WO2013019595A2 - Providing security traceability of changes in endpoint programming through auditing - Google Patents

Providing security traceability of changes in endpoint programming through auditing Download PDF

Info

Publication number
WO2013019595A2
WO2013019595A2 PCT/US2012/048477 US2012048477W WO2013019595A2 WO 2013019595 A2 WO2013019595 A2 WO 2013019595A2 US 2012048477 W US2012048477 W US 2012048477W WO 2013019595 A2 WO2013019595 A2 WO 2013019595A2
Authority
WO
WIPO (PCT)
Prior art keywords
count
tamper
metrology
programming
endpoint
Prior art date
Application number
PCT/US2012/048477
Other languages
French (fr)
Other versions
WO2013019595A3 (en
Inventor
Matthew Johnson
Christopher L. Osterloh
Original Assignee
Itron, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Itron, Inc. filed Critical Itron, Inc.
Publication of WO2013019595A2 publication Critical patent/WO2013019595A2/en
Publication of WO2013019595A3 publication Critical patent/WO2013019595A3/en

Links

Classifications

    • GPHYSICS
    • G01MEASURING; TESTING
    • G01DMEASURING NOT SPECIALLY ADAPTED FOR A SPECIFIC VARIABLE; ARRANGEMENTS FOR MEASURING TWO OR MORE VARIABLES NOT COVERED IN A SINGLE OTHER SUBCLASS; TARIFF METERING APPARATUS; MEASURING OR TESTING NOT OTHERWISE PROVIDED FOR
    • G01D4/00Tariff metering apparatus
    • G01D4/002Remote reading of utility meters
    • GPHYSICS
    • G01MEASURING; TESTING
    • G01FMEASURING VOLUME, VOLUME FLOW, MASS FLOW OR LIQUID LEVEL; METERING BY VOLUME
    • G01F15/00Details of, or accessories for, apparatus of groups G01F1/00 - G01F13/00 insofar as such details or appliances are not adapted to particular types of such apparatus
    • G01F15/007Details of, or accessories for, apparatus of groups G01F1/00 - G01F13/00 insofar as such details or appliances are not adapted to particular types of such apparatus comprising means to prevent fraud
    • GPHYSICS
    • G01MEASURING; TESTING
    • G01RMEASURING ELECTRIC VARIABLES; MEASURING MAGNETIC VARIABLES
    • G01R22/00Arrangements for measuring time integral of electric power or current, e.g. electricity meters
    • G01R22/06Arrangements for measuring time integral of electric power or current, e.g. electricity meters by electronic methods
    • G01R22/061Details of electronic electricity meters
    • G01R22/066Arrangements for avoiding or indicating fraudulent use
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S20/00Management or operation of end-user stationary applications or the last stages of power distribution; Controlling, monitoring or operating thereof
    • Y04S20/30Smart metering, e.g. specially adapted for remote reading

