Secure remote meter access

US 8,909,917 B2
Filed: 07/02/2009
Issued: 12/09/2014
Est. Priority Date: 07/02/2009
Status: Active Grant

First Claim

Patent Images

1. A method of securely accessing a meter from a mobile meter reader, the method comprising:

identifying, from a plurality of meters, a first one of the meters scheduled to be accessed in a first area in which the mobile meter reader is likely unable to communicate with a host computing system via a network communication;

identifying, from the plurality of meters, a second one of the meters scheduled to be accessed in a second area in which the mobile meter reader is likely able to communicate with the host computing system via the network communication;

before the mobile meter reader is taken to the first area and while the mobile meter reader is in communication with the host computing system;

issuing a first request for authorization to access the first one of the meters, the first request for authorization being issued from the mobile meter reader to the host computing system; and

when the mobile meter reader has sufficient rights to access the first one of the meters, storing a digital signature received from the host computing system that identifies that the mobile meter reader is authorized to communicate with the first one of the meters;

when the mobile meter reader is located in the first area, transmitting an authorization command to the first one of the meters from the mobile meter reader, wherein the authorization command includes the digital signature received from the host computing system before the mobile meter reader was located in the first area; and

when the mobile meter reader is located in the second area, utilizing the network communication to dynamically issue a second request for authorization to access the second one of the meters, the second request for authorization being issued from the mobile meter reader to the host computing system while the mobile meter reader interacts with the second one of the meters.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Generally described, the disclosed subject matter is directed to improved processes for securely accessing a meter. In accordance with one embodiment, a method for providing a mobile meter reader with an authorization that may be used to establish a secure session with a meter is implemented. In particular, the method includes issuing a request for authorization to access the meter from the mobile meter reader. If the mobile meter reader maintains sufficient rights, an authorization having an encoded digital signature is generated at a host computer system and provided to the mobile meter reader. Then the method formulates and transmits an authorization command to the meter having the encoded digital signature that was generated by the host computing system.

7 Citations

View as Search Results

29 Claims

1. A method of securely accessing a meter from a mobile meter reader, the method comprising:
- identifying, from a plurality of meters, a first one of the meters scheduled to be accessed in a first area in which the mobile meter reader is likely unable to communicate with a host computing system via a network communication;
  
  identifying, from the plurality of meters, a second one of the meters scheduled to be accessed in a second area in which the mobile meter reader is likely able to communicate with the host computing system via the network communication;
  
  before the mobile meter reader is taken to the first area and while the mobile meter reader is in communication with the host computing system;
  
  issuing a first request for authorization to access the first one of the meters, the first request for authorization being issued from the mobile meter reader to the host computing system; and
  
  when the mobile meter reader has sufficient rights to access the first one of the meters, storing a digital signature received from the host computing system that identifies that the mobile meter reader is authorized to communicate with the first one of the meters;
  
  when the mobile meter reader is located in the first area, transmitting an authorization command to the first one of the meters from the mobile meter reader, wherein the authorization command includes the digital signature received from the host computing system before the mobile meter reader was located in the first area; and
  
  when the mobile meter reader is located in the second area, utilizing the network communication to dynamically issue a second request for authorization to access the second one of the meters, the second request for authorization being issued from the mobile meter reader to the host computing system while the mobile meter reader interacts with the second one of the meters.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method as recited in claim 1, wherein the first one of the meters is to:
    - decode the digital signature;
      
      determine whether the digital signature is authentic; and
      
      when the digital signature is authentic, establish a secure session between the first one of the meters and the mobile meter reader.
  - 3. The method as recited in claim 2, wherein encrypted data is transmitted between the first one of the meters and the mobile meter reader during the secure session.
  - 4. The method as recited in claim 1, wherein the authorization command is formulated to be verified by a public key on the first one of the meters used for authenticating communications to decode the digital signature.
  - 5. The method as recited in claim 1, wherein issuing the first request for authorization to access the first one of the meters from the mobile meter reader includes identifying a unique identifier associated with the first one of the meters that is scheduled to be accessed by the mobile meter reader when the mobile meter reader is located in the first area.
  - 6. The method as recited in claim 1, wherein the network communication comprises an IP-based network connection.
  - 7. The method as recited in claim 1, wherein the first request for authorization is issued to the host computing system as a batch process that identifies multiple meters, including the first one of the meters, located in the first area.
  - 8. The method as recited in claim 1, wherein the digital signature provided by the host computing system is configured to expire after a pre-determined period of time.
  - 9. The method as recited in claim 1, wherein the digital signature provided by the host computing system is configured with an access level that defines which procedures on the first one of the meters may be utilized by the mobile meter reader.
  - 10. The method as recited in claim 1, wherein the mobile meter reader comprises at least one of a handheld meter reader or a mobile collection unit.

