SERVICES METER TO MEASURE A SERVICE CONSUMPTION AND OPTIMIZE COMMUNICATIONS THE AMOUNT AND METHOD FO

专利摘要:
service meter to measure service consumption and optimize upstream communications and method for managing those communications. the present invention relates to a service meter (10) for measuring at least one service consumption comprising: a measurement unit (11) for measuring at least one service consumption value (v), a unit of communication (12) to send / receive messages (8) to / from at least one remote management center (20) assigned to the service meter (10) for the processing of said service consumption value (v) by said remote management center (20), a memory (13) to store a unique identifier (id) belonging to the service meter (10) and a first key (k1) to encrypt messages (8) to be sent by the communication unit ( 12), a cryptographic unit (14) for encrypting said service consumption value (v) as a first cryptogram (c1), a message generator (15) for generating a service message (8) containing said first cryptogram (c1) to be sent to the remote management center (20), a generator and key (16) to generate a payload key (kp) to be used by said encryption unit (14) in order to encrypt the service consumption value (v), a second cryptogram (c2) generated by the encryption (14) by encrypting said payload key (kp) with said first key (k1), said second cryptogram (c2) being intended to be included, by the message generator (15), at least once in the service message (8) to be sent to the remote management center (20). the present invention further relates to a method for managing communication between a service meter (10) and at least one remote service management center (20).
公开号:BR112013019215B1
申请号:R112013019215-1
申请日:2012-01-19
公开日:2020-09-24
发明作者:Corinne Le Buhan；Christophe Nicolas；Joël Conus
申请人:Nagravision S.A.；
IPC主号:

专利说明:

