Description:[001] The present disclosure generally relates to controlling circuit breakers. More particularly, the present disclosure relates to methods and systems for authenticating of a control command for a circuit breaker.

BACKGROUND

[002] Electric power substations are critical elements of the power grid, installed with power system components such as transformers, busbars, and circuit breakers arranged to ensure reliable and adequate transmission and distribution of electric power. In digital substations, microprocessor-based Intelligent Electronic Devices (IEDs) are used to control power system switching devices such as circuit breakers, reclosers, and the like. In certain instances, attackers may intend to issue unauthorized circuit breaker control (open or close) commands by a means of at least one of, an insider sabotage, an unauthorized access, or an entry of a terrorist inside a control center of the electric power substation.

[003] Existing systems lack authentication measures for circuit breaker control commands, allowing operators to issue circuit breaker control commands without verification. This poses a risk of unauthorized commands in situations such as insider sabotage, terrorist coercion, or unauthorized access. Therefore, approaches followed by the existing systems may often lead to potential loss of generations, loads and blackouts in the electric power substations. Thus, there is a need for addressing the situation of issuance of unauthorized circuit breaker control commands.

[004] The information disclosed in this background of the disclosure section is only for enhancement of understanding of the general background of the invention and should not be taken as an acknowledgement or any form of suggestion that this information forms the prior art already known to a person skilled in the art.

SUMMARY

[005] In an embodiment, the present disclosure discloses a method of authenticating a control command for a circuit breaker. The method comprises receiving a control command of a circuit breaker initiated by a circuit breaker operator from a control centre of an organization to initiate a circuit breaker operation. Further, the method comprises generating a plurality of unique authentication codes in response to receiving the control command. Further, the method comprises sending each of the plurality of unique authentication codes for validation, to a corresponding validation device of a plurality of validation devices operated by authorized agents. Herein, each of the plurality of validation devices are located at a geographical location distinct from a location of the control centre. Thereafter, the method includes receiving validation information from the plurality of validation devices. Herein, the validation information is regulated by a first predefined criteria related to at least one of time of generation of the plurality of unique authentication codes, and supporting information related to the circuit breaker operation. Finally, the method includes sending one of a trip signal or an abort signal, to the control centre based on a second predefined criteria related to at least one of time of receipt of the validation information, number of validation devices sending the validation information, and a type of validation information.

[006] In an embodiment, the present disclosure discloses an authentication system for authenticating a control command for a circuit breaker. The authentication system comprises a processor and a memory. The memory stores processor instructions, which, on execution, causes the processor to receive a control command of a circuit breaker initiated by a circuit breaker operator from a control centre of an organization to initiate a circuit breaker operation. Further, the processor is configured to generate a plurality of unique authentication codes in response to receiving the control command. Followed by the processor being configured to send each of the plurality of unique authentication codes for validation, to a corresponding validation device of a plurality of validation devices operated by authorized agents. Herein, each of the plurality of validation devices is located at a geographical location distinct from a location of the control centre. Thereafter, the processor is configured to receive validation information from the plurality of validation devices. The validation information is regulated by a first predefined criteria related to at least one of time of generation of the plurality of unique authentication codes, and supporting information related to the circuit breaker operation. Finally, the processor is configured to send one of a trip signal or an abort signal to the control centre based on a second predefined criteria related to at least one of time of receipt of the validation information, number of validation devices sending the validation information, and a type of validation information.

[007] The foregoing summary is illustrative only and is not intended to be in any way limiting. In addition to the illustrative aspects, embodiments, and features described above, further aspects, embodiments, and features will become apparent by reference to the drawings and the following detailed description.

BRIEF DESCRIPTION OF THE ACCOMPANYING DRAWINGS

[008] The novel features and characteristics of the disclosure are set forth in the appended claims. The disclosure itself, however, as well as a preferred mode of use, further objectives, and advantages thereof, will best be understood by reference to the following detailed description of an illustrative embodiment when read in conjunction with the accompanying figures. One or more embodiments are now described, by way of example only, with reference to the accompanying figures wherein like reference numerals represent like elements and in which:

[009] Fig. 1 illustrates an exemplary environment for authenticating a control command for a circuit breaker, in accordance with some embodiments of the present disclosure;

[0010] Fig. 2 illustrates a detailed diagram of an authentication system, in accordance with some embodiments of the present disclosure;

[0011] Fig. 3 shows an exemplary flowchart illustrating method steps for authenticating a control command for a circuit breaker, in accordance with some embodiments of the present disclosure; and

[0012] Fig. 4 shows an exemplary computer system for authenticating a control command for a circuit breaker, in accordance with some embodiments of the present disclosure.

[0013] It should be appreciated by those skilled in the art that any block diagram herein represents conceptual views of illustrative systems embodying the principles of the present subject matter. Similarly, it will be appreciated that any flowcharts, flow diagrams, state transition diagrams, pseudo code, and the like represent various processes which may be substantially represented in computer readable medium and executed by a computer or processor, whether or not such computer or processor is explicitly shown.

DETAILED DESCRIPTION

[0014] In the present document, the word “exemplary” is used herein to mean “serving as an example, instance, or illustration.” Any embodiment or implementation of the present subject matter described herein as “exemplary” is not necessarily to be construed as preferred or advantageous over other embodiments.

[0015] While the disclosure is susceptible to various modifications and alternative forms, specific embodiment thereof has been shown by way of example in the drawings and will be described in detail below. It should be understood, however that it is not intended to limit the disclosure to the particular forms disclosed, but on the contrary, the disclosure is to cover all modifications, equivalents, and alternatives falling within the scope of the disclosure.

