西班牙专利ES2550501A2 Detection and response to unauthorized access to a communication device

专利PDF首页>>西班牙专利

专利附录

专利说明

权利要求

类似技术

同族专利

引用文献

法律状态

优先权

专利摘要:
A communication gateway consistent with the present disclosure may detect unauthorized physical or electronic access and implement security actions in response thereto. A communication gateway may provide a communication path to an intelligent electronic device (IED) using an IED communications port configured to communicate with the IED. The communication gateway may include a physical intrusion detection port and a network port. The communication gateway may further include control logic configured to evaluate physical intrusion detection signal. The control logic may be configured to determine that the physical intrusion detection signal is indicative of an attempt to obtain unauthorized access to one of the communication gateway, the IED, and a device in communication with the gateway; and take a security action based upon the determination that the indication is indicative of the attempt to gain unauthorized access.
公开号:ES2550501A2
申请号:ES201590028
申请日:2013-10-03
公开日:2015-11-10
发明作者:Rhett Smith；Colin Gordon
申请人:Schweitzer Engineering Laboratories Inc；
IPC主号:

专利说明:

P201590028
04-10-2015 DESCRIPTION
Detection and response to unauthorized access to a communication device 5 TECHNICAL FIELD
The present disclosure refers, in general, to systems and procedures for detecting and responding to unauthorized access to a communication device. More specifically, the systems and procedures disclosed herein may
10 be implemented in relation to network devices and intelligent electronic devices in an electrical power supply system, to detect and respond to unauthorized physical access.
BRIEF DESCRIPTION OF THE DRAWINGS
fifteen
Non-limiting and non-exhaustive embodiments of the disclosure are described, including various embodiments of the disclosure with reference to the figures, in which: Figure 1 illustrates a simplified single-line diagram of an electric power supply system and intelligent electronic devices (FDI). ) associated, congruent with various
20 embodiments of the present disclosure. Figure 2 illustrates a simplified block diagram of a system for detecting and responding to unauthorized access to a communication device, congruent with various embodiments of the present disclosure. Figure 3A illustrates a conceptual representation of a system that implements a
25 security action as a result of a detection of an unauthorized device, consistent with various embodiments of the present disclosure. Figure 3B illustrates a conceptual representation of the system of Figure 3A, which implements another security action as a result of a detection of an unauthorized device, consistent with various embodiments of the present disclosure.
Figure 4 illustrates a flow chart of a procedure for detecting unauthorized physical access to an enclosure containing equipment associated with an electric power supply system, consistent with various embodiments of the present disclosure. In the following description, numerous specific details are provided for a thorough understanding of the various embodiments disclosed herein.
35 The systems and procedures disclosed herein may be implemented without one or more of the specific details, or with other procedures,
P201590028
04-10-2015
components, materials, etc. In addition, in some cases, well-known structures, materials or operations may not be shown or described in detail, in order to avoid obscuring aspects of the disclosure. In addition, the features, structures or features described can be combined in any suitable way in one or
5 more alternative embodiments.
DETAILED DESCRIPTION
The present disclosure provides systems and procedures to detect and respond to
10 unauthorized access to a communication device. According to various embodiments, the communication device may be configured for secure communication with one or more intelligent electronic devices (IED), a supervisory control system and data acquisition (SCADA) and / or a communication network. IEDs can be configured to monitor a part of a power supply system
15, and provide control to the electric power supply system. According to various protection and control algorithms, IEDs may be configured to communicate with other IEDs, controllers, data acquisition systems and / or the like.
FDI may be located near control centers, in substations, or they may
20 be distributed in the electric power supply system. For example, IEDs may be located near primary equipment on transmission or distribution lines, away from the substation. In one embodiment, the IED may be a reset control in communication with, and providing protection and control to, a reset. The resetter may be located at the remote site of the substation. IED can be
25 arranged, for example, in a cabinet or other housing mounted on a power pole.
Remotely located equipment, associated with an electrical power supply system, poses a security risk in that unauthorized users may be able to obtain physical access to an enclosure containing such equipment. While all 30 enclosures are usually physically secured, using locks, fences or other barriers, such barriers can be overcome by an unauthorized user with sufficient motivation. Equipment stored within an enclosure may include buttons, man-machine interfaces and other mechanisms to change configurations associated with the equipment. In addition, communications can be deciphered within a closet, building 35 or other enclosure that contains equipment associated with an electric power supply system. This may be true, in particular, where legacy systems are used that
P201590028
04-10-2015
They do not natively support encrypted communication. Consequently, an unauthorized user with physical access to an unencrypted communication channel may present significant security concerns.
5 One possible remedy is to place a communication gateway in the closet with the IED. The IED can be configured to communicate only with the communication gateway, which, in turn, can communicate with the controller, the data acquisition system or the like. The communication gateway can be configured to encrypt communications with the controller, the data acquisition system and the like; without
However, if the cabinet is affected, the communications gateway and / or IEDs may be vulnerable to attack.
Communications between IEDs in an electrical power supply system can usually be reliable communications. As the term is used herein, reliable communication refers to a message that includes indications of trust. The indications of trust may include, but are not limited to, an identifier recognized in the message that is associated with a reliable origin, a reliable communication path or port from which the message is received, an authenticated node that dispatched the message, an encrypted message capable of being decrypted using a technique (e.g. key cryptography
20 public / private) or a message that includes authentication criteria. Of course, other indications of confidence can also be used in relation to various embodiments, consistent with the present disclosure.
According to various embodiments disclosed herein, a gateway of
25 communications includes the detection of physical access, to detect when an enclosure is opened and / or is otherwise subject to physical access. The communications gateway can also be configured to undertake certain stages when unauthorized access to an enclosure is detected. For example, according to some embodiments, communications received from the gateway after a physical access detection does not
30 authorized may not be reliable anymore. Consequently, certain actions or commands can be selectively discarded as a result of the unreliable nature of communications. According to some embodiments, communications from a communications gateway that has been subject to unauthorized access can be blocked entirely. The communication gateway can also be configured to
35 record all communications after unauthorized physical access has been detected.
P201590028
04-10-2015
The full extent of this specification to "an embodiment" means that a specific feature, structure or feature, described in relation to the embodiment, is included in at least one embodiment. Thus, the occurrences of the phrases "in a
5 embodiment ”in various places throughout the length of this specification are not necessarily all referring to the same embodiment. In particular "an embodiment" may be a system, an article of manufacture (such as a computer readable storage medium), a process and / or a product of a process.
10 The phrases "connected with" and "in communication with" refer to any form of interaction between two or more components, including mechanical, electrical, magnetic and electromagnetic interaction. Two components can be connected to each other, even if they are not in direct contact with each other, and even if there may be intermediate devices between the two components. For example, an IED can be connected to a
15 gateway session manager through one or more intermediate IEDs or network devices. Such networks can be modeled as wooded structures, as is common in the art.
As used herein, the term IED may refer to any device.
20 based on microprocessors that monitors, controls, automates and / or protects monitored equipment within a system. Such devices may include, for example, remote terminal units, differential relays, remote relays, directional relays, feeder relays, excess current relays, voltage regulator controls, voltage relays, switch fault relays, generator relays, relays motor controllers
25 automation, compartment controllers, counters, reset controls, communications processors, calculation platforms, programmable logic controllers (PLCs), programmable automation controllers, input and output modules, motor controllers and the like. IEDs can be connected to a network, and communication in the network can be facilitated by networking devices, which
30 include, but are not limited to, multiplexers, routers, hubs, gateways, firewalls and switches. In addition, the networking and communication devices may be incorporated in an IED or may be in communication with an IED. The term FDI can be used interchangeably to describe an individual FDI or a system comprising multiple FDI.
35 As used herein, the term "login credentials" may refer to any type of authentication procedure known as useful in the art.
P201590028
04-10-2015
For example, login credentials usually refer to a combination of username and password, encoded in ASCII; accordingly, the terms "login credentials" and "username and password (s)" may be used interchangeably herein. However, the username and password (s) can be replaced by any of a wide variety of authentication protocols and / or techniques that include cryptographic protocols for authentication machines, challenge-response procedures, tests of null knowledge, time-only passwords synchronized, security tokens, biometric authentication, graphic or other passwords, not text-based,
10 voice authentication and the like.
Some of the infrastructure that can be used with the embodiments disclosed herein is already available, such as: general purpose computers, computer programming tools and techniques, digital storage media and communications networks. A computer may include a processor, such as a microprocessor, a microcontroller, logic circuits or the like. The processor may include a special purpose processing device, such as an ASIC, PAL, PLA, PLD, Field Programmable Gate Formation or other custom or programmable device. The computer may also include a device
20 computer readable storage, such as non-volatile memory, static RAM, dynamic RAM, ROM, CD-ROM; disk, tape, magnetic, optical or flash memory, or other computer-readable storage media.
Networks suitable for configuration and / or use, as described herein
25 memory, include one or more local area networks, wide area networks, metropolitan area networks and / or "Internet" or Internet Protocol (IP) networks, such as the World Wide Web, a private Internet, a Secure Internet, a value-added network, a virtual private network, an extranet, an intranet, or even autonomous machines that communicate with other machines through the physical transport of media. In particular, an adequate network
30 can be formed from parts or totalities of two or more other networks, including networks that use different hardware and network communication technologies. A network can incorporate land lines, wireless communication and combinations thereof.
35 The network may include communications or networking software, such as software available from Novell, Microsoft, Artisoft and other providers, and may work
P201590028
04-10-2015
using TCP / IP, SPX, IPX, RS – 232 and other protocols, over crossover pairs, coaxial or fiber optic cables, telephone lines, satellites, microwave relays, modulated Alternating Current power lines, physical media transfer and / or other means of data transmission. The network can cover smaller networks and / or can be connectable
5 with other networks using a gateway or similar mechanism.
Aspects of certain embodiments described herein may be implemented as modules or software components. As used herein, a software module or component may include any type of computer instruction or computer executable code, located inside, or in, a computer readable storage medium. A software module, for example, may comprise one or more physical or logical blocks of computer instructions, which may be organized as a routine, a program, an object, a component, a data structure, etc., which performs a or more tasks or implements specific types of data
15 abstract.
In certain embodiments, a specific software module may comprise dissimilar instructions stored in different locations of a computer-readable storage medium, which jointly implement the described functionality of the module. Indeed, a module can comprise a single instruction or many instructions, and can be distributed over several different code segments, between different programs and between several computer readable storage media. Some embodiments may be implemented in a distributed computing environment where the tasks are performed by a remote processing device linked through a 25 communications network. In a distributed computing environment, the software modules may be located on computer-readable, local and / or remote storage media. In addition, data linked or represented together in a database record may be resident in the same computer-readable storage medium, or between several computer-readable storage media, and may be linked to each other.
30 in fields of a record in a database on a network.
The software modules described herein tangibly perform programs, functions and / or instructions that are executable by one or more computers to perform tasks as described herein. Appropriate software, as applicable, may be provided using the disclosures presented herein and programming languages and tools, such as XML, Java,
P201590028
04-10-2015
Pascal, C ++, C, database languages, API, SDK, assemblers, firmware, micro-code and / or other languages and tools. Additionally, software, firmware and hardware can be used interchangeably to implement a given function.
5 In some cases, well-known features, structures or operations are not shown
or describe in detail. In addition, the features, structures or operations described can be combined in any suitable manner in one or more embodiments. It will also be immediately understood that the components of the embodiments, as generally described and illustrated in the figures herein, could be
10 arranged and designed in a wide variety of different configurations. All such configurations are included within the scope of this disclosure.
The embodiments of the disclosure will be optimally understood by reference to the drawings, in which the equal parts are indicated by equal numbers throughout their entire length. The components of the disclosed embodiments, as generally described and illustrated in the figures herein, could be arranged and designed in a wide variety of different configurations. Thus, the following detailed description of the embodiments of the disclosure systems and procedure is not intended to limit the scope of the disclosure, as claimed, but is
20 merely representative of possible embodiments. In other cases, well-known structures, materials or operations are not shown or described in detail to avoid obscuring aspects of this disclosure. In addition, the stages of a procedure should not necessarily be executed in any specific order, or even sequentially, nor should the stages be executed only once, unless otherwise specified.
25 Figure 1 illustrates a simplified single-line diagram of an electric power supply system 100 and associated IEDs 104, 106, 115 and 170, consistent with certain embodiments disclosed herein. System 100 includes various substations and IEDs 104, 106, 108, 115 and 170, configured to perform various functions. System 100 is provided for illustrative purposes and does not imply any specific provision or function,