[0001] The present invention relates to the field of service meters that are monitored and managed from at least one service management center through a communication network in a measurement system. Fundamentals of the invention
[0002] The ongoing deregulation of energy distribution markets worldwide is leading to the need for smart service distribution networks and smart meters, allowing service providers and consumers to monitor an end user's detailed consumption at any time for through open communication networks or through untrusted networks, such as the internet. Energy companies are of particular interest today, but related interests are equally relevant for other service companies, such as water or gas.
[0003] Automatic meters allow service providers to remotely read meter records that regularly record user consumption information. However, this reading only occurs from time to time, at the discretion of the public service provider, and normally uses a private network (wireless or cable) under the strict control of the public service provider. The next generation of automatic meters (so-called smart meters) will allow service providers, such as the remote service management center, to monitor an end user's detailed consumption at any time and at a much finer granularity over networks open communication channels. This fine-grained monitoring should facilitate more specific target rates and offers to the end user, possibly by competing service providers, since service companies are deregulated, such as the telecommunications companies of the 90s. it will become even more relevant when the HAN (Home Appliances Networks) networks are interconnected to the smart grid in order to directly report information about its final use instead of concentrating this reporting of information through the smart meter.
[0004] The service provider can also remotely manage, configure and update the meter via the communication network. In some companies, smart meters are even required to implement a remote shutdown feature, so that the utility can remotely interrupt service distribution, for example, in the event of non-payment.
[0005] Consequently, a smart meter typically generates, or passes, in the case of a HAN network interconnection, automated reading messages upstream to the remote service provider's management equipment at a much more frequent rate than that of the old automatic meters. These messages also possibly carry a much longer payload, as more details are monitored by the utility.
[0006] Obviously, the resulting dependence on the service and the billing functionality in remote communication messages raise new issues related to data privacy and confidentiality, as well as the effective robustness of the system to software bugs and emerging threats, such as worms and smart grid viruses that take advantage of smart meter security design flaws. These flaws may not be known at the time of use, but they may become critical later. This is particularly evident in the case of a remote disconnect feature, such as an important disruption target for cyber terrorism, but also a possible entry point for local thieves as a way to disconnect some household alarms from their power source.
[0007] In practice, current security projects for smart grids and smart meters are largely inspired by the telecommunications industry and a large part of them are subject to emerging standardization by international committees, such as the ANSI Institute or the IEC Commission . Sensitive messages need to be protected by an authenticated secure channel to be established using cryptographic protocols throughout individual point-to-point communication between the service meter and the remote service provider's management equipment. Therefore, recent standard specifications in this area, such as the ANSI C12.22 specification and the IEC 62056 / COSEM specification, define how to encrypt and sign message payloads, typically through a session key configuration between the call center. service management or the data collection concentrator and the service meter.
[0008] As described in the White Paper 'OpenWay by Itron Security Overview' by Itron, for practical operational reasons, some of the messages downstream from the service management center or collection hub can be transmitted or multicast on the service network without a confirmation safe receipt by each target service meter, usually because of the overhead in managing the corresponding upstream messages in a large-scale measurement deployment (for example, 10 million meters). service usage of an individual meter, such as current use of a service or occasional meter records, should be communicated back point to point from the service meter to the service management center or collection hub. in order to scale its smart metering system to support up to 10 million meters, the company Itron reports the need up to 24,000 messages per second upstream, while the downstream broadcast / multicast allows billing up to 200 messages per second.
[0009] - A desregulamentação que permite que o usuário final escolha entre várias ofertas simultâneas de prestadoras de serviços a partir de um único medidor de serviços, possivelmente de imediato ("on the fly"). Nesse cenário, o medidor de serviços terá de se comunicar a montante com vários centros de gerenciamento de serviços ou concentradores de coleta, assim, basicamente, multiplicando o número de mensagens a montante pelo número de prestadoras de serviços. - A necessidade de executar sistematicamente as mensagens de segurança dos medidores de serviços e aumentar a implementação da segurança interna dos medidores de serviços a fim de evitar riscos de ataque terrorista à rede inteligente, bem como o incentivo à fraude por invasão ao medidor de um usuário. Sendo assim, o módulo criptográfico do medidor de serviços altamente sensível precisa operar o mais profundamente possível no projeto de sistema de medidor, tipicamente até os dados do medidor de serviços e registros de chave, ao invés de na interface de rede de comunicação, exigindo, portanto, protocolos de criptografia adicionais e mecanismos de mensagens, além das especificações padrão vigentes. In practice, the scalability problem will become even more critical as the smart grid is more widely deployed and deregulated, due to three main independent factors: - Deregulation that allows the end user to choose between several simultaneous offers from service providers from a single service meter, possibly immediately ("on the fly"). In this scenario, the service meter will have to communicate upstream with various service management centers or collection hubs, thus, basically, multiplying the number of upstream messages by the number of service providers. - The need to systematically execute security messages from service meters and increase the implementation of internal security for service meters in order to avoid the risk of terrorist attack on the smart grid, as well as the incentive for fraud by intrusion into a user's meter . Therefore, the highly sensitive service meter cryptographic module needs to operate as deeply as possible in the design of the meter system, typically even the service meter data and key records, rather than in the communication network interface, requiring, therefore, additional encryption protocols and messaging mechanisms, in addition to the current standard specifications.
[0010] US Patent Document 2006/0271244 discloses an energy monitoring device that includes procedures for the secure communication of data emitted from this device. The power monitoring device includes a public / private key pair used to encrypt and / or digitally sign communications through the device. This allows the recipients of these communications to authenticate communications to ensure that the device and / or communications are not compromised. However, the use of the public / private key pair and / or digital signature is done according to a classic scheme, which is nowadays well known to the person skilled in the art. This scheme does not optimize the communications exchanged between the energy monitoring device and the entity that charges for energy consumption. This energy monitoring device is quite capable of communications over a subject-specific "mesh" network in order to facilitate communication between devices that are substantially inaccessible due to physical or economic limitations.
[0011] US Patent Document 2011/0224935 refers to a measuring device, in particular an energy meter for the safe detection and display of count data and a method for recognizing manipulations. The same refers to the need that the values that are taken and presented in the invoice must, without a doubt, be for the protection of the consumer. These values are taken locally, digitized and transferred to a central office for processing. The objective suggested by this document is to design a measurement device for communicating data with at least one system in such a way that the system can identify the measurement data sent as its own data, including a data manipulation check. . For this purpose, the device has the capacity to receive signed or encrypted measurement data, to store said measurement data in a memory taking into account the sending carried out, and it has the ability to offer time information related to a time reference. .
[0012] US Patent Document 2006/0206433 suggests that digital signatures be applied to the measured energy data that is collected by a common data collection system. The system receives data from meters (each belonging to a specific customer) that can be from one or more services. The data transmitted by each meter is previously encrypted and signed. After receiving data from the common data collection system, data is stored by this system using public key cryptography to ensure that it becomes accessible only to the intended consumer of the data. When the data are transmitted to the intended consumer, they are digitally signed by the system in order to guarantee the authenticity of the data received by the consumer. The use of digital or encrypted signatures allows the system to guarantee the integrity of the collected data, even after the data has been communicated by the system (that is, published externally). However, in order to collect all the data measured by the millions of meters, the common data collection system has to be provided with large databases, on the one hand, and these databases must be connected to a powerful data collection system. data management (computer) in order to quickly handle data efficiently.
[0013] There is, therefore, a need for a communication system and method that further optimizes data manipulation, in particular, the overhead of messages upstream between a service consumption monitoring device (the service meter) and at least one device or service management center. Summary of the invention
[0014] - uma unidade de medição para medir pelo menos um valor de consumo de serviço V, - uma unidade de comunicação para enviar/receber mensagens de/para pelo menos um centro de gerenciamento remoto atribuído ao medidor de serviços para o processamento do valor de consumo de serviço V pelo centro de gerenciamento remoto, - uma memória para armazenar um identificador único ID pertencente ao medidor de serviços e uma primeira chave K1 para criptografar as mensagens a serem enviadas pela unidade de comunicação, - uma unidade de criptografia para criptografar o valor de consumo de serviço V como um primeiro criptograma C1, - um gerador de mensagem para a geração de uma mensagem de serviço contendo o dito primeiro criptograma C1 a ser enviado para o centro de gerenciamento remoto, - um gerador de chave para gerar uma chave de carga útil Kp a ser usada pela unidade de criptografia para criptografar o valor de consumo de serviço V, - um segundo criptograma C2 gerado pela unidade de criptografia por meio da criptografia da chave de carga útil Kp com a primeira chave K1, o segundo criptograma C2 sendo pretendido a ser incluído, pelo gerador de mensagem, em pelo menos uma vez em uma das ditas mensagens a serem enviadas para o centro de gerenciamento remoto. The present invention relates to a service meter for measuring at least one service consumption, comprising: - a measuring unit for measuring at least one service consumption value V, - a communication unit for sending / receiving messages to / from at least one remote management center assigned to the service meter for processing the service consumption value V by the remote management center, - a memory to store a unique ID identifier belonging to the service meter and a first K1 key to encrypt the messages to be sent by the communication unit, - a cryptographic unit to encrypt the service consumption value V as a first C1 cryptogram, - a message generator for generating a service message containing said first C1 cryptogram to be sent to the remote management center, - a key generator for generating a Kp payload key to be used by the cryptographic unit to encrypt the service consumption value V, - a second cryptogram C2 generated by the cryptographic unit through the encryption of the payload key Kp with the first key K1, the second cryptogram C2 being intended to be included, by the message generator, at least once in one of said messages to be sent to the remote management center.
