WO2024046552A1 - Procédé mis en œuvre par ordinateur pour établir un nouveau composant dans une installation technique et système de commande pour une installation technique - Google Patents

Procédé mis en œuvre par ordinateur pour établir un nouveau composant dans une installation technique et système de commande pour une installation technique Download PDF

Info

Publication number
WO2024046552A1
WO2024046552A1 PCT/EP2022/074181 EP2022074181W WO2024046552A1 WO 2024046552 A1 WO2024046552 A1 WO 2024046552A1 EP 2022074181 W EP2022074181 W EP 2022074181W WO 2024046552 A1 WO2024046552 A1 WO 2024046552A1
Authority
WO
WIPO (PCT)
Prior art keywords
specific
component
type
registered
provision
Prior art date
Application number
PCT/EP2022/074181
Other languages
German (de)
English (en)
Inventor
Anna Palmin
Original Assignee
Siemens Aktiengesellschaft
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Siemens Aktiengesellschaft filed Critical Siemens Aktiengesellschaft
Priority to PCT/EP2022/074181 priority Critical patent/WO2024046552A1/fr
Publication of WO2024046552A1 publication Critical patent/WO2024046552A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/572Secure firmware programming, e.g. of basic input output system [BIOS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/50Service provisioning or reconfiguring

Definitions

  • the present invention relates to a computer-implemented method and a computer program product for setting up a new component in a technical system.
  • the present invention relates to a control system for a technical system.
  • An industrial technical system for example an LoT system (“Internet of Things”), conventionally has system components registered in a device inventory of the technical system. After configuring one of the registered system components, the respective system component is set up to carry out various actions, for example applying for certificates and communicating with other communication partners, such as other system components, in the context of the technical system.
  • LoT system Internet of Things
  • a new component (system component) is to be introduced into the technical system, it is first added to a device inventory of the technical system and registered there. Such an introduction is preferably carried out manually by a user or automatically.
  • Automated procedures include, for example, "Secure Device Provisioning” according to OPC UA Part 21 ("Open Platform Communications Unified Architecture"), the procedure for so-called “Bootstrapping a remote secure key infrastructure” (BRSKI) or the Secure Setup procedure IEC 60802 TSN-IA.
  • BRSKI remote secure key infrastructure
  • IEC 60802 TSN-IA Secure Setup procedure
  • the respective newly registered system component does not have any configuration data, such as the address of the responsible registration authority or the address of a certificate revocation list distribution point (CDP).
  • a new component before it is added to the technical system and registered in it, is preconfigured using different manufacturer and/or product family-specific tools, such as different engineering tools. It is also possible that the new component only uses its own integrated databases and/or device lists and therefore only contains selected system components that are usually added manually. This new component is then added to the device inventory of the technical system. In particular, this means that the newly added and registered system component is listed in the device inventory of the technical system, but does not have any configuration data and is not configured and therefore cannot, for example, carry out any of the various actions mentioned above.
  • one object of the present invention is to improve the setting up of new components in a technical system.
  • a computer-implemented method for setting up at least one new component in a technical system with a device inventory has the following steps: a) providing specific configuration rules for configuring a new component, b) monitoring the device inventory for an occurrence of a predetermined change, which includes registering a new component in the device inventory, c) determining, upon occurrence of the predetermined change, component data indicative of the registered new component depending on the device inventory, d) determining a specific type of configuration data and a specific provision type for the registered new component depending on the provided specific configuration rules and the determined indicative component data, and e) providing the determined specific type of configuration data in the registered new component depending on the determined specific provision type.
  • the computer-implemented method has the technical effect that, after the addition and registration of a new component in the device inventory of the technical system, for each registered new component, a uniform and automated process for loading (providing) the Depending on the registered new component, the specific type of configuration data determined is provided in the registered new component depending on the specific provision type determined for the registered new component. By loading the determined specific type of configuration data into the registered new component (system component), this is then configured. This can then communicate in the context of the technical system and carry out various actions, such as applying for application-specific certificates, validating certificates from communication partners and transmitting security events to a server, such as a syslog server. This results in the following advantages:
  • the respective registered new component is advantageously provided with only the configuration data relevant to it, i.e the specific type of configuration data determined for the registered new component. This means that when configuring the registered new component, not simply all data and thus also irrelevant data, but only the specific type of configuration data determined for the registered new component is provided in the registered new component.
  • the freely available storage space of a system component memory is thus optimized.
  • the advantage of the present method is that it is possible for different system components, which require different specific types of configuration data according to their technical functionalities and/or capabilities, to use the respective ones in different ways, i.e. depending on the specific provision type determined to load the specific type of configuration data determined for the system component into the respective system component.
  • This targeted loading or provision increases the communication security and reliability of the technical system.
  • Another advantage of the present method is that it makes a well-founded contribution to meeting the requirements of the international standard IEC 62443-3-3 regarding. of the central computer-implemented device inventory as the basis for a configuration management process.
  • the present method also meets the requirements in the Zero Trust context according to the SP-800-207 standard of the National Institute of Standards and Technology.