[0016] The terms “comprises”, “comprising”, or any other variations thereof, are intended to cover a non-exclusive inclusion, such that a setup, device or method that comprises a list of components or steps does not include only those components or steps but may include other components or steps not expressly listed or inherent to such setup or device or method. In other words, one or more elements in a system or apparatus proceeded by “comprises… a” does not, without more constraints, preclude the existence of other elements or additional elements in the system or apparatus.

[0017] The present disclosure provides a methods and system for authenticating a control command for a circuit breaker. The existing power system controls may be compromised during an unauthorized access. The present disclosure addresses situations when the circuit breaker control commands are issued from an unauthorized operator or from an authorized operator who is under duress.

[0018] Therefore, to solve the above-mentioned problem, the present disclosure discloses a method and an authorization system for authenticating the control command for the circuit breaker. Particularly, the present disclosure overcomes the limitations in the existing power systems by introducing a multi-party authentication utilizing generation of a plurality of unique authentication codes in response to receiving the control command. According to the present disclosure, each of the plurality of unique authentication codes are sent for validation, to a plurality of validation devices operated by authorized agents working in same organization.

[0019] Advantageously, each of the plurality of validation devices are located at a geographical location distinct from a location of the control centre, thereby, allowing involvement of multiple authorized agents from the organization, having knowledge and awareness regarding circuit breaker operations. Therefore, the present disclosure ensures preventing the on-duty operators in the control center from having a direct control of the circuit breaker for their personal agenda or vendetta. Furthermore, the impact of unlawful individual’s influence on the on-duty operator in the control center is minimized by involving multiple authorizers from distinct geographical locations of the same organization.

[0020] Fig. 1 illustrates an exemplary environment in which some embodiments of the present disclosure may be practiced. As shown, the environment 100 includes an authentication system 102, a substation 105, and a plurality of validation devices 108 (a validation device 1081, a validation device 1082… a validation device 108N, collectively referred as the plurality of validation devices 108). As seen from Fig. 1, a control centre 106 and a circuit breaker 116 may be hosted in the substation 105. In an embodiment, the environment 100 may be an organizational setup comprising the substation 105 including, but not limited to, an electric power substation.

[0021] The control centre 106 may comprise a circuit breaker 116 . As seen from Fig. 1, the control centre 106 is operated by a circuit breaker operator 107. The circuit breaker operator 107 may initiate requests for issuing circuit breaker operations in the control centre 106. In an embodiment, the circuit breaker operator 107 may be one of, an authorized operator or an unauthorized operator. For example, the authorized operator may be any operator associated with the organization. Whereas the unauthorized operator may be either an operator associated with the organization who may be compromised or any person who may not be associated with the organization. The control command requests correspond to a request to gain access to perform the circuit breaker operations.

[0022] The circuit breaker operations may comprise one of opening the circuit breaker 116 or closing the circuit breaker 116. In an embodiment, the authorized circuit breaker operator may open (also referred as break) the circuit breaker 116, (a) when faults like short circuits or overloads are detected leading to emergency scenarios, (b) when maintenance or repairs are required on a section of the electric power substation, or (c) when operations are to be performed as part of routine check, such as switching between different power sources or isolating a section of electric power substation for testing. Further, the authorized circuit breaker operator may close the circuit breaker 116 upon concluding the operations performed while the circuit breaker was open. Particularly, the circuit breaker 116 is closed to restore power to the electric power substation. In an embodiment, the unauthorized circuit breaker operator may initiate the control command request to open or close the circuit breaker 116 to fulfil their personal agenda. In an embodiment, the personal agenda may include, but is not limited to, an insider sabotage, a terrorist coercion to disrupt electric power substation operations, and the like.

[0023] In an embodiment, the plurality of validation devices 108 are configured to perform validation of the control command request initiated by the circuit breaker operator 107. As shown in Fig. 1, the plurality of validation devices 108 (a validation device 1081, a validation device 1082… a validation device 108N, collectively referred as the plurality of validation devices 108) may be operated by a corresponding plurality of authorized agents (an authorized agent 1091, an authorized agent 1092… an authorized agent 109N, collectively referred as the plurality of authorized agents 109). In an embodiment, the plurality of validation devices 108 may be any computing device including, but not limited to, a desktop computer, a mobile phone, a laptop, a server, and the like, which may be located at a distinct geographical location from the control centre 106. According to the present disclosure, implementing the plurality of validation devices 108 at the distinct geographical location from the location of the control centre allows involvement of multiple authorized agents from the organization, having knowledge and awareness regarding circuit breaker operations.

[0024] In an embodiment, the authentication system 102 may be implemented in the electric power substation. In another embodiment, the authentication system 102 may be implemented at a distinct location from the electric power substation. In yet another embodiment, the authentication system 102 may be implemented in any one of the plurality of validation devices 108. In an embodiment, the authentication system 102 may be any computing device including, but not limited to, a desktop computer, a server/cloud server, and the like. In an embodiment, the authentication system 102 may include a Human Machine Interface (HMI) (not shown in Fig. 1) to provide a visual indication that provides authentication results indicating whether the control command request initiated by the circuit breaker operator 107 is accepted or rejected. The authentication system 102 further includes an Input/Output (I/O) interface 110, a memory 112 and a processor 114, as shown in Fig. 1. The authentication system 102 may be connected to the control centre 106 and the plurality of validation devices 108 through a communication network 104. The communication network 104 may be at least one of a wired communication network and a wireless communication network.