[0015] Preferably, the second C2 cryptogram is included with the first C1 cryptogram in the same service message as that contained in the first C1 cryptogram. Thus, the first and second cryptograms can be sent in the same message or in two separate messages.
[0016] According to the present invention, the use of a payload key for cryptographing, according to a symmetric encryption scheme, the service consumption values V that have to be frequently reported by each service meter as messages to amount to a remote service management center allows to optimize the traffic of messages exchanged between these entities. In this way, each upstream message can advantageously be divided into a shared payload message and a dedicated control message. Therefore, the same encrypted service message can be sent, as a service report message, to a plurality of remote management centers that can share that message, thanks to its encryption by a shared payload key. This can be particularly advantageous if this service message is transmitted by the service meter. The present invention also suggests several modalities for generating the payload key. In one embodiment, the service consumption monitoring device pre-processes the payload key generation and the shared payload encryption operations when the payload data is stored in said registers, and communicates the load messages. useful information to the remote service management center at a later time.
[0017] - uma unidade de medição para medir pelo menos um valor de consumo de serviço V, - uma unidade de comunicação para enviar/receber mensagens para/de pelo menos o centro de gerenciamento de serviço remoto, - uma memória para armazenar um identificador único ID pertencente ao medidor de serviços e uma primeira chave K1 necessária para a criptografia/descriptografia de mensagens a serem enviadas/recebidas pela unidade de comunicação, - uma unidade de criptografia para criptografar o valor de consumo de serviço V como um primeiro criptograma C1, - um gerador de mensagem para a geração de uma mensagem de serviço contendo o primeiro criptograma C1 a ser enviado para o centro de gerenciamento de serviço remoto. O método compreende as etapas de: - solicitar, ao centro de supervisão por parte do centro de gerenciamento de serviço remoto, a alocação deste centro de gerenciamento de serviço remoto com um medidor de serviços específico, por meio de uma solicitação incluindo pelo menos o identificador único ID do medidor de serviços, - transmitir, pelo centro de supervisão, dados de chave para o centro de gerenciamento de serviço remoto, os dados de chave sendo solicitados para a descriptogra-fia/criptografia das mensagens, - ler, por meio do medidor de serviços, o valor de consumo de serviço V medido pela unidade de medição, - gerar, por meio do medidor de serviços, a mensagem de serviço compreendendo o primeiro criptograma C1, - enviar, por meio do medidor de serviços, a mensagem de serviço para o centro de gerenciamento de serviço remoto tendo em vista o seu processamento por parte do centro de gerenciamento de serviço remoto. The present invention also relates to a method for managing communication between a service meter, used to measure at least one service consumption, and at least one service management center responsible for processing at least part service consumption. This communication network is supervised by at least one supervision center that acts as a trustworthy entity in communications, in particular during an initialization phase of these communications. For this purpose, the service meter of the present method comprises: - a measuring unit for measuring at least one service consumption value V, - a communication unit to send / receive messages to / from at least the remote service management center, - a memory to store a unique identifier ID belonging to the service meter and a first K1 key required for the encryption / decryption of messages to be sent / received by the communication unit, - a cryptographic unit to encrypt the service consumption value V as a first C1 cryptogram, - a message generator for generating a service message containing the first C1 cryptogram to be sent to the remote service management center. The method comprises the steps of: - request the supervision center by the remote service management center to allocate this remote service management center with a specific service meter, by means of a request including at least the unique identifier ID of the service meter, - transmit, through the supervision center, key data to the remote service management center, the key data being requested for the decryption / encryption of messages, - read, using the service meter, the service consumption value V measured by the unit of measurement, - generate, through the service meter, the service message comprising the first C1 cryptogram, - send, through the service meter, the service message to the remote service management center with a view to its processing by the remote service management center.
[0018] Other modalities related to this method will be described in the detailed description below. Brief description of the drawings
[0019] Figure 1 shows a block diagram of a remote service management center connected to a service consumption monitoring meter by a communication network that supports both unidirectional broadcast and multicast messages as well as bidirectional multicast messages. Figure 2 shows a block diagram of several remote service management centers connected to the same service consumption monitoring meter through one or more communication networks, in which the exchange of messages upstream from the meter to the Service management center is divided into dedicated control messages and shared payload messages. Figure 3 illustrates a block diagram, showing the processing of an initialization value by a cryptographic module initialized by a secret key in order to generate, as a result, a shared key. Figure 4 illustrates the flowchart of a service consumption monitoring device operation according to an embodiment of the present invention. Figure 5 illustrates the flowchart of the operation of the service management center according to an embodiment of the present invention. Figures 6a, 6b and 6c show various versions of a service system comprising a supervision center as a third entity, in addition to the service meter and the remote service management center. Detailed description of the invention
[0020] In the proposed system, the remote service management center 20 in Figure 1 implements several service management processes 21, such as data management billing, load management and interruption control, in collaboration with the management system remote meter.
[0021] The remote meter management system 22 in Figure 1 alone comprises functional components responsible for monitoring meter consumption, updating meter firmware, and controlling meter operations through secure communications 6, 7 with individual meters 10 through the communication network 5.
[0022] The communication network 5 in Figure 1 can be any physical service measurement communication network, such as, but not limited to, a cable network, the power line cable, or a wireless network, which supports any protocol communication network, such as, but not limited to, Internet Protocol (IP) v4 or v6. The secure communications handlers in Figure 1, both the remote service management center and the individual service meter, must meet common message exchange specifications. This specification can be private, when the remote service meter management system and service meters 10 are provided by the same meter manufacturer. However, since service companies are deregulated, there is an increasing need to standardize this communication interface so that several service providers and several meter manufacturers can provide operating systems and equipment that satisfy the common standard specifications. Hybrid messaging protocols are an alternative in which a standard messaging that addresses basic metering functionality is combined with advanced private messaging extensions. The private approach, whether complete or hybrid, is of particular relevance in ensuring safety monitoring, maintenance and the ability to renew over time as any standard specifications, once published, must be performed as specified for the standard lifetime and therefore cannot offer any update flexibility in the event of a breach in the safety specification without revisiting the standard itself. Examples of standard service measurement data network specifications include the DLMS series IEC62056 in combination with joint specifications COSEM or ANSI C12.22 in combination with industry standard ANSI C12.19 for end device data tables.
[0023] The service meter 10 of Figure 1 comprises a measuring unit 11 which is provided with at least one main meter for measuring at least one service consumption value V referring to a service consumption, such as electrical energy [kWh] or gas or water [m3]. It also comprises a communication unit 12 for sending / receiving messages 8 (i.e., report messages or status messages) to / from at least one remote service management center that is assigned to the service meter. In many cases, such a service meter will be associated with only one remote service management center, typically a utility company and / or a billing entity, which processes the consumption value V in view of billing. However, due to ongoing deregulation at energy distribution companies worldwide, the service meter can also be associated with more than one remote service management center, or work with different service consumptions (for example, gas and electricity), or to process one or more service consumptions according to different time intervals or on specific days of the week. The service meter further comprises a memory 13 for storing any type of data, in particular, a unique ID identifier belonging to the service meter and a first key K1 to encrypt messages 8 to be sent by the communication unit 12. The value of service consumption V can also be stored in this memory, in particular, for a limited period, during which its processing can be carried out, typically when its processing is postponed in relation to its input by the unit of measurement. The service meter 10 further comprises an encryption unit 14 for encrypting messages or data to be sent outside the service meter, in particular for encrypting the service consumption value V as a first C1 cryptogram, taking into account that a cryptogram it is a ciphertext or a cipher value. The service meter 10 further comprises a message generator 15 for generating messages 8, such as a service message, containing the first cryptogram C1 to be sent to the remote service management center 20. A CPU processor, which is responsible for management of all functions and components of the service meter, is illustrated schematically in the central area of the service meter 10 in Figure 1. Typically, the CPU processor is responsible for managing the security of communications made with the service meter over the network 5, on the one hand, and is responsible for managing the measurement operations of local services, on the other hand.
