System for secure online configuration and communication

US 7,673,337 B1
Filed: 07/26/2007
Issued: 03/02/2010
Est. Priority Date: 07/26/2007
Status: Active Grant

First Claim

Patent Images

1. A system for online configuration and communication for a supervisory control and data acquisition system comprising:

(a) an online configurable enterprise server comprising;

a server port for receiving a server removable data storage device comprising a second cryptography chip;

a server power supply;

a server telemetry interface;

a server processor in communication with a server data storage comprising;

a server protocol module;

a server connection module;

a server configuration database;

(b) at least one intelligent electronic device for measuring a process, wherein the at least one intelligent electronic device comprises an intelligent electronic device processor and intelligent electronic device data storage comprising computer instructions for instructing the intelligent electronic device processor to transmit non-encrypted measured data to the enterprise server;

(c) an online configurable intelligent electronic cryptographic module in communication with the online configurable enterprise server, wherein the online configurable intelligent electronic cryptographic module comprises a first cryptography chip and at least one data storage comprising computer instructions for instructing a first processor in communication with the online configurable intelligent electronic cryptographic module to;

i. selectively decrypt at least one encrypted message transmitted from the online configurable enterprise server using the first cryptography chip, forming at least one decrypted message;

ii. transmit the at least one decrypted message to the at least one intelligent electronic device;

iii. selectively encrypt the non-encrypted measured data transmitted from the at least one intelligent electronic device, forming encrypted measured data;

iv. transmit the encrypted measured data to the online configurable enterprise server;

v. at least once authenticate that the online configurable intelligent electronic cryptographic module is authorized to transmit to the online configurable enterprise server, andvi. at least once authenticate that the online configurable enterprise server is authorized to transmit to the online configurable intelligent electronic cryptographic module;

vii. communicate a command from the online configurable enterprise server to the online configurable intelligent electronic cryptographic module, wherein the command comprises reconfiguration instructions for the at least one intelligent electronic device, a request for data from the at least one intelligent electronic device, or combinations thereof;

viii. communicate a command from the at least one intelligent electronic device to the online configurable enterprise server, wherein the command comprises the non-encrypted measured data, a request for further instructions, or combinations thereof;

ix. store the encrypted measured data; and

(d) a configurable server interface comprising;

a server application programming interface in communication between at least one configurable client device having a client interface and the online configurable enterprise server.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for online configuration and communication for a supervisory control and data acquisition system comprising an online configurable enterprise server, at least one intelligent electronic device, an online configurable intelligent electronic cryptographic module, and a configurable server interface. Both the online configurable enterprise server and the online configurable intelligent electronic cryptographic module include respective cryptography chips and computer instructions for instructing respective processors to selectively encrypt and decrypt commands, messages, data, and responses, allowing non-encrypted transmissions between the at least one intelligent electronic device and the online configurable intelligent electronic cryptographic module, and selectively encrypted transmission between the intelligent electronic cryptographic module and the online configurable enterprise server.

87 Citations

View as Search Results

18 Claims

1. A system for online configuration and communication for a supervisory control and data acquisition system comprising:
- (a) an online configurable enterprise server comprising;
  
  a server port for receiving a server removable data storage device comprising a second cryptography chip;
  
  a server power supply;
  
  a server telemetry interface;
  
  a server processor in communication with a server data storage comprising;
  
  a server protocol module;
  
  a server connection module;
  
  a server configuration database;
  
  (b) at least one intelligent electronic device for measuring a process, wherein the at least one intelligent electronic device comprises an intelligent electronic device processor and intelligent electronic device data storage comprising computer instructions for instructing the intelligent electronic device processor to transmit non-encrypted measured data to the enterprise server;
  
  (c) an online configurable intelligent electronic cryptographic module in communication with the online configurable enterprise server, wherein the online configurable intelligent electronic cryptographic module comprises a first cryptography chip and at least one data storage comprising computer instructions for instructing a first processor in communication with the online configurable intelligent electronic cryptographic module to;
  
  i. selectively decrypt at least one encrypted message transmitted from the online configurable enterprise server using the first cryptography chip, forming at least one decrypted message;
  
  ii. transmit the at least one decrypted message to the at least one intelligent electronic device;
  
  iii. selectively encrypt the non-encrypted measured data transmitted from the at least one intelligent electronic device, forming encrypted measured data;
  
  iv. transmit the encrypted measured data to the online configurable enterprise server;
  
  v. at least once authenticate that the online configurable intelligent electronic cryptographic module is authorized to transmit to the online configurable enterprise server, andvi. at least once authenticate that the online configurable enterprise server is authorized to transmit to the online configurable intelligent electronic cryptographic module;
  
  vii. communicate a command from the online configurable enterprise server to the online configurable intelligent electronic cryptographic module, wherein the command comprises reconfiguration instructions for the at least one intelligent electronic device, a request for data from the at least one intelligent electronic device, or combinations thereof;
  