  • the technical system can be a system from the process industry or an automation system, such as a chemical, pharmaceutical, petrochemical system or a system from the food and beverage industry. medium industry act. This also includes all systems from the manufacturing and production industry and plants in which, for example, cars or all kinds of goods are produced. Furthermore, the technical system can also be designed as an energy generation system, such as a wind turbine, a solar system or a power plant.
  • an automation system such as a chemical, pharmaceutical, petrochemical system or a system from the food and beverage industry. medium industry act. This also includes all systems from the manufacturing and production industry and plants in which, for example, cars or all kinds of goods are produced.
  • the technical system can also be designed as an energy generation system, such as a wind turbine, a solar system or a power plant.
  • “Registering” a new component involves including the unique identification number, such as the component number or the serial number, of the new component in the device inventory.
  • the new component is “registered” in the device inventory in particular manually by a user or automatically using a tool, such as an “anomaly detection tool” or a registrar, for example in accordance with OPC UA Part 21 or BRSKI.
  • indicative component data examples include: the name, the manufacturer, the serial number, the address and/or URL of a registration authority, an IDevID certificate, a possibly existing LDevID-Generic certificate (English “Locally Significant Device Identifier-Generic -Certificate”), certificate-specific component user profiles and/or a registration method.
  • the indicative component data is determined from the device inventory, for example from information about the registered new component.
  • the term “indicative” is understood in particular to mean that the component data is specific to the respective registered new component or provides information about the registered new component.
  • Deploying includes deploying or loading the identified specific type of configuration data into the registered new component.
  • the determined specific type of configuration data is loaded into or stored in the memory of the registered new component.
  • the registered new component is configured.
  • the term “configured” is understood in particular to mean that the registered new component has received all the necessary configuration data so that it can communicate with other system components in the context of the technical system and can carry out the various actions mentioned above. Steps c) to e) of the present method are preferably used to "configure" the registered new component.
  • the method comprises: f) sending a certificate request for issuing at least one certificate for the registered new component at least depending on the specific type of configuration data provided, and g) receiving, upon successful validation of the sent certificate request, the at least an issued certificate.
  • the issued certificate is in particular designed at least as an application-specific or component-specific certificate.
  • This certificate preferably enables the registered new component to communicate and exchange data with other system components in the technical system.
  • the specific configuration rules provided have registration-specific, in particular a specific type of registration method, manufacturer-specific, component-specific and/or protocol-specific configuration rules.
  • At least the registration-specific configuration rules can be provided manually, for example by a user of the technical system, or automatically, in particular in the device inventory.
  • the specific type of registration process preferably indicates the registration process by which the new component was registered in the device inventory.
  • a certain type of registration process which automatically registers the new component in the device inventory, has, for example, an automated registration using ORC UA Part 21, BRSKI, TLS (Transport Layer Security) or "Anomaly Detection" without PoO (English). . “Proof of Originality”) on .
  • the term "without PoO” means in particular that for this particular type of registration, registration is carried out using a discovery procedure without validation of the manufacturer-specific IDevID certificate.
  • the “Anomaly Detection” registration process without PoO is particularly used when registering so-called Legacy and/or brownfield system components carried out in the technical system.
  • Manufacturer-specific configuration rules are rules that, for example, include the manufacturer of the registered new component when configuring the registered new component.
  • Component-specific configuration rules are rules that, for example, include the product name of the registered new component when configuring the registered new component.
  • component-specific configuration rules can be provided based on further product-specific information.
  • protocol-specific configuration rules are rules which, for example, include the communication protocol used, such as TLS, when configuring the registered new component.
  • the specific configuration rules are provided preconfigured and/or provided at least at a predetermined point in time during the life of the technical system.
  • the specific configuration rules are provided preconfigured, in particular, in the device inventory.
  • the term “Deploy at run time” indicates automated deployment of the specific configuration rules.
  • the automated provision of the specific configuration rules can also include provision using artificial intelligence, in particular using machine learning. Automated provisioning can also be customized using artificial intelligence.
  • an artificial intelligence can be trained or adapted to determine which registered new component is configured depending on which specific configuration rules.
  • the determination according to step d) includes assigning the registered new component to a specific component type depending on the specific configuration rules provided and the determined indicative component data, with a respective specific component type being assigned to a respective specific component type Type of configuration data is assigned, wherein the specific component type is designed at least as a first manufacturer-specific component type, as a second manufacturer-specific component type or as a system-specific component type.
  • Assigning has the advantage that for each registered new component it can be determined individually which specific component type the registered new component corresponds to. Based on the determined specific component type, it can then be determined which specific type of configuration data should be provided to the registered new component or which specific type of configuration data the registered new component requires. This advantageously ensures that Depending on the specific component type, the respective registered new component is only provided with the specific type of configuration data assigned to it and is not provided with a specific type of configuration data of another specific component type that does not correspond to the determined specific component type of the registered new one Component corresponds to . This optimizes the freely available storage space in the memory of the system component and increases the reliability of the technical system.
