EP3656084A1 - Blockchain-based real-time control network, real-time control system and real-time control method - Google Patents

Blockchain-based real-time control network, real-time control system and real-time control method

Info

Publication number
EP3656084A1
EP3656084A1 EP17788324.6A EP17788324A EP3656084A1 EP 3656084 A1 EP3656084 A1 EP 3656084A1 EP 17788324 A EP17788324 A EP 17788324A EP 3656084 A1 EP3656084 A1 EP 3656084A1
Authority
EP
European Patent Office
Prior art keywords
real
blockchain
nodes
time control
distributed
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP17788324.6A
Other languages
German (de)
French (fr)
Inventor
Ivan Vladimirovich KOLCHIN
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Siemens AG
Original Assignee
Siemens AG
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Siemens AG filed Critical Siemens AG
Publication of EP3656084A1 publication Critical patent/EP3656084A1/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3239Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Definitions

  • the present invention relates to a real-time control network, a real-time control system and a method for controlling one or more controlled devices in real time.
  • the field of the present invention is automation control systems.
  • a low- level control task is conventionally performed by a programmable logic controller (PLC)
  • a high-level control task may be performed by a central control unit (CCU)
  • CCU central control unit
  • Examples for existing central control units are the central control unit (CCU) in SIBAS 32, the Sibas PN Control System (SP CS) in SIBAS PN and Simatic S7 in SIMATIC, commercially available from Siemens AG, Kunststoff, Germany.
  • the central control unit is often required to operate within a real-time frame or constraint of one second or less. In order to improve the reliability and availability of the central control unit, two or more redundant central control units may be provided.
  • a real-time control network for controlling one or more controlled devices in real time com- prises a plurality of nodes, the plurality of nodes being interconnected and configured to: host a blockchain, wherein the blockchain is a distributed consensus-based database configured to store a plurality of transactions; and act as a distributed virtual machine configured to execute a distributed control application for controlling the one or more controlled devices in real time, the distributed control application be- ing stored in one or more contract transactions of the plurality of transactions .
  • the one or more controlled devices are controlled by a distributed control application.
  • the distributed control application may comprise a computational load configured to perform calculations for controlling the controlled devices.
  • the distributed control application is stored in one or more contract transactions in the blockchain.
  • a contract transaction may be a transaction that comprises code, such as a smart contract.
  • the distributed control application may comprise one or more smart contracts stored in the blockchain, each smart contract constituting a portion of the distributed control application.
  • the distributed control application is executed by a distrib- uted virtual machine.
  • the distributed virtual machine may be based on the blockchain and be configured by the nodes that host the blockchain. More specifically, each node may be configured to be able to participate in executing the distributed control application stored in the blockchain.
  • a blockchain is a private Ethereum blockchain
  • one example for a distributed virtual machine is an Ethereum Virtual Machine of the private Ethereum blockchain.
  • the real-time control network may preferably be highly redundant. Even if some of the nodes or interconnections fail temporarily or permanently, e.g. due to outage, a dedicated at- tack, or a distributed denial of service attack, the real-time control network as a whole may continue to operate. For this reason, the real-time control network may advantageously achieve a high level of reliability.
  • the real-time control network may advantageously achieve a high level of security.
  • the blockchain may allow any of the plurality of nodes to access and verify all transactions stored in the blockchain.
  • the execution of a smart contract stored in a contract transaction may be triggered by and/or result in the adding of a transaction to the blockchain.
  • any execution of a smart contract, and therefore any execution of any portion of the distributed control application may leave an immutable trace in the blockchain. Therefore, the real-time control network may advantageously achieve a high level of transparency, which may facilitate debugging or post-incident analysis and increase trust in the real-time control network.
  • the real-time control network may have the benefit of high crypto immunity.
  • any result of such an execution may only be added to the blockchain based on consensus between the nodes.
  • faulty execution results which may be due to memory corruption, random software bugs, an influence of radioactive particles, malicious manipulations or the like on one of the nodes, do not reach consensus between the plurality of nodes and are rejected, i.e. are not added to the block- chain.
  • the distributed virtual machine of the realtime control network may advantageously offer reliable and fault- tolerant execution of the distributed control application.
