Legacy assurance analog sensor circuits used in physical security, building access control, and industrial supervisory control and data acquisition (SCADA) applications

MX435026BActive Publication Date: 2026-06-12PROMETHEUS SECURITY GRP GLOBAL

Patent Information

Authority / Receiving Office
MX · MX
Patent Type
Patents
Current Assignee / Owner
PROMETHEUS SECURITY GRP GLOBAL
Filing Date
2023-01-02
Publication Date
2026-06-12

AI Technical Summary

Technical Problem

Current Intrusion Detection Systems (IDS) and Physical Access Control Systems (PACS) are vulnerable to replay attacks, lack authentication of system configuration data and event logs, and do not securely authenticate deployed equipment, especially at the edge, where processing power is available, leading to potential manipulation and vulnerability.

Method used

Implementing a microcontroller with digital encrypted security interfaces (DESI) and asymmetric public code cryptography to authenticate and encrypt sensor and control output signals, using elliptic curve digital signature algorithms and HMAC for secure communication, along with a watchdog timer to monitor and reset in case of communication loss.

Benefits of technology

Enhances security by authenticating and encrypting sensor and control output signals, protecting against manipulation and tampering, and ensuring secure communication, thereby fortifying IDS and PACS systems against unauthorized access.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure MX435026B0
    Figure MX435026B0
Patent Text Reader

Abstract

The modalities are directed to an apparatus comprising: a microcontroller configured as a universal field panel. The microcontroller provides channels that (i) couple with a digital encrypted security interface (DESI) by means of a digital communications interface and / or couple with a sensor comprising an analog signal and wherein the analog sensor comprises one or more resistors coupled with one or more switches to monitor the Boolean state of the sensors; (ii) wherein the digital encrypted security interface (DESI) couples with a sensor input and / or couples with a control output where the signals that command a relay are authenticated before execution; (iii) authenticate and encrypt the sensor or control output.The control output is a programmable relay or solid-state device that characterizes a form-C control interface to provide authentication of the command and control platforms to the devices and / or signals they are controlling.
Need to check novelty before this filing date? Find Prior Art