  • OPC UA system component does not usually contact the registration authority (RA) of the technical system directly, but in particular only via a so-called. can contact the "OPC UA Global Discovery Server" and therefore preferably does not need the address and/or URL (uniform resource locator) of the RA
  • a system component designed as an industrial edge component or network component that has a certificate can be used. Uses administrative protocol, apply for certificates directly from the RA.
  • An industrial edge component in particular therefore requires the address and/or URL of the RA and thus a specific type of configuration data which has the address and/or URL of the RA.
  • the various system components in a heterogeneous industrial IoT/OT environment are particularly set up to reach various certificate revocation list distribution points via network technology.
  • the specific types of configuration data can therefore also differ in this point. Namely, the system components For example, if it is registered by an "Anomaly Detection Tool” that validates an IDevID certificate, the certificate from the highest certification authority (Root Certification Authority (RCA)) of the technical system may not be subsequently registered loaded into the system component as a trust anchor. In this case, the trust anchor would therefore have to be provided as part of a specific type of configuration data in the system component.
  • RCA Root Certification Authority
  • the trust anchor is preferably loaded into or deployed to the asset component as part of the onboarding according to the specification. In this case, it is therefore not necessary for the trust anchor to be contained in the specific type of configuration data that is provided in the system component.
  • An example of a first manufacturer-specific component type is a network component from a specific manufacturer.
  • An example of a second manufacturer-specific component type is a controller or a control system, for example for a programmable logic controller, from a specific manufacturer.
  • An example of a system-specific component type is a network component or a controller from another manufacturer, but which has been registered in the technical system.
  • a specific provision type is designed as a first, a second or a third specific provision type, the first specific provision type being an automatic tized provision of the determined specific type of configuration data by means of an automation entity, wherein the second specific provision type has an automated provision of the determined specific type of configuration data using a specific protocol, in particular a network protocol, and wherein the third specific provision type has a manual one Providing the determined specific type of configuration data based on an input from a user of the technical system or a control system for the technical system.
  • a control system is understood to mean a computer-aided technical system that has functionalities for displaying, controlling and guiding a technical system.
  • the control system can in particular extend over a cloud that is connected to several technical systems.
  • the registered new component can also be located in the cloud. A majority of registered new components can also be distributed across several technical systems.
  • An example of an automation entity is an engineering tool, such as: B. the TIA portal (“Totally Integrated Automation Portal”), or a runtime tool such as. B. the S IMATIC Automation Tool (SAT).
  • B. the TIA portal (“Totally Integrated Automation Portal”)
  • SAT S IMATIC Automation Tool
  • the first specific provisioning type can be used.
  • the specific type of configuration data is provided in the registered new component, in particular by means of the second provision unit and preferably depending on the automation entity.
  • the specific type of configuration data loaded into the system component is preferably stored in a configuration cache of the second provision unit.
  • a specific protocol is, for example, NETCONF (Network Configuration Protocol), SOAP (Simple Object Access Protocol) or REST (Representational State Transfer).
  • JSON body JavaScript Object Notation Body
  • the second provisioning unit of the control system can access the registered new component directly via a specific or standardized protocol
  • the second specific provisioning type can be used.
  • the specific type of configuration data is provided in the registered new component, in particular by means of the second provision unit and preferably using the specific protocol.
  • the second provision unit can also be set up to signal to the user of the technical system via an output that the user has entered the specific type of configuration data by means of an input in the system component or the control system, manually or using a tool. such as an engineering tool or a runtime tool, in the system component.
  • a tool such as an engineering tool or a runtime tool
  • a user is, for example, a customer or an operator of the technical system.
  • the specific type of configuration data can be provided in the system component by means of manual input by the user using a user input device via the graphical interface of the TIA portal or directly in the second provision unit.
  • the user input device is in particular set up to receive input of the specific type of configuration data from the user.
  • step e) can be carried out using a command line tool in which the specific type of configuration data is transferred directly to the registered new component.
  • step c) further comprises:
  • a component-specific certificate is in particular an LDevID generic certificate.
  • the component-specific certificate is set up in particular automatically, for example using a registrar.
  • the component-specific certificate can be set up using a user input device which is set up to receive input from a user to set up the component-specific certificate.
  • the device inventory is designed to be computer-implemented and designed as a dedicated instance in the technical system, as part of a registration point of the technical system or in a cloud that is connected to the technical system.
  • the device inventory can be used as a dedicated instance in a control system for the technical system, or as part of the Registration point of the control system or in a cloud, which is connected to the technical system or which can be connected to the control system.
  • Information about the system components, in particular indicative component data, can either be contained directly in the device inventory or referenced from the device inventory.
  • the predetermined change further comprises a change of at least one specific type of configuration data stored in the device inventory