[0024] According to the present invention, the service meter 10 further comprises a key generator 16 for generating a payload key Kp. This Kp payload key will be used by the cryptographic unit to encrypt the service consumption value V, generating the first C1 cryptogram. This result can be seen as C1 = (V) Kp. A second cryptogram C2 is generated by the cryptography unit 14. This second cryptogram C2 results from the encryption of the payload key Kp with the first key K1 and can be noted as C2 = (Kp) K1. This second cryptogram C2 is intended to be included, by message generator 15, in a message 8 to be sent to the remote service management center 20. Preferably, this second cryptogram will be included at least once in such a message. , for example, at least during an initialization phase when the service meter 10 is assigned to the remote service management center 20. More preferably, this second C2 cryptogram will be periodically included in message 8, at least, each time the key payload Kp is changed or renewed.
[0025] Figure 2 illustrates, using a block diagram, the solution proposed by the present invention, in order to optimize the overhead of exchanging messages upstream in a communication system between a service consumption monitoring device 10 and at least a remote service management center 20. In particular, this Figure shows that upstream messages are advantageously divided into shared payload messages and dedicated control messages. The payload messages can, therefore, be shared by several remote service management centers 20 (represented, for example, by references A, B, C in this Figure) through the communication network 5. Therefore, all service centers Remote service management can receive the same messages, for example, at the same time.
[0026] - mensagens de carga útil compartilhadas que podem ser unidifundidas, multidifun-didas ou transmitidas em atenção aos centros de gerenciamento A, B e C; - mensagens de controle A que são dedicadas ao e unidifundidas para o centro de gerenciamento de serviço A; - mensagens de controle B que são dedicadas ao e unidifundidas para o centro de gerenciamento de serviço B; - mensagens de controle C que são dedicadas ao e unidifundidas para o centro de gerenciamento de serviço C. In this case, the service meter 10 generates: - shared payload messages that can be broadcast, broadcast or transmitted in attention to management centers A, B and C; - control messages A which are dedicated to and broadcast to service management center A; - control messages B that are dedicated to and broadcast to the service management center B; - C control messages that are dedicated to and broadcast to the C service management center.
[0027] As described above, the service meter generates a payload key Kp, encrypts at least one shared payload (typically the service consumption value V) via the payload key Kp in order to obtain the first C1 cryptogram , encrypts this Kp payload key to obtain the second C2 cryptogram, transmits this first C1 cryptogram to at least one shared payload message 8, and transmits the second C2 cryptogram from at least one control message 8 to at least one remote service management center 20. The encryption of the Kp payload key can be performed using the first K1 key stored in the service meter memory 13.
[0028] In one embodiment, the first K1 key, stored in memory 13, is a so-called management center key, in particular, the public key belonging to the remote service management center 20. This key can be used to encrypt the messages 8 that have to be sent to the remote service management center 20.
[0029] In another modality, for other purposes of message balancing load, the communication time upstream by a service meter to the remote service management center is programmed by the service meter according to the instructions program received from the remote service management center, or triggered by certain service meter events as pre-programmed for said device firmware, or triggered directly by request messages received from the remote service management center via the communication network .
[0030] In another embodiment, the service meter 10 comprises a secret key Kt (that is, a personal key belonging to this service meter 10), which can be stored in memory 13 or in another storage medium, preferably in a safe area. According to this embodiment, memory 13 further comprises an initialization value I0, which can preferably be received by the service meter 10 within an initialization message. This service meter 10 is also provided with a cryptographic module 17, as illustrated in Figure 1. This cryptographic module integrates a function of generating a shared key Ks taking the secret key Kt as a first entry and the initialization value I0 as a second entry, as shown in Figure 3. The shared key Ks can be thought of as a type of session key with a longer life.
[0031] In another embodiment, the service meter 10 preferably comprises a decryption unit 14 'to decrypt messages received by the communication unit 12. The decryption unit and the encryption unit may be part of the same unit, i.e. , a unit of encryption / decryption. Thanks to the decryption unit 14 ', the service meter can receive encrypted messages, such as encrypted control messages, from the entire remote service management center 20 to which they are assigned. Within a symmetric encryption scheme, these control messages can be encrypted by the shared key Ks, whereas, within an asymmetric encryption scheme, these control messages must be encrypted with a private key belonging to the remote service management center. and can be decrypted by the service meter using the public key of the remote service management center 20 that was previously stored in the service meter memory 13.
[0032] According to another embodiment, the initialization message comprising the initialization value I0 is encrypted with an initialization session key Ki. This initialization session key Ki is stored in memory 13 of the service meter and is used by the decryption unit 14 'to decrypt the initialization message when it is received by the communication unit 12.
[0033] In another embodiment, the initialization message comprises an S signature for its authentication. Therefore, the service meter 10 comprises an authentication unit 18 for verifying the authentication of the S signature. This authentication unit allows the initialization value I0 to be loaded into the cryptographic module 17 only after successful authentication. Therefore, the generation of the shared key Ks cannot be tampered with by introducing a false initialization value I0 in the cryptographic module 17 after receiving a violated initialization message.
[0034] - O medidor de serviço 10 obtém dados de monitoramento a serem relatados ao centro de gerenciamento de serviço 20. Esses dados de monitoramento podem compreender, por exemplo, o uso de informações de monitoramento, informações de pagamento, registro de eventos operação de medição, informações de monitoramento de segurança. - O medidor de serviços formata os dados de monitoramento em uma mensagem de carga útil, de acordo com especificações padrão, tais como as tabelas de dados ANSI C12.19 ou IEC 62056/COSEM. Em alternativa, o formato da carga útil pode ser definido em uma especificação privada, mas é, de preferência, de um formato que seja compreensível por todos os centros de gerenciamento de serviços conectados A, B e C. Em certas aplica-ções, uma mistura de especificação de formato padrão e privado poderá também ser utilizada. - O medidor de serviços 10 gera uma chave de carga útil Kp, criptografa e transmite o mesmo como uma Informação de Controle (ou mensagem de controle) para o centro de gerenciamento de serviço 20, de acordo com os protocolos de comunicação segura em um lugar entre o centro de gerenciamento de serviço e o dispositivo de monitoramento de serviço. De preferência, esta comunicação segura usa segredos compartilhados ponto a ponto, tais como uma sessão de canal autenticado segura Ks computada juntamente pelo centro de gerenciamento de serviço alvo e o dispositivo de monitoramento de serviço. Tais protocolos de segurança ponto a ponto são definidos, por exemplo, nas especificações padrão ANSI C12.22 ou 62056/COSEM IEC. O processo de geração, criptografia e transmissão da chave de carga útil Kp pode ser executado de forma síncrona ou assíncrona com a operação de formatação de carga útil, mas, de preferência, em um modo assíncrono. Em particular, é possível gerar a chave de carga útil Kp apenas de vez em quando, de modo a diminuir as mensagens de controle de unidifusão necessárias para transmitir essa chave de carga útil compartilhada Ks individualmente para cada centro de gerenciamento de serviços A, B e C. Esta forma de fazer também contribui para a otimização da comunicação a montante. - O medidor de serviços protege o monitoramento dos dados de carga útil por meio da chave de carga útil Kp. Dependendo dos modelos de ameaça e protocolos de criptografia padrão ou privada escolhidos, esta operação de proteção pode compreender uma ou mais etapas de criptografia e/ou de codificação com hash (sinal numérico) e/ou de assinatura de blocos de dados de carga útil, utilizando a chave de carga útil Kp, por exemplo, de acordo com as especificações de segurança ANSI C12. 22 ou IEC 62056/COSEM. De preferência, uma cifra eficiente e simples do estado da técnica, tal como um padrão AES com uma chave de carga útil Kp de 128 bits, é usada. Alternativamente, a chave de carga útil Kp pode também ser combinada com outras chaves privadas e/ou públicas e/ou valores sementes, que podem ser armazenados no dispositivo de monitoramento no momento de fabricação, localmente gerados pelo dispositivo de monitoramento, ou previamente transmitidos do centro de gerenciamento de serviço ou diretamente ou como parte de uma atualização de firmware do dispositivo de monitoramento por qualquer meio de comunicação remota ou local. Em casos específicos, algoritmos criptográficos personalizados podem ser aplicados, em especial, ao se trabalhar com dados sensíveis de monitoramento de segurança. - No momento da comunicação em retorno com o centro de gerenciamento de serviço remoto, na implementação exemplar da Figura 4, o medidor de serviços 10 formata a mensagem de carga útil compartilhada 8 e transmite a mesma para os centros de gerenciamento de serviço 20 em um modo de unidifusão, multidifusão ou transmissão. The flowchart in Figure 4 illustrates an exemplary implementation of a modality in which the following operations are performed: - Service meter 10 obtains monitoring data to be reported to the service management center 20. This monitoring data may comprise, for example, the use of monitoring information, payment information, event logging, measurement operation, information security monitoring. - The service meter formats the monitoring data in a payload message, according to standard specifications, such as the ANSI C12.19 or IEC 62056 / COSEM data tables. Alternatively, the payload format can be defined in a private specification, but is preferably in a format that is understandable by all connected service management centers A, B and C. In certain applications, a mix of standard and private format specification may also be used. - Service meter 10 generates a Kp payload key, encrypts and transmits it as Control Information (or control message) to service management center 20, according to secure communication protocols in one place between the service management center and the service monitoring device. Preferably, this secure communication uses shared end-to-end secrets, such as a secure Ks authenticated channel session computed together by the target service management center and the service monitoring device. Such end-to-end security protocols are defined, for example, in the standard specifications ANSI C12.22 or 62056 / COSEM IEC. The process of generating, encrypting and transmitting the Kp payload key can be performed synchronously or asynchronously with the payload formatting operation, but preferably in an asynchronous mode. In particular, it is possible to generate the payload key Kp only from time to time, in order to decrease the unicast control messages needed to transmit this shared payload key Ks individually to each service management center A, B and C. This way of doing things also contributes to the optimization of upstream communication. - The service meter protects the monitoring of payload data using the Kp payload switch. Depending on the threat models and standard or private encryption protocols chosen, this protection operation may comprise one or more encryption and / or hash (numeric sign) and / or payload data block signature steps, using the Kp payload switch, for example, according to ANSI C12 safety specifications. 22 or IEC 62056 / COSEM. Preferably, an efficient and simple prior art cipher, such as an AES standard with a 128-bit Kp payload key, is used. Alternatively, the Kp payload key can also be combined with other private and / or public keys and / or seed values, which can be stored in the monitoring device at the time of manufacture, locally generated by the monitoring device, or previously transmitted from the service management center either directly or as part of a monitoring device firmware update by any means of remote or local communication. In specific cases, custom cryptographic algorithms can be applied, in particular, when working with sensitive security monitoring data. - When communicating back to the remote service management center, in the exemplary implementation of Figure 4, the service meter 10 formats the shared payload message 8 and transmits it to the service management centers 20 in one unidiffusion, multicast or transmission mode.