Definitions

  • the present subject matter relates to information exchange in a wireless network of devices capable of exchanging information. More particularly, the present subject matter relates to improvements in tamper detection within a network of metrology devices with AMI capabilities.
  • a number of parameters programmed into utility meter endpoints affect the calculation of consumption and thus the amount billed to the customer and the revenue collected by the utility.
  • Other programmed parameters may affect the performance of the endpoint and, if misprogrammed, can even reduce the battery life of battery-powered endpoints. Therefore, it would be advantageous to insure that no unauthorized changes are made to its meters that will affect either performance or revenue.
  • the present subject matter relates to methods for providing enhanced tamper detection functionalities in an advanced metering infrastructure
  • One present exemplary method provides a data structure including at least one field configured to convey a tamper count.
  • the tamper count may be compared to a known count and an alarm may be issued when the tamper count fails to match the known count.
  • the known count may correspond to a count of authorized programming events and, in particular embodiments, to a count of authorized metrology programming events.
  • the at least one field may
  • At least one second field configured to convey a second tamper count may be provided.
  • the tamper count may be incremented in response to programming events for an associated meter.
  • the programming events may comprise metrology programming events.
  • the subject data structure may include separate counts for metrology-related and non-metrology related programming.
  • the method comparing step may include comparing the tamper count with a record of associated work orders.
  • the present subject matter equally relates to various and corresponding systems (such as AMR systems) and to various embodiments of metrology devices and associated technologies, such as endpoint devices.
  • the present subject matter in some present exemplary embodiments may relate to an automatic meter reading (AMR) system including a consumption sensing meter having an associated endpoint device and a head end device.
  • AMR automatic meter reading
  • the endpoint device may be configured to transmit signals using a data structure including at least one field configured to convey a tamper count
  • an associated head end device may be configured to receive the signals and to compare the tamper count to a known count.
  • such head end device may be further configured to issue an alarm when the tamper count fails to match the known count.
  • the tamper count may be incremented in response to programming events for the meter.
  • the programming events may comprise metrology programming events.
  • the system may also include a portable programming device configured to receive the signals and to transmit the tamper count to the associated head end device.
  • the portable programming device may be a handheld device.
  • the known count may correspond to a count of authorized programming events, and, in particular to a count of authorized metrology programming events.
  • the at least one field may correspond to at least one byte.
  • the endpoint may be further configured to transmit signals using a data structure including at least one second field configured to convey a second tamper count.
  • such data structure may include separate counts for metrology-related and non-metrology related programming.
  • such head end device may be configured to compare such tamper count with a record of associated work orders.
  • the present subject matter relates to a metrology device including a consumption sensing meter and an associated endpoint device.
  • the endpoint device may be configured to transmit signals using a data structure including at least one field configured to convey a tamper count while the endpoint device may be configured to respond to programming events by incrementing the tamper count.
  • the endpoint device may be configured to respond to metrology programming events.
  • the endpoint device may be configured to transmit signals using a data structure including at least one second field configured to convey a second tamper count.
  • a data structure including at least one second field configured to convey a second tamper count.
  • such data structure may include separate counts for metrology-related and non-metrology related programming.
  • such metrology device may further be associated with a head end device configured to receive such tamper count, to compare such tamper count with associated work order data, and to issue an alarm for further investigation if such comparison does not match.
  • Figure 1 illustrates the format of an exemplary legacy SCM consumption message
  • Figure 2 illustrates an exemplary format of an exemplary SCM+ message format in accordance with the present disclosure
  • Figure 3 illustrates an exemplary tamper field mapping of bytes within the exemplary SCM+ message format illustrated in present Figure 2 such as may be used in an exemplary gas endpoint in accordance with the present disclosure
  • Figure 4 is a diagram illustrating an exemplary architecture of a system constructed in accordance with present technology.
  • Figure 5 is a flow chart of an exemplary method for determining the presence of programming tampering within an endpoint, in accordance with the present disclosure.
  • the present subject matter is particularly concerned with methodologies for providing enhanced communications functionalities within an AMR/AMI environment, and, more particularly, with providing methods for detection of various forms of endpoint tampering, and corresponding apparatus and device subject matter.
  • SCM legacy standard consumption message
  • Traditional tamper reporting in consumption messages, such as the SCM message have been typically limited, for example, to a few (4) bits split into two 2 bit fields.
  • Contemporary metering scenarios on the other hand, often can lead to a desire for more tamper/status information than available through traditional meters in order, for example, to desirably support the needs of conservation, security and system integrity functions within an AMI system.