  • the method further comprising: h) determining, when the change occurs, at least one specific type of configuration data stored in the device inventory, at least one registered component from a plurality of components registered in the device inventory, which has the stored specific type of configuration data relating to the change, and i) updating the stored specific type of configuration data and providing the updated specific type of configuration data in the at least one determined registered component depending on the determined specific provision type for the at least one registered component.
  • This embodiment has the advantage that steps h) and i) ensure that no outdated configuration data, but only current specific types of configuration data, are present in the registered new component as well as in the several system components registered in the device inventory.
  • a synchronization message is immediately triggered. process is triggered, which causes all registered system components that have subscribed to the change of at least one specific type of configuration data stored in the device inventory to be immediately synchronized accordingly by registering the updated specific type of configuration data depending on the determined specific provision type System components are loaded.
  • step h) is carried out in particular by comparing the specific types of configuration data loaded into the registered components and the specific types of configuration data affected as a result of the change.
  • the updated specific type of configuration data is provided in several determined registered components depending on the respective determined specific provision type for the respective registered component.
  • the second provision unit is set up to provide the updated specific type of configuration data in the at least one determined registered component depending on the determined specific provision type for the at least one registered component.
  • a monitoring unit of the control system is set up to detect the occurrence of the change.
  • the monitoring unit can then be set up to update the stored specific type of configuration data and make it available in a configuration cache of the second provision unit.
  • the second provision unit is then preferably set up to carry out the provision according to step i).
  • the at least one issued certificate of the registered new component is designed as a digital certificate, in particular as a public key certificate.
  • a digital certificate is a digital data record according to the Persons or objects (in this case registered new components, system components, machines, devices, applications and the like) and their authenticity and integrity can be checked using cryptographic methods.
  • the digital certificate contains in particular the data required for its verification.
  • the digital certificate is issued by the certification authority.
  • a certificate is at least manufacturer-specific, component-specific (system-specific) or application-specific.
  • a manufacturer-specific certificate is, for example, an IDevID certificate (English "Initial Device Identifier Certificate")
  • a component-specific or a system-specific certificate is, for example, an LDevID generic certificate
  • an application-specific certificate is, for example, an LDevID app certificate .
  • An LDevID generic certificate is applied for in particular on the basis of at least one manufacturer-specific IDevID certificate and binds the respective system component to the respective (user-specific) technical system.
  • An LDevID app certificate is preferably applied for on the basis of at least one component-specific LDevID generic certificate and is used by the respective system components in particular to ensure secure communication between the respective system components by means of communication.
  • nication protocols such as OPC UA or TLS, to build and implement.
  • a computer program product which comprises instructions which, when the program is executed by a computer, cause it to carry out the method according to the first aspect or an embodiment of the first aspect.
  • a computer program product such as B. a computer program medium
  • B. a computer program medium can be used, for example, as a storage medium, such as. B. Memory card, USB stick, CD-ROM, DVD, or in the form of a downloadable file provided or delivered from a server in a network. This can be done, for example, in a wireless communication network by transmitting a corresponding file with the computer program product or the computer program means.
  • a control system for a technical system in particular an automation system
  • the technical system has a device inventory.
  • the control system has: a first provisioning unit for providing specific configuration rules for configuring a new component, a monitoring unit for monitoring the device inventory for an occurrence of a predetermined change, which includes registering a new component in the device inventory, a first Determination unit for determining, when the predetermined change occurs, component data indicative of the registered new component depending on the device inventory, a second determination unit for determining a specific type of configuration data and a specific provision type for the registered new component depending on the specific fish provided Configuration rules and the determined indicative component data, and a second provisioning unit for providing the determined specific type of configuration data in the registered new component depending on the determined specific provision type.
  • the monitoring unit is in particular set up to continuously monitor the device inventory with regard to the occurrence of a predetermined change. Furthermore, the monitoring unit can be set up to receive the occurrence of the predetermined change as an event message from another unit, for example the device inventory. For example, after registering the new component, an event message “New component registered in the device inventory” can be generated and transmitted to the monitoring unit from the device inventory.
  • control system has: a sending unit for sending a certificate request for issuing at least one certificate for the registered new component at least depending on the specific type of configuration data provided, and a receiving unit for receiving, upon successful validation of the sent certificate application, of at least one issued certificate.
  • control system has: a certification body, which is set up to validate the sent certificate application and, if the sent certificate is successfully validated. request to issue at least one certificate for the registered new component.
  • the determined specific type of configuration data provided in the registered new component according to step e) or according to the second provision unit has at least the address and / or URL of the RA, so that the registered new component or a sending unit of the control system is preferably for the registered new component, can apply for a certificate from the RA.
  • the sending unit is set up to send the certificate request for the registered component to the RA using a certificate management protocol (CMP).
  • CMP certificate management protocol
  • the certificate in particular has a component-specific (LDevID Generic Certificate) or an application-specific certificate (LDevID App Certificate).
  • the RA is then preferably set up to check the certificate application sent by the sending unit depending on the device inventory and, if the check is successful, to transmit it to the certification authority.
