Method for controlling access to data relating to an electrical installation, associated computer programme and information medium

US 10,148,652 B2
Filed: 06/06/2016
Issued: 12/04/2018
Est. Priority Date: 06/10/2015
Status: Active Grant

First Claim

Patent Images

1. A method for controlling access to data relating to at least one electrical installation, exchanged between a respective management device of each electrical installation and a relay platform, the relay platform belonging to a global communication network and each management device belonging to a respective local communication network, each management device having a first respective identifier, each management device being linked to the global communication network by a respective communication gateway having a second identifier on the global communication network, wherein the method comprises:

exchanging at least one frame between each management device and the relay platform, each frame comprising the data and the second identifier of the communication gateway through which the frame travels,obtaining for each frame exchanged of the first identifier of the management device exchanging the frame,receiving by the relay platform of a request to access the data exchanged with the or one of the management devices, the request originating from a communication terminal via the respective local communication network and comprising an access parameter dependent on the first identifier of the management device and a third identifier, on the global network, of an element belonging to the global network and being the originator of the transmission of the request on the global network,determining the first identifier on which the access parameter depends,comparing the third identifier with the second identifier included in the or at least one of the frames exchanged by the management device having the first determined identifier,authorizing access, for the communication terminal, to the data included in each frame exchanged by the management device having the first determined identifier, if during the comparison step the second and third identifiers are identical, andlaunching a respective temporal counter from a respective reference instant, and in which, during the authorizing step, access to the data included in each frame exchanged by the management device having the first determined identifier is also authorized to the communication terminal, when the value of the temporal counter of the management device having the first determined identifier is less than or equal to a predetermined maximum value,in which the launching step is carried out just once for each management device and subsequent to the first iteration of the exchanging step for the management device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A controlling access to data exchanged between a management unit of a respective electrical installation and a relay platform, each management unit has a first identifier which is linked to a global network by a gateway having a second identifier between each management unit and the platform, for each frame, obtaining the first identifier, receiving the platform of a request to access the data exchanged, the request including an access parameter and a third identifier of an element originating the transmission of the request, determining the first identifier on which the access parameter depends, comparing the third identifier with the second identifier exchanged by the management unit having the first determined identifier, authorizing access, for the communication terminal, to the data exchanged by the management unit having the first determined identifier, if, in the comparison step, the second and third identifiers are identical.

Citations

8 Claims

1. A method for controlling access to data relating to at least one electrical installation, exchanged between a respective management device of each electrical installation and a relay platform, the relay platform belonging to a global communication network and each management device belonging to a respective local communication network, each management device having a first respective identifier, each management device being linked to the global communication network by a respective communication gateway having a second identifier on the global communication network, wherein the method comprises:
- exchanging at least one frame between each management device and the relay platform, each frame comprising the data and the second identifier of the communication gateway through which the frame travels,obtaining for each frame exchanged of the first identifier of the management device exchanging the frame,receiving by the relay platform of a request to access the data exchanged with the or one of the management devices, the request originating from a communication terminal via the respective local communication network and comprising an access parameter dependent on the first identifier of the management device and a third identifier, on the global network, of an element belonging to the global network and being the originator of the transmission of the request on the global network,determining the first identifier on which the access parameter depends,comparing the third identifier with the second identifier included in the or at least one of the frames exchanged by the management device having the first determined identifier,authorizing access, for the communication terminal, to the data included in each frame exchanged by the management device having the first determined identifier, if during the comparison step the second and third identifiers are identical, andlaunching a respective temporal counter from a respective reference instant, and in which, during the authorizing step, access to the data included in each frame exchanged by the management device having the first determined identifier is also authorized to the communication terminal, when the value of the temporal counter of the management device having the first determined identifier is less than or equal to a predetermined maximum value,in which the launching step is carried out just once for each management device and subsequent to the first iteration of the exchanging step for the management device.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method according to claim 1, in which, if during comparing step the second and third identifiers are identical, the method comprises the following step:
    - reinitializing a predetermined initial value of the temporal counter of the management unit having the first determined identifier, the temporal counter recommencing at the predetermined initial value and the predetermined initial value being strictly less than the maximum value.
  - 3. The method according to claim 1, in which, during the exchanging step, each frame comprises the first identifier of the management device exchanging the frame.
  - 4. The method according to claim 1, in which, during the comparing step, only the second identifier included in the most recent frame exchanged by the management device having the first determined identifier, is compared with the third identifier.
  - 5. The method according to claim 1, in which, subsequent to the exchanging step, the method comprises for each frame the following steps:
    - storing the data exchanged,associating the first identifier of the management device exchanging the frame with the stored data,and, in which, during the authorization step, the data to which access is authorized are the stored data associated with the first determined identifier.
  - 6. The method according to claim 1, in which each first identifier is a MAC address and each second and third identifier is an IP address.
  - 7. A non-transitory computer readable medium comprising software instructions, the software instructions implementing a method according to claim 1, when the software instructions are executed by a computer.

8. A relay platform for controlling access to data relating to at least one electrical installation, exchanged between a respective management device of each electrical installation and a relay platform, the relay platform belonging to a global communication network and each management device belonging to a respective local communication network, each management device having a first respective identifier, each management device being linked to the global communication network by a respective communication gateway having a second identifier on the global communication network, wherein the relay platform comprises:
- processing circuitry configured toexchange at least one frame with the management device, each frame comprising the data and the second identifier of the communication gateway through which the frame travels,obtain for each frame exchanged of the first identifier of the management device exchanging the frame,receive a request to access the data exchanged with the or one of the management devices, the request originating from a communication terminal via the respective local communication network and comprising an access parameter dependent on the first identifier of the management device and a third identifier, on the global network, of an element belonging to the global network and being the originator of the transmission of the request on the global network,determine the first identifier on which the access parameter depends,compare the third identifier with the second identifier included in the or at least one of the frames exchanged by the management device having the first determined identifier,authorize access, for the communication terminal, to the data included in each frame exchanged by the management device having the first determined identifier, if during the comparison step the second and third identifiers are identical, andlaunch a respective temporal counter from a respective reference instant, wherein access to the data included in each frame exchanged by the management device having the first determined identifier is also authorized to the communication terminal, when the value of the temporal counter of the management device having the first determined identifier is less than or equal to a predetermined maximum value,in which the respective temporal counter is launched just once for each management device and subsequent to the first iteration of exchanging the at least one frame with the management device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Schneider Electric Industries SAS (Schneider Electric SE)
Original Assignee
Schneider Electric Industries SAS (Schneider Electric SE)
Inventors
Frelon, Benoit, Pyle, Michael
Primary Examiner(s)
Gracia, Gary S

Application Number

US15/174,024
Publication Number

US 20160366132A1
Time in Patent Office

911 Days
Field of Search

726 4, 4554141, 4554351, 455411, 370230, 3702362, 3702411, 3703952
US Class Current
CPC Class Codes

G01R 19/2513   Arrangements for monitoring...

H04L 12/2825   Reporting to a device locat...

H04L 2101/622   Layer-2 addresses, e.g. med...

H04L 63/0876   based on the identity of th...

H04L 63/107   wherein the security polici...

H04L 67/125   involving control of end-de...

Method for controlling access to data relating to an electrical installation, associated computer programme and information medium

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

8 Claims

Specification

Solutions

Use Cases

Quick Links

Method for controlling access to data relating to an electrical installation, associated computer programme and information medium

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

8 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links