EP1711870A1 - Procede de cryptage de donnees dans un reseau utilise dans la technique d'automatisation de processus - Google Patents
Procede de cryptage de donnees dans un reseau utilise dans la technique d'automatisation de processusInfo
- Publication number
- EP1711870A1 EP1711870A1 EP04804867A EP04804867A EP1711870A1 EP 1711870 A1 EP1711870 A1 EP 1711870A1 EP 04804867 A EP04804867 A EP 04804867A EP 04804867 A EP04804867 A EP 04804867A EP 1711870 A1 EP1711870 A1 EP 1711870A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- data
- process automation
- software module
- dtm
- network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Ceased
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B2219/00—Program-control systems
- G05B2219/20—Pc systems
- G05B2219/24—Pc safety
- G05B2219/24167—Encryption, password, user access privileges
Definitions
- the invention relates to a method for encrypting data in a network of process automation technology.
- field devices are used in many cases, which serve to record and / or influence process variables.
- Examples of such field devices are level measuring devices, mass flow measuring devices, pressure and temperature measuring devices, pH redox potential measuring devices, conductivity measuring devices, etc., which as sensors detect the corresponding process variables level, flow, pressure, temperature, pH value or conductivity value.
- So-called remote I / Os are also referred to as field devices.
- actuators are used to influence process variables, e.g. B. valves that control the flow of a liquid in a pipe section or pumps that change the level in a container.
- Field devices are often via a fieldbus (Profibus®, Foundation®-Fieldbus, HART® etc.) with higher-level units, for. B. control systems or control units connected. These higher-level units are used for process control, process visualization, process monitoring and for operating the field devices.
- Profilebus® Foundation®-Fieldbus, HART® etc.
- Device manufacturers have therefore recently been supplying device drivers to their field devices, e.g. B. DTMs (Device Type Managers), which encapsulate all data and functions of the respective field device and at the same time provide a graphical user interface supply.
- B. DTMs Device Type Managers
- the device drivers require a frame application as runtime environment. They enable access to various data of the field devices (e.g. device parameters, measured values, diagnostic information, status information, etc.).
- the object of the invention is therefore a method for encrypting data in a network of process automation technology which can be carried out simply and inexpensively.
- the essential idea of the invention is that the data which are exchanged via a communication network of the process automation technology are to be encrypted in the control unit with the aid of a separate exchangeable software module.
- the software module is designed as a DTM (de vice type manager) in accordance with the FDT specifications. This makes it easy to integrate the software module into known FDT frame applications (PACTware®, FieldCare® etc.).
- the FDT specifications which are considered to be the industry standard, were developed by the PNO Profibus® user organization in cooperation with the ZVEI (Central Association for the Electrical and Electronics Industries).
- the current FDT specification 1.2 is available from the ZVEI.
- FIG. 1 A communication network of process automation technology is shown in more detail in FIG. 1.
- Several computer units workstations
- WS1, WS2 are connected to a data bus D1.
- These computer units serve as higher-level units (control system or control unit) for process visualization, process monitoring and for engineering, as well as for operating and monitoring field devices.
- the data bus Dl works e.g. B. according to the Profibus® DP standard or the HSE (High Speed Ethernet) standard of the Foundation® Fieldbus.
- the data bus D1 is connected to a fieldbus segment SM1 via a gateway 1, which is also referred to as a linking device or a segment coupler.
- the fieldbus segment SM1 consists of several field devices FI, F2, F3, F4 which are connected to one another via a fieldbus FB.
- the field devices FI, F2, F3, F4 can be sensors or actuators.
- the fieldbus FB works according to one of the well-known fieldbus standards Profibus, Foundation Fieldbus or HART
- the operating program which runs on one of the control units WS 1, WS2 or on the operating unit BE is shown schematically in FIG. 2.
- the operating program can be the operating software PACTware (PACTware Consortium e.V.) or FieldCare® (company Endress + Hauser®), both of which require the Microsoft Windows®, 98NT, 2000 operating system and which serve as an FDT frame application.
- the FDT frame application is especially responsible for the administration of the DTMs in a project database for the communication to the bus systems, for the administration of the device catalog, as well as for the administration of the users and the access rights etc.
- a device DTM DTM-Fl In the FDT frame application, a device DTM DTM-Fl, an encryption DTM V and a communication DTM CommDTM run.
