SE1451512A1 - Secure communication in an energy management system - Google Patents

Secure communication in an energy management system Download PDF

Info

Publication number
SE1451512A1
SE1451512A1 SE1451512A SE1451512A SE1451512A1 SE 1451512 A1 SE1451512 A1 SE 1451512A1 SE 1451512 A SE1451512 A SE 1451512A SE 1451512 A SE1451512 A SE 1451512A SE 1451512 A1 SE1451512 A1 SE 1451512A1
Authority
SE
Sweden
Prior art keywords
gateway
alias
energy
service provider
energy management
Prior art date
Application number
SE1451512A
Other languages
English (en)
Inventor
Ewa Hansen
Tomas Lennvall
Larisa Rizvanovic
Judith Rossebø
Pia Stoll
Original Assignee
Abb Ag
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Abb Ag filed Critical Abb Ag
Publication of SE1451512A1 publication Critical patent/SE1451512A1/sv

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • H04L63/0414Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden during transmission, i.e. party's identity is protected against eavesdropping, e.g. by using temporary identifiers, but is known to the other party or parties involved in the communication
    • GPHYSICS
    • G01MEASURING; TESTING
    • G01DMEASURING NOT SPECIALLY ADAPTED FOR A SPECIFIC VARIABLE; ARRANGEMENTS FOR MEASURING TWO OR MORE VARIABLES NOT COVERED IN A SINGLE OTHER SUBCLASS; TARIFF METERING APPARATUS; MEASURING OR TESTING NOT OTHERWISE PROVIDED FOR
    • G01D4/00Tariff metering apparatus
    • G01D4/002Remote reading of utility meters
    • G01D4/004Remote reading of utility meters to a fixed location
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Description

