WO2014091337A1 - A system and a method for registration of devices in a plant - Google Patents
A system and a method for registration of devices in a plant Download PDFInfo
- Publication number
- WO2014091337A1 WO2014091337A1 PCT/IB2013/060275 IB2013060275W WO2014091337A1 WO 2014091337 A1 WO2014091337 A1 WO 2014091337A1 IB 2013060275 W IB2013060275 W IB 2013060275W WO 2014091337 A1 WO2014091337 A1 WO 2014091337A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- registration data
- devices
- secure
- engineering tool
- registration
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/006—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving public key infrastructure [PKI] trust models
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y04—INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
- Y04S—SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
- Y04S40/00—Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
- Y04S40/20—Information technology specific aspects, e.g. CAD, simulation, modelling, system security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention relates to a system for registration of devices. The system of the invention has one or more devices for registration in a network, and an engineering tool for providing one or more secure registration data required for registering the devices securely. The system also has a certification module for validating the one or more secure registration data and registering the one or more devices. The invention also relates to a method for registration of devices by the system of the invention.
Description
A SYSTEM AND A METHOD FOR REGISTRATION OF DEVICES IN A
PLANT
FIELD OF THE INVENTION
The invention relates to registration of devices in a plant, and more particularly to registration of devices securely and efficiently.
BACKGROUND
Generally, devices are deployed in a plant to perform its intended function along with other such devices and the like. These devices finds typical deployment in a plant that includes but not limited to substation, process plant or industry and so on, to contribute towards the operation of such plant meeting its objectives.
The deployment of devices in a plant is effected by registering the devices in the plant network through the certification module, with the registration data corresponding to that particular device. Registering the devices is done individually or separately for each and every devices that are required to be deployed in the plant network. In this context, the credentials of the devices are verified by the registration module having the registration data stored therein and located outside the certification module, based on the request from the certification module. The verification is performed based on certain information such as the serial number of that particular device contained in the registration data or the hash content of the registration data or the like.
Considering the above, it can be noted that the registration of devices in a plant is not secured enough to reduce or eliminate the threat of the security and integrity of the plant network being compromised with the malicious devices getting registered in the place of the genuine devices.
Also, since the registering the devices is performed individually by the personnel, and involving the verification on singular basis, the registering of the devices in the pant network becomes time consuming and less efficient besides being error prone and less secured.
Therefore, there is a need for an invention that provides a solution for registering the devices in the plant network more securely and efficiently.
OBJECTS OF THE INVENTION
It is an object of the invention to provide a system for registering the devices more securely.
It is another object of the invention to provide a system for registering the devices automatically and efficiently.
Yet another object of the invention is to provide a method for registering the devices more securely, automatically and efficiently by the system of the invention.
SUMMARY OF THE INVENTION
Accordingly the invention provides a system for registration of devices. The system of the invention has one or more devices for registration in a network, and an engineering tool for providing one or more secure registration data required for registering the devices securely. The system also has a certification module for validating the one or more secure registration data and registering the one or more devices.
Accordingly the invention also provides a method for registration of devices by the system of the invention. The method of the invention comprises the steps of administering one or more registration data in relation to registering one or more devices by an engineering tool to provide one or more secure registration data; handling the one or more secure registration data and of the user by a certification module; and registering the one or more devices based on the one or more secure registration data.
BRIEF DESCRIPTION OF THE DRAWINGS
With reference to the accompanying drawings in which: Fig. 1 shows a system for secure registration of devices; and Fig. 2 illustrates the method for registration of devices securely. DETAILED DESCRIPTION
The invention is further described with reference to non-exhaustive exemplary embodiments through Figs. 1 and 2.
In Figs 1 and 2, the system and method for secure registration of devices is illustrated. The system (100) for secure registration of devices has device(s) that needs to be registered and brought into the network. The network in this context includes but not limited to the network having devices integrated or connected therein or the like, in the substation or process plant or process industry or so.
The process of registration of devices is initiated by a user having authorized access to the engineering tool (102). The engineering tool (102) generates or creates registration data (201) pertaining to a particular devices or several such devices and stores in it. The generated registration data is encrypted (202) using a public key by the engineering tool (102) to provide an encrypted registration data. The encrypted registration data is digitally signed (203) using a private key of the engineering tool (102) to provide a digitally signed encrypted registration data, by the engineering tool (102). Engineering tool (102) appends its public key (204) to the digitally signed encrypted registration data to provide a secure registration data. The steps involved herein in relation to creating registration data (201), encrypting registration data (202) to provide encrypted registration data, digitally signing the encrypted registration data (203) to provide digitally signed encrypted registration data and appending public key of the engineering tool to the digitally signed encrypted registration data (204) to provide secure registration data can be collectively referred to herein as administering the registration data. The private and the public keys referred here above are the keys that are used to provide security to the registration data and of its authenticity.
