Systems and Methods for Security in a Wireless Utility Network
First Claim
1. A method for enrolling a requesting and previously untrusted node in a network consisting of a plurality of trusted nodes, the method comprising:
- exchanging manufacturer originated digital certificates (“
birth certificates”
) with the requesting node;
verifying the birth certificate received from the requesting node;
establishing a first trust state with the requesting node based on the birth certificate received from the requesting node and the birth certificate sent to the requesting node;
while in the first trust state, sending an enrollment request to a certifying authority, the enrollment request including information extracted from the birth certificate received from the requesting node;
while in the first trust state, receiving a second digital certificate (“
driver'"'"'s license”
) from the certifying authority, said driver'"'"'s license being provided by the certifying authority based on a verification of the information extracted from the birth certificate received from the requesting node;
while in the first trust state, providing the driver'"'"'s license to the requesting node;
establishing a second trust state with the requesting node based on the driver'"'"'s license received from the certifying authority and a driver'"'"'s license of the responding node;
while in the second trust state, enrolling the requesting node in the network; and
while not being fully able to verify the authenticity of the requesting node within a preset time, maintaining one or more intermediate trusted states between the first and the second and subsequently requesting additional validation or repeat of enrollment request.
3 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems a provided for security in a wireless utility network. The methods and systems use different levels of trust to securely enroll new nodes into a network through other nodes acting as proxies. A node'"'"'s security state with respect to another node in the network is categorized into one of several trust levels. A node responds to certain requests, actions or messages depending based on its trust level with the other entity. Initially, a node is not trusted. A first trust level is established based on a digital certificate that is stored in a node when the node is manufactured. A second trust level is established based on a second digital certificate obtained from a certifying authority while a node is in the first trust level. A node with a verified second certificate can be fully enrolled in the network and participate as a network node with minimal or no constraints.
-
Citations
19 Claims
-
1. A method for enrolling a requesting and previously untrusted node in a network consisting of a plurality of trusted nodes, the method comprising:
-
exchanging manufacturer originated digital certificates (“
birth certificates”
) with the requesting node;verifying the birth certificate received from the requesting node; establishing a first trust state with the requesting node based on the birth certificate received from the requesting node and the birth certificate sent to the requesting node; while in the first trust state, sending an enrollment request to a certifying authority, the enrollment request including information extracted from the birth certificate received from the requesting node; while in the first trust state, receiving a second digital certificate (“
driver'"'"'s license”
) from the certifying authority, said driver'"'"'s license being provided by the certifying authority based on a verification of the information extracted from the birth certificate received from the requesting node;while in the first trust state, providing the driver'"'"'s license to the requesting node; establishing a second trust state with the requesting node based on the driver'"'"'s license received from the certifying authority and a driver'"'"'s license of the responding node; while in the second trust state, enrolling the requesting node in the network; and while not being fully able to verify the authenticity of the requesting node within a preset time, maintaining one or more intermediate trusted states between the first and the second and subsequently requesting additional validation or repeat of enrollment request. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system comprising:
-
a secure network; a requesting node; and a responding node, wherein, the responding node includes a data processor and a computer-readable medium that, when executed by the processor, control the responding node to perform a method for enrolling the requesting node in the network, the method comprising; exchanging manufacturer originated digital certificates (“
birth certificates”
) with the requesting node;verifying the birth certificate received from the requesting node; establishing a first trust state with the requesting node based on the birth certificate received from the requesting node and the birth certificate sent to the requesting node; while in the first trust state, sending an enrollment request to a certifying authority, the enrollment request including information extracted from the birth certificate received from the requesting node; while in the first trust state, receiving a a second digital certificate (“
driver'"'"'s license”
) from the certifying authority, said driver'"'"'s license being provided from the certifying authority based on a verification of the information extracted from the birth certificate received from the requesting node;while in the first trust state, providing the driver'"'"'s license to the requesting node; establishing a second trust state with the requesting node based on the driver'"'"'s license received from the certifying authority and a driver'"'"'s license of the responding node; while in the second trust state, enrolling the requesting node in the network; and while not being fully able to verify the authenticity of the requesting node within a preset time, maintaining one or more intermediate trusted states between the first and the second and subsequently requesting additional validation or repeat of enrollment request - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A method for enrolling a new node in a network via a proxy node, said proxy node being a trusted member of the network, the method comprising:
-
exchanging birth-certificates with the proxy node; establishing a first trust state with the proxy node based on the birth certificate received from the proxy node and the birth certificate sent to the new node; while in the first trust state, receiving a driver'"'"'s license from a certifying authority via the proxy node, said driver'"'"'s license including information extracted from the birth certificate of the new node; while in the first trust state, authenticating the driver'"'"'s license based on a previously provided system-specific root certificate; establishing a second trust state with the proxy node based on the driver'"'"'s license; and while in the second trust state, enrolling in the network.
-
Specification