time period. The communication device receives operation data from nodes in the network, and determines whether the received operation data from a node in the network constitutes an anomalous event based on a comparison of the received operation data with (i) the threshold operating information defined for the node and (ii) the situational information. The communication device outputs notification of any determined anomalous event. | 02-09-2012 |
20130128894 | Registration and Data Exchange Using Proxy Gateway - A system and method is presented for broadcasting from a utility node a request for network routing information, receiving at the utility node routing information from neighboring utility nodes in response to the broadcast request, and registering the utility node with an access point that provides ingress and egress to and from the network. A node is selected to function as a proxy gateway for one or more other nodes in the network. A new utility node becomes connected to one or more utility networks by registering with the proxy gateway. The proxy gateway transmits registration requests and registration information from each node to a back office server and/or a Domain Name Server via an access point for which the proxy gateway functions as its proxy. | 05-23-2013 |
20130229947 | SYSTEM, METHOD AND PROGRAM FOR DETECTING ANOMALOUS EVENTS IN A UTILITY NETWORK - A communication device detects whether anomalous events occur with respect to at least one node in a utility network. The communication device has recorded therein threshold operating information and situational operating information. The threshold operating information includes data indicative of configured acceptable operating parameters of nodes in the network based on respective locational information of the nodes. The situational information includes data indicative of configured operation data expected to be received from nodes in the network during a predetermined time period, based on a condition and/or event occurring during the time period. The communication device receives operation data from nodes in the network, and determines whether the operation data from a node constitutes an anomalous event based on a comparison of the received operation data with (i) the threshold operating information defined for the node and (ii) the situational information. The communication device outputs notification of any determined anomalous event. | 09-05-2013 |
20140281528 | Secure End-to-End Permitting System for Device Operations - A permitting system for controlling devices in a system includes a permit issuing agent that receives a command to be sent to a device. Based upon at least one attribute of the command, the permit issuing agent identifies one or more business logic modules that is pertinent to the command. Each business logic module has a respectively different set of business rules associated with it. Each identified business logic module determines whether the command complies with the business rules associated with that module. If the command is determined to comply with the business rules of all of the identified business logic modules, the agent issues a permit for the command, and the permit is sent to the device for execution of the command. | 09-18-2014 |
20150058918 | SECURE END-TO-END PERMITTING SYSTEM FOR DEVICE OPERATIONS - A permitting system for controlling devices in a system includes a permit issuing agent that receives a command to be sent to a device. Based upon at least one attribute of the command, the permit issuing agent identifies one or more business logic modules that is pertinent to the command. Each business logic module has a respectively different set of business rules associated with it. Each identified business logic module determines whether the command complies with the business rules associated with that module. If the command is determined to comply with the business rules of all of the identified business logic modules, the agent issues a permit for the command, and the permit is sent to the device for execution of the command. | 02-26-2015 |