[go: up one dir, main page]

WO2009100733A1 - Transmission sûre de données à un appareil de champ - Google Patents

Transmission sûre de données à un appareil de champ Download PDF

Info

Publication number
WO2009100733A1
WO2009100733A1 PCT/EP2008/001123 EP2008001123W WO2009100733A1 WO 2009100733 A1 WO2009100733 A1 WO 2009100733A1 EP 2008001123 W EP2008001123 W EP 2008001123W WO 2009100733 A1 WO2009100733 A1 WO 2009100733A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
field device
transmitted
transmission
random string
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/EP2008/001123
Other languages
German (de)
English (en)
Inventor
Götz NEUMANN
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Siemens AG
Siemens Corp
Original Assignee
Siemens AG
Siemens Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Siemens AG, Siemens Corp filed Critical Siemens AG
Priority to EP08715763A priority Critical patent/EP2243058A1/fr
Priority to PCT/EP2008/001123 priority patent/WO2009100733A1/fr
Publication of WO2009100733A1 publication Critical patent/WO2009100733A1/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B19/00Programme-control systems
    • G05B19/02Programme-control systems electric
    • G05B19/04Programme control other than numerical control, i.e. in sequence controllers or logic controllers
    • G05B19/042Programme control other than numerical control, i.e. in sequence controllers or logic controllers using digital processors
    • G05B19/0428Safety, monitoring
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B19/00Programme-control systems
    • G05B19/02Programme-control systems electric
    • G05B19/418Total factory control, i.e. centrally controlling a plurality of machines, e.g. direct or distributed numerical control [DNC], flexible manufacturing systems [FMS], integrated manufacturing systems [IMS] or computer integrated manufacturing [CIM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B2219/00Program-control systems
    • G05B2219/20Pc systems
    • G05B2219/24Pc safety
    • G05B2219/24097Camera monitors controlled machine
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B2219/00Program-control systems
    • G05B2219/20Pc systems
    • G05B2219/24Pc safety
    • G05B2219/24167Encryption, password, user access privileges
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B2219/00Program-control systems
    • G05B2219/30Nc systems
    • G05B2219/36Nc in input of data, input key till input tape
    • G05B2219/36542Cryptography, encrypt, access, authorize with key, code, password

