EP4133680A1 - Procédé de chiffrement de données d'un dispositif de terrain - Google Patents

Procédé de chiffrement de données d'un dispositif de terrain

Info

Publication number
EP4133680A1
EP4133680A1 EP21715818.7A EP21715818A EP4133680A1 EP 4133680 A1 EP4133680 A1 EP 4133680A1 EP 21715818 A EP21715818 A EP 21715818A EP 4133680 A1 EP4133680 A1 EP 4133680A1
Authority
EP
European Patent Office
Prior art keywords
data
instance
field device
entity
homomorphically encrypted
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
EP21715818.7A
Other languages
German (de)
English (en)
Inventor
Peter WAZINSKI
Ervin Binkert
Sushil Siddesh
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Endress and Hauser Process Solutions AG
Original Assignee
Endress and Hauser Process Solutions AG
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Endress and Hauser Process Solutions AG filed Critical Endress and Hauser Process Solutions AG
Publication of EP4133680A1 publication Critical patent/EP4133680A1/fr
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/008Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • H04L2209/805Lightweight hardware, e.g. radio-frequency identification [RFID] or sensor

Definitions

  • the invention relates to a method for encrypting data from a field device.
  • Field devices that are used in industrial systems are already known from the prior art. Field devices are often used in process automation technology as well as in production automation technology. In principle, all devices that are used close to the process and that supply or process process-relevant information are referred to as field devices. Field devices are used to record and / or influence process variables. Measuring devices or sensors are used to record process variables. These are used, for example, to measure pressure and temperature,
  • Conductivity measurement, flow measurement, pH measurement, level measurement, etc. use and record the corresponding process variables pressure, temperature, conductivity, pH value, level, flow, etc.
  • Actuators are used to influence process variables. These are, for example, pumps or valves that can influence the flow of a liquid in a pipe or the fill level in a container.
  • field devices also include remote I / Os, radio adapters or, in general, devices that are arranged on the field level.
  • field devices are usually through communication networks, for example, field buses (Profibus ®, Foundation ® Fieldbus, HART ®, etc.) connected to the higher-level units such.
  • the higher-level units are control systems or control units, such as a PLC (programmable logic controller) or a PLC (programmable logic controller).
  • the higher-level units are used, among other things, for process control, process visualization, process monitoring and for commissioning the field devices.
  • the measured values recorded by the field devices in particular by sensors, are transmitted to one (or possibly several) higher-level unit (s) via the respective bus system.
  • data transmission from the higher-level unit via the bus system to the field devices is necessary, in particular for configuring and parameterizing field devices and for controlling actuators.
  • An edge device is a device with which data from field devices can be transported to the so-called cloud (a cloud-capable database that can be contacted via the Internet) as part of digital services.
  • the data is, for example Status data of the field devices, by means of which, for example, so-called “health scores” of the field devices can be determined, or about measured values of the field devices.
  • This data can be stored on the cloud, for example, in order to send alarm messages (e.g. by e-mail) in the event that a limit value is exceeded, or in order to use a Kl algorithm, for example to predict the maintenance requirements of a field device.
  • the data that are transmitted to the cloud should be encrypted for all parties except for the field device owner or the system owner in order to prevent an undesired flow of information. Even the cloud operator must not be able to decrypt the data.
  • the data must be encrypted using a homomorphic encryption method.
  • Data encrypted in this way can be offset without the offsetting entity becoming aware of the content of the data to be offset.
  • the data can be decrypted, whereby the calculated result is retained.
  • Such homomorphic encryption methods contain complex computing operations for which sufficient computing power must be available in the hardware.
  • the edge devices mentioned usually have enough computing power to carry out these operations.
  • the calculation of homomorphically encrypted data is nowadays used, for example, in the following use case: It is known to store customer data on a customer database. However, the customer himself often does not have computing operations to process his data, for example to evaluate it statistically or to anticipate errors. There are cloud-based service platforms that perform the computing operations for this purpose. However, the customer does not want to transfer his data to these platforms unencrypted and thereby reveal their content. Nor does the operator of the service platform want to reveal his algorithms. For this reason, the customer transmits his data in homomorphic encrypted form so that it can be offset on the service platform and returned to the customer in offset form. The customer then decrypts the data and, as requested, receives the calculated, unencrypted content of the data.
  • field devices can themselves transmit data to the cloud. Due to the special requirements placed on the field devices, for example due to an explosive environment, the field devices are often operated in a “low-power mode”. In particular, this is also the case if the field devices are supplied with the energy they need for operation by means of a battery unit. For this, the Field devices have a low energy consumption in order to be able to reliably collect and transmit measured values over a longer period of time.
  • the microcontrollers of the field devices only support or allow non-homomorphic encryption methods such as AES (“Advanced Encryption Standard”).
  • AES Advanced Encryption Standard
  • Non-homomorphic encryption methods are not suitable for cloud applications.
  • homomorphic encryption methods guarantee a structure-preserving encryption of the original data, so that a subsequent calculation on the encrypted data is not possible. Offsetting against AES-encrypted data, for example, would lead to incorrect results.
  • the invention is based on the object of presenting a method which allows complex encryption of data from field devices with only a limited computing line.
  • the object is achieved by a method for encrypting data from a field device, comprising:
  • the core of the invention consists in a two-stage encryption of the data generated by the field device.
  • the data is encrypted using the field device itself.
  • the data encrypted in this way are saved on stored in a first instance.
  • the data is retrieved and decrypted by a second entity.
  • the first key must be communicated to the second instance for this purpose.
  • the field device and the second entity are advantageously arranged on the customer side, so that the key can be handed over by the customer. Since the customer is the only party who is allowed to have knowledge of the decrypted data, the second instance must be assigned to the customer, or can only perform the decryption authorized by the customer.
  • the decrypted data can then be homomorphically encrypted by the second instance and transmitted to the first instance, or a third instance, and stored there in homomorphically encrypted form.
  • the second instance has a sufficiently high computing power for this purpose.
  • the method further comprises:
  • Execution of at least one functionality by the third entity comprising processing at least a portion of the homomorphically encrypted data stored on the first entity or on the third entity to form homomorphically encrypted result data;
  • the homomorphically encrypted data can be processed or offset due to their special properties without the processing entity needing knowledge of the unencrypted file content.
  • the result data that has been processed or offset can be decrypted again by the customer, whereby the processing or offset remains.
  • a cloud-based database is used as the first instance and a cloud-based database is used as the third instance.
  • a database or a service platform that is implemented on a server and can be contacted via the Internet is referred to as “cloud-based”.
