[go: up one dir, main page]

WO2014094983A1 - Commissioning system and method for a secure exchange of sensitive information for the commissioning and configuring of technical equipment - Google Patents

Commissioning system and method for a secure exchange of sensitive information for the commissioning and configuring of technical equipment Download PDF

Info

Publication number
WO2014094983A1
WO2014094983A1 PCT/EP2013/003658 EP2013003658W WO2014094983A1 WO 2014094983 A1 WO2014094983 A1 WO 2014094983A1 EP 2013003658 W EP2013003658 W EP 2013003658W WO 2014094983 A1 WO2014094983 A1 WO 2014094983A1
Authority
WO
WIPO (PCT)
Prior art keywords
communication
commissioning
secure
gateway
network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/EP2013/003658
Other languages
French (fr)
Inventor
Dirk SCHULZ
Ravish Kumar
Thomas Ruschival
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ABB AG Germany
Original Assignee
ABB AG Germany
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ABB AG Germany filed Critical ABB AG Germany
Publication of WO2014094983A1 publication Critical patent/WO2014094983A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/162Implementing security features at a particular protocol layer at the data link layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/164Implementing security features at a particular protocol layer at the network layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S40/00Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
    • Y04S40/20Information technology specific aspects, e.g. CAD, simulation, modelling, system security

