System, method, and apparata for secure communications using an electrical grid network

US 8,639,922 B2
Filed: 05/28/2010
Issued: 01/28/2014
Est. Priority Date: 06/01/2009
Status: Active Grant

First Claim

Patent Images

1. A security system comprising:

an input/output device connected to an in-band communications device in an in-band channel network for receiving at the input/output device an instruction to accept or deny a request for a location certificate to verify that at least one in-band request for an action or a transaction received at an application server was initiated by a human operator from a pre-designated location authorized to make the request to the application server via the in-band communications device;

at least one electric power meter associated with the pre-designated location for receiving the accepted request and transmitting the same over at least one electrical power conductor line of an electric power distribution network, wherein the at least one conductor line is used as an out-of-band communications channel network that is separate from the in-band communication channel network; and

wherein the input/output device outputs information about an event indicating information about (i) attempts that are or have been made to tamper with the input/output device or (ii) whether the input/output device has been successfully tampered with, as soon as one or both events are detected, during a pre-determined monitoring period, or when the input/output device performs a forensic audit.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure communications and location authorization system using a power line or a potion thereof as a side-channel that mitigates man-in-the-middle attacks on communications networks and devices connected to those networks. The system includes a power grid server associated with a substation, or curb-side distribution structure such as a transformer, an electric meter associated with a structure having electric service and able to communicate with the power grid server, a human authorization detector input device connected to the electric meter and the power grid server. The human authorization detector is able to receive an input from a user physically located at the structure and capable of communicating with the power grid server via the electric meter. The user'"'"'s physical input into the device causing a request to be sent to the power grid server that then generates a location certificate for the user. Without the location certificate, access to the communications network and devices connected to those networks can be denied.

61 Citations

View as Search Results

33 Claims

1. A security system comprising:
- an input/output device connected to an in-band communications device in an in-band channel network for receiving at the input/output device an instruction to accept or deny a request for a location certificate to verify that at least one in-band request for an action or a transaction received at an application server was initiated by a human operator from a pre-designated location authorized to make the request to the application server via the in-band communications device;
  
  at least one electric power meter associated with the pre-designated location for receiving the accepted request and transmitting the same over at least one electrical power conductor line of an electric power distribution network, wherein the at least one conductor line is used as an out-of-band communications channel network that is separate from the in-band communication channel network; and
  
  wherein the input/output device outputs information about an event indicating information about (i) attempts that are or have been made to tamper with the input/output device or (ii) whether the input/output device has been successfully tampered with, as soon as one or both events are detected, during a pre-determined monitoring period, or when the input/output device performs a forensic audit.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The security system of claim 1, further comprising a power grid server for receiving the request for the location certificate from the at least one electric power meter associated with the pre-designated location.
  - 3. The security system of claim 1, wherein the in-band communications device is a client computer or terminal for accessing the application server over the in-band communications channel network,wherein the instruction to accept or deny the request for the location certificate is made by physically operating a switch on the input/output device, or physically entering an instruction into the input/output device.
  - 4. The security system of claim 2, wherein the power grid server comprises one or more subsystems for receiving the request for the location certificate and outputting the location certificate.
  - 5. The security system of claim 2, wherein the at least one electric power meter is adapted to communicating information about the at least one electric meter to the power grid server over the out-of-band channel network.
  - 6. The security system of claim 1, wherein the request is sent to the power grid server over at least part of an electrical power grid between the pre-designated location and an upstream electrical power distribution unit.
  - 7. The security system of claim 1, wherein the input/output device comprises one or more of a microprocessor, a keypad, a display, a memory device, a GPS device, a wireless transceiver, an infrared/optical communications device, an acoustic communications device, a communications device, a power supply device, or a transformer device.
  - 8. The security system of claim 7, wherein the input/output device outputs and stores at least part of the information about each certificate request for verifying the certificate issued by the power grid server and for accounting or forensic analysis.
  - 9. The security system of claim 1, wherein the input/output device comprises:
    - hardware to generate a unique, cryptographically secure pseudo-random token/nonce every time the input/output device is physically operated; and
      
