Intelligent electronic cryptographic module

US 7,673,338 B1
Filed: 07/26/2007
Issued: 03/02/2010
Est. Priority Date: 07/26/2007
Status: Active Grant

First Claim

Patent Images

1. An intelligent electronic cryptographic module for communication between at least one intelligent electronic device and an enterprise server, wherein the intelligent electronic cryptographic module comprises:

a secure enclosure;

at least one power supply;

a first processor disposed within the secure enclosure, in communication with at least one data storage comprising a cryptographic application programming interface, wherein the first processor is adapted to authenticate the enterprise server, the intelligent electronic cryptographic module, at least one intelligent electronic device, or combinations thereof, provide encrypted and non-encrypted communication with the enterprise server, and provide non-encrypted communication with the at least one intelligent electronic device;

a first cryptography chip disposed within the secure enclosure for decrypting messages from the enterprise server and encrypting responses from the at least one intelligent electronic device, wherein the first cryptography chip is in communication with the first processor;

at least one server-side port for receiving a member of the group consisting of;

at least one encrypted message, at least one non-encrypted message, or combinations thereof from the enterprise server and for transmitting a member of the group consisting of;

at least one encrypted response, at least one non-encrypted response or combinations thereof to the enterprise server;

at least one non-encrypted port for transmitting at least one decrypted message, the at least one non-encrypted message or combinations thereof from the intelligent electronic cryptographic module to the at least one intelligent electronic device and receiving the at least one non-encrypted response from the at least one intelligent electronic device;

wherein the at least one data storage comprises computer instructions for instructing the first processor to;

perform as a soft remote terminal unit;

select at least one protocol module for communication with the at least one intelligent electronic device, the enterprise server, or combinations thereof, forming at least one selected protocol module;

select at least one appropriate telemetry method for transmitting andreceiving messages using the at least one selected protocol module;

at least once authenticate that the enterprise server is authorized to transmit to the intelligent electronic cryptographic module, forming an authenticated enterprise server;

at least once authenticate that the intelligent electronic cryptographic module is authorized to transmit to the enterprise server;

receive the at least one encrypted message from the authenticated enterprise server;

decrypt the at least one encrypted message transmitted from the authenticated enterprise server using the first cryptography chip, forming the at least one decrypted message;

transmit the at least one decrypted message to the at least one intelligent electronic device;

receive at least one non-encrypted response from the at least one intelligent electronic device;

encrypt the at least one non-encrypted response from the at least one intelligent electronic device using the first cryptography chip, forming the at least one encrypted response; and

transmit the at least one encrypted response to the enterprise server.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An intelligent electronic cryptographic module comprising a processor in communication with data storage, a cryptography chip for encrypting and decrypting messages and responses, at least one server-side port for receiving and transmitting encrypted and non-encrypted messages and responses between the intelligent electronic cryptographic module and an enterprise server, and at least one non-encrypted port for receiving and transmitting decrypted and non-encrypted messages and responses between the intelligent electronic cryptographic module and at least one intelligent electronic device. The data storage comprises computer instructions for instructing the processor to select a protocol module and telemetry method, authenticate the enterprise server and intelligent electronic cryptographic module, encrypt and decrypt messages and responses using the cryptography chip, and transmit and receive messages and responses.

Citations

18 Claims

1. An intelligent electronic cryptographic module for communication between at least one intelligent electronic device and an enterprise server, wherein the intelligent electronic cryptographic module comprises:
- a secure enclosure;
  
  at least one power supply;
  
  a first processor disposed within the secure enclosure, in communication with at least one data storage comprising a cryptographic application programming interface, wherein the first processor is adapted to authenticate the enterprise server, the intelligent electronic cryptographic module, at least one intelligent electronic device, or combinations thereof, provide encrypted and non-encrypted communication with the enterprise server, and provide non-encrypted communication with the at least one intelligent electronic device;
  
  a first cryptography chip disposed within the secure enclosure for decrypting messages from the enterprise server and encrypting responses from the at least one intelligent electronic device, wherein the first cryptography chip is in communication with the first processor;
  
  at least one server-side port for receiving a member of the group consisting of;
  
  at least one encrypted message, at least one non-encrypted message, or combinations thereof from the enterprise server and for transmitting a member of the group consisting of;
  
  at least one encrypted response, at least one non-encrypted response or combinations thereof to the enterprise server;
  