[0035] As shown in Figure 4, shared payload data processing and protection operations can be performed in advance of transmission time. In this case, the protected shared payload data is stored in a service meter temporary buffer or memory register. At the time of transmission, the service meter reads the protected shared payload data from the recorder in order to format and transmit the shared payload message 8 to the target remote service management center 20. Saving this way saves the computing power and memory of the service meter are used, since the protection of the payload by means of cryptographic algorithms needs to be done only once and can be done in advance. In addition, transmission to each remote service management center A, B or C can occur at a different time.
[0036] - O centro de gerenciamento de serviço remoto 20 recebe uma mensagem de controle 8 e extrai Informações de Controle a partir dessa mensagem de controle. - O centro de gerenciamento de serviço remoto descriptografa e verifica as Informações de Controle a fim de derivar a chave de carga útil Kp de acordo com os protocolos de comunicação seguros no lugar entre o centro de gerenciamento de serviço e o dispositivo de monitoramento de serviço. De preferência, esta comunicação segura usa segredos compartilhados ponto a ponto, tal como uma chave compartilhada de canal autenticado segura Ks computada juntamente pelo centro de gerenciamento de serviço e o dispositivo de monitoramento de serviço. Tais protocolos de segurança ponto a ponto são definidos, por exemplo, nas especificações padrão ANSI C12.22 ou IEC 62056/COSEM. - O centro de gerenciamento de serviço recebe uma mensagem de carga útil compartilhada 8 e extrai a carga útil protegida dessa mensagem de carga útil compartilhada. - O centro de gerenciamento de serviço deriva a carga útil clara da carga útil protegida por meio da chave de carga útil anteriormente computada Kp. Esta operação pode compreender uma ou mais etapas de descriptografia e/ou verificação dos blocos de dados de carga útil protegidos utilizando a chave de carga útil Kp, de acordo com o método de proteção aplicado pelo dispositivo de monitoramento de serviço. Figure 5 illustrates the reverse operations that take place at the remote service management center, which will now be described below: - The remote service management center 20 receives a control message 8 and extracts Control Information from that control message. - The remote service management center decrypts and verifies the Control Information in order to derive the Kp payload key according to secure communication protocols in place between the service management center and the service monitoring device. Preferably, this secure communication uses shared end-to-end secrets, such as a shared secure Ks authenticated channel key computed together by the service management center and the service monitoring device. Such end-to-end security protocols are defined, for example, in the standard specifications ANSI C12.22 or IEC 62056 / COSEM. - The service management center receives a shared payload message 8 and extracts the protected payload from that shared payload message. - The service management center derives the clear payload from the protected payload via the previously computed payload switch Kp. This operation can comprise one or more steps of decryption and / or verification of the protected payload data blocks using the Kp payload key, according to the protection method applied by the service monitoring device.
[0037] Other variants for the system and method shown in Figure 4 and Figure 5 are also possible.
[0038] For example, the encryption and message formatting operations can be performed in a different order by the service meter 10.
[0039] The payload message 8 can also be pre-processed and stored in the temporary memory stores 13 or in the registers by the service meter.
[0040] The service meter 10 and the remote service management center 20 can exchange other messages 8 in order to synchronize the exchange of control messages or the update of the shared key Ks.
[0041] In addition to purely functional monitoring payload messages, a series of messages must be sent upstream by the service meter to the remote service management center, in particular, in case security credentials and security firmware updates need a secure acknowledgment and execution message back to the service that initiates the update. For practical reasons, the update messages can be transmitted or multicast downstream, which means that all target service meters 10 will receive and process them at the same time, and consequently send the acknowledgment messages back upstream at the same time, thus resulting in possible congestion of network traffic and peak processing scalability issues at the remote service management center.
[0042] In order to better balance the payload upstream between the various connected service meters 10, the temporary storage of the service meter recorder may be programmed to last more or less, depending on certain parameters, such as the unique identifier ID of the meter service number (serial number), the service meter firmware version number, the service meter service fee subscription and consumption information, or an explicit command to be sent individually to the service meter by the service provider services in a downstream broadcast message.
[0043] It is also possible to incorporate the explicit commands in the firmware update broadcast or multicast messages, in particular, when the smart metering message protocol allows target groups of service meters to be defined: each group may, in this case, share an explicit command , and the firmware update payload will be attached to a concatenation of explicit commands, one for each target group. In this scenario, ideally, the service provider will define group members based on geographic / location information, when available, so that the upstream load is also balanced at a local network level.
[0044] The service meter may further comprise a validity unit 19 (Figure 1) for handling renewal messages sent by the remote service management center. Alternatively, the validity unit 19 can be used to check the validity of a T timestamp included in an input message (for example, an initialization message, a control message or any data message) sent by the center remote service management or any other center.
[0045] The service meter may further comprise a transmission control unit responsible for checking, for example, whether an acknowledgment message has been properly received by the remote management center in response to a report message. If so, the transmission control unit transmits a positive signal, while in the negative case, it may emit a negative signal.
[0046] The service meter may further comprise a validity counter in order to increase or decrease a validity value, and a switch in order to trigger the operation of the service meter from a normal mode of operation (standard mode) to a mode interrupted operation.
[0047] - uma unidade de medição 11 para a medição de pelo menos um valor de consumo de serviço V, - uma unidade de comunicação 12 para enviar/receber mensagens 8 para/de, pelo menos, o centro de gerenciamento de serviço remoto 20, levando em consideração que o mesmo pode também receber mensagens do centro de supervisão 30 (Figura 6b), - uma memória 13 para armazenar um identificador único ID pertencente ao medidor de serviço 10 e uma primeira chave K1 necessária para a criptografia/descriptografia das mensagens 8 que têm de ser enviadas/recebidas pela unidade de comunicação 12, - uma unidade de criptografia 14 para criptografar o dito valor de consumo de serviço V como um primeiro criptograma C1; e, em particular, o primeiro criptograma C1 irá resultar da criptografia do valor de consumo de serviço V pela primeira chave K1, - um gerador de mensagem 16 para a geração de uma mensagem de serviço 8 contendo o dito primeiro criptograma C1 que tem de ser enviado para o centro de gerenciamento de serviço remoto 20. Este método compreende as etapas de: - solicitar ao centro de supervisão 30, por parte do centro de gerenciamento de serviço remoto 20, a alocação (isto é, a associação) deste centro de gerenciamento de serviço remoto 20 com um medidor de serviços específico 10 por meio de uma solicitação (por exemplo, uma mensagem), que compreende pelo menos o identificador único ID do dito medidor de serviços 10, esta solicitação podendo ser considerada como uma solicitação de inscrição enviada pelo medidor de serviços para pelo menos um centro de gerenciamento de serviço remoto à sua escolha, em seguida o centro de gerenciamento de serviço remoto 20 contata o centro de supervisão 30 (por exemplo, ao encaminhar a solicitação) com vista à realização desta solicitação, - transmitir, por meio do centro de supervisão 30, os assim chamados dados de chave (ou seja, os dados relativos a uma chave) para o centro de gerenciamento de serviço remoto 20, os ditos dados de chave sendo solicitados para a descriptografia/criptografia das mensagens 8, - ler, por meio do medidor de serviços 10, o valor de consumo de serviço V medido pela unidade de medição 11, - gerar, por meio do medidor de serviços 10, a mensagem de serviço 8, incluindo o primeiro criptograma C1, - enviar, por meio do medidor de serviços 10, a mensagem de serviço 8 para o centro de gerenciamento de serviço remoto 20 tendo em vista o seu processamento por este centro de gerenciamento de serviço remoto. Since the secret key Kt of the service meter 10 must remain secret and is a priori unknown to the remote service management centers 20 (the service providers), the present invention also suggests the implementation of a method that involves a third remote entity, named as the supervisory center 30, as shown schematically in Figures 6a, 6b and 6c. The purpose of this method is to manage communication between a service meter 10, used to measure at least one service consumption, and at least one remote service management center 20 responsible for processing at least part of that service consumption ; this communication being supervised by at least one supervision center 30, for example, through the same communication network 5 as that used between the service meter 10 and the remote service management center 20. For this purpose and, as already shown in Figure 1, the service meter comprises: - a measuring unit 11 for measuring at least one service consumption value V, - a communication unit 12 to send / receive messages 8 to / from at least the remote service management center 20, taking into account that it can also receive messages from the supervision center 30 (Figure 6b), - a memory 13 for storing a unique ID identifier belonging to the service meter 10 and a first key K1 necessary for the encryption / decryption of the messages 8 that have to be sent / received by the communication unit 12, an encryption unit 14 for encrypting said service consumption value V as a first cryptogram C1; and, in particular, the first C1 cryptogram will result from the encryption of the service consumption value V by the first K1 key, - a message generator 16 for generating a service message 8 containing said first cryptogram C1 which has to be sent to the remote service management center 20. This method comprises the steps of: - ask the supervisory center 30, by the remote service management center 20, to allocate (ie, the association) this remote service management center 20 with a specific service meter 10 by means of a request (for example, example, a message), comprising at least the unique identifier ID of said service meter 10, this request can be considered as a subscription request sent by the service meter to at least one remote service management center of your choice, then the remote service management center 20 contacts the supervision center 30 (for example, when forwarding the request) with a view to making this request, - transmit, through the supervision center 30, the so-called key data (i.e., data relating to a key) to the remote service management center 20, said key data being requested for decryption / encryption of messages 8, - read, using the service meter 10, the service consumption value V measured by the measurement unit 11, - generate, using the service meter 10, the service message 8, including the first C1 cryptogram, - send, via the service meter 10, the service message 8 to the remote service management center 20 for processing by this remote service management center.