[0025] In an exemplary scenario, the organizational setup may be implemented across distinct geographical locations within a defined proximity. The proximity may be defined based on a definite region or distance within which the organizational set up is implemented. For example, the electric power substation comprising the control centre 106 and the circuit breaker 116, may be located at a location A, the validation device 1081 may be located at a location B whereas the validation device 1082 may be located at a location C. In continuation to the above example and according to any one of the embodiments mentioned above, the authentication system 102 may be implemented in any one of the locations, the location A or B or C or a further distinct location D. The locations A, B, C, and D may be further within the definite region E. As discussed in some sections of the present disclosure, the scenario of the control command requests initiated by the circuit breaker operator 107 who may have been compromised may be avoided. The scenario may be avoided as each of the plurality of validation devices 108 are located at the geographical location distinct from the location of the control centre, thereby, allowing involvement of multiple authorized agents from the organization, having knowledge and awareness regarding circuit breaker operations. Therefore, the present disclosure ensures preventing the on-duty operators in the control centre 106 from having a direct control the circuit breaker 116 for their personal agenda.

[0026] Various embodiments of the present disclosure disclose a method performed by the authentication system 102 for authenticating the control command for the circuit breaker 116. The authentication system 102 performs authentication of the control command request initiated by the circuit breaker operator 107. The operations performed by the authentication system 102 are explained in detail with reference to Fig. 2.

[0027] Fig. 2 illustrates an authentication system 102 for authenticating the control command for the circuit breaker, in accordance with an embodiment of the present disclosure. As already explained, the authentication system 102 may communicate with the control centre 106 and each of the plurality of validation devices 108.

[0028] As seen from Fig. 2, the authentication system 102 comprises the I/O interface 110, the memory 112, and the processor 114. In some embodiments, the memory 112 may be communicatively coupled to the processor 114. The memory 112 stores instructions executable by the processor 114. The processor 114 may comprise at least one data processor for authenticating a control command for a circuit breaker. The memory 112 may be communicatively coupled to the processor 114. The memory 112 stores instructions, executable by the processor 114, which, on execution, may cause the processor 114 to authenticate the control command initiated by the circuit breaker operator 107 to either open or close the circuit breaker 116.

[0029] In an embodiment, the memory 112 may include one or more modules 204 and data 202. The one or more modules 204 may be configured to perform the steps of the present disclosure using the data 202 i.e., to authenticate the control command initiated by the circuit breaker operator 107. In an embodiment, each of the one or more modules 204 may be a hardware unit which may be outside the memory 112 and coupled with the memory 112. As used herein, the term modules 204 refers to an Application Specific Integrated Circuit (ASIC), an electronic circuit, a Field-Programmable Gate Arrays (FPGA), Programmable System-on-Chip (PSoC), a combinational logic circuit, and/or other suitable components that provide described functionality. The one or more modules 204 when configured with the described functionality defined in the present disclosure will result in a novel hardware. Further, the I/O interface 110 is coupled with the processor 114 through which an input signal or/and an output signal is communicated. For example, the authentication system 102 may communicate the authentication results to the circuit breaker operator 107 via the I/O interface 110.

[0030] In one implementation, the modules 204 may include, for example, a transceiver module 214, a generation module 216, and miscellaneous modules 218. It will be appreciated that such aforementioned modules 204 may be represented as a single module or a combination of different modules. In one implementation, the data 202 may include, for example, received data 206, generated data 208, and miscellaneous data 212.

[0031] The received data 206 includes the control command request and validation information. The control command request being received from the control centre 106 and the validation information is received from the plurality of validation devices 108.

[0032] The generated data 208 includes the plurality of unique authentication codes and verified data.

[0033] The miscellaneous data 212 may include any miscellaneous data processed by any one of the modules 204.

[0034] In an embodiment, the transceiver module 214 may be configured to receive the control command request of the circuit breaker 116 initiated by the circuit breaker operator 107 from the control centre 106 to initiate the circuit breaker operation. As mentioned in previous sections, the circuit breaker operator 107 may be one of, the authorized operator or the unauthorized operator. In an embodiment, when the operator is the authorized operator, the control command request may be received for performing routine or scheduled operations at the control centre 106. In another embodiment, when the operator is the unauthorized operator, the control command request may be received for performing the operations for their personal agenda. Upon receiving the control command request from the control centre 106, the transceiver module 214 may store the received control command request in the received data 206 and may further send the received data 206 to the generation module 216.

[0035] In an embodiment, the generation module 216 may be configured to receive the data 206 comprising the control command request from the transceiver module 214. Thereafter, the generation module 216 is configured to generate a plurality of unique authentication codes in response to receiving the control command request. In an embodiment, the plurality of unique authentication codes may correspond to One Time Passwords (OTPs). The generated OTPs may be valid only for a predefined time period. In an embodiment, the generation module 216 may be aware of the number of the plurality of validation devices 108 which may be in an active communication to validate the unique authentication codes. Therefore, the generation module 216 may generate a unique authentication code for each of the plurality of validation devices 108. For example, if the plurality of validation devices 108 implemented across the organizational setup correspond to five, then the generation module 216 may also generate only five unique authentication codes. Further, the generation module 216 may store the generated unique authentication codes in the generated data 208. Thereafter, the generation module 216 may send the generated data 208 to the transceiver module 214.

[0036] In an embodiment, the transceiver module 214 may be configured to receive the generated data 208 from the generation module 216. Upon receiving the generated data 208 comprising the plurality of unique authentication codes, the transceiver module 214 may transmit the generated data 208 to each of the corresponding plurality of validation devices 108. In continuation of the previous example, consider five validation devices are implemented in five distinct locations for instance, Bengaluru, Chennai, Delhi, Mumbai, and Kolkata. As observed, the five distinct locations are within the defined proximity which corresponds to each of the cities mentioned above are within India. Further, consider the control centre 106 may be located in Pune. Then, the transceiver module 214 may transmit each of the unique authentication code to each of the five validation devices.