Description

Legacy assurance analog sensor circuits used in physical security, building access control, and industrial supervisory control and data acquisition (SCADA) applications Cross-reference to related application This application claims priority over United States provisional patent application serial number 63 / 042.826 filed on June 23, 2020, which is incorporated herein by reference in its entirety. Background of the invention Certain modalities relate to the field of system and device monitoring. Specific aspects are geared towards the encrypted and authenticated monitoring of passive sensors that utilize existing wiring infrastructure. The current state of the art for Intrusion Detection Systems (IDS) and Physical Access Control Systems (PACS) leaves much to be desired. Critical system data is frequently transmitted without suspicion or with minimal protection against replay attacks. System configuration data and event logs are not authenticated and are subject to internal manipulation. Most Boolean intrusion sensors (door switches, push buttons to exit, motion detectors, etc.) are hardwired back to the host using supervised linear techniques from the 1940s that are easily overcome or bypassed. Rarely is deployed equipment properly monitored beyond initial installation, making ongoing threat mitigation and vulnerability exposure a serious concern.The deployed equipment is not uniquely identified or authenticated, especially at the edge or boundary where processing power is currently most prevalent. Furthermore, commands from command and control systems that control outputs (such as door locking mechanisms for access control) are not authenticated and are only protected by the conduit carrying the control wires. A typical system comprises several infrastructure “layers.” At the top are multiple site servers that perform site management, logging, analysis, and operator visualization. These often report to and interact with remotely located enterprise-wide systems. In the middle are the control processors that implement the IDS / P ACS mission. These are often called “field panels.” At the edge are the various sensors and controls that interact with the environment. Current systems are vulnerable, and there is a need to consider more secure systems. Brief description of the invention Certain modes are designed to be used with an authenticator, adapting the features of the base DS28E83 module to better suit the security applications for which they will be provided. This will primarily provide asymmetric public-code cryptography for: encrypting information transmitted through the device; and / or signature authentication. The digital representation of all devices in the chain (from the line end to the front end) that generates security information will be implemented. This will entail changes to the existing device's code management posture, a new memory space mapping, the implementation of a retention mechanism to capture rapid GPI changes, the implementation of tamper monitoring logic, and the creation and response of rapid authenticated writes. The device will implement an external programmable watchdog timer (on the DS28E83 module) that monitors encrypted communications and resets to the default state in the event of a loss of communication with the control system. Certain modalities are directed to an apparatus comprising: a microcontroller configured as a universal field panel, wherein the microcontroller is configured to provide channels that (i) couple to at least one digital encrypted security interface (DESI) by means of a digital communications interface (e.g., a cable or wire, power line carrier, HART, etc.) and / or couple to at least one sensor comprising an analog signal, wherein the analog sensor comprises one or more resistors coupled with one or more switches to monitor the Boolean state of the sensors (as shown in the configuration in Figure 3); (ii) wherein the digital encrypted security interface (DESI) couples to at least one sensor input and / or couples to a control output where the signals commanding a relay are authenticated prior to execution; (ii) authenticate and encrypt at least the sensor or control output.In certain aspects, at least the sensor is a digital sensor, and the digital sensor comprises a digital sensor module configured to receive one or more Boolean signals, an alarm signal, and / or a tamper signal, and the digital communication interface corresponding to the digital sensor comprises a ground reference signal and a data signal. In a further aspect, at least the sensor comprises an analog signal, and the analog sensor comprises one or more resistors coupled with one or more switches for monitoring the Boolean state of the sensors or control outputs. In a further aspect, at least the control output is a means of controlling the power or status signaling. The microcontroller can be configured to authenticate and encrypt at least the sensor and / or control output using a public-code cryptography digital signature authentication mechanism and a public-code cryptography encryption algorithm. In some respects, the public-code cryptography digital signature authentication mechanism is the Elliptic Curve Digital Signature Algorithm (ECDSA). In others, the public-code cryptography encryption algorithm is an Extract-Based Message Authentication Code (HMAC). The microcontroller can be configured to authenticate and encrypt at least the sensor and / or control output based, at least in part, on the sensor's address and location. The device can also include a power module coupled with universal field panel devices (as shown in the configuration in Figure 5). Certain modalities are directed to a system, comprising: (i) a plurality of authenticated sensors and / or control outputs, each authenticated node comprising an interface module of ML / a / ZUZ J / UUUl ÓO digital encrypted security (DESI) and a plurality of sensor monitoring inputs or control outputs; (as shown in the configuration of Figure 6) (i) a plurality of universal field panels coupled with a plurality of authenticated sensors and / or control outputs (as shown in the configuration of Figure 1); and (iii) a plurality