  • the two bit fields illustrated as tamper counter fields can be used as 2 bit counters or status flags.
  • providing only 2 bits provides a rather limited count range of only 0 to 3, as well understood by those of ordinary skill in the art.
  • an exemplary format generally 200 of an enhanced standard consumption message herein after noted as an "SCM+" message provided in accordance with present disclosure.
  • SCM+ enhanced standard consumption message
  • Such tamper counters become part of the message that is transmitted by the endpoint and received by a reading system.
  • Head-end systems may be configured to compare the reported tamper counters with previous values to identify, for example, programming changes. Any identified changes can be compared with known work orders to audit or verify the validity of the
  • methodologies in accordance with present disclosure include, but are not limited to, counting reprogramming events between an endpoint and a programming device that can be used with auditing software on head-end systems to determine if unauthorized reprogramming has occurred, separately counting metrology- related programming from non-metrology related programming, and adding previously unflagged events such as, but not limited to, low battery indication.
  • contemporary endpoints often may be generally configured to include two-way communications capability, unlike the majority of legacy endpoints employing prior SCM communications protocols, which were more often one-way devices.
  • Coupling such two-way capability to the expanded tampers enables an endpoint to set one of the additionally available flags in the present exemplary SC + message to indicate to a collection device that it has additional information to report. Such associated collection device can then request from the endpoint the additional tamper/status information.
  • Such presently disclosed subject matter greatly expands, beyond the newly expanded 2 byte fields, the number of possible conditions the endpoint can report to a collection system, such that rarely expected events or conditions can still be reported without disadvantageously having to dedicate capacity for reports in a bubble-up SCM+ message.
  • Such ability to keep expanded tamper information outside of the base SCM+ message also keeps on- the-air packet length as short as possible to increase aggregate channel capacity and reduce susceptibility to interference.
  • FIG. 3 there is illustrated an exemplary tamper field mapping generally 300 of bytes within the presently disclosed SCM+ message format generally 200 as illustrated in present Figure 2 as may be used for communications exchanges from, for example, a gas endpoint.
  • tamper signals may be provided including those generated resulting from magnetic tampering as well as tilt tampering.
  • other exemplary types of tampering including variations in metrology and non-metrology program count may also be detected as previously noted.
  • a spare flag F that generally will have a value of zero, may also be included for future use (such as future added or future developed types of indications).
  • FIG. 400 With present reference to Figure 4, there is illustrated a diagram generally 400 showing an exemplary architecture of a system constructed in accordance with present technology.
  • requests for work orders flow from the utilities CIS 402 and work orders systems 404 down to crews with programming devices, such as handheld computer 406 or laptop computer (not separately illustrated) with attached radio or other interfaces to the meter endpoints (not separately illustrated) to facilitate a connection to the meter 408 for programming.
  • programming devices such as handheld computer 406 or laptop computer (not separately illustrated) with attached radio or other interfaces to the meter endpoints (not separately illustrated) to facilitate a connection to the meter 408 for programming.
  • a file logging the results of the programming is saved within the programming device after completion of the programming and is either transmitted back to the utility at that time or later when the worker returns to a utility facility and can connect to the IT network and download the logs.
  • the reprogramming tampers in the endpoint are appropriately incremented based on the number and type of parameters that are changed.
  • the tampers transmitted in the SCM+ message are set to match these changes and are reflected in all subsequent SCM+
  • the collectors for example handheld collector 410, that read the meter 408 record the SCM+ message and include the tamper fields in the files that report to their corresponding head-end systems.
  • Those head-end systems may look for a change in reprogramming tampers and create an event to send to the event logging system 412 or they may export all tampers to the Event Log Monitoring system(s) at the utility where the event logs from various systems are compare and correlated to identify unmatched or otherwise exceptional events that might indicate some form of security breach. Such potential breaches are reported so the appropriate IT security personnel can be notified and any appropriate investigations can be performed.
  • step 502. If no tamper has been detected, the decision flow returns to step 502. If, on the other hand, a tamper has been detected, instructions are given to compare the tamper to previous work orders at step 506. If, when compared in step 508, the work orders and tampers match thereby signifying occurrence of authorized programming, the decision flow again returns to step 502. If, however, the work order and tampers do not match, an alarm may be generated at step 510 and passed from, for example, event log monitor 412 (Fig. 4) to appropriate personnel for action.
  • tampering detected in accordance with present technology may be indicative of a large variety of events including, without limitation, metrology as well as non-metrology events.
  • the present technology may be used to detect unauthorized programming of a meter via attempts to alter both metering and non-metering functions related to, for example, meter 408 as well as more common forms of tampering including use of magnetic fields and attempted movement of the meter.

