Endpoints for performing distributed sensing and control and methods of operating the same

US 10,440,121 B2
Filed: 03/22/2016
Issued: 10/08/2019
Est. Priority Date: 04/09/2015
Status: Active Grant

First Claim

Patent Images

1. An endpoint comprising:

a connection to a field device;

a communication interface for communicating with a remote server;

a single-chip device defining a protected boundary of the endpoint co-incident with a boundary of the single-chip device;

an electronic processor located within the protected boundary of the endpoint;

memory located within the protected boundary of the endpoint, the memory storing a unique identifier associated with a single-writer thread at the remote server writing data associated with the field device and an output thread at the remote server; and

a cryptographic hardware component located within the protected boundary,wherein the electronic processor is configured to encrypt the unique identifier and data associated with the field device with the cryptographic hardware component for transmission outside the protected boundary over the communication interface even when the communication interface employs an encryption protocol and to explicitly omit unencrypted transmission of the unique identifier and the data outside the protected boundary, wherein the output thread is associated with private data, wherein the endpoint does not include an association between the unique identifier and the private data, wherein the endpoint and the remote server explicitly omit the association between the unique identifier and the private data from any communication with the endpoint, wherein the endpoint and the remote server explicitly omit the unique identifier from any communications not with the endpoint.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An endpoint and methods of operating the same. In one embodiment, an endpoint is connected to one or more sensors and/or actuators. The endpoint is also connected through a communication channel to a server. Each endpoint uses a unique identifier (“ID”) hidden within a protected boundary of the endpoint to associate with a lockless, single-writer thread on the server dedicated to the endpoint. The endpoint ID is encrypted within the protected boundary of the endpoint and is not communicated unencrypted. Furthermore, no association between the ID and private information associated with reader, analysis, or control threads at the server is available outside of a protected boundary of the server and this association is never transmitted on a communication channel. The endpoint can include one or more communication interfaces (e.g., of different modalities) to provide resilience to failures, errors, and computer network attacks.

63 Citations

27 Claims

1. An endpoint comprising:
- a connection to a field device;
  
  a communication interface for communicating with a remote server;
  
  a single-chip device defining a protected boundary of the endpoint co-incident with a boundary of the single-chip device;
  
  an electronic processor located within the protected boundary of the endpoint;
  
  memory located within the protected boundary of the endpoint, the memory storing a unique identifier associated with a single-writer thread at the remote server writing data associated with the field device and an output thread at the remote server; and
  
  a cryptographic hardware component located within the protected boundary,wherein the electronic processor is configured to encrypt the unique identifier and data associated with the field device with the cryptographic hardware component for transmission outside the protected boundary over the communication interface even when the communication interface employs an encryption protocol and to explicitly omit unencrypted transmission of the unique identifier and the data outside the protected boundary, wherein the output thread is associated with private data, wherein the endpoint does not include an association between the unique identifier and the private data, wherein the endpoint and the remote server explicitly omit the association between the unique identifier and the private data from any communication with the endpoint, wherein the endpoint and the remote server explicitly omit the unique identifier from any communications not with the endpoint.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 2. The endpoint of claim 1, further comprising a power supply including at least one selected from the group consisting of a battery power supply and an electrical power supply.
  - 3. The endpoint of claim 1, wherein the data associated with the field device includes sensor data and wherein the electronic processor is further configured to conduct an internal analysis of the sensor data.
  - 4. The endpoint of claim 1, further comprising a boot loader located within the protected boundary including hardware providing protected software bootstrapping.
  - 5. The endpoint of claim 1, wherein the endpoint dynamically obtains configuration data including at least one selected from the group consisting of software, firmware, and a field programmable gate array configuration, over a network.
  - 6. The endpoint of claim 1, wherein the electronic processor is further configured to compress the unique identifier and the data associated with the field device prior to encryption with the cryptographic hardware component.
  - 7. The endpoint of claim 1, wherein the remote server includes a plurality of servers and the endpoint communicates the unique identifier and the data associated with the field device to each of the plurality of servers.
  - 8. The endpoint of claim 1, wherein the communication interface includes at least one selected from the group consisting of a 802.11 communication interface, a 802.15 communication interface, a cellular communication interface, a wired Ethernet communication interface, and a Bluetooth communication interface and communicates with the remote server directly or through an intermediate relay device.
  - 9. The endpoint of claim 1, further comprising a copy of the communication interface allowing an alternative data exfiltration path.
  - 10. The endpoint of claim 1, further comprising hardware monitoring for malicious attacks within the protected boundary.
  - 11. The endpoint of claim 1, further comprising hardware monitoring for physical tampering within the protected boundary.
  - 12. The endpoint of claim 1, wherein the field device includes at least one selected from the group consisting of an ultrasonic range sensor inserted into an orifice in a container, a potentiometer sensor attached to a mechanical level indicator, a ranging sensor determining a level of material within a container, a flow sensor, a pressure sensor, a vibration sensor, a temperature sensor, an optical sensor, a medical sensor for a medical device.
  - 13. The endpoint of claim 1, wherein the field device includes at least one selected from the group consisting of a switch, a valve, a hydraulic piston, a shutoff valve controlling a level within a container, and a medical actuator.
  - 14. The endpoint of claim 1, wherein the endpoint triggers a communication to at least one selected from the group consisting of an analysis thread and a control thread at the remote server.
  - 15. The endpoint of claim 1, wherein the endpoint ignores communications received from an unauthentic server.
  - 16. The endpoint of claim 1, wherein the communication interface includes a plurality of communication interfaces and wherein the endpoint selects one of the plurality of communication interfaces to use based on a property of a communication channel used by each of the plurality of communication interfaces, the property including at least one selected from the group consisting of availability, signal strength, signal-to-noise ratio, interference, a temporal profile, and a historical profile.
  - 17. The endpoint of claim 16, wherein the endpoint selects the one of the plurality of communication interfaces non-deterministically.
  - 18. The endpoint of claim 1, further comprising an input mechanism for calibrating the endpoint prior to use, wherein the endpoint is calibrated by receiving input through the input mechanism when a linear potentiometer included in the field device and affixed to a level indicator of a container is physically positioned at a first position including one of the minimum level and the maximum level and subsequently receiving input through the input mechanism when the linear potentiometer is physically positioned at a second position opposite the first position.
  - 19. The endpoint of claim 1, further comprising an input mechanism, wherein the electronic processor receives user input through the input mechanism and verifies a physical presence of an authorized operator at the endpoint based on the user input.
  - 20. The endpoint of claim 1, wherein any communication with the endpoint has a fixed format and a fixed length.