of input / output controllers coupled with a plurality of sensors and / or control outputs (as shown in the configuration of Figure 2).In certain aspects, the system may include a first universal field panel coupled with a first set of the plurality of authenticated sensors and / or control outputs; a second universal field panel coupled with a second set of the plurality of authenticated sensors and / or control outputs; a third universal field panel coupled with a third set of the plurality of authenticated sensors and / or control outputs; a fourth universal field panel coupled with a fourth set of the plurality of authenticated sensors and / or control outputs; a first area input / output controller coupled with the first universal field panel and the second universal field panel; and a second area input / output controller coupled with the third universal field panel and the fourth universal field panel.In certain respects, sensor monitoring inputs or control outputs may include inputs from one or more Boolean sensors or control outputs from devices that require power or signaling and may be implemented as a Form C implementation using a standard relay or solid-state relay (as shown in the configuration in Figure 7). The system may further comprise a plurality of servers coupled with a plurality of area controllers, coupled with a plurality of input / output controllers, and coupled with a plurality of authenticated sensors and / or control outputs and / or analog sensors. In some aspects, each area input / output controller is configured to communicate with the server using public-code cryptography or session cipher codes. In a further aspect, the server is configured to authenticate and encrypt the information from at least one sensor controller within the plurality of sensor controllers, which in turn is configured to authenticate and encrypt the information from at least one digital sensor within the plurality of digital encrypted security interfaces (DESIs).The first area I / O controller can be configured to communicate with the first universal field panel via a variety of communication media (as shown in the configuration in Figure 2). In some respects, the communication medium includes, but is not limited to, an RS-485 bus, an Ethernet network, or similar. In some respects, at least one of the plurality of authenticated sensors and / or control outputs comprises a Digital Encrypted Security Interface (DESI) module configured to receive Boolean sensor status. Boolean sensor status may include, but is not limited to, an alarm signal and / or a tamper signal. In some respects, each universal field panel is configured to communicate with at least one of the plurality of authenticated sensors and / or control outputs via a digital communication interface.The Digital Encrypted Security Interface (DESI) module may have a unique identifier to enable module authenticity and interoperability across multiple manufacturers. Universal field panel inputs may also be included. The system can be capable of monitoring digitally authenticated or analog inputs. The Digital Encrypted Security Interface (DESI) module can be configured to retain input transitions at any rising or falling edge of the signal for later reading by the universal field panel. The Digital Encrypted Security Interface (DESI) module can be configured to support the ability to recode the device's public-code cryptography information throughout the device's lifetime. The system can also include a power module coupled with any of the universal field panels. An apparatus or system may include an interconnected output controller to provide Form C control via an external relay or solid-state relay, where Form C control provides known and predetermined control states. The apparatus or system includes a device that supports a fast encrypted write mode to provide appropriate timing for controlling the output devices. The device implements a watchdog timer that monitors encrypted communications from the universal field panel and, if these communications are absent, detects bus tampering and reverts to the default state while retaining a tampered state. The device provides random data to the memory locations where the state is read, protecting the device from external pattern snooping attacks.The latest random data read is used to authenticate fast encryption writes to control the outputs. The device provides a constant current source and a turn-off regulator to enable long-line digital communications. The device supports programmable key slots to change the root encoding material throughout the device's lifespan. These slots can be protected with authenticated writes using the material from the previous slot to prevent surreptitious changes from forced attacks. When in analog mode, the device provides a novel procedure for measuring these circuits, featuring a constant current source. This offers a wider range of noise immunity, as well as supervisory resistor combinations.The universal field panels will automatically fluctuate through the external circuit and adjust the configuration to adapt to the measured responses and the deployed environment. When deployed with (2) UFP-GW, the system can fail, redundantly, among the plurality of expansion modules and DESI modules that would be deployed below the fault tolerance and control redundancy (as shown in the configuration in Figure 2). The device or system can be configured so that the release of hold is controlled by an encrypted reading of the device, which requires passing an authentication test, thus preventing the hold status from being secretly cleared. The device or system can be configured to provide both open recode mode and authenticated recode mode, preventing the latter from being secretly taken over. The device or system can provide an intrinsic tamper detection and response mechanism that takes into account failed recode attempts and alerts the host system. The device can implement a watchdog timer that monitors communications through the host controller and, if no communication occurs within the specified time, reverses the output. The device is locked to the default state to protect against surreptitious