  • Applications can be called up on the server, which can access the data volume of the database and this processed or able to utilize. These applications can be used by the user via a web interface.
  • the first instance and the third instance are a common cloud-based database. This means that the instances use the same infrastructure and database, but can differ from one another in terms of the application level.
  • the first instance and the third instance are separate cloud-based databases.
  • a cloud-based database is used as the second instance and / or a cloud-based database is used as the fourth instance.
  • a local computer unit is used as the second instance and / or a local computer unit is used as the fourth instance.
  • a local PC or a laptop for example, can be used as the computer unit.
  • a mobile terminal device for example a smartphone or a tablet, or a suitable wearable can be used as the computing unit - assuming sufficient resources in terms of computing power, main memory and permanent storage.
  • the processing of the homomorphically encrypted data to homomorphically encrypted result data comprises at least one of the following steps:
  • using a machine learning algorithm includes classifying the data from the field device according to defined criteria.
  • the result of the classification is retained even after decryption.
  • the mathematical calculation of the data includes, for example, the comparison of measured values from the field device with a minimum or maximum value.
  • the ratio of a measured value to a minimum or maximum value also remains in the case of the homomorphically encrypted data, without the second or fourth instance having to be aware of the unencrypted data.
  • a symmetrical encryption method is used as the non-homomorphic encryption method.
  • a symmetrical encryption method according to at least one of the following standards can be used:
  • a partially homomorphic encryption method is used as the homomorphic encryption method
  • Encryption method or a fully homomorphic encryption method is used.
  • Homomorphic encryption methods or cryptosystems can be classified by their homomorphic properties:
  • the data are transmitted via the Internet between the various entities (first entity, second entity, possibly third entity, possibly fourth entity).
  • the object is achieved by a field device which is designed for use in the method according to the invention.
  • the field device has a first interface and is designed to transmit the generated data by means of the first interface.
  • the interface can be designed for wireless data transmission or for wired data transmission.
  • the field device has a second interface, the field device being embedded in a communication network by means of the second interface, the field device being designed to contain different data to the generated data, in particular physical measured values of process variables, to generate and to transmit the different data to the generated data via the communication network to at least one further subscriber of the communication network, in particular a control unit.
  • the communication network is a customary industrial network, for example a field bus in automation technology, via which the field device transmits its data generated during regular operation.
  • the field device is supplied with the electrical energy required for operation via the communication network.
  • the field device has an energy storage unit and the energy storage unit is designed to supply the field device with its electrical energy required for operation.
  • the electrical energy transmitted via the communication network is usually low, for example for reasons of explosion protection.
  • the energy storage unit In the second variant, only a finite amount of energy is available in the energy storage unit. This is, for example, a battery or a rechargeable accumulator.
  • FIG. 1 shows an exemplary embodiment of the method according to the invention.
  • a field device FG is installed in a system on the customer side KS.
  • the field device FG is a flow measuring device for determining the flow of a fluid measuring medium through a pipeline.
  • the field device FG can, however, also be any other measuring device for acquiring physical measured variables of a procedural process.
  • the field device can also be a field or process-related data processing or network device, for example a control unit, a gateway or a flow computer.
  • the field device FG generates data which are to be transmitted to a first entity IS1.
  • the first instance IS1 is a cloud-based database which is implemented on the server side SV on a service platform in a cloud environment.
  • the service platform SP also has a logic unit LE which can access and process / offset data stored in the first instance IS1 or in a third instance IS3 - a database which is also located on the service platform SP.
  • the logic unit LE is arranged outside the service platform SP and is in communication therewith.
  • the service platform is used to process or offset data from the customer's field device FG and to make the result data available to the customer. However, the customer does not want to reveal his data, which is why it has to be encrypted.
  • the billing / processing cannot be carried out by the customer KS, since the service side DV, for example the field device manufacturer or the service provider, does not want to make the computation algorithms available to the customer for inspection.
  • the data must therefore be encrypted in such a way that it can be processed without knowing the exact data content. This can be ensured by what is known as homomorphic encryption.
  • the field device FG Since the field device FG only has limited power resources, it only allows simple, non-homomorphic encryption.
  • the field device encrypts its generated data, e.g. status data, diagnostic data (e.g. heartbeat), etc., therefore using a symmetrical encryption method using a first key KY1.
  • the key is a private key which is only known to the field device FG.
  • the data are transmitted via the Internet to the first instance IS1 on the service platform SP and stored there.
  • a second method step 2 the data are downloaded via the Internet from a second instance IS2 arranged by the customer KS, for example a powerful computing unit such as a PC.
  • the data are then decrypted using a public key that corresponds to the first key KY1 and is available to the customer.
  • the data is now available to the customer in unencrypted form.
  • the decrypted data is homomorphically encrypted using a second key - again a private key which is known only to the second entity - and transmitted to the third entity IS3.
  • the homomorphically encrypted data are stored on this, so that their content cannot be viewed on the service side SV.
  • the logic unit LE can now access the homomorphically encrypted data and process or offset them. For example, the logic unit LE executes an algorithm that diagnoses a maintenance requirement for a field device FG with the aid of common machine learning or KI methods, possibly with a maintenance date that is recommended at the latest. The processed / offset data are then stored as result data on the third entity IS3.
  • the result data are downloaded via the Internet from a second instance IS2 arranged by the customer KS, for example a PC or a mobile terminal.
  • the result data are then transferred to the second by means of one Key KY2 corresponding public key, which is available to the customer, decrypted.
  • the result data is now available to the customer in unencrypted form, whereby the result of the allocation or processing is still available.
  • the method according to the invention makes it possible to process the data of the inefficient field device FG on the service side SV, to calculate them, without the service side SV being able to see the content of the data.
  • the method according to the invention comprises several variants:
  • the precise configurations of the individual entities IS1, IS2, IS3, IS4 can vary.
  • the first instance IS1 and / or the third instance IS3 can also be local processing units.
  • the second instance IS2 and / or the fourth instance IS4 can alternatively be mobile terminals, for example smartphones or tablets.
  • first instance IS1 and the third instance IS3 and / or the second instance IS2 and the fourth instance IS4 can be implemented on a common device or on a common database.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