Definitions

  • the invention relates to a method for transmitting data from an external data processing device to an electric field device of an automation system and an electric field device with a control device configured for this purpose.
  • a field device can be used in an electrical energy supply network for monitoring and / or controlling primary components of the energy supply network.
  • primary components are, for example, generators, converters, transformers, motors and electrical energy transmission lines of the power supply network.
  • the field device can, for example, record current and voltage measured values which indicate the current state of the electrical energy supply network.
  • the electric field device control commands such as a Command for opening or closing a second power switch in the electrical power supply network, deliver.
  • Control of sensitive equipment to the energy supply of entire cities or regions are used, they are to protect against unauthorized access.
  • they are usually arranged in correspondingly secured areas to which only appropriately authorized personnel have access.
  • Such secured areas can be protected, for example, by doors or barriers;
  • a camera monitoring takes place in order to recognize unauthorized third party access to the field devices as quickly as possible or to be able to completely prevent them.
  • electric field devices usually have an input device, such as a keypad, and a display device, such as a keyboard. As a display, on.
  • a display device such as a keyboard
  • the input device can be some or all
  • Functions can be called directly on the electric field device. Functions relevant to the safety of the automated process, e.g. the installation of sensitive data (for example configuration data) can usually only be carried out after entering a corresponding password.
  • sensitive data for example configuration data
  • Field devices are offered by the applicant, for example, in the form of electrical protection devices under the device series "SIPROTEC.”
  • SIPROTEC 4 field devices from Siemens AG, issue: 21.06.04, order No. E50417-H1100-C151-A6, shows electrical field devices
  • the keypad can be used to call up all the functions of the electric field device.To carry out sensitive functions, a corresponding password must be entered in the input field.
  • the field devices also have their front panel As a data interface, a so-called user interface in the form of a serial plug-in connection can be connected to this user interface via a serial data transmission interface.
  • An external computer on which an operating / monitoring and / or parameterization software runs, must be connected. With the help of this software, settings in the device can be made and changed and the operation and observation of the device can be performed.
  • the devices can also be equipped with a data interface in the form of an Ethernet interface, which enables a network connection of the device.
  • a data interface in the form of an Ethernet interface, which enables a network connection of the device.
  • the control of sensitive functions of the electric field device via the Ethernet interface is blocked by default for security reasons, but can also be approved by the operator of the field device by appropriate settings.
  • the invention has the object of providing a transfer of data to an electric Feldgerat with simple means even safer.
  • the stated object is achieved by a method in which an electronic request is received by the field device, which announces a transmission of the data to the electric field device and generates a random string in response to the request in the field device and is output from a local output device of the field device.
  • the random data string is received by the external data processing device and the data to be transmitted are linked in the external data processing device to the random string while generating a data packet.
  • the data packet is transmitted to the field device, which performs a check of the transmitted data packet using the random string. If the test result is positive, the data is extracted from the data packet and transmitted to a memory device of the field device.
  • the invention makes use of the fact already mentioned above that electric field devices which are used to carry out safety-critical tasks are usually accommodated in specially protected areas, such as, for example, closed areas and optionally additionally monitored areas. Usually only authorized personnel have access to such areas.
  • a local output device such as a display, it can be ensured that a spying out of the random character sequence by third parties that do not have access to the secure Area is prevented.
  • an employee of the operator of the automation system can be present locally to read the random sequence of characters and the read random string can be transmitted to another employee who operates the external data processing device.
  • a reading and transmission of the random string can also take place, for example, via a camera system which transmits the recorded data to the external data processing.
  • the random string is needed to generate the data packet containing the data to be transmitted, the need for a password query is also unnecessary. Furthermore, since the random string is generated directly by the field device, there is no longer any need for a standard password assigned by the manufacturer and the associated risk.
  • An advantageous embodiment of the method according to the invention provides that the transmission of the random string from the field device to the external data processing device on the one hand and the transmission of the data packet from the external data processing device to the field device on the other hand with different communication means.
  • one of the communication means is a telecommunication connection for the transmission of voice data.
  • Telecommunications connections are largely flat available available and thus represent a simple means for transmitting the random string or the data packet. Furthermore, there is the possibility of encrypted or otherwise secured telecommunication connections, so that interception can be made more difficult.
  • a further advantageous embodiment of the invention is specified in that the data packet is generated by encryption or digital signature of the data using the random string. Sufficiently safe
  • Encryption and signature methods such as a PGP encryption method, are widely used and readily available.
  • a further advantageous embodiment of the method according to the invention also provides for the data to comprise a digital certificate and / or configuration data for configuring the field device.
  • a digital certificate uses the automation system for secure data transmission between several devices, while configuration data comprise the parameters and settings necessary for the proper operation of the field device.
  • Such adjustments may include, for example, thresholds for the execution of Schutzalgorith ⁇ men or roles and rights settings that allow users access to approved loading device functions of the electric field device or prohibited.
  • the data comprises a command call to execute a function of the field device and the field device carries out the corresponding function if the check result is positive.
  • a further advantageous embodiment of the method according to the invention also provides that after transferring the data to the memory device of the field device, the random string is deleted.
  • an electric field device with a control device and a local output device, in which the control device is designed such that it in response to the receipt of an electronic request, which announces a transmission of data to the electric Feldgerat a Random string generated and output by means of the local output device.
  • this randomly generated string which is only locally output, can be used below to secure the transmission of the data to the field device.
  • Figure 2 is a schematic flow diagram of a method for
  • FIG. 1 shows an automation system of which, for the sake of simplicity, only one electric field device 10 and two options of an external data processing device 14a or 14b are shown.
