APPARATUS, METHODS, AND SYSTEM FOR ROLE-BASED ACCESS IN AN INTELLIGENT ELECTRONIC DEVICE

US 20080162930A1
Filed: 12/28/2006
Published: 07/03/2008
Est. Priority Date: 12/28/2006
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

generating a role for a user of an intelligent electronic device (“

IED”

);

generating a user assignment;

generating a site assignment; and

generating a user security key and an associated security file based on data output from at least one of the steps of generating a role, generating a user assignment, and generating a site assignment.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present disclosure describes apparatus, methods, and system for secure access control of an intelligent electronic device (“IED”) by multiple personnel. Within the IED a set of basic permissions is defined. A software program allows a security administrator create specific roles from the basic permissions. The software program can then be used to assign to a user a specific role for one or more specific IEDs. This action creates a set of unique security keys for the user and a unique security file for each IED. When a user accesses an IED the system identifies the user from the security key and determines his/her permissions using the security file. The security key may take the form of a password inputted into the IED, an access device incorporated within the IED, and/or a remote access device positioned proximate the IED or removably positioned in the IED.

58 Citations

20 Claims

1. A method, comprising:
- generating a role for a user of an intelligent electronic device (“
  
  IED”
  
  );
  
  generating a user assignment;
  
  generating a site assignment; and
  
  generating a user security key and an associated security file based on data output from at least one of the steps of generating a role, generating a user assignment, and generating a site assignment.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising:
    - encrypting at least one of the user security key and the associated security file.
  - 3. The method of claim 1, further comprising:
    - transmitting the associated security file to the IED.
  - 4. The method of claim 1, wherein the step of generating a role comprises:
    - building the role from one or more basic permissions.
  - 5. The method of claim 1, wherein the step of generating a user assignment comprises:
    - assigning a user name to the role; and
      
      specifying expiry.
  - 6. The method of claim 5, wherein the step of generating a user assignment further comprises:
    - enabling or disabling supervision;
      
      specifying a domain; and
      
      enabling or disabling remote access.
  - 7. The method of claim 1, wherein the step of generating a site assignment comprises:
    - adding a new site profile;
      
      adding a new IED profile; and
      
      assigning the new IED profile to the new site profile.

8. A method of operating an IED, comprising:
- receiving an action request;
  
  checking a received user key against a security file;
  
  executing an action if permission is granted as a result of the checking step; and
  
  generating an unauthorized access alarm if permission is denied as a result of the checking step.
- View Dependent Claims (9)
- - 9. The method of claim 8, further comprising:
    - updating a security log with data, wherein the data is associated with one of the action and the unauthorized access alarm.

10. An apparatus, comprising:
- a microprocessor;
  
  a circuit managed by the microprocessor and configured to control operation of substation equipment;
  
  a memory coupled with the microprocessor; and
  
  a role-based access control (“
  
  RBAC”
  
  ) mechanism configured to be executed by the microprocessor.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 11. The apparatus of claim 10, wherein the apparatus is an intelligent electronic device (“
    - IED”
      
      ).
  - 12. The apparatus of claim 10, further comprising:
    - a security file stored in the memory that when processed by the microprocessor causes the microprocessor to grant role-based user access to the apparatus.
  - 13. The apparatus of claim 12, wherein the security file comprises data that includes:
    - at least one of a unique code and unique password; and
      
      role-based privileges associated therewith.
  - 14. The apparatus of claim 13, wherein the unique code comprises user biometric information.
  - 15. The apparatus of claim 10, wherein the RBAC device comprises:
    - one of a USB port, a wireless reader, and a biometric device.
  - 16. The apparatus of claim 15, further comprising:
    - one of a removable USB-compatible key and a wireless-compatible key.
  - 17. The apparatus of claim 16, wherein the removable USB-compatible key contains at least one of a unique code and unique password, and wherein the wireless-compatible key contains at least one of the unique code and unique password.
  - 18. The apparatus of claim 10, further comprising:
    - a data port for remote access.
  - 19. The apparatus of claim 18, wherein the data port for remote access comprises:
    - one of a USB port, an Ethernet port, and a wireless transceiver.

20. A system, comprising:
- an intelligent electronic device (“
  
  IED”
  
  ) configured to allow role-based access to a user of the IED;
  
  a network; and
  
  a remote computer coupled to the IED via the network, wherein the remote computer is configured to transmit an IED security file to the IED, wherein the IED security file comprises one or more unique security code/passwords, each of which is associated with a role comprised of one or more permissions.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
GE Infrastructure Technology, LLC (General Electric Company)
Original Assignee
General Electric Company
Inventors
Cargnelli, Claudio, Mazereeuw, Jeffrey, Thompson, Donald Glenn, Finney, Dale

Granted Patent

US 7,870,595 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/165
CPC Class Codes

H04L 63/083   using passwords cryptograph...

H04L 63/102   Entity profiles

H04L 63/105   Multiple levels of security

Y04S 40/20   Information technology spec...

APPARATUS, METHODS, AND SYSTEM FOR ROLE-BASED ACCESS IN AN INTELLIGENT ELECTRONIC DEVICE

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

58 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

APPARATUS, METHODS, AND SYSTEM FOR ROLE-BASED ACCESS IN AN INTELLIGENT ELECTRONIC DEVICE

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

58 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links