L'invention concerne un procédé de chiffrement de données d'un dispositif de terrain (FG), comprenant les étapes consistant à : - générer des données au moyen du dispositif de terrain (FG) ; - chiffrer les données au moyen du dispositif de terrain (FG) à l'aide d'une méthode de chiffrement non homomorphe utilisant une première clé (KY1) ; - transmettre les données chiffrées de manière non homomorphe à une première entité (IS1) ; - stocker les données chiffrées de manière non homomorphe sur la première entité (IS1) ; - demander au moins une sous-quantité des données chiffrées de manière non homomorphe, stockées sur la première entité (IS1), au moyen d'une deuxième entité (IS2) ; - déchiffrer les données chiffrées de manière non homomorphe demandées au moyen de la deuxième entité (IS2) à l'aide de la première clé (KY1) ; - chiffrer les données au moyen de la deuxième entité (IS2) à l'aide d'une méthode de chiffrement homomorphe utilisant une seconde clé (KY2) ; - transmettre les données chiffrées de manière homomorphe à la première entité (IS1) ou à une troisième entité (IS3) ; et - stocker les données chiffrées de manière homomorphe sur la première entité (IS1) ou sur la troisième entité (IS3). L'invention concerne également un dispositif de terrain (FG) qui est conçu pour être utilisé dans le procédé selon l'invention.
EP21715818.7A 2020-04-08 2021-03-23 Procédé de chiffrement de données d'un dispositif de terrain Pending EP4133680A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE102020109896.0A DE102020109896A1 (de) 2020-04-08 2020-04-08 Verfahren zum Verschlüsseln von Daten eines Feldgeräts
PCT/EP2021/057451 WO2021204534A1 (fr) 2020-04-08 2021-03-23 Procédé de chiffrement de données d'un dispositif de terrain