attempts to sever the link with the controller and force local control of the device. The device uses a random number generator to fill the remaining memory bytes with constantly rotating random data, thus obscuring pattern analysis techniques. The device may have a miniaturized form factor to allow installation on existing sensor or detection technologies. The system / device / apparatus can be configured to comply with various data encryption and validation standards, such as those of the United States government.To enable the conversion of legacy infrastructure to an enhanced, digitally encrypted security infrastructure, the device can be configured on a per-input basis to accept either analog or digital sensors (as shown in the configuration in Figure 5). When in analog mode, the device provides a novel procedure for measuring these circuits, which features or characterizes a constant current source. This offers a wider range of noise immunity, as well as more versatile combinations of monitoring resistors. The universal field panels will automatically adjust via the external circuitry and fine-tune the configuration to suit the measured responses and the deployed environment. An analog sensor is an electronic device that constantly measures a physical variable, such as temperature, distance, humidity, or light, and then transforms that measurement into an electrical signal. An actuator is an electronic device that transforms an electrical signal into a physical variable (light, sound, etc.). An analog sensor continuously measures the variable and detects any proportional value between 100% and 0%. The term SCADA refers to Supervisory Control and Data Acquisition (SCADA), which is a control system architecture comprising computers, interconnected data communications, and graphical user interfaces (GUIs) for high-level process supervisory management, while also comprising other peripheral devices such as programmable logic controllers (PLCs) and discrete proportional-integral-derivative (PID) controllers to interface with the plant or process machinery. Other embodiments are discussed throughout this application. Any embodiment discussed with respect to one aspect also applies to other aspects and vice versa. It is understood that each embodiment described herein is applicable to all aspects of the invention. It is contemplated that any embodiment discussed herein may be implemented with respect to any method or composition of the invention and vice versa. Furthermore, coded software and / or firmware programs may be used to achieve the methods of the invention. The use of the word “a” or “an” when used in conjunction with the term “comprising” in the claims and / or specification may mean one, although it is also consistent with the meaning of “one or more”, “at least one” and “one or more than one”. The use of the term “or” in the claims is used to mean and / or unless it is explicitly stated that it refers only to alternatives or that the alternatives are mutually exclusive, although ML / a / zuz j / uuui óo the description supports or endorses a definition that refers only to alternatives and “and / or”. As used in this specification and claim(s), the words “comprising” (and any form of comprising, such as “comprising” and “comprising”), “having” (and any form of having, such as “having” and “has”), “including” (and any form of including, such as “includes” and “include”) or “containing” (and any form of containing, such as “contains” and “contain”) are inclusive or open and do not exclude additional unnoted method elements or steps. Other objectives, features, and advantages of the present invention will become apparent from the following detailed description. However, it should be understood that the detailed description and specific examples, while indicating specific embodiments of the invention, are provided only by way of illustration, since various changes and modifications within the spirit and scope of the invention will be apparent to those skilled in the art from this detailed description. Brief description of the drawings The following drawings form part of this specification and are included to further demonstrate certain aspects of the present invention. The invention may be better understood with reference to one or more of these drawings in combination with the detailed description of the specification embodiments presented herein. Figure 1 shows a functional system block diagram that illustrates an example of a system having a top, middle, and edge layer, with development efforts focused on the edge and middle layers. Figure 2 illustrates an example of the intermediate and edge layers of a functional system. Figure 3 illustrates traditional field-selectable dual design analog supervised line technology along with digital encrypted security interface designs for input acquisition as well as control output. Figure 4 illustrates two examples of the universal field panel in the universal field panel gateway (UFP-GW with the integral PM-4) and expansion module configurations (UFP-EM8) for the intermediate layer. Figure 5 illustrates and compares the two architectures supported by the dual design of the universal field panel channels. Figure 6 illustrates two examples of the DESI variants, one for secure and authenticated sensor inputs and the other for secure and authenticated programmable inputs or control outputs. Figure 7 illustrates two examples of the DESI control output variants for Form C controls, one for a standard relay and the other for a solid-state relay. Description ML / a / ZUZ J / UUUl ÓO The system will consist of the following layers, some of which are shown in Figure 1. The devices and systems described herein provide, for example, authentication of passive change sensors, interface cards, and area controllers from the edge layer to the middle layer. In some aspects, the system or system components may utilize asymmetric coding technology, providing scalability across the industry. In other aspects, the edge solution can be applied to the middle to upper layers of the system. Ideally, this would use the same methodology as the edge-to-middle layer. In certain modalities, the systems