SYSTEM AND METHOD FOR TAMPER DETECTION ON DISTRIBUTED UTILITY INFRASTRUCTURE

US 20170024983A1
Filed: 07/20/2016
Published: 01/26/2017
Est. Priority Date: 07/20/2015
Status: Abandoned Application

First Claim

Patent Images

1. A method for tamper detection on distributed utility infrastructure, comprising:

receiving, within a first edge device of the utility infrastructure, sensor data from a plurality of sensors each positioned to detect physical events at the first edge device;

determining, from the sensor data, one or more indicators when the sensor data is outside a normal range value, respectively;

updating, based upon the one or more indicators, a limited factor graph corresponding to at least a portion of the utility infrastructure;

identifying, from the limited factor graph, an event that is occurring in the first edge device;

deciding whether the event is a tamper event; and

if the event is a tamper event, initiating mitigation of the tamper event.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method are disclosed that use information from a distributed, sensor-based network to decide if unwanted tampering is occurring within a utility infrastructure and how to respond. The system and method receive data from sensors located in embedded devices on the edge of the network (i.e., edge devices) and process the data to identify the presence or absence of indicators. A factor graph is generated and. updated with the indicators, along with historical incident and user-defined data, and relationships between the sensors. Based upon the factor graph, the system and method determine what events are occurring at edge devices and decide whether the events are tamper events caused by unwanted tampering. Enforcement programs are used to appropriately mitigate the tamper events.

31 Citations

View as Search Results

20 Claims

1. A method for tamper detection on distributed utility infrastructure, comprising:
- receiving, within a first edge device of the utility infrastructure, sensor data from a plurality of sensors each positioned to detect physical events at the first edge device;
  
  determining, from the sensor data, one or more indicators when the sensor data is outside a normal range value, respectively;
  
  updating, based upon the one or more indicators, a limited factor graph corresponding to at least a portion of the utility infrastructure;
  
  identifying, from the limited factor graph, an event that is occurring in the first edge device;
  
  deciding whether the event is a tamper event; and
  
  if the event is a tamper event, initiating mitigation of the tamper event.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, the step of identifying comprising identifying, from the limited factor graph, a sequence of indicators corresponding to an event.
  - 3. The method of claim 1, further comprising:
    - requesting, within a decision point that is communicatively coupled with the edge device, additional sensor data from a second edge device;
      
      generating a combined factor graph based upon indicators received from the first edge device and the second edge device; and
      
      identifying, from the combined factor graph, one or more events that are occurring in at least one of the first and second edge devices.
  - 4. The method of claim 1, the step of initiating mitigation comprising ignoring the tamper event to prevent disruption of utility service.
  - 5. The method of claim 1, the step of initiating mitigation comprising isolating electronically at least one edge device to prevent spreading of the tamper event.
  - 6. The method of claim 1, the step of initiating mitigation comprising electronically quarantining a location of the distributed utility infrastructure to prevent the tamper event from spreading.
  - 7. The method of claim 1, the step of initiating mitigation comprising shutting down at least one location of the distributed utility infrastructure to prevent catastrophic damage.

8. A system for tamper detection on distributed utility infrastructure, comprising:
- at least one edge device comprising;
  
  a plurality of sensors positioned to detect events at the at least one edge device of the utility infrastructure;
  
  a first processor communicatively coupled to the plurality of sensors;
  
  a first memory communicatively coupled with the first processor; and
  
  a factor graph stored within the first memory;
  
  at least one actuator communicatively coupled with the first processor;
  
  an information program comprising machine readable instructions stored within the first memory that, when executed by the first processor, is capable of;
  
  receiving data from the plurality of sensors;
  
  processing the data to compare with predetermined threshold values to identify the presence of at least one indicator;
  
  updating the factor graph, based upon the at least one indicator, to determine an event that is occurring at the at least one edge device; and
  
  deciding whether at least one event is a tamper event; and
  
  an first enforcement program comprising machine readable instructions stored within the first memory that, when executed by the first processor, is capable of controlling the at least one actuator to mitigate the tamper event.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
- - 9. The system of claim 8, the plurality of sensors configured to detect one or more of light, shaking, temperature, and an opened door.
  - 10. The system of claim 8, a second enforcement program comprising a second processor communicatively coupled with the at least one edge device and a second memory communicatively coupled with the processor, wherein the second enforcement program is located remotely from the at least one edge device within the distributed utility infrastructure.
  - 11. The system of claim 8, the at least one actuator comprising a network switch for filtering network traffic to and from the at least one edge device.
  - 12. The system of claim 8, further comprising a supervisory control and data acquisition (SCADA) network for electronic communications between the plurality of sensors, the edge device, the processor, and a user interface.
  - 13. The system of claim 8, further comprising a decision point having a second processor communicatively coupled with a second memory and a decision program having machine readable instructions stored in the second memory that, when executed by the second processor, is capable of:
    - updating the factor graph using values from a plurality of edge devices within the distributed utility infrastructure, thereby generating a combined factor graph; and
      
      determining that the tamper event is occurring in at least one of the plurality of edge devices based on the combined factor graph.
  - 14. The system of claim 13, the decision program further capable of identifying an event based on a sequence of received indicators.
  - 15. The system of claim 13, the second enforcement program further capable of mitigating tamper events among a plurality of edge devices.

16. A software product comprising instructions, stored on non-transitory computer-readable media, wherein the instructions, when executed by a computer, perform steps for tamper detection on distributed utility infrastructure comprising:
- an information program for a) receiving values from the plurality of sensors and processing the values based upon predetermined thresholds to identify at least one indicator, b) updating, based upon the at least one indicator, a factor graph corresponding to at least a portion of the utility infrastructure, c) determining, from the factor graph, an event that is occurring to the edge device, and d) deciding whether the event is a tamper event.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The software product of claim 16, wherein the information program includes instructions for identifying an event from a sequence of indicators.
  - 18. The software product of claim 16, further comprising a decision program, the decision program comprising:
    - instructions for updating the factor graph using indicators from a plurality of information programs, thereby generating a combined factor graph, wherein each of the plurality of information programs is stored in memory of a respective edge device within the distributed utility infrastructure; and
      
      instructions for determining what events are occurring in at least one edge device based on the combined factor graph; and
      
      instructions for deciding whether any events that are occurring in the at least one edge device are tamper events based on historical incident and user-defined data, and relationships of the plurality of sensors.
  - 19. The software product of claim 16, further comprising an enforcement program for initiating mitigation of tamper events.
  - 20. The software product of claim 16, further comprising a decision program layout tool to calculate optimal positions for decision programs within the distributed utility based on a network topology file of the distributed utility.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
The Trustees of Dartmounth College (Dartmouth College)
Original Assignee
The Trustees of Dartmounth College (Dartmouth College)
Inventors
Reeves, Jason, Smith, Sean

Application Number

US15/215,083
Publication Number

US 20170024983A1
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G08B 13/02 Mechanical actuation

G08B 21/182 Level alarms, e.g. alarms r...

SYSTEM AND METHOD FOR TAMPER DETECTION ON DISTRIBUTED UTILITY INFRASTRUCTURE

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

31 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR TAMPER DETECTION ON DISTRIBUTED UTILITY INFRASTRUCTURE

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

31 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links