21. An endpoint comprising:
- a connection to a field device;
  
  a communication interface for communicating with a remote server;
  
  an electronic processor located within a protected boundary of the endpoint, wherein the protected boundary is coincident with a physical boundary of a single chip;
  
  memory located within the protected boundary of the endpoint, the memory storing a unique identifier associated with a single-writer thread at the remote server writing data associated with the field device and an output thread at the remote server; and
  
  a cryptographic hardware component located within the protected boundary,wherein the electronic processor is configured to encrypt the unique identifier and data associated with the field device with the cryptographic hardware component for transmission outside the protected boundary over the communication interface even when the communication interface employs an encryption protocol and to explicitly omit unencrypted transmission of the unique identifier and the data outside the protected boundary,wherein the output thread is associated with private data, wherein the endpoint does not include an association between the unique identifier and the private data,wherein the endpoint and the remote server explicitly omit the association between the unique identifier and the private data from any communication with the endpoint, wherein the endpoint and the remote server explicitly omit the unique identifier from any communications not with the endpoint.

22. A system comprising:
- an endpoint; and
  
  a server remote from the endpoint,the endpoint includinga connection to a field device;
  
  a communication interface for communicating with the server;
  
  a single-chip device defining a protected boundary of the endpoint co-incident with a boundary of the single-chip device;
  
  an electronic processor located within the protected boundary of the endpoint;
  
  memory located within the protected boundary of the endpoint, the memory storing a unique identifier associated with a single-writer thread at the server writing data associated with the field device and an output thread at the server; and
  
  a cryptographic hardware component located within the protected boundary,wherein the electronic processor is configured to encrypt the unique identifier and data associated with the field device with the cryptographic hardware component for transmission outside the protected boundary over the communication interface even when the communication interface employs an encryption protocol and to explicitly omit unencrypted transmission of the unique identifier and the data outside the protected boundary,wherein the output thread is associated with private data,wherein the endpoint does not include an association between the unique identifier and the private data, wherein the endpoint and the server explicitly omit the association between the unique identifier and the private data from any communication with the endpoint,wherein the endpoint and the server explicitly omit the unique identifier from any communications not with the endpoint, and the server generating the single-writer thread,wherein the single-writer thread writes the data associated with the field device to a file uniquely identified by the unique identifier without placing restrictions to prevent any other writer threads from writing to the file.
- View Dependent Claims (23, 24, 25, 26, 27)
- - 23. The system of claim 22, wherein at least one selected from the group consisting of the endpoint and the server uses quantity information and timestamp information from a container to produce at least one selected from the group consisting of a burn rate estimate and a flow rate estimate used to predict a time-to-expenditure.
  - 24. The system of claim 22, wherein at least one selected from the group consisting of the endpoint and the server couples quantity information and flow rate information with historical data to address a failure.
  - 25. The system of claim 22, wherein at least one selected from the group consisting of the endpoint and the server couples quantity information and flow rate information using an estimation technique to account for a mixed population of users, where some users included in the mixed population of users do not possess an endpoint with an associated sensor.
  - 26. The system of claim 25, wherein the estimation technique includes at least one selected from the group consisting of regression analysis and degree-day calculations.
  - 27. The system of claim 22, wherein the endpoint and the server explicitly omit a physical location of the endpoint from communications with the endpoint and wherein the server does not include the physical location.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Web Sensing, LLC
Original Assignee
Web Sensing, LLC
Inventors
Dahlstrom, Jason, Taylor, Stephen
Primary Examiner(s)
Keehn, Richard G

Application Number

US15/077,510
Publication Number

US 20160301756A1
Time in Patent Office

1,295 Days
Field of Search
US Class Current
CPC Class Codes

G06F 9/4401   Bootstrapping security arra...

G06F 9/4406   Loading of operating system

H04L 63/0414   during transmission, i.e. p...

H04L 63/0428   wherein the data content is...

H04L 63/06   for supporting key manageme...

H04L 67/125   involving control of end-de...

Endpoints for performing distributed sensing and control and methods of operating the same

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

63 Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Endpoints for performing distributed sensing and control and methods of operating the same

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

63 Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links