[0048] According to one possible way, the supervision center 30 may belong to the manufacturer of the service meters. Advantageously, in this case, he already knows the personal data of the service meter, in particular, the unique identifier ID and the private key Kt of each service meter 10. Alternatively, the supervisory center can be any third independent authority from any remote service management centers and is entitled to work with the secret meter Kt of service meters.
[0049] Alternatively, the request sent to the supervisory center 30, in order to register the association of a remote service management center 20 with a particular service meter 10, can also be made by the service meter, instead of the center remote service management. In this case, the request must also comprise the unique identifier of that remote service management center 20.
[0050] According to one embodiment, the key data transmitted by the supervisory center 30 to the remote service management center 20 is the first key K1 that is already stored in memory 13 of the service meter 10 and that is used as a key shared Ks. This modality is illustrated in Figure 6a. Since all entities 10, 20, 30 have the shared key Ks, they can therefore communicate with each other in secure conditions.
[0051] - gerar a chave compartilhada Ks por meio do centro de supervisão 30 usando o seu módulo criptográfico 17, - transmitir o valor de inicialização I0, a partir do centro de supervisão 30, para o medidor de serviços 10, dentro de uma mensagem de inicialização, - carregar o valor de inicialização 10 e a chave secreta Kt para o módulo criptográfico do medidor de serviços, a fim de obter a necessária chave compartilhada Ks que tem de ser utilizada para a criptografia/descriptografia das mensagens, de acordo com um esquema de criptografia simétrica, durante a troca de comunicações entre o medidor de serviços 10 e o centro de gerenciamento de serviço remoto 20. Figure 6b shows an alternative modality in which the first key K1, stored in memory 13, is a secret key Kt belonging to the service meter 10. According to this modality, the secret key Kt is also known by the supervision center , keeping this key as confidential data, due to its status as a trusted entity. For this purpose, the supervisory center is provided with a protected database, comprising, for each system service meter, a record that includes at least its unique identifier ID together with its secret key Kt. Preferably, each record also comprises the unique identifier of the remote service management center and, optionally, the shared key Ks in question. In this modality, both the supervision center 30 and the service meter 10 each comprise a cryptographic module 17, as shown in Figure 3. Therefore, each of them is capable of generating a shared key Ks. , considering the secret key Kt as a first entry, and an initialization value I0 as a second entry. For this purpose, the required initialization value I0 is generated (for example, at random) by the supervisory center 30, and the key data (mentioned above) is the shared key Ks provided by the cryptographic module 17 of the supervision center. The method also comprises the steps of: - generate the shared key Ks through the supervision center 30 using its cryptographic module 17, - transmit the initialization value I0, from the supervision center 30, to the service meter 10, within an initialization message, - load the initialization value 10 and the secret key Kt to the cryptographic module of the service meter, in order to obtain the necessary shared key Ks that has to be used for the encryption / decryption of messages, according to an encryption scheme symmetrical, during the exchange of communications between the service meter 10 and the remote service management center 20.
[0052] Once calculated by the service meter, the shared key Ks can be stored in memory 13 of the service meter. Alternatively, the initialization value I0 can be stored in this memory, in place of the shared key KS which can be calculated every time a message must be encrypted / decrypted.
[0053] In this way, any presentation of the service meter secret key Kt is avoided. When a new service meter owner wants the services provided by a remote service management center of their choice, the remote service management center sends a registration request to the supervisory center. In this case, this supervision center will update its database by recording a new match between the service meter 10 of this new customer and this remote service management center.
[0054] The illustration in Figure 6c suggests a variant of the embodiment in Figure 6b. As shown in Figure 6c, the step of transmitting the initialization value 10 is performed, from the supervisory center 30, through the remote service management center 20 which forwards the initialization message to the service meter 10 The initialization value I0 and the shared key Ks can be transmitted by the supervision center in two separate messages or in a single message, for example, as key data.
[0055] According to another embodiment, the initialization message further comprises an S signature, typically a hash value that can be obtained by applying a hash function to the initialization message. This S signature can be done during a so-called signature step by the supervisory center 30 using a signature unit. As a result, the method will also comprise an authentication step performed by the service meter in order to verify the authentication of this S signature. This verification can therefore be obtained through an authentication unit 18 (Figure 1). In the case of successful authentication, loading the initialization value (I0) for your cryptographic module is allowed.
[0056] In another mode, the method also comprises a first validity step, which is carried out by the supervision center in order to add a time stamp T (ie, validity data) to the initialization message. This time stamp T is defined by the supervisory center 30 based on a current CT time. In this modality, the method comprises a second validity step that is performed by the service meter 10 before loading the initialization value I0 to its cryptographic module 17. The second validity step aims to verify the validity of the T time stamp. , when comparing it with the current CT time. In case of a successful validation, loading of the initialization value I0 is allowed.
[0057] For example, time stamp T is an expiration date, an expiration time, or an expiration time range defined, for example, by two dates, a start date and an end date. According to a first mode, both the supervision center 30 as well as the service meter 10 comprise a timer (for example, a clock) that produces a current CT time, and the so-called second validity step is intended to verify that the current time CT is within a validity period determined from said validity data T. The two timers must be synchronized as much as possible. According to an alternative form, the current CT time can be provided by a single radio controlled signal that can be received by each timer.
[0058] - gerar uma chave de carga útil Kp, - usar esta chave de carga útil Kp para criptografar o valor de consumo de serviço V como resultado do primeiro criptograma C1, - gerar um segundo criptograma C2 como resultado da criptografia da chave de carga útil Kp pela primeira chave K1, utilizando a unidade de criptografia 14 do medidor de serviços 10, - incluir o segundo criptograma C2 em uma mensagem de serviço 8 antes de enviar a mesma para o centro de gerenciamento de serviço remoto 20. De preferência, o segundo criptograma C2 é enviado juntamente com o primeiro criptograma C1, na mesma mensagem. No entanto, o primeiro e o segundo criptogramas podem também ser enviados em duas mensagens separadas. De preferência, este segundo criptograma será incluído, pelo menos, uma vez em tal uma mensagem, por exemplo, pelo menos durante uma fase de inicialização quando o medidor de serviço 10 é atribuído ao centro de gerenciamento de serviço remoto 20. Mais preferencialmente, este segundo criptograma C2 será periodicamente incluído na mensagem 8, pelo menos, cada vez que a chave de carga útil Kp for alterada ou renovada. In another embodiment, the service meter 10 comprises a key generator 16 for the generation of a payload key Kp that must be used by its encryption unit 14 in order to encrypt the service consumption value V within a payload message 8. In this mode, the method also comprises the steps of: - generate a Kp payload switch, - use this Kp payload key to encrypt the service consumption value V as a result of the first C1 cryptogram, - generate a second C2 cryptogram as a result of the encryption of the payload key Kp by the first key K1, using the encryption unit 14 of the service meter 10, - include the second C2 cryptogram in a service message 8 before sending it to the remote service management center 20. Preferably, the second C2 cryptogram is sent together with the first C1 cryptogram in the same message. However, the first and second cryptograms can also be sent in two separate messages. Preferably, this second cryptogram will be included at least once in such a message, for example, at least during an initialization phase when the service meter 10 is assigned to the remote service management center 20. More preferably, this second cryptogram C2 will be periodically included in message 8, at least, each time the payload key Kp is changed or renewed.
[0059] According to another modality, the first K1 key of the present method is a so-called Km remote management key belonging to the remote service management center.
[0060] According to another embodiment of the present invention, the service meter 10 may be monitored and managed by more than one remote service management center 20. This situation may occur when the service meter is able to measure different types of service at the At the same time, for example, simultaneously monitor the consumption of electricity and water. Therefore, the system shown in Figures 6a, 6b, 6c is obviously not limited to just one service meter. The same applies to the remote service management center 20 and also to the supervision center 30. Alternatively, the service meter 10 may be able to function in accordance with a time programmer, so that the electricity supply, gas or water can be carried out in some parts of the time by a first remote service management center and in other parts of the time by another service provider.
[0061] In the description above, the terminology that refers to the monitoring of service consumption qualifies both a service meter 10, as illustrated in Figure 1, as well as an appliance device that can be remotely monitored and managed from the management center. service station 20 (as shown in Figure 1) or from a collection concentrator equipment. In addition, the terminology that refers to the remote service management center is used to qualify a central service provider management center or an intermediate collection hub equipment node in the smart grid, where the service management center is located. under strict control by the service provider, for example, in a secure room or building.