- the device DTM DTM-Fl which is also referred to as the device driver, encapsulates the data and functions of the field device FI and requires the FDT as runtime environment Frame application. With the help of this DTM, cross-device and manufacturer-independent operation of the field device FI is possible. In particular, the DTM-Fl allows access to device parameters, device configuration, retrieval of diagnostic data and status information via a manufacturer-specific graphical user interface.
- the FDT concept is based on the fact that different field devices DTMs from different manufacturers can be bound in a FDT frame application in a simple manner.
- connection is made via a bus connection BA, the data bus D1, the gateway G1, the fieldbus FB to the field device FI.
- the data that are exchanged between the operating program and the field device FI are encrypted.
- Parameters can be changed in the field device FI via the encapsulated functions of the device DTM DTM-Fl.
- the data required for this are encrypted in the encryption DTM V with an appropriate algorithm and transmitted to the field device FI via the data bus D1 and the fieldbus FB.
- the data is decrypted in the FI field device and the corresponding commands are executed.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Testing And Monitoring For Control Systems (AREA)
- Programmable Controllers (AREA)
Abstract
L'invention concerne un procédé de cryptage de données dans un réseau utilisé dans la technique d'automatisation de processus, procédé selon lequel les données sont cryptées, dans une unité de commande reliée audit réseau, dans un module logiciel séparé remplaçable.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| DE102004001755A DE102004001755A1 (de) | 2004-01-12 | 2004-01-12 | Verfahren zum Verschlüsseln von Daten in einem Netzwerk der Prozessautomatisierungstechnik |
| PCT/EP2004/053519 WO2005066729A1 (fr) | 2004-01-12 | 2004-12-15 | Procede de cryptage de donnees dans un reseau utilise dans la technique d'automatisation de processus |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| EP1711870A1 true EP1711870A1 (fr) | 2006-10-18 |
Family
ID=34744692
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| EP04804867A Ceased EP1711870A1 (fr) | 2004-01-12 | 2004-12-15 | Procede de cryptage de donnees dans un reseau utilise dans la technique d'automatisation de processus |
Country Status (4)
| Country | Link |
|---|---|
| US (1) | US20090210692A1 (fr) |
| EP (1) | EP1711870A1 (fr) |
| DE (1) | DE102004001755A1 (fr) |
| WO (1) | WO2005066729A1 (fr) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| DE102005048996A1 (de) * | 2005-10-11 | 2007-04-12 | Endress + Hauser Gmbh + Co. Kg | Verfahren zum sicheren Versenden von Daten eines Feldgerätes der Prozessautomatisierungstechnik |
| DE102007029136A1 (de) * | 2007-06-25 | 2009-01-02 | Vega Grieshaber Kg | Vorrichtung und Verfahren zum Generieren einer Bedienoberflächenkonfiguration für ein Feldgerät |
| MX2010001850A (es) * | 2007-08-16 | 2010-07-05 | Fisher Controls Int | Escaneo y administracion de red en un administrador de tipo de equipo de equipo tipo. |
| US8195590B1 (en) | 2008-09-17 | 2012-06-05 | Varec, Inc. | Method and system for measuring and managing inventory of product in a collapsible tank |
| US9513152B1 (en) | 2011-12-20 | 2016-12-06 | Varec, Inc. | Liquid level transmitter utilizing low cost, capacitive, absolute encoders |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6202157B1 (en) * | 1997-12-08 | 2001-03-13 | Entrust Technologies Limited | Computer network security system and method having unilateral enforceable security policy provision |
| US6674767B1 (en) * | 1999-10-04 | 2004-01-06 | Microsoft Corporation | Flexible system and method for communicating between a broad range of networks and devices |
| FR2813151B1 (fr) * | 2000-08-18 | 2002-12-20 | Schneider Electric Ind Sa | Communication securisee dans un equipement d'automatisme |
| EP1249747A1 (fr) * | 2001-04-09 | 2002-10-16 | Patria Ailon | Système de contrôle et procédé de commande de processus |
| DE10144971A1 (de) * | 2001-09-12 | 2003-03-27 | Endress & Hauser Gmbh & Co Kg | Verfahren zur Sicherung des Datenaustauschs zwischen einer externen Zugriffseinheit und einem Feldgerät |
| EP1479007B1 (fr) * | 2002-02-07 | 2018-01-10 | Invensys Systems, Inc. | Systeme et procede destines a l'authentification et la transmission sans pannes de messages de securite |
