AUTHENTICATED SENSOR INTERFACE DEVICE

US 20130117556A1
Filed: 11/01/2012
Published: 05/09/2013
Est. Priority Date: 11/03/2011
Status: Active Grant

First Claim

Patent Images

1. A system for providing secure transmission of data, the system comprising:

a data source configured to provide secure data;

a data aggregate device capable of receiving the secure data from the data source, the data aggregate device configured to encrypt the secure data into a plurality of independently encrypted data packets and to provide the independently encrypted data packets over a plurality of isolated data paths;

a plurality of optoisolators, each of the plurality of optoisolators disposed in one of the plurality of isolated data paths, each of the plurality of optoisolators configured to provide one-way transmission of data over one of the plurality of isolated data paths; and

a plurality of data transmitters, each of the plurality data transmitters disposed in one of the plurality of isolated data paths, each of the plurality of data transmitters capable of receiving one of the plurality of independently encrypted data packets from one of the plurality of optoisolators and transmitting one of the plurality of independently encrypted data packets to a remote device.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for the secure storage and transmission of data is provided. A data aggregate device can be configured to receive secure data from a data source, such as a sensor, and encrypt the secure data using a suitable encryption technique, such as a shared private key technique, a public key encryption technique, a Diffie-Hellman key exchange technique, or other suitable encryption technique. The encrypted secure data can be provided from the data aggregate device to different remote devices over a plurality of segregated or isolated data paths. Each of the isolated data paths can include an optoisolator that is configured to provide one-way transmission of the encrypted secure data from the data aggregate device over the isolated data path. External data can be received through a secure data filter which, by validating the external data, allows for key exchange and other various adjustments from an external source.

52 Citations

View as Search Results

20 Claims

1. A system for providing secure transmission of data, the system comprising:
- a data source configured to provide secure data;
  
  a data aggregate device capable of receiving the secure data from the data source, the data aggregate device configured to encrypt the secure data into a plurality of independently encrypted data packets and to provide the independently encrypted data packets over a plurality of isolated data paths;
  
  a plurality of optoisolators, each of the plurality of optoisolators disposed in one of the plurality of isolated data paths, each of the plurality of optoisolators configured to provide one-way transmission of data over one of the plurality of isolated data paths; and
  
  a plurality of data transmitters, each of the plurality data transmitters disposed in one of the plurality of isolated data paths, each of the plurality of data transmitters capable of receiving one of the plurality of independently encrypted data packets from one of the plurality of optoisolators and transmitting one of the plurality of independently encrypted data packets to a remote device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The system of claim 1, wherein the data aggregate device, the plurality of optoisolators, and the plurality of data transmitters are provided in a tamper indicating enclosure.
  - 3. The system of claim 1, wherein each of the plurality of data transmitters is capable of storing at least one of the plurality of independently encrypted data packets in a memory.
  - 4. The system of claim 1, wherein at least one of the plurality of optoisolators is configured to provide for the one-way exchange of data using an optical signal.
  - 5. The system of claim 1, wherein the plurality of isolated data paths comprises a first isolated data path and a second isolated data path, the first isolated data path configured to provide a first independently encrypted data packet to a first remote computing device over a first communication link, the second isolated data path configured to provide a second independently encrypted data packet to a second remote computing device over a second communication link.
  - 6. The system of claim 1, wherein the data source is a sensor.
  - 7. The system of claim 1, wherein the system further comprises at least one second data source configured to provide a uniquely changing code to the data aggregate device, the data aggregate device configured to associate the uniquely changing code with the plurality of independently encrypted secure data packets.
  - 8. The system of claim 7, wherein the uniquely changing code is independently associated with each of the plurality of independently secure data packets.
  - 9. The system of claim 1, wherein the data aggregate device is configured to encrypt the secure data using a private shared key.
  - 10. The system of claim 1, wherein the system further comprises a secure data filter configured to receive external data from a remote device, the secure data filter comprising:
    - a receiver comprising one or more optical sensors configured to receive an optical signal encoding the external data;
      
      a sensor circuit coupled to each of the one or more sensors of the receiver, each sensor circuit configured to change state over a time period in response to an optical signal received at its associated optical sensor;
      
      a movable shutter capable of preventing optical access to the one or more optical sensors; and
      
      a controller configured to control actuation of the movable shutter to temporarily provide optical access to the one or more optical sensors, the controller configured to control actuation of the movable shutter based at least in part on the time period for each sensor circuit to change state.
  - 11. The system of claim 10, wherein the external data comprises a key used for an encryption technique used by the data aggregate device to encrypt the secure data.
  - 12. The system of claim 11, wherein the encryption technique comprises a public key encryption technique or a Diffie-Hellman key exchange technique.

