Abstract: The present disclosure pertains to systems and methods for establishing trust relationships between a software defined network (SDN) controller and a SDN communication device. In one embodiment, a SDN controller may comprise a communications interface configured to communicate with a plurality of SDN network devices. A commissioning subsystem configured to detect a new device associated with the SDN. In response to a new device, a user interface subsystem may be configured to receive a user approval to commission the new device. A trust subsystem configured to establish a first SDN controller trusted credential and to transmit a first device trusted credential based on the first SDN controller credential to the new device. Programming instructions to the new device authenticated using the first SDN controller trusted credential by a SDN programming subsystem.

Abstract: The present disclosure pertains to systems and methods for selectively encrypting data flows within a software defined network (SDN). In one embodiment, a communication device may be configured to receive a plurality of unencrypted data packets. The communication device may receive from an SDN controller a criterion used to identify at least one of the unencrypted data flows to be encrypted. Based on the criterion, an encryption subsystem may generate an encrypted data flow the unencrypted data packets based on an encryption key. In some embodiments, the encryption system may parse the packets and encrypt the data payloads without encrypting the routing information associated with the packet. In other embodiments, the encryption subsystem may be configured to encapsulate and encrypt the entire unencrypted data packet. In some embodiments, the encryption subsystem may further be configured to authenticate a sending device and/or to verify the integrity of a message.

Abstract: The present disclosure pertains to systems and methods for selectively encrypting data flows within a software defined network (SDN). In one embodiment, a communication device may be configured to receive a plurality of unencrypted data packets. The communication device may receive from an SDN controller a criterion used to identify at least one of the unencrypted data flows to be encrypted. Based on the criterion, an encryption subsystem may generate an encrypted data flow the unencrypted data packets based on an encryption key. In some embodiments, the encryption system may parse the packets and encrypt the data payloads without encrypting the routing information associated with the packet. In other embodiments, the encryption subsystem may be configured to encapsulate and encrypt the entire unencrypted data packet. In some embodiments, the encryption subsystem may further be configured to authenticate a sending device and/or to verify the integrity of a message.

Abstract: The present disclosure pertains to systems and methods for selectively encrypting data flows within a software defined network (SDN). In one embodiment, a communication device may be configured to receive a plurality of unencrypted data packets. The communication device may receive from an SDN controller a criterion used to identify at least one of the unencrypted data flows to be encrypted. Based on the criterion, an encryption subsystem may generate an encrypted data flow the unencrypted data packets based on an encryption key. In some embodiments, the encryption system may parse the packets and encrypt the data payloads without encrypting the routing information associated with the packet. In other embodiments, the encryption subsystem may be configured to encapsulate and encrypt the entire unencrypted data packet. In some embodiments, the encryption subsystem may further be configured to authenticate a sending device and/or to verify the integrity of a message.

Abstract: The present disclosure pertains to systems and methods for establishing communication with a remote communication device in a software defined network (SDN) during time when an SDN controller is unavailable. In one embodiment, a local communication device may be configured to receive a plurality of data flows from an SDN controller and to store the plurality of data flows in a persistent data memory. The device may generate a unique identifier for the local communication device that is transmitted to a remote communication device. Following a disruption the results in the SDN controller being unavailable, the local communication device may recover into a default configured state based on the plurality of data flows in the persistent data memory. The local communication device may then transmit the unique identifier to the remote communication device after the disruption to begin a process of reestablishing communication with the remote communication device.

Abstract: The present disclosure pertains to systems and methods for establishing trust relationships between a software defined network (SDN) controller and a SDN communication device. In one embodiment, a SDN controller may comprise a communications interface configured to communicate with a plurality of SDN network devices. A commissioning subsystem configured to detect a new device associated with the SDN. In response to a new device, a user interface subsystem may be configured to receive a user approval to commission the new device. A trust subsystem configured to establish a first SDN controller trusted credential and to transmit a first device trusted credential based on the first SDN controller credential to the new device. Programming instructions to the new device authenticated using the first SDN controller trusted credential by a SDN programming subsystem.

Abstract: The present disclosure pertains to systems and methods for establishing communication with a remote communication device in a software defined network (SDN) during time when an SDN controller is unavailable. In one embodiment, a local communication device may be configured to receive a plurality of data flows from an SDN controller and to store the plurality of data flows in a persistent data memory. The device may generate a unique identifier for the local communication device that is transmitted to a remote communication device. Following a disruption the results in the SDN controller being unavailable, the local communication device may recover into a default configured state based on the plurality of data flows in the persistent data memory. The local communication device may then transmit the unique identifier to the remote communication device after the disruption to begin a process of reestablishing communication with the remote communication device.

Abstract: The present disclosure pertains to systems and methods for selectively encrypting data flows within a software defined network (SDN). In one embodiment, a communication device may be configured to receive a plurality of unencrypted data packets. The communication device may receive from an SDN controller a criterion used to identify at least one of the unencrypted data flows to be encrypted. Based on the criterion, an encryption subsystem may generate an encrypted data flow the unencrypted data packets based on an encryption key. In some embodiments, the encryption system may parse the packets and encrypt the data payloads without encrypting the routing information associated with the packet. In other embodiments, the encryption subsystem may be configured to encapsulate and encrypt the entire unencrypted data packet. In some embodiments, the encryption subsystem may further be configured to authenticate a sending device and/or to verify the integrity of a message.

Abstract: The present disclosure provides systems and methods for remote device management. According to various embodiments, a local intelligent electronic device (IED) may be in communication with a remote IED via a limited bandwidth communication link, such as a serial link. The limited bandwidth communication link may not support traditional remote management interfaces. According to one embodiment, a local IED may present an operator with a management interface for a remote IED by rendering locally stored templates. The local IED may render the locally stored templates using sparse data obtained from the remote IED. According to various embodiments, the management interface may be a web client interface and/or an HTML interface. The bandwidth required to present a remote management interface may be significantly reduced by rendering locally stored templates rather than requesting an entire management interface from the remote IED. According to various embodiments, an IED may comprise an encryption transceiver.

Abstract: The present disclosure provides systems and methods for remote device management. According to various embodiments, a local intelligent electronic device (IED) may be in communication with a remote IED via a limited bandwidth communication link, such as a serial link. The limited bandwidth communication link may not support traditional remote management interfaces. According to one embodiment, a local IED may present an operator with a management interface for a remote IED by rendering locally stored templates. The local IED may render the locally stored templates using sparse data obtained from the remote IED. According to various embodiments, the management interface may be a web client interface and/or an HTML interface. The bandwidth required to present a remote management interface may be significantly reduced by rendering locally stored templates rather than requesting an entire management interface from the remote IED. According to various embodiments, an IED may comprise an encryption transceiver.