Abstract

The present subject matter is directed to methodologies, devices and systems for providing enhanced tamper detection in AMR/AMI systems. A consumption sensing meter has associated therewith an endpoint device. The endpoint device is configured to increment a tamper counter upon detection of various events including, such as, metrology and non-metrology programming events. A count of detected tamper events is conveyed to a head end device within the system is compared with a known count representing authorized programming events and an alarm is generated if the reported count and known count do not match.

Description

TITLE: PROVIDING SECURITY TRACEABiLITY OF CHANGES IN
ENDPOINT PROGRAMMING THROUGH AUDITING
FIELD OF THE SUBJECT MATTER
[0001] The present subject matter relates to information exchange in a wireless network of devices capable of exchanging information. More particularly, the present subject matter relates to improvements in tamper detection within a network of metrology devices with AMI capabilities.
BACKGROUND OF THE SUBJECT MATTER [0002] A number of parameters programmed into utility meter endpoints affect the calculation of consumption and thus the amount billed to the customer and the revenue collected by the utility. Other programmed parameters may affect the performance of the endpoint and, if misprogrammed, can even reduce the battery life of battery-powered endpoints. Therefore, it would be advantageous to insure that no unauthorized changes are made to its meters that will affect either performance or revenue.
[0003] While there are many ways of controlling information and access to the equipment required for programming, there are still ways for rouge programming to occur (whether through an intentional act or otherwise inadvertently). Some utilities choose to use event logging and monitoring to identify actual or potential security issues in their IT infrastructure. Such approach allows the central correlation of events created by multiple systems to see if events across the IT infrastructure match as they should or if instead they indicate that a possible security event has occurred.
[0004] To facilitate such event logging architecture, all elements of the involved solution that generate relevant events must report those events up to the event logging system, and intermediate nodes {such as Handheld (HH), Mobile
Collection (MC) and Fixed Network systems) must in turn pass such information up to and through their respective head-end systems to the event logging servers. [0005] While programming devices and servers have records of the intended programming and results which are passed up in various file formats, such as XML, the messaging capability of endpoints is sometimes to an extent relatively limited. Event reporting fits most closely with the status reporting that is embodied in tampers.
[0006] Traditional tamper reporting in consumption messages, such as the standard consumption message (SCM), are generally relatively limited to a few (4) bits split into two 2 bit fields. Contemporary metering scenarios also tend to require more tamper/status information than traditional meters to support the needs of conservation, security, and system integrity functions within an AMI system. There are fundamentally too few bits in such scenario to support event reporting. Under a network, it might be possible to map reprogramming into one of the bits that times out, that is, clears itself, after a span of time, since the network is always listening to the endpoints, but such an approach is problematic for HH and MC systems when, for example, the endpoint is read once a month or less frequently.
[0007] The following patent documents are examples of prior publications relating to meter communications: US Patent No. 4,614,945 to Brunius, et at., entitled "Automatic/remote RF instrument reading method and apparatus;" US Patent No. 5,673,252 to Johnson, et al., entitled "Communications protocol for remote data generating stations; US Patent No. 6,218,995 to Higgins, et al., entitled "Telemetry antenna system;" US Patent No. 6,262,685 to Welch, et al., entitled "Passive radiator;" US Patent No. 7,079,962 to Cornwall, et al., entitled "Automated utility meter reading system with variable bandwidth receiver;" and US Patent No. 7,830,874 to Cornwall, et al., entitled "Versatile radio packeting for automatic meter reading systems."
[0008] In view of such concerns, it would be advantageous, therefore, to provide additional methodologies for examining a wider range of possible tamper instances; however, to date, no integrated technology has provided all of the advantages and capabilities for tamper detection and analysis as hereinafter described. SUMMARY OF THE SUBJECT MATTER
[0009] In view of the recognized features encountered in the prior art and addressed by the present subject matter, improved methodology and apparatus are provided for providing enhanced tamper detection functionalities within an AMR/AMI environment. In accordance with the present subject matter, such improvements may be provided by way of a flexible data structure and associated data analysis within a network of metrology devices with AMI capabilities.
[0010] The present subject matter relates to methods for providing enhanced tamper detection functionalities in an advanced metering infrastructure, One present exemplary method provides a data structure including at least one field configured to convey a tamper count. In such methods, the tamper count may be compared to a known count and an alarm may be issued when the tamper count fails to match the known count.
[0011] In selected embodiments, the known count may correspond to a count of authorized programming events and, in particular embodiments, to a count of authorized metrology programming events.
[0012] Per some exemplary embodiments, the at least one field may
correspond to at least one byte. In particular embodiments, at least one second field configured to convey a second tamper count may be provided.
[0013] In some present exemplary method embodiments, the tamper count may be incremented in response to programming events for an associated meter. In certain such embodiments, the programming events may comprise metrology programming events.
[0014] In certain of such exemplary method embodiments, the subject data structure may include separate counts for metrology-related and non-metrology related programming.
[0015] In other present alternative exemplary embodiments, the method comparing step may include comparing the tamper count with a record of associated work orders.
[0016] In addition to methodologies, the present subject matter equally relates to various and corresponding systems (such as AMR systems) and to various embodiments of metrology devices and associated technologies, such as endpoint devices.
[0017] The present subject matter in some present exemplary embodiments may relate to an automatic meter reading (AMR) system including a consumption sensing meter having an associated endpoint device and a head end device. In such exemplary embodiments, the endpoint device may be configured to transmit signals using a data structure including at least one field configured to convey a tamper count, while an associated head end device may be configured to receive the signals and to compare the tamper count to a known count. In such
embodiments, such head end device may be further configured to issue an alarm when the tamper count fails to match the known count.
