Field of the Invention
Embodiments of the present invention generally relate to computer security and more specifically, to a method for providing an ability to limit attacks on un-commissioned utility field devices and on field devices by maintenance field tools.
Description of the Related Art
A hand held terminal (HHT) is a portable tool that is used to access field devices, such as smart meters, sensors and controllers, for tasks that include commissioning, management, firmware updates, diagnostics, and data reading. The HHT connects to a meter using wired or wireless communication links between the HHT and the meter. HHTs can be used to perform the above mentioned tasks even when a meter is not configured and is not connected or has never been connected to a network.
Due to the fact that HHTs can perform such vital tasks on a field device, security for the communication between HHTs and filed devices is an important concern. An HHT may be lost, or may not be returned when a user of the HHT leaves a company. Authenticating an HHT or limiting the tasks an HHT is authorized to perform on a field device using certificates are common techniques to limit attacks. However, a field device that has never been connected to the utility's network is at risk even with current techniques because until the device is configured and connected to the network, the device is unable to authenticate the HHT using a certificate chain to a utility's root certificate authority. Another aspect of this security is to restrict what tasks individual HHT's are authorized to perform in order to accommodate service technician roles that vary from simple meter reading to device reconfiguration and maintenance.
In addition, efficiently deploying large numbers of devices using HHTs is of critical concern to the manufacturer and the utility.
Therefore, there is a need for a method and apparatus for authentication techniques to prevent attacks on un-commissioned devices and securely limit the tasks that a field tool is authorized to perform.