[0037] Each of the plurality of validation devices 108 are configured to receive the corresponding plurality of unique authentication codes. In an embodiment, when any of the validation devices from the plurality of validation devices 108 may fail receive the corresponding plurality of authentication codes, the transceiver module 214 is notified regarding failure. In an embodiment, the failure may occur due to any one of, network instability, network congestion, and the like. Therefore, when the transceiver module 214 may receive the notification indicating the transmission failure, the transceiver module 214 may be configured to retransmit the corresponding unique authentication code to the corresponding validation device.

[0038] Therefore, upon receiving the generated data 208 from the transceiver module 214, each of the plurality of validation devices may be configured to validate the corresponding plurality of unique authentication codes. In an embodiment, each of the plurality of validation devices 108 may be operated by their respective authorized agents 109 to perform validation. Particularly, each of the plurality of validation devices 108 may perform the validation based on a first predefined criteria which may be related to at least one of, time of generation of the plurality of unique authentication codes and supporting information related to the circuit breaker operation. In an embodiment, according to the first predefined criteria, the validation device may validate a unique authentication code based on a predefined schedule defined for the circuit breaker to perform various operations. For example, the each of the plurality of validation devices may perform the validation when the corresponding plurality of authentication codes are received within the predefined schedule.

[0039] Particularly, each of the plurality of validation devices may perform the validation by checking whether the time of generation of the unique authentication code is within the predefined schedule. For example, consider the predefined schedule comprises time periods as given Table 1:

PREDEFINED SCHEDULE
07:00 AM – 08:00 AM
02:00 PM – 03:00 PM
10:00 PM – 11:00 PM

Table 1

Further, consider the time of generation of the unique authentication code is 2:30 PM. Then based on the above predefined schedule, the validation device may validate the unique authentication code. In another example, if the time of generation of the unique authentication code is considered as 10:00 AM, then the validation device may invalidate the unique authentication code. Similarly, each of the plurality of validation devices perform the validation or invalidation of their corresponding plurality of unique authentication codes based on the predefined schedule and the time of generation of the corresponding unique authentication code.

[0040] In an embodiment, upon the invalidating the corresponding unique authentication code, the validation device further detects a presence of the supporting information related to the circuit breaker operation is also received. In an embodiment, the supporting information may include, but is not limited to, an emergency notification, an emergency message, an emergency telephonic communication, and the like. Particularly, the supporting information corresponds to a communication addressing the emergency situation at the control centre 106. Therefore, upon invalidating the unique authentication code, when the validation device detects the presence of supporting information, the validation device proceeds with validating the unique authentication code regardless of the predefined schedule. In an embodiment, the validation device may generate validation information based on a decision of whether the unique authentication code is validated or invalidated. Particularly, when the unique authentication code is validated, the validation device generates the validation information corresponding to a validated authentication code. Whereas, when the unique authentication code is invalidated, the validation device generated the validation information corresponding to a rejection message rejecting the circuit breaker command. Each of the plurality of validation devices 108 are configured to generate the validation information and send the validation information to the transceiver module 214.

[0041] In an embodiment, the transceiver module 214 may be configured to receive the validation information from each of the plurality of validation devices 108. Upon receiving the validation information, the transceiver module 214 may be configured to send a signal to initiate the circuit breaker operation or a signal to abort the circuit breaker operation, to the control centre 106. The transceiver module 214 may be configured to decide on whether the signal to initiate the circuit breaker operation or the signal to abort the circuit breaker operation must be sent, based on a second predefined criteria. The second predefined criteria is related to at least one of time of receipt of the validation information, number of validation devices sending the validation information, and a type of validation information . According to the present disclosure, the signal to initiate the circuit breaker operation, is sent to the control centre 106 in one of the following instances.

[0042] In an embodiment, the first instance corresponds to when the number of validation devices sending the validation information exceeds a predefined threshold number. In an embodiment, in accordance to the first instance, the type of validation information may be indicative of authenticating the circuit breaker operation. In an embodiment, the second instance corresponds to when the validation information authenticating the circuit breaker operation is received within a predefined time period from the time of generation of the plurality of unique authentication codes. Particularly, when the validation information comprises the validated authentication codes, the time of receipt of each of the validated authentication codes and the number of validation devices from which the validated authentication codes are received are verified. In an embodiment, the verification may be performed by the generation module 216. The generation module 216 may perform verification based on the predefined threshold number of validation devices and the predefined time period from the time of generation of the plurality of unique authentication codes. In an embodiment, the predefined threshold number may be lesser than the number of the plurality of validation devices.

[0043] In a first example, consider five unique authentication codes are generated and sent to five distinct validation devices. Further, consider time of generation of each of five unique authentication codes is 2:30 PM. However, consider only four validated authentication codes are received from the corresponding four validation devices. Further, the time of receipt of the four validated authentication codes correspond to 2:32 PM, 2:34 PM, 2:31 PM, and 2:34 PM, respectively. Furthermore, consider the predefined threshold number of validation devices corresponds to four and the predefined time period corresponds to “5 minutes”. Therefore, according to the second predefined criteria and considering the above example, the verification module may determine that the validated authentication codes are received from at least four out of five validation devices and further determines that the time of receipt of each of the four validated authentication codes is within “5 minutes”. Therefore, the verification module may generate verification results comprising the signal to initiate the circuit breaker operation. In an embodiment, the verification module may store the verification results in miscellaneous data 212. Thereafter, the verification module may send the verification results to the transceiver module 214. In an embodiment, the transceiver module 214 may send the signal to initiate the circuit breaker operation to the control centre 106.