[0018] In various alternative embodiments of such present systems, the tamper count may be incremented in response to programming events for the meter. In some of such alternatives, the programming events may comprise metrology programming events.
[00191 In other exemplary embodiments, the system may also include a portable programming device configured to receive the signals and to transmit the tamper count to the associated head end device. In particular such embodiments, the portable programming device may be a handheld device.
[0020] |n certain other exemplary embodiments, the known count may correspond to a count of authorized programming events, and, in particular to a count of authorized metrology programming events. In selected of such embodiments, the at least one field may correspond to at least one byte. In yet further embodiments, the endpoint may be further configured to transmit signals using a data structure including at least one second field configured to convey a second tamper count.
[0021] In other present exemplary system embodiments, such data structure may include separate counts for metrology-related and non-metrology related programming.
[0022] In still further present alternative exemplary system embodiments, such head end device may be configured to compare such tamper count with a record of associated work orders. [0023] In yet still further exemplary embodiments, the present subject matter relates to a metrology device including a consumption sensing meter and an associated endpoint device. In such exemplary embodiments, the endpoint device may be configured to transmit signals using a data structure including at least one field configured to convey a tamper count while the endpoint device may be configured to respond to programming events by incrementing the tamper count.
[0024] In particular such exemplary embodiments, the endpoint device may be configured to respond to metrology programming events.
[0025] In still further exemplary embodiments, the endpoint device may be configured to transmit signals using a data structure including at least one second field configured to convey a second tamper count. In certain of such further exemplary embodiments, such data structure may include separate counts for metrology-related and non-metrology related programming.
[0026] In still further alternative present exemplary embodiments, such metrology device may further be associated with a head end device configured to receive such tamper count, to compare such tamper count with associated work order data, and to issue an alarm for further investigation if such comparison does not match.
[0027] Additional objects and advantages of the present subject matter are set forth in, or will be apparent to, those of ordinary skill in the art from the detailed description herein. Also, it should be further appreciated that modifications and variations to the specifically illustrated, referred and discussed features, elements, and steps hereof may be practiced in various embodiments and uses of the subject matter without departing from the spirit and scope of the subject matter. Variations may include, but are not limited to, substitution of equivalent means, features, or steps for those illustrated, referenced, or discussed, and the functional, operational, or positional reversal of various parts, features, steps, or the like.
[0028] Still further, it is to be understood that different embodiments, as well as different presently preferred embodiments, of the present subject matter may include various combinations or configurations of presently disclosed features, steps, or elements, or their equivalents (including combinations of features, parts, or steps or configurations thereof not expressly shown in the figures or stated in the detailed description of such figures). Additional embodiments of the present subject matter, not necessarily expressed in the summarized section, may include and incorporate various combinations of aspects of features, components, or steps referenced in the summarized objects above, and/or other features, components, or steps as otherwise discussed in this application. Those of ordinary skill in the art will better appreciate the features and aspects of such embodiments, and others, upon review of the remainder of the specification.
BRIEF DESCRIPTION OF THE DRAWINGS [0029] A full and enabling disclosure of the present subject matter, including the best mode thereof, directed to one of ordinary skill in the art, is set forth in the specification, which makes reference to the appended figures, in which:
[0030] Figure 1 illustrates the format of an exemplary legacy SCM consumption message;
[0031] Figure 2 illustrates an exemplary format of an exemplary SCM+ message format in accordance with the present disclosure;
[0032] Figure 3 illustrates an exemplary tamper field mapping of bytes within the exemplary SCM+ message format illustrated in present Figure 2 such as may be used in an exemplary gas endpoint in accordance with the present disclosure;
[0033] Figure 4 is a diagram illustrating an exemplary architecture of a system constructed in accordance with present technology; and
[0034] Figure 5 is a flow chart of an exemplary method for determining the presence of programming tampering within an endpoint, in accordance with the present disclosure.
[0035] Repeat use of reference characters throughout the present specification and appended drawings is intended to represent same or analogous features, elements, or steps of the present subject matter.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS
[0036] As discussed in the Summary section, the present subject matter is particularly concerned with methodologies for providing enhanced communications functionalities within an AMR/AMI environment, and, more particularly, with providing methods for detection of various forms of endpoint tampering, and corresponding apparatus and device subject matter. With initial reference to Figure 1 , there is illustrated the format generally 100 of a legacy standard consumption message (SCM). Traditional tamper reporting in consumption messages, such as the SCM message, have been typically limited, for example, to a few (4) bits split into two 2 bit fields. Contemporary metering scenarios, on the other hand, often can lead to a desire for more tamper/status information than available through traditional meters in order, for example, to desirably support the needs of conservation, security and system integrity functions within an AMI system. In legacy consumption messages such as illustrated in Figure 1 , the two bit fields illustrated as tamper counter fields, i.e., field #5 and field #7, can be used as 2 bit counters or status flags. Of course, providing only 2 bits provides a rather limited count range of only 0 to 3, as well understood by those of ordinary skill in the art.
[0037] With present reference to subject Figure 2, there is illustrated an exemplary format generally 200 of an enhanced standard consumption message herein after noted as an "SCM+" message provided in accordance with present disclosure. By expanding the length of the tamper fields presently illustrated as field #7 and field #8 of exemplary representative format 200, to 2 bytes instead of 4 bits, several improvements can be made over the prior art. For example, in order to better support event logging, metrology and non-metrology tamper counters may be added to the expanded tamper fields in the SCM+ message to track each metrology-related and non-metrology-related reprogramming of the endpoint.