1O 15 20 25 30 Additionally, in some cases, it is desirable that a third party service provider should be able to collect energy data in order to analyse energy usage patterns and research future developments for energy management etc. without compromising the privacy of the individual users and without being able to connect the data to any specific user.
WO 2011/ 143712 discloses a encrypted transmissions between a resource management client and server via a wireless area network (WAN). The server may be operated by an energy supply company (ESCO). According to the document, secure communication between the ESCO server and multiple client sites is facilitated, where each client site has a client apparatus or energy service gateway (ESBoX). A unique identifier as well as at least one encryption key is used for the secure communication.
Privacy of personal data is an issue when energy consumption and other personal data is transported between a household/building and an external service provider. The energy consumption or personal data can be securely transferred over a TCP / IP network using e.g. TLS at the transport layer or IPsec at the network layer for securing the communications. Thus, the information is secure, unless the communications security solution is compromised so that an unauthorized party is able to gain access to the information exchanged between the household / residential building or industrial building, e.g. while it is being transmitted via the internet.
SUMMARY It is an objective of the present invention to improve the security of energy management data sent from a building to a service provider.
It has been realised by the inventors of the present invention that if security solution of a secure communication between an energy management gateway of a residential or industrial building to a server of a service provider is compromised (e.g. an encrypted transmission is hacked, or the encryption fails), it will be possible to connect the energy management information, sent with the secure communication, to a person or company to which the 1O 15 20 25 30 information relates. By means of the present invention, it will not be possible to connect the sent information to a person or company, even if any encryption of the transmission is e.g. hacked. Additionally, by means of the present invention, it will be possible to allow a third party service provider to collect energy data without compromising the privacy of the individual users and without being able to connect the data to any specific user.
According to an aspect of the present invention, there is provided a method of an energy management gateway located at the premises of a user and holding an identifier (ID) of said gateway, the method comprising: applying a hash function to the gateway ID to form an alias ID; associating the alias ID with data relating to the energy management of the user premises to form an energy information message; and sending the energy information message to a service provider.
According to another aspect of the present invention, there is provided an energy management gateway located at the premises of a user and holding an identifier (ID) of said gateway, the gateway comprising: a processor; and a storage unit storing instructions that, when executed by the processor, cause the gateway to: apply a hash function to the gateway ID to form an alias ID; associate the alias ID with data relating to the energy management of the user premises to form an energy information message; and send the energy information message to a service provider.
According to another aspect of the present invention, there is provided a computer program product comprising computer-executable components for causing an energy management gateway to perform an embodiment of a gateway method of the present invention when the computer-executable components are run on a processor comprised in the gateway.
According to another aspect of the present invention, there is provided a computer program comprising computer program code which is able to, when run on a processor of an energy management gateway, cause the gateway to: apply a hash function to a gateway ID of the energy management 10 15 20 25 gateway to form an alias ID; associate the alias ID with data relating to energy management of the user premises to form an energy information message; and send the energy information message to a service provider.
According to another aspect of the present invention, there is provided a computer program product comprising a computer program according to an embodiment of a gateway computer program of the present invention and a computer readable means on which the computer program is stored.
According to another aspect of the present invention, there is provided a method of a server of a service provider, the method comprising receiving an energy information message comprising energy management data from a gateway and an alias ID resulting from a hash function having been applied to a unique identifier of the gateway in the form of a gateway ID, said gateway being located at a premises of a user; and processing the received energy information.
According to another aspect of the present invention, there is provided a server of a service provider, the server holding an identifier (ID) of an energy management gateway located at the premises of a user, the server comprising: a processor; and a storage unit storing instructions that, when executed by the processor, cause the server to: apply a hash function to the gateway ID to form an alias ID; receive an energy information message from the energy management gateway; and determine that an alias ID included in the energy information message is the same as the alias ID formed by the server, whereby the gateway is identified as being associated with energy management data included in the energy information message.
According to another aspect of the present invention, there is provided a computer program product comprising computer-executable components for causing a server to perform an embodiment of a server method of the present invention when the computer-executable components are run on a processor comprised in the server. 1O 15 20 25 30 According to another aspect of the present invention, there is provided a computer program comprising computer program code which is able to, when run on a processor of a service provider server, cause the server to: apply a hash function to a gateway ID of an energy management gateway to form an alias ID; receive an energy information message from the energy management gateway; and determine that an alias ID included in the energy information message is the same as the alias ID formed by the server, whereby the gateway is identified as being associated with energy management data included in the energy information message.
According to another aspect of the present invention, there is provided a computer program product comprising an embodiment of a server computer program of the present invention and a computer readable means on which the computer program is stored.
