EP2047341A1 - Procédé pour déconnecter des fonctionnalités particulières dans des appareils de terrain en technique d'automatisation - Google Patents

Procédé pour déconnecter des fonctionnalités particulières dans des appareils de terrain en technique d'automatisation

Info

Publication number
EP2047341A1
EP2047341A1 EP07786901A EP07786901A EP2047341A1 EP 2047341 A1 EP2047341 A1 EP 2047341A1 EP 07786901 A EP07786901 A EP 07786901A EP 07786901 A EP07786901 A EP 07786901A EP 2047341 A1 EP2047341 A1 EP 2047341A1
Authority
EP
European Patent Office
Prior art keywords
field device
fsc
field
activation
option
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
EP07786901A
Other languages
German (de)
English (en)
Inventor
Markus Kilian
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Endress and Hauser SE and Co KG
Original Assignee
Endress and Hauser SE and Co KG
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Endress and Hauser SE and Co KG filed Critical Endress and Hauser SE and Co KG
Publication of EP2047341A1 publication Critical patent/EP2047341A1/fr
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B19/00Programme-control systems
    • G05B19/02Programme-control systems electric
    • G05B19/418Total factory control, i.e. centrally controlling a plurality of machines, e.g. direct or distributed numerical control [DNC], flexible manufacturing systems [FMS], integrated manufacturing systems [IMS] or computer integrated manufacturing [CIM]
    • G05B19/4185Total factory control, i.e. centrally controlling a plurality of machines, e.g. direct or distributed numerical control [DNC], flexible manufacturing systems [FMS], integrated manufacturing systems [IMS] or computer integrated manufacturing [CIM] characterised by the network communication
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B19/00Programme-control systems
    • G05B19/02Programme-control systems electric
    • G05B19/04Programme control other than numerical control, i.e. in sequence controllers or logic controllers
    • G05B19/042Programme control other than numerical control, i.e. in sequence controllers or logic controllers using digital processors
    • G05B19/0428Safety, monitoring
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B2219/00Program-control systems
    • G05B2219/20Pc systems
    • G05B2219/24Pc safety
    • G05B2219/24165Use codes to activate features of controller
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B2219/00Program-control systems
    • G05B2219/20Pc systems
    • G05B2219/24Pc safety
    • G05B2219/24167Encryption, password, user access privileges
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B2219/00Program-control systems
    • G05B2219/20Pc systems
    • G05B2219/25Pc structure of the system
    • G05B2219/25428Field device
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B2219/00Program-control systems
    • G05B2219/30Nc systems
    • G05B2219/31From computer integrated manufacturing till monitoring
    • G05B2219/31121Fielddevice, field controller, interface connected to fieldbus
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02PCLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
    • Y02P90/00Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
    • Y02P90/02Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]