Definitions

  • the invention relates to a commissioning system and method for the secure exchange of sensitive information for the commissioning and configuring of technical equipment, in particular of field devices, by use of wireless connections according to the preamble of the independent claims.
  • wireless connections which intrinsically seem to be unsecure in real practice, may still be used securely by applying specific communication means, in particular interfaces, and restrictions.
  • WirelessHART as a new communication standard in industrial automation introduces a number of new challenges compared to classical wired communication, which have to be addressed at an early stage in the respective Device Management System (DMS) during topology engineering and commissioning.
  • DMS Device Management System
  • the DMS requires instances for gateways and devices and must reflect the logical communication topology from the previous network layout.
  • security measures defined in the HART, in particular the wirelessHART, standard introduce additional complexity into the commissioning workflow.
  • WirelessHART WirelessHART
  • the WirelessHART standard defines mandatory authentication and encryption mechanisms for the wireless communication. It further requires that the related en ⁇ cryption keys are exchanged through secure connections. Wired FSK communication is considered to fulfill this security requirement, are even fully autonomous wireless devices must provide a corresponding interface. Just like any other device parameter, also encryption keys may be pre-parameterized by the device manufacturer.
  • WirelessHART uses symmetric encryption, namely usage of the same key for encryption and decryption, for the authentication and communication between field devices and wireless access points. Corresponding keys must be available within both the gateway and the field device that wish to communicate.
  • a gateway receives an individual join key per device. To validate a join request, it requires a list of join keys and corresponding device IDs (hardware addresses). There is no way to disable encryption and authentication, but for ease of use the security level can be lowered. A common join key may then be shared between the devices in a network, and any device with a valid key is allowed to join.
  • the WirelessHART - devices must be connected to a "join key source", for example a commissioning station/engineering/handheld, via a secure connection or communication line.
  • Said connection typically is realized via a wired FSK Modem connection or a short-range IR connection, which all devices must support, even fully autonomous ones.
  • a HMI (human machine interface) port is also technically possible, but not standardized among manufacturers. Any wired port must be exposed during commissioning, whereby only the non-standard HMI port allows the device to remain closed.
  • the object of the invention is to provide an enhanced possibility for the secure exchange and easy handling or easy management of sensitive information of technical equipment and in particular of field devices by use of wireless connections, in particular also for wide range exchange.
  • the invention relates to a commissioning system for a secure and easy to manage exchange of sensitive information for the commissioning and configuring of technical equipment of a process and/or plant automation system comprising at least two components and/or devices, in particular field devices, communicating wirelessly, thereby using communication means to secure the wireless communication, in particular without the need to use higher protocol layers, like in particular authentication or encryption functionalities, wherein the communication means provide and ensure near-range communication, in particular by restricting communication signals to a secure area and determining if a device is within a certain area and allow communication if it is or refuse to communicate if it is not.
  • the at least two components or devices may be "regular” field devices but also dedicated “care-free” routers, providing an adapter and an energy source, in particular a battery or an accumulator and/or a photovoltaic or solar cell.
  • fully autonomous devices which in particular are equipped with wireless communication and autonomous energy sources, for example like batteries, which might physically be hard to access because of their site of operation or place of installation, and accordingly do not need or do not have to be accessed or opened and connected through a wired interface.
  • the communication between devices in particular field devices , for example from specific and/or special or specific WirelessHART gateways, from WirelessHART handhelds, or from handhelds supporting IR or RFID communication providing near- range communication, wherein a handheld may be any type of smartphone, tablet PC, netbook, PDA (Personal Digital Assistant), may be treated as being relatively secure.
  • field devices for example from specific and/or special or specific WirelessHART gateways, from WirelessHART handhelds, or from handhelds supporting IR or RFID communication providing near- range communication, wherein a handheld may be any type of smartphone, tablet PC, netbook, PDA (Personal Digital Assistant), may be treated as being relatively secure.
  • the system according to the invention allows a pre-parameterization or installation or putting into operation / commissioning of wireless - devices, in particular WirelessHART - devices for example by use of a portable commissioning device or station or handheld, in general a portable data processing device or unit, in a secure environment.
  • Secure in the context of this application means with high safety from interception but also a relatively high data or information transfer rate and/or a relatively high data or information transfer quality and/or high connectivity, independent from the circumstances and the environmental conditions in the plant or field.
  • the system provides a time efficient, flexible, secure and reliable interface or communication interface respectively and access to different type of field devices in particular in a plant or field with a relatively high pollution and/or dirt, so that external connector plugs or ports to establish a wired connection or cable connection would or might be contaminated and/or damaged and accordingly may not work properly anymore.
  • the same problem would arise if the ports are integrated in the interior of the device, so that one has to open the enclosure of the device, what in said environment may damage the device as such. This might be the case for example in an offshore environment and/or in the oil, gas and minerals site or industry, in particular a roller plant, in the chemical or pharmaceutical industry.
  • the communication means to secure wireless communication comprise properties of a physical layer and/or link layer and/or measurements.
  • physical layer describes the first and lowest layer in the seven-layer OSI model (Open System Interconnection Reference Model).
  • the physical layer accordingly comprises all the basic networking hardware transmission technologies of a network and all the necessary means for implementing said technologies and in particular for transmitting raw bits as well as logical data packets over physical link connecting network nodes, whereas the data which have to be transmitted are converted to a physical signal that may be transmitted.
  • identification means are provided, which use device identification information to determine the trustworthiness of a communication partner.
  • verification means are provided to introduce a verification step executed by a human to yet increase the attained level of security.
  • the radio transmissions in the physical layer are influenced without any modification to the field device to restrict the transmissions to a secure are. This is done by various means and at least one of setting transmission power to a level sufficiently high for local communication but low enough so communication cannot be overheard from outside of the commissioning area; encasing at least the antenna, if not the entire device, of device and gateway in a common, shielded housing; restricting the radio direction of device and gateway by shields/reflectors which are not part of the device but for the gateway may be part of a static gateway setup.
  • the system for a secure exchange of sensitive information of technical equipment by use of at least one wireless connection comprises communication means which provide or include a commissioning network, in particular a commissioning network comprising a regular wireless gateway which in the wireless management system is integrated like a multi-drop wired modem, wherein said dedicated commissioning network, in particular a WirelessHART Network, uses a well- known Network ID and a shared Join Key and which network is not used for any production purpose whatsoever, and wherein the devices joined in this network are visible to the integration component for the wireless network implemented by the gateway, for example .
  • a commissioning network in particular a commissioning network comprising a regular wireless gateway which in the wireless management system is integrated like a multi-drop wired modem
  • said dedicated commissioning network in particular a WirelessHART Network
  • any such device may be assigned to the target network, in particular by a commissioning engineer, and to secure this process, the identification information, in particular the device type, the manufacturer, the serial number or the like, or the device proximity to the commissioning network can be used by man or machine to check the legitimacy of the device; the latter is achieved by evaluating receive signal levels and used transmission energy.
  • FSK defines a common frequency modulation technique.
  • this commissioning network can be shared between all Communication DTMs, wherein device assignment is a manual task and accordingly not more than one such DTM (Device Typ Manager) might be opened at a time and communicates with the gateway.
  • DTM Device Typ Manager
  • a so called soft reset as part of decommissioning a device which initiates and executes a reset of the Network ID and Join Key to the well-known values, a so called soft reset, is provided.
  • the invention comprises a device which is prepared and equipped to support or initiate and/or execute a "hard reset of the security data" to the default values using e.g. magnetic pins at the respective HMI (Human Machine Interface).
  • the antenna of the commissioning gateway is enclosed in a radio-shielded tube, in particular made of plastic with embedded metal mesh, and connected via cable to the gateway. When connecting a device, this tube is simply put over the device antenna, resulting in secure and directed or targeted, almost vectored, communication already on the physical layer.
  • a handheld wherein the commissioning network is provided by a wireless handheld.
  • the term "handheld” is synonymously used for all type of handheld devices or handheld computer, in particular mobile computers and/or mobile phones and /or cell phones and or smart phones and /or PDA ' s and /or handhelds or handheld organizers and or tablet computer, whereas a handheld is a relatively small hand-held computing device with an operating system and a power supply, in particular a battery or rechargeable accumulator power source.
  • IR infrared
  • RFID radio frequency identification
  • a RFID key storage may be provided, wherein an RFID chip stores the join key.
  • This key can, contrary to WirelessHART, be read from the chip but only from about half a meter of distance, what still seems to be very secure, in particular in view of the risk of tapping or interception. Presuming that the RFID chip still works even in a damaged device, device exchange on location is possible without any connection to the device management system; the handheld can read the key from the old device and download it into the replacement device.