It is an advantage of any of the aspects of the present invention that the gateway ID is secure, encrypted or otherwise not in plain characters, even if the message is intercepted or is mistakenly sent to/ received by an unintended recipient. Thereby, the energy management information cannot be associated with any specific client of the service provider. Even if the message is encrypted and the encryption fails, only the alias ID is obtainable. Only the intended recipient, e.g. a server of the service provider, knows the hash function and is able to obtain the gateway ID from the alias ID. Thus, the energy management gateway is able to communicate about personal energy consumption to an external service provider in a way that prevents the information exchanged from the gateway being linkable to the specific user during transmission.
In some embodiments, the energy management gateway and/ or the service provider server also holds an account ID of the user. Then, the account ID may be combined with the gateway ID to form a combined gateway ID, before the step of applying the hash function to said combined gateway ID. In this way, the identity of the user may be further secured. 1O 15 20 25 In some embodiments, the gateway may encrypt the alias ID by means of a public key of the service provider before the message is sent. Consequently, the server may decrypt the alias ID of the received energy information message by means of a private key of the service provider. In this way, the identity of the user may be further secured.
In some embodiments, the gateway may encrypt the whole energy information message, optionally including the alias ID, by means of a public key of the service provider before said message is sent. Consequently, the server may decrypt the received energy information message, optionally including the alias ID, by means of a private key of the service provider. In this way, the energy management information of the user may be further secured.
Generally, all terms used in the claims are to be interpreted according to their ordinary meaning in the technical field, unless explicitly defined otherwise herein. All references to "a/ an/ the element, apparatus, component, means, step, etc." are to be interpreted openly as referring to at least one instance of the element, apparatus, component, means, step, etc., unless explicitly stated otherwise. The steps of any method disclosed herein do not have to be performed in the exact order disclosed, unless explicitly stated. The use of “first”, “second” etc. for different features / components of the present disclosure are only intended to distinguish the features/ components from other similar features/ components and not to impart any order or hierarchy to the features/ components.
BRIEF DESCRIPTION OF THE DRAWINGS The invention is now described, by way of example, with reference to the accompanying drawings, in which: Fig 1 is a schematic block diagram of an energy management system.
Fig 2 is a schematic block diagram of an embodiment of an energy management gateway of the present invention. 1O 15 20 25 Fig 3 is a schematic block diagram of an embodiment of a storage unit of the gateway of fig 2.
Fig 4 is a schematic block diagram of an embodiment of a service provider server of the present invention.
Fig 5 is a schematic block diagram of an embodiment of a storage unit of the server of fig 4.
Fig 6 is a schematic flow chart of an embodiment of a method of an energy management gateway, of the present invention.
Fig 7 is a schematic flow chart of an embodiment of a method of a service provider server, of the present invention.
DETAILED DESCRIPTION The invention Will now be described more fully hereinafter with reference to the accompanying drawings, in which certain embodiments of the invention are shown. This invention may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein; rather, these embodiments are provided by way of example so that this disclosure will be thorough and complete, and will fully convey the scope of the invention to those skilled in the art. Like numbers refer to like elements throughout the description.
The gateway ID of the present disclosure may be any number, code or the like which can facilitate the identification of the gateway from which the energy information message is sent. The service provider can then identify which gateway the energy management information relates to. The gateway ID may conveniently be a unique ID.
The account ID of the present disclosure may be number, code or the like which can facilitate the identification of a user (e.g. customer or client) or account to which the sent energy management information relates. The gateway may e.g. be responsible for energy management of a plurality of e.g. 1O 15 20 25 30 apartments (each with a separate user) in a residential building, whereby it may not be enough to identify the gateway by means of the gateway ID in order to link the sent energy management information to a specific user. In such a case, the account ID may specify which of the gateway users the energy management information relates to. Additionally or alternatively, the account ID may specify a type of account the gateway user has with the service provider, e.g. what services etc. the user pays for.
The energy management gateway may be any suitable gateway able to send an energy information message to a service provider. The gateway may e.g. be an Energy Service Interface/ Home Area Network (ESI/ HAN) gateway. The gateway is located at the premises of a user. The gateway holds EMS logic for controlling / monitoring electrical load(s) at the user premises according to its configuration mode. The premises may e.g. be a residential or industrial building or other facility. The gateway may also involve control of charging or discharging of local electricity storage such as batteries or the like, and/ or of local energy production e.g. solar or wind power equipment at the user premises. Information exchanged with the external service provider may include user energy consumption information, information about the energy efficiency of the energy management system and/ or about the home automation system or changes to be introduced to settings in the energy management or home automation system.
For the communication with the service provider, the gateway in Which the EMS is deployed has a gateway ID and optionally an account ID and/ or a security module which provides cryptographic support. Both the gateway ID and the account ID, if used, are known by the external service provider.
In some embodiments, the gateway ID and the account ID are combined and then encrypted with a hash function. By combining the ID of the gateway with the account ID and then applying a cryptographic function it is possible to create an alias ID that cannot be linked to the user/ customer. This alias ID can then be included when the energy management data and optionally other information is sent to the external service provider. 10 15 20 25 30 Via the gateway, the energy management system of the user premises can be connected to the external service provider which is authorised by the user, e.g. household/ building manager, to interact with the EMS of the premises.