Definitions

  • the invention relates to a method for unlocking special functionalities in field devices of automation technology.
  • Capture and / or influencing process variables Capture and / or influencing process variables.
  • field devices are level gauges, mass flowmeters, pressure and temperature measuring devices, etc., which detect the corresponding process variables level, flow, pressure or temperature as sensors.
  • actuators z As valves control the flow of a liquid in a pipe section or as pumps the level in a container.
  • field devices in modern manufacturing plants are connected via fieldbus systems (HART, Profibus, Foundation Fieldbus, etc.) to higher-level units (eg, control systems or control units). These higher-level units serve, among other things, for process control, process visualization, process monitoring and commissioning of the field devices.
  • Field devices are generally those units which are connected directly to a field bus and serve for communication with the higher-level units (eg remote I / O, gateways, linking devices).
  • the company networks can also be connected to public networks, eg. B. connected to the Internet.
  • Modern field devices often have a standardized fieldbus interface for communication with an open fieldbus system and / or a proprietary interface for manufacturer-specific communication with a service / operating unit.
  • the service / operating units are portable minicomputers (laptops, palms, etc.), as commonly known in the consumer electronics (office and home computer) field.
  • Some field devices have special features that can be used by a specific order and activation ex factory.
  • a simpler possibility is that the field device manufacturer provides the user with an enabling code that allows the use of special functions on a particular field device type.
  • unlock code can be easily passed and used in other field devices.
  • the serial numbers of the relevant field devices are processed in the generation of safer activation codes. This is done e.g. via an EXCR link, where the serial number and a corresponding activation option, both of which must be in binary form, are linked accordingly.
  • the activation option will be recovered from the activation code in the field device. This is again done via an EXCR link.
  • Such symmetrical methods entail some principal disadvantages. They can be decrypted relatively easily and thus give untrustworthy users the opportunity to generate unlock codes for other field devices in an unauthorized manner.
  • the object of the invention is to provide a simple method for unlocking
  • the essential idea of the invention is to use an asymmetric encryption method for unlock codes.
  • the activation code is generated by the manufacturer with a private key.
  • the decryption of the activation code takes place in the field device with a public key.
  • Fig. 1 network of automation technology with several
  • FIG. 2 is a block diagram of a field device
  • Fig. 3 Diagram for the generation and use of a release code
  • a network of automation technology is shown in more detail.
  • a data bus Dl several computer units (workstations, workstations) WSL, WS2, connected. These computer units serve as higher-level units (control system or control unit), among other things for process visualization, process monitoring and for engineering as well as for operating and monitoring field devices.
  • the data bus Dl operates z. Eg according to the Profibus DP standard or according to the HSE (High Speed Ethernet) standard of the Foundation Fieldbus.
  • a gateway G1 which is also referred to as a linking device, field controller or also as a segment coupler, the data bus D1 is connected to a fieldbus segment SM1.
  • the field bus segment SMl consists of several field devices Fl, F2, F3, F4, which are connected to each other via a field bus FB.
  • the field devices F1, F2, F3, F4 may be sensors or actuators.
  • the field bus FB operates according to one of the known communication standards e.g. Profibus, Foundation Fieldbus or HART.
  • FIG. 2 is a block diagram of a field device according to the invention z. B. Fl shown in more detail.
  • a processor unit CPU is connected for measurement processing via an analog-to-digital converter A / D and an amplifier V with a sensor MA, which detects a process variable (eg pressure, flow or level).
  • the processor unit CPU is connected to a plurality of storage units.
  • a RAM memory serves as a temporary working memory, a nonvolatile EPROM memory or FLASH memory as memory for the control program to be executed in the processor unit CPU and an EEPROM memory as memory for calibration and start parameter values in particular for the setup program of the processor unit CPU.
  • the control program defines the application-related functionality of the field device (measured value calculation, envelope evaluation, linearization of the measured values, diagnostic tasks)
  • the processor unit CPU is connected to a display operation unit A / B (e.g., 3-5-button LC display).
  • a display operation unit A / B e.g., 3-5-button LC display.
  • the processor unit CPU For communication with the fieldbus segment SMl the processor unit CPU is connected via a communication controller COM with a fieldbus interface FBS.
  • a supply unit NT supplies the necessary energy for the individual electronic components of the field device F1. The supply lines to the individual components are not shown for clarity.
  • the power supply of the field device Fl does not take place via the fieldbus interface FBS but via a separate voltage connection.
  • a UART interface of the processor unit CPU is with a
  • Service plug connection SE which in conventional field devices serves as a cable connection for a portable computer unit RE, e.g. Laptop serves, connected.
  • This interface on the field device is often referred to as a service interface S.
  • the field device Fl z. B be serviced via the service interface S and configured.
  • Serial number SN (eg FMU90-R22CA263AAla / 84004D010E6) of the relevant field device and an enabling option x (for example 0x00000010) using a private key PrK (private key) of suitable length, e.g. 128 bits an unlock code FSC won.
  • PrK private key
  • the user acquires the corresponding enable code FSC from the field device manufacturer.
  • This activation code FSC is used by the user with the aid of a computer unit RE and a corresponding operating program (operating tool) z.
  • Field device z. B the field device FL transferred.
  • the activation code FSC is decrypted with the aid of a public key PuK stored in the field device F1.
  • decrypted unlock code FSC are now at least two information, a serial number SN 'and an activation option x.
  • the serial number SN 'obtained from the activation code FSC is compared with the serial number SN stored in the field device F1. If both serial numbers SN 'and SN match, then the
  • Activation code FSC is not determined for the relevant field device and the user is not authorized to use the functionality of the field device F1 corresponding to the option x. Instead of the serial number SN, another device-specific information that is stored in the field device, can be used to the unlock code at
  • the unlock option x can also be a combination of different options.
  • the storage of the activation option x in the field device can be in a removable
  • the inventive method is very safe. A recovery of the private key PrK is impossible with a suitable length. Thus, the inventive method
  • test tool TT which makes the field device manufacturer available to users
  • the user can display the appropriate activation option and the matching serial number in plain text on the input of the purchased activation code FSC.
  • the test tool can be z.
  • a Java scripting application running on a
  • PC runs at the user, act.
  • the enable option x in the field device Fl can also be unlocked a corresponding special functionality on a connected to the field device Fl operating tool.
  • the public key PuK and the method used can be made known without hesitation. Outrageous users can not gain the private key PrK from this information in order to generate activation codes for other field devices.