30 required to any specific IED. In some embodiments, IEDs 104, 106, 108, 115 and 170 can be configured to monitor and communicate information, such as voltages, currents, equipment status, temperature, frequency, pressure, density, infrared absorption, radio frequency information , partial pressures, viscosity, speed, rotation speed, mass, switching state, valve status, state of
35 circuit breakers, tap status, meter readings and the like. In addition, IEDs 104, 106, 108, 115 and 170 can be configured to communicate calculations, such as
P201590028
04-10-2015
phasors (which may or may not be synchronized as synchro-phasors), events, fault distances, differentials, impedances, reactances, frequencies and the like.
The electric power supply system 100 illustrated in Figure 1 may include a
5 generation substation 111. Substation 111 may include generators 110 and 112, which are connected to a bus 118 via incremental transformers 120 and 122. Bus 118 may be connected to bus 126 in substation 119, via line of transmission 124. Although the equipment in substation 111 may be monitored and / or controlled by various IEDs, only a single IED 104 is shown.
10 The IED 104 may be a transformer protection IED for the transformer 120. The IED 104 may be in communication with a common time source 188 which, as indicated below, may be distributed in the system 100 using a communications network , or using a universal time source, such as a global location system (GPS) or the like. The use of a common or universal time source can
15 ensure that IEDs have a synchronized time signal that can be used to generate time-synchronized data, such as synchro-phasors.
Substation 119 may include a generator 114, which may be a distributed generator, and that may be connected to bus 126 by incremental transformer 118. Bus 20 may be connected to a distribution bus 132 by means of a decremental transformer 130. Various distribution lines 136 and 134 may be connected to distribution bus 132. Distribution line 136 can lead to substation 141, where the line is monitored and / or controlled using IED 106, which can selectively open and close the switch 152. Load 140 may be fed from the power line.
25 distribution 136. In addition, the decremental transformer 144 can be used to decrease a voltage for consumption by load 140.
Distribution line 134 can lead to substation 151, and supply electrical power to bus 148. Bus 148 can also receive electrical power from distributed generator 30 116 via transformer 150. Distribution line 158 can supply electrical energy from the bus 148 to load 138, and may also include the decremental transformer 142. Circuit breaker 160 can be used to selectively connect bus 148 with distribution line 134. IED 108 can be used to monitor and / or control the circuit breaker 160 as well as the line of
35 distribution 158.
P201590028
04-10-2015
A central IED 170 may be in communication with various IEDs 104, 106, 108 and 115, using a data communications network. The IEDs 104, 106, 108 and 115 can be remote with respect to the central IED 170. The remote IEDs 104, 106, 108 and 115 can communicate by various means, such as direct communication from the IED 170 or 5 over a network of wide area communications 162. IEDs 104, 106, 108, 115 and 170 may be communicatively linked to each other using a data communications network, and may also be communicatively linked to a central monitoring system, such as a control system supervisor and data acquisition (SCADA) 182, an information system (IS) 190 and / or a wide area control system
10 and situation perception (WCSA) 180. The data communications network between IEDs 104, 106, 108, 115 and 170 can use a wide variety of network technologies, and can comprise network devices such as modems, routers , firewalls, virtual private network servers and the like, which are not shown in Figure 1.
15 The various IEDs in system 100 can obtain electrical energy information from monitored equipment, using potential transformers (PT) for voltage measurements
(e.g., potential transformer 156), current transformers (CT) for current measurements (e.g., current transformer 154) and the like. The PT and CT can include any device capable of providing outputs that can be used by the
20 IEDs for potential and current measurements, and may include traditional PT and CT, optical PT and CT, Rogowsky coils, room effect sensors and the like.
Each IED can be configured to access a common time source 188. The origin
Common schedule 188 may be distributed via a communications network (using, for example, the IEEE-1588 protocol, the NTP protocol or the like), or obtained locally at each IED. The common time source 188 may be a universal time, such as that supplied using satellites of the GPW, WWVB, WWV or the like. A common time source can be used to synchronize the measurements of the energy system over time
30 electric and / or in the calculation of synchro-phasors. The phasors calculated by the IEDs may include a time stamp indicating a time at which the measurement was made.
The central IED 170 may also be in communication with a certain number of other devices or systems. Such devices or systems may include, for example, a WCSA 180 system, a SCADA 182 system or a local Man-Machine Interface (HMI) 187. Local HMI 187 can be used to change settings, issue instructions
P201590028
04-10-2015
control, retrieve an event report, retrieve data and the like. In some embodiments, the WCSA 180 system can receive and process time-aligned data, and can coordinate time-synchronized control actions at the highest level of the power supply system 100. The mass storage device 5 184 can store data referred to system 100 from IEDs 104, 106, 108, 115 and
170.
The central IED 170 may also include a time entry, which can receive a time signal from a central time source of IED 186. The central time source of IED 186 10 can also be used by the central IED 170 for information and data on time stamps. . Time synchronization can be useful for organizing data and making decisions in real time, as well as post-event analysis. Time synchronization can also be applied to network communications. In certain embodiments, the central time source of FDI 186 and the common time source 177 may be the same time source. Common time source 188 may be any time source that is an acceptable form of time synchronization, including, but not limited to, a temperature-compensated and voltage-controlled crystal oscillator, Rubidium and Cesium oscillators, with or without loops locked in digital phase, micro-electromechanical systems technology (MEMS), which transfers the resonant circuits from the electronic domains to the
20 mechanics, or a GPS receiver with time decoding. In the absence of a common time source available to all IEDs, central IED 170 can serve as a common time source by distributing a synchronization signal over time.
The information system 190 generally includes hardware and software to enable
25 network communication, network security, user administration, Internet and intranet administration, access to remote networks and the like. The information system 190 can generate information about the network to maintain and sustain a reliable, quality and secure communications network, executing real-time business logic about network security events, performing network diagnostics, optimizing
30 network features and the like.
Data communications between IEDs 104, 106, 108, 115 and 170 can occur using a wide variety of communication protocols and data formats. According to some embodiments, communication protocols and data formats may be industrial property in some cases, and standardized in some cases. IEDs 104, 106, 108, 115 and 170 can also communicate configuration information, information
P201590028
04-10-2015
of IED identification, communications information, status information, alarm information and the like. FDI 104, 106, 108 and 115 can be deployed in populated areas and, consequently, can be placed in physical proximity to the general public. By
For example, the system 100 can be located in an urban environment with a plurality of substations 111, 119, 141 and 151 located throughout a city. Consequently, controlling physical access to substations and FDI poses difficulties. An unauthorized actor may attempt to gain physical access to substations 111, 119, 141 and 151 and /
or your constituent team. After obtaining physical access to one of substations 111,
10 119, 141 and 151, the IEDs in the substations may be exposed to threats such as button presses, connection with communication ports or the like.
Obtaining physical access to communication links in substations 111, 119, 141 and 151 may allow an unauthorized user to avoid certain security measures 15 designed to prevent unauthorized access to communications between IEDs 104, 106, 108, 115 and 170. Communications between IEDs 104, 106, 108, 115 and 170 can usually be reliable communications. Consequently, communications allegedly originating from a reliable location, a reliable network or a reliable source can be more easily exploited by a user not authorized to implement
20 changes in IED settings, trigger alarms or otherwise disturb the operation of system 100.
Figure 2 illustrates a simplified block diagram of a system 200 for the detection and response to unauthorized access to an IED or other communications device. A
Enclosure 204 may be used to confine various devices such as IEDs 206 and 208, clock 216 and communication gateway 220. According to some embodiments, enclosure 204 may comprise a cabinet mounted on posts, an autonomous structure or another enclosure configured to house infrastructure associated with an electricity supply system 202.
30 IEDs 206 and 208 may be in electrical communication with the electrical power supply system 202 to provide protection, control, readings and / or automation thereto. The IEDs 206 and 208 may be in communication with the communication gateway 220, which may be in secure communication with the SCADA system 240 and
35 / or a communication network 246. The communication gateway 220 may include a network port 221, which may be in communication with the network switch 242. The network
P201590028
04-10-2015
Communications 246 can facilitate communications with other IEDs through other communications gateways. A network switch may exist between the communication gateway 220 and the communication network 246. Other communication gateways 244 may also be in communication with the network switch 242.
5 The watch 216 may be in communication with a common time source such as a global navigation satellite system (GNSS), a time source (e.g., a time source provided by a GPS), a WWVB or WWV broadcast , or other common time source. The clock 216 can provide a time signal to the communication gateway 220, which
10 may, in turn, provide a time signal to IEDs 206 and 208.
To detect unauthorized access to the enclosure 204, the communication gateway 220 may also be in communication with a door sensor 210, configured to detect an opening of a gate of the enclosure 204, using any suitable detection mechanism 15. In some embodiments, the door sensor 210 may be a cabinet door bolt wired with a contact gateway of the communication gateway
220. In further embodiments, the door sensor 210 may be a magnetic sensor or a pressure bolt switch, wired with a contact input of the communication gateway 220. The door sensor 210 may be configured to signal to the
20 communication gateway 220 if it detects the opening of a door of the enclosure 204.
In addition, to detect unauthorized access to the enclosure 204, the communication gateway 220 may be in communication with a photo-detector 212. The photo-detector 212 can detect when the enclosure 204 is opened by a change in lighting within the
25 enclosure 204. In certain embodiments, photo-detector 212 may be able to detect changes in light density. The photo-detector 212 can be configured to signal to the communication gateway 220 when light is detected.
The communication gateway 220 may be in communication with a microphone 214. The
Microphone 214 can detect frequency and amplitude attributes, to detect a physical alteration, as well as events that occur in the energy system. That is, the microphone 214 can detect sounds and communicate electrical signals representing such sounds to the communication gateway 220. The communication gateway 220 may include predetermined sound attributes such that they may allow the communication gateway
35 220 differentiating between sounds that mean unauthorized physical access (such as metal cuts or broken locks), sounds that mean events in the system
P201590028
04-10-2015
electrical energy (such as opening of switches, changing position of sockets and the like), sounds associated with a natural phenomenon (such as rain, hail, thunder, etc.) and sounds associated with environmental conditions (such as traffic, speakers, etc.). In another embodiment, microphone 214 may be able to differentiate different events, and from
5 signal to the communication gateway 220 when a sound corresponding to unauthorized access is detected. According to some embodiments, the sound detected by the microphone 214 can be transmitted to a central monitoring station so that an operator can listen to the sounds and make a determination as to whether or not such sounds are indicative of an attempt to obtain Unauthorized access.
10 The communication gateway 220 includes an accelerometer 218 for detecting movement. The accelerometer 218 may be able to provide a signal to the communication gateway 220, corresponding to the movement. According to some embodiments, the accelerometer 218 may comprise a device external to the communication gateway
15 220. Communication gateway 220 may use the signal to detect when a movement corresponding to unauthorized access is present. For example, repeated physical impacts may correspond to hitting enclosure 204 in an attempt to break a lock and gain access. In another embodiment, accelerometer 218 detects natural phenomena and / or environmental conditions, such as earthquakes or large storms, which
20 can be retro-fed to the control system so that operations can make appropriate adjustments to the power system settings. In addition, some embodiments congruent with the present disclosure may be mounted on a utility pole. Car accidents can occasionally result in collisions with utility poles and, consequently, an accelerometer can be activated in
25 in the event that the pole on which the device is mounted is hit by a car.
Since natural phenomena or environmental conditions (e.g., an earthquake or vehicle collision can activate an accelerometer, thunder can activate a microphone, etc.) can activate one or more physical intrusion detectors, certain embodiments consistent with the This disclosure may identify alternative indications of unauthorized access before implementing a security action. According to one embodiment, the detection signals can be compared based on the physical proximity of the devices. For example, to the extent that an earthquake activates an accelerometer at a location, nearby devices can be similarly activated. Similarly, extreme weather can also affect multiple devices in the same geographic neighborhood, and
P201590028
04-10-2015
therefore a comparison of information between such devices can provide an alternative indication of whether a detection signal received from an intrusion detection system corresponds to an attempt to gain unauthorized access or to natural phenomena.
5 In addition to monitoring physical conditions (e.g., light, sound, movement, etc.), patterns in the data transmitted to or from the communication gateway 220 can also be analyzed in order to determine attempts to obtain unauthorized physical access . When the communication gateway 220 detects a change in the communication in one of
10 ports, may be due to an unauthorized access attempt. For example, if a communication medium of an IED is removed from its port, the communication through that port will change with respect to its reference line. The communication gateway 220 can then detect an unauthorized access attempt. Consequently, communication gateway 220 can be configured to detect when an unauthorized actor
15 unplug an active cable, plug another cable and / or start using the communication channel.
The communication gateway 220 may include a plurality of communication ports
(e.g., network port 221, a port for communication with a SCADA 240 system,
20 ports to receive input from photo-detector 212, door sensor 210 and microphone 214, etc.). Communication ports can be performed in a wide variety of ways, including serial ports, USB ports, Ethernet ports, IEEE 1394 ports, etc. According to some embodiments, each between the photo-detector 212, the door sensor 210 and the microphone 214 may be in communication with a port of