The gateway may, e.g. on the external service provider”s request, connect to the external service provider and send information in the form of energy management data such as EMS settings, stored energy consumption values etc., to the external service provider. The external service provider may then process the energy management data in any suitable way, e. g. determining energy consumption pattern of different electrical devices at the user premises and/ or managing an electricity consumption database for more general statistical purposes (in which case the service provider does not necessarily need to know the gateway ID of the gateway; it may be enough with the alias ID).
Any keyed or unkeyed hash function may be used in the present invention, i.e. applied to the gateway ID. Preferably, the hash function is sufficiently strong such that it is pre-image resistant (i.e. for a given known output it is computationally infeasible to find an input (message) that corresponds to that output) and collision resistant (i.e. it is computationally infeasible to find any two distinct inputs that hash to the same output). The actual hash algorithm to be used is not considered a part of the invention as it is always best to follow the recommendations of e.g. NIST (National Institute of Standards and Technology) etc. and apply a standardized algorithm. Also, the requirement on the strength of the hash algorithm to be used will vary subject to new developments in the field. (e.g., NIST has now deprecated use of SHA-1 for digital signature generation, 10 years ago SHA-1 was recommended). Reference is made to FIPS publication 180-2 “lSecure Hash Standard”; and A. J. Menezes, P. C. van Oorschot, and S. A. Vanstone, “Handbook of Applied Cryptography”, CRC Press, 1997.
It is also contemplated that an energy information message may be sent from the server of the service provider to the gateway in a corresponding way as described herein for a message sent from the gateway to the server. The external service provider may then communicate with the gateway on e.g. 10 15 20 25 30 10 energy efficiency analysis and remotely issue automation network settings updates to the gateway for increased energy efficiency without compromising the privacy of the user. An embodiment of a method of the gateway according to the present invention may thus also comprise: receiving a second energy information message from the server; and determining that an alias ID included in the second energy information message is the same as the alias ID formed by the gateway, whereby the energy management data included in the energy information message is identified as being associated with the gateway. Similarly, an embodiment of a method of the server according to the present invention may thus also comprise: associating the alias ID with data relating to the gateway to form a second energy information message; and sending the second energy information message to the gateway.
In an alternative embodiment of the server of the service provider, the server does not hold or otherwise know the gateway ID. In this embodiment, the server and thus the service provider cannot identify the user associated with the energy information message whereby the user is anonymous and protected. There may thus be third party service providers who would like to collect energy data but from whom the identity of the user may desirably be kept secret (anonymized) in accordance with e. g. legal privacy directives.
Such an external third party service provider may receive, store and analyse the energy management data received while the identity of each user is anonymous to that third party, since only the alias is made known to said service provider. This allows e.g. a third party information management system to be able to collect energy data in order to analyse energy usage patterns, follow-up and evaluate whether e.g., sustainability goals (reduction of costs, reduction of environmental impact) have been reached and research future developments for energy management etc. without compromising the privacy of the individual users. The identity of the user whose energy data has been collected is anonymized so that the data cannot be connected to the IlSCF.
Figure 1 schematically illustrates an energy management system (EMS) where an energy management gateway 101 of the EMS communicates with a 1O 15 20 25 30 11 server 102 of a service provider via a network, e.g. the internet and/ or a wide area network (WAN). The communication may be wired or at least partly wireless. If the communication is at least partly wireless, the gateway 101 may be configured to connect to the network 103 over a radio interface, while the server 102 connects to the network 103 via a wired interface. Although, in the present disclosure, the transmission of messages from the gateway 101 to the server 102 (as indicated by the arrow in figure 1) is mostly discussed, transmission of messages from the server 102 to the gateway 101 may also OCCUT.
Figure 2 schematically illustrates an embodiment of an energy management gateway 101. The gateway 101 comprises a processor 201 e.g. a central processing unit (CPU). The processor 201 may comprise one or a plurality of processing units in the form of microprocessor(s). However, other suitable devices with computing capabilities could be comprised in the processor 201, e.g. an application specific integrated circuit (ASIC), a field programmable gate array (FPGA) or a complex programmable logic device (CPLD). The processor 201 is configured to run one or several computer program(s) or software stored in a storage unit 202 e.g. a memory. The storage unit 202 is regarded as a computer readable means and may e.g. be in the form of a Random Access Memory (RAM), a Flash memory or other solid state memory, or a hard disk, or a combination thereof. The processor 201 is also configured to store data in the storage unit 202, as needed. The gateway 101 also comprises a transmitter and a receiver, and optionally (if the gateway is configured for communication over a radio interface) an antenna, which may be combined to form a transceiver 204 or be present as distinct units within the gateway 101. The transmitter is configured to cooperate with the processor to transform data bits to be transmitted e.g. over a radio interface to a suitable radio signal in accordance with the radio access technology (RAT) used by the Radio Access Network (RAN) via which the data bits are to be transmitted. The receiver is configured to cooperate with the processor 201 to transform e.g. a received radio signal to transmitted data bits. The antenna, if used, is used by the transceiver 204 for transmitting and 1O 15 20 25 30 12 receiving, respectively, radio signals. The gateway 101 also comprises an encryption unit 203 comprised in or in cooperation with the processor 201 for e.g. applying the hash function and encrypting and/ or decrypting messages or parts of messages sent/ received e.g. with a public key of the service provider (if encryption of the alias ID or the whole energy information message is used).