and devices may comprise one or more of a processor, circuit board, memory, operating system, debugging / programming interface, storage, interconnect interface, data input / output and / or power component(s). In a representative example, one modality may include five hardware modules: a Universal Field Panel Gateway (UFP-GW) sub-card paired with a System-on-Module (SOM) computing module (as shown in the configuration in Figure 4); two Universal Field Panel Expansion Modules (UFP-EM8 / UFP-EM16); a power module (PM-4); and a Digital Encrypted Security Interface (DESI) module (as shown in the configurations in Figures 4 and 5). The two expansion modules may be a Universal Field Panel / Universal Field Panel Expansion Module (UFP-EM-8) and / or a Universal Field Panel / Universal Field Panel Expansion Module (UFP-EM-16). Interconnection: In certain configurations, the UFP-GW device can provide dual network outputs from the USB 2.0 host controller and Peripheral Control Interface (PCI-E) interfaces. The ports can utilize a single 8P8C copper twisted-pair connector (RJ45) using two twisted pairs. The ports can also support communication with 1000BASE-T, 100BASE-T, and 10BASE-T networks. UFP-GW devices can be combined with a pair of fail-safe modules, providing redundancy and fault tolerance capabilities. Input / Output (I / O): In certain configurations, the device can provide all I / O on a single removable (Phoenix-style) connector. Universal field panel channels can be selected from traditional analog supervised lines to digital encrypted security interfaces (Figure 3). When used as legacy supervised inputs, the supervisory current for each group of four inputs can be configured to variable supervisory currents ranging from 200 µA to 5 µA using a digitally adjustable current source. In some configurations, the inputs can be set to one of four values: 200 µA, 750 µA, 2.5 µA, or 5 µA. In some configurations, this setting can be done via software, although physical jumpers are permitted. Each compute module can provide four single-ended, unsupervised I / O lines through an 8-position terminal block.The I / O data address and edge interrupt characteristics are configured via software. The primary purpose of this I / O is native envelope manipulation and power monitoring. In some respects, transient protection might be considered necessary for this I / O. UFP devices can support legacy Weigand card readers, for example, instead of each RS-485 communication port. Weigand monitoring is performed by detecting edge interrupts on data lines 0 and 1. Power Input: In certain configurations, the PM-4 and UFP-GW devices will accept 10-48 V DC for power input. In some configurations, the devices can provide a daisy-chain cable link between modules for power and UFP-GW communication. In certain aspects, the modules can be mounted on an aluminum base plate to provide adequate support against flexing of the printed circuit board (PCB) during normal use. The module base plates can be designed to allow the use of Winford's DIN rail mounting system. In some respects, the device components will be contained within an enclosure; however, an enclosure is not required. In some respects, the enclosure will be a secure enclosure that conceals physical access to the device components. The device enclosure may be constructed for outdoor deployment and to be resistant to harsh and dirty environments. The device may be configured for use in both indoor and outdoor electrical enclosures. A cabinet or enclosure may be required to meet EMI / RFI or other requirements. If enclosures are required, the overall dimensions of the electronic device enclosure will be defined by the shape and size of the electronic device design. The mechanical design may provide access to connectors for each of the external interfaces.The modules can be designed to minimize the risk of EMI emissions and EMI susceptibility by using component shielding containers where necessary. A device enclosure will include external indicators, such as LED indicators. In certain configurations, the device / system may provide multiple LED indicators. In one configuration, the indicator may provide one or more of a "POWER" indicator, an "INITIALIZATION" indicator, an "ERROR" indicator, and a "OFF" indicator. One or more indicators may be provided for one or more device functions, including, but not limited to, the cryptographic engine function, application firmware, power, and input / output interface. The LED indicators may automatically transition from one state to another based on the execution of the logic and provide the operator with a quick visual indication of the device status. CPU: Each compute module may have a bicolor LED indicator to indicate or signal the processor status.The signals include: off - inactive, flashing green - nominal, yellow - initializing, red - error. COMM: The device may provide external LED indicators associated with the communication ports with four states and three colors: off - inactive, flashing green - nominal receive, flashing yellow / amber - nominal transmit, red - error. POWER: The device may provide a power LED independent of any CPU function: powered (blue), no power (off). RELAY: Dedicated LED indicators may be applied to each relay output to indicate relay activation: on (red), normal (off). In certain aspects, the device is designed to provide protection against environmental factors or to ensure functionality under such environmental conditions, including but not limited to humidity and temperature. The device may be designed to withstand industrial operating temperature ranges of -40 to 70 degrees Celsius (including all intermediate values ​​and ranges) and to operate at relative humidity levels of 10–90%, including all intermediate values ​​and ranges. In another aspect, the device is designed to be stored at relative humidity levels of 5–95%, including all intermediate values ​​and ranges. Firmware and feature requirements: This section outlines the basic firmware and features of the device / system. Device and API communications – A standards-based API may be served by the devices. In some aspects, device / system configurations and event