  • a key storage device for dedicated key storage and/or generation which contains a storage unit for a number of key/device and network IDs and which is connected to an engineering client and/or a commissioning device, in particular via Bluetooth, FSK, RFID, IR, HMI Port or the like, to receive a list of key/ID triples.
  • the respective commissioning engineer may simply walk by each all wireless devices and establish a connection with each at one time, which will automatically cause the download of the key/network ID pair to a device whose ID is the list.
  • USB stick with any of the previously described interfaces at the other end, like in particular FSK, RFID, IR, HMI Port or the like.
  • a commissioning/maintenance adapter for an HMI Port comprising a WirelessHART adapter equipped with an HMI interface so it can be plugged directly onto the device by a short range wired or wireless connection to provide long range wireless connectivity for the respective device during commissioning or maintenance.
  • the FDT DTM field device tool device type manager
  • the FDT DTM field device tool device type manager
  • Said roaming adapter avoids the need for a handheld when distributing join keys to wireless devices, in particular wireless devices which have their own wireless connection once they have received the keys and/or in hybrid plants, where only some devices use wireless communication technologies, to parameterize the wired devices in the same way as the wireless ones.
  • a secure connectivity over unsecure channels for all variants of key distribution and device parameterization is provided, using either standardized interfaces or the ABB HMI interface
  • the commissioning adapter may be used for configuring a wired or wireless device wirelessly.
  • the commissioning adapter is equipped with at least two interfaces, in particular comprising a WirelessHART- and a FSK- interface.
  • the commissioning adapter communicates with the WirelessHART gateway using the WirelessHART interface and device, which needs to be configured, using FSK interface.
  • the commissioning adapter provides more flexibility and mobility for remotely device configuration and secure handing of network credentials
  • the commissioning adapter is acting in a similar way like the other WirelessHART field devices. It joins the WirelessHART network in the same manner as specified in WirelessHART standard. After joining the network it will be used as remote device configurator.
  • the device which needs to be commissioned should have connection with
  • the device commissioning related commands can be sent to the commissioning adapter via the WirelessHART gateway.
  • the commissioning adapter After receiving the commissioning command, the commissioning adapter will start the device commissioning operation and will send back the command execution result to the engineering workplace via response message.
  • the commissioning adapter can have at least one of a RFID- or IR- HMI-Port or a combination thereof to establish or provide a connection to the field device which needs to be commissioned.
  • a commissioning adapter by means of a commissioning adapter a secure network credentials handling may be provided, wherein from an engineering workplace the distribution of device network credentials is initiated and executed in a completely secure manner.
  • a remote device diagnostic and troubleshooting operation is performed, wherein the commissioning adapter diagnoses the field device on the site location and sends the diagnostic information remotely to the network manager.
  • the required interaction by the respective user according to the invention is a simple plug & play. Compared to a state-of-the-art handheld no manual parameterization task is needed, no knowledge of join keys is required. By integrating the secure connectivity with the DCS engineering clients, the join keys never need to be exposed or disclosed to a user.
  • the invention relates to a method for a secure exchange of sensitive information of technical equipment, in particular by use of a system according to the invention as described above, whereas a secure wireless communication between at least two components and/or devices, in particular field devices, is provided and established by using communication means to ensure a secure near-range communication, in particular by restricting communication signals to a secure area and determining if a device is within a certain area and allow communication if it is or refuse to communicate if it is not, without the need to use higher protocol layers, like in particular authentication or encryption functionalities. Furthermore, to ensure security of the wireless communication properties of a physical layer and/or link layer and/or measurements are processed.
  • device identification information is used to determine the trustworthiness of a communication partner.
  • a verification step is executed by a human to yet increase the attained level of security.
  • the radio transmissions in the physical layer are influenced without any modification to the field device to restrict the transmissions to a secure area, as already described above.
  • the method for a secure exchange of sensitive information of technical equipment is applied to a commissioning network with a wireless gateway and uses a well-known Network ID and a shared Join Key wherein the devices joined in this network are visible to the respective Communication DTM (device type manager) for the wireless gateway in the same manner as devices connected to an FSK (frequency shift keying) modem, thus any such device may be assigned to the target network, in particular by a commissioning engineer, and to secure this process, the identification information, in particular the device type, the manufacturer, the serial number or the like, or the device proximity to the commissioning network can be used by man or machine to check the legitimacy of the device; the latter is achieved by evaluating receive signal levels and used transmission energy.
  • FSK defines a common frequency modulation technique.
  • this commissioning network can be shared between all communication DTMs, wherein device assignment is a manual task and accordingly not more than one such DTM might be opened at a time and communicates with the gateway. Furthermore, as part of decommissioning a device a reset of the Network ID and Join Key to the well-known values, a so called soft reset, is provided.
  • a handheld wherein the commissioning network is provided by a wireless handheld.
  • the term "handheld” is synonymously used for all type of handheld devices or handheld computer, in particular mobile computers and/or mobile phones and /or cell phones and or smart phones and /or PDA ' s and /or handhelds or handheld organizers and or tablet computer, whereas a handheld is a relatively small hand-held computing device with an operating system and a power supply, in particular a battery or rechargeable accumulator power source.
  • IR infrared
  • RFID radio frequency identification
  • a RFID key storage may be provided, wherein an RFID chip stores the join key.
  • This key can, contrary to WirelessHART, be read from the chip but only from about half a meter of distance, what still seems to be very secure, in particular in view of the risk of tapping or interception. Presuming that the RFID chip still works even in a damaged device, device exchange on location is possible without any connection to the device management system; the handheld can read the key from the old device and download it into the replacement device.
  • a number of key/device and network IDs may be retrieved and accesses via a key storage (commissioning device, handheld) device for dedicated key storage and/or generation, which contains a storage unit for said key/device and network ID's and which is connected to the engineering client and/or commissioning device, which has to be synchronized with the DMS, in particular via USB, to receive a list of key/ID triples.
  • a key storage transmissioning device, handheld
  • the engineering client and/or commissioning device which has to be synchronized with the DMS, in particular via USB, to receive a list of key/ID triples.
  • a connection with each wireless device may be established at one time, which will automatically initiate and cause the download of the key/network ID pair to a device whose ID is the list.
  • this key storage/commissioning device or handheld could be a USB stick with any of the previously described interfaces at the other end, like in particular FSK, RFID, IR, HMI Port or the like.
  • a commissioning/maintenance adapter in particular a "pre- secured portable wireless" connection device, for a maintenance port, which comprises a WirelessHART adapter equipped with an FSK interface so it can be plugged directly onto the device to provide wireless connectivity during
  • the FDT DTM field device tool device type manager
  • the FDT DTM field device tool device type manager
  • Said roaming adapter avoids the need for a handheld when distributing join keys to wireless devices, in particular wireless devices which have their own wireless connection once they have received the keys and/or in hybrid plants, where only some devices use wireless communication technologies, to parameterize the wired devices in the same way as the wireless ones.
  • a secure connectivity over unsecure channels for all variants of key distribution and device parameterization is provided, using either standardized interfaces or the ABB HMI interface.
  • the required interaction by the respective user according to the invention is a simple plug & play. Compared to a state-of-the-art handheld no manual parameterization task is needed, no knowledge of join keys is required. By integrating the secure connectivity with the DCS engineering clients, the join keys never need to be exposed or disclosed to a user.
  • the figure 1 discloses a method and system for a secure exchange of sensitive information of technical equipment by use of at least one wireless connection 7 comprising communication means which provide or include a commissioning network, wherein said dedicated commissioning network uses a well-known Network ID and a shared Join Key and which network is not used for any production purpose whatsoever, and wherein the devices ,5,6,8 joined in this network are visible to the integration component for the wireless network or gateway such as a Communication DTM (device type manager) or FDI gateway or communication device package instance for the WirelessHART Gateway 1 in the same manner as devices connected to an FSK (frequency shift keying) modem, thus any such device may be assigned to the target network, in particular by a commissioning engineer, and to secure this process, the identification information, in particular the device type, the manufacturer, the serial number or the like, or the device proximity to the commissioning network can be used by man or machine to check the legitimacy of the device 1 ,5,6,8; the latter is achieved by evaluating receive signal levels and used transmission energy.
  • FSK defines a common frequency
  • the antenna electrically connected to the commissioning gateway 1 in this example a WirelessHART gateway, by use of a cable con- nection 2 is enclosed in a radio-shielded tube 4, in particular made of plastic with embedded metal mesh.
  • a radio-shielded tube 4 in particular made of plastic with embedded metal mesh.
  • a secure wireless near-range communication 7 is provided and established which hinders a WirelessHART listener 8 from outside the shielding to retrieve or detect the exchanged or transmitted sensitive information of technical equipment. Therefore, said system and data or information exchange may be treated as being secure.
  • the present invention also comprises any combination of preferred embodiments as well as individual features and developments provided they do not exclude each other.
  • WirelessHART Listener (Device, Adapter, Gateway, Sniffer)