25 communication associated with the communication gateway 220. According to other embodiments, the communication gateway 220 may include various sensors (eg, microphone, photo-detector, etc.) as integrated components. According to various embodiments, the elements configured to detect unauthorized access can be mentioned as physical intrusion detectors.
30 The communication gateway 220 can monitor each of its communication ports, and establish a reference line for communication through each port. For example, a port in communication with clock 216 will establish a communication reference line, corresponding to a signal from clock 216. The ports in
Communication with IEDs 206 and 208 may establish a different reference line. In addition, ports that are not used will establish another reference line. A
P201590028
04-10-2015
reference line can comprise a certain number of factors, such as data type, data volume, etc. For example, a reference line may show that a specific port historically has a very low data rate. Activity during a specific period can be compared to the reference line in order
5 to determine whether such activity is congruent with the reference line or constitutes a departure from the reference line. A significant departure from the historical data rate may indicate a departure from the reference line and, consequently, may suggest an abnormal condition, such as unauthorized access.
10 A wide variety of techniques can be used to determine that an unauthorized actor has started using the communication channel. For example, MAC address authentication can be a way to determine the presence of a recently connected device. When authorized changes are made, a MAC address associated with the device to be added can be specified in advance, so that
15 indications of the newly added authorized device are accepted and do not give rise to an indication of unauthorized access. According to other embodiments, criteria such as IP addresses, communication protocols, communication port numbers, etc., can be used in order to detect a recently added unauthorized device. Moreover, technologies such as USB, IEEE 1394,
20 eSATA and the like can be used to recognize when new devices are connected to a system for the first time. Devices connected using USB, IEEE 1394 and eSATA, and similar technologies, can be called peripheral devices. If the connection of such a device is unexpected, the newly connected device may be designated as an unauthorized device and may be
25 one or more security actions undertaken.
Accordingly, the communication gateway 220 may include several procedures for detecting unauthorized physical access. Communication gateway 220 may be configurable to minimize false positive detections, requiring more than one signal.
30 indicating unauthorized access. According to one embodiment, the communication gateway 220 may require at least two signals (eg, a signal from both the door sensor and the photo-detector) to determine unauthorized physical access. In another embodiment, the communication gateway 220 may require certain combinations of signals to determine unauthorized physical access.
35 Once an unauthorized physical access is detected, the communications gateway
P201590028
04-10-2015
220 can take one or more actions. In one embodiment, the communication gateway 220 may have the ability to configure a normal cyber-security profile and an elevated cyber-security profile. Based on the detection of a cyber-attack or a physical alteration, the communication gateway 220 can automatically adjust the profile as a profile
5 raised. For example, if the door sensor determines that the door has been opened, and there are no planned work orders for that closet, the cyber-security profile can advance to the elevated state from the normal state, in an attempt to restrict a compromise. Additional major system.
In one embodiment, when the communication gateway 220 detects unauthorized access, it can alert the upstream network devices (such as the network switch 242, the communication gateway 244 and the communication network 246) as to that communications from room 204 can no longer be reliable, and quarantine all communications from room 204 and / or upstream devices
15 from room 204. An alert of this type can be generated as soon as unauthorized access is detected, and the cyber-response can be configurable in the upstream communication device, to terminate all communications, record all traffic and /
or continue the usual operations but alert the devices upstream regarding unauthorized access.
20 Communication gateway 220 may be capable of supervisory prevalence, according to certain embodiments consistent with the present disclosure. That is, if authorized access to enclosure 204 is planned, the detection of unauthorized access may be temporarily suspended. In addition, responses to unauthorized physical access may
25 be temporarily suspended. Such prevalence can be achieved through a SCADA system or engineering access, according to various embodiments. A prevalence may be adequate where an unplanned event requires physical access to an enclosure. According to one example, a prevalence may be adequate in a case where a vehicle has collided with the utility pole on which an enclosure is located. the staff
30 maintenance may prevail over a safety action in order to allow a part of the power supply system to be discharged while the accident is addressed.
According to the embodiment illustrated in Figure 2, the communication gateway 220 may be physically different from IEDs 208 and 208; however, according to alternative embodiments, certain functionality associated with the communication gateway 220 may be
P201590028
04-10-2015
incorporated into an IED. According to such embodiments, an IED may comprise a plurality of ports configured to receive input from sensors of various types (eg, microphone, a door sensor, a photo-detector, an accelerometer, etc.). In addition, such an IED can comprise ports configured for communication with a network and
5 / or a SCADA system.
Figure 3A illustrates a conceptual representation of a system 300 that implements a security action as a result of a detection of an unauthorized device 328, consistent with various embodiments of the present disclosure. According to the embodiment 10 illustrated in Figure 3A, the IEDs 310, 312 and 314 are in communication, respectively, with the communication gateways 316, 318 and 320. Each of the communication gateways 316, 318, 320 is in communication with a network 326. In addition, the SCADA system 322 and the information system 324 are also in communication with the network 326. According to alternative embodiments, the IEDs 310, 312 and 314 may be physically
15 integrated with communication gateways 316, 318 and 320, respectively.
In order to connect the unauthorized device 328 with the communication gateway 316, physical access to the communication gateway 316 may be necessary. Consequently, one or more physical intrusion detection signals (e.g., cabinet opening light, sound associated with opening a cabinet door, the jump of a door sensor, etc.) may be generated as a result of obtaining an unauthorized actor physical access to the communication gateway 316. The connection of the unauthorized device 328 with the communication gateway 316 may also provide an alternative indication of unauthorized access. For example, communication gateway 316 may determine that
25 a MAC address associated with the unauthorized device 328 is not recognized.
As a result of the physical intrusion detection systems and the alternative indication of unauthorized access provided by the connection of the unauthorized device 328 with the communication gateway 316, the system 300 can implement a security action. In a specific embodiment illustrated in Figure 3A, communication from communication gateway 316 may be considered suspicious or unreliable, as indicated by question marks 330. As described above, communication between the various devices in the system 300 can usually be reliable; however, upon detection of unauthorized access, the 35 devices upstream from the communication gateway 316 can be notified of the unauthorized access and, consequently, can no longer rely on communications
P201590028
04-10-2015
received from the communication gateway 316. As indicated above, one of the indications on which certain communications can be reliable is the reception from a known node, or reliable device in a network. Following detection of unauthorized access, the node associated with communication gateway 316
5 may no longer be considered reliable. Consequently, communications from communication gateway 316 and devices upstream from communication gateway 316 may no longer be reliable (eg, IED 310 and the unauthorized device at 328).
Various protocols can be used to differentiate between reliable and non-reliable communications.
10 reliable, according to embodiments consistent with the present disclosure. This may allow the network to adjust the criteria and all devices adopt cyber defense positions. In one embodiment, communication gateways 316, 318 and 320 can be configured to use a network access control protocol (e.g., IEEE 802.1X) to alert other network devices about an attempt to obtain physical access no
15 authorized to an enclosure. The 802.1X protocol can provide network access control and client authentication, based on ports, in the physical layer of the OSI model of computer networking. In another example, an indication of unauthorized physical access can be transmitted through a SCADA system. A SCADA point can be correlated with a physical intrusion indicator following the detection of a
20 unauthorized physical access. Communications associated with a physical intrusion indicator can be considered unreliable by the SCADA system.
Figure 3B illustrates a conceptual representation of the system of Figure 3A, in which a firewall 332 is placed between the communication gateway 316 and other communication devices 25 in the system 300, as a result of a detection of an unauthorized device 328 , congruent with various embodiments of the present disclosure. System 300, as illustrated in Figure 3B, may operate similarly to system 300, as described above in relation to Figure 3A; however, in Figure 3B, the system 300 may be configured to implement an alternative security action 30 as a result of a detection of the unauthorized device 328. The firewall 332 may be configured to block incoming communications from the communication gateway 316 , the unauthorized device 328 and the IED 310. Communications directed to the communication gateway 316 and the IED 310 may be allowed to pass through the firewall 332. In other words, the firewall 332 may allow the
35 downstream communication, but firewall 332 can block upstream communication.
P201590028
04-10-2015
According to other additional embodiments, the system 300, as illustrated in Figure 3A and Figure 3B, may implement alternative security actions upon detection of the unauthorized device 328. For example, the system 300 may quarantine
5 Upstream communications from communication gateway 316. In another example, system 300 can simulate responses to communications received from unauthorized device 328 without implementing any change based on such communications.
Figure 4 illustrates a flow chart of a procedure 400 for detecting physical access
10 not authorized to an enclosure that contains equipment associated with an electric power supply system, consistent with various embodiments of the present disclosure. An intrusion detection system may comprise one or more components configured to detect physical access to an enclosure. As described in relation to various embodiments above, such components may include a microphone, a
15 light sensor, a door sensor, an accelerometer, etc.
In 402, an intrusion detection system can be activated. The method 400 can wait for the reception of a detection signal from the intrusion detection system at 404. Once a detection signal is received, at 406, the method 20 400 can determine whether the detection signal is indicative or not. of unauthorized access. As described above, natural or environmental phenomena can activate a detection signal; however, procedure 400 may determine at 406 that the detection signal is not indicative of unauthorized access. If such determination is made, procedure 400 may return to 404 and wait for the detection of a signal.
25 later.
Certain embodiments may require that an unauthorized access confirmation threshold be met. According to such embodiments, in 408, the procedure 400 can determine whether or not the threshold for confirming unauthorized access is satisfied. A wide variety of information can be analyzed in order to determine whether or not the confirmation threshold is met before implementing a security action. According to some embodiments, the unauthorized access confirmation threshold may be satisfied by an alternative sensor indication. For example, the detection signal received in 404 may be based on sound detected by a microphone. An alternative indication 35 may be provided by a door sensor indicating that a door, or a panel, of the enclosure has been opened. As illustrated by this example, indications
P201590028
04-10-2015
Alternatives can be provided by multiple sensor components associated with a single enclosure. Embodiments that rely on alternative indications may provide some protection against a false alarm caused by a single damaged sensor.
5 The unauthorized access confirmation threshold can also be satisfied using information provided by sensor components associated with other enclosures, according to various embodiments. For example, an earthquake can activate accelerometers associated with intrusion detection systems in different locations. According to
10 various embodiments, to the extent that multiple accelerometers associated with intrusion detection systems in physical proximity generate detection signals at approximately the same time, such signals can be compared in order to deduce that natural phenomena activated the signals. As illustrated by this example, alternative indications may be provided by dispersed sensor components.
15 between multiple enclosures.
According to further additional embodiments, the unauthorized access confirmation threshold can be satisfied based on an evaluation of a confidence interval associated with a specific detection signal. For example, a signal from a 20-door sensor may be associated with a confidence interval greater than a signal from a microphone. Consequently, in some embodiments, a detection signal based on a door sensor may be sufficient to satisfy the confirmation threshold, but a signal from a microphone may be insufficient to satisfy the confirmation threshold without an alternative indication (e.g. ., entry from an accelerometer, visual confirmation of
25 an unauthorized person, based on the inspection of an image obtained using a camera, confirmation of an operator at a central monitoring station that the sound corresponds to an attempt to obtain unauthorized physical access, etc.).
In 410, a security action can be implemented based on a non-access
30 authorized. A wide variety of security actions can be implemented. For example, according to some embodiments, a firewall may be configured to block upstream communications, originating from a communication device located in an enclosure that has been subject to unauthorized access. According to other embodiments, communications for a communication device located in a
35 enclosure that has been subject to unauthorized access may be indicated as unreliable. In one embodiment, the security action may include activating output contacts, based
P201590028
04-10-2015
to the detection of unauthorized access. For example, the output contacts can activate a light, a siren or even a camera. A camera activated as part of a security action can also be configured to transmit a video stream or still images to a central monitoring station. According to some embodiments, the
5 security action may include preventing engineering access or administrator level access to the IED.
In 412, procedure 400 can determine whether or not the issue of unauthorized access has been resolved. The resolution of unauthorized access can be achieved by dispatching
10 service personnel to inspect the enclosure, perform diagnostic tests, review video or images from the camera, or restrict configuration changes associated with equipment located in the enclosure. Upon determination that the issue of unauthorized access has been resolved, procedure 400 may return to 404 and wait for the detection of other signals indicating unauthorized physical access.
15 While specific embodiments and applications of the disclosure have been illustrated and described, it should be understood that the disclosure is not limited to the precise configuration and components disclosed herein. Various modifications, changes and variations, evident to those skilled in the art, can be made in the
20 provision, operation and details of the procedures and systems of the disclosure, without departing from the spirit and scope of the disclosure.
25

