×

Systems and methods for security in a wireless utility network

  • US 8,756,675 B2
  • Filed: 08/06/2008
  • Issued: 06/17/2014
  • Est. Priority Date: 08/06/2008
  • Status: Active Grant
First Claim
Patent Images

1. A method for enrolling a requesting and previously untrusted node in a network consisting of a plurality of trusted nodes, the method comprising:

  • exchanging manufacturer originated digital certificates between the requesting node and a responding node, wherein the responding node is one of the plurality of trusted nodes;

    verifying a manufacturer originated certificate received from the requesting node, the manufacturer originated certificate having been stored in the requesting node when the requesting node was manufactured, containing a unique identifier of the requesting node so as to be unique to the requesting node, and including identifying information about a manufacturer that produced the requesting node at a time the requesting node was manufactured prior to enrolling the requesting node in the network;

    establishing a first trust state with the requesting node based on the manufacturer originated certificate received from the requesting node and a response manufacturer originated certificate sent to the requesting node from the responding node;

    while in the first trust state, sending, from one of the plurality of trusted nodes, an enrollment request to a certifying authority, the enrollment request including information extracted from the manufacturer originated certificate received from the requesting node;

    while in the first trust state, receiving, at one of the plurality of trusted nodes, a second digital certificate from the certifying authority, said second digital certificate being provided by the certifying authority based on a verification of the information extracted from the manufacturer originated certificate received from the requesting node;

    while in the first trust state, providing the second digital certificate to the requesting node, the second digital certificate including the information extracted from the manufacturer originated certificate of the requesting node;

    establishing a second, higher-level, trust state with the requesting node based on the second digital certificate received from the certifying authority and a second digital certificate of the responding node;

    while in the second trust state, enrolling the requesting node in the network; and

    in response to not being fully able to verify the authenticity of the requesting node within a preset time;

    maintaining one or more intermediate trusted states between the first and the second trust states; and

    subsequently requesting additional validation or repetition of the enrollment request,wherein the exchanging of the manufacturer originated certificates includes establishing a secure link between one of the plurality of trusted nodes and the requesting node, andwherein the establishing of the secure link includes;

    negotiating shared symmetric keys; and

    establishing a link layer (layer-2) secure link.

View all claims
  • 3 Assignments
Timeline View
Assignment View
    ×
    ×