notifications can be achieved via MQTT (UFP-GW), for example, through MQTT-SN (UFP-EM). Communications can be secured with TLS or an equivalent protocol. Low-level device controllers: In certain modes, UFP-EM devices will provide configuration and control over all I / O, for example, input type, circuit configuration; output type, control configuration; and the programmer. In some cases, the devices may support wired firmware updates. Console / Terminal Serial Port – In certain configurations, UFP modules can implement a serial port for use as a local console or terminal interface to the main processor during software development. The port can use logic-level signaling instead of RS232-level signaling. The port will support a data rate of up to 115,200 baud. In some configurations, the port can implement hardware flow control signals. Multi-Format Serial Ports: In certain configurations, the system will include multiple serial ports supporting multiple formats for communication with external devices. A single port can support the RS232, RS485, and RS422 electrical signal standards. These ports can be monitored for use with a Weigand reader instead of serial communication. Alternatively, only one format (RS232, RS485, RS422, Weigand) can be active at a time. A dedicated ground signal may be present and can be used with all formats. The RS232 format may be required to implement hardware flow control. No modifications to the printed circuit board (PCB), such as signal jumpers or switches, are required to configure the port for a specific electrical format. RS-422 communication can be achieved using two RS-485 ports, configuring one for Rx and the other for Tx.RS-232 communication can support a data rate of up to 115,200 baud. RS-422 and RS-485 communication can also support a data rate of up to 115,200 baud. RS-232 signals can be exposed via a 10-pin header that connects with an external DE-9 isolation offset connector and the associated ribbon cable and mating plug. Encryption: In certain configurations, each edge layer module and mid-layer area controller may contain a secure chip providing a FIPS-186 ECDSA P256 challenge / response-based implementation. These chips may also provide an NIST 800-90B compliant entropy source via a TRNG. In certain aspects, each module with inputs would offer the additional protection of FIPS-186 ECDSA P256 at the input capture end of ML / a / ZUZ J / UUUl Ó3 line for traditional Boolean sensors. End-of-line entry authentication modules can perform ECDH code exchange and would authenticate only at their perimeter or edge module. In certain aspects, the end-of-line digital encrypted security interface module would additionally encrypt GPIO messages using HMAC. All communications between the UFP-EM module and the UFP-GW area controller can be encrypted using HTTPS / TLS. Communications between the area controller and the enterprise can also be performed using an HTTPS / TLS implementation. The session encryption code (AES128 / AES256 / 3DES) with HMAC-SHA256 for the session authentication code and the RSA-3072 code are transferred via TLS_DHE_RSA_WITH_AES_256_CBC_SHA. In certain aspects, the system / device can be configured to provide a software program for decryption that can be installed on server or client versions of Windows, Linux, may be able to be easily integrated into Java environments (Java Virtual Machine), a software program that includes the definition of an API to be used in the integration of all data outputs of the software module into other applications (e.g., the API will define all functions in a manual and provide sample applications and sample code). Regulatory and Standard Requirements: In certain instances, the devices and design must comply with the following safety / UL standards and successfully obtain the following marks: UL-294, UL-1076, and UL-60950. Cryptographic implementations, as well as supporting libraries and functions (such as the RNG), may be NIST compliant and FIPS certified. In certain modalities, the devices must comply with Part 15, Subpart B, Class B of the FCC standard 47 CFR. Externally accessible signals may be designed to withstand electrostatic discharge testing to IEC 61000-4-2 Level 1 standards for both air-type and HBM contact discharge. In other respects, the devices may be RoHS compliant. The system / device / appliance may comprise one or more firmware components or features. In some respects, device configurations may be achieved or obtained through a secure web page served by the device or managed remotely by a secure command and control system via the platform API. In some respects, the system / device can be configured to support both 128-bit and 256-bit AES standards, and to implement all the processor's security features, including high-security boot, Trusted Platform Module (TPM2.0), secure RTC, NIST-certified RNG, and intrusion-based zero memory. In some respects, the firmware used for cryptographic functions must be segmented from the rest of the application space to allow for ongoing development around the cryptographic engine while maintaining certification integrity—that is, providing a cryptographic boundary. A system includes one or more processors coupled to system memory via an input / output (I / O) interface. A system also includes a network interface coupled to an I / O interface and one or more input / output devices, such as a monitoring device, a device Μλ / a / zuz j / uuui óo 1. Cursor control, a keyboard, displays, and the like. In certain modalities, multiple devices constitute the system, and each device could be configured to host different parts or instances of system modalities or functions. For example, some elements might be implemented through one or more system devices that are distinct from the devices that implement other elements. In some modalities, input / output devices might include one or more display terminals, keyboards, numeric keypads, touchscreens, scanning devices, optical or voice recognition devices, or any other device suitable for entering or retrieving data by one or more systems. Multiple input / output devices might be present in a system or might be distributed across several system nodes.In