  viii. communicate a command from the at least one intelligent electronic device to the online configurable enterprise server, wherein the command comprises the non-encrypted measured data, a request for further instructions, or combinations thereof;
  
  ix. store the encrypted measured data; and
  
  (d) a configurable server interface comprising;
  
  a server application programming interface in communication between at least one configurable client device having a client interface and the online configurable enterprise server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The system of claim 1, wherein the first cryptography chip, the second cryptography chip, or combinations thereof comprise at least one encryption algorithm, at least one decryption algorithm, cryptographic tamper resistant memory, at least one key resident in the cryptographic tamper resistant memory, a random number generator, at least one certificate for digital signatures, a first authentication module, or combinations thereof.
  - 3. The system of claim 1, wherein the online configurable enterprise server further comprises a configuration software for enabling the online reconfiguration of the online configurable enterprise server, the online configurable intelligent electronic cryptographic module, the at least one intelligent electronic device, or combinations thereof.
  - 4. The system of claim 1, wherein the online configurable intelligent electronic cryptographic module is adapted to be activated on line, without interruption of service to the at least one intelligent electronic device.
  - 5. The system of claim 1, wherein the online configurable intelligent electronic cryptographic module further comprises computer instructions for instructing the first processor to embed a first digital signature in the online configurable enterprise server, embed a second digital signature in the online configurable intelligent electronic cryptographic module, and transmit and validate the first digital signature, the second digital signature, or combinations thereof prior to encrypting non-encrypted responses, decrypting encrypted messages, transmitting encrypted responses, or transmitting decrypted messages.
  - 6. The system of claim 1, wherein the at least one intelligent electronic device further comprises:
    - (a) an analog-to-digital converter in communication with the intelligent electronic device processor for measuring the process and converting non-encrypted measurements into digital representations, wherein the digital representations are selectively stored in the intelligent electronic device data storage;
      
      (b) intelligent electronic device computer instructions in the intelligent electronic device data storage for instructing the intelligent electronic device processor to selectively store the digital representations in the intelligent electronic device data storage; and
      
      (c) a bidirectional intelligent electronic device port for transmitting the digital representations to the online configurable enterprise server via the online configurable intelligent electronic cryptographic module and receiving commands from the online configurable enterprise server via the online configurable intelligent electronic cryptographic module in response to the digital representations.
  - 7. The system of claim 1, wherein the online configurable intelligent electronic cryptographic module further comprises:
    - at least one server-side port for receiving a member of the group consisting of;
      
      at least one encrypted message, at least one non-encrypted message, or combinations thereof from the online configurable enterprise server for transmitting to at least one intelligent electronic device, and for transmitting a member of the group consisting of;
      
      at least one encrypted response, at least one non-encrypted response, or combinations thereof from the at least one intelligent electronic device to the online configurable enterprise server; and
      
      at least one non-encrypted port for transmitting at least one decrypted message from the online configurable intelligent electronic cryptographic module to the at least one intelligent electronic device and receiving at least one non-encrypted response from the at least one intelligent electronic device for transmitting to the online configurable enterprise server.
  - 8. The system of claim 1, wherein the at least one intelligent electronic device is adapted to perform a member of the group consisting of:
    - metering at least one utility, detecting abnormal operating conditions, performing data processing, controlling operating conditions, and combinations thereof.
  - 9. The system of claim 1, wherein encryption and decryption functions of the first cryptography chip, the second cryptography chip, or combinations thereof can be selectively activated and deactivated.
  - 10. The system of claim 1, wherein the at least one data storage further comprises a log for storing information from the online configurable intelligent electronic cryptographic module.
  - 11. The system of claim 1, further comprising at least one additional enterprise server in communication with the online configurable intelligent electronic cryptographic module for providing online configurability of and communication with the at least one additional enterprise server, the online configurable enterprise server, the online configurable intelligent electronic cryptographic module, the at least one intelligent electronic device, or combinations thereof.
  - 12. The system of claim 1, wherein the at least one intelligent electronic device, the online configurable enterprise server, the online configurable intelligent electronic cryptographic module, or combinations thereof are in communication via at least one network.
  - 13. The system of claim 1, wherein the online configurable enterprise server is in communication with a first network, a first intelligent electronic device is in communication with a second network, and a second intelligent electronic device is in communication with a third network.
  - 14. The system of claim 1, wherein the online configurable enterprise server, the online configurable intelligent electronic cryptographic module, the at least one intelligent electronic device, or combinations thereof are adapted to engage at least two industry standard protocols simultaneously.
  - 15. The system of claim 14, wherein the at least two industry standard protocols are selected from the group consisting of:
    - a MODBUS, a DNP3.0, a BSAP™
      