Publications (1)

Publication Number Publication Date
EP4133680A1 true EP4133680A1 (fr) 2023-02-15

Family

ID=75339704

Family Applications (1)

Application Number Title Priority Date Filing Date
EP21715818.7A Pending EP4133680A1 (fr) 2020-04-08 2021-03-23 Procédé de chiffrement de données d'un dispositif de terrain

Country Status (4)

Country Link
US (1) US12284266B2 (fr)
EP (1) EP4133680A1 (fr)
DE (1) DE102020109896A1 (fr)
WO (1) WO2021204534A1 (fr)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102024119472A1 (de) * 2024-07-09 2026-01-15 Endress+Hauser Process Solutions Ag Verfahren zum Signieren eines Geräteberichts eines Feldgeräts

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2709231A1 (fr) * 2012-09-12 2014-03-19 VEGA Grieshaber KG Système de production d'énergie pour un appareil de terrain doté d'un module radio
EP3203679A1 (fr) 2016-02-04 2017-08-09 ABB Schweiz AG Apprentissage statistique fondé sur le chiffrement homomorphe
EP3270321B1 (fr) 2016-07-14 2020-02-19 Kontron Modular Computers SAS Technique de mise en oeuvre d'une opération de manière sécurisée dans un environnement iot
DE102017106777A1 (de) 2017-03-29 2018-10-04 Endress+Hauser Conducta Gmbh+Co. Kg Verfahren zum Betreiben eines Feldgeräts der Automatisierungstechnik und eine Bedieneinheit zum Durchführen des Verfahrens
US11138322B2 (en) * 2017-08-01 2021-10-05 Visa International Service Association Private data processing
DE102017223099A1 (de) * 2017-12-18 2019-06-19 Siemens Aktiengesellschaft Vorrichtung und Verfahren zum Übertragen von Daten zwischen einem ersten und einem zweiten Netzwerk
DE102018006747A1 (de) 2018-08-24 2019-08-29 Daimler Ag Verfahren zur Auswertung von Daten aus einem Fahrzeug
CN115567932B (zh) * 2019-11-30 2023-07-07 华为技术有限公司 一种密钥信息的同步方法、系统及设备
US11436351B1 (en) * 2019-12-18 2022-09-06 Bae Systems Information And Electronic Systems Integration Inc. Homomorphic encryption of secure data

