Event-driven, asset-centric key management in a smart grid

US 9,584,314 B2
Filed: 08/21/2013
Issued: 02/28/2017
Est. Priority Date: 08/21/2013
Status: Active Grant

First Claim

Patent Images

1. A method of key management in a delivery network comprising a plurality of nodes, each node supporting an entity, comprising:

responsive to occurrence of an event, generating a set of event-asset associations by identifying one or more configuration records, and identifying one or more assets defined in the identified configuration records that may have generated the event, wherein the one or more assets are identified by examining a configuration of assets in an asset database associated with the delivery network to identify each event-asset association;

using the set of event-asset associations so generated, cross-referencing a first event-asset association that is associated with a first application software system, with a second event-asset association that is associated with a second application software system, the second application software system being distinct from the first application software system, to thereby generate cross-referenced event-asset associations for the first and second application software systems;

based at least on the cross-referenced event-asset associations, deriving a key handle;

using the key handle to initiate a key management operation; and

performing the key management operation for each of the first and second application software systems as a response to the event;

wherein the delivery network is a smart grid, and the nodes are one of;

a meter device, and a business application.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A security management system comprises a key management sub-system, an asset/workload management sub-system, and an event management sub-system. The event management sub-system detects events. The asset/workload management sub-system correlates events (irrespective of type) with the assets that generate them, and the key management sub-system uses the event-asset associations determined by the asset/workload management sub-system to automatically orchestrate the necessary key management activities (e.g., key creation, revocation, refresh, etc.) across the impacted components in the information technology and operational realms to ensure data security. In one use case, a security event detected by the event management sub-system triggers one or more actions within the asset/workload management sub-system. Service configuration records are identified from this scan, and assets defined in those records are identified. An event-asset association is then supplied to the key management sub-system, which uses this information to determine a key management operation.

11 Citations

View as Search Results

14 Claims

1. A method of key management in a delivery network comprising a plurality of nodes, each node supporting an entity, comprising:
- responsive to occurrence of an event, generating a set of event-asset associations by identifying one or more configuration records, and identifying one or more assets defined in the identified configuration records that may have generated the event, wherein the one or more assets are identified by examining a configuration of assets in an asset database associated with the delivery network to identify each event-asset association;
  
  using the set of event-asset associations so generated, cross-referencing a first event-asset association that is associated with a first application software system, with a second event-asset association that is associated with a second application software system, the second application software system being distinct from the first application software system, to thereby generate cross-referenced event-asset associations for the first and second application software systems;
  
  based at least on the cross-referenced event-asset associations, deriving a key handle;
  
  using the key handle to initiate a key management operation; and
  
  performing the key management operation for each of the first and second application software systems as a response to the event;
  
  wherein the delivery network is a smart grid, and the nodes are one of;
  
  a meter device, and a business application.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method as described in claim 1 wherein the first and second application software systems are managed by distinct business entities.
  - 3. The method as described in claim 1 wherein the key management operation is one of:
    - generation, establishment, retrieval, revocation and refresh.
  - 4. The method as described in claim 1 wherein the event is one of:
    - an event triggered upon compromise of an entity, an event triggered upon establishment of a service connection from an entity, and a timed event associated with a task associated with an entity.
  - 5. The method as described in claim 1 wherein the key management operation uses a symmetric key and is initiated using a Key Management Interoperability Protocol (KMIP).

6. Apparatus, comprising:
- a processor;
  
  computer memory holding computer program instructions that when executed by the processor perform a method of key management in a delivery network comprising a plurality of nodes, each node supporting an entity, the method comprising;
  
  responsive to occurrence of an event, generating a set of event-asset associations by identifying one or more configuration records, and identifying one or more assets defined in the identified configuration records that may have generated the event, wherein the one or more assets are identified by examining a configuration of assets in an asset database associated with the delivery network to identify each event-asset association;
  
  using the set of event-asset associations so generated, cross-referencing a first event-asset association that is associated with a first application software system, with a second event-asset association that is associated with a second application software system, the second application software system being distinct from the first application software system, to thereby generate cross-referenced event-asset associations for the first and second application software systems;
  
  based at least on the cross-referenced event-asset associations, deriving a key handle;
  
  using the key handle to initiate a key management operation; and
  
  performing the key management operation for each of the first and second application software systems as a response to the event;
  
  wherein the delivery network is a smart grid, and the nodes are one of;
  
  a meter device, and a business application.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The apparatus as described in claim 6 wherein the first and second application software systems are managed by distinct business entities.
  - 8. The apparatus as described in claim 6 wherein the key management operation is one of:
    - generation, establishment, retrieval, revocation and refresh.
  - 9. The apparatus as described in claim 6 wherein the event is one of:
    - an event triggered upon compromise of an entity, an event triggered upon establishment of a service connection from an entity, and a timed event associated with a task associated with an entity.
  - 10. The apparatus as described in claim 6 wherein the key management operation uses a symmetric key and is initiated using a Key Management Interoperability Protocol (KMIP).

11. A computer program product in a non-transitory computer readable medium for use in a data processing system, the computer program product holding computer program instructions which, when executed by the data processing system, perform a method of key management in a delivery network comprising a plurality of nodes, each node supporting an entity, the method comprising:
- responsive to occurrence of an event, generating a set of event-asset associations by identifying one or more configuration records, and identifying one or more assets defined in the identified configuration records that may have generated the event, wherein the one or more assets are identified by examining a configuration of assets in an asset database associated with the delivery network to identify each event-asset associations;
  
  using the set of event-asset associations so generated, cross-referencing a first event-asset association that is associated with a first application software system, with a second event-asset association that is associated with a second application software system, the second application software system being distinct from the first application software system, to thereby generate cross-referenced event-asset associations for the first and second application software systems;
  
  based at least on the cross-referenced event-asset associations, deriving a key handle;
  
  using the key handle to initiate a key management operation; and
  
  performing the key management operation for each of the first and second application software systems as a response to the event;
  
  wherein the delivery network is a smart grid, and the nodes are one of;
  
  a meter device, and a business application.
- View Dependent Claims (12, 13, 14)
- - 12. The computer program product as described in claim 11 wherein the first and second application software systems are managed by distinct business entities.
  - 13. The computer program product as described in claim 11 wherein the key management operation is one of:
    - generation, establishment, retrieval, revocation and refresh.
  - 14. The computer program product as described in claim 11 wherein the event is one of:
    - an event triggered upon compromise of an entity, an event triggered upon establishment of a service connection from an entity, and a timed event associated with a task associated with an entity.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Nix, Michael Delaine, Bajekal, Sadanand Rajaram, Arun, Jai Singh, Yellepeddy, Krishna Kishore
Primary Examiner(s)
Ho, Dao

Application Number

US13/972,682
Publication Number

US 20150055780A1
Time in Patent Office

1,287 Days
Field of Search

713/189, 380/277
US Class Current

1/1
CPC Class Codes

H04L 9/0816   Key establishment, i.e. cry...

H04L 9/0861   Generation of secret inform...

H04L 9/0891   Revocation or update of sec...

H04L 9/0894   Escrow, recovery or storing...

Y04S 40/20   Information technology spec...

Event-driven, asset-centric key management in a smart grid

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

11 Citations

14 Claims

Specification

Use Cases

Quick Links

Others

Event-driven, asset-centric key management in a smart grid

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

11 Citations

14 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others