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention relates to a commissioning system and a method for a secure exchange of sensitive information of technical equipment, in particular field devices, comprising at least two components and/or devices, in particular field devices, communicating wirelessly, thereby using communication means to secure the wireless communication without the need to use higher protocol layers, like in particular authentication or encryption functionalities, wherein the communication means provide and ensure near-range communication, in particular by restricting communication signals to a secure area and determining if a device is within a certain area and allow communication if it is or refuse to communicate if it is not within said area.

Description

Commissioning system and method for a secure exchange of sensitive information for the commissioning and configuring of technical equipment
Description
The invention relates to a commissioning system and method for the secure exchange of sensitive information for the commissioning and configuring of technical equipment, in particular of field devices, by use of wireless connections according to the preamble of the independent claims. According to the invention wireless connections which intrinsically seem to be unsecure in real practice, may still be used securely by applying specific communication means, in particular interfaces, and restrictions.
The use of WirelessHART as a new communication standard in industrial automation introduces a number of new challenges compared to classical wired communication, which have to be addressed at an early stage in the respective Device Management System (DMS) during topology engineering and commissioning.
As for wired communication, the DMS requires instances for gateways and devices and must reflect the logical communication topology from the previous network layout. Unlike wired communication, security measures defined in the HART, in particular the wirelessHART, standard introduce additional complexity into the commissioning workflow.
Highlights of the WirelessHART solution are for example the efficient and seamless handling of wireless devices in the DMS; for matters of topology engineering and commissioning, they largely appear just like wired HART devices with the same (even less) effort. The WirelessHART standard defines mandatory authentication and encryption mechanisms for the wireless communication. It further requires that the related en¬ cryption keys are exchanged through secure connections. Wired FSK communication is considered to fulfill this security requirement, are even fully autonomous wireless devices must provide a corresponding interface. Just like any other device parameter, also encryption keys may be pre-parameterized by the device manufacturer.
WirelessHART uses symmetric encryption, namely usage of the same key for encryption and decryption, for the authentication and communication between field devices and wireless access points. Corresponding keys must be available within both the gateway and the field device that wish to communicate.
In the most secure setting, a gateway receives an individual join key per device. To validate a join request, it requires a list of join keys and corresponding device IDs (hardware addresses). There is no way to disable encryption and authentication, but for ease of use the security level can be lowered. A common join key may then be shared between the devices in a network, and any device with a valid key is allowed to join.
Accordingly, during (re-)commissioning or pre-parameterization or installation or putting into operation the WirelessHART - devices must be connected to a "join key source", for example a commissioning station/engineering/handheld, via a secure connection or communication line. Said connection typically is realized via a wired FSK Modem connection or a short-range IR connection, which all devices must support, even fully autonomous ones. A HMI (human machine interface) port is also technically possible, but not standardized among manufacturers. Any wired port must be exposed during commissioning, whereby only the non-standard HMI port allows the device to remain closed.
Since existing join keys cannot be read back from any device through any port, the pre-parameterization of keys requires that they are distributed through another chan- nel, which finally leads to additional effort, potentials and higher risk for mistakes, and diminishes the security.
Similar problems are also valid for the existing Handhelds, which solely allow keys to be entered manually. They have no FDT (Field Device Tool) or FDI integration to exchange the keys with an engineering client.
Therefore, the object of the invention is to provide an enhanced possibility for the secure exchange and easy handling or easy management of sensitive information of technical equipment and in particular of field devices by use of wireless connections, in particular also for wide range exchange.
This object is achieved and solved by a system for a secure exchange of sensitive information of technical equipment by means of wireless connections and specific communication means according to the features of claim 1. Advantageous embodiments and developments as well as a corresponding method are disclosed in the description and further claims.
The invention relates to a commissioning system for a secure and easy to manage exchange of sensitive information for the commissioning and configuring of technical equipment of a process and/or plant automation system comprising at least two components and/or devices, in particular field devices, communicating wirelessly, thereby using communication means to secure the wireless communication, in particular without the need to use higher protocol layers, like in particular authentication or encryption functionalities, wherein the communication means provide and ensure near-range communication, in particular by restricting communication signals to a secure area and determining if a device is within a certain area and allow communication if it is or refuse to communicate if it is not.
The at least two components or devices may be "regular" field devices but also dedicated "care-free" routers, providing an adapter and an energy source, in particular a battery or an accumulator and/or a photovoltaic or solar cell. In particular fully autonomous devices, which in particular are equipped with wireless communication and autonomous energy sources, for example like batteries, which might physically be hard to access because of their site of operation or place of installation, and accordingly do not need or do not have to be accessed or opened and connected through a wired interface.
The communication between devices, in particular field devices , for example from specific and/or special or specific WirelessHART gateways, from WirelessHART handhelds, or from handhelds supporting IR or RFID communication providing near- range communication, wherein a handheld may be any type of smartphone, tablet PC, netbook, PDA (Personal Digital Assistant), may be treated as being relatively secure.
Moreover, the system according to the invention, in particular using WirelessHART technology, allows a pre-parameterization or installation or putting into operation / commissioning of wireless - devices, in particular WirelessHART - devices for example by use of a portable commissioning device or station or handheld, in general a portable data processing device or unit, in a secure environment. Secure in the context of this application means with high safety from interception but also a relatively high data or information transfer rate and/or a relatively high data or information transfer quality and/or high connectivity, independent from the circumstances and the environmental conditions in the plant or field.
The system provides a time efficient, flexible, secure and reliable interface or communication interface respectively and access to different type of field devices in particular in a plant or field with a relatively high pollution and/or dirt, so that external connector plugs or ports to establish a wired connection or cable connection would or might be contaminated and/or damaged and accordingly may not work properly anymore. The same problem would arise if the ports are integrated in the interior of the device, so that one has to open the enclosure of the device, what in said environment may damage the device as such. This might be the case for example in an offshore environment and/or in the oil, gas and minerals site or industry, in particular a roller plant, in the chemical or pharmaceutical industry.
Furthermore, the communication means to secure wireless communication comprise properties of a physical layer and/or link layer and/or measurements.
In the context of this invention the term physical layer describes the first and lowest layer in the seven-layer OSI model (Open System Interconnection Reference Model).
The physical layer accordingly comprises all the basic networking hardware transmission technologies of a network and all the necessary means for implementing said technologies and in particular for transmitting raw bits as well as logical data packets over physical link connecting network nodes, whereas the data which have to be transmitted are converted to a physical signal that may be transmitted.
In a further refinement, identification means are provided, which use device identification information to determine the trustworthiness of a communication partner.