some modalities, similar input / output devices could be separated from the system and could interact with one or more system nodes through a wired or wireless connection, such as through a network interface. In several configurations, a system could be a multi-processor system that includes two or more processors (for example, two, four, eight, or another suitable number). The processors could be any processors capable of executing program instructions. For example, in several configurations, the processors could be embedded or general-purpose processors that implement any of a variety of instruction set architectures (ISAs), such as x86, POWERPC®, ARM®, SPARC / MIPS® RTOS, or any other suitable ISA. In multi-processor systems, each of the processors could commonly, though not necessarily, implement the same ISA. Also, in some configurations, at least one processor may be a graphics processing unit (GPU) or other dedicated graphics rendering device. System memory may be configured to store program instructions and / or data accessible by one or more processors. In various configurations, system memory may be implemented using any suitable memory technology, such as static random-access memory (SRAM), synchronized dynamic RAM (SDRAM), non-volatile / flash memory, or any other type of memory. Program instructions and the data that implement certain operations, such as those described herein, may be stored within system memory as program instructions and data storage, respectively. In other configurations, program instructions and / or data may be received, sent, or stored on different types of computer-accessible media or similar media separate from system memory or the computer system.Generally speaking, a computer-accessible medium could include any tangible storage or memory medium, such as a magnetic or optical medium, for example, a disk or CD / DVD-ROM connected to a computer system via an I / O interface. Program instructions and data stored on a tangible, computer-accessible medium in a non-transient form could further be transmitted by transmission media or signals, such as electrical, electromagnetic, or digital signals, which could be transmitted via a communication medium, such as a network and / or a wireless link, such as one that can be implemented through a network interface. ML / a / ZUZ J / UUUl ÓO In certain configurations, an I / O interface may be configured to coordinate I / O traffic between the processor, system memory, and any peripheral devices, including the network interface or other peripheral interfaces such as input / output devices. In some configurations, an I / O interface may perform any necessary protocol, timing, or other data transformations to convert data signals from one component (e.g., system memory) into a format suitable for use by another component (e.g., the processor). In some configurations, an I / O interface may include support for devices connected via various types of peripheral buses, such as a variant of the Peripheral Component Interconnect (PCI) bus standard or the Universal Serial Bus (USB) standard.In some configurations, the I / O interface function can be divided into two or more separate components, such as a northbridge and a southbridge. Furthermore, in some configurations, some or all of the functions of an I / O interface, such as an interface to system memory, may be incorporated directly into a processor. A network interface can be configured to allow data to be exchanged between a system and other devices on a network, such as other computer systems, other devices, or between nodes within a computer system. In various configurations, a network interface can support communication over general-purpose wired or wireless data networks, such as any suitable type of Ethernet network; over telecommunications / telephony networks, such as analog voice networks or digital fiber optic networks; over storage area networks, such as Fibre Channel SANs; or over any other suitable type of network and / or protocol. The memory may include program instructions, configured to implement certain modes described herein, and data storage, comprising various data accessible through program instructions. In certain modes, the program instructions may include software elements of the modes described herein. For example, the program instructions may be implemented in various modes using any desired programming language, scripting language, or combination of programming languages ​​and / or scripting languages ​​(e.g., C, C++, C#, Java®, JavaScript®, Perl®, etc.). The data storage may include data that could be used in these modes. Other or different software elements and data may also be included. A person of ordinary technical experience will appreciate that the system and method described herein are for illustrative purposes only and are not intended to limit the scope of the description. In particular, the system and devices could include any combination of hardware or software capable of performing the operations indicated. Furthermore, the operations performed by the components could, in some embodiments, be carried out by fewer components or could be distributed among additional components. Similarly, in other embodiments, the operations of some of the illustrated components might not be possible and / or other additional operations might not be available. Consequently, the systems and methods described herein could be implemented or run with other configurations of the J / UUUl ÓO system. The examples provided herein, as well as those in the figures, are included to demonstrate certain embodiments of the invention. Those skilled in the art should appreciate that the systems, devices, methods, and techniques described in the examples or figures represent those identified by the inventors as working well in the practice of the invention and, as such, may be considered to constitute the modes for its practice. However, those skilled in the art should appreciate, in light of this disclosure, that many changes may be made to the specific embodiments described and a similar or comparable result may still be obtained without departing from the spirit and scope of the invention.

