Abstract: A method, computer system, and computer program product that generates a whitelist for each subject device in a field area network (FAN). The whitelist includes one or more whitelist entries corresponding to one or more peer devices in the same FAN communicating with the subject device. Each whitelist entry includes one or more attribute values expected in respective traffic between the subject device and each peer device that is represented by a respective whitelist entry. The traffic in the FAN is monitored at one or more points of the FAN for anomaly by use of the whitelist.

Abstract: A packet intercept system includes probes along the field area network. A portion of the probes are mobile probes configured to receive and process a global positioning system signal. Intercepting by the mobile probes includes implementing a global positioning tag in each packet in the traffic data stream intercepted by the mobile probes, the global positioning tag includes a timestamp and global positioning system coordinates, derived from the global position system signal. The packet intercept system backhauls the traffic data stream to an additional network that is distinct from the field area network. Processors on the additional network obtain the traffic data stream and process the stream into a live traffic data stream by ordering each packet intercepted by the mobile probes in the processed live traffic data stream, based on the timestamp. The processors analyze the processed live traffic data stream.

Abstract: A computer program product, computer system, and method for performing traffic analysis on a wireless mesh network, includes intercepting a stream of real-time wireless from field probes on the wireless mesh network, wherein the stream comprises non-standard protocol elements and encrypted traffic, creating an ad hoc network parallel to the wireless mesh network, obtaining, from the ad hoc network, the intercepted stream (the analyzing is performed parallel to traffic flow on the wireless mesh network), pre-processing a portion of the intercepted stream the data, where the pre-processing comprises descrambling and processing headers in the stream to differentiate the packets in the stream and create a combined output stream, obtaining the combined output stream and creating indicators by selecting an analysis operator to apply to one or more dissected fields extracted from the output stream, analyzing the packets in the combined output stream utilizing the indicators, and obtaining results from the indicators

Abstract: A method, computer system, and computer program product that generates a whitelist for each subject device in a field area network (FAN). The whitelist includes one or more whitelist entries corresponding to one or more peer devices in the same FAN communicating with the subject device. Each whitelist entry includes one or more attribute values expected in respective traffic between the subject device and each peer device that is represented by a respective whitelist entry. The traffic in the FAN is monitored at one or more points of the FAN for anomaly by use of the whitelist.

Abstract: A method for visualizing and analyzing a field area network, which includes obtaining, network, traffic data that includes atomic communications and packet detail from a packet intercept system on a field area. This field area network includes a number of network nodes. The method also includes a processor extracting connectivity and routing information from the traffic data, where the connectivity and routing information includes packet information and node information, determining network characteristics based on the extracted connectivity and routing information, retaining the network characteristics in a data structure, and importing the data structure into a computer readable storage medium that is accessible to the processor.

Abstract: A packet intercept system includes probes along the field area network. A portion of the probes are mobile probes configured to receive and process a global positioning system signal. Intercepting by the mobile probes includes implementing a global positioning tag in each packet in the traffic data stream intercepted by the mobile probes, the global positioning tag includes a timestamp and global positioning system coordinates, derived from the global position system signal. The packet intercept system backhauls the traffic data stream to an additional network that is distinct from the field area network. Processors on the additional network obtain the traffic data stream and process the stream into a live traffic data stream by ordering each packet intercepted by the mobile probes in the processed live traffic data stream, based on the timestamp. The processors analyze the processed live traffic data stream.

Abstract: A computer program product, computer system, and method for performing traffic analysis on a wireless mesh network, includes intercepting a stream of real-time wireless from field probes on the wireless mesh network, wherein the stream comprises non-standard protocol elements and encrypted traffic, creating an ad hoc network parallel to the wireless mesh network, obtaining, from the ad hoc network, the intercepted stream (the analyzing is performed parallel to traffic flow on the wireless mesh network), pre-processing a portion of the intercepted stream the data, where the pre-processing comprises descrambling and processing headers in the stream to differentiate the packets in the stream and create a combined output stream, obtaining the combined output stream and creating indicators by selecting an analysis operator to apply to one or more dissected fields extracted from the output stream, analyzing the packets in the combined output stream utilizing the indicators, and obtaining results from the indicators

Abstract: An adapter, and a method of using the adapter, for an electric meter, which includes a set of connections for interfacing to a panel box, a set of connectors for interfacing to the electric meter; and circuitry for intercepting FAN or HAN traffic, injecting FAN or HAN traffic and communicating intercepted traffic and local information from the electric meter and sensors over a network to a management entity that collects and process the data. Data from environmental, electric quality, and usage sensors are supplied to the network. External commands, originating in a management entity or with a customer are provided from the network.

Abstract: A system for intrusion detection in a field area network where data is transmitted via packets, includes a processor for analyzing the packets to ascertain whether the packets conform to a sets of rules indicating an intrusion, and a database for storing an alert indicating an intrusion if the packets conform to at least one rule in the sets. The sets of rules are for field network layer data, internet protocol traffic data and field area application traffic data. A method for detecting intrusion in a field area network where data is transmitted via packets, including analyzing the packets to ascertain whether the packets conform to the sets of rules, and storing an alert indicating an intrusion if the packets conform to at least one rule in the sets of rules.

Abstract: A computer system, computer program product and method of performing traffic analysis on a communications network includes time stamped packets and related metadata from an intercepted steam of real-time traffic on a backhaul network distinct from the communications network, pre-processing the intercepted stream, including separating a portion of the intercepted stream into dissected fields, creating indicators by selecting an analysis operator to apply to one or more of the dissected fields in a logical expression, analyzing the dissected fields in the output streams utilizing the indicators, and obtaining results from the indicators.