  • a "controlled device”, as used herein, may refer to any device, system or network that may be subjected to automated control .
  • Controlling in real time may refer to the real-time control network being configured to complete a control cycle within a predetermined real-time frame.
  • the control cycle may comprise acquiring an input value from one of the controlled devices, calculating a command value based on the input value, and providing the command value as an output value to one or more of the controlled devices, wherein at least the step of calculating the command value may be executed by the distributed control application.
  • a “node”, as used herein, may refer to any unit that is configured to participate in the hosting of the blockchain and the distributed virtual machine. A node may be embodied in software and/or hardware.
  • a node may be implemented using, for example, a control unit such as a programma- ble logic controller (PLC) , an embedded device, a personal computer device, a server computer device, or an application specific integrated circuit device.
  • PLC programma- ble logic controller
  • Each respective unit or device may implement one or more of the nodes .
  • the plurality of nodes may be interconnected using any type of wired or wireless physical connection, such as, for example, Ethernet, Fieldbus, EtherCAT, Wi-Fi, Bluetooth, a cellular data link, or a virtual connection, such as a virtual connection between a plurality of virtual machines.
  • the plurality of nodes may be interconnected in any topology, such as a star topology, a line topology, a mesh topology or a random topology, wherein the mesh topology is preferred.
  • the plurality of nodes may be configured to communicate in a peer-to-peer manner, wherein each node is aware of how to reach at least one further node, but may not be aware of how to reach all of the plurality of nodes, and where individual nodes can freely join or leave the real-time control network without significantly affecting its overall functionality.
  • a "transaction”, as used herein, may refer to a sequence of data stored in the blockchaxn.
  • the data comprised by a transaction may, for example, be a message, code such as a smart contract, a cryptocurrency transaction or protocol data.
  • the blockchaxn may implement a state machine, and the transaction may be data that describes a state transition of the state machine.
  • the blockchaxn may be distributed over the plurality of nodes .
  • the plurality of nodes may host the blockchain by each of the plurality of nodes storing, in a storage comprised by or accessible to each of the nodes, a partial or full copy of the blockchaxn.
  • the blockchain may store the plurality of transactions as a chain of blocks, and each block of the chain of blocks may comprise one or more of the transactions, a hash value of the transactions comprised by the block and a reference value referring back to a previous block of the chain of blocks, thereby forming the chain of blocks.
  • the reference value referring back to the previous block of the chain of blocks may be, for example, a hash value of the entxre data comprised by the previous block of the blockchain.
  • the hash value of the transactions comprised by the block may be a hash value or root of a Merkle tree or a Patricia tree or a tree of hash values of each transaction comprised by the block.
  • the hash value of the transactions comprised by the block may be a hash value of a list of the hash values of each transaction of the block, or a hash value of a concatenation of each transaction of the block.
  • each hash value may be a value calculated by ap- plying a hash function to a sequence of data.
  • the hash function may be selected such that it is computationally easy to calculate the hash value for a given sequence of data, but it is computationally difficult to calculate a sequence of data for a given hash value.
  • the hash function may be selected from one of the following: SHA-1, SHA-2, SHA-3, SHA256, SHA256d, Keccak, Keccak-256.
  • the blockchain may be a chain of blocks that are cryptographically linked by a sequence of hash values. This may have the benefit of making it difficult to alter or fal- sify the transactions stored in the blockchain.
  • the blockchain is a consensus-based database.
  • a candidate block may be added as a block of the blockchain only on the condition that a consensus to add the candidate block to the blockchain is reached between the nodes hosting the block- chain, wherein the consensus may be reached according to a predetermined consensus protocol .
  • the plurality of nodes may be configured to exchange one or more candidate transactions to be added to the blockchain among each other in a peer-to-peer manner.
  • the can- didate transactions may be passed on from node to node until they ultimately disseminate over the entire real-time control network.
  • At least some of the plurality of nodes may be mining nodes.
  • Each mining node may be configured to collect the one or more candidate transactions that are being passed from node to node and to form a candidate block from the one or more candidate transactions and a proof (to be described later) .
  • the candidate block comprising the candidate transactions and the proof may be passed from the mining node to further nodes until it disseminates over the entire real-time control network.
  • Each of the nodes may be configured to verify the candidate block according to the requirements of the consensus pro- tocol and only add