Secure network bootstrap of devices in an automatic meter reading network

US 20070257813A1
Filed: 02/02/2007
Published: 11/08/2007
Est. Priority Date: 02/03/2006
Status: Abandoned Application

First Claim

Patent Images

1. A method of a provisioning an electronic device in an automatic meter reading network, comprising:

generating a derived security key and a challenge data of a challenge-response pair of the device management server, the derived security key based on a secret key embedded in the electronic device and the provided security key of a device management server of the automatic meter reading network;

generating a response data through processing a reply data of the metering device reacting to the challenge data; and

communicating the response data to the device management server to authenticate the electronic device.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and/or a system of a secure network bootstrap of devices in an automatic meter reading network is disclosed. A method of a network interface card in an automatic meter reading network includes generating a derived security key based on a secret key embedded in a network interface card and a provided security key of a device management server of the automatic meter reading network. The method also includes communicating the derived security key and a challenge data of a challenge-response pair of the device management server to a metering device and generating a response data through processing a reply data of the metering device reacting to the challenge data. In addition, the method includes communicating the response data to the device management server to authenticate the network interface card and/or the metering device.

90 Citations

View as Search Results

22 Claims

1. A method of a provisioning an electronic device in an automatic meter reading network, comprising:
- generating a derived security key and a challenge data of a challenge-response pair of the device management server, the derived security key based on a secret key embedded in the electronic device and the provided security key of a device management server of the automatic meter reading network;
  
  generating a response data through processing a reply data of the metering device reacting to the challenge data; and
  
  communicating the response data to the device management server to authenticate the electronic device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, further comprising establishing a data link layer and network-layer connectivity with the device management server based on an internet protocol address and other attributes of a network interface card included in the electronic device when the electronic device having the network interface card is coupled to the device management server.
  - 3. The method of claim 2, wherein the derived key is an encryption key derived from a shared key based on a symmetric key cryptography and the secret key is a pseudorandom key embedded in a non-volatile memory of the network interface card.
  - 4. The method of claim 3, wherein the network interface card is at least one of a separate card internally coupled to the electronic device and a part of a circuit board of the electronic device for performing metering.
  - 5. The method of claim 4, further comprising authenticating a connection between the network interface card and the metering device through matching a first password processed in the network interface card with a second password embedded in the metering device.
  - 6. The method of claim 5, further comprising setting a secure network bootstrap bit of the network interface card to a predetermined value and decompressing encrypted data and firmware of the network interface card when a packet indicating a secure shutdown of the network interface card is processed in the network interface card.
  - 7. The method of claim 6, further comprising setting a secure network bootstrap bit of the metering device to predetermined value and decompressing encrypted data and firmware of the metering device when a packet indicating a secure shutdown of the metering device is processed in the metering device.
  - 8. The method of claim 1 in a form of a machine-readable medium embodying a set of instructions that, when executed by a machine, causes the machine to perform the method of claim 1.

9. A method of an automatic meter reading (AMR) network, comprising:
- communicating a provided security key and a challenge data of at least one challenge-response pair to the metering device to authenticate the metering device; and
  
  determining any tampering of the metering device through analyzing a response data of the metering device.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The method of claim 9, wherein the encrypted data to include at least one of a descriptive device data, a password, an encryption key, the challenge response pair, and other device data.
  - 11. The method of claim 10, further comprising installing a bootstrap code to the metering device such that a non-volatile memory of the metering device is readily accessible by the bootstrap code.
  - 12. The method of claim 11, further comprising embedding the encrypted data and the at least one challenge-response pair to the metering device.
  - 13. The method of claim 12, further comprising delivering the encrypted data to perform the generating the database through a secure channel, wherein the secure channel to include at least one of a trusted agency delivering an optical disk containing the encrypted data and a secure electronic messaging network communicating the encrypted data.
  - 14. The method of claim 13, further comprising performing the communicating the provided security key and the challenge data using a device installation tool (DIT) carried by a trusted person through connecting the device installation tool to the metering device at a site of the metering device.

15. An electronic meter for use in a utility meter network;
- comprising;
  
  a commodity meter capable of metering at least one commodity;
  
  a network interface card capable of interfacing with a communications network, the network interface card communicatively coupled to the commodity meter;
  
  memory for storing a secret key of a secret key pair; and
  
  a processor capable of processing requests to generate a security key, wherein the processor generates a derived security key, the derived security key based on a secret key of the secret key pair and a provided security key, and wherein the network interface card sends the derived security key to a device management server over a communications network.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The utility meter of claim 15, wherein the processor capable of processing requests to generate a security key is included on the network interface card.
  - 17. The utility meter of claim 15, wherein the memory of the utility meter includes a secure network bootstrap bit.
  - 18. The utility meter of claim 16, wherein the processor network interface card prevents the sending of meter information in the event the secure network bootstrap bit is not set to a predetermined value.
  - 19. The utility meter of claim 16, wherein the network interface card puts the utility meter in a secure shutdown state in response to receiving a predetermined secure shutdown message, wherein the secure shutdown state prevents the utility meter from sending utility meter information.
  - 20. The utility meter of claim 15, wherein the memory includes an authenticating password, wherein the processor generates response data using the authenticating password and wherein the network interface card sends the response data to a device management server over a communications network.
  - 21. The utility meter of claim 15, wherein network interface card sends the response data to a device management server over a communications network, the response data including information accessed from memory uniquely identifying the commodity meter.

22. A method of provisioning a network interface card associated with a utility meter for use in a utility network, comprising:
- embedding a symmetric key in a memory device of the network interface card for use in a utility network;
  
  embedding a device data file in the memory device of the network interface card for use in a utility network;
  
  recording the embedding of the symmetric key and device data file for later transmission to a device management server, wherein transmission of the embedding of the symmetric key and device data file for later transmission to a device management server allows for authentication of the network interface card;
  
  A procedure and format for generating Device Ship files along with symmetric key to be shared between the manufacturer and the customer;
  
  A procedure and format for conducting Device installation in the field with the help of a device management System and a device Installation tool;
  
  A procedure and format for executing secure network bootstrap of the metering device and the NIC (referred to as the “
  
  Device”
  
  );
  
  A procedure and format for executing secure shutdown prepare commit, for cases wherein the device has to reboot due to planned or accidental shutdowns after incidents of tampering, etc., so that the device is reauthenticated and reinstalled before it reenters the network in a secure manner; and
  
  A procedure to protect the device against tampering, where tampering may involve any of the following but not limited to them;
  
  (a) electronic and/or physical alterations of the metering device by unauthorized electronic means;
  
  (b) insertion of the non-approved physical or electronic components in the metering device;
  
  (c) alteration of data measured and/or stored in the metering device;
  
  (d) unauthorized external tapping/connection into the data sources in the metering device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Itron Networked Solutions, Inc. (Itron, Inc.)
Original Assignee
Silver Spring Networks, Inc. (Itron, Inc.)
Inventors
Pace, James, Hughes, Sterling, Trostle, Jonathan, Vaswani, Raji

Application Number

US11/701,745
Publication Number

US 20070257813A1
Time in Patent Office

Days
Field of Search
US Class Current

340/870.20
CPC Class Codes

G01D 2204/45   Utility meters networked to...

G01D 4/004   Remote reading of utility m...

Y02B 90/20   Smart grids as enabling tec...

Y04S 20/30   Smart metering, e.g. specia...

Secure network bootstrap of devices in an automatic meter reading network

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

90 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Secure network bootstrap of devices in an automatic meter reading network

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

90 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links