      embedded software for generating a signal comprising the accepted request,wherein the hardware can be initialized with any desired set of secret seed values or initial-state anytime during the installation or during post-install re-configurations.
  - 10. The security system of claim 1, wherein the at least one electric power meter comprises a subsystem for independently determining whether to accept or deny a request for the location certificate,wherein the subsystem includes hardware and on-site programmable secret seeds/initial-state values such that the electric power meter can reproduce or verify the cryptographically secure pseudo-random sequence values that the input/output device generates in response to the instruction to accept or deny, andwherein the at least one electric power meter denies a request for a location certificate unless it contains a token or nonce consistent with an expected value that is derived from the pseudo-random value which the electric power meter generates.
  - 11. The security system of claim 10, wherein the at least one electric power meter outputs each request for accounting or forensic analysis.

12. A method for location authentication, comprising the steps of:
- displaying on a human authorization detector device connected to an in-band communications channel network via a computer or a terminal at least some action or transaction data including parameters corresponding to the action or transaction requested over the in-band communications channel network;
  
  requesting at the human authorization detector device an input from an operator to accept or deny a location certificate request, wherein the accept or deny decision can be indicated by the operator only by physically operating a switch on the human authorization detector device;
  
  receiving accept or deny decision from the operator at the human authorization detector device;
  
  transmitting, in the case of an acceptance input, a request for the location certificate together with an authentication token to at least one electric power meter associated with a pre-designated location where the human authorization detector device is also located;
  
  requesting over at least a portion of an electrical power distribution grid network used as an out-of-band communications channel network that is separate from the in-band communications channel network the location certificate from a power grid server connected to the out-of-band communications channel network;
  
  determining by the power grid server if the acceptance input originated from one of a plurality of pre-designated locations pre-authorized to make the request, and if so, generating a digitally signed location certificate for the requested action or transaction which includes a digital digest of the parameters corresponding to the requested action or transaction and a time-stamp or other cryptographically-generated tokens or nonces;
  
  receiving the location certificate from the power grid server at the human authorization detector via the out-of-band communications channel network; and
  
  wherein the human authorization detector device outputs information about an event indicating information about (i) attempts that are or have been made to tamper with the human authorization detector device or (ii) whether the human authorization detector device has been successfully tampered with, as soon as one or both events are detected, during a pre-determined monitoring period, or when the human authorization detector device performs a forensic audit.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
- - 13. The method of claim 12, further comprising the step of transmitting the location certificate to the application server through a secure in-band channel between the human authorization detector device and the application server via an in-band computer or terminal used to initiate the action or transaction request and the in-band communications channel network.
  - 14. The method of claim 13, further comprising requesting, by the application server, a user to authenticate the user'"'"'s location.
  - 15. The method of claim 12, wherein at least some of the transaction data is received from an application server.
  - 16. The method of claim 15, wherein a response to the request for the location certificate from the power grid server is used to allow or disallow the action or transaction request at the application server which is received over the in-band communications channel network, and wherein the request includes (i) at least some of the transaction data in unmodified or in encrypted form, (ii) or a digest or hash of at least some of the transaction data, or (iii) at least some parameters representing some of the transaction data.
  - 17. The method of claim 12, wherein the input is received when a manual switch or button is physically pressed or activated or an input instruction is physically entered into the human authorization detector device.
  - 18. The method of claim 17, wherein a signal or data is generated by the human authorization detector in response to the physical action, and wherein the signal or the data are cryptographically bound to at least one sequence or a set of tokens.
  - 19. The method of claim 18, wherein the sequence is generated only after the physical action and it uses one of a switch or a key, a token, and the data.
  - 20. The method of claim 18, further comprising an electric power meter associated with the pre-designated location for receiving the sequence along with the request for the location certificate and determining whether to send the request, wait for a different time to send the request, or deny the request.
  - 21. The method of claim 12, further comprising the step of, if the input indicates an acceptance of the request, saving, at the human authorization detector device, at least one transaction data detail for a time period for later display on the human authorization detector device and for verifying the location certificate issued by the power grid server using parameters associated with the transaction.
  - 22. The method of claim 12, further comprising the step of optionally replacing the transaction data with its hash or a digest and sending the hash/digest over at least a portion of the electrical power distribution network of the out-of-band communications channel network.
  - 23. The method of claim 12, further comprising the step of forwarding, by the human authorization detector, the request to at least one electric power meter associated with the pre-designated location.
  - 24. The method of claim 23, wherein the at least one electric power meter outputs each request it receives to an input/output device for forensic or accounting analysis.
  - 25. The method of claim 12, further comprising the step of, after mutually authenticating between the electric power meter and either a substation or a nearest upstream electric power distribution unit associated with the power distribution network, relaying the location certificate request from the electric power meter to the power grid server.
  - 26. The method of claim 12, further comprising the step of:
    - verifying, at the power grid server, a timeliness of one or more time stamps; and
      