Landscapes

  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Automation & Control Theory (AREA)
  • General Engineering & Computer Science (AREA)
  • Manufacturing & Machinery (AREA)
  • Quality & Reliability (AREA)
  • Selective Calling Equipment (AREA)
  • Arrangements For Transmission Of Measured Signals (AREA)
  • Testing And Monitoring For Control Systems (AREA)

Abstract

La présente invention concerne un procédé destiné à déconnecter des fonctionnalités particulières dans des appareils de terrain en technique d'automatisation, selon lequel un code de déconnexion (FSC) crypté avec une clé privée (PrK) et contenant une option de déconnexion (x) et des informations (SN´) spécifiques de l'appareil de terrain, est transmis dans un appareil de terrain. Le décryptage du code de déconnexion (FSC) s'effectue au moyen d'une clé publique (PuK) enregistrée dans l'appareil de terrain. Ensuite, les informations (SN´) spécifiques de l'appareil de terrain contenues dans le code de déconnexion (FSC) sont comparées avec des informations (SN) enregistrées dans l'appareil de terrain. Si ces informations (SN´ et SN) concordent, l'option de déconnexion (x) contenue dans le code de déconnexion (FSC) est déterminée et la fonctionnalité particulière correspondante est déconnectée. Ce procédé permet une déconnexion fiable de fonctionnalités particulières dans des appareils de terrain.
EP07786901A 2006-07-27 2007-06-28 Procédé pour déconnecter des fonctionnalités particulières dans des appareils de terrain en technique d'automatisation Ceased EP2047341A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE102006035526A DE102006035526A1 (de) 2006-07-27 2006-07-27 Verfahren zum Freischalten von Sonderfunktionalitäten bei Feldgeräten der Automatisierungstechnik
PCT/EP2007/056510 WO2008012164A1 (fr) 2006-07-27 2007-06-28 Procédé pour déconnecter des fonctionnalités particulières dans des appareils de terrain en technique d'automatisation

Publications (1)

Publication Number Publication Date
EP2047341A1 true EP2047341A1 (fr) 2009-04-15

Family

ID=38474288

Family Applications (1)

Application Number Title Priority Date Filing Date
EP07786901A Ceased EP2047341A1 (fr) 2006-07-27 2007-06-28 Procédé pour déconnecter des fonctionnalités particulières dans des appareils de terrain en technique d'automatisation

Country Status (4)

Country Link
US (1) US20100153736A1 (fr)
EP (1) EP2047341A1 (fr)
DE (1) DE102006035526A1 (fr)
WO (1) WO2008012164A1 (fr)