  • the certification authority is then set up to validate the certificate application sent.
  • the receiving unit is preferably set up to provide the at least one issued certificate of the registered new component.
  • the registration office is set up in particular to store the requested and issued certificate in the device inventory.
  • the registration authority is in particular part of a PKI (Public Key Infrastructure (PKI)).
  • PKI Public Key Infrastructure
  • the guidance system preferably uses a PKI.
  • the RA is an authority in a network, for example of a technical system and/or control system, which verifies an application, for example from a control system, a registered new component, a system component or a user, for a digital certificate and the certificate Certi ficate Authority (CA) announces that it will issue this.
  • PKI Public Key Infrastructure
  • CA Certi ficate Authority
  • the first provision unit, the monitoring unit, the first investigation unit, the second investigation unit and/or the second provision unit of the control system are each as an application, in particular as a service or trained as a microservice.
  • Forming at least one of the respective units described above in this embodiment as an application has the advantage that the scalability or expandability of the control system and its respective units is improved, since the size of the control system can be flexibly changed using microservices, without to affect the provision of services.
  • the respective units of the control system can be provided as dedicated services or microservices both individually to expand the control system and/or the technical system as well as together in the context of a software ecosystem and thereby better adapted to the entire certificate management of the control system become .
  • Microservices are information technology architecture patterns in which complex applications are generated from independent processes that can communicate with each other using language-independent programming interfaces, such as APIs. Microservices enable a modular structure of applications and have the advantage that each microservice can be developed and deployed independently without affecting other microservices.
  • the application can also be designed as an application embedded in a container.
  • the container is in particular a software container which is arranged in an execution environment and in which a respective application can be executed and which is separate from other containers.
  • Applications designed as microservices or several parts of an application can also be executed independently of one another on the same hardware in a container. A group of applications can also run on different individual containers.
  • the respective unit for example the first provision unit or the first determination unit, can also be implemented in terms of hardware or from a combination of hardware and/or software elements.
  • the respective unit can be designed as a device or as part of a device, for example as a computer or as a microprocessor.
  • the respective unit can be designed as a computer program product, as a function, as a routine, as part of a program code, as the application or as an executable object.
  • control system has: a control device that is set up to control at least the first provision unit, the monitoring unit, the first determination unit, the second determination unit and/or the second provision unit of the control system.
  • control device By means of the control device, an automated process for setting up the at least one new component in the control system is advantageously carried out.
  • the control device is set up to control the respective units of the control system in such a way that provision by means of the first provision unit, monitoring by means of the monitoring unit, determination by means of the first determination unit, determination by means of the second determination unit and provision by means of the second provision unit in a fully automated manner without human intervention ) User can be carried out in order to set up at least the new component fully automatically.
  • control system is designed in particular as a cluster on which the respective units of the control system are designed as a respective application embedded in a container in a respective execution environment and are controlled and executed there in particular by means of the control device.
  • This has the advantage that the respective units can be executed separately on different system components of the control system or in the cloud and, in particular, are not tied to the different system components.
  • a cluster or a software cluster or computer network refers to a number of networked software applications and/or their associated computers.
  • the at least one new registered component is designed as a system component, wherein the system component is designed as a machine, such as a machine tool or a robot, as a field device, for example an edge device, a programmable logic controller, a sensor or a Actuator and/or as a network component, such as a network switch, a firewall component or an industrial PC, is designed.
  • a machine such as a machine tool or a robot
  • a field device for example an edge device, a programmable logic controller, a sensor or a Actuator
  • a network component such as a network switch, a firewall component or an industrial PC
  • a new component then registered in the device inventory is in particular a system component of the technical system.
  • a system component can also be individual measuring transducers for sensors or control devices for actuators of the technical system.
  • a system component can also be a combination of several such components Be measuring transducers or control devices, for example a motor, a reactor, a pump or a valve system.
  • Higher-level devices such as an automation device, an operator station server or a decentralized peripheral are also included under the term “system component”.
  • An automation device is a technical device that is used to implement automation. This can be, for example, a programmable logic controller (field device) that represents a higher-level control function for lower-level controllers.
  • the system component can also be designed as a local data processing unit of an industrial LoT device.
  • the control device can be set up to control at least one system component of the plurality of system components.
  • Fig. 1 shows a schematic block diagram of an exemplary embodiment of a control system for a technical system
  • Fig. 2 shows a schematic flow diagram of one
  • Fig. 1 shows a schematic block diagram of an exemplary embodiment of a control system 100 for a technical system 1, such as an automation system.
  • the technical system 1 has the control system 100 in FIG.
  • the control system 100 has several (registered) new components 10, 30.
  • a new component 10, 30 is designed as a field device in FIG. 1.
  • the new component 10, 30 can be designed as a network component, such as a network switch, a firewall component or an industrial PC.