      optionally receiving, at the power grid server, a payload from the electric power meter having one or more messages.
  - 27. The method of claim 12, further comprising the step of constructing, at the power grid server, the location certificate with one or more digital signatures and one or more additional safeguard parameters.
  - 28. The method of claim 12, further comprising the step of sending, by the power grid server, the location certificate to a substation or to a distribution device in the power distribution network which connects to the at least one electric power meter.
  - 29. The method of claim 12, further comprising the steps of:
    - sending the location certificate over the power distribution network out-of-band channel to at least one electric power meter associated with the pre-designated location;
      
      passing, by the electric power meter, the location certificate to the human authorization detector device; and
      
      sending the location certificate from the human authorization detector device to a computer or terminal in the in-band communications channel network after verifying the location certificate using at least some of the transaction data and the physical operation of the switch thereby accepting the relaying of the location certificate to the application server.
  - 30. The method of claim 12, further comprising the step of sending at least one copy of the location certificate from the power grid server to an application server over a second path that does not include a substation, the at least one electric power meter, and the human authorization detector where the location request originated.
  - 31. The method of claim 29, further comprising the step of, upon receiving the location certificate from the power grid server and from the user'"'"'s computer or terminal, verifying, at an application server, the location certificates.
  - 32. The method of claim 31, further comprising the step of matching the location certificates received from the power grid server over alternate paths with the location certificate received from the user'"'"'s computer.
  - 33. The method of claim 32, wherein the application server allows or disallows the requested action or transaction to proceed based on whether or not multiple copies of the location certificate are received and whether or not all copies of the location certificate received via multiple paths match or are all consistent in all respects including the transaction parameters as well as authentication tokens/digests/signatures.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Dhananjay S. Phatak
Original Assignee
Dhananjay S. Phatak
Inventors
Phatak, Dhananjay S.
Primary Examiner(s)
SHAW, PETER C

Application Number

US12/790,285
Publication Number

US 20100306533A1
Time in Patent Office

1,341 Days
Field of Search

713/156, D10/99
US Class Current

713/156
CPC Class Codes

G01D 4/002   Remote reading of utility m...

G06F 21/30   Authentication, i.e. establ...

G06F 21/34   involving the use of extern...

G06F 21/40   by quorum, i.e. whereby two...

G06F 2221/2111   Location-sensitive, e.g. ge...

G08B 25/00   Alarm systems in which the ...

G08B 25/06   using power transmission lines

G08B 29/16   Security signalling or alar...

H04B 2203/5445   Local network

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/80   Wireless network architectu...

H04L 63/0823   using certificates cryptogr...

H04L 63/107   wherein the security polici...

H04L 63/1441   Countermeasures against mal...

H04L 63/1466   Active attacks involving in...

H04L 63/18   using different networks or...

H04L 9/3215   using a plurality of channe...

H04L 9/3263   involving certificates, e.g...

H04L 9/3271   using challenge-response

H04L 9/3273   for mutual authentication n...

Y02B 90/20 : Smart grids as enabling tec...

Y04S 20/30 : Smart metering, e.g. specia...

Y04S 40/20 : Information technology spec...

View All

System, method, and apparata for secure communications using an electrical grid network

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

61 Citations

33 Claims

Specification

Solutions

Use Cases

Quick Links

System, method, and apparata for secure communications using an electrical grid network

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

61 Citations

33 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links