WO2014091337A1 - A system and a method for registration of devices in a plant - Google Patents

A system and a method for registration of devices in a plant Download PDF

Info

Publication number
WO2014091337A1
WO2014091337A1 PCT/IB2013/060275 IB2013060275W WO2014091337A1 WO 2014091337 A1 WO2014091337 A1 WO 2014091337A1 IB 2013060275 W IB2013060275 W IB 2013060275W WO 2014091337 A1 WO2014091337 A1 WO 2014091337A1
Authority
WO
WIPO (PCT)
Prior art keywords
registration data
devices
secure
engineering tool
registration
Prior art date
Application number
PCT/IB2013/060275
Other languages
French (fr)
Inventor
Arijit Kumar BOSE
Fernando Alvarez
Mallikarjun Kande
Sanjeev KOUL
Original Assignee
Abb Research Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Abb Research Ltd filed Critical Abb Research Ltd
Publication of WO2014091337A1 publication Critical patent/WO2014091337A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/006Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving public key infrastructure [PKI] trust models
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S40/00Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
    • Y04S40/20Information technology specific aspects, e.g. CAD, simulation, modelling, system security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention relates to a system for registration of devices. The system of the invention has one or more devices for registration in a network, and an engineering tool for providing one or more secure registration data required for registering the devices securely. The system also has a certification module for validating the one or more secure registration data and registering the one or more devices. The invention also relates to a method for registration of devices by the system of the invention.