[0044] In a second example, consider similar scenario as given under the first example. In one instance, consider only three validated authentication codes are received from the corresponding three validation devices. Further, consider time of generation of each of five unique authentication codes is 2:30 PM. Further, the time of receipt of the three validated authentication codes correspond to 2:32 PM, 2:34 PM, and 2:34 PM, respectively. Similar to the first example, consider the predefined threshold number of validation devices corresponds to four and the predefined time period corresponds to “5 minutes”. Therefore, according to the second predefined criteria and considering the above example, the verification module may determine that though that the time of receipt of each of the three validated authentication codes is within “5 minutes”, the validated authentication codes are received only from three out of five validation devices. Therefore, the verification module may generate verification results comprising the signal to abort the circuit breaker operation. Thereafter, the verification module may send the verification results to the transceiver module 214. In an embodiment, the transceiver module 214 may send the signal to abort the circuit breaker operation to the control centre 106.

[0045] In continuation to the second example, consider another instance with four validated authentication codes being received from the corresponding four validation devices. Further, consider time of generation of each of five unique authentication codes is 2:30 PM. Further, the time of receipt of the four validated authentication codes correspond to 2:32 PM, 2:34 PM, 2:31 PM, and 2:40 PM, respectively. Similar to the previous example, consider the predefined threshold number of validation devices corresponds to four and the predefined time period corresponds to “5 minutes”. Therefore, according to the second predefined criteria and considering the above example, the verification module may determine that though the validated authentication codes are received from at least four out of five validation devices, the time of receipt of the fourth validated authentication code exceeds the predefined time period of “5 minutes”. As the time of generation of each of four unique authentication codes is 2:30 PM, the validated authentication code must be received by 2:35 PM. However, since the fourth validation device fails to validate the unique authentication code within the predefined time period, the verification module does not verify the fourth validated authentication code. Therefore, the verification module may generate verification results comprising the signal to abort the circuit breaker operation. Thereafter, the verification module may send the verification results to the transceiver module 214. In an embodiment, the transceiver module 214 may send the signal to abort the circuit breaker operation to the control centre 106.

[0046] Thereafter, upon sending one of, the signal to initiate or abort the circuit breaker operation, the circuit breaker operator 107 may receive the signal. Based on the signal, the circuit breaker operator 107 may gain access to obtain control over performing the circuit breaker operation. In an embodiment, the circuit breaker operation may be one of, opening the circuit breaker 116 or closing the circuit breaker 116. In one example, if the circuit breaker operator 107 may be an unauthorized operator, then according to the embodiments of the present disclosure, the circuit breaker operator 107 may not gain access as the signal received at the control centre 106 may correspond to the abort signal. In another example, if the circuit breaker operator 107 may be an authorized operator, then according to the embodiments of the present disclosure, the circuit breaker operator 107 may gain access as the signal received at the control centre 106 may correspond to the initiation signal, considering the control command request is verified as a genuine request by the plurality of authorized agents 109. In this manner, the present disclosure overcomes the limitations in the existing power systems by introducing a multi-party authentication utilizing generation of a plurality of unique authentication codes in response to receiving the control command request. Furthermore, locating each of the plurality of validation devices at a geographical location distinct from a location of the control centre allows involvement of multiple authorized agents from the organization, having knowledge and awareness regarding circuit breaker operations. Therefore, the present disclosure ensures preventing the on-duty operators in the control center from having a direct control the circuit breaker for their personal agenda.

[0047] Fig. 3 shows an exemplary flowchart illustrating method steps for authenticating a control command for a circuit breaker, in accordance with some embodiments of the present disclosure. As illustrated in Fig. 3, the method 300 may comprise one or more steps. The method 300 may be described in the general context of computer executable instructions. Generally, computer executable instructions can include routines, programs, objects, components, data structures, procedures, modules, and functions, which perform particular functions or implement particular abstract data types.

[0048] The order in which the method 300 is described is not intended to be construed as a limitation, and any number of the described method blocks can be combined in any order to implement the method. Additionally, individual blocks may be deleted from the methods without departing from the scope of the subject matter described herein. Furthermore, the method can be implemented in any suitable hardware, software, firmware, or combination thereof.

[0049] At step 302, the authentication system 102 may receive the control command request of the circuit breaker 116 initiated by the circuit breaker operator 107. The control command request may be received from the control centre 106 of the organization to initiate the circuit breaker operation. The control breaker operation may correspond to one of opening the circuit breaker 116 or closing the circuit breaker 116. The circuit breaker operator 107 may be one of the authorized operator or the unauthorized operator.

[0050] At step 304, the authentication system 102 may generate the plurality of unique authentication codes in response to receiving the control command request. In an embodiment, the unique authentication codes may be generated for each of the plurality of validation devices 108 implemented in the organization.

[0051] At step 306, the authentication system 102 may send each of the plurality of unique authentication codes for validation, to the corresponding validation device of a plurality of validation devices 108 operated by authorized agents 109. In an embodiment, each of the plurality of validation devices 108 are located at the geographical location distinct from the location of the control centre. The control centre of the circuit breaker 116, the authentication system 102, and the plurality of validation devices 108 are within a defined proximity.

[0052] At step 308, the authentication system 102 may receive validation information from the plurality of validation devices 108. The validation information may be regulated by the first predefined criteria related to at least one of the time of generation of the plurality of unique authentication codes and the supporting information related to the circuit breaker operation. In an embodiment, the validation information comprises one of validated authentication codes authenticating the circuit breaker operation or rejection messages rejecting the circuit breaker operation.

[0053] At step 310, the authentication system 102 may send one of the signal to initiate the circuit breaker operation or the signal to abort the circuit breaker operation, to the control centre 106 based on the second predefined criteria. In an embodiment, the second predefined criteria may be related to at least one of, the time of receipt of the validation information, the number of validation devices sending the validation information, and the type of validation information . In an embodiment, the predefined threshold number may be lesser than the number of the plurality of validation devices 108.