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102008045315A1 (de) * 2008-09-02 2010-03-04 Endress + Hauser Conducta Gesellschaft für Mess- und Regeltechnik mbH + Co. KG Lizenzvergabevorrichtung und Verfahren für eine automatisierte Vergabe von Nutzungslizenzen an Sensoren
DE102008053765A1 (de) * 2008-10-21 2010-04-22 Khs Ag Verfahren zum Kontrollieren einer Anlage
DE102014105076A1 (de) * 2014-04-09 2015-10-15 Krohne Messtechnik Gmbh Verfahren zum gesicherten Zugriff auf ein Feldgerät
US9923715B2 (en) 2015-06-09 2018-03-20 Intel Corporation System, apparatus and method for group key distribution for a network
DE102016106638B4 (de) * 2016-04-11 2020-09-24 Balluff Gmbh Verfahren zum Freischalten einer Funktion einer Mess- und/oder Stellvorrichtung sowie entsprechend ausgebildete Mess- und/oder Stellvorrichtung
DE102016110723A1 (de) * 2016-06-10 2017-12-14 Endress+Hauser Process Solutions Ag Verfahren zum Verhindern eines unerlaubten Zugriffs auf Softwareanwendungen in Feldgeräten
DE112018005879T5 (de) 2017-11-16 2020-08-20 Intel Corporation Verteilte softwaredefinierte industrielle Systeme
DE102018107645B4 (de) 2018-03-29 2022-10-13 Vega Grieshaber Kg Feldgerät der Prozessautomatisierung mit einer magnetisch betätigbaren Eingabeschnittstelle und Verfahren zum Bedienen eines solchen Feldgeräts
DE102018108309A1 (de) * 2018-04-09 2019-10-10 Wago Verwaltungsgesellschaft Mbh Automatisierungssystem, Reihenklemme für Automatisierungssysteme sowie Verfahren hierzu
EP3644142A1 (fr) * 2018-10-23 2020-04-29 Siemens Aktiengesellschaft Fonctionnement contraint d'un dispositif de terrain
DE102019125417A1 (de) * 2019-09-20 2021-03-25 Endress+Hauser Process Solutions Ag Verfahren zur Validierung oder Verifikation eines Feldgeräts
DE102019007447A1 (de) * 2019-10-25 2021-04-29 Diehl Metering Systems Gmbh Verfahren und System zur Lizenzierung und Schlüsselübergabe für Sensoren und Empfänger

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102004049771A1 (de) * 2004-10-12 2006-04-13 Endress + Hauser Flowtec Ag Verfahren zum Betreiben eines modular aufgebauten Feldgerätes der Automatisierungstechnik

Family Cites Families (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6490684B1 (en) * 1998-03-31 2002-12-03 Acuson Corporation Ultrasound method and system for enabling an ultrasound device feature
US20020152393A1 (en) * 2001-01-09 2002-10-17 Johannes Thoma Secure extensible computing environment
DE10124800A1 (de) * 2001-05-21 2002-12-12 Siemens Ag Prozessautomatisierungssystem und Prozessgerät für ein Prozessautomatisierungssystem
US20070234052A1 (en) * 2002-06-25 2007-10-04 Campisi Steven E Electromechanical lock system
DE10260884A1 (de) * 2002-12-23 2004-07-29 Grundig Aktiengesellschaft Gerät der Unterhaltungselektronik und Verfahren für den Betrieb des Geräts der Unterhaltungselektronik
JP2004206435A (ja) * 2002-12-25 2004-07-22 Victor Co Of Japan Ltd ライセンス管理方法、およびライセンス管理システム
DE10314721A1 (de) * 2003-03-31 2004-11-11 Endress + Hauser Gmbh + Co. Kg Verfahren zur sicheren Datenübertragung über einen Feldbus
US20050049976A1 (en) * 2003-08-26 2005-03-03 Yang Harold (Haoran) Remotely licensing configurable network diagnostic modules
US6990434B2 (en) * 2003-10-28 2006-01-24 General Electric Company System and method for coordinated remote activation of multiple software-based options
EP1550931A1 (fr) * 2003-12-31 2005-07-06 Neopost S.A. Déblocage d'une fonctionnalité verrouillée d'un appareil commandé par ordinateur
DE102004036362A1 (de) * 2004-07-22 2006-02-16 Siemens Ag Elektrisches Feldgerät und Verfahren zur Datenübertragung zwischen dem Feldgerät und einem externen passiven Datenspeichermodul
US7849329B2 (en) * 2004-09-01 2010-12-07 Microsoft Corporation Licensing the use of a particular feature of software
US20060064349A1 (en) * 2004-09-22 2006-03-23 Microsoft Corporation System and method for rewarding a seller of a computing device