11. A host computing device comprising:
- memory comprising machine-readable instructions; and
  
  a processor that, when executing the machine-readable instructions, causes the host computing device to;
  
  identify, from a plurality of meters, a first one of the meters scheduled to be accessed in a first area in which a mobile meter reader is likely unable to communicate with a host computing system via a network communication;
  
  identify, from the plurality of meters, a second one of the meters scheduled to be accessed in a second area in which the mobile meter reader is likely able to communicate with the host computing system via the network communication;
  
  receive, from the mobile meter reader before the mobile meter reader is located in the first area and while the mobile meter reader is in communication with the host computing system, a first request for authorization to access the first one of the meters before the mobile meter reader is located in the first area and if the mobile meter reader has sufficient rights to access the first one of the meters, provide a digital signature to the mobile meter reader that identifies that the mobile meter reader is authorized to communicate with the first one of the meters, wherein the mobile meter reader is to formulate an authorization command including the digital signature for transmission to the first one of the meters to activate a secure procedure of the first one of the meters, and wherein the first one of the meters is to decode the digital signature and to activate the secure procedure if the digital signature is authentic; and
  
  receive, from the mobile meter reader when the mobile meter reader is located in the second area, a dynamically issued second request via the network communication for authorization of the mobile meter reader to access the second one of the meters, the second request for authorization being issued while the mobile meter reader interacts with the second one of the meters.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. The host computing device as recited in claim 11, wherein the host computing device is to maintain a centralized data store for tracking which of the plurality of meters may be accessed by the mobile meter reader.
  - 13. The host computing device as recited in claim 11, wherein an access level is defined in the digital signature provided by the host computer system, and wherein the first one of the meters is to identify the access level for the mobile meter reader.
  - 14. The host computing device as recited in claim 11, wherein the digital signature includes a time stamp, and wherein the first one of the meters is to compare the time stamp provided by the mobile meter reader with a predetermined time window to determine whether the digital signature generated by the host computing system has expired.
  - 15. The host computing device as recited in claim 11, wherein the request received from the mobile meter reader includes a meter serial number, and wherein the host computing device is to compare the serial number with a list of serial numbers for which the mobile meter reader is authorized to access.
  - 16. The system as recited in claim 11, wherein the mobile meter reader comprises at least one of a handheld meter reader or a mobile collection unit.

17. A mobile meter reader, comprising:
- a processor;
  
  an interface to communicate with a host computing system, wherein the mobile meter reader is expected to lose connectivity with the host computing system while servicing a first meter while located in a first area including the first meter;
  
  a radio-based communication device to communicate with the first meter; and
  
  a computer-readable media having computer-executable instructions that, when executed by the processor, cause the mobile meter reader to;
  
  when the mobile meter reader is scheduled to service a second meter located in a second area in which continuous connectivity with the host computing system is expected, utilize a network communication to dynamically obtain authorization from the host computing system to access the second meter while the mobile meter reader is located in the second area and interacts with the second meter;
  
  when the mobile meter reader is scheduled to service the first meter;
  
  request authorization from the host computing system to access the first meter before entering the first area and while in communication with the host computing system via the interface;
  
  store an encoded digital signature provided by the host computing system before the mobile meter reader is located in the first area, wherein the digital signature is provided if the mobile meter reader has sufficient rights to access the first meter, and wherein the digital signature identifies that the mobile meter reader is authorized to communicate with the first meter;
  
  formulate an authorization command for transmission to the first meter including the encoded digital signature to activate a secure procedure of the first meter; and
  