In a further refinement, verification means are provided to introduce a verification step executed by a human to yet increase the attained level of security.
In another embodiment the radio transmissions in the physical layer are influenced without any modification to the field device to restrict the transmissions to a secure are. This is done by various means and at least one of setting transmission power to a level sufficiently high for local communication but low enough so communication cannot be overheard from outside of the commissioning area; encasing at least the antenna, if not the entire device, of device and gateway in a common, shielded housing; restricting the radio direction of device and gateway by shields/reflectors which are not part of the device but for the gateway may be part of a static gateway setup. In a further embodiment the system for a secure exchange of sensitive information of technical equipment by use of at least one wireless connection comprises communication means which provide or include a commissioning network, in particular a commissioning network comprising a regular wireless gateway which in the wireless management system is integrated like a multi-drop wired modem, wherein said dedicated commissioning network, in particular a WirelessHART Network, uses a well- known Network ID and a shared Join Key and which network is not used for any production purpose whatsoever, and wherein the devices joined in this network are visible to the integration component for the wireless network implemented by the gateway, for example . an FDT communication DTM (Device Type Manager) or an FDI (Field Device Integration) communication device or server, in the same manner as devices connected to an FSK (frequency shift keying) modem, thus any such device may be assigned to the target network, in particular by a commissioning engineer, and to secure this process, the identification information, in particular the device type, the manufacturer, the serial number or the like, or the device proximity to the commissioning network can be used by man or machine to check the legitimacy of the device; the latter is achieved by evaluating receive signal levels and used transmission energy. FSK defines a common frequency modulation technique.
In a further embodiment this commissioning network can be shared between all Communication DTMs, wherein device assignment is a manual task and accordingly not more than one such DTM (Device Typ Manager) might be opened at a time and communicates with the gateway.
Furthermore, in a further refinement, as part of decommissioning a device which initiates and executes a reset of the Network ID and Join Key to the well-known values, a so called soft reset, is provided.
Generally, in a further embodiment the invention comprises a device which is prepared and equipped to support or initiate and/or execute a "hard reset of the security data" to the default values using e.g. magnetic pins at the respective HMI (Human Machine Interface). In a further refinement the antenna of the commissioning gateway is enclosed in a radio-shielded tube, in particular made of plastic with embedded metal mesh, and connected via cable to the gateway. When connecting a device, this tube is simply put over the device antenna, resulting in secure and directed or targeted, almost vectored, communication already on the physical layer.
In another embodiment of the invention a handheld is provided, wherein the commissioning network is provided by a wireless handheld. In view of this disclosure and invention the term "handheld" is synonymously used for all type of handheld devices or handheld computer, in particular mobile computers and/or mobile phones and /or cell phones and or smart phones and /or PDA's and /or handhelds or handheld organizers and or tablet computer, whereas a handheld is a relatively small hand-held computing device with an operating system and a power supply, in particular a battery or rechargeable accumulator power source.
In a further refinement IR (infrared) or RFID (radio frequency identification) connections and near-range communication is supported by the device according to the invention, wherein a handheld or an engineering client is equipped with a corresponding interface and accordingly information can be exchanged securely.
Furthermore, a RFID key storage may be provided, wherein an RFID chip stores the join key. This key can, contrary to WirelessHART, be read from the chip but only from about half a meter of distance, what still seems to be very secure, in particular in view of the risk of tapping or interception. Presuming that the RFID chip still works even in a damaged device, device exchange on location is possible without any connection to the device management system; the handheld can read the key from the old device and download it into the replacement device.
In a further refinement a key storage device for dedicated key storage and/or generation is provided, which contains a storage unit for a number of key/device and network IDs and which is connected to an engineering client and/or a commissioning device, in particular via Bluetooth, FSK, RFID, IR, HMI Port or the like, to receive a list of key/ID triples.
Furthermore, in the field, the respective commissioning engineer may simply walk by each all wireless devices and establish a connection with each at one time, which will automatically cause the download of the key/network ID pair to a device whose ID is the list.
In essence this could be a USB stick with any of the previously described interfaces at the other end, like in particular FSK, RFID, IR, HMI Port or the like.
In another embodiment a commissioning/maintenance adapter for an HMI Port is provided, comprising a WirelessHART adapter equipped with an HMI interface so it can be plugged directly onto the device by a short range wired or wireless connection to provide long range wireless connectivity for the respective device during commissioning or maintenance.
Furthermore, to be actually able to efficiently use the commissioning adapter, the FDT DTM (field device tool device type manager ) for the gateway allows and/or causes the assignment of a roaming role or function to any adapter connected to an FDK modem. Such a roaming adapter is never associated permanently with a device, which is contrary to the bulk commissioning of adapters, where this is the intended behavior.
Said roaming adapter avoids the need for a handheld when distributing join keys to wireless devices, in particular wireless devices which have their own wireless connection once they have received the keys and/or in hybrid plants, where only some devices use wireless communication technologies, to parameterize the wired devices in the same way as the wireless ones. According to the invention a secure connectivity over unsecure channels for all variants of key distribution and device parameterization is provided, using either standardized interfaces or the ABB HMI interface
The commissioning adapter may be used for configuring a wired or wireless device wirelessly. In a further refinement the commissioning adapter is equipped with at least two interfaces, in particular comprising a WirelessHART- and a FSK- interface. The commissioning adapter communicates with the WirelessHART gateway using the WirelessHART interface and device, which needs to be configured, using FSK interface.
The commissioning adapter provides more flexibility and mobility for remotely device configuration and secure handing of network credentials
In a further embodiment the commissioning adapter is acting in a similar way like the other WirelessHART field devices. It joins the WirelessHART network in the same manner as specified in WirelessHART standard. After joining the network it will be used as remote device configurator.
The device which needs to be commissioned should have connection with
commissioning adapter via FSK interface.
From the engineering workplace the device commissioning related commands can be sent to the commissioning adapter via the WirelessHART gateway. After receiving the commissioning command, the commissioning adapter will start the device commissioning operation and will send back the command execution result to the engineering workplace via response message.
To provide more extensibility, in a further refinement the commissioning adapter can have at least one of a RFID- or IR- HMI-Port or a combination thereof to establish or provide a connection to the field device which needs to be commissioned. In advantage, by means of a commissioning adapter a secure network credentials handling may be provided, wherein from an engineering workplace the distribution of device network credentials is initiated and executed in a completely secure manner.
Advantageously a remote device diagnostic and troubleshooting operation is performed, wherein the commissioning adapter diagnoses the field device on the site location and sends the diagnostic information remotely to the network manager.
Furthermore, according to the commissioning adapter, there is no need to change the standard, which in deed means that no changes are required in WirelessHART stack to perform commissioning adapter operation.
Moreover an easy commissioning is provided by means of the commissioning adapter because device commissioning workflow will be easy as there is no need to use a handheld device for importing/exporting device credentials.
The required interaction by the respective user according to the invention is a simple plug & play. Compared to a state-of-the-art handheld no manual parameterization task is needed, no knowledge of join keys is required. By integrating the secure connectivity with the DCS engineering clients, the join keys never need to be exposed or disclosed to a user.