  • the control system 100 has a first provision unit 15, a monitoring unit 16, a first determination unit 17, a second determination unit 18 and a second provision unit 19.
  • the (registered) new component 10 has a transmitting unit 21 and a receiving unit 22.
  • the control system 100 has the transmitting unit 21 and the receiving unit 22 (not shown).
  • the technical system 1 has a device inventory 20, which is part of the control system 100 in FIG. 1 and which is designed to be computer-implemented in FIG.
  • the control system 100 also has a control device 40.
  • the units 15 - 19, the device inventory 20, the new components 10, 30 are connected in FIG. 1 to the control device 40 for transmitting data (not shown).
  • the first provision unit 15 is set up to provide specific configuration rules for configuring a new component 10 (see step S 100 of FIG. 2).
  • the specific configuration rules provided have registration-specific, manufacturer-specific, component-specific and/or protocol-specific configuration rules.
  • the specific configuration rules are provided preconfigured. Alternatively or additionally, the specific configuration rules are provided at least at a predetermined time during the running time of the technical system 1.
  • the monitoring unit 16 is set up to monitor the device inventory 20 with regard to the occurrence of a predetermined change, which includes registering a new component 10 in the device inventory 20 (see step S 101 of FIG. 2). For this purpose, the monitoring unit 16 is connected to the device inventory 20.
  • the first determination unit 17 is set up to determine, when the predetermined change occurs, component data iKOMP indicative of the registered new component 10 depending on the device inventory 20 (see step S 102 of FIG. 2).
  • the first determination unit 17 is connected to the device inventory 20.
  • the first determination unit 17 is set up to set up at least one component-specific certificate depending on the registered new component 10 in the device inventory 20 after the predetermined change has occurred.
  • the second determination unit 18 is then set up to determine a specific type of configuration data and a specific provision type Type1, Type2, Type3 for the registered new component 10 depending on the specific configuration rules provided and the determined indicative component data iKOMP (see step S 103 of FIG. 2).
  • the first investigation Unit 17 is set up to transmit the determined indicative component data iKOMP to the second determination unit 18, which is indicated by an arrow between the first and second determination units 17, 18 in FIG. 1 is shown.
  • the second determination unit 18 is connected to the first provision unit 15 for obtaining the provided specific configuration rules.
  • the determination according to the second determination unit 18 involves assigning the registered new component 10 to a specific component type depending on the specific configuration rules provided and the determined indicative component data.
  • a respective specific type of configuration data is assigned to a respective specific component type.
  • a specific component type is designed at least as a first manufacturer-specific component type, as a second manufacturer-specific component type or as a system-specific component type.
  • the second provision unit 19 is then set up to provide the determined specific type of configuration data in the registered new component 10 depending on the determined specific provision type Type1, Type2, Type3 (see step S 104 of FIG. 2). Furthermore, the second provision unit 19 is connected to the second determination unit 18 for obtaining the determined specific type of configuration data and the specific provision type Type1, Type2, Type3. The second provision unit 19 is also shown in FIG. 1 connected to the monitoring unit 16 for exchanging data.
  • a specific provision type is designed as a first, a second or a third specific provision type Type1, Type2, Type3.
  • the first specific provision type Typl has an automated provision of the determined specific type of configuration data using an automation entity 23.
  • the second specific provision type Type2 has an automated provision of the determined specific type of configuration data using a specific protocol P.
  • the third specific provision type Type3 has a manual provision of the determined specific type of configuration data based on an input from a user of the control system 100.
  • the first, second and third specific deployment types Type1, Type2, Type3 are shown in FIG. 1 each shown with different arrows, which are each formed indirectly by the second provision unit 19 either via the automation entity 23, the protocol P or the user user to the registered new component 10.
  • the sending unit 21 is set up to send a certificate request CSR for issuing at least one certificate GERT for the registered new component 10, at least depending on the specific type of configuration data provided (see step S 105 of FIG. 2).
  • a certification body CA of the control system 100 is then set up to validate the sent certificate request CSR and, if the sent certificate request CSR is successfully validated, to issue at least one GERT certificate for the registered new component 10.
  • the at least one issued certificate GERT of the registered new component 10 is shown in FIG. 1 designed as a digital public key certificate.
  • the receiving unit 22 is then set up to receive the at least one issued certificate GERT (see step S106 of FIG. 2).
  • the predetermined change may further comprise a change of at least one specific type of configuration data stored in the device inventory 20.
  • the monitoring unit 16 is set up to, when a change occurs at least one specific type of configuration data stored in the device inventory 20, at least one registered component 10 from a plurality of components 10, 30 registered in the device inventory 20, which contains the stored specific type of configuration data concerning the change has to be determined (see step S107 of FIG. 2).
  • an update unit is set up to update the stored specific type of configuration data and the updated specific type of configuration data in the at least one determined registered component 10 depending on the determined specific provision type Type1, Type2, Type3 for the at least one registered one To provide component 10 (see step S108 of FIG. 2).
  • the first provisioning unit 15, the monitoring unit 16, the first determination unit 17, the second determination unit 18 and/or the second provisioning unit 19 are each as an application, in particular as a microservice , educated.
  • control device 40 is set up to control at least the first provision unit 15, the monitoring unit 16, the first determination unit 17, the second determination unit 18 and/or the second provision unit 19 of the control system 100.
  • Fig. 2 shows a flow chart showing the steps of the method for setting up a new component 10, 30 (see Fig. 1) according to an exemplary embodiment.
  • the Method includes steps S100 to S108.
  • the respective method steps S100 to S108 have already been explained with reference to FIG. 1, which is why the method steps S100 to S108 are not described again to avoid repetition.