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102004049771A1 (de) * 2004-10-12 2006-04-13 Endress + Hauser Flowtec Ag Verfahren zum Betreiben eines modular aufgebauten Feldgerätes der Automatisierungstechnik

Also Published As

Publication number Publication date
WO2008012164A1 (fr) 2008-01-31
US20100153736A1 (en) 2010-06-17
DE102006035526A1 (de) 2008-01-31

Similar Documents

Publication Publication Date Title
WO2008012164A1 (fr) Procédé pour déconnecter des fonctionnalités particulières dans des appareils de terrain en technique d'automatisation
EP1872180B1 (fr) Procede de commande securisee d'un appareil de terrain de la technique d'automatisation
EP1812832B1 (fr) Unité radio pour des dispositifs de terrain utilisés en automatisme
EP1946191A1 (fr) Procédé d'utilisation d'un appareil de terrain de la technique d'automatisation aux fonctionnalités spéciales
WO2005114342A2 (fr) Dispositif de champ variable pour technique d'automatisation
EP1662346B1 (fr) Procédé de paramétrisation sécurisée d'un dispositif de terrain de la technique d'automatisation
WO2006053875A1 (fr) Procede pour mettre en marche un appareil de terrain issu de la technique d'automatisation des processus
WO2009047193A1 (fr) Procédé de commande d'appareils de terrain utilisés dans l'automatisation des processus au moyen d'un programme de commande indépendant des appareils
EP1800193B1 (fr) Procede d'exploitation d'un appareil de champ, de structure modulaire, relevant de la technique de l'automatisation
DE102007054925B4 (de) Verfahren zur Überwachung eines Netzwerkes der Prozessautomatisierungstechnik
DE102016107045B4 (de) Verfahren und System zum sicheren Konfigurieren eines Feldgeräts der Prozessautomatisierung
WO2007077080A1 (fr) Controle d'acces pour appareil de terrain en technique d'automatisation des processus
WO2007077083A1 (fr) Procede pour proteger des appareils de terrain dans le cadre de la technique d'automatisation de processus
WO2008135577A2 (fr) Procédé de transmission de données à un appareil de champ de technologie d'automatisation, en particulier, de technologie d'automatisation des procédés
DE102007035159A1 (de) Verfahren zum Parametrieren von mehreren Feldgeräten der Automatisierungstechnik
EP2095193B1 (fr) Procédé d'utilisation d'un appareil de terrain fonctionnant selon le modèle de bloc pour un système d'automatisation réparti
WO2005066729A1 (fr) Procede de cryptage de donnees dans un reseau utilise dans la technique d'automatisation de processus
WO2023156142A1 (fr) Procédé de vérification de l'authenticité d'un micrologiciel d'un appareil de terrain en technique d'automatisation
EP1569056A2 (fr) Procédé de fonctionnement d'un dispositif de terrain dans la technique d'automatisation
DE102006062475A1 (de) Verfahren zum Betreiben eines Feldgerätes der Automatisierungstechnik mittels eines mehrere formartierte Variablen aufweisenden Anwendungsprogramms

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20090127

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LI LT LU LV MC MT NL PL PT RO SE SI SK TR

AX Request for extension of the european patent

Extension state: AL BA HR MK RS

17Q First examination report despatched

Effective date: 20090507

DAX Request for extension of the european patent (deleted)
REG Reference to a national code

Ref country code: DE

Ref legal event code: R003

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION HAS BEEN REFUSED

18R Application refused

Effective date: 20151209