Furthermore, the invention relates to a method for a secure exchange of sensitive information of technical equipment, in particular by use of a system according to the invention as described above, whereas a secure wireless communication between at least two components and/or devices, in particular field devices, is provided and established by using communication means to ensure a secure near-range communication, in particular by restricting communication signals to a secure area and determining if a device is within a certain area and allow communication if it is or refuse to communicate if it is not, without the need to use higher protocol layers, like in particular authentication or encryption functionalities. Furthermore, to ensure security of the wireless communication properties of a physical layer and/or link layer and/or measurements are processed.
In a further refinement, device identification information is used to determine the trustworthiness of a communication partner.
In a further refinement, a verification step is executed by a human to yet increase the attained level of security.
In another embodiment the radio transmissions in the physical layer are influenced without any modification to the field device to restrict the transmissions to a secure area, as already described above.
In a further embodiment the method for a secure exchange of sensitive information of technical equipment is applied to a commissioning network with a wireless gateway and uses a well-known Network ID and a shared Join Key wherein the devices joined in this network are visible to the respective Communication DTM (device type manager) for the wireless gateway in the same manner as devices connected to an FSK (frequency shift keying) modem, thus any such device may be assigned to the target network, in particular by a commissioning engineer, and to secure this process, the identification information, in particular the device type, the manufacturer, the serial number or the like, or the device proximity to the commissioning network can be used by man or machine to check the legitimacy of the device; the latter is achieved by evaluating receive signal levels and used transmission energy. FSK defines a common frequency modulation technique.
In a further embodiment this commissioning network can be shared between all communication DTMs, wherein device assignment is a manual task and accordingly not more than one such DTM might be opened at a time and communicates with the gateway. Furthermore, as part of decommissioning a device a reset of the Network ID and Join Key to the well-known values, a so called soft reset, is provided.
Generally, it is proposed to support a "hard reset of the security data" to the default values using e.g. magnetic pins at the HMI to initiate and execute the reset procedure and function.
In another embodiment of the invention a handheld is provided, wherein the commissioning network is provided by a wireless handheld. In view of this disclosure and invention the term "handheld" is synonymously used for all type of handheld devices or handheld computer, in particular mobile computers and/or mobile phones and /or cell phones and or smart phones and /or PDA's and /or handhelds or handheld organizers and or tablet computer, whereas a handheld is a relatively small hand-held computing device with an operating system and a power supply, in particular a battery or rechargeable accumulator power source.
In a further refinement IR (infrared) or RFID (radio frequency identification) Connections and near-range communication is supported by the device according to the invention, wherein a handheld or an engineering client is equipped with a corresponding interface and accordingly information can be exchanged securely.
Furthermore, a RFID key storage may be provided, wherein an RFID chip stores the join key. This key can, contrary to WirelessHART, be read from the chip but only from about half a meter of distance, what still seems to be very secure, in particular in view of the risk of tapping or interception. Presuming that the RFID chip still works even in a damaged device, device exchange on location is possible without any connection to the device management system; the handheld can read the key from the old device and download it into the replacement device.
In a further refinement a number of key/device and network IDs may be retrieved and accesses via a key storage (commissioning device, handheld) device for dedicated key storage and/or generation, which contains a storage unit for said key/device and network ID's and which is connected to the engineering client and/or commissioning device, which has to be synchronized with the DMS, in particular via USB, to receive a list of key/ID triples.
Furthermore, in the field, a connection with each wireless device may be established at one time, which will automatically initiate and cause the download of the key/network ID pair to a device whose ID is the list.
In essence this key storage/commissioning device or handheld could be a USB stick with any of the previously described interfaces at the other end, like in particular FSK, RFID, IR, HMI Port or the like.
In another embodiment a commissioning/maintenance adapter, in particular a "pre- secured portable wireless" connection device, for a maintenance port is provided, which comprises a WirelessHART adapter equipped with an FSK interface so it can be plugged directly onto the device to provide wireless connectivity during
commissioning or maintenance.
Furthermore, to be actually able to efficiently use the commissioning adapter, the FDT DTM (field device tool device type manager) for the gateway allows and/or causes the assignment of a roaming role or function to any adapter connected with an FSK interface. Such a roaming adapter is never associated permanently with a device, It is only used for field device (re)commissioning purpose, where this is the intended behavior.
Said roaming adapter avoids the need for a handheld when distributing join keys to wireless devices, in particular wireless devices which have their own wireless connection once they have received the keys and/or in hybrid plants, where only some devices use wireless communication technologies, to parameterize the wired devices in the same way as the wireless ones. According to the invention a secure connectivity over unsecure channels for all variants of key distribution and device parameterization is provided, using either standardized interfaces or the ABB HMI interface.
The required interaction by the respective user according to the invention is a simple plug & play. Compared to a state-of-the-art handheld no manual parameterization task is needed, no knowledge of join keys is required. By integrating the secure connectivity with the DCS engineering clients, the join keys never need to be exposed or disclosed to a user.
The further disclosure and explanation of the invention as well as advantageous embodiments and further developments are presented according to at least one illustrative embodiment.
The figure 1 discloses a method and system for a secure exchange of sensitive information of technical equipment by use of at least one wireless connection 7 comprising communication means which provide or include a commissioning network, wherein said dedicated commissioning network uses a well-known Network ID and a shared Join Key and which network is not used for any production purpose whatsoever, and wherein the devices ,5,6,8 joined in this network are visible to the integration component for the wireless network or gateway such as a Communication DTM (device type manager) or FDI gateway or communication device package instance for the WirelessHART Gateway 1 in the same manner as devices connected to an FSK (frequency shift keying) modem, thus any such device may be assigned to the target network, in particular by a commissioning engineer, and to secure this process, the identification information, in particular the device type, the manufacturer, the serial number or the like, or the device proximity to the commissioning network can be used by man or machine to check the legitimacy of the device 1 ,5,6,8; the latter is achieved by evaluating receive signal levels and used transmission energy. FSK defines a common frequency modulation technique.
For a secure data transmission the antenna electrically connected to the commissioning gateway 1 , in this example a WirelessHART gateway, by use of a cable con- nection 2 is enclosed in a radio-shielded tube 4, in particular made of plastic with embedded metal mesh. When connecting a device 6, this tube is simply put over the device antenna 5, resulting in secure communication already on the physical layer.
According to the provided radio-shielding a secure wireless near-range communication 7 is provided and established which hinders a WirelessHART listener 8 from outside the shielding to retrieve or detect the exchanged or transmitted sensitive information of technical equipment. Therefore, said system and data or information exchange may be treated as being secure.
The present invention also comprises any combination of preferred embodiments as well as individual features and developments provided they do not exclude each other.
List of References WirelessHART Gateway
Cable Connection between 1 and 3
Tube Antenna
Shielding Tube
Device or Adapter Antenna
WirelessHART Device or Adapter
Secure Wireless Communication
WirelessHART Listener (Device, Adapter, Gateway, Sniffer)