Abstract

L'invention concerne un procédé mis en œuvre par ordinateur pour établir au moins un nouveau composant dans une installation technique avec un inventaire de dispositifs. Le procédé mis en œuvre par ordinateur comprend les étapes suivantes : a) fourniture de règles de configuration spécifiques pour configurer un nouveau composant, b) surveillance de l'inventaire de dispositifs en ce qui concerne la survenue d'un changement prédéfini qui indique l'enregistrement d'un nouveau composant dans l'inventaire de dispositifs, c) si le changement prédéfini se produit, détermination de données de composant indicatives du nouveau composant enregistré en fonction de l'inventaire de dispositifs, d) détermination d'un type spécifique de données de configuration et d'un type de fourniture spécifique pour le nouveau composant enregistré en fonction des règles de configuration spécifiques fournies et des données de composant indicatives déterminées, et e) fourniture du type spécifique déterminé de données de configuration dans le nouveau composant enregistré en fonction du type de fourniture spécifique déterminé.
PCT/EP2022/074181 2022-08-31 2022-08-31 Procédé mis en œuvre par ordinateur pour établir un nouveau composant dans une installation technique et système de commande pour une installation technique WO2024046552A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/EP2022/074181 WO2024046552A1 (fr) 2022-08-31 2022-08-31 Procédé mis en œuvre par ordinateur pour établir un nouveau composant dans une installation technique et système de commande pour une installation technique

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/EP2022/074181 WO2024046552A1 (fr) 2022-08-31 2022-08-31 Procédé mis en œuvre par ordinateur pour établir un nouveau composant dans une installation technique et système de commande pour une installation technique

Publications (1)