  at least one non-encrypted port for transmitting at least one decrypted message, the at least one non-encrypted message or combinations thereof from the intelligent electronic cryptographic module to the at least one intelligent electronic device and receiving the at least one non-encrypted response from the at least one intelligent electronic device;
  
  wherein the at least one data storage comprises computer instructions for instructing the first processor to;
  
  perform as a soft remote terminal unit;
  
  select at least one protocol module for communication with the at least one intelligent electronic device, the enterprise server, or combinations thereof, forming at least one selected protocol module;
  
  select at least one appropriate telemetry method for transmitting andreceiving messages using the at least one selected protocol module;
  
  at least once authenticate that the enterprise server is authorized to transmit to the intelligent electronic cryptographic module, forming an authenticated enterprise server;
  
  at least once authenticate that the intelligent electronic cryptographic module is authorized to transmit to the enterprise server;
  
  receive the at least one encrypted message from the authenticated enterprise server;
  
  decrypt the at least one encrypted message transmitted from the authenticated enterprise server using the first cryptography chip, forming the at least one decrypted message;
  
  transmit the at least one decrypted message to the at least one intelligent electronic device;
  
  receive at least one non-encrypted response from the at least one intelligent electronic device;
  
  encrypt the at least one non-encrypted response from the at least one intelligent electronic device using the first cryptography chip, forming the at least one encrypted response; and
  
  transmit the at least one encrypted response to the enterprise server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The intelligent electronic cryptographic module of claim 1, wherein the first cryptography chip is disposed within a first removable data storage device.
  - 3. The intelligent electronic cryptographic module of claim 1, wherein the enterprise server comprises a server processor, a server telemetry interface, a server port for receiving a second removable data storage device comprising a second cryptography chip, wherein the server processor is in communication with a server data storage comprising a server protocol module and a server connection module.
  - 4. The intelligent electronic cryptographic module of claim 1, wherein the at least one encrypted message, the at least one non-encrypted message, or combinations thereof comprise at least one reconfiguration command for configuring the at least one intelligent electronic device, the intelligent electronic cryptographic module, the enterprise server, or combinations thereof.
  - 5. The intelligent electronic cryptographic module of claim 1, further comprising a telemetry interface in communication with the first processor and the enterprise server.
  - 6. The intelligent electronic cryptographic module of claim 1, wherein the at least one data storage comprises removable memory, non-removable memory, flash memory, or combinations thereof.
  - 7. The intelligent electronic cryptographic module of claim 1, wherein the at least one power supply comprises a direct current source, an alternating current source, at least one rechargeable power source, at least one replaceable power source, at least one renewable power source, or combinations thereof.
  - 8. The intelligent electronic cryptographic module of claim 1, wherein the first cryptography chip comprises at least one encryption algorithm, at least one decryption algorithm, cryptographic tamper resistant memory, at least one key resident in the cryptographic tamper resistant memory, a random number generator, at least one certificate for digital signatures, an authentication module, or combinations thereof.
  - 9. The intelligent electronic cryptographic module of claim 3, wherein the enterprise server further comprises computer instructions for instructing the server processor to online configure the at least one intelligent electronic device.
  - 10. The intelligent electronic cryptographic module of claim 1, wherein the at least one data storage further comprises computer instructions for instructing the first processor to embed a first digital signature in the enterprise server, embed a second digital signature in the intelligent electronic cryptographic module, and transmit and validate the first digital signature, the second digital signature, or combinations thereof prior to encrypting non-encrypted responses, decrypting encrypted messages, transmitting encrypted responses, or transmitting decrypted messages.
  - 11. The intelligent electronic cryptographic module of claim 1, further comprising means for wirelessly transmitting messages and responses between the at least one intelligent electronic device and the enterprise server.
  - 12. The intelligent electronic cryptographic module of claim 1, wherein the at least one server-side port, the at least one non-encrypted port, or combinations thereof is an interface adapted for engaging a serial port, a cellular modem, a standard modem, a wireline modem, a satellite network, a Transfer Connection Protocol/Internet Protocol, an Ethernet, a radio network, a fiber-optic network, or combinations thereof.
  - 13. The intelligent electronic cryptographic module of claim 1, wherein the at least one server-side port, the at least one non-encrypted port, or combinations thereof are adapted to engage at least two industry standard protocols simultaneously.
  - 14. The intelligent electronic cryptographic module of claim 13, wherein the at least two industry standard protocols are selected from the group consisting of:
    - a MODBUS, a DNP3.0, a BSAP™
      