Abstract: A system for intrusion detection in a field area network where data is transmitted via packets, includes a processor for analyzing the packets to ascertain whether the packets conform to a sets of rules indicating an intrusion, and a database for storing an alert indicating an intrusion if the packets conform to at least one rule in the sets. The sets of rules are for field network layer data, internet protocol traffic data and field area application traffic data. A method for detecting intrusion in a field area network where data is transmitted via packets, including analyzing the packets to ascertain whether the packets conform to the sets of rules, and storing an alert indicating an intrusion if the packets conform to at least one rule in the sets of rules.

Abstract: A system for intrusion detection in a field area network where data is transmitted via packets, includes a processor for analyzing the packets to ascertain whether the packets conform to a sets of rules indicating an intrusion, and a database for storing an alert indicating an intrusion if the packets conform to at least one rule in the sets. The sets of rules are for field network layer data, internet protocol traffic data and field area application traffic data. A method for detecting intrusion in a field area network where data is transmitted via packets, including analyzing the packets to ascertain whether the packets conform to the sets of rules, and storing an alert indicating an intrusion if the packets conform to at least one rule in the sets of rules.

Abstract: A system for intrusion detection in a field area network where data is transmitted via packets, includes a processor for analyzing the packets to ascertain whether the packets conform to a sets of rules indicating an intrusion, and a database for storing an alert indicating an intrusion if the packets conform to at least one rule in the sets. The sets of rules are for field network layer data, internet protocol traffic data and field area application traffic data. A method for detecting intrusion in a field area network where data is transmitted via packets, including analyzing the packets to ascertain whether the packets conform to the sets of rules, and storing an alert indicating an intrusion if the packets conform to at least one rule in the sets of rules.

Abstract: A computer system, computer program product and method of performing traffic analysis on a communications network includes time stamped packets and related metadata from an intercepted steam of real-time traffic on a backhaul network distinct from the communications network, pre-processing the intercepted stream, including separating a portion of the intercepted stream into dissected fields, creating indicators by selecting an analysis operator to apply to one or more of the dissected fields in a logical expression, analyzing the dissected fields in the output streams utilizing the indicators, and obtaining results from the indicators.

Abstract: The inventive system for providing strong security for UDP communications in networks comprises a server, a client, and a secure communication protocol wherein authentication of client and server, either unilaterally or mutually, is performed using identity based encryption, the secure communication protocol preserves privacy of the client, achieves significant bandwidth savings, and eliminates overheads associated with certificate management. VDTLS also enables session mobility across multiple IP domains through its session resumption capability.

Abstract: A set of certificate management methods designed to significantly reduce or eliminate reliance on infrastructure network connectivity after vehicles are sold uses techniques to support certificate management operations in order to reduce the frequency which vehicles need to communicate with the Certificate Authorities (CAs) and the amount of data that needs to be exchanged between vehicles and the CA. These methods include, for example, approaches to use one-way communications and vehicle-to-vehicle (V2V) communications to replace expired certificates, approaches to use one-way communications and V2V communications to replace revoked certificates, and use of a small subset of vehicles as proxies to help retrieve and distribute Certificate Revocation Lists (CRLs) and replacement certificates. The combination of these techniques leads to solutions that can eliminate the need for roadside infrastructure networks completely.

Abstract: A method for visualizing and analyzing a field area network, which includes obtaining, network, traffic data that includes atomic communications and packet detail from a packet intercept system on a field area. This field area network includes a number of network nodes. The method also includes a processor extracting connectivity and routing information from the traffic data, where the connectivity and routing information includes packet information and node information, determining network characteristics based on the extracted connectivity and routing information, retaining the network characteristics in a data structure, and importing the data structure into a computer readable storage medium that is accessible to the processor.

Abstract: A system and method for using networked mobile devices in a vehicle in a tightly integrated manner is presented. The vehicle has an OBE, a mobile device client, and vehicle components, and the mobile device has a mobile device proxy and applications, such that the mobile device client and the mobile device proxy communicate, enabling dynamic transfer of the applications to the OBE and execution of the applications on the mobile device and the OBE using the plurality of vehicle components at runtime. In one embodiment, the mobile device client and the mobile device proxy authenticate each other. The authentication can be performed using digital certificates. The mobile device client can communicate the vehicle components on the vehicle to the mobile device proxy. The mobile device client and the mobile device proxy can communicate using Bluetooth. The vehicle components can include dashboard displays, speakers, and voice I/O systems.

Abstract: A method and system for public key infrastructure key and certificate management provides anonymity to certificate holders and protects the privacy of certificate holders from the compromise of a certificate authority. Functional separation is provided in the authorization of a certificate request and the assignment of certificates and key pairs. The authorizing certificate authority approves or denies each certificate request from a requestor whose identity is not made available to the assigning certificate authority. The assigning certificate authority, upon approval from the authorizing certificate authority, issues one or more certificates and optionally generates and provides the associated key pairs to the requester without disclosing these certificates and key pairs to the authorizing certificate authority.

Abstract: A set of certificate management methods designed to significantly reduce or eliminate reliance on infrastructure network connectivity after vehicles are sold uses techniques to support certificate management operations in order to reduce the frequency which vehicles need to communicate with the Certificate Authorities (CAs) and the amount of data that needs to be exchanged between vehicles and the CA. These methods include, for example, approaches to use one-way communications and vehicle-to-vehicle (V2V) communications to replace expired certificates, approaches to use one-way communications and V2V communications to replace revoked certificates, and use of a small subset of vehicles as proxies to help retrieve and distribute Certificate Revocation Lists (CRLs) and replacement certificates. The combination of these techniques leads to solutions that can eliminate the need for roadside infrastructure networks completely.