System and method for assigning an identity to an intelligent electronic device

US 20050144437A1
Filed: 11/30/2004
Published: 06/30/2005
Est. Priority Date: 12/30/1994
Status: Active Grant

First Claim

Patent Images

1. An energy management device for use in an energy management architecture for managing an energy distribution system, the energy management architecture comprising a network, the energy management device comprising:

an energy distribution system interface operative to couple the energy management device with at least a portion of the energy distribution system;

a network interface operative to couple the energy management device with the network for transmitting outbound communications to the network and receiving inbound communications from the network, the inbound communications comprising first energy management data and the outbound communications comprising second energy management data;

a memory comprising a first private key, the first private key being related to a first public key such that data may be at least one of encrypted with the first public key, signed with the first private key, or combinations thereof, wherein data encrypted with the first public key may be decrypted only with the first private key and data signed with the first private key may be authenticated only with the first public key; and

a processor coupled with the network interface, the energy distribution system interface and the memory, the processor operative to perform at least one energy management function on the at least the portion of the energy distribution network via the energy distribution system interface, the processor further operative to process the first energy management data and generate the second energy management data based on the at least one energy management function, the processor being further operative to decrypt the first energy management data using the first private key where the first energy management data has been encrypted with the first public key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A power management architecture for an electrical power distribution system, or portion thereof, is disclosed. The architecture includes multiple intelligent electronic devices (“IED'"'"'s”) distributed throughout the power distribution system to manage the flow and consumption of power from the system. The IED'"'"'s are linked via a network to back-end servers. Security mechanisms are further provided which protect and otherwise ensure the authenticity of communications transmitted via the network in furtherance of the management of the distribution and consumption of electrical power by the architecture. In particular, public key cryptography is employed to identify components of the architecture and provide for secure communication of power management data among those components. Further, certificates and certificate authorities are utilized to further ensure integrity of the security mechanism.

458 Citations

89 Claims

1. An energy management device for use in an energy management architecture for managing an energy distribution system, the energy management architecture comprising a network, the energy management device comprising:
- an energy distribution system interface operative to couple the energy management device with at least a portion of the energy distribution system;
  
  a network interface operative to couple the energy management device with the network for transmitting outbound communications to the network and receiving inbound communications from the network, the inbound communications comprising first energy management data and the outbound communications comprising second energy management data;
  
  a memory comprising a first private key, the first private key being related to a first public key such that data may be at least one of encrypted with the first public key, signed with the first private key, or combinations thereof, wherein data encrypted with the first public key may be decrypted only with the first private key and data signed with the first private key may be authenticated only with the first public key; and
  
