System and method for federated security in an energy management system
First Claim
1. An energy management system for managing an energy distribution system, the energy management system comprising:
- first and second energy management devices, the first energy management device being affiliated with a first entity and the second energy management device being affiliated with a second entity different from the first entity;
wherein at least the second energy management device includes;
an energy distribution system interface operative to couple the second energy management device with at least a portion of the energy distribution system;
a processor coupled with the energy distribution system interface and operative to generate energy management data therefrom; and
a security device coupled with the processor and operative to provide access data identifying entities and affiliates thereof, unaffiliated with the second entity, which are permitted to access the energy management data;
the energy management system further comprising;
a network coupled with the first and second energy management devices and operative to facilitate communications therebetween; and
wherein the first energy management device is operative to request at least a portion of the energy management data from the second energy management device via the network, the request including an assertion of authorization to access the energy management data, the processor being operative to validate the assertion via the access data provided by the security device and limit access to the energy management data based thereon.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method are disclosed for providing authentication of data source and integrity between applications and users in different Non Affiliated Entities/organizations while limiting access to resources between private networks of energy management devices. A Non Affiliated Entity (“NAE”) is an organization, individual or group of entities that may share some information with each other but are not closely tied, such as a group of competitor utilities. In conducting their operations, two or more applications or organizations (NAEs) may not fully trust one another, but wish to share some EM data and resources. These NAEs identify users, such as EM devices, using a “federated security” scheme that may be based on Kerberos, which allows users from one NAE to be identified to another NAE. Web service security can be combined with federated security based authentication and access control to provide for secure exchange of EM data between users of different NABs. Federation is a technology and business agreement whereby users (including non-human users such as EM devices and EM software) that are part of a single or separate organization are able to interact through a system of authentication that allows for distributed processing, data sharing and resource sharing.
-
Citations
49 Claims
-
1. An energy management system for managing an energy distribution system, the energy management system comprising:
-
first and second energy management devices, the first energy management device being affiliated with a first entity and the second energy management device being affiliated with a second entity different from the first entity; wherein at least the second energy management device includes; an energy distribution system interface operative to couple the second energy management device with at least a portion of the energy distribution system; a processor coupled with the energy distribution system interface and operative to generate energy management data therefrom; and a security device coupled with the processor and operative to provide access data identifying entities and affiliates thereof, unaffiliated with the second entity, which are permitted to access the energy management data; the energy management system further comprising; a network coupled with the first and second energy management devices and operative to facilitate communications therebetween; and wherein the first energy management device is operative to request at least a portion of the energy management data from the second energy management device via the network, the request including an assertion of authorization to access the energy management data, the processor being operative to validate the assertion via the access data provided by the security device and limit access to the energy management data based thereon. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. A method of managing an energy distribution system, the system comprising first and second energy management devices and a network coupled with the first and second energy management devices and operative to facilitate communications therebetween, the first energy management device being affiliated with a first entity and the second energy management device being affiliated with a second entity different from the first entity, wherein at least the second energy management device includes an energy distribution system interface operative to couple the second energy management device with at least a portion of the energy distribution system and a processor coupled with the energy distribution system interface and operative to generate energy management data therefrom, the method comprising:
-
providing access data identifying entities and affiliates thereof, unaffiliated with the second entity, which are permitted to access the energy management data; requesting by the first energy management device at least a portion of the energy management data from the second energy management device via the network, the request including an assertion of authorization to access the energy management data; and validating, by the processor, the assertion via the provided access data and limiting access to the energy management data based thereon. - View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48)
-
-
49. An energy management system for managing an energy distribution system, the energy management system comprising:
-
first and second energy management devices, the first energy management device being affiliated with a first entity and the second energy management device being affiliated with a second entity different from the first entity; wherein at least the second energy management device includes; means for interfacing the second energy management device with at least a portion of the energy distribution system; means for generating energy management data therefrom; and means for providing access data identifying entities and affiliates thereof, unaffiliated with the second entity, which are permitted to access the energy management data; the energy management system further comprising; network means coupled with the first and second energy management devices for facilitating communications therebetween; and wherein the first energy management device is operative to request at least a portion of the energy management data from the second energy management device via the network, the request including an assertion of authorization to access the energy management data, the second energy management device further comprising means for validating the assertion via the access data provided and limiting access to the energy management data based thereon.
-
Specification