[0038] Such tamper counters become part of the message that is transmitted by the endpoint and received by a reading system. Head-end systems may be configured to compare the reported tamper counters with previous values to identify, for example, programming changes. Any identified changes can be compared with known work orders to audit or verify the validity of the
reprogramming.
[0039] By using tamper counters as opposed to a simple flag, the number of changes can be tracked even using Handheld or Mobile collection without having to rely exclusively on the network to constantly monitor for such tampers. [0040] Applications that may take advantage of tamper monitoring
methodologies in accordance with present disclosure include, but are not limited to, counting reprogramming events between an endpoint and a programming device that can be used with auditing software on head-end systems to determine if unauthorized reprogramming has occurred, separately counting metrology- related programming from non-metrology related programming, and adding previously unflagged events such as, but not limited to, low battery indication.
[0041] In addition to the flexibility accorded with expanded tampers and endpoint type fields, those of ordinary skill in the art will appreciate that
contemporary endpoints often may be generally configured to include two-way communications capability, unlike the majority of legacy endpoints employing prior SCM communications protocols, which were more often one-way devices.
Coupling such two-way capability to the expanded tampers enables an endpoint to set one of the additionally available flags in the present exemplary SC + message to indicate to a collection device that it has additional information to report. Such associated collection device can then request from the endpoint the additional tamper/status information. Such presently disclosed subject matter greatly expands, beyond the newly expanded 2 byte fields, the number of possible conditions the endpoint can report to a collection system, such that rarely expected events or conditions can still be reported without disadvantageously having to dedicate capacity for reports in a bubble-up SCM+ message. Such ability to keep expanded tamper information outside of the base SCM+ message also keeps on- the-air packet length as short as possible to increase aggregate channel capacity and reduce susceptibility to interference.
[0042] With present reference to Figure 3, there is illustrated an exemplary tamper field mapping generally 300 of bytes within the presently disclosed SCM+ message format generally 200 as illustrated in present Figure 2 as may be used for communications exchanges from, for example, a gas endpoint. It is to be understood by those of ordinary skill in the art that the present technology is equally applicable to metering of various, different utilities. As may be observed, several types of tamper signals may be provided including those generated resulting from magnetic tampering as well as tilt tampering. In accordance with the present disclosure, other exemplary types of tampering including variations in metrology and non-metrology program count may also be detected as previously noted. In addition, a spare flag F, that generally will have a value of zero, may also be included for future use (such as future added or future developed types of indications).
[0043] With present reference to Figure 4, there is illustrated a diagram generally 400 showing an exemplary architecture of a system constructed in accordance with present technology. As illustrated in present Figure 4, requests for work orders flow from the utilities CIS 402 and work orders systems 404 down to crews with programming devices, such as handheld computer 406 or laptop computer (not separately illustrated) with attached radio or other interfaces to the meter endpoints (not separately illustrated) to facilitate a connection to the meter 408 for programming.
[0044] A file logging the results of the programming is saved within the programming device after completion of the programming and is either transmitted back to the utility at that time or later when the worker returns to a utility facility and can connect to the IT network and download the logs.
[0045] During endpoint programming, the reprogramming tampers in the endpoint are appropriately incremented based on the number and type of parameters that are changed. The tampers transmitted in the SCM+ message are set to match these changes and are reflected in all subsequent SCM+
transmissions, until another programming occurs in the future.
[0046] The collectors, for example handheld collector 410, that read the meter 408 record the SCM+ message and include the tamper fields in the files that report to their corresponding head-end systems. Those head-end systems may look for a change in reprogramming tampers and create an event to send to the event logging system 412 or they may export all tampers to the Event Log Monitoring system(s) at the utility where the event logs from various systems are compare and correlated to identify unmatched or otherwise exceptional events that might indicate some form of security breach. Such potential breaches are reported so the appropriate IT security personnel can be notified and any appropriate investigations can be performed.
[0047] While many possible methods of assembling, correlating, and identifying anomalous events would occur to those of ordinary skill in view of the present disclosure, an exemplary such methodology is illustrated in flow chart generally 500 as illustrated in Figure 5. With reference to present Figure 5, is will be noticed that a determination of an alarm condition signifying, for example, an unauthorized programming event, may be made by first receiving at step 502 tamper
reprogramming event counts from the data collection system. A determination is made at step 504 as to whether a tamper has been detected.
[0048] If no tamper has been detected, the decision flow returns to step 502. If, on the other hand, a tamper has been detected, instructions are given to compare the tamper to previous work orders at step 506. If, when compared in step 508, the work orders and tampers match thereby signifying occurrence of authorized programming, the decision flow again returns to step 502. If, however, the work order and tampers do not match, an alarm may be generated at step 510 and passed from, for example, event log monitor 412 (Fig. 4) to appropriate personnel for action.
[0049] As should be appreciated from discussion herein above, tampering detected in accordance with present technology may be indicative of a large variety of events including, without limitation, metrology as well as non-metrology events. Thus, the present technology may be used to detect unauthorized programming of a meter via attempts to alter both metering and non-metering functions related to, for example, meter 408 as well as more common forms of tampering including use of magnetic fields and attempted movement of the meter.
[0050] While the present subject matter has been described in detail with respect to specific embodiments thereof, it will be appreciated that those skilled in the art, upon attaining an understanding of the foregoing may readily produce alterations to, variations of, and equivalents to such embodiments. Accordingly, the scope of the present disclosure is by way of example rather than by way of limitation, and the subject disclosure is not intended to preclude inclusion of such modifications, variations, and/or additions to the present subject matter as would be readily apparent to one of ordinary skill in the art.