  a processor coupled with the network interface, the energy distribution system interface and the memory, the processor operative to perform at least one energy management function on the at least the portion of the energy distribution network via the energy distribution system interface, the processor further operative to process the first energy management data and generate the second energy management data based on the at least one energy management function, the processor being further operative to decrypt the first energy management data using the first private key where the first energy management data has been encrypted with the first public key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88)
- - 2. The energy management device of claim 1, wherein a trusted authority asserts that the first public key is owned by the same owner as the first private key such that wherein data is encrypted with the first public key, the data may be decrypted only with the first private key and wherein data is signed with the first private key, the data may be authenticated only with the first public key.
  - 3. The energy management device of claim 2, wherein the trusted authority is further operative to generate a certificate comprising a representation of the assertion, the certificate being signed with a second private key belonging to the trusted authority to facilitate detection of tampering with the certificate.
  - 4. The energy management device of claim 3, wherein the certificate is obtained from the trusted authority over the network.
  - 5. The energy management device of claim 4, wherein the certificate is obtained from the trusted authority over the network via Hypertext Transport Protocol.
  - 6. The energy management device of claim 3, wherein the certificate is generated by the trusted authority in response to a request received from the energy management device.
  - 7. The energy management device of claim 6, wherein the processor is operative to transmit the request for the generation of the certificate via electronic mail.
  - 8. The energy management device of claim 6, wherein the processor is operative to transmit the request for the generation of the certificate via hypertext transport protocol.
  - 9. The energy management device of claim 3, wherein the processor is operative to further cause the energy management device to autonomously retrieve the certificate from the trusted authority via the network.
  - 10. The energy management device of claim 3, wherein the second energy management data includes the certificate.
  - 11. The energy management device of claim 3, wherein the energy management device autonomously receives the certificate from the trusted authority.
  - 12. The energy management device of claim 3, wherein the memory is further operative to prevent storing of the certificate without a user being physically present at the energy management device.
  - 13. The energy management device of claim 12, wherein the memory is further operative to require the user to actuate a user interface of the energy management device to enable storing of the certificate in the memory.
  - 14. The energy management device of claim 3, wherein the certificate is operative to expire based on a lapse of time.
  - 15. The energy management device of claim 3, wherein the certificate is operative to expire based on a limited number of uses.
  - 16. The energy management device of claim 2, wherein the first private and first public keys are assigned to the energy management device by the trusted authority.
  - 17. The energy management device of claim 2, wherein the energy management device comprises the trusted authority.
  - 18. The energy management device of claim 2, wherein the memory further comprises the first public key.
  - 19. The energy management device of claim 18, wherein the memory further comprises a certificate comprising the first public key, the certificate being signed with a second private key belonging to the trusted authority to facilitate detection of tampering with the first public key, the first public key being disseminated with the certificate.
  - 20. The energy management device of claim 1, wherein the memory comprises a portion dedicated to storing the first private key, the portion of the memory dedicated to storing the first private key being further operative to detect tampering with the portion.
  - 21. The energy management device of claim 20, wherein the memory comprises a portion dedicated to storing the first private key, the portion being further operative to destroy the first private key upon detection of tampering.
  - 22. The energy management device of claim 20, wherein the memory comprises a portion dedicated to storing the first private key, the portion being further operative to alert a user upon detection of tampering.
  - 23. The energy management device of claim 1, wherein the memory comprises a portion dedicated to storing the first private key, the memory comprising an encrypted memory device.
  - 24. The energy management device of claim 1, wherein the first public key is further operative to uniquely identify the energy management device.
  - 25. The energy management device of claim 1, wherein the first public key is stored in an external memory external to the energy management device.
  - 26. The energy management device of claim 1, wherein the memory further comprises a second private key wherein the second private key is related to a second public key such that data encrypted with the second public key may be decrypted only with the second private key and data signed with the second private key may be authenticated with the second public key.
  - 27. The energy management device of claim 26, wherein the processor is further operative to sign the second energy management data with the second private key prior to transmitting the second energy management data to the network.
  - 28. The energy management device of claim 26, wherein at least the second private key is stored in the memory by the manufacturer when the energy management device is in the possession thereof.
  - 29. The energy management device of claim 28, wherein the second public key is stored on a media separate from the energy management device to be delivered to the owner thereof.
  - 30. The energy management device of claim 28, wherein the second public key is printed on a label affixed to a visually accessible exterior surface of the energy management device.
  - 31. The energy management device of claim 28, wherein the second private key is stored in the memory by transferring the second private key from an external memory card to the memory over a substantially direct connection therebetween.
  - 32. The energy management device of claim 28, wherein the second public key is comprised by a certificate signed with a third private key belonging to the manufacturer of the energy management device, and further wherein the manufacturer makes publicly available a third public key associated with the third private key and capable of authenticating the second public key as comprised by the certificate.
  - 33. The energy management device of claim 28, wherein the first public and private keys and the second public and private keys are optionally installed in the energy management device at the time of manufacture.
  - 34. The energy management device of claim 33, wherein the first public and private keys and the second public and private keys are installed in the energy management device for a fee.
  - 35. The energy management device of claim 26, wherein at least the second private key is stored in the memory by the owner of the energy management device when the energy management device is in the possession thereof.
  - 36. The energy management device of claim 26, wherein at least the second private key is stored in the memory by an entity different from the manufacturer and owner of the energy management device.
  - 37. The energy management device of claim 36, wherein the at least the second private key is stored in the memory by the entity via a secure communications medium.
  - 38. The energy management device of claim 26, wherein the memory further comprises a first certificate comprising the first public key, the first certificate being signed with the second private key, and further wherein the processor is operative to generate a second certificate signed with the first private key.
  - 39. The energy management device of claim 26, wherein the memory further comprises a first certificate comprising the first public key, the first certificate being signed with the second private key to facilitate detection of tampering with the first public key, the first public key being disseminated with the certificate, where in the second private key is associated with a second certificate signed by a trusted authority.
  - 40. The energy management device of claim 39, wherein the processor is further operative to generate a third certificate for a different energy management device, the third certificate comprising a third public key assigned to the different energy management device, the third certificate being signed by the processor using the second private key.