权利要求:
Claims (15)
[0001]
Service meter (10) to measure at least one service consumption and to optimize the traffic of messages exchanged with a plurality of remote service management centers (20), comprising: - a measuring unit (11) for measuring at least one service consumption value (V), - a communication unit (12) to send messages (8) to the remote service management centers (20) assigned to the service meter (10) for processing the service consumption value (V) by the service management centers remote services (20), - a memory (13) for storing a unique identifier (ID) belonging to the service meter (10) and a first key (K1) for encrypting messages (8) to be sent by the communication unit (12), - a cryptographic unit (14) for encrypting the service consumption value (V) as a first cryptogram (C1), - a message generator (15) to generate a service message (8) containing the first cryptogram (C1) to be sent to remote service management centers (20), CHARACTERIZED by the fact that: the communication unit ( 12) is also capable of receiving messages (8) from remote service management centers (20), in which the service meter additionally comprises: - a key generator (16) for generating a payload key (Kp) intended to be shared by the plurality of remote service management centers (20), the payload key (Kp) being used by the encryption unit ( 14) to encrypt the service consumption value (V), so as to form a shared payload message (8) suitable to be sent to the plurality of remote service management centers (20) and where the service unit encryption (14) is capable of generating a second cryptogram (C2), for each of the remote service management centers (20), by encrypting the payload key (Kp) with the first key (K1), the second cryptogram (C2) being intended to be included, by the message generator (15), in a control message (8) to be sent to a dedicated remote service management center (20).
[0002]
Service meter according to claim 1, CHARACTERIZED by the fact that the first key (K1) is a management center public key belonging to the remote service management center.
[0003]
Service meter according to claim 1, CHARACTERIZED by the fact that it comprises a secret key (Kt) belonging to the service meter (10), an initialization value (I0) received within an initialization message by the communication unit (12 ) and stored in memory (13), and a cryptographic module (17) that integrates a function for generating a shared key (Ks) when considering the secret key (Kt) as a first entry and the initialization value (I0 ) as a second entry, the shared key (Ks) being used as a symmetric key between the service meter and one of the remote service management centers (20), at least to encrypt messages (8) in place of the first key ( K1).
[0004]
Service meter according to claim 3, CHARACTERIZED by the fact that it comprises a decryption unit (14 ') to decrypt messages received by the communication unit (12).
[0005]
Service meter according to claim 4, CHARACTERIZED by the fact that the memory (13) stores a boot session key (Ki), the boot message is encrypted with the boot session key (Ki) and the unit decryption key (14 ') is able to decrypt the boot message using the boot session key (Ki).
[0006]
Service meter according to claim 4 or 5, CHARACTERIZED by the fact that the initialization message comprises a signature (S) for its authentication, the service meter further comprising an authentication unit (18) for verification of authentication signature (S) and permission to load the initialization value (I0) in the cryptographic module (17) in case of successful authentication.
[0007]
Method for managing communication between a service meter (10), used to measure at least one service consumption, and at least one remote service management center (20) in charge of processing the service consumption, the communication being supervised by at least one supervision center (30), the service meter (10) comprising: - a measuring unit (11) for measuring at least one service consumption value (V), - a communication unit (12) for sending messages (8) to the remote service management center (20), - a memory (13) for storing a unique identifier (ID) belonging to the service meter (10) and a first key (K1) required for the encryption / decryption of messages (8) to be sent by the communication unit ( 12), - a cryptographic unit (14) for encrypting the service consumption value (V) as a first cryptogram (C1), - a message generator (15) for generating a service message (8) containing the first cryptogram (C1) to be sent to the remote service management center (20), -the method comprising the steps of: - read, by the service meter (10), the service consumption value (V) measured by the measurement unit (11), - generate, by the service meter (10), the service message (8) comprising the first cryptogram (C1), - send, through the service meter (10), the service message (8) to the remote service management center (20) in view of the processing of the message by the center, CHARACTERIZED by the fact that: communication is established between the service meter (10) and a plurality of remote service management centers (20) in charge of processing at least part of the service consumption, the communication being supervised by at least one supervision center (30), the service unit communication (12) being able to receive messages (8) from remote service management centers (20), and the method also comprising the steps of: - for each of the remote service management centers (20), send a request to the supervision center (30) requesting the allocation of the service meter (10) to the remote service management center (20), the request comprising at least minus the unique identifier (ID) of the service meter (10), - transmit, through the supervision center (30), key data to the remote service management center (20), the key data being used as input data requested from a cryptographic operation for the decryption / encryption of messages (8 ).
[0008]
Method according to claim 7, CHARACTERIZED by the fact that the key data is the first key (K1) stored in the memory (13) of the service meter (10) as a shared key (Ks).
[0009]
Method according to claim 7, CHARACTERIZED by the fact that the first key (K1) stored in memory (13) of the service meter (10) is a secret key (Kt) of the service meter, the secret key (Kt) it is known by the supervision center (30) as confidential data, the supervision center (30) and the service meter (10) each comprise a cryptographic module (17) that integrates a function to generate a shared key (Ks ), when considering the secret key (Kt) as a first entry and an initialization value (I0) generated by the supervision center (30) as a second entry, the key data is the shared key (Ks) provided by the millstone - cryptographic module (17) of the supervision center (30), the method also comprising the steps of: - generate the shared key (Ks) by the supervision center (30) using its cryptographic module (17), - transmit the initialization value (I0) from the supervision center (30) to the service meter (10) within an initialization message, - load the initialization value (I0) and the secret key (Kt) in the cryptographic module (17) of the service meter (10) to obtain the shared key (Ks) to be used for message encryption / decryption (8) according to a symmetric encryption scheme.
[0010]
Method according to claim 9, CHARACTERIZED by the fact that the step of transmitting the initialization value (I0) is performed through the remote service management center (20), which forwards the initialization message to the service meter ( 10) after receiving it from the supervision center (30).
[0011]
Method according to claim 9 or 10, CHARACTERIZED by understanding: - a signature step performed by the supervision center (30) to generate a signature (S) using a signature unit, and add this signature (S) in the initialization message for its authentication, - an authentication step performed by the service meter (10) to verify the authentication of the signature (S) through an authentication unit (18) and allow the initialization value (I0) to be loaded in its cryptographic module (17) in case of successful authentication.
[0012]
Method according to any one of claims 9 to 11, CHARACTERIZED by the fact that it further comprises: - a first stage of validity carried out by the supervision center (30) for the addition of a time stamp (T) in the initialization message, the time stamp (T) being defined by the supervision center (30) based on a current time (CT) and, - a second validity step performed by the service meter (10) before loading the initialization value (I0) in its cryptographic module (17) to check the validity of the time stamp (T) when comparing the time stamp (T ) with the current time (CT) and allow this loading in case of a successful validation.
[0013]
Method according to claim 12, CHARACTERIZED by the fact that the current time (CT) is provided by a radio controlled signal.
[0014]
Method according to any of claims 7 to 13, CHARACTERIZED by the fact that the service meter (10) comprises a key generator (16) to generate a payload key (Kp) to be used by your cryptographic unit -graphy (14) to encrypt the service consumption value (V), the method further comprising the steps of: - generate a payload key (Kp), - use the payload key (Kp) to encrypt the service consumption value (V) as a result of the first cryptogram (C1), - generate a second cryptogram (C2), as a result of the encryption of the payload key (Kp) by the first key (K1) when using the encryption unit (14) of the service meter (10), - include the second cryptogram (C2) in the service message (8) before sending it to the remote service management center (20).
[0015]
Method according to any one of claims 7 to 14, CHARACTERIZED by the fact that the first key (K1) is a remote management key (Km) belonging to the remote service management center (20).