  • the field device has a local input device 11 in the form of a keypad and a local output device 12 in the form of a device display and serves, for example, for controlling and monitoring a part of an electrical energy supply network not shown in FIG. 1 for the sake of simplicity.
  • the Feldgerat 10 may be, for example, an electrical protection device, a Leitgerat or a so-called power quality device.
  • the electric field device 10 is connected via a network connection to a data bus 13, shown only partially in FIG. 1, of a communication network of the automation system.
  • the external data processing device 14a in the form of a personal computer.
  • this external data processing device 14a may be a personal computer in a control center for controlling and monitoring the electrical power supply network.
  • the external data processing device 14a can, for example, have operating and monitoring software with which Functions and measurements of the electric field device can be accessed.
  • the operating and monitoring software can also be formed by a so-called configuration tool with which settings of the electric field device 10 can be programmed and transmitted to the electric field device 10 in the form of a so-called parameter set.
  • a portable external data processing device 14b may be provided, which may be, for example, a portable computer, e.g. a laptop, which can also be equipped with operating and monitoring software.
  • a portable external data processing device 14b can be used, for example, to access a local interface of the electric field device 10 via a wired or wireless connection, as indicated in FIG. 1 only by a data connection 15 shown in dashed lines, and via this a temporary data connection form the electric Feldgerat 10.
  • Digital certificates are used, for example, in an encrypted data transmission within the automation system (i.e., for example between several field devices or a field device and a control center computer) in order to confirm an assignment of a closure used for encryption with the associated electrical device.
  • the view in FIG. 2 is subdivided into method steps which are carried out in the electric field device 10, for example by a microprocessor-controlled control device, and those which are carried out in the external data processing device 14a.
  • the Feldgerat 10 is housed in a secure area, which is accessible only to authorized personnel.
  • a first step 20 an electronic inquiry, which announces a transmission of the certificate, is generated and transmitted to the electric field device 10.
  • step 21 the electric field device 10 receives the electronic request.
  • step 20 that is to say the generation of the electronic request, takes place within the data processing device 14a.
  • the electronic request can also be generated locally on the electric field device 10, for example via an input device or a data processing device connected locally to the electric field device 10.
  • the electric field device 10 In response to the electronic request, in a step 22, the electric field device 10 generates a random string designated "RND" in Figure 2 and outputs it to a local output device in step 23.
  • the local output device is preferably However, another type of output, for example an acoustic output, may also be provided, In this connection it is important that the output of the generated random string RND takes place exclusively locally on the electric field device 10 and therefore outside the secured area, In this way it can be ensured that only persons who are in an authorized manner with the electric field device 10, can get in knowledge of the random string.
  • step 23 the random character sequence RND is output with a local output device of the electric field device and read there, for example, by an on-site employee of the operator of the automation system and to another employee who controls the operation of the external data processing device 14a, transmitted.
  • the transmission can take place here, for example, via a telecommunication connection for the transmission of voice data.
  • a telecommunication connection is available almost flat cover and therefore represents a simple possibility for the transmission of the random string RND.
  • the Zufallszei ⁇ chen chenate automatically on the electrical field device 10
  • the external data processing device 14a is detected and transmitted to the external data processing device 14a, either read by an employee of the automation system and input to the external data processing device or converted by means of a character recognition program into computer-readable characters and thus provided to the external data processing device 14.
  • the key used for the encryption of the data DAT to be transmitted is formed on the basis of the random string RND.
  • a digital signature of the data DAT to be transmitted can also take place by means of the random string RND, in which case there is the danger that the data DAT to be transmitted can be spied out in clear form when transmitted to the electric field device 10.
  • the transmission of the data packet DP is preferably effected via a communication means that is different from that communica ⁇ tion medium, which has been previously used for transmitting the random string RND. In this way, the security of the method is further increased because an unauthorized third party aufspa now both communication means - to get all the necessary information necessary to manipulatively access the electric field device 10.
  • the electric field device 10 receives in step 27 the data packet DP and checks in step 28 with the aid of the known random string RND the received data packet DP for accuracy. In this case, the control device of the electric field device 10 checks whether the data packet DP has been linked to the correct random string RND.
  • the electric field device 10 for example, using the random string RND attempt to decrypt the data packet DP.
  • the key likewise ⁇ used to encrypt the data packet DP has been formed on the basis if the correct random string RND, the decryption of the data packet DP using the random string RND can be carried out successfully.
  • a comparatively secure method can be specified by simple means in order to transmit data from an external data processing device 14a to the electric field device 10.
  • the security of the method is based in particular that the Zufallszei ⁇ chenate RND is output to the electrical field device 10 is merely locally and outside the protected area, in which the electrical field device 10 is located, can not be gespaht up.
  • the transmission of the If the RND string and the data packet DP formed using the random string use different communication means, for example a telecommunication connection for transmitting the random string RND and a data transmission network for transmitting the data packet DP, the tracking of these two pieces of information by a third party is made even more difficult as it involves a plurality of different communication means had to monitor and listen.
  • different communication means for example a telecommunication connection for transmitting the random string RND and a data transmission network for transmitting the data packet DP
  • configuration data for setting parameters and functions of the electric field device 10 or certain safety-relevant commands can also be transmitted from the external data processing device 14a to the electric field device 10.
  • the transmitted data DAT is an instruction to export a specific function, for example to switch an electrical circuit breaker on or off, it can be provided that the electric field device 10 extracts it from the data packet DP after a positive test result in step extracted and then executed.
  • the random character sequence RND generated in step 22 can be deleted from the data packet DP after completion of the transmission and extraction of the data DAT, so that a new random string sequence becomes necessary for each transmission process. This way, even if an unauthorized third party in a past data transfer process