  establish a secure session with the first meter.
- View Dependent Claims (18, 19, 20, 21, 22, 23)
- - 18. The mobile meter reader as recited in claim 17, wherein the authorization command formulated by the mobile meter reader is to be verified by an asymmetric public key used for decoding communications at the first meter.
  - 19. The mobile meter reader as recited in claim 17, wherein the network communication comprises an IP-based network connection.
  - 20. The mobile meter reader as recited in claim 17, wherein the digital signature for accessing the first meter is obtained as a batch process that identifies multiple meters scheduled to be accessed in the first area in which the mobile meter reader is expected to lose connectivity with the host computing system.
  - 21. The mobile meter reader as recited in claim 17, wherein formulating the authorization command includes satisfying a password protected login procedure with the first meter.
  - 22. The mobile meter reader as recited in claim 17, wherein the authorization command includes at least a current time stamp, an authorization level, and a unique identifier associated with the first meter.
  - 23. The mobile meter reader as recited in claim 17, wherein the mobile meter reader comprises at least one of a handheld meter reader or a mobile collection unit.

24. A method of securely accessing a meter in a network from a mobile meter reader comprising:
- determining first service instances in which network connectivity is likely unavailable when the mobile meter reader is deployed in a field of service;
  
  determining second service instances in which network connectivity is likely available when the mobile meter reader is deployed in the field of service;
  
  if one of the first service instances is scheduled;
  
  requesting an authorization to access a first meter corresponding to the scheduled one of the first service instances, wherein the request is issued from the mobile meter reader to a host computing system at a first time prior to deployment of the mobile meter reader in the field of service;
  
  storing a digital signature received from the host computing system in memory of the mobile meter reader, wherein the digital signature is provided if the mobile meter reader has sufficient rights to access the first meter, and wherein the digital signature identifies that the mobile meter reader is authorized to communicate with the first meter; and
  
  utilizing the stored digital signature after being deployed in the field of service to provide authorization to the first meter, wherein the digital signature is created at the host computing system using a private key, wherein the host computing system withholds the private key from the mobile meter reader; and
  
  if one of the second service instances is scheduled, utilizing a network communication after being deployed in the field of service to dynamically request authorization to access a second meter corresponding to the scheduled one of the second service instances, the request for authorization being issued while the mobile meter reader interacts with the second meter.
- View Dependent Claims (25, 26, 27, 28, 29)
- - 25. The method as recited in claim 24, wherein the first meter is to process the authorization for access from the mobile meter reader, and wherein the first meter is to grant communication access to the mobile meter reader when the digital signature is validated at the first meter using a public key.
  - 26. The method as recited in claim 25, further comprising establishing a secure connection between the mobile meter reader and the first meter when the communication access is granted by the first meter.
  - 27. The method as recited in claim 24, wherein the authorization transmitted to the first meter from the mobile meter reader includes an authorization command generated by the mobile meter reader.
  - 28. The method as recited in claim 24, wherein the mobile meter reader is not in communication with the host computing system when providing the authorization to the first meter.
  - 29. The method as in claim 24, wherein requesting the authorization to access the first meter comprises a batch authorization request.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Itron, Inc.
Original Assignee
Itron, Inc.
Inventors
Stuber, Michael T. Garrison
Primary Examiner(s)
Edwards, Linglan
Assistant Examiner(s)
BECHTEL, KEVIN M

Application Number

US12/497,438
Publication Number

US 20110004764A1
Time in Patent Office

1,986 Days
Field of Search

709/217, 709/223, 709/225, 713 55-159, 713168-181, 726 2- 10, 726 26- 30, 380270-271
US Class Current

713/156
CPC Class Codes

G01D 4/004   Remote reading of utility m...

G01D 4/006   Remote reading of utility m...

G06F 21/44   Program or device authentic...

H04L 2209/80   Wireless network architectu...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0823   using certificates cryptogr...

H04L 9/3213   using tickets or tokens, e....

H04L 9/3247   involving digital signatures

H04L 9/3263   involving certificates, e.g...

H04W 12/068   using credential vaults, e....

H04W 12/069   using certificates or pre-s...

H04W 12/082   using revocation of authori...

H04W 12/084   using delegated authorisati...

Y02B 90/20   Smart grids as enabling tec...

Y04S 20/30   Smart metering, e.g. specia...

Secure remote meter access

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

7 Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

Secure remote meter access

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

7 Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links