      , a Megaco/H.248 protocol, simple message transfer protocol (SMTP), a short message service (SMS) protocol, a multimedia message service (MMS) protocol, an enhanced message service (EMS) protocol, a media gateway control protocol (MGCP), a SIP protocol, a H.323 protocol, an ISDN protocol, a PSTN protocol, and combinations thereof.
  - 16. The system of claim 1, wherein the online configurable intelligent electronic cryptographic module further comprises computer instructions for instructing the first processor to:
    - receive at least one public exchange key from the online configurable enterprise server;
      
      derive at least one session key;
      
      encrypt the at least one session key using the at least one public key, forming at least one encrypted session key;
      
      transmit the at least one encrypted session key to the online configurable enterprise server; and
      
      wherein the online configurable enterprise server further comprises computer instructions for instructing the server processor to;
      
      derive the at least one public exchange key and at least one private exchange key;
      
      transmit the at least one public exchange key to the online configurable intelligent electronic cryptographic module;
      
      receive the at least one encrypted session key from the online configurable intelligent electronic cryptographic module;
      
      decrypt the at least one session key using the at least one private key;
      
      wherein the at least one session key is used to encrypt messages and responses transmitted between the online configurable enterprise server and the online configurable intelligent electronic cryptographic module.
  - 17. The system of claim 1, wherein the online configurable enterprise server further comprises computer instructions for instructing the server processor to:
    - receive at least one public exchange key from the online configurable intelligent electronic cryptographic module;
      
      derive at least one session key;
      
      encrypt the at least one session key using the at least one public key, forming at least one encrypted session key; and
      
      transmit the at least one encrypted session key to the online configurable intelligent electronic cryptographic module; and
      
      wherein the online configurable intelligent electronic cryptographic module further comprises computer instructions for instructing the first processor to;
      
      derive the at least one public exchange key and at least one private exchange key;
      
      transmit the at least one public exchange key to the online configurable enterprise server;
      
      receive the at least one encrypted session key from the online configurable enterprise server;
      
      decrypt the at least one session key using the at least one private key;
      
      wherein the at least one session key is used to encrypt messages and responses transmitted between the online configurable enterprise server and the online configurable intelligent electronic cryptographic module.

18. A system for online configuration and communication for a supervisory control and data acquisition system comprising:
- (a) an online configurable enterprise server comprising;
  
  a server port for receiving a server removable data storage device comprising a second cryptography chip, wherein the second cryptography chip comprises a second authentication module;
  
  a server power supply;
  
  a server telemetry interface;
  
  a server processor in communication with a server data storage comprising;
  
  a server protocol module;
  
  a server connection module;
  
  a server configuration database;
  
  (b) an online configurable intelligent electronic cryptographic module in communication with the online configurable enterprise server, wherein the online configurable intelligent electronic cryptographic module comprises a first cryptography chip and at least one data storage comprising computer instructions for instructing a first processor in communication with the online configurable intelligent electronic cryptographic module to;
  
  i. perform as a soft remote terminal unit;
  
  ii. selectively decrypt at least one encrypted message transmitted from the online configurable enterprise server using the first cryptography chip, forming at least one decrypted message;
  
  iii. selectively encrypt non-encrypted measured data, forming encrypted measured data;
  
  iv. transmit the encrypted measured data, the non-encrypted measured data, or combinations thereof to the online configurable enterprise server;
  
  v. at least once authenticate that the online configurable intelligent electronic cryptographic module is authorized to transmit to the online configurable enterprise server, andvi. at least once authenticate that the online configurable enterprise server is authorized to transmit to the online configurable intelligent electronic cryptographic module;
  
  vii. receive a command from the online configurable enterprise server, wherein the command comprises reconfiguration instructions for the online configurable intelligent electronic cryptographic module, a request for data from the online configurable intelligent electronic cryptographic module, or combinations thereof;
  
  viii. communicate a response from the online configurable intelligent electronic cryptographic module to the online configurable enterprise server, wherein the response comprises the encrypted measured data, the non-encrypted measured data, a request for further instructions, or combinations thereof;
  
  ix. store the encrypted measured data; and
  
  (c) a configurable server interface comprising;
  
  a server application programming interface in communication between at least one configurable client device having a client interface and the online configurable enterprise server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
DJ Osburn Management LLC
Original Assignee
DJ Inventions, LLC
Inventors
Osburn, Douglas C. III, Cannoy, John D.
Primary Examiner(s)
CERVETTI, DAVID GARCIA

Application Number

US11/829,051
Time in Patent Office

950 Days
Field of Search

380/282, 726/1, 726/4, 726/5, 726/12, 713/153
US Class Current

726/12
CPC Class Codes

G06F 21/572   Secure firmware programming...

H04L 63/0428   wherein the data content is...

H04L 63/105   Multiple levels of security

H04L 67/125   involving control of end-de...

Y04S 40/18   Network protocols supportin...

Y04S 40/20   Information technology spec...

System for secure online configuration and communication

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

87 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

System for secure online configuration and communication

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

87 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links