COMPUTER SYSTEM

[0054] Fig. 4 illustrates a block diagram of an exemplary computer system for implementing embodiments consistent with the present disclosure. In an embodiment, the computer system 400 may be used to implement the authentication system 102. Thus, the computer system 400 may be used for authenticating the control command for the circuit breaker 116. The computer system 400 may comprise a Central Processing Unit 402 (also referred as “CPU” or “processor”). The processor 402 may comprise at least one data processor. The processor 402 may include specialized processing units such as integrated system (bus) controllers, memory management control units, floating point units, graphics processing units, digital signal processing units, etc.

[0055] The processor 402 may be disposed in communication with one or more input/output (I/O) devices via I/O interface 401. The I/O interface 401 may employ communication protocols/methods such as, without limitation, audio, analog, digital, monoaural, RCA, stereo, IEEE (Institute of Electrical and Electronics Engineers) -1394, serial bus, universal serial bus (USB), infrared, PS/2, BNC, coaxial, component, composite, digital visual interface (DVI), high-definition multimedia interface (HDMI), Radio Frequency (RF) antennas, S-Video, VGA, IEEE 408.n /b/g/n/x, Bluetooth, cellular (e.g., code-division multiple access (CDMA), high-speed packet access (HSPA+), global system for mobile communications (GSM), long-term evolution (LTE), WiMax, or the like), etc.

[0056] Using the I/O interface 401, the computer system 400 may communicate with one or more I/O devices. For example, the input device 410 may be an antenna, keyboard, mouse, joystick, (infrared) remote control, camera, card reader, fax machine, dongle, biometric reader, microphone, touch screen, touchpad, trackball, stylus, scanner, storage device, transceiver, video device/source, etc. The output device 411 may be a printer, fax machine, video display (e.g., cathode ray tube (CRT), liquid crystal display (LCD), light-emitting diode (LED), plasma, Plasma display panel (PDP), Organic light-emitting diode display (OLED) or the like), audio speaker, etc.

[0057] The processor 402 may be disposed in communication with the communication network 104 via a network interface 403. The network interface 403 may communicate with the communication network 104. The network interface 403 may employ connection protocols including, without limitation, direct connect, Ethernet (e.g., twisted pair 10/100/1000 Base T), transmission control protocol/internet protocol (TCP/IP), token ring, IEEE 408.11a/b/g/n/x, etc. The communication network 104 may include, without limitation, a direct interconnection, local area network (LAN), wide area network (WAN), wireless network (e.g., using Wireless Application Protocol), the Internet, etc. The network interface 403 may employ connection protocols include, but not limited to, direct connect, Ethernet (e.g., twisted pair 10/100/1000 Base T), transmission control protocol/internet protocol (TCP/IP), token ring, IEEE 408.11a/b/g/n/x, etc.

[0058] The communication network 104 includes, but is not limited to, a direct interconnection, an e-commerce network, a peer to peer (P2P) network, local area network (LAN), wide area network (WAN), wireless network (e.g., using Wireless Application Protocol), the Internet, Wi-Fi, and such. The first network and the second network may either be a dedicated network or a shared network, which represents an association of the different types of networks that use a variety of protocols, for example, Hypertext Transfer Protocol (HTTP), Transmission Control Protocol/Internet Protocol (TCP/IP), Wireless Application Protocol (WAP), etc., to communicate with each other. Further, the first network and the second network may include a variety of network devices, including routers, bridges, servers, computing devices, storage devices, etc.

[0059] In some embodiments, the processor 402 may be disposed in communication with a memory 405 (e.g., RAM, ROM, etc. not shown in Figure 8) via a storage interface 404. The storage interface 404 may connect to memory 405 including, without limitation, memory drives, removable disc drives, etc., employing connection protocols such as serial advanced technology attachment (SATA), Integrated Drive Electronics (IDE), IEEE-1394, Universal Serial Bus (USB), fiber channel, Small Computer Systems Interface (SCSI), etc. The memory drives may further include a drum, magnetic disc drive, magneto-optical drive, optical drive, Redundant Array of Independent Discs (RAID), solid-state memory devices, solid-state drives, etc.

[0060] The memory 405 may store a collection of program or database components, including, without limitation, user interface 406, an operating system 407, web browser 408, etc. In some embodiments, the computer system 400 may store user/application data, such as, the data, variables, records, etc., as described in this disclosure. Such databases may be implemented as fault-tolerant, relational, scalable, secure databases such as Oracle ® or Sybase®.

[0061] The operating system 407 may facilitate resource management and operation of the computer system 400. Examples of operating systems include, without limitation, APPLE MACINTOSHR OS X, UNIXR, UNIX-like system distributions (E.G., BERKELEY SOFTWARE DISTRIBUTIONTM (BSD), FREEBSDTM, NETBSDTM, OPENBSDTM, etc.), LINUX DISTRIBUTIONSTM (E.G., RED HATTM, UBUNTUTM, KUBUNTUTM, etc.), IBMTM OS/2, MICROSOFTTM WINDOWSTM (XPTM, VISTATM/7/8, 10 etc.), APPLER IOSTM, GOOGLER ANDROIDTM, BLACKBERRYR OS, or the like.