权利要求:
Claims (29)
[1]

one. A communication device configured to provide a communication path to an intelligent electronic device (IED), and configured to detect and remedy unauthorized access, the communication device comprising: an IED communications port, configured to communicate with an IED ; a network port configured to transmit information received from the IED through a network, and to transmit information received from the network to the IED; and control logic in communication with the IED communications port and the network port, the control logic being configured to: receive an intrusion detection signal; determining that the intrusion detection signal is indicative of an attempt to gain unauthorized access to one between the communication device, the IED and a device in communication with the communication device; and take a security action based on the determination that the intrusion detection signal is indicative of the attempt to obtain unauthorized access.
[2]
2. The communication device of claim 1, wherein the control logic is additionally configured to generate a reference line, representative of the communication in one between the network port and the IED communications port, and the detection signal Intrusion includes a communication divergence, with respect to the reference line, in one between the network port and the communication port of the IED.
[3]
3. The communication device of claim 2, wherein the control logic is further configured to receive the intrusion detection signal, wherein said signal comprises a communication originating in one between an unauthorized machine access control address, a Unauthorized address of the Internet protocol, an unauthorized port and an unauthorized peripheral device.
[4]
Four. The communication device of claim 1, further comprising a physical intrusion detection port; and wherein the intrusion detection signal comprises a physical intrusion detection signal that includes an output of at least one between a door sensor and a light sensor.
[5]
5. The communication device of claim 1, further comprising:

a physical intrusion detection port; and a microphone in communication with the physical intrusion detection port; in which the control logic is additionally configured to differentiate the sounds received by the microphone, corresponding to unauthorized access, from the sounds corresponding to a natural phenomenon and to environmental conditions.
[6]
6. The communication device of claim 1, further comprising: a physical intrusion detection port; and a microphone in communication with the physical intrusion detection port; in which the control logic is additionally configured to: transmit a sound received by the microphone to a central monitoring station, through the network port, and receive, via the network port, an indication from the central monitoring station, as soon as that the sound received by the microphone is indicative of unauthorized access.
[7]
7. The communication device of claim 1, further comprising: a physical intrusion detection port; and an accelerometer in communication with the physical intrusion detection port, the accelerometer being configured to detect an acceleration, in which the control logic is additionally configured to: differentiate between an acceleration corresponding to an unauthorized access of an acceleration corresponding to a natural phenomenon, and an acceleration corresponding to an environmental condition.
[8]
8. The communication device of claim 7, wherein the control logic is additionally configured to communicate to a central monitoring station information regarding the environmental condition, to allow the central monitoring station to implement a control strategy in response to the environmental condition
[9]
9. The communication device of claim 1, further comprising: a camera in communication with the control logic; in which the control logic is additionally configured to transmit images captured by the camera to a central monitoring station, by means of the

