Authentication between industrial elements in an industrial control system
US-2017093584-A1 · Mar 30, 2017 · US
Secure provisioning and management of devices
US10599819B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10599819-B2 |
| Application number | US-201916561509-A |
| Country | US |
| Kind code | B2 |
| Filing date | Sep 5, 2019 |
| Priority date | Nov 14, 2016 |
| Publication date | Mar 24, 2020 |
| Grant date | Mar 24, 2020 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Systems and methods for secure provisioning and management of computerized devices. The system may include a distributor appliance that is communicatively connected to the computerized device, and that is operable to receive a digital asset and to load the digital asset into the computerized device. It may include an optional digital asset management system that is connected via a secure communication channel to the distributor appliance, and that is operable to transmit the digital asset to the distributor appliance; and a provisioning controller that is connected via a secure communication channel to the distributor appliance and is connected via another secure communication channel to the optional digital asset management system, and that is operable to directly or indirectly transmit the digital asset to the distributor appliance. The computerized device is not fully functional before the digital asset is loaded into it.
First claim
Opening claim text (preview).
What is claimed is: 1. A system for securely provisioning a computerized device, the system comprising: a first secure distributor computer that is communicatively connected to the computerized device, and that receives a first digital asset and transmits the first digital asset to the computerized device, wherein the first digital asset is configured to cause the computerized device to become partially functional; a digital asset management server that is connected via a first secure communication channel to the first secure distributor computer, and that transmits the first digital asset to the first secure distributor computer; a provisioning controller that is connected via a second secure communication channel to the first secure distributor computer and is connected via a third secure communication channel to the digital asset management server, and that directs the digital asset management server to transmit the first digital asset to the first secure distributor computer; and a second secure distributor computer that is connected via a fourth secure communication channel to the digital asset management server and that is communicatively connected to the computerized device after the first secure distributor computer is disconnected from the computerized device, and that receives a second digital asset and transmits the second digital asset to the computerized device, wherein the second digital asset is configured to cause the computerized device to become fully functional; wherein the provisioning controller also directs the digital asset management server to transmit the second digital asset to the second secure distributor computer; wherein the computerized device is fully functional after the second digital asset is transmitted to the computerized device. 2. The system of claim 1 , further comprising: a first portal for the provisioning controller that authenticates a manufacturer of the computerized device and enables the manufacturer to manage provisioning of the computerized device. 3. The system of claim 1 , further comprising: a second portal for the provisioning controller that authenticates an installer of the computerized device. 4. The system of claim 1 , further comprising: a third portal for the provisioning controller that authenticates a regulator of the computerized device and enables the regulator to regulate provisioning of the computerized device. 5. The system of claim 1 , wherein the provisioning controller transmits a third digital asset to the first secure distributor computer or the second secure distributor computer for transmitting to the computerized device. 6. The system of claim 5 , wherein the third digital asset is executable code that is run by the computerized device. 7. The system of claim 1 , wherein the second digital asset is at least one of: a digital certificate, a cryptographic key, and executable software. 8. The system of claim 1 , wherein the provisioning controller creates and maintains a log that is associated with the computerized device and that stores information regarding the provisioning activities for the computerized device. 9. The system of claim 8 , wherein the first secure distributor computer transmits information regarding provisioning activities related to the computerized device to the provisioning controller for storing in the log. 10. The system of claim 1 , wherein the provisioning controller authenticates the computerized device before a digital asset is transmitted to the computerized device. 11. The system of claim 1 , wherein the computerized device is an embedded Universal Integrated Circuit Card. 12. The system of claim 1 , wherein the computerized device is an on board unit. 13. The system of claim 1 , wherein the digital asset management server comprises a plurality of servers. 14. The system of claim 1 , wherein the digital asset management server is a secure credential management system. 15. A method for provisioning a computerized device, the method comprising: generating a first instruction, by a provisioning controller, to instruct a digital asset management server to transmit a first digital asset to a first secure distributor computer; in response to the first instruction, transmitting the first digital asset from the digital asset management server to the first secure distributor computer; transmitting the first digital asset from the first secure distributor computer to the computerized device, wherein the first digital asset is configured to cause the computerized device to become partially functional; generating a second instruction, by the provisioning controller after a second secure distributor computer is connected to the computerized device, to instruct the digital asset management server to transmit a second digital asset to the second secure distributor computer; in response to the second instruction, transmitting the second digital asset from the digital asset management server to the second secure distributor computer; and transmitting the second digital asset from the second secure distributor computer to the computerized device, wherein the second digital asset is configured to cause the computerized device to become fully functional; wherein the computerized device is fully functional after the second digital asset is transmitted to the computerized device; wherein: the first secure distributor computer is communicatively connected to the computerized device; the digital asset management server is connected via a first secure communication channel to the first secure distributor computer; the provisioning controller is connected via a second secure communication channel to the first secure distributor computer and is connected via a third secure communication channel to the digital asset management server; and the second secure distributor computer is connected via a fourth secure communication channel to the digital asset management server and is communicatively connected to the computerized device after the first secure distributor computer is disconnected from the computerized device. 16. The method of claim 15 , wherein transmitting the first digital asset from the digital asset management server to the first secure distributor computer comprises transmitting at least one of: a digital certificate, a cryptographic key, and executable code that is run by the computerized device. 17. The method of claim 15 , wherein transmitting the second digital asset from the digital asset management server to the second secure distributor computer comprises transmitting at least one of: a digital certificate, a cryptographic key, and executable code that is run by the computerized device. 18. A system for securely provisioning a computerized device, the system comprising: a first secure distributor computer that is communicatively connected to the computerized device, and that receives a first digital asset and transmits the first digital asset to the computerized device, wherein the first digital asset is configured to cause the computerized device to become partially functional; a provisioning controller that is connected via a first secure communication channel to the first secure distributor computer and that transmits the first digital asset to the first secure distributor computer; and a second secure distributor computer that is connected via a second secure communication channel to the provisioning controller and that is communicatively connected to the computerized device after the first secure distributor computer is disconnected from t
Assignees
Inventors
Classifications
Service provisioning or reconfiguring · CPC title
involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements (network architectures or network communication protocols for supporting authentication of entities using certificates in a packet data network H04L63/0823) · CPC title
using different networks or channels, e.g. using out of band channels (cryptographic mechanisms or cryptographic arrangements for key distribution involving distinctive intermediate devices or communication paths H04L9/0827; cryptographic mechanisms or cryptographic arrangements for authentication using a plurality of channels H04L9/3215) · CPC title
Authentication · CPC title
during transmission, i.e. party's identity is protected against eavesdropping, e.g. by using temporary identifiers, but is known to the other party or parties involved in the communication · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10599819B2 cover?
- Systems and methods for secure provisioning and management of computerized devices. The system may include a distributor appliance that is communicatively connected to the computerized device, and that is operable to receive a digital asset and to load the digital asset into the computerized device. It may include an optional digital asset management system that is connected via a secure commun…
- Who is the assignee on this patent?
- Integrity Security Services Llc
- What technology area does this patent fall under?
- Primary CPC classification G06F21/572. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Mar 24 2020 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).