Landscapes

  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Automation & Control Theory (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Manufacturing & Machinery (AREA)
  • Quality & Reliability (AREA)
  • Small-Scale Networks (AREA)

Abstract

L'invention concerne un procédé visant la transmission encore plus sûre de données à un appareil de champ électrique à l'aide de moyens simples. Selon ce procédé, une demande électronique est reçue par l'appareil de champ (10), cette demande annonçant une transmission de données à l'appareil de champ (10) électrique et, en réaction à cette demande, une suite de signes aléatoires est générée dans l'appareil de champ (10) et émise par un dispositif d'émission local de l'appareil de champ (10). La suite de signes aléatoires est reçue par un dispositif de traitement de données externe (14, 14) et les données à transmettre sont couplées dans le dispositif de traitement de données externe (14, 14) à la suite de signes aléatoires pour former un paquet de données. Le paquet de données est transmis à l'appareil de champ (10) qui contrôle le paquet de données transmis sur la base de la suite de signes aléatoires et, en cas de résultat positif, extrait les données du paquet et les transmet à un dispositif mémoire de l'appareil de champ (10). L'invention concerne également un appareil de champ (10) électrique équipé à cet effet.
PCT/EP2008/001123 2008-02-11 2008-02-11 Transmission sûre de données à un appareil de champ Ceased WO2009100733A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
EP08715763A EP2243058A1 (fr) 2008-02-11 2008-02-11 Transmission sûre de données à un appareil de champ
PCT/EP2008/001123 WO2009100733A1 (fr) 2008-02-11 2008-02-11 Transmission sûre de données à un appareil de champ

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/EP2008/001123 WO2009100733A1 (fr) 2008-02-11 2008-02-11 Transmission sûre de données à un appareil de champ

Publications (1)

Publication Number Publication Date
WO2009100733A1 true WO2009100733A1 (fr) 2009-08-20

Family

ID=39870372

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2008/001123 Ceased WO2009100733A1 (fr) 2008-02-11 2008-02-11 Transmission sûre de données à un appareil de champ

Country Status (2)

Country Link
EP (1) EP2243058A1 (fr)
WO (1) WO2009100733A1 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2011113651A1 (fr) * 2010-03-17 2011-09-22 Siemens Aktiengesellschaft Procédé et dispositif destinés à fournir au moins une clé cryptographique sûre
DE102022102662A1 (de) 2022-02-04 2023-08-10 Krohne Messtechnik Gmbh Verfahren zur sicheren Freigabe einer Kommunikationsverbindung zwischen einem Feldgerät und einem Bediengerät und ein entsprechendes Feldgerät

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2003023541A2 (fr) * 2001-09-12 2003-03-20 Endress + Hauser Gmbh + Co.Kg Procede pour securiser un echange de donnees entre une unite d'acces externe et un appareil de terrain
DE10200681A1 (de) * 2002-01-10 2003-07-31 Siemens Ag Temporäre Zugansberechtigung zum Zugriff auf Automatisierungseinrichtungen
WO2007036178A1 (fr) * 2005-09-29 2007-04-05 Siemens Aktiengesellschaft Procede de realisation d'une fonction protegee d'un appareil de champ electrique

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020124064A1 (en) * 2001-01-12 2002-09-05 Epstein Mark E. Method and apparatus for managing a network