network port, based on the determination that the intrusion detection signal is indicative of the attempt to obtain unauthorized access.
[10]
10. The communication device of claim 1, wherein the control logic is further configured to temporarily suspend the security action upon receipt of a prevailing supervision order.
[11]
eleven. The communication device of claim 1, wherein the security action comprises automatically assigning a high security profile to the communication device
[12]
12. The communication device of claim 1, wherein the control logic is additionally configured to undertake the security action, wherein said action comprises alerting a supervisory control system and data acquisition regarding the attempt to obtain unauthorized access .
[13]
13. The communication device of claim 1, wherein the control logic is additionally configured to undertake the security action, wherein said action comprises alerting upstream network devices as to the attempt to obtain unauthorized access.
[14]
14. The communication device of claim 13, wherein alerting upstream network devices comprises that the control logic is further configured to invoke a network access control protocol.
[15]
fifteen. The communication device of claim 1, wherein the control logic is additionally configured to undertake the security action, wherein said action comprises activating a security device.
[16]
16. The communication device of claim 1, wherein the control logic is further configured to temporarily disable the security action for authorized access.
[17]
17. The communication device of claim 1, wherein the control logic is additionally configured to receive a second indication that is indicative of the attempt to obtain unauthorized access, before undertaking the action of

security.
[18]
18. The communication device of claim 17, wherein the control logic is additionally configured to generate a reference line, representative of the communication in one between the network port and the communication port of the IED, and the second indication comprises a communication divergence, with respect to the reference line, in one between the network port and the communication port of the IED.
[19]
19. The communication device of claim 17, wherein the control logic is further configured to receive the intrusion detection signal based on the input received from a first sensor component, and to receive the second indication based on the input received from a second sensor component.
[20]
twenty. The communication device of claim 19, wherein the control logic is additionally configured to receive the second indication via the network port from a remote device in communication with the network.
[21]
twenty-one. A procedure to detect and remedy unauthorized access to equipment associated with an electrical power supply system, contained in an enclosure, the procedure comprising: communicating information with an IED through an IED communications port; transmit information, received from the IED, to a network, through a network port; transmit to the IED information received from the network; receive an intrusion detection signal; determining that the intrusion detection signal is indicative of an attempt to gain unauthorized access to one between a communication device and a device in communication with the communication device; and take a security action based on the determination that the intrusion detection signal is indicative of the attempt to obtain unauthorized access.
[22]
22 The method of claim 21, further comprising: generating a reference line, representative of the communication in one between the network port and the communication port of the IED; wherein the intrusion detection signal comprises a communication divergence, with respect to the reference line, in one between the network port and the

IED communications port.
[23]
2. 3. The method of claim 21, wherein the security action comprises automatically assigning a high security profile to the communication device.
[24]
24. The method of claim 21, wherein the security action comprises alerting a supervisory control system and data acquisition regarding the attempt to obtain unauthorized access.
[25]
25. The method of claim 21, wherein the security action comprises alerting the upstream network devices as to the attempt to obtain unauthorized access.
[26]
26. The method of claim 21, wherein the security action comprises activating a security device.
[27]
27. The method of claim 21, further comprising: receiving a second indication that is indicative of the attempt to obtain unauthorized access, before undertaking the security action.
[28]
28. The method of claim 27, further comprising: generating a reference line, representative of the communication in one between the network port and the communication port of the IED, and the second indication comprises a communication divergence, with respect to the reference line, in one between the network port and the IED communications port.
[29]
29. An intelligent electronic device (IED) configured to detect and remedy unauthorized access, comprising the IED: a communication port of the IED, configured to communicate with monitored equipment in electrical communication with an electrical power supply system; a network port configured to transmit information received from the monitored equipment, via a network, and to transmit information received from the network to the monitored equipment; and control logic in communication with the IED communications port and the network port, configured to:

receive an intrusion detection signal; determine that the physical intrusion detection signal is indicative of an attempt to gain unauthorized access to one between the IED and a device in communication with the IED; and take a security action based on the determination that the indication is indicative of the attempt to obtain unauthorized access.