Claims

1. An apparatus, comprising: a microcontroller configured as a digital sensor controller, wherein the microcontroller is configured to: couple with at least one sensor through at least one sensor input, wherein at least the sensor input comprises a digital communications interface; and authenticate at least the sensor.

2. The apparatus according to claim 1, wherein at least the sensor is a digital sensor and wherein the digital sensor comprises: a digital sensor module configured to receive a Boolean signal, wherein the digital communication interface corresponding to the digital sensor comprises a ground reference signal and a data signal.

3. The apparatus according to claim 1, wherein at least the sensor comprises an analog signal and wherein the analog sensor comprises one or more resistors coupled with one or more switches for monitoring the Boolean state of the sensors 4. The apparatus according to claim 1, wherein the microcontroller is configured to authenticate at least the sensor using a public-source cryptography digital signature authentication mechanism and a public-source cryptography encryption algorithm.

5. The apparatus according to claim 4, wherein the public code cryptography digital signature authentication mechanism comprises the elliptic curve digital signature algorithm (ECDSA).

6. The apparatus according to claim 4 or 5, wherein the public code cryptography cipher comprises an extract message authentication code (HMAC).

7. A system comprising: a plurality of authenticated sensors, each authenticated sensor comprising: a digital sensor module and at least one sensor monitoring input; a plurality of input / output controllers coupled with the plurality of authenticated sensors; a plurality of digital sensor controllers coupled with the plurality of authenticated sensors; and a plurality of area controllers coupled with the plurality of digital sensor controllers.

8. The system according to claim 7, further comprising a plurality of servers coupled, in a communicative manner, with the plurality of area controllers, the plurality of input / output controllers and with the plurality of authenticated sensors and analog sensors.

9. The system according to claim 8, wherein each area controller of the plurality of area controllers is configured to communicate with the server using public-code cryptography.

10. The system according to claim 8, wherein the server is configured to authenticate and encrypt the information of at least one of the digital sensor controllers within the plurality of digital sensor controllers, and wherein at least the controller of the digital sensor controllers is configured to authenticate and encrypt the information of at least the authenticated sensor within the plurality of authenticated sensors.

11. The system according to claim 7, wherein the plurality of area controllers is configured to communicate with the plurality of digital sensor controllers through a variety of communication means comprising at least one of an RS-485 bus or an Ethernet network.

12. The system according to claim 7, wherein at least one of the plurality of authenticated sensors comprises a digital sensor module configured to receive a Boolean sensor state.

13. The system according to claim 7, wherein each digital sensor controller is configured to communicate with at least one of the plurality of authenticated sensors through a digital communications interface.

14. The system according to claim 13, wherein the digital communication interface is a single-wire interface, a HART interface, a carrier current interface, or another comparable interface.

15. The system according to claim 7, wherein the digital sensor module comprises a unique identifier and is configured to allow module authenticity and interoperability of multiple manufacturers.

16. The system according to claim 7, wherein each digital sensor controller of the plurality of digital sensor controllers comprises inputs configured to monitor at least one of the digitally authenticated inputs or analog inputs and outputs that can be remotely controlled by the DSC.

17. The system according to claim 7, wherein the digital sensor module is configured to engage the input transitions for subsequent reading by the digital sensor controller.

18. The system according to claim 7, wherein the digital sensor module is configured to recode public code cryptography information from an authenticated sensor throughout the lifetime of the device.

19. The system according to claim 7, wherein each digital sensor controller input interface can be dynamically switched between an analog or digital sensor operating mode.

20. The system according to claim 17, wherein the clearance of the hold is controlled by an encrypted reading of the device that requires passing the authentication test so that the state cannot be cleared surreptitiously.

21. The system according to claim 18, wherein the system provides open recoding mode and authenticated recoding, so that it cannot be taken surreptitiously.

22. The apparatus according to claim 1 or the system according to claim 7, which is configured to provide the intrinsic tamper detection and response mechanism to take into account failed recoding attempts and alert the host system.

23. The apparatus according to claim 1 or the system according to claim 7, wherein a form factor is miniaturized to allow the installation of existing detection technologies.

24. The apparatus according to claim 1 or the system according to claim 7, wherein the output controller is interconnected to provide form C control via an external relay or solid-state relay, wherein the form C control provides known and default control states.

25. The apparatus according to claim 1 or the system according to claim 7, wherein the device supports a fast encryption write mode to provide adequate timing for controlling the output devices.

26. The apparatus according to claim 1 or the system according to claim 7, wherein the device implements a watchdog timer that monitors encrypted communications from the universal field panel and, if these do not occur, detects bus tampering and reverts to the default state while engaged in a tampering state.

27. The apparatus according to claim 1 or the system according to claim 7, wherein the device provides random data to memory locations where the state is read, protecting the device from external pattern snooping attacks.

28. The apparatus according to claim 1 or the system according to claim 7, wherein the last random data read is used to authenticate the fast encryption writes to control the outputs.

29. The apparatus according to claim 1 or the system according to claim 7, wherein the device provides a constant current source and a disconnect regulator to enable long-line digital communications.

30. The apparatus according to claim 4, wherein the device supports programmable key slots for changing the root encoding material throughout the lifetime of the device.