Also Published As

Publication number Publication date
US12284266B2 (en) 2025-04-22
US20230179396A1 (en) 2023-06-08
DE102020109896A1 (de) 2021-10-14
WO2021204534A1 (fr) 2021-10-14

Similar Documents

Publication Publication Date Title
DE102017202360A1 (de) Datenschnittstellenvorrichtung zum einsatz an einer numerisch gesteuerten werkzeugmaschine
DE102009045386A1 (de) Verfahren zum Betreiben eines Feldbus-Interface
DE102016124350A1 (de) Verfahren und System zum Überwachen einer Anlage der Prozessautomatisierung
DE102016107491A1 (de) Verbindungseinheit, Überwachungssystem und Verfahren zum Betreiben eines Automatisierungssystems
EP4264382B1 (fr) Leurre pour une connexion entre un dispositif périphérique et une plate-forme de service en nuage
DE102015205370B4 (de) Verfahren und Vorrichtung zur Bereitstellung von Daten für eine Zustandsüberwachung einer Maschine
DE102014111733A1 (de) Verfahren zum Parametrieren eines Feldgerätes
EP2790078A1 (fr) Régulation sécurisée pour la manipulation d'une installation de processus et/ou de fabrication et/ou de réglage
EP4133680A1 (fr) Procédé de chiffrement de données d'un dispositif de terrain
DE102016107045B4 (de) Verfahren und System zum sicheren Konfigurieren eines Feldgeräts der Prozessautomatisierung
EP3469429B1 (fr) Procédé pour empêcher un accès non autorisé à des applications logicielles dans des appareils de terrain, et réseau de communication
EP4032243B1 (fr) Système et procédé de gestion de données d'un appareil de terrain de la technique d'automatisation de manière sécurisée contre la manipulation
DE102010042199A1 (de) Verfahren zum Betreiben eines Feldbus-Interface sowie Computerprogrammprodukt
EP2486459B1 (fr) Interface de bus de terrain et procédé de fonctionnement correspondant
WO2014206451A1 (fr) Procédé et dispositif permettant la transmission sécurisée de données de signaux dans une installation
DE102022103950A1 (de) Verfahren zum Überprüfen der Originalität einer Firmware eines Feldgeräts der Automatisierungstechnik
EP3534592A1 (fr) Procédé de transmission de données entre un système d'automatisation industriel et un système serveur par l'intermédiaire d'un réseau étendu et de l'unité de distribution de données
DE102010003741A1 (de) Verfahren zum Datenaustausch
EP3439228B1 (fr) Procédé et dispositif permettant la réalisation d'une fonction de sécurité, notamment dans l'environnement d'une commande d'appareil et/ou d'installation
DE102024128267A1 (de) Verfahren zum Übertragen eines Geräteberichts eines Feldgeräts sowie System
EP4158852A1 (fr) Appareil de terrain pour vérifier la qualité d'une connexion réseau
DE102011086396A1 (de) Verfahren zur Datenübertragung zwischen einem Feldgerät der Prozessautomatisierungstechnik und einer entfernten Datenverarbeitungseinrichtung
DE102024112125A1 (de) Verfahren zum Verbinden eines Edge Devices mit einem Sub-Edge Device
DE102023136445A1 (de) Verfahren zum Signieren eines Geräteberichts
DE102015112871A1 (de) Verfahren zur Gesamtnetzwerkanalyse

Legal Events

Date Code Title Description
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: UNKNOWN

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE

PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE

17P Request for examination filed

Effective date: 20220922

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

DAV Request for validation of the european patent (deleted)
DAX Request for extension of the european patent (deleted)