类似技术:

---

公开号 | 公开日 | 专利标题

---

BR112013019215B1|2020-09-24|SERVICES METER TO MEASURE A SERVICE CONSUMPTION AND OPTIMIZE COMMUNICATIONS THE AMOUNT AND METHOD FOR MANAGING THESE COMMUNICATIONS

---

JP5500666B2|2014-05-21|Smart grid and how it works

---

CN102150392B|2016-11-16|Data transmission method between network node

---

US10982972B2|2021-04-20|System and method to manage utility meter communications

---

US9384658B2|2016-07-05|System and method to enforce utility meter security

---

US9401808B2|2016-07-26|Measuring device, information processor, key management device, and consumption calculating system

---

Kumar et al.2014|Secure communication for advance metering infrastructure in smart grid

---

BR112014004642B1|2020-11-17|PREFECTIVE METHOD AND SYSTEM FOR UTILITY CONSUMPTIONS WITHIN AN INTELLIGENT NETWORK

---

Gope et al.2019|An efficient privacy-friendly hop-by-hop data aggregation scheme for smart grids

---

Li et al.2012|P3: Privacy preservation protocol for appliance control application

---

US10785023B2|2020-09-22|Apparatus and method for managing metering information

---

US20090167557A1|2009-07-02|Advanced meter security system

---

EP3910873A1|2021-11-17|Key-management for advanced metering infrastructure

---

Ford et al.2015|POSTER: Reliable and Efficient Protection of Consumer Privacy in Advanced Metering Infrastructure

---

Kalidass et al.2021|Enhancement of end-to-end security in advanced metering infrastructure

同族专利:

---

公开号 | 公开日

---

US10250575B2|2019-04-02|

---

PL2671052T3|2017-04-28|

---

BR112013019215A2|2016-10-11|

---

CN103348217B|2016-05-11|

---

EP2518448A1|2012-10-31|

---

US10375040B2|2019-08-06|

---

EP2671052A1|2013-12-11|

---

US20190173857A1|2019-06-06|

---

US20130314249A1|2013-11-28|

---

HUE031244T2|2017-07-28|

---

HK1190186A1|2014-06-27|

---

US20170295146A1|2017-10-12|

---

WO2012104149A1|2012-08-09|

---

EP2671052B1|2016-09-28|

---

PT2671052T|2016-12-27|

---

DK2671052T3|2017-01-16|

---

US9664531B2|2017-05-30|

---

ES2605781T3|2017-03-16|

---

CN103348217A|2013-10-09|

---

ZA201305788B|2014-10-29|

引用文献:

---

公开号 | 申请日 | 公开日 | 申请人 | 专利标题

---

---

US7089089B2|2003-03-31|2006-08-08|Power Measurement Ltd.|Methods and apparatus for retrieving energy readings from an energy monitoring device|

---

US6219423B1|1995-12-29|2001-04-17|Intel Corporation|System and method for digitally signing a digital agreement between remotely located nodes|

---

DE19906450C1|1999-02-16|2000-08-17|Fraunhofer Ges Forschung|Generating encoded useful data flow involves producing encoded version of useful data key using asymmetrical encoding and entering in useful data stream header block|

---

US6747571B2|1999-03-08|2004-06-08|Comverge Technologies, Inc.|Utility meter interface system|

---

US6895502B1|2000-06-08|2005-05-17|Curriculum Corporation|Method and system for securely displaying and confirming request to perform operation on host computer|

---

US20050257259A1|2004-05-12|2005-11-17|Torre-Bueno Jose De La|Method for controlling the re-use of prefilled reagent dispensers and other consumables|

---

EP1662788A1|2004-11-24|2006-05-31|Nagravision SA|Method and system for access control of audio/video data|

---

US20060206433A1|2005-03-11|2006-09-14|Elster Electricity, Llc.|Secure and authenticated delivery of data from an automated meter reading system|

---

CN1699930A|2005-03-29|2005-11-23|尹红伟|Digitized intelligent safety natural gas meter employing wireless communication|

---

JP2008535109A|2005-04-07|2008-08-28|ロバート レーン スーパーアニュエイション プロプライエタリー リミテッド|Authenticity determination|

---

US20070257813A1|2006-02-03|2007-11-08|Silver Spring Networks|Secure network bootstrap of devices in an automatic meter reading network|

---

US20080117076A1|2006-11-16|2008-05-22|Arthur John Klaus|System and method for conducting bi-directional communication sessions with utility meters from a mobile device|

---

US7774008B2|2006-12-22|2010-08-10|Cellco Partnership|MDN-less SMS messaging for wireless M2M application|

---

DE102008058264A1|2008-11-19|2010-07-08|IAD Gesellschaft für Informatik, Automatisierung und Datenverarbeitung mbH|Measuring device, in particular energy counter and method for detecting tampering|

---

US8909917B2|2009-07-02|2014-12-09|Itron, Inc.|Secure remote meter access|US8826265B2|2011-10-24|2014-09-02|Texas Instruments Incorporated|Data concentrator initiated multicast firmware upgrade|

---

IL217559A|2012-01-16|2016-11-30|Amdocs Dev Ltd|System and method for retaining user's anonymity|

---

JP2014197726A|2013-03-29|2014-10-16|株式会社東芝|Measuring device, information processing device, key management device, and consumption amount calculation system|

---

US9240934B2|2013-05-03|2016-01-19|Landis+Gyr Innovations, Inc.|Monitoring the health of a home area network|

---

US9584314B2|2013-08-21|2017-02-28|International Business Machines Corporation|Event-driven, asset-centric key management in a smart grid|

---

US9171133B2|2013-10-11|2015-10-27|Landis+Gyr Innovations, Inc.|Securing a device and data within the device|

---

US9830446B2|2013-10-16|2017-11-28|Silver Spring Networks, Inc.|Return material authorization fulfillment system for smart grid devices with customer specific cryptographic credentials|

---

US10325329B2|2014-12-12|2019-06-18|Mcafee, Inc.|Smart home security of metered data using a mask|

---

KR101621931B1|2014-12-19|2016-05-17|한국인터넷진흥원|Power information transmitting and receiving system in the smart grid|

---

JP6385842B2|2015-02-02|2018-09-05|株式会社東芝|Information processing terminal, information processing method, and information processing system|

---

US20160282139A1|2015-03-27|2016-09-29|Telefonaktiebolaget Lm Ericsson |Data Collection Device and Method to Support Multiple Profiles in a Utility Meter System|

---

SE539932C2|2016-07-01|2018-01-23|3F Security Ab|Decentralized measuring system and network for remote reading of utility meters|

---

US10447664B2|2016-09-30|2019-10-15|The Toronto-Dominion Bank|Information masking using certificate authority|

---

US10944566B2|2017-11-15|2021-03-09|International Business Machines Corporation|Methods and systems for supporting fairness in secure computations|

---

US10734839B2|2017-11-30|2020-08-04|International Business Machines Corporation|Smart meters for monitoring individual and multiple energy consuming devices|

---

CN108414018A|2018-03-30|2018-08-17|深圳众厉电力科技有限公司|A kind of power transformer environmental monitoring system based on big data|

---

DE102018003511A1|2018-04-28|2019-10-31|Diehl Metering Systems Gmbh|Method for operating a data acquisition system|

---

EP3816958A4|2018-06-28|2021-08-25|Sony Group Corporation|Information processing device, information processing method, and program|

法律状态:
2018-12-18| B06F| Objections, documents and/or translations needed after an examination request according art. 34 industrial property law|

---

2019-10-22| B06U| Preliminary requirement: requests with searches performed by other patent offices: suspension of the patent application procedure|

---

2020-04-22| B09A| Decision: intention to grant|

---

2020-09-24| B16A| Patent or certificate of addition of invention granted|Free format text: PRAZO DE VALIDADE: 20 (VINTE) ANOS CONTADOS A PARTIR DE 19/01/2012, OBSERVADAS AS CONDICOES LEGAIS. |

优先权:

---

申请号 | 申请日 | 专利标题

---

US201161438665P| true| 2011-02-02|2011-02-02|

---

US61/438,665|2011-02-02|

---

EP11163844.1|2011-04-27|

---

EP11163844A|EP2518448A1|2011-04-27|2011-04-27|System to optimize utility meter upstream communications and method for managing these communications|

---

PCT/EP2012/050786|WO2012104149A1|2011-02-02|2012-01-19|Utility meter for metering a utility consumption and optimizing upstream communications and method for managing these communications|

---