Description

A SYSTEM AND A METHOD FOR REGISTRATION OF DEVICES IN A
PLANT
FIELD OF THE INVENTION
The invention relates to registration of devices in a plant, and more particularly to registration of devices securely and efficiently.
BACKGROUND
Generally, devices are deployed in a plant to perform its intended function along with other such devices and the like. These devices finds typical deployment in a plant that includes but not limited to substation, process plant or industry and so on, to contribute towards the operation of such plant meeting its objectives.
The deployment of devices in a plant is effected by registering the devices in the plant network through the certification module, with the registration data corresponding to that particular device. Registering the devices is done individually or separately for each and every devices that are required to be deployed in the plant network. In this context, the credentials of the devices are verified by the registration module having the registration data stored therein and located outside the certification module, based on the request from the certification module. The verification is performed based on certain information such as the serial number of that particular device contained in the registration data or the hash content of the registration data or the like.
Considering the above, it can be noted that the registration of devices in a plant is not secured enough to reduce or eliminate the threat of the security and integrity of the plant network being compromised with the malicious devices getting registered in the place of the genuine devices.
Also, since the registering the devices is performed individually by the personnel, and involving the verification on singular basis, the registering of the devices in the pant network becomes time consuming and less efficient besides being error prone and less secured.
Therefore, there is a need for an invention that provides a solution for registering the devices in the plant network more securely and efficiently. OBJECTS OF THE INVENTION
It is an object of the invention to provide a system for registering the devices more securely.
It is another object of the invention to provide a system for registering the devices automatically and efficiently.
Yet another object of the invention is to provide a method for registering the devices more securely, automatically and efficiently by the system of the invention.
SUMMARY OF THE INVENTION
Accordingly the invention provides a system for registration of devices. The system of the invention has one or more devices for registration in a network, and an engineering tool for providing one or more secure registration data required for registering the devices securely. The system also has a certification module for validating the one or more secure registration data and registering the one or more devices.
Accordingly the invention also provides a method for registration of devices by the system of the invention. The method of the invention comprises the steps of administering one or more registration data in relation to registering one or more devices by an engineering tool to provide one or more secure registration data; handling the one or more secure registration data and of the user by a certification module; and registering the one or more devices based on the one or more secure registration data.
BRIEF DESCRIPTION OF THE DRAWINGS
With reference to the accompanying drawings in which: Fig. 1 shows a system for secure registration of devices; and Fig. 2 illustrates the method for registration of devices securely. DETAILED DESCRIPTION
The invention is further described with reference to non-exhaustive exemplary embodiments through Figs. 1 and 2. In Figs 1 and 2, the system and method for secure registration of devices is illustrated. The system (100) for secure registration of devices has device(s) that needs to be registered and brought into the network. The network in this context includes but not limited to the network having devices integrated or connected therein or the like, in the substation or process plant or process industry or so.
The process of registration of devices is initiated by a user having authorized access to the engineering tool (102). The engineering tool (102) generates or creates registration data (201) pertaining to a particular devices or several such devices and stores in it. The generated registration data is encrypted (202) using a public key by the engineering tool (102) to provide an encrypted registration data. The encrypted registration data is digitally signed (203) using a private key of the engineering tool (102) to provide a digitally signed encrypted registration data, by the engineering tool (102). Engineering tool (102) appends its public key (204) to the digitally signed encrypted registration data to provide a secure registration data. The steps involved herein in relation to creating registration data (201), encrypting registration data (202) to provide encrypted registration data, digitally signing the encrypted registration data (203) to provide digitally signed encrypted registration data and appending public key of the engineering tool to the digitally signed encrypted registration data (204) to provide secure registration data can be collectively referred to herein as administering the registration data. The private and the public keys referred here above are the keys that are used to provide security to the registration data and of its authenticity.
With the secure registration data, the process of registering the device(s) pertaining or corresponding to such registration data (205) is initiated in the certification module (103). The authenticity or credentials of the user initiating such registration of devices is verified before proceeding further (206). Upon successful verification and validity of the user been established, the validity of the secure registration data is verified (207) by the certification module (103) as against the public key used therein on the digitally signed encrypted data in the secure registration data. On having the valid secure registration data, the secure registration data is decrypted (208) by the certification module (103) to obtain the registration data required for registering the device(s). With the registration data so obtained from the secure registration data after performing decryption, the certification module (103) proceeds to register the device(s) (209), thereby allowing such devices to enter into the network. The steps of validating the authenticity or credentials of the secure registration data (207) and the decryption of the secure registration data (208) by the certification module (103) can be collectively referred herein as handling the secure registration data.
From the above it can be clearly understood that the registration of the device(s) using the secure registration data obtained from this invention is performed more securely thereby reducing or eliminating the threats of the security being compromised by the malicious registration data or of the devices thereof. Besides this no human intervention is required to achieve the security provided herein. Also, this eliminates or reduces the manual checking for the authenticity and integrity of the device registration data especially when registering at the Certification module (103). No security officer is required at every stages of this registration process for security.
The secure registration data is generated at the engineering tool (102) in the form of a script such as XML script or the like. Likewise, the registration data is also made available in the form of a script such as XML script or the like. The script contains the secure registration data for every devices. At Certification module (103), the script is run and the certification module (103) registers all the devices with their secure registration data as contained in the script. In addition to the above, the registration of one or more devices can be performed together or concurrently, and automatically eliminating or reducing the intervention of the user or personnel meant for this purpose. Also, the cumbersome process of registering the devices individually as existing in the current practice is eliminated. This improves the reliability of the system and of the process of registering the devices, and of the efficiency thereof.
The system and method described herein in the invention is not limited to the applications relating to substation, process plant or process industry but can be coextensively applied to the applications involving devices and of its registration thereof.
Only certain features of the invention have been specifically illustrated and described herein, and many modifications and changes will occur to those skilled in the art. The invention is not restricted by the preferred embodiment described herein in the description. It is to be noted that the invention is explained by way of exemplary embodiment and is neither exhaustive nor limiting. Certain aspects of the invention that not been elaborated herein in the description are well understood by one skilled in the art. Also, the terms relating to singular form used herein in the description also include its plurality and vice versa, wherever applicable. Any relevant modification or variation, which is not described specifically in the specification are in fact to be construed of being well within the scope of the invention. The appended claims are intended to cover all such modifications and changes which fall within the spirit of the invention.
Thus, it will be appreciated by those skilled in the art that the present invention can be embodied in other specific forms without departing from the spirit or essential characteristics thereof. The presently disclosed embodiments are therefore considered in all respects to be illustrative and not restricted. The scope of the invention is indicated by the appended claims rather than the foregoing description and all changes that come within the meaning and range and equivalence thereof are intended to be embraced therein.