Figure 3 schematically illustrates an embodiment of the storage unit 202 of the gateway 101 of figure 2. The storage unit 202 holds the gateway ID 301 as well as software (SW), i.e. computer program / computer-executable components, 303 which can be accessed and executed by the processor 201 for running and controlling the gateway 101. If an account ID 302 is used, said account ID is also held by the storage unit 202.
Figure 4 schematically illustrates an embodiment of a service provider server 102. The server 102 comprises a processor 401 e.g. a central processing unit (CPU). The processor 401 may comprise one or a plurality of processing units in the form of microprocessor(s). However, other suitable devices with computing capabilities could be comprised in the processor 401, e.g. an application speciflc integrated circuit (ASIC), a field programmable gate array (FPGA) or a complex programmable logic device (CPLD). The processor 401 is configured to run one or several computer program(s) or software stored in a storage unit 402 e.g. a memory. The storage unit 402 is regarded as a computer readable means and may e.g. be in the form of a Random Access Memory (RAM), a Flash memory or other solid state memory, or a hard disk, or a combination thereof. The processor 401 is also configured to store data in the storage unit 402, as needed. The server 102 also comprises a transmitter and a receiver, which may be combined to form a transceiver 404 or be present as distinct units within the server 102. The transmitter is configured to cooperate with the processor to transform data bits to be transmitted e.g. over a wired interface. The receiver is configured to cooperate with the processor 401 to transform a received signal to transmitted data bits. The server 102 also comprises an encryption unit 403 comprised in or in cooperation with the processor 401 for e.g. applying the 1O 15 20 25 30 13 hash function and encrypting and/ or decrypting messages or parts of messages sent/ received e.g. with a public key of the service provider (if encryption of the alias ID or the whole energy information message is used).
Figure 5 schematically illustrates an embodiment of the storage unit 402 of the server 102 of figure 4. The storage unit 402 holds a gateway ID 501 as well as software (SW), i.e. computer program/ computer-executable components, 503 which can be accessed and executed by the processor 401 for running and controlling the server 102. The gateway ID 501 is the gateway ID 301 of the gateway 101 with which the server 102 communicates, but the storage unit 402 may also hold gateway IDs of other gateways with which the server 102 communicates. If an account ID 302 is used, said account ID is also held by the storage unit 402.
Figure 6 schematically illustrates a method of an energy management gateway 101. A hash function is applied 601 to the gateway ID 301 of the gateway 101 to form an alias ID. The gateway ID as well as the hash function may be stored in the storage unit 202 of the gateway 101, and the hash function may be applied by the processor 201. The gateway ID is in some embodiments a combined gateway ID as discussed herein. The thus formed alias ID is then associated 602 with data relating to the energy management of the user premises to form an energy information message. The energy management data (herein sometimes called energy data) is data to be transmitted to the service provider, informing the service provider about e.g. energy consumption of different electrical devices managed by the EMS and/ or user preferences regarding the energy management. The alias ID may be comprised in the energy information message or otherwise associated with the same. The gateway 101 then sends 603 the energy information message to the service provider, e.g. to the server 102.
Figure 7 schematically illustrates a method of a service provider server 102. A hash function is applied 701 to the gateway ID 501 of the gateway 101 from which an energy information message has been /will be received 702, to form an alias ID of said gateway 101. The gateway ID as well as the hash function 10 15 20 25 30 14 may be stored in the storage unit 202 of the gateway 101, and the hash function may be applied by the processor 201. The gateway ID is in some embodiments a combined gateway ID as discussed herein. The receiving 702 of the message may occur before or after the forming 701 of the alias ID, e.g. the alias ID may be formed 701, for each of the gateways with which the server 201 communicates (if more than one) pre-emptively whereby the server 102 may directly identify 703 the gateway from which the message was sent, or the alias ID may be formed in response to receiving a message in which case alias IDs for each gateway may be formed until the alias ID associated with the received 702 message is formed 701. That the alias ID included in/ associated with the energy information message is the same as the alias ID formed 701 by the server 102 is then determined 703, whereby the gateway 101 is identified as being associated with the energy management data included in the energy information message.
A more specific example of a gateway method in combination with a server method is given below: 1. An ESI/ HAN unique gateway ID 301 and an account ID 302 are combined and an unkeyed Hash or a keyed Hash is applied 601 to generate the alias ID. It may be advantageous that a Hash function is chosen as the cryptographic function for ease of computation. 2. With an optional additional step, the alias ID may be encrypted using the external service provider”s public key (e.g. a X. 509 certificate public key).
The alias ID or the public key encrypted alias ID is then included 602 in the energy information message in the appropriate field (where the user ID is to be included) depending on the message format used. 3. The ESI/ HAN gateway then sends 603 the data to the external service provider 102 in an energy information message. 4. Upon receiving 702 the message, the external service provider 102 receives the data and, if the optional step 2 has been applied, the alias ID is decrypted using the external service provider”s private key. The authorized 10 15 external service provider 102 has prior knowledge of the ESI / HAN gateway unique ID 301/ 501 and account ID 302/ 502 and has already formed 701 the alias ID using this information. The external service provider 102 is therefore able to identify 703 which gateway and account/user the data belongs too.
The invention has mainly been described above with reference to a few embodiments. However, as is readily appreciated by a person skilled in the art, other embodiments than the ones disclosed above are equally possible within the scope of the invention, as defined by the appended patent claims.