With the secure registration data, the process of registering the device(s) pertaining or corresponding to such registration data (205) is initiated in the certification module (103). The authenticity or credentials of the user initiating such registration of devices is verified before proceeding further (206). Upon successful verification and validity of the user been established, the validity of the secure registration data is verified (207) by the certification module (103) as against the public key used therein on the digitally signed encrypted data in the secure registration data. On having the valid secure registration data, the secure registration data is decrypted (208) by the certification module (103) to obtain the registration data required for registering the device(s). With the registration data so obtained from the secure registration data after performing decryption, the certification module (103) proceeds to register the device(s)
(209), thereby allowing such devices to enter into the network. The steps of validating the authenticity or credentials of the secure registration data (207) and the decryption of the secure registration data (208) by the certification module (103) can be collectively referred herein as handling the secure registration data.
From the above it can be clearly understood that the registration of the device(s) using the secure registration data obtained from this invention is performed more securely thereby reducing or eliminating the threats of the security being compromised by the malicious registration data or of the devices thereof. Besides this no human intervention is required to achieve the security provided herein. Also, this eliminates or reduces the manual checking for the authenticity and integrity of the device registration data especially when registering at the Certification module (103). No security officer is required at every stages of this registration process for security.
The secure registration data is generated at the engineering tool (102) in the form of a script such as XML script or the like. Likewise, the registration data is also made available in the form of a script such as XML script or the like. The script contains the secure registration data for every devices. At Certification module (103), the script is run and the certification module (103) registers all the devices with their secure registration data as contained in the script. In addition to the above, the registration of one or more devices can be performed together or concurrently, and automatically eliminating or reducing the intervention of the user or personnel meant for this purpose. Also, the cumbersome process of registering the devices individually as existing in the current practice is eliminated. This improves the reliability of the system and of the process of registering the devices, and of the efficiency thereof.
The system and method described herein in the invention is not limited to the applications relating to substation, process plant or process industry but can be coextensively applied to the applications involving devices and of its registration thereof.
Only certain features of the invention have been specifically illustrated and described herein, and many modifications and changes will occur to those skilled in the art. The invention is not restricted by the preferred embodiment described herein in the description. It is to be noted that the invention is explained by way of exemplary embodiment and is neither exhaustive nor limiting. Certain aspects of the invention that not been elaborated herein in the description are
well understood by one skilled in the art. Also, the terms relating to singular form used herein in the description also include its plurality and vice versa, wherever applicable. Any relevant modification or variation, which is not described specifically in the specification are in fact to be construed of being well within the scope of the invention. The appended claims are intended to cover all such modifications and changes which fall within the spirit of the invention.
Thus, it will be appreciated by those skilled in the art that the present invention can be embodied in other specific forms without departing from the spirit or essential characteristics thereof. The presently disclosed embodiments are therefore considered in all respects to be illustrative and not restricted. The scope of the invention is indicated by the appended claims rather than the foregoing description and all changes that come within the meaning and range and equivalence thereof are intended to be embraced therein.
Claims
1. A system for registration of devices comprising:
one or more devices for registration in a network; wherein the said system comprises
an engineering tool for providing one or more secure registration data required for registering the said one or more devices securely; and
a certification module for validating the said one or more secure registration data and registering the said one or more devices.
2. The system as claimed in claim 1, wherein the said engineering tool is provided for generating and storing therein the credentials of the said one or more devices.
3. The system as claimed in claim 1, wherein the said engineering tool is provided for encrypting the registration data with a public key to provide encrypted registration data.
4. The system as claimed in claim 1, wherein the said engineering tool is provided for digitally signing the said encrypted registration data to provide digitally signed registration data.
5. The system as claimed in claim 1, wherein the said engineering tool is provided for appending a public key to the said digitally signed registration data.
6. The system as claimed in claim 1, 4 or 5, wherein the said certification module is provided for decrypting the said encrypted and digitally signed registration data.
7. The system as claimed in claim 1, wherein the said network includes network of devices in a substation or process plant or process industry or the like.
8. A method for registration of devices by the system as claimed in any one of the preceding claims, wherein the said method comprising the steps of:
administering one or more registration data in relation to registering one or more devices by an engineering tool to provide one or more secure registration data;
handling the said one or more secure registration data and of the user by a certification module; and
registering the said one or more devices based on the said one or more secure registration data.
9. The method as claimed in claim 8, wherein administering one or more registration data includes generating the said one or more registration data corresponding to one or more devices by the said engineering tool in the form of a script or the like, initiated by a user and of the authentication of the said user by the said engineering tool thereof.