      , a Megaco/H.248 protocol, simple message transfer protocol (SMTP), a short message service (SMS) protocol, a multimedia message service (MMS) protocol, an enhanced message service (EMS) protocol, a media gateway control protocol (MGCP), a SIP protocol, a H.323 protocol, an ISDN protocol, a PSTN protocol, and combinations thereof.
  - 15. The intelligent electronic cryptographic module of claim 1, wherein encrypting and decrypting functions of the first cryptography chip can be selectively activated and deactivated.
  - 16. The intelligent electronic cryptographic module of claim 1, wherein the intelligent electronic cryptographic module further comprises computer instructions for instructing the first processor to:
    - receive at least one public exchange key from the enterprise server;
      
      derive at least one session key;
      
      encrypt the at least one session key using the at least one public key, forming at least one encrypted session key;
      
      transmit the at least one encrypted session key to the online configurable enterprise server; and
      
      wherein the at least one session key is used to encrypt messages and responses transmitted between the enterprise server and the intelligent electronic cryptographic module.
  - 17. The intelligent electronic cryptographic module of claim 1, wherein the intelligent electronic cryptographic module further comprises computer instructions for instructing the first processor to:
    - derive at least one public exchange key and at least one private exchange key;
      
      transmit the at least one public exchange key to the enterprise server;
      
      receive the at least one encrypted session key from the enterprise server;
      
      decrypt the at least one session key using the at least one private key;
      
      wherein the at least one session key is used to encrypt messages and responses transmitted between the enterprise server and the intelligent electronic cryptographic module.

18. An intelligent electronic cryptographic module for communication with an enterprise server, wherein the intelligent electronic cryptographic module comprises:
- a secure enclosure;
  
  at least one power supply;
  
  a first processor disposed within the secure enclosure, in communication with at least one data storage comprising a cryptographic application programming interface, wherein the first processor is adapted to authenticate the enterprise server and provide encrypted and non-encrypted communication with the enterprise server;
  
  a first cryptography chip disposed within the secure enclosure for decrypting messages from the enterprise server and encrypting responses from the intelligent electronic cryptographic module, wherein the first cryptography chip is in communication with the first processor;
  
  at least one port for receiving a member of the group consisting of;
  
  at least one encrypted message, at least one non-encrypted message, or combinations thereof from the enterprise server and for transmitting a member of the group consisting of;
  
  at least one encrypted response, at least one non-encrypted response or combinations thereof to the enterprise server;
  
  wherein the at least one data storage comprises computer instructions for instructing the first processor to;
  
  perform as a soft remote terminal unit;
  
  select at least one protocol module for communication with the enterprise server, forming at least one selected protocol module;
  
  select at least one appropriate telemetry method for transmitting and receiving messages using the at least one selected protocol module;
  
  at least once authenticate that the enterprise server is authorized to transmit to the intelligent electronic cryptographic module, forming an authenticated enterprise server;
  
  at least once authenticate that the intelligent electronic cryptographic module is authorized to transmit to the enterprise server;
  
  receive the at least one encrypted message from the authenticated enterprise server;
  
  decrypt the at least one encrypted message transmitted from the authenticated enterprise server using the first cryptography chip, forming the at least one decrypted message;
  
  encrypt the at least one non-encrypted response from the intelligent electronic cryptographic module unit using the first cryptography chip, forming the at least one encrypted response; and
  
  transmit the at least one encrypted response to the enterprise server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
DJ Osburn Management LLC
Original Assignee
DJ Inventions, LLC
Inventors
Osburn, Douglas C. III, Cannoy, John D.
Primary Examiner(s)
CERVETTI, DAVID GARCIA

Application Number

US11/829,053
Time in Patent Office

950 Days
Field of Search

380/282, 380/255, 726/1, 726/4, 726/5, 726/12, 713/153
US Class Current

726/12
CPC Class Codes

H04L 63/0485   Networking architectures fo...

H04L 67/12   specially adapted for propr...

H04L 67/125   involving control of end-de...

H04L 67/34   involving the movement of s...

Y04S 40/18   Network protocols supportin...

Y04S 40/20   Information technology spec...

Intelligent electronic cryptographic module

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Intelligent electronic cryptographic module

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links