Claims (8)

Claims
1. A method of an energy management gateway (101) located at the premises of a user and holding a unique identifier of said gateway in the form of a gateway ID (301), the method comprising: - applying (601) a hash function to the gateway ID (301) to form an alias ID; - associating (602) the alias ID with data relating to the energy management of the user premises to form an energy information message; and sending (603) the energy information message to a service provider (102); wherein the energy management gateway (101) also holds an account ID (302) of the user, the method also comprising: combining the gateway ID (301) with the account ID (302) to form a combined gateway ID, before the step of applying (601) the hash function to said combined gateway ID.
2. The method of claim 1, also comprising: encrypting the alias ID by means of a public key of the service provider before the message is sent (603).
3. The method of claim 1, also comprising: encrypting the energy information message by means of a public key of the service provider before said message is sent (603).
4. A computer program product comprising computer-executable components (303) for causing an energy management gateway (101) to perform the method of any one of claims 1-3 when the computer-executable components are run on a processor (201) comprised in the gateway.
5. A method of a server (102) of a service provider, comprising: - receiving (702) an energy information message comprising energy management data from a gateway (101) and an alias ID resulting from a hash function having been applied to a unique identifier of the gateway (101) in the form of a gateway ID (301), said gateway being located at a premises of a user; and processing the received (702) energy information; wherein the server holds the gateway ID (301, 501), the method further comprising: - applying (701) a hash function to the gateway ID (501) to form an alias ID; and determining (703) that the alias ID comprised in the received (702) energy information message is the same as the alias ID formed (701) by the server (102), whereby the gateway (101) is identified as being associated with the energy management data comprised in the energy information message; wherein the server (102) also holds an account ID (502) of the user, the method comprising: - combining the gateway ID (501) with the account ID (502) to form a combined gateway ID, before the step of applying (701) the hash function to said combined gateway ID.
6. The method of claim 5, comprising: decrypting the alias ID of the received energy information message by means of a private key of the service provider (102).
7. The method of claim 5, comprising: decrypting the received energy information message by means of a private key of the service provider (102).
8. A computer program product comprising computer-executable components (503) for causing a server (102) to perform the method of any one of claims 5-7 when the computer-executable components are run on a processor (401) comprised in the SGFVGI”.
SE1451512A 2012-06-26 2012-06-26 Secure communication in an energy management system SE1451512A1 (sv)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/EP2012/062368 WO2014000773A1 (en) 2012-06-26 2012-06-26 Secure communication in an energy management system