Claims

Claims
1. Commissioning system for a secure exchange of sensitive information for the commissioning and configuring of technical equipment comprising at least two components and/or devices, in particular field devices, communicating wirelessly, thereby using communication means to secure the wireless communication, in particular without the need to use higher protocol layers, like in particular authentication or encryption functionalities, wherein the communication means provide and ensure near-range communication, in particular by restricting communication signals to a secure area and determining if a device is within a certain area and allow communication if it is or refuse to communicate if it is not within said area.
2. System according to claim 1 , characterized in that the at least two components or devices are field devices and/or dedicated routers, providing an adapter and an energy source, in particular a battery or an accumulator and/or a photovoltaic or solar cell, and/or are fully autonomous devices, which are equipped with wireless communication and autonomous energy sources,
3. System according to one of the preceding claims, characterized in that the communication means to secure wireless communication comprise properties of a physical layer and/or link layer and/or measurements.
4. System according to one of the preceding claims, characterized in that identification means are provided, which use device identification information to determine the trustworthiness of a communication partner.
5. System according to one of the preceding claims, characterized in that verification means are provided, which introduce a verification step executed by a human to yet increase the attained level of security.
6. System according to one of the preceding claims, characterized in that the radio transmissions in the physical layer are influenced without any modification to the field device to restrict the transmissions to a secure area by various means and at least one of setting transmission power to a level sufficiently high for local communication but low enough so communication cannot be overheard from outside of the commissioning area; encasing at least the antenna, if not the entire device, of device and gateway in a common, shielded housing; restricting the radio direction of device and gateway by shields/reflectors which are not part of the device but for the gateway may be part of a static gateway setup.
7. System according to one of the preceding claims characterized in that at least one wireless connection comprises communication means which provide or include a commissioning network, in particular a commissioning network comprising a regular wireless gateway which in the wireless management system is integrated like a multi-drop wired modem, wherein said dedicated commissioning network, in particular a WirelessHART Network, uses a well-known Network ID and a shared Join Key and which network is not used for any production purpose, and wherein the devices joined in this network are visible to the integration component for the wireless network implemented by the gateway, for example an FDT communication DTM or an FDI communication device or server, in the same manner as devices connected to an FSK modem, thus any such device may be assigned to the target network and/or to secure this process, the identification information, in particular the device type, the manufacturer, the serial number or the like, or the device proximity to the commissioning network is used by man or machine to check the legitimacy of the device, wherein the latter is achieved by evaluating receive signal levels and used transmission energy.
8. System according to one of the preceding claims, characterized in that the commissioning network is shared between all Communication DTMs, wherein device assignment is a manual task and accordingly not more than one such DTM might be opened at a time and communicates with the gateway.
9. System according to one of the preceding claims, characterized in that the commissioning network comprises at least one gateway, wherein the at least one gateway comprises an antenna, which is enclosed in a radio-shielded tube, in particular made of plastic with embedded metal mesh, and/or connected via cable and/or a wired connection to the gateway.
10. System according to claim 9, characterized in that when connecting a device, this tube is simply put over the device antenna, resulting in secure and directed or targeted, almost vectored, communication already on the physical layer.
11. System according to one of the preceding claims, characterized in that infrared connections and/or radio frequency identification connections and near- range communication is supported and provided, wherein a handheld or an engineering client is equipped with a corresponding interface and accordingly information can be exchanged securely.
12. System according to one of the preceding claims, characterized in that a RFID key storage is provided, wherein an RFID chip stores the join key, which may be read from the chip but only from about half a meter of distance, what is very secure in view of the risk of being tapped or intercepted, wherein device exchange on location is possible without any connection to the device management system because the handheld can read the key from the old device and download it into the replacement device.
13. System according to one of the preceding claims, characterized in that identification means are provided, which uses device identification information to determine the trustworthiness of a communication device and/or communication partner.
14. System according to one of the preceding claims, characterized in that a verification step executable by a human is provided and introduced to yet increase the attained level of security.
15. System according to one of the preceding claims, characterized in that the radio transmissions and/or the physical layer are influenced without any modification to the respective field device to restrict the transmissions to a secure area.
16. System according to one of the preceding claims, characterized in that a security information device is provided that stores security information for one or more field devices according to a standardized fieldbus protocol, with standardized or proprietary interfaces toward the field-devices and toward a DCS, only revealing security information only to the at least one device or DCS but not to one or more users.
17. System according to claim 16, characterized in that the security information device is capable and equipped to generate the security information at a random point in time.
18. System according to one of the preceding claims 16 or 17, characterized in that the security information device is capable to generate the security information when connected to the engineering station or engineering client.
19. System according to one of the preceding claims 5 to 7, characterized in that the security information device is capable to generate the security information when connected to a field-device.
20. System according to one of the preceding claims characterized in that the secure connection or communication is realized by at least one of
a. at least one IR connection and/or a RFID connection, wherein the respective RFID chip or tag is integrated into the same packaging as the antenna wire, making it reachable without opening the device and at the same time allowing for a connection to the device electronics to exchange information for use in Ex-zones,
b. restriction of i. signal strength of an access point
ii. signal strength of a handheld iii. signal expansion from an antenna
c. measuring/reading of i. signal strength
ii. device type
iii. device manufacturer
iv. device serial number
v. device join time
d. a decision component and/or device deciding on the authenticity of the device and the security of the connection by means of
i. using any combination of the measured/read data items ii. visualizing the measured/read data items to a user
iii. allowing the user to influence the decision and/or making that decision the single mandatory interaction needed to regard a connection as secure.
21. Commissioning method for a secure exchange of sensitive information for the commissioning and configuring of technical equipment, in particular of field devices of a process automation system, by use of a system according to one of the preceding claims 1 to 20, whereas a secure wireless communication between at least two components and/or devices, in particular field devices, is provided and established by using communication means to ensure a secure near-range communication by restricting communication signals to a secure area and determining if a device is within a certain area and allow communication if it is or refuse to communicate if it is not, in particular without the need to use higher protocol layers like in particular authentication or encryption functionalities.
22. Method according to claim 20, characterized in that to ensure security of the wireless communication properties of a physical layer and/or link layer and/or measurements are processed.
23. Method according to one of the preceding claims 21 or 22, characterized in that device identification information is used to determine the trustworthiness of a communication partner.
24. Method according to one of the preceding claims 21 to 23, characterized in that a verification step is executed, in particular rule-based, to increase the attained level of security.
25. Method according to one of the preceding claims 21 to 24, characterized in that the radio transmissions in the physical layer are influenced without any modification to the field device to restrict the transmissions to a secure area by at least one of setting transmission power to a level sufficiently high for local communication but low enough so communication cannot be overheard from outside of the commissioning area; encasing at least the antenna, if not the entire device, of device and gateway in a common, shielded housing and restricting the radio direction of device and gateway by shields/reflectors which are not part of the device but for the gateway may be part of a static gateway setup.
26. Method according to one of the preceding claims 21 to 25, characterized in that its applicable to a commissioning network with a wireless gateway and uses a well-known Network ID and a shared Join Key, wherein the devices joined in this network are visible to the respective Communication DTM for the wireless gateway in the same manner as devices connected to an FSK modem, thus any such device may be assigned to the target network and/or to secure this process, the identification information, in particular the device type, the manufacturer, the serial number or the like, or the device proximity to the commissioning network can be used to automatically check the legitimacy of the device, in particular by evaluating receive signal levels and used transmission energy.
27. Method according to one of the preceding claims 21 to 26, characterized in that the commissioning network is shared between all Communication DTMs, wherein device assignment is a manual task and accordingly not more than one such DTM might be opened at a time and communicates with the gateway.
28. Method according to one of the preceding claims 21 to 27, characterized in that the secure connection or communication is realized and/or carried out by at least one of
a. at least one IR connection and/or a RFID connection, wherein the respective RFID chip or tag is integrated into the same packaging as the antenna wire, making it reachable without opening the device and at the same time allowing for a connection to the device electronics to exchange information for use in Ex-zones,
b. restriction of
i. signal strength of an access point
ii. signal strength of a handheld
iii. signal expansion from an antenna
c. measuring and/or reading of and/or accessing and processing i. signal strength
ii. device type
iii. device manufacturer
iv. device serial number
v. device join time
d. an automated decision on the authenticity of the device and the security of the connection by means of
i. using any combination of the measured/read /accessed and processed data and information items
ii. visualizing the measured/read/accessed and/or processed data and information items to a user iii. allowing the user to influence the decision and/or making that decision the single mandatory interaction needed to regard a connection as secure.
9. Process automation system comprising a commissioning system according to one of the preceding claims 1 to 20.
PCT/EP2013/003658 2012-12-20 2013-12-04 Commissioning system and method for a secure exchange of sensitive information for the commissioning and configuring of technical equipment Ceased WO2014094983A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
IN1438KO2012 2012-12-20
IN1438/KOL/2012 2012-12-20

