Abstract: A method for enabling a scalable public-key infrastructure (PKI) comprises invoking a process of receiving a message for a device, identifying an association ID for the device, retrieving encrypted association keys stored on the server for communicating with the device, the encrypted association keys encrypted using a wrapping key stored on a Hardware Security Module (HSM). The method further comprises sending the message and the encrypted association keys to the HSM, unwrapping, by the HSM, the encrypted association keys to create unwrapped association keys, cryptographically processing the message to generate a processed message, deleting the unwrapped association keys, sending the processed message to the device, and invoking, concurrently and by a second application, the process.

Abstract: A method for locking out a remote terminal unit includes: receiving a lockout request, wherein the lockout request includes at least a public key associated with a user, a user identifier, and a terminal identifier; identifying a user profile associated with the user based on the user identifier included in the received lockout request; verifying the public key included in the received lockout request and permission for the user to lockout a remote terminal unit associated with the terminal identifier included in the received lockout request based on data included in the identified user profile; generating a lockout permit, wherein the lockout permit includes at least the public key included in the received lockout request; and transmitting at least a lockout request and the generated lockout permit, wherein the lockout request includes an instruction to place a lockout on the remote terminal unit.

Abstract: A method for managing radio transmission in an endpoint device in a network includes: receiving, at a first endpoint device, a message requesting wake up of the first endpoint device; establishing a connection between the first endpoint device to a second endpoint device connected to the network; determining, at the first endpoint device, whether a secure command is received from the second endpoint device via the established connection within a predetermined period of time; and based on the received secure command, establishing a connection between the first endpoint device and the network via radio transmission, wherein the first endpoint device is configured to turn off radio transmission if the secure command is not received within the predetermined period of time.

Abstract: A method for locking out a remote terminal unit includes: receiving a lockout request, wherein the lockout request includes at least a public key associated with a user, a user identifier, and a terminal identifier; identifying a user profile associated with the user based on the user identifier included in the received lockout request; verifying the public key included in the received lockout request and permission for the user to lockout a remote terminal unit associated with the terminal identifier included in the received lockout request based on data included in the identified user profile; generating a lockout permit, wherein the lockout permit includes at least the public key included in the received lockout request; and transmitting at least a lockout request and the generated lockout permit, wherein the lockout request includes an instruction to place a lockout on the remote terminal unit.

Abstract: A method for locking out a remote terminal unit includes: receiving a lockout request, wherein the lockout request includes at least a public key associated with a user, a user identifier, and a terminal identifier; identifying a user profile associated with the user based on the user identifier included in the received lockout request; verifying the public key included in the received lockout request and permission for the user to lockout a remote terminal unit associated with the terminal identifier included in the received lockout request based on data included in the identified user profile; generating a lockout permit, wherein the lockout permit includes at least the public key included in the received lockout request; and transmitting at least a lockout request and the generated lockout permit, wherein the lockout request includes an instruction to place a lockout on the remote terminal unit.

Abstract: Securing the manufacturing supply chain with digital certificates. A token is coupled to a manufacturing station and enabled via a personal identification number. The token includes a counter limiting the maximum number of certificates to be signed, and compares a serial number of a digital certificate to a tracked serial number. In some embodiments, the token is linked to a particular manufacturing station once the token is enabled.

Abstract: A method for managing radio transmission in an endpoint device in a network includes: receiving, at a first endpoint device, a message requesting wake up of the first endpoint device; establishing a connection between the first endpoint device to a second endpoint device connected to the network; determining, at the first endpoint device, whether a secure command is received from the second endpoint device via the established connection within a predetermined period of time; and based on the received secure command, establishing a connection between the first endpoint device and the network via radio transmission, wherein the first endpoint device is configured to turn off radio transmission if the secure command is not received within the predetermined period of time.

Abstract: A method for managing radio transmission in an endpoint device in a network includes: receiving, at a first endpoint device, a message requesting wake up of the first endpoint device; establishing a connection between the first endpoint device to a second endpoint device connected to the network; determining, at the first endpoint device, whether a secure command is received from the second endpoint device via the established connection within a predetermined period of time; and based on the received secure command, establishing a connection between the first endpoint device and the network via radio transmission, wherein the first endpoint device is configured to turn off radio transmission if the secure command is not received within the predetermined period of time.

Abstract: A method for enabling a scalable public-key infrastructure (PKI) comprises invoking a process of receiving a message for a device, identifying an association ID for the device, retrieving encrypted association keys stored on the server for communicating with the device, the encrypted association keys encrypted using a wrapping key stored on a Hardware Security Module (HSM). The method further comprises sending the message and the encrypted association keys to the HSM, unwrapping, by the HSM, the encrypted association keys to create unwrapped association keys, cryptographically processing the message to generate a processed message, deleting the unwrapped association keys, sending the processed message to the device, and invoking, concurrently and by a second application, the process.

Abstract: A method for enabling a scalable public-key infrastructure (PKI) comprises invoking a process of receiving a message for a device, identifying an association ID for the device, retrieving encrypted association keys stored on the server for communicating with the device, the encrypted association keys encrypted using a wrapping key stored on a Hardware Security Module (HSM). The method further comprises sending the message and the encrypted association keys to the HSM, unwrapping, by the HSM, the encrypted association keys to create unwrapped association keys, cryptographically processing the message to generate a processed message, deleting the unwrapped association keys, sending the processed message to the device, and invoking, concurrently and by a second application, the process.

Abstract: A method for locking out a remote terminal unit includes: receiving a lockout request, wherein the lockout request includes at least a public key associated with a user, a user identifier, and a terminal identifier; identifying a user profile associated with the user based on the user identifier included in the received lockout request; verifying the public key included in the received lockout request and permission for the user to lockout a remote terminal unit associated with the terminal identifier included in the received lockout request based on data included in the identified user profile; generating a lockout permit, wherein the lockout permit includes at least the public key included in the received lockout request; and transmitting at least a lockout request and the generated lockout permit, wherein the lockout request includes an instruction to place a lockout on the remote terminal unit.

Abstract: A method for managing radio transmission in an endpoint device in a network includes: receiving, at a first endpoint device, a message requesting wake up of the first endpoint device; establishing a connection between the first endpoint device to a second endpoint device connected to the network; determining, at the first endpoint device, whether a secure command is received from the second endpoint device via the established connection within a predetermined period of time; and based on the received secure command, establishing a connection between the first endpoint device and the network via radio transmission, wherein the first endpoint device is configured to turn off radio transmission if the secure command is not received within the predetermined period of time.

Abstract: A method for enabling a scalable public-key infrastructure (PKI) comprises invoking a process of receiving a message for a device, identifying an association ID for the device, retrieving encrypted association keys stored on the server for communicating with the device, the encrypted association keys encrypted using a wrapping key stored on a Hardware Security Module (HSM). The method further comprises sending the message and the encrypted association keys to the HSM, unwrapping, by the HSM, the encrypted association keys to create unwrapped association keys, cryptographically processing the message to generate a processed message, deleting the unwrapped association keys, sending the processed message to the device, and invoking, concurrently and by a second application, the process.

Abstract: Securing the manufacturing supply chain with digital certificates. A token is coupled to a manufacturing station and enabled via a personal identification number. The token includes a counter limiting the maximum number of certificates to be signed, and compares a serial number of a digital certificate to a tracked serial number. In some embodiments, the token is linked to a particular manufacturing station once the token is enabled.