Publications (1)

Publication Number Publication Date
SE1451512A1 true SE1451512A1 (sv) 2014-12-10

Family

ID=46513724

Family Applications (1)

Application Number Title Priority Date Filing Date
SE1451512A SE1451512A1 (sv) 2012-06-26 2012-06-26 Secure communication in an energy management system

Country Status (3)

Country Link
DE (1) DE112012006607T5 (sv)
SE (1) SE1451512A1 (sv)
WO (1) WO2014000773A1 (sv)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP4057590B1 (de) * 2021-03-12 2024-03-20 Wobben Properties GmbH Verfahren zum überwachen eines einstell- oder programmzugriffs auf eine komponente einer windenergieanlage oder eines windparks sowie komponente und system zum ausführen des verfahrens

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7761910B2 (en) * 1994-12-30 2010-07-20 Power Measurement Ltd. System and method for assigning an identity to an intelligent electronic device
US7644290B2 (en) * 2003-03-31 2010-01-05 Power Measurement Ltd. System and method for seal tamper detection for intelligent electronic devices
GB2479922B (en) * 2010-04-29 2014-05-21 Toshiba Res Europ Ltd Data transmission apparatus and method
US20130173807A1 (en) 2010-05-21 2013-07-04 Commonwealth Scientific And Industrial Research Organisation Energy service delivery platform

Also Published As

Publication number Publication date
WO2014000773A1 (en) 2014-01-03
DE112012006607T5 (de) 2015-04-23

Similar Documents

Publication Publication Date Title
Saxena et al. Authentication and authorization scheme for various user roles and devices in smart grid
Uludag et al. Secure and scalable data collection with time minimization in the smart grid
CN101743715B (zh) 在家庭网络的装置之间共享秘密信息的方法和设备
CN102946603B (zh) 电力云系统中基于社交特性的统一身份认证方法
TWI581599B (zh) 金鑰生成系統、資料簽章與加密系統和方法
Park et al. A selective group authentication scheme for IoT-based medical information system
EP3570487B1 (en) Private key generation method, device and system
KR101481403B1 (ko) 차량용 데이터의 인증 및 획득 방법
CN112804356B (zh) 一种基于区块链的联网设备监管认证方法及系统
CN103118363A (zh) 一种互传秘密信息的方法、系统、终端设备及平台设备
US20130028411A1 (en) Simple Group Security for Machine-to-Machine Networking (SGSM2M)
CN107864040A (zh) 一种基于安全云计算的智能电网大数据信息管理系统
Abdallah et al. Lightweight lattice-based homomorphic privacy-preserving aggregation scheme for home area networks
Karopoulos et al. MASKER: Masking for privacy-preserving aggregation in the smart grid ecosystem
Alsharif et al. A multi-authority attribute-based signcryption scheme with efficient revocation for smart grid downlink communication
Fu et al. A robust and privacy‐preserving aggregation scheme for secure smart grid communications in digital communities
CN104869000B (zh) 一种基于标识密码跨域安全通信方法及系统
Weber et al. Towards trustworthy identity and access management for the future internet
Chang et al. Design of an authentication and key management system for a smart meter gateway in AMI
CN104065479A (zh) 基于群组的密钥生成方法和系统、密钥分发方法和系统
Kuntze et al. On the automatic establishment of security relations for devices
KR101366442B1 (ko) 스마트 미터와 디바이스 간 인증 방법
Stegelmann et al. V2GPriv: Vehicle-to-grid privacy in the smart grid
Uludag et al. Practical and secure machine-to-machine data collection protocol in smart grid
CN102387162A (zh) 基于数字证书的邮件服务器访问方法和系统

Legal Events

Date Code Title Description
NAV Patent application has lapsed