SYSTEM, METHOD, AND APPARATA FOR SECURE COMMUNICATIONS USING AN ELECTRICAL GRID NETWORK
First Claim
1. A security system comprising:
- an input device for receiving an instruction to accept or deny a request for a location certificate to verify the presence of a user at a structure; and
at least one electric meter associated with the structure for receiving the accepted request and transmitting the same over a power line.
0 Assignments
0 Petitions
Accused Products
Abstract
A secure communications and location authorization system using a power line or a potion thereof as a side-channel that mitigates man-in-the-middle attacks on communications networks and devices connected to those networks. The system includes a power grid server associated with a substation, or curb-side distribution structure such as a transformer, an electric meter associated with a structure having electric service and able to communicate with the power grid server, a human authorization detector input device connected to the electric meter and the power grid server. The human authorization detector is able to receive an input from a user physically located at the structure and capable of communicating with the power grid server via the electric meter. The user'"'"'s physical input into the device causing a request to be sent to the power grid server that then generates a location certificate for the user. Without the location certificate, access to the communications network and devices connected to those networks can be denied.
125 Citations
86 Claims
-
1. A security system comprising:
-
an input device for receiving an instruction to accept or deny a request for a location certificate to verify the presence of a user at a structure; and at least one electric meter associated with the structure for receiving the accepted request and transmitting the same over a power line. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method for location authentication, comprising the steps of:
-
displaying on a human authorization detector at least some transaction data and requesting an input to accept or deny a location certificate request; receiving the input at the human authorization detector; requesting over at least a portion of an electrical grid a location certificate from a power grid server; receiving the location certificate from the power grid server over the portion of the electrical grid. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35)
-
-
36. A method for authenticating instructions sent to a control plane of a real-time monitoring or control system, comprising the steps of:
-
receiving an electronic instruction at a control plane to modify an operating parameter of a facility; displaying on a human authorization detector at least some data associated with either the instruction, the parameter, or both, and requesting an input to accept or deny a location certificate request; receiving the input at the human authorization detector; requesting over at least a portion of an electrical grid a location certificate from a remote power grid server; receiving the location certificate from the power grid server over the portion of the electrical grid; and after verifying the location certificate and matching it with a copy of the location certificate sent over a separate channel, causing the operating parameter to be modified. - View Dependent Claims (37, 38, 39, 40, 41, 42, 43, 44, 45)
-
-
46. A location authentication device for sending requests over at least a portion of an electrical grid, comprising:
-
an input for receiving input from a user to send a request to a remote power grid server for a location certificate; a memory for storing at least transaction data; a communications module for communicating information between a human authorization detector and an electric meter, the information including at least some of the transaction data; and an output for displaying information - View Dependent Claims (47, 48, 49, 50, 51, 52)
-
-
53. A power grid server for outputting a location certificate comprising:
-
an encryption module for constructing a location certificate for a specific electronic transaction; and a communications device for communicating data between the power grid server and at least one substation, the data comprising information about the location certificate. - View Dependent Claims (54, 55, 56, 57, 58)
-
-
59. A method for generating location certificates using an out-of-band channel, comprising the steps of:
-
establishing at a substation a link between a substation and at least one power grid server; forwarding to the power grid server through the link a location certificate request received from an electric meter; at the power grid server, verifying the information in the request; and constructing the location certificate. - View Dependent Claims (60, 61, 62, 63)
-
-
64. A method for out-of-band location authorization in an electronic financial transaction, comprising the steps of:
-
receiving at a human authorization detector an encrypted payload challenge token from a financial institution server, the challenge being sent after a user seeks electronic access over a communications network to an account at the financial institution; physically inputting to the human authorization detector a signal that enables the challenge token from the bank to be transmitted through a unique electrical meter and over at least a portion of an electrical grid to a power grid server; decrypting at the power grid server the payload using a public key; constructing an encrypted response payload; and transmitting the responsive payload to the financial institution server via the same portion of the electrical grid or a different independent path. - View Dependent Claims (65, 66, 67, 68, 69, 70, 71)
-
-
72. The method of clam 64, further comprising the step of decrypting the responsive payload and verifying the virtual Meter-ID matches one in the financial institution'"'"'s database.
-
73. A method for tracking the location of an electronic device, comprising the steps of:
-
receiving a signal when the electronic device being tracked is turned on; sending to the device a signal, over a portion of the electrical grid or via a separate channel, requesting a response, wherein the signal comprises a challenge token; optionally displaying on a human authorization detector separate from the electronic device a request to accept or deny the challenge token; optionally receiving the input at the human authorization detector; requesting over at least a portion of an electrical grid a location certificate from the power grid server; receiving the location certificate from the power grid server over the portion of the electrical grid. - View Dependent Claims (74, 75, 76, 77, 78)
-
-
79. A method for transmitting a signal from an alarm monitoring system at a structure, comprising the steps of:
-
receiving a signal when a remote electronic monitoring device is activated indicating an alarm event; and sending to the remote monitoring server a signal over a side-channel, the signal including the signal information, wherein the side-channel comprises an electric meter connected to a portion of the electrical grid, and wherein the electric meter is associated with a structure that is being monitored by alarm monitoring system. - View Dependent Claims (80)
-
-
81. An electric meter for use in an out-of-band network security channel, comprising:
-
a first termination point for electrically connecting the electric meter to a distribution system of a structure; a second termination point for electrically connecting the electric meter to a substation providing electrical service to the structure; and a memory device storing a plurality of instructions for transmitting to the substation a data package comprising information about a request for a location certificate received from the structure. - View Dependent Claims (82, 83, 84, 85, 86)
-
Specification