Claims

WE CLAIM:
1. A system for registration of devices comprising:
one or more devices for registration in a network; wherein the said system comprises
an engineering tool for providing one or more secure registration data required for registering the said one or more devices securely; and
a certification module for validating the said one or more secure registration data and registering the said one or more devices.
2. The system as claimed in claim 1, wherein the said engineering tool is provided for generating and storing therein the credentials of the said one or more devices.
3. The system as claimed in claim 1, wherein the said engineering tool is provided for encrypting the registration data with a public key to provide encrypted registration data.
4. The system as claimed in claim 1, wherein the said engineering tool is provided for digitally signing the said encrypted registration data to provide digitally signed registration data.
5. The system as claimed in claim 1, wherein the said engineering tool is provided for appending a public key to the said digitally signed registration data.
6. The system as claimed in claim 1, 4 or 5, wherein the said certification module is provided for decrypting the said encrypted and digitally signed registration data.
7. The system as claimed in claim 1, wherein the said network includes network of devices in a substation or process plant or process industry or the like.
8. A method for registration of devices by the system as claimed in any one of the preceding claims, wherein the said method comprising the steps of:
administering one or more registration data in relation to registering one or more devices by an engineering tool to provide one or more secure registration data; handling the said one or more secure registration data and of the user by a certification module; and
registering the said one or more devices based on the said one or more secure registration data.
9. The method as claimed in claim 8, wherein administering one or more registration data includes generating the said one or more registration data corresponding to one or more devices by the said engineering tool in the form of a script or the like, initiated by a user and of the authentication of the said user by the said engineering tool thereof.
10. The method as claimed in claim 8, wherein administering one or more registration data includes encrypting the said registration data with a public key by the said engineering tool to provide encrypted registration data.
11. The method as claimed in claim 8 or 10, wherein administering one or more registration data includes digitally signing the said encrypted registration data by the said engineering tool to provide digitally signed registration data.
12. The method as claimed in claim 8, 10 or 11, wherein administering one or more registration data includes appending a public key to the said digitally signed registration data.
13. The method as claimed in claim 8, wherein handling the said one or more secure registration data includes validating the said one or more secure registration data.
14. The method as claimed in claim 8 or 13, wherein handling the said one or more secure registration data includes decrypting the said secure registration data to provide decrypted secure registration data in the form of a script or the like..
15. The method as claimed in claim 8 or 14, wherein registering the said one or more devices includes registering the credentials of the said one or more devices purported by the corresponding said one or more secure registration data.
PCT/IB2013/060275 2012-12-13 2013-11-20 A system and a method for registration of devices in a plant WO2014091337A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
IN5194/CHE/2012 2012-12-13
IN5194CH2012 2012-12-13

Publications (1)

Publication Number Publication Date
WO2014091337A1 true WO2014091337A1 (en) 2014-06-19

Family

ID=49765614

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2013/060275 WO2014091337A1 (en) 2012-12-13 2013-11-20 A system and a method for registration of devices in a plant

Country Status (1)

Country Link
WO (1) WO2014091337A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105653912A (en) * 2014-11-13 2016-06-08 阿里巴巴集团控股有限公司 Method and device for identifying bulk registration behavior

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030135735A1 (en) * 2002-01-14 2003-07-17 Richard Marejka Self-monitoring and trending service system with a cascaded pipeline with enhanced authentication and registration
US20110158411A1 (en) * 2009-12-29 2011-06-30 General Instrument Corporation Registering client devices with a registration server
US20110161660A1 (en) * 2009-12-29 2011-06-30 General Instrument Corporation Temporary registration of devices

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030135735A1 (en) * 2002-01-14 2003-07-17 Richard Marejka Self-monitoring and trending service system with a cascaded pipeline with enhanced authentication and registration
US20110158411A1 (en) * 2009-12-29 2011-06-30 General Instrument Corporation Registering client devices with a registration server
US20110161660A1 (en) * 2009-12-29 2011-06-30 General Instrument Corporation Temporary registration of devices

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105653912A (en) * 2014-11-13 2016-06-08 阿里巴巴集团控股有限公司 Method and device for identifying bulk registration behavior
CN105653912B (en) * 2014-11-13 2018-06-01 阿里巴巴集团控股有限公司 A kind of method and device for identifying batch registration behavior

Similar Documents

Publication Publication Date Title
US9276752B2 (en) System and method for secure software update
CN101005361B (en) Server and software protection method and system
JP2016515235A5 (en)
CN107493273A (en) Identity identifying method, system and computer-readable recording medium
CN104639506B (en) Method, system and the terminal for carrying out management and control are installed to application program
US20090006852A1 (en) Method and Apparatus for Securing Unlock Password Generation and Distribution
US9940446B2 (en) Anti-piracy protection for software
CN103095456A (en) Method and system for processing transaction messages
CN109728913B (en) Equipment validity verification method, related equipment and system
CA2969332C (en) A method and device for authentication
JP2020530726A (en) NFC tag authentication to remote servers with applications that protect supply chain asset management
CN104636680A (en) Verification of authenticity of a maintenance means and provision and obtainment of a license key for use therein
CN103475477A (en) Safe authorized access method
CN103701787A (en) User name password authentication method implemented on basis of public key algorithm
US20190026458A1 (en) Remote processing of credential requests
US10091189B2 (en) Secured data channel authentication implying a shared secret
CN111800276B (en) Service processing method and device
CN102270285B (en) Key authorization information management method and device
AU2020220129B2 (en) Method of enrolling a device into a pki domain for certificate management using factory key provisioning
US7853793B2 (en) Trusted signature with key access permissions
EP2827540A1 (en) Method, device, and system for authentication
KR20130100032A (en) Method for distributting smartphone application by using code-signing scheme
WO2014091337A1 (en) A system and a method for registration of devices in a plant
CN114154176A (en) Information query method based on block chain
JP2011113157A (en) Authentication system, authentication method, and program

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13805595

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 13805595

Country of ref document: EP

Kind code of ref document: A1