类似技术:

公开号 | 公开日 | 专利标题

ES2550501B1|2016-11-29|Detection and response to unauthorized access to a communication device

US10582385B2|2020-03-03|Secure beacon-based location systems and methods

Grochocki et al.2012|AMI threats, intrusion detection requirements and deployment recommendations

ES2682819T3|2018-09-21|Automatic generation systems for forecasting data reports from wireless sensors connected in mesh in a cloud computing

ES2532771T3|2015-03-31|Procedure and device for providing a cryptographic key for a field device

Yang et al.2013|Intrusion detection system for network security in synchrophasor systems

US20120056711A1|2012-03-08|Network-enabled valve management system

EP1506637A2|2005-02-16|Method and system for wireless intrusion detection

ES2538014A2|2015-06-16|Manipulation resilient time distribution network

ES2616076T3|2017-06-09|Procedure for secure key management against manipulations

Xie et al.2016|Physical and cyber security in a smart grid environment

Khan et al.2017|Model based intrusion detection system for synchrophasor applications in smart grid

Coppolino et al.2011|Integration of a System for Critical Infrastructure Protection with the OSSIM SIEM Platform: A dam case study

KR101838516B1|2018-03-14|Smart fire outbreak inform system for local power plants

Zhou et al.2012|A survey of research on smart grid security

US20180171665A1|2018-06-21|Anti-tampering re-usable seal device

Alsiherov et al.2010|Research trend on secure SCADA network technology and methods

Lakhoua2017|Review on scada cybersecurity for critical infrastructures

CN107332864A|2017-11-07|Electric substation automation system orientation contract network attack guarding method based on global synchronous clock differential management

EP3189505B1|2020-02-26|Schema to reduce rf traffic and increase the network capacity for large wireless gas sensor networks

US9449479B2|2016-09-20|Security system

Durrani et al.2013|Design and development of wireless RTU and cybersecurity framework for SCADA system

Wei et al.2014|Research on information security testing technology for smart Substations

Tan2017|Wireless Control of Anti-Theft Solar Photovoltaic Module

CN216061820U|2022-03-18|Safety encrypted fire hydrant system

同族专利:

公开号 | 公开日

CA2885182A1|2014-04-17|

ES2550501R1|2016-02-24|

WO2014058699A1|2014-04-17|

MX2015002627A|2015-06-23|

US9130945B2|2015-09-08|

ES2550501B1|2016-11-29|

US20140109182A1|2014-04-17|

AU2013329593A1|2015-04-09|

BR112015007828A2|2017-07-04|

引用文献:

公开号 | 申请日 | 公开日 | 申请人 | 专利标题

US4754482A|1985-11-26|1988-06-28|Samco Investment Company|Method and apparatus for synchronizing encrypting and decrypting systems|

US5054068A|1990-05-07|1991-10-01|Motorola, Inc.|Trunked radio communication system having encrypted system control information|

US5557254A|1993-11-16|1996-09-17|Mobile Security Communications, Inc.|Programmable vehicle monitoring and security system having multiple access verification devices|

US5758257A|1994-11-29|1998-05-26|Herz; Frederick|System and method for scheduling broadcast of and access to video programs and other data using customer profiles|

US6571279B1|1997-12-05|2003-05-27|Pinpoint Incorporated|Location enhanced information delivery system|

US7188003B2|1994-12-30|2007-03-06|Power Measurement Ltd.|System and method for securing energy management systems|

US6792337B2|1994-12-30|2004-09-14|Power Measurement Ltd.|Method and system for master slave protocol communication in an intelligent electronic device|

US7127328B2|1994-12-30|2006-10-24|Power Measurement Ltd.|System and method for federated security in an energy management system|

US7216043B2|1997-02-12|2007-05-08|Power Measurement Ltd.|Push communications architecture for intelligent electronic devices|

NL1000669C2|1995-06-26|1996-12-31|Nederland Ptt|Method and devices for transferring data with control for transmission errors.|

DE19530729A1|1995-08-18|1997-02-20|Kiekert Ag|Monitoring inner space of motor vehicle|

US7457415B2|1998-08-20|2008-11-25|Akikaze Technologies, Llc|Secure information distribution system utilizing information segment scrambling|

US20030147420A1|1999-01-25|2003-08-07|Beckwith Robert W.|Wireless communications hub with protocol conversion|

US6691280B1|1999-03-08|2004-02-10|Fisher-Rosemount Systems, Inc.|Use of uniform resource locators in process control system documentation|

CA2274572C|1999-06-07|2006-10-03|Strategic Vista International Inc.|Security alarm system|

US20010052072A1|2000-01-25|2001-12-13|Stefan Jung|Encryption of payload on narrow-band IP links|

US7574740B1|2000-04-28|2009-08-11|International Business Machines Corporation|Method and system for intrusion detection in a computer network|

FI112308B|2000-09-14|2003-11-14|Nokia Corp|Sharing protocol processing|

JP3724399B2|2001-01-23|2005-12-07|株式会社日立製作所|Pseudorandom number generator or encryption / decryption processing device using the same|

US7076797B2|2001-10-05|2006-07-11|Microsoft Corporation|Granular authorization for network user sessions|

US7750814B2|2003-01-24|2010-07-06|Shotspotter, Inc.|Highly portable system for acoustic event detection|

US7415725B2|2002-08-29|2008-08-19|Power Measurement Ltd.|Multi-function intelligent electronic device with secure access|

ES2291707T3|2002-10-02|2008-03-01|COMBUSTION SCIENCE & ENGINEERING, INC.|METHOD AND APPLIANCE TO INDICATE THE ACTIVATION OF AN ALARM OF A SMOKE DETECTOR.|

KR100933167B1|2002-10-02|2009-12-21|삼성전자주식회사|Transmission Method for Authentication and Privacy Guarantee in Tree-structured Networks|

US7460536B1|2003-03-17|2008-12-02|Network Equipment Technologies|User and session identification based on connections, protocols and protocol fields|

US7644290B2|2003-03-31|2010-01-05|Power Measurement Ltd.|System and method for seal tamper detection for intelligent electronic devices|

US20050005093A1|2003-07-01|2005-01-06|Andrew Bartels|Methods, systems and devices for securing supervisory control and data acquisition communications|

WO2005004432A1|2003-07-03|2005-01-13|Siemens Aktiengesellschaft|Method for controlling data circuits|

JP2005130028A|2003-10-21|2005-05-19|Yazaki Corp|Encryption key, and encryption apparatus and decryption apparatus using the same|

US7389357B2|2004-01-20|2008-06-17|Cisco Technology, Inc.|Arrangement in an IP node for preserving security-based sequences by ordering IP packets according to quality of service requirements prior to encryption|

US7823199B1|2004-02-06|2010-10-26|Extreme Networks|Method and system for detecting and preventing access intrusion in a network|

US7218226B2|2004-03-01|2007-05-15|Apple Inc.|Acceleration-based theft detection system for portable electronic devices|

AT423999T|2004-06-25|2009-03-15|Accenture Global Services Gmbh|SINGLE SIGN-ON WITH ORDINARY ACCESS CARD|

EP2744175B1|2004-07-23|2018-09-05|Citrix Systems, Inc.|Systems and methods for optimizing communications between network nodes|

US7609719B2|2004-10-12|2009-10-27|Electro Industries/Gauge Tech|System and method for simultaneous communication on modbus and DNP 3.0 over Ethernet for electronic power meter|

US7508190B2|2004-10-20|2009-03-24|Electro Industries/Gauge Tech.|Test pulses for enabling revenue testable panel meters|

US7616656B2|2004-10-20|2009-11-10|Electron Industries / Gauge Tech|System and method for providing communication between intelligent electronic devices via an open channel|

US7304586B2|2004-10-20|2007-12-04|Electro Industries / Gauge Tech|On-line web accessed energy meter|

US7721321B2|2004-12-04|2010-05-18|Schweitzer Engineering Laboratories, Inc.|Method and apparatus for reducing communication system downtime when configuring a cryptographic system of the communication system|

US7680273B2|2004-12-08|2010-03-16|Schweitzer Engineering Laboratories, Inc.|System and method for optimizing error detection to detect unauthorized modification of transmitted data|

US7453267B2|2005-01-14|2008-11-18|Power Measurement Ltd.|Branch circuit monitor system|