Claims

WHAT IS CLAIMED IS:
1. A method for providing enhanced tamper detection functionalities in an advanced metering infrastructure, comprising:
configuring a data structure to include at least one field configured to convey a tamper count;
comparing the tamper count to a known count; and
issuing an alarm when the tamper count fails to match the known count.
2. A method as in claim 1 , wherein the known count corresponds to a count of authorized programming events.
3. A method as in claim 1 , wherein the known count corresponds to a count of authorized metrology programming events.
4. A method as in claim 1 , wherein the at least one fieid corresponds to at least one byte.
5. A method as in claim 1 , further comprising at least one second field configured to convey a second tamper count.
6. A method as in claim 1 , wherein the tamper count is incremented in response to programming events for an associated endpoint.
7. A method as in claim 6, wherein the programming events comprise metrology programming events.
8. A method as in claim 1 , wherein the data structure includes separate counts for metrology-reiated and non-metrology related programming.
9. A method as in claim 1 , wherein the comparing includes comparing the tamper count with a record of associated work orders.
10. An automatic meter reading (AMR) system, comprising:
a consumption sensing meter;
an endpoint device associated with said meter, said endpoint device configured to transmit signals using a data structure including at least one field configured to convey a tamper count; and
a head end device configured to receive said signals and to compare the tamper count to a known count,
wherein said head end device is further configured to issue an alarm when the tamper count fails to match the known count.
11. A system as in claim 10, further comprising a portable programming device configured to receive said signals and to transmit said tamper count to said head end device.
12. A system as in claim 11 , wherein said portable device is a handheld device.
13. A system as in claim 10, wherein the known count corresponds to a count of authorized programming events.
14. A system as in claim 10, wherein the known count corresponds to a count of authorized metrology programming events.
15. A system as in claim 10, wherein the at least one field corresponds to at least one byte.
16. A system as in claim 10, wherein said tamper count is incremented in response to programming events for said endpoint device.
17. A system as in claim 16, wherein said programming events comprise metrology programming events.
18. A system as in claim 10, wherein the endpoint device is further configured to transmit signals using a data structure including at least one second field configured to convey a second tamper count. 9. A system as in claim 10, wherein said data structure includes separate counts for metrology-related and non-metrology related programming.
20. A system as in claim 10, wherein said head end device is configured to compare said tamper count with a record of associated work orders.
21. A metrology device, comprising:
a consumption sensing meter; and
an endpoint device associated with said meter, said endpoint device configured to transmit signals using a data structure including at least one field configured to convey a tamper count;
wherein said endpoint end device is configured to respond to programming events by incrementing said tamper count.
22. A metrology device as in claim 21 , wherein said endpoint device is configured to respond to metrology programming events.
23. A metrology device as in claim 21 , wherein said endpoint device is configured to transmit signals using a data structure including at least one second field configured to convey a second tamper count.
24. A metrology device as in claim 23, wherein said data structure includes separate counts for metrology-related and non-metrology related programming.
25. A metrology device as in claim 2 , further including an associated head end device configured to receive said tamper count, to compare said tamper count with associated work order data, and to issue an alarm for further investigation if such comparison does not match.
PCT/US2012/048477 2011-07-29 2012-07-27 Providing security traceability of changes in endpoint programming through auditing WO2013019595A2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CA2747342A CA2747342C (en) 2011-07-29 2011-07-29 Providing security traceability of changes in endpoint programming through auditing
CA2747342 2011-07-29

Publications (2)

Publication Number Publication Date
WO2013019595A2 true WO2013019595A2 (en) 2013-02-07
WO2013019595A3 WO2013019595A3 (en) 2014-05-08

Family

ID=44763665

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2012/048477 WO2013019595A2 (en) 2011-07-29 2012-07-27 Providing security traceability of changes in endpoint programming through auditing

Country Status (2)

Country Link
CA (1) CA2747342C (en)
WO (1) WO2013019595A2 (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9961572B2 (en) 2015-10-22 2018-05-01 Delta Energy & Communications, Inc. Augmentation, expansion and self-healing of a geographically distributed mesh network using unmanned aerial vehicle (UAV) technology
US10055869B2 (en) 2015-08-11 2018-08-21 Delta Energy & Communications, Inc. Enhanced reality system for visualizing, evaluating, diagnosing, optimizing and servicing smart grids and incorporated components
US10055966B2 (en) 2015-09-03 2018-08-21 Delta Energy & Communications, Inc. System and method for determination and remediation of energy diversion in a smart grid network
US10476597B2 (en) 2015-10-22 2019-11-12 Delta Energy & Communications, Inc. Data transfer facilitation across a distributed mesh network using light and optical based technology
US10652633B2 (en) 2016-08-15 2020-05-12 Delta Energy & Communications, Inc. Integrated solutions of Internet of Things and smart grid network pertaining to communication, data and asset serialization, and data modeling algorithms
US10791020B2 (en) 2016-02-24 2020-09-29 Delta Energy & Communications, Inc. Distributed 802.11S mesh network using transformer module hardware for the capture and transmission of data
US11172273B2 (en) 2015-08-10 2021-11-09 Delta Energy & Communications, Inc. Transformer monitor, communications and data collection device
US11196621B2 (en) 2015-10-02 2021-12-07 Delta Energy & Communications, Inc. Supplemental and alternative digital data delivery and receipt mesh net work realized through the placement of enhanced transformer mounted monitoring devices

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5025470A (en) * 1986-06-20 1991-06-18 Badger Meter, Inc. Automatic meter reading system with malfunction protection
US5910774A (en) * 1996-09-18 1999-06-08 Itron, Inc. Sensor for count and tamper detection
US20020010688A1 (en) * 1998-07-24 2002-01-24 Chandrakant J. Shah Method and apparatus for performing automated fraud reporting
US20030179714A1 (en) * 2002-03-21 2003-09-25 Gilgenbach Alan M. Meter monitoring and tamper protection system and method
US20040030912A1 (en) * 2001-05-09 2004-02-12 Merkle James A. Systems and methods for the prevention of unauthorized use and manipulation of digital content
US20070103334A1 (en) * 2005-11-09 2007-05-10 Distribution Control Systems, Inc. Tamper detection apparatus for electrical meters
US20110115643A1 (en) * 2009-11-19 2011-05-19 Silver Spring Networks, Inc. Utility network interface device configured to detect and report abnormal operating condition