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2003023541A2 (fr) * 2001-09-12 2003-03-20 Endress + Hauser Gmbh + Co.Kg Procede pour securiser un echange de donnees entre une unite d'acces externe et un appareil de terrain
DE10200681A1 (de) * 2002-01-10 2003-07-31 Siemens Ag Temporäre Zugansberechtigung zum Zugriff auf Automatisierungseinrichtungen
WO2007036178A1 (fr) * 2005-09-29 2007-04-05 Siemens Aktiengesellschaft Procede de realisation d'une fonction protegee d'un appareil de champ electrique

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of EP2243058A1 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2011113651A1 (fr) * 2010-03-17 2011-09-22 Siemens Aktiengesellschaft Procédé et dispositif destinés à fournir au moins une clé cryptographique sûre
US8989386B2 (en) 2010-03-17 2015-03-24 Siemens Aktiengesellschaft Method and device for providing at least one secure cryptographic key
DE102022102662A1 (de) 2022-02-04 2023-08-10 Krohne Messtechnik Gmbh Verfahren zur sicheren Freigabe einer Kommunikationsverbindung zwischen einem Feldgerät und einem Bediengerät und ein entsprechendes Feldgerät

Also Published As

Publication number Publication date
EP2243058A1 (fr) 2010-10-27

Similar Documents

Publication Publication Date Title
CN101232203B (zh) 用于智能电子装置中基于角色的访问的装置、方法和系统
EP3582033B1 (fr) Procédé de fonctionnement securisé d'un appareil de terrain
EP2586178B1 (fr) Méthode inviolable de gestion de clés
US20140068711A1 (en) Network Access Management via a Secondary Communication Channel
EP2572323A1 (fr) Procédé et dispositif d'intégration d'un appareil dans un réseau
CN105100044A (zh) 用于可控装置访问的系统和方法
EP2548358B1 (fr) Méthode d'autorisation dynamique d'un dispositif de communication mobile
WO2007036178A1 (fr) Procede de realisation d'une fonction protegee d'un appareil de champ electrique
EP3337085A1 (fr) Rechargement des instructions du programme cryptographique
EP2235598A1 (fr) Appareil de terrain et son procédé de fonctionnement
EP2407843B1 (fr) Transmission de données sécurisée dans un réseau d'automatisation
EP2850860B1 (fr) Système de sécurité d'un compteur d'énergie servant à lutter contre un accès non autorisé
EP3525390A1 (fr) Dispositif et procédé de fourniture d'au moins une clé cryptographique sécurisée pour une protection de données cryptographique initiée par un appareil de commande
EP2243058A1 (fr) Transmission sûre de données à un appareil de champ
DE102016120306A1 (de) Verfahren und System zum Aktivieren zumindest einer Bedien-/Parametrierfunktion eines Feldgerätes der Automatisierungstechnik
EP3758320A1 (fr) Appareils et procédé de vérification d'appareils
DE102020124837A1 (de) Whitelisting für hart-kommunikationen in einem prozesssteuerungssystem
EP2446599B1 (fr) Transmission securisee contre la manipulation de donnees entre des appareils d'automatisation
EP2816777B1 (fr) Réseau informatique, noeuds de réseau et procédé de mise à disposition d'informations de certification
WO2010124707A1 (fr) Commande d'accès à des appareils d'automatisation
EP3264714B1 (fr) Procédé de fonctionnement d'un système de commande vocale pour une commande vocale authentifiée, appareil ménager, unité de commande vocale, unité de gestion et système de commande vocale
EP4087184B1 (fr) Procédé d'authentification des interactions indépendamment d'une heure système , ainsi que dispositif de mise en uvre dudit procédé et détecteur de flamme doté d'un tel dispositif
EP3005643B1 (fr) Module de base pour un appareil électronique
CN111083146A (zh) 电力一次设备的操作授权系统
DE102017216668A1 (de) Verfahren und Anordnung zur Kommunikation mit mindestens einem Feldgerät einer technischen Anlage

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 08715763

Country of ref document: EP

Kind code of ref document: A1

REEP Request for entry into the european phase

Ref document number: 2008715763

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 2008715763

Country of ref document: EP

NENP Non-entry into the national phase

Ref country code: DE