[0062] In some embodiments, the computer system 400 may implement the web browser 408 stored program component. The web browser 408 may be a hypertext viewing application, for example MICROSOFTR INTERNET EXPLORERTM, GOOGLER CHROMETM0, MOZILLAR FIREFOXTM, APPLER SAFARITM, etc. Secure web browsing may be provided using Secure Hypertext Transport Protocol (HTTPS), Secure Sockets Layer (SSL), Transport Layer Security (TLS), etc. Web browsers 408 may utilize facilities such as AJAXTM, DHTMLTM, ADOBER FLASHTM, JAVASCRIPTTM, JAVATM, Application Programming Interfaces (APIs), etc. In some embodiments, the computer system 400 may implement a mail server (not shown in Figure) stored program component. The mail server may be an Internet mail server such as Microsoft Exchange, or the like. The mail server may utilize facilities such as ASPTM, ACTIVEXTM, ANSITM C++/C#, MICROSOFTR, .NETTM, CGI SCRIPTSTM, JAVATM, JAVASCRIPTTM, PERLTM, PHPTM, PYTHONTM, WEBOBJECTSTM, etc. The mail server may utilize communication protocols such as Internet Message Access Protocol (IMAP), Messaging Application Programming Interface (MAPI), MICROSOFTR exchange, Post Office Protocol (POP), Simple Mail Transfer Protocol (SMTP), or the like. In some embodiments, the computer system 400 may implement a mail client stored program component. The mail client (not shown in Figure) may be a mail viewing application, such as APPLER MAILTM, MICROSOFTR ENTOURAGETM, MICROSOFTR OUTLOOKTM, MOZILLAR THUNDERBIRDTM, etc.

[0063] Furthermore, one or more computer-readable storage media may be utilized in implementing embodiments consistent with the present disclosure. A computer-readable storage medium refers to any type of physical memory on which information or data readable by a processor may be stored. Thus, a computer-readable storage medium may store instructions for execution by one or more processors, including instructions for causing the processor(s) to perform steps or stages consistent with the embodiments described herein. The term “computer-readable medium” should be understood to include tangible items and exclude carrier waves and transient signals, i.e., be non-transitory. Examples include Random Access Memory (RAM), Read-Only Memory (ROM), volatile memory, non-volatile memory, hard drives, Compact Disc Read-Only Memory (CD ROMs), Digital Video Disc (DVDs), flash drives, disks, and any other known physical storage media.

[0064] Embodiments of the present disclosure provides methods and systems for authenticating a control command for a circuit breaker. The existing power system controls may be compromised during an unauthorized access. The present disclosure addresses situations when the circuit breaker control commands are issued from an unauthorized operator or from an authorized operator who is under duress.

[0065] Therefore, to solve the above-mentioned problem, the present disclosure discloses a method and an authorization system for authenticating the control command for the circuit breaker. Particularly, the present disclosure overcomes the limitations in the existing power systems by introducing a multi-party authentication utilizing generation of a plurality of unique authentication codes in response to receiving the control command. According to the present disclosure, each of the plurality of unique authentication codes are sent for validation, to a plurality of validation devices operated by authorized agents working in same organization.

[0066] Advantageously, each of the plurality of validation devices are located at a geographical location distinct from a location of the control centre, thereby, allowing involvement of multiple authorized agents from the organization, having knowledge and awareness regarding circuit breaker operations. Therefore, the present disclosure ensures preventing the on-duty operators in the control center from having a direct control of the circuit breaker for their personal agenda or vendetta. Furthermore, the impact of unlawful individual’s influence on the on-duty operator in the control center is minimized by involving multiple authorizers from distinct geographical locations of the same organization.

[0067] The terms "an embodiment", "embodiment", "embodiments", "the embodiment", "the embodiments", "one or more embodiments", "some embodiments", and "one embodiment" mean "one or more (but not all) embodiments of the invention(s)" unless expressly specified otherwise.

[0068] The terms "including", "comprising", “having” and variations thereof mean "including but not limited to", unless expressly specified otherwise.

[0069] The enumerated listing of items does not imply that any or all of the items are mutually exclusive, unless expressly specified otherwise. The terms "a", "an" and "the" mean "one or more", unless expressly specified otherwise.

[0070] A description of an embodiment with several components in communication with each other does not imply that all such components are required. On the contrary a variety of optional components are described to illustrate the wide variety of possible embodiments of the invention.

[0071] When a single device or article is described herein, it will be readily apparent that more than one device/article (whether or not they cooperate) may be used in place of a single device/article. Similarly, where more than one device or article is described herein (whether or not they cooperate), it will be readily apparent that a single device/article may be used in place of the more than one device or article or a different number of devices/articles may be used instead of the shown number of devices or programs. The functionality and/or the features of a device may be alternatively embodied by one or more other devices which are not explicitly described as having such functionality/features. Thus, other embodiments of the invention need not include the device itself.

[0072] The illustrated operations of Fig. 3 show certain events occurring in a certain order. In alternative embodiments, certain operations may be performed in a different order, modified, or removed. Moreover, steps may be added to the above-described logic and still conform to the described embodiments. Further, operations described herein may occur sequentially or certain operations may be processed in parallel. Yet further, operations may be performed by a single processing unit or by distributed processing units.

[0073] Finally, the language used in the specification has been principally selected for readability and instructional purposes, and it may not have been selected to delineate or circumscribe the inventive subject matter. It is therefore intended that the scope of the invention be limited not by this detailed description, but rather by any claims that issue on an application based here on. Accordingly, the disclosure of the embodiments of the invention is intended to be illustrative, but not limiting, of the scope of the invention, which is set forth in the following claims.

[0074] While various aspects and embodiments have been disclosed herein, other aspects and embodiments will be apparent to those skilled in the art. The various aspects and embodiments disclosed herein are for purposes of illustration and are not intended to be limiting, with the true scope being indicated by the following claims.