Publication Number Publication Date
WO2024046552A1 true WO2024046552A1 (fr) 2024-03-07

Family

ID=83361054

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2022/074181 WO2024046552A1 (fr) 2022-08-31 2022-08-31 Procédé mis en œuvre par ordinateur pour établir un nouveau composant dans une installation technique et système de commande pour une installation technique

Country Status (1)

Country Link
WO (1) WO2024046552A1 (fr)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120216042A1 (en) * 2006-07-20 2012-08-23 Research In Motion Limited System and Method for Provisioning Device Certificates
US20180137261A1 (en) * 2016-11-14 2018-05-17 INTEGRITY Security Services, Inc. Secure provisioning and management of devices
US20210258153A1 (en) * 2017-03-03 2021-08-19 Verizon Patent And Licensing Inc. Network-based device registration for content distribution platforms

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120216042A1 (en) * 2006-07-20 2012-08-23 Research In Motion Limited System and Method for Provisioning Device Certificates
US20180137261A1 (en) * 2016-11-14 2018-05-17 INTEGRITY Security Services, Inc. Secure provisioning and management of devices
US20210258153A1 (en) * 2017-03-03 2021-08-19 Verizon Patent And Licensing Inc. Network-based device registration for content distribution platforms

Similar Documents

Publication Publication Date Title
DE102011081804B4 (de) Verfahren und System zum Bereitstellen von gerätespezifischen Betreiberdaten, welche an ein Authentisierungs-Credential gebunden werden, für ein Automatisierungsgerät einer Automatisierungsanlage
EP3264208B1 (fr) Procede d'actualisation d'objets de processus dans un systeme d'ingenierie
DE112005001044T5 (de) Dienstorientierte Architektur für Prozesssteuerung
DE102007046572A1 (de) Flexible Eingabe-/Ausgabegeräte zur Verwendung in Prozesssteuerungssystemen
DE102018008674A1 (de) Automatisierungsgerät mit integrierter Netzwerk-Analyse und Cloud-Anbindung
EP3177973B1 (fr) Procédé de fonctionnement d'un automate de sécurité et réseau d'automatisation ayant un tel automate de sécurité
EP3565221B1 (fr) Procédé d'enregistrement des noms d'appareil associés aux appareils d'automatisation industriels ou aux appareils de communication dans un système de service d'attribution de nom et composante de commande
EP3605253A1 (fr) Initialisation automatisée des infrastructures à clé publique
WO2013135807A1 (fr) Dispositif de commande pour la commande de processus critiques pour la sécurité dans une installation automatisée et procédé de paramétrisation du dispositif de commande
EP3624413A1 (fr) Gestion automatique de certificats pour installations d'automatisation
EP3985532B1 (fr) Gestion des certificats pour installations techniques
WO2024046552A1 (fr) Procédé mis en œuvre par ordinateur pour établir un nouveau composant dans une installation technique et système de commande pour une installation technique
WO2012028366A1 (fr) Procédé garantissant le mode de fonctionnement correct d'une installation d'automatisation
EP1496664A2 (fr) Système, méthode et module de sécurité pour sécuriser l'accèss d'un utilisateur à au moins un composant d'automatisation d'un système d'automatisation
EP3762845B1 (fr) Gestion des certificats relatif à un projet
WO2022013371A1 (fr) Appareil de terrain et procédé d'intégration d'un appareil de terrain
DE102020118958A1 (de) Feldvorrichtung und Verfahren zur Integration einer Feldvorrichtung
EP3796107A1 (fr) Système de guidage et procédé de gestion des certificats
DE102019216527A1 (de) Gerät, system und verfahren zum nachweis eines integritätszustands eines geräts
EP3993339B1 (fr) Gestion des certificats dans une installation technique
LU102517B1 (de) Verfahren zur Einbindung in eine Datenübertragung von einer Anzahl von an einer I/O-Station angeschlossenen I/O-Modulen, ein Stationskopf zur Ausführung eines solchen Verfahrens und ein System mit einem solchen Stationskopf
EP4254233A1 (fr) Procédé et système de mise en oeuvre sécurisée d'applications de commande, hôte
LU500646B1 (de) Technik zur Bereitstellung einer Diagnosefunktionalität für eine auf einer speicherprogrammierbaren Steuerung basierenden Anwendung
EP4333362A1 (fr) Système de guidage pour une installation technique et procédé mis en uvre par ordinateur pour l'arrêt d'un composant d'installation
EP3944108A1 (fr) Révocation de certificats dans une installation technique

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22772853

Country of ref document: EP

Kind code of ref document: A1