US7540022B2|2005-06-30|2009-05-26|Nokia Corporation|Using one-time passwords with single sign-on authentication|

US7554320B2|2005-10-28|2009-06-30|Electro Industries/Gauge Tech.|Intelligent electronic device for providing broadband internet access|

US7895644B1|2005-12-02|2011-02-22|Symantec Operating Corporation|Method and apparatus for accessing computers in a distributed computing environment|

US7958544B2|2006-07-21|2011-06-07|Google Inc.|Device authentication|

US7843897B2|2006-10-30|2010-11-30|Schweitzer Engineering Laboratories, Inc.|System, apparatus and method for mixed mode communication on a single network|

US7870595B2|2006-12-28|2011-01-11|General Electric Company|Apparatus, methods, and system for role-based access in an intelligent electronic device|

US7950051B1|2007-01-30|2011-05-24|Sprint Communications Company L.P.|Password management for a communication network|

US8155326B2|2007-10-09|2012-04-10|Schweitzer Engineering Laboratories, Inc.|System, method, and apparatus for using the sound signature of a device to determine its operability|

US7831702B2|2008-09-30|2010-11-09|Jeffrey Wayne Johnson|Plug and play energy efficiency solution and automatic data-push method for same|

US8272049B2|2009-01-15|2012-09-18|Hewlett-Packard Development Company, L.P.|Multi-domain computer password management|

US20100325687A1|2009-06-22|2010-12-23|Iverson Gyle T|Systems and Methods for Custom Device Automatic Password Management|

US8665061B2|2009-08-05|2014-03-04|Electro Industries/Gauge Tech|Intelligent electronic device having user-authenticating capabilities|

WO2011073241A1|2009-12-15|2011-06-23|Eyasi Trading Group Lc|Method and system for detecting intrusion|

US8677464B2|2011-06-22|2014-03-18|Schweitzer Engineering Laboratories Inc.|Systems and methods for managing secure communication sessions with remote devices|US9686169B2|2012-07-02|2017-06-20|Ixia|Real-time highly accurate network latency measurement with low generated traffic or data requirements|

EP2972877B1|2013-03-15|2021-06-16|Power Fingerprinting Inc.|Systems, methods, and apparatus to enhance the integrity assessment when using power fingerprinting systems for computer-based systems|

WO2014145539A2|2013-03-15|2014-09-18|Stephen Sohn|Method and system for protective distribution systemand infrastructure protection and management|

US10652253B2|2013-03-15|2020-05-12|CyberSecure IPS, LLC|Cable assembly having jacket channels for LEDs|

US9548993B2|2013-08-28|2017-01-17|Verizon Patent And Licensing Inc.|Automated security gateway|

US9864864B2|2014-09-23|2018-01-09|Accenture Global Services Limited|Industrial security agent platform|

CN104318028A|2014-10-29|2015-01-28|国电南瑞科技股份有限公司|Data description method for primary equipment of transformer substation|

CN104331552A|2014-10-29|2015-02-04|国电南瑞科技股份有限公司|Data description method of transformer substation secondary device|

RO131470A2|2015-04-10|2016-10-28|Ixia, A California Corporation|Methods, systems and computer-readable media for one-way link delay measurement|

US9736804B2|2015-04-16|2017-08-15|Ixia|Methods, systems, and computer readable media for synchronizing timing among network interface cardsin a network equipment test device|

US10019333B2|2015-04-16|2018-07-10|Keysight Technologies SingaporePte. Ltd.|Methods, systems, and computer readable media for emulating network devices with different clocks|

RO131471A2|2015-04-21|2016-10-28|Ixia, A California Corporation|Methods, systems and computer-readable media for testing quality of recovered clock|

US9813226B2|2015-08-05|2017-11-07|Ixia|Modeling a clock|

US9800595B2|2015-09-21|2017-10-24|Ixia|Methods, systems, and computer readable media for detecting physical link intrusions|

US10375106B1|2016-01-13|2019-08-06|National Technology & Engineering Solutions Of Sandia, Llc|Backplane filtering and firewalls|

US10006672B2|2016-07-19|2018-06-26|Haier Us Appliance Solutions, Inc.|Linearly-actuated magnetocaloric heat pump|

US10530749B1|2016-10-24|2020-01-07|Mission Secure, Inc.|Security system, device, and method for operational technology networks|

US11153277B2|2016-10-24|2021-10-19|Mission Secure, Inc.|Security system, device, and method for internet of things networks|

US10581877B2|2017-03-24|2020-03-03|Honeywell International Inc.|Non-contact cybersecurity monitoring device|

US10609054B2|2017-04-07|2020-03-31|Keysight Technologies SingaporePte. Ltd.|Methods, systems, and computer readable media for monitoring, adjusting, and utilizing latency associated with accessing distributed computing resources|

US10425321B2|2017-04-25|2019-09-24|Keysight Technologies SingaporePte. Ltd.|Methods, systems, and computer readable media for testing time sensitive networkelements|

US10514721B2|2017-05-08|2019-12-24|International Business Machines Corporation|Validation of clock to provide security for time locked data|

US10514859B2|2017-05-08|2019-12-24|International Business Machines Corporation|Reduction of processing overhead for point in time copy to allow access to time locked data|

US10489080B2|2017-05-08|2019-11-26|International Business Machines Corporation|Point in time copy of time locked data in a storage controller|

US10528435B2|2017-05-08|2020-01-07|International Business Machines Corporation|Performance efficient time locks on data in a storage controller|

US20190132145A1|2017-06-13|2019-05-02|SynCells, Inc.|Energy virtualization layer with a universal smart gateway|

US11271766B2|2017-06-13|2022-03-08|SynCells, Inc.|Energy virtualization layer with a universal smart gateway|

US10540736B2|2017-08-03|2020-01-21|Texas Instruments Incorporated|Display sub-system sharing for heterogeneous systems|

US10887107B1|2017-10-05|2021-01-05|National Technology & Engineering Solutions Of Sandia, Llc|Proof-of-work for securing IoT and autonomous systems|

US10581684B2|2017-12-06|2020-03-03|Schweitzer Engineering Laboratories, Inc.|Network management via a secondary communication channel in a software defined network|

US10812392B2|2018-03-05|2020-10-20|Schweitzer Engineering Laboratories, Inc.|Event-based flow control in software-defined networks|

US10560390B2|2018-03-05|2020-02-11|Schweitzer Engineering Laboratories, Inc.|Time-based network operation profiles in a software-defined network|

US10756956B2|2018-03-05|2020-08-25|Schweitzer Engineering Laboratories, Inc.|Trigger alarm actions and alarm-triggered network flows in software-defined networks|

US10965392B2|2019-01-25|2021-03-30|Keysight Technologies, Inc.|Active network tap supporting time sensitive networkstandards|

US11201759B1|2020-07-08|2021-12-14|Schweitzer Engineering Laboratories, Inc.|Reconfigurable dual-ring network redundancy|

法律状态:
2016-11-29| FG2A| Definitive protection|Ref document number: 2550501 Country of ref document: ES Kind code of ref document: B1 Effective date: 20161129 |

2017-06-09| FA2A| Application withdrawn|Effective date: 20170605 |

优先权:

申请号 | 申请日 | 专利标题

US201261713391P| true| 2012-10-12|2012-10-12|

US61/713,391|2012-10-12|

US13/829,047|US9130945B2|2012-10-12|2013-03-14|Detection and response to unauthorized access to a communication device|

US13/829,047|2013-03-14|

PCT/US2013/063202|WO2014058699A1|2012-10-12|2013-10-03|Detection and response to unauthorized access to a communication device|

[返回顶部]