  - 41. The energy management device of claim 39, wherein the memory further comprises a second certificate comprising the second public key and signed with a third private key belonging to an entity external to the energy management device, the second private and second public keys having been generated by the processor, and only the second public key having been provided to the external entity for signing.
  - 42. The energy management device of claim 1, wherein the processor is operative to generate the first private and first public keys.
  - 43. The energy management device of claim 42, wherein the generation of the first public key and first private key is based on a statistical value available to the energy management device.
  - 44. The energy management device of claim 42, wherein the generation of the first public key and first private key is based on the occurrence of an event external to the energy management device.
  - 46. The method of claim 1, further comprising asserting, by a trusted authority, that the first public key is owned by the same owner as the first private key such that wherein data is encrypted with the first public key, the data may be decrypted only with the first private key and wherein data is signed with the first private key, the data may be authenticated only with the first public key.
  - 47. The method of claim 2, further comprising generating, by the trusted authority, a certificate comprising a representation of the assertion, the certificate being signed with a second private key belonging to the trusted authority to facilitate detection of tampering with the certificate.
  - 48. The method of claim 3, further comprising obtaining the certificate from the trusted authority over the network.
  - 49. The method of claim 4, further comprising obtaining the certificate from the trusted authority over the network via Hypertext Transport Protocol.
  - 50. The method of claim 3, further comprising generating the certificate by the trusted authority in response to a request received from the energy management device.
  - 51. The method of claim 6, further comprising transmitting, by the energy management device, the request for the generation of the certificate via electronic mail.
  - 52. The method of claim 6, further comprising transmitting, by the energy management device, the request for the generation of the certificate via hypertext transport protocol.
  - 53. The method of claim 3, further comprising causing the energy management device to autonomously retrieve the certificate from the trusted authority via the network.
  - 54. The method of claim 3, wherein the second energy management data includes the certificate.
  - 55. The method of claim 3, further comprising receiving, autonomously, the certificate from the trusted authority.
  - 56. The method of claim 3, further comprising preventing storing of the certificate without a user being physically present at the energy management device.
  - 57. The method of claim 12, further comprising requiring the user to actuate a user interface of the energy management device to enable storing of the certificate in the memory.
  - 58. The method of claim 3, further comprising expiring the certificate based on a lapse of time.
  - 59. The method of claim 3, further comprising expiring the certificate based on a limited number of uses.
  - 60. The method of claim 2, further comprising assigning the first private and first public keys to the energy management device by the trusted authority.
  - 61. The method of claim 2, wherein the energy management device comprises the trusted authority.
  - 62. The method of claim 2, further comprising storing the first public key in the memory.
  - 63. The method of claim 18, further comprising storing a certificate comprising the first public key in the memory, the certificate being signed with a second private key belonging to the trusted authority to facilitate detection of tampering with the first public key, the first public key being disseminated with the certificate.
  - 64. The method of claim 1, further comprising dedicating a first portion of the memory to storing the first private key, the portion of the memory dedicated to storing the first private key being further operative to detect tampering with the portion.
  - 65. The method of claim 20, further comprising destroying the first private key upon detection of tampering.
  - 66. The method of claim 20, further comprising alerting a user upon detection of tampering.
  - 67. The method of claim 1, further comprising dedicating a first portion of the memory to storing the first private key, the memory comprising an encrypted memory device.
  - 68. The method of claim 1, wherein the first public key is further operative to uniquely identify the energy management device.
  - 69. The method of claim 1, further comprising storing the first public key in an external memory external to the energy management device.
  - 70. The method of claim 1, further comprising storing a second private key in the memory wherein the second private key is related to a second public key such that data encrypted with the second public key may be decrypted only with the second private key and data signed with the second private key may be authenticated with the second public key.
  - 71. The method of claim 26, further comprising signing, by the energy management device, the second energy management data with the second private key prior to transmitting the second energy management data to the network.
  - 72. The method of claim 26, wherein at least the second private key is stored in the memory by the manufacturer when the energy management device is in the possession thereof.
  - 73. The method of claim 28, wherein the second public key is stored on a media separate from the energy management device to be delivered to the owner thereof.
  - 74. The method of claim 28, wherein the second public key is printed on a label affixed to a visually accessible exterior surface of the energy management device.
  - 75. The method of claim 28, wherein the second private key is stored in the memory by transferring the second private key from an external memory card to the memory over a substantially direct connection therebetween.
  - 76. The method of claim 28, wherein the second public key is comprised by a certificate signed with a third private key belonging to the manufacturer of the energy management device, and further wherein the manufacturer makes publicly available a third public key associated with the third private key and capable of authenticating the second public key as comprised by the certificate.
  - 77. The method of claim 28, wherein the first public and private keys and the second public and private keys are optionally installed in the energy management device at the time of manufacture.
  - 78. The method of claim 33, wherein the first public and private keys and the second public and private keys are installed in the energy management device for a fee.
  - 79. The method of claim 26, wherein at least the second private key is stored in the memory by the owner of the energy management device when the energy management device is in the possession thereof.
  - 80. The method of claim 26, wherein at least the second private key is stored in the memory by an entity different from the manufacturer and owner of the energy management device.
  - 81. The method of claim 36, wherein the at least the second private key is stored in the memory by the entity via a secure communications medium.
  - 82. The method of claim 26, further comprising storing a first certificate comprising the first public key in the memory, the first certificate being signed with the second private key, and generating, by the energy management device, a second certificate signed with the first private key.
  - 83. The method of claim 26, further comprising storing a first certificate comprising the first public key in the memory, the first certificate being signed with the second private key to facilitate detection of tampering with the first public key, the first public key being disseminated with the certificate, where in the second private key is associated with a second certificate signed by a trusted authority.
  - 84. The method of claim 39, further comprising generating a third certificate for a different energy management device, the third certificate comprising a third public key assigned to the different energy management device, the third certificate being signed by the processor using the second private key.
  - 85. The method of claim 39, further comprising storing a second certificate in the memory comprising the second public key and signed with a third private key belonging to an entity external to the energy management device, the second private and second public keys having been generated by the processor, and only the second public key having been provided to the external entity for signing.
  - 86. The method of claim 1, further comprising generating, by the energy management device, the first private and first public keys.
  - 87. The method of claim 42, wherein the generation of the first public key and first private key is based on a statistical value available to the energy management device.
  - 88. The method of claim 42, wherein the generation of the first public key and first private key is based on the occurrence of an event external to the energy management device.