13. A secure data filter for receiving external data from a remote data source, the secure data filter comprising:
- a receiver comprising one or more optical sensors configured to receive an optical signal encoding the external data;
  
  a sensor circuit coupled to each of the one or more sensors of the receiver, each sensor circuit configured to change state over a time period in response to an optical signal received at its associated optical sensor;
  
  a movable shutter capable of preventing optical access to the one or more optical sensors; and
  
  a controller configured to actuate the movable shutter to provide optical access to the one or more optical sensors, the controller configured to control optical access provided by the movable shutter based at least in part on the time period for each sensor circuit to change state.
- View Dependent Claims (14, 15, 16, 17, 18, 20)
- - 14. The secure data filter of claim 13, wherein the receiver comprises eight optical sensors, each optical sensor configured to receive a single bit of external data via an optical signal.
  - 15. The secure data filter of claim 13, wherein the controller is configured to control optical access provided by the movable shutter based at least in part on the time period for each sensor circuit to change state by:
    - actuating the movable shutter to provide optical access to the one or more optical sensors during the time period for each sensor circuit to change state; and
      
      after expiration of the time period but prior to expiration of twice the time period, actuating the movable shutter to prevent optical access to the one or more optical sensors.
  - 16. The secure data filter of claim 13, wherein the receiver comprises an additional optical sensor configured to optically receive a checksum for the external data.
  - 17. The secure data filter of claim 13, wherein the controller is configured to periodically actuate the movable shutter to provide optical access to the one or more optical sensors based at least in part on a timing schedule.
  - 18. The secure data filter of claim 13, wherein the sensor circuit comprises at least one of a resistor-capacitor circuit (RC circuit) or a Schmitt trigger.
  - 20. The computer-implemented method of claim 17, wherein the method further comprises receiving external data at the data aggregate device from a secure data filter, the secure data filter comprising:
    - a receiver comprising one or more optical sensors configured to receive an optical signal encoding the external data;
      
      a sensor circuit coupled to each of the one or more sensors of the receiver, each sensor circuit configured to change state over a time period in response to an optical signal received at its associated optical sensor;
      
      a movable shutter capable of preventing optical access to the one or more optical sensors; and
      
      a controller configured to actuate the movable shutter to provide optical access to the one or more optical sensors, the controller configured to control optical access provided by the movable shutter based at least in part on the time period for each sensor circuit to change state.

19. A computer-implemented method for providing secure transmission of data, comprising:
- receiving, at a data aggregate device, secure data from a data source;
  
  encrypting, at the data aggregate device, the secure data to generate a first encrypted data packet and a second encrypted data packet such that the first encrypted data packet and the second encrypted data packet are encrypted independently;
  
  transmitting the first encrypted data packet from the data aggregate device to a first isolated data path and the second encrypted data packet from the data aggregate device to a second isolated data path, each of the first and second isolated data paths comprising an optoisolator configured to provide one-way transmission data from the data aggregate device;
  
  receiving the first encrypted data packet at a first data transmitter provided in the first isolated data path;
  
  receiving the second encrypted data packet at a second data transmitter provided in the second isolated data path;
  
  transmitting the first encrypted data packet from the first data transmitter provided in the first isolated data path to a first remote device over a first communication link; and
  
  transmitting the second encrypted data packet from the second data transmitter provided in the second isolated data path to a second remote device over a second communication link.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Battelle Savannah River Alliance LLC
Original Assignee
Savannah River Nuclear Solutions LLS
Inventors
Coleman, Jody Rustyn, Poland, Richard W.

Granted Patent

US 9,473,300 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/154
CPC Class Codes

G06F 12/1408   by using cryptography for d...

H04B 10/00   Transmission systems employ...

H04L 63/0492   by using a location-limited...

H04L 63/18   using different networks or...

H04L 9/0827   involving distinctive inter...

AUTHENTICATED SENSOR INTERFACE DEVICE

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

52 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

AUTHENTICATED SENSOR INTERFACE DEVICE

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

52 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links