-
2004
- 2004-01-12 DE DE102004001755A patent/DE102004001755A1/de not_active Withdrawn
- 2004-12-15 WO PCT/EP2004/053519 patent/WO2005066729A1/fr active Application Filing
- 2004-12-15 EP EP04804867A patent/EP1711870A1/fr not_active Ceased
- 2004-12-15 US US10/585,820 patent/US20090210692A1/en not_active Abandoned
Non-Patent Citations (1)
| Title |
|---|
| See references of WO2005066729A1 * |
Also Published As
| Publication number | Publication date |
|---|---|
| DE102004001755A1 (de) | 2005-08-11 |
| US20090210692A1 (en) | 2009-08-20 |
| WO2005066729A1 (fr) | 2005-07-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP1872180B1 (fr) | Procede de commande securisee d'un appareil de terrain de la technique d'automatisation | |
| EP1606673B1 (fr) | Procede de transmission d'un code de logiciel d'une unite de commande a un appareil de terrain associe a la technique d'automatisation de processus | |
| EP1558975B1 (fr) | Procede de parametrage hors ligne d'un appareil de terrain de la technique d'automatisation des processus | |
| EP2247987A1 (fr) | Procédé pour faire fonctionner un appareil de terrain | |
| DE102010062266A1 (de) | Verfahren zur Realisierung von zumindest einer Zusatzfunktion eines Feldgeräts in der Automatisierungstechnik | |
| EP2597819B1 (fr) | Procédé de commande d'un appareil de terrain | |
| WO2008012164A1 (fr) | Procédé pour déconnecter des fonctionnalités particulières dans des appareils de terrain en technique d'automatisation | |
| EP1653306B1 (fr) | Procédé de commande d' un dispositif de terrain de la technique d'automatisation | |
| EP1946191A1 (fr) | Procédé d'utilisation d'un appareil de terrain de la technique d'automatisation aux fonctionnalités spéciales | |
| DE102007060990A1 (de) | Verfahren zum Erzeugen eines anwendungsspezifischen Installationspakets von Geräteobjekten | |
| EP1735671A2 (fr) | Procede pour faire fonctionner a distance un dispositif a champ d'une technologie d'automatisation de processus | |
| DE102012109348A1 (de) | Verfahren zum sicheren Bedienen eines Feldgerätes | |
| EP1431877A2 (fr) | Système de paramétrage-/diagnostic pour un appareil de terrain | |
| EP1682952B1 (fr) | Procede pour la maintenance de dispositifs de terrain utilises dans la technique d'automatisation des processus a l'aide d'un ordinateur de maintenance | |
| EP1518153B1 (fr) | Procede pour proteger un acces non autorise a un dispositif de terrain dans la technique d'automatisation de processus | |
| DE102016107045B4 (de) | Verfahren und System zum sicheren Konfigurieren eines Feldgeräts der Prozessautomatisierung | |
| EP3469429B1 (fr) | Procédé pour empêcher un accès non autorisé à des applications logicielles dans des appareils de terrain, et réseau de communication | |
| DE102004055814A1 (de) | Verfahren zur Inbetriebnahme eines Feldgerätes der Prozessautomatisierungstechnik | |
| DE102005023938B4 (de) | Integration von Feldgeräten in ein Automatisierungssystem | |
| EP1711870A1 (fr) | Procede de cryptage de donnees dans un reseau utilise dans la technique d'automatisation de processus | |
| WO2011006740A1 (fr) | Système de commande et/ou de surveillance dune installation de processus dans la technique dautomatisation | |
| EP3555717B1 (fr) | Unité d'exploitation pour appareil de terrain de la technologie d'automatisation | |
| EP2095193B1 (fr) | Procédé d'utilisation d'un appareil de terrain fonctionnant selon le modèle de bloc pour un système d'automatisation réparti | |
| EP1486842A2 (fr) | Méthode pour la transmission des données de mesure d'un appareil de mesure à une unité centrale de commande | |
| DE102011089213A1 (de) | System und Verfahren zur Bedienung eines Feldgeräts der Automatisierungstechnik |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
| 17P | Request for examination filed |
Effective date: 20060518 |
|
| AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LI LT LU MC NL PL PT RO SE SI SK TR |
|
| 17Q | First examination report despatched |
Effective date: 20061207 |
|
| DAX | Request for extension of the european patent (deleted) | ||
| REG | Reference to a national code |
Ref country code: DE Ref legal event code: R003 |
|
| STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION HAS BEEN REFUSED |
|
| 18R | Application refused |
Effective date: 20160208 |