45. A method of managing an energy distribution system using an energy management architecture, the energy management architecture comprising a network, the method comprising:
- coupling an energy management device with at least a portion of the energy distribution system;
  
  coupling the energy management device with the network and allowing the energy management device to transmit outbound communications to the network and receive inbound communications from the network, the inbound communications comprising first energy management data and the outbound communications comprising second energy management data;
  
  storing, in a memory of the energy management device, a first private key, the first private key being related to a first public key such that data may be at least one of encrypted with the first public key, signed with the first private key, or combinations thereof, wherein data encrypted with the first public key may be decrypted only with the first private key and data signed with the first private key may be authenticated only with the first public key; and
  
  performing, by the energy management device, at least one energy management function on the at least the portion of the energy distribution network via the energy distribution system interface, processing the first energy management data and generating the second energy management data based on the at least one energy management function, and further decrypting, by the energy management device, the first energy management data using the first private key where the first energy management data has been encrypted with the first public key.

89. An energy management device for use in an energy management architecture for managing an energy distribution system, the energy management architecture comprising a network, the energy management device comprising:
- means for coupling the energy management device with at least a portion of the energy distribution system;
  
  means for coupling the energy management device with the network for transmitting outbound communications to the network and receiving inbound communications from the network, the inbound communications comprising first energy management data and the outbound communications comprising second energy management data;
  
  means for storing a first private key, the first private key being related to a first public key such that data may be at least one of encrypted with the first public key, signed with the first private key, or combinations thereof, wherein data encrypted with the first public key may be decrypted only with the first private key and data signed with the first private key may be authenticated only with the first public key; and
  
  means for performing at least one energy management function on the at least the portion of the energy distribution network via the energy distribution system interface, processing the first energy management data and generate the second energy management data based on the at least one energy management function, and decrypting the first energy management data using the first private key where the first energy management data has been encrypted with the first public key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Power Measurement Ltd. (Schneider Electric SE)
Original Assignee
Power Measurement Ltd. (Schneider Electric SE)
Inventors
Van Gorp, John C., Nakagawa, Brian T., Chivers, David A., Blackett, Andrew W., Ransom, Douglas S., Huber, Benedikt T., Haight, Eric K., Howe, Anthony J.

Granted Patent

US 7,761,910 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/151
CPC Class Codes

G06F 1/28   Supervision thereof, e.g. d...

G06F 1/3209   Monitoring remote activity,...

G06F 21/606   by securing the transmissio...

G06F 21/73   by creating or determining ...

H02J 3/008   involving trading of energy...

H04B 2203/5408   using protocols

H04B 2203/5445   Local network

H04B 3/544   Setting up communications; ...

H04L 63/0428   wherein the data content is...

H04L 63/0442   wherein the sending and rec...

H04L 63/0823   using certificates cryptogr...

H04L 67/125   involving control of end-de...

Y04S 40/18   Network protocols supportin...

Y04S 40/20   Information technology spec...

Y04S 50/10   Energy trading, including e...

System and method for assigning an identity to an intelligent electronic device

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

458 Citations

89 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for assigning an identity to an intelligent electronic device

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

458 Citations

89 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links