Referral Numerals:

Referral number Description
100 Exemplary environment
102 Authentication system
104 Communication network
105 Substation
106 Control centre
107 Circuit breaker operator
108 (1081 to 108N) Plurality of validation devices
109 (1091 to 109N) Authorized agents
110 I/O interface
112 Memory
114 Processor
116 Circuit breaker
202 Data
204 Modules
206 Received data
208 Generated data
212 Miscellaneous data
214 Transceiver module
216 Generation module
218 Miscellaneous modules
400 Computer system
401 I/O interface
402 Processor
403 Network interface
404 Storage interface
405 Memory
406 User interface
407 Operating system
408 Web browser
410 Input device
411 Output device , Claims:1. A method of authenticating a control command for a circuit breaker (116), the method comprising:
receiving (302), by an authentication system (102), a control command request of a circuit breaker (116) initiated by a circuit breaker operator (107) from a control centre (106) of an organization to initiate a circuit breaker operation;
generating (304), by the authentication system (102), a plurality of unique authentication codes in response to receiving the control command request;
sending (306), by the authentication system (102), each of the plurality of unique authentication codes for validation, to a corresponding validation device of a plurality of validation devices (108) operated by authorized agents (109), wherein each of the plurality of validation devices (108) are located at a geographical location distinct from a location of the control centre (106);
receiving (308), by the authentication system (102), validation information from the plurality of validation devices (108), wherein the validation information is regulated by a first predefined criteria related to at least one of time of generation of the plurality of unique authentication codes, and supporting information related to the circuit breaker operation; and
sending (310), by the authentication system (102), one of a signal to initiate the circuit breaker operation or a signal to abort the circuit breaker operation, to the control centre (106) based on a second predefined criteria related to at least one of time of receipt of the validation information, number of validation devices sending the validation information, and a type of validation information.

2. The method as claimed in claim 1, wherein the circuit breaker operator (107) is one of an authorized operator or an unauthorized operator.

3. The method as claimed in claim 1, wherein the control centre (106) of the circuit breaker (116), the authentication system (102) and the plurality of validation devices (108) are within a defined proximity.

4. The method as claimed in claim 1, wherein the validation information comprises one of validated authentication codes authenticating the circuit breaker operation or rejection messages rejecting the circuit breaker operation.

5. The method as claimed in claim 1, wherein in accordance with the second predefined criteria, the signal to initiate the circuit breaker operation, is sent to the control centre (106):
when the number of validation devices sending the validation information exceeds a predefined threshold number, wherein the type of validation information indicates authenticating the circuit breaker operation, and
when the validation information authenticating the circuit breaker operation is received within a predefined time period from the time of generation of the plurality of unique authentication codes.

6. The method as claimed in claim 1, wherein in accordance with the second predefined criteria, the signal to abort the circuit breaker operation, is sent to the control centre (106):
when the number of validation devices sending the validation information does not exceed a predefined threshold number, wherein the type of validation information indicates rejecting the circuit breaker operation, or
when the validation information rejecting the circuit breaker operation is not received within a predefined time period from the time of generation of the plurality of unique authentication codes.

7. The method as claimed in claim 5 or 6, wherein the predefined threshold number is lesser than a number of the plurality of validation devices (108).

8. An authentication system (102) for authenticating a control command for a circuit breaker (116), comprising:
a processor (114); and
a memory (112) communicatively coupled to the processor (114), wherein the memory (112) stores processor instructions, which, on execution, causes the processor (114) to:
receive a control command request of a circuit breaker (116) initiated by a circuit breaker operator (107) from a control centre (106) of an organization to initiate a circuit breaker operation;
generate a plurality of unique authentication codes in response to receiving the control command request;
send each of the plurality of unique authentication codes for validation, to a corresponding validation device of a plurality of validation devices (108) operated by authorized agents (109), wherein each of the plurality of validation devices (108) are located at a geographical location distinct from a location of the control centre (106);
receive validation information from the plurality of validation devices (108), wherein the validation information is regulated by a first predefined criteria related to at least one of, time of generation of the plurality of unique authentication codes, and supporting information related to the circuit breaker operation; and
send one of a signal to initiate the circuit breaker operation or a signal to abort the circuit breaker operation, to the control centre (106) based on a second predefined criteria related to at least one of time of receipt of the validation information, number of validation devices sending the validation information, and a type of validation information.

9. The authentication system (102) as claimed in claim 8, wherein the circuit breaker operator (107) is one of an authorized operator or an unauthorized operator.

10. The authentication system (102) as claimed in claim 8, wherein the control centre (106) of the circuit breaker (116), the authentication system (102) and the plurality of validation devices (108) are within a defined proximity.

11. The authentication system (102) as claimed in claim 8, wherein the validation information comprises one of validated authentication codes authenticating the circuit breaker operation or rejection messages rejecting the circuit breaker operation.

12. The authentication system (102) as claimed in claim 8, wherein in accordance with the second predefined criteria, the processor is configured to send the signal to initiate the circuit breaker operation, to the control centre (106):
when the number of validation devices sending the validation information exceeds a predefined threshold number, wherein the type of validation information indicates authenticating the circuit breaker operation, and
when the validation information authenticating the circuit breaker operation is received within a predefined time period from the time of generation of the plurality of unique authentication codes.

13. The method as claimed in claim 8, wherein in accordance with the second predefined criteria, the processor is configured to send the signal to abort the circuit breaker operation, to the control centre (106):
when the number of validation devices sending the validation information does not exceed a predefined threshold number, wherein the type of validation information indicates rejecting the circuit breaker operation, or
when the validation information rejecting the circuit breaker operation is not received within a predefined time period from the time of generation of the plurality of unique authentication codes.

14. The method as claimed in claim 12 or 13, wherein the predefined threshold number is lesser than a number of the plurality of validation devices (108).