Publications (1)

Publication Number Publication Date
WO2014094983A1 true WO2014094983A1 (en) 2014-06-26

Family

ID=49886862

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2013/003658 Ceased WO2014094983A1 (en) 2012-12-20 2013-12-04 Commissioning system and method for a secure exchange of sensitive information for the commissioning and configuring of technical equipment

Country Status (1)

Country Link
WO (1) WO2014094983A1 (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2008036961A2 (en) * 2006-09-22 2008-03-27 Kineto Wireless, Inc. Method and apparatus for resource management
WO2010124739A1 (en) * 2009-04-30 2010-11-04 Peertribe Sa A method and system for wireless connecting a mobile device to a service provider through a hosting wireless access node
US20120294443A1 (en) * 2011-05-19 2012-11-22 Suhas Mathur Establishing Secure Links Between Wireless Devices in Proximity Using Ambient Wireless Signals

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2008036961A2 (en) * 2006-09-22 2008-03-27 Kineto Wireless, Inc. Method and apparatus for resource management
WO2010124739A1 (en) * 2009-04-30 2010-11-04 Peertribe Sa A method and system for wireless connecting a mobile device to a service provider through a hosting wireless access node
US20120294443A1 (en) * 2011-05-19 2012-11-22 Suhas Mathur Establishing Secure Links Between Wireless Devices in Proximity Using Ambient Wireless Signals

Similar Documents

Publication Publication Date Title
WO2014094982A1 (en) Commissioning system and method for a secure exchange of sensitive information for the commissioning and configuring of technical equipment
RU2518941C2 (en) Improved maintenance of wireless field devices
CN101855854B (en) Wireless mesh network with secure automatic key loads to wireless devices
RU2666495C2 (en) Technological parameter transmitter with wireless transceiver with loop power supply
CN107644154A (en) The two-factor authentication of user interface facilities in process plant
CN106888452A (en) The wireless encryption transceiver and method of data are transmitted wirelessly from computer at least one field apparatus
CN106415283A (en) Wireless power metering and metrics
Priller et al. Case study: From legacy to connectivity migrating industrial devices into the world of smart services
CN206212028U (en) Enable the wireless process communication gateway of NFC
CN103218876B (en) Information security management module of remote control intelligent electric energy meter
Lesjak et al. ESTADO—Enabling smart services for industrial equipment through a secured, transparent and ad-hoc data transmission online
CN103078874B (en) Be embedded with the remote-control intelligent gas meter of information security management module
CN105208554A (en) Method and system for realizing network access of zigbee terminal equipment, and equipment
CN103198574A (en) Remote control intelligent water meter embedded with information safety management module
CN103152175B (en) Remote-control intelligent gas meter information security management module
WO2014094983A1 (en) Commissioning system and method for a secure exchange of sensitive information for the commissioning and configuring of technical equipment
CN103259649A (en) Remote control intelligent heat meter provided with information security management module in embedded mode
Kumar et al. WirelessHART device integration challenges and solutions in industrial automation
CN104504815A (en) Remote control intelligent heat energy meter with embedded information security management module
CN203219309U (en) Remote control intelligent ammeter embedded with information security management module
CN203104484U (en) Remote control intelligent gas meter information security management module
US20250131349A1 (en) Method for integrating a field device into an operating system of an automation system
Trevisan Automation system of powder-based 3D printer in the Industry 4.0 environment
Hjalmarsson et al. Wireless remote control of a PLC system
Andersen Security of Internet of Things Protocol Stacks

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13814826

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 13814826

Country of ref document: EP

Kind code of ref document: A1