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5025470A (en) * 1986-06-20 1991-06-18 Badger Meter, Inc. Automatic meter reading system with malfunction protection
US5910774A (en) * 1996-09-18 1999-06-08 Itron, Inc. Sensor for count and tamper detection
US20020010688A1 (en) * 1998-07-24 2002-01-24 Chandrakant J. Shah Method and apparatus for performing automated fraud reporting
US20040030912A1 (en) * 2001-05-09 2004-02-12 Merkle James A. Systems and methods for the prevention of unauthorized use and manipulation of digital content
US20030179714A1 (en) * 2002-03-21 2003-09-25 Gilgenbach Alan M. Meter monitoring and tamper protection system and method
US20070103334A1 (en) * 2005-11-09 2007-05-10 Distribution Control Systems, Inc. Tamper detection apparatus for electrical meters
US20110115643A1 (en) * 2009-11-19 2011-05-19 Silver Spring Networks, Inc. Utility network interface device configured to detect and report abnormal operating condition

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11172273B2 (en) 2015-08-10 2021-11-09 Delta Energy & Communications, Inc. Transformer monitor, communications and data collection device
US10055869B2 (en) 2015-08-11 2018-08-21 Delta Energy & Communications, Inc. Enhanced reality system for visualizing, evaluating, diagnosing, optimizing and servicing smart grids and incorporated components
US10055966B2 (en) 2015-09-03 2018-08-21 Delta Energy & Communications, Inc. System and method for determination and remediation of energy diversion in a smart grid network
US11196621B2 (en) 2015-10-02 2021-12-07 Delta Energy & Communications, Inc. Supplemental and alternative digital data delivery and receipt mesh net work realized through the placement of enhanced transformer mounted monitoring devices
US9961572B2 (en) 2015-10-22 2018-05-01 Delta Energy & Communications, Inc. Augmentation, expansion and self-healing of a geographically distributed mesh network using unmanned aerial vehicle (UAV) technology
US10476597B2 (en) 2015-10-22 2019-11-12 Delta Energy & Communications, Inc. Data transfer facilitation across a distributed mesh network using light and optical based technology
US10791020B2 (en) 2016-02-24 2020-09-29 Delta Energy & Communications, Inc. Distributed 802.11S mesh network using transformer module hardware for the capture and transmission of data
US10652633B2 (en) 2016-08-15 2020-05-12 Delta Energy & Communications, Inc. Integrated solutions of Internet of Things and smart grid network pertaining to communication, data and asset serialization, and data modeling algorithms

Also Published As

Publication number Publication date
CA2747342A1 (en) 2011-10-04
CA2747342C (en) 2013-04-23
WO2013019595A3 (en) 2014-05-08

Similar Documents

Publication Publication Date Title
CA2747342C (en) Providing security traceability of changes in endpoint programming through auditing
US8970393B2 (en) Data analysis system, such as a theft scenario analysis system for automated utility metering
US7301475B2 (en) Systems and methods for utility meter data collection
US9258627B2 (en) Locating utility metering devices
US7583203B2 (en) Programming electronic meter settings using a bandwidth limited communications channel
US20100188938A1 (en) Measuring the accuracy of an endpoint clock from a remote device
CN202075002U (en) Meter reading system of wireless remote flowmeter based on GPRS/Internet network
US20050267898A1 (en) Data format and method for communicating data associated with utility applications, such as for electric, gas, and water utility applications
US9030334B2 (en) Locating utility metering devices
US7930392B2 (en) Method and system for providing a self-populating database for the network collection of meter data
US20180074123A1 (en) System Test Mode For Electricity Meter In A Metering Network
CN104992288A (en) Building energy consumption monitoring information system
US20180146268A1 (en) Meter Data Request For Metering System
US20080052019A1 (en) Compact Data Transmission Protocol for Electric Utility Meters
CN104574706A (en) Handheld POS system used for wireless meter reading
US20120331092A1 (en) Conditional Command Data Reading Techniques
US20230116418A1 (en) Sensor Centric Datastore for a Customer Information System
US20230401654A1 (en) System and Method for Identifying Water Usage Violations in Streamed Data
US20230397554A1 (en) System and Method for Reviewing and Monitoring Precipitation Aware Irrigation
US11796347B2 (en) System and method for providing flow rate information
US20230400332A1 (en) System and Method for Validating Streaming Sensor Data in a Utility Monitoring System
US20230400333A1 (en) System and Method for Identifying the Effect of Changes in a Utility Monitoring System
AU2022363492A1 (en) Sensor-centric datastore for a customer information system
Johnson Containing smart water metering risks

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12820269

Country of ref document: EP

Kind code of ref document: A2

122 Ep: pct application non-entry in european phase

Ref document number: 12820269

Country of ref document: EP

Kind code of ref document: A2