1. A back office system for utility applications, the system comprising:a data center configured to communicate with a plurality of nodes in a first wireless network via at least one access point which serves as an interface between the nodes in the first wireless network and a second wireless network through which the data center and the least one access point communicate, the data center being configured to transmit commands to the nodes and receive requests from the nodes via the at least one access point;
a physically secure environment in the data center, the physically secure environment having access restricted thereto;
at least one server external to said physically secure environment in the data center, the at least one server configured to execute one or more application programs associated with operations of a utility, at least some of said application programs having an interface for receiving remote requests from the nodes outside of the data center to perform functions pertaining to the operations of the utility;
a hardware security module located within said physically secure environment and storing a secret key;
an authorization engine, located within said physically secure environment, configured to receive remote requests directed to said application programs and to provide authorized requests, that are signed in accordance with said secret key; a policy module, located within said physically secure environment, configured to process the remote requests in accordance with business logic associated with said application programs, and to selectively enable the requests to be authorized by said authorization engine based on the business logic and a type of the remote requests, the business logic including a type requirement in which remote requests are categorized according to one of a first type in which the requests are required to be signed with the
secret key in order to be authorized by the authorization engine, and a second type in which the requests are not required to be signed with the secret key in order to be authorized by the authorization engine; and at least one secure server, external to the data center, that, in response to an indication that security of the physically secure environment at the data center has been compromised, issues a command to the at least one access point to configure a certificate revocation list indicating that a certificate associated with the physically secure environment, whose security is compromised, is invalid, and issues a command to the nodes to load the certificate revocation list from any one of the at least one access point.