10. The method as claimed in claim 8, wherein administering one or more registration data includes encrypting the said registration data with a public key by the said engineering tool to provide encrypted registration data.
11. The method as claimed in claim 8 or 10, wherein administering one or more registration data includes digitally signing the said encrypted registration data by the said engineering tool to provide digitally signed registration data.
12. The method as claimed in claim 8, 10 or 11, wherein administering one or more registration data includes appending a public key to the said digitally signed registration data.
13. The method as claimed in claim 8, wherein handling the said one or more secure registration data includes validating the said one or more secure registration data.
14. The method as claimed in claim 8 or 13, wherein handling the said one or more secure registration data includes decrypting the said secure registration data to provide decrypted secure registration data in the form of a script or the like..
15. The method as claimed in claim 8 or 14, wherein registering the said one or more devices includes registering the credentials of the said one or more devices purported by the corresponding said one or more secure registration data.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
IN5194/CHE/2012 | 2012-12-13 | ||
IN5194CH2012 | 2012-12-13 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2014091337A1 true WO2014091337A1 (en) | 2014-06-19 |
Family
ID=49765614
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/IB2013/060275 WO2014091337A1 (en) | 2012-12-13 | 2013-11-20 | A system and a method for registration of devices in a plant |
Country Status (1)
Country | Link |
---|---|
WO (1) | WO2014091337A1 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105653912A (en) * | 2014-11-13 | 2016-06-08 | 阿里巴巴集团控股有限公司 | Method and device for identifying bulk registration behavior |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030135735A1 (en) * | 2002-01-14 | 2003-07-17 | Richard Marejka | Self-monitoring and trending service system with a cascaded pipeline with enhanced authentication and registration |
US20110158411A1 (en) * | 2009-12-29 | 2011-06-30 | General Instrument Corporation | Registering client devices with a registration server |
US20110161660A1 (en) * | 2009-12-29 | 2011-06-30 | General Instrument Corporation | Temporary registration of devices |
-
2013
- 2013-11-20 WO PCT/IB2013/060275 patent/WO2014091337A1/en active Application Filing
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030135735A1 (en) * | 2002-01-14 | 2003-07-17 | Richard Marejka | Self-monitoring and trending service system with a cascaded pipeline with enhanced authentication and registration |
US20110158411A1 (en) * | 2009-12-29 | 2011-06-30 | General Instrument Corporation | Registering client devices with a registration server |
US20110161660A1 (en) * | 2009-12-29 | 2011-06-30 | General Instrument Corporation | Temporary registration of devices |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105653912A (en) * | 2014-11-13 | 2016-06-08 | 阿里巴巴集团控股有限公司 | Method and device for identifying bulk registration behavior |
CN105653912B (en) * | 2014-11-13 | 2018-06-01 | 阿里巴巴集团控股有限公司 | A kind of method and device for identifying batch registration behavior |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9276752B2 (en) | System and method for secure software update | |
CN101005361B (en) | Server and software protection method and system | |
JP2016515235A5 (en) | ||
CN107493273A (en) | Identity identifying method, system and computer-readable recording medium | |
CN104639506B (en) | Method, system and the terminal for carrying out management and control are installed to application program | |
US20090006852A1 (en) | Method and Apparatus for Securing Unlock Password Generation and Distribution | |
US9940446B2 (en) | Anti-piracy protection for software | |
CN103095456A (en) | Method and system for processing transaction messages | |
CN109728913B (en) | Equipment validity verification method, related equipment and system | |
CA2969332C (en) | A method and device for authentication | |
JP2020530726A (en) | NFC tag authentication to remote servers with applications that protect supply chain asset management | |
CN104636680A (en) | Verification of authenticity of a maintenance means and provision and obtainment of a license key for use therein | |
CN103475477A (en) | Safe authorized access method | |
CN103701787A (en) | User name password authentication method implemented on basis of public key algorithm | |
US20190026458A1 (en) | Remote processing of credential requests | |
US10091189B2 (en) | Secured data channel authentication implying a shared secret | |
CN111800276B (en) | Service processing method and device | |
CN102270285B (en) | Key authorization information management method and device | |
AU2020220129B2 (en) | Method of enrolling a device into a pki domain for certificate management using factory key provisioning | |
US7853793B2 (en) | Trusted signature with key access permissions | |
EP2827540A1 (en) | Method, device, and system for authentication | |
KR20130100032A (en) | Method for distributting smartphone application by using code-signing scheme | |
WO2014091337A1 (en) | A system and a method for registration of devices in a plant | |
CN114154176A (en) | Information query method based on block chain | |
JP2011113157A (en) | Authentication system, authentication method, and program |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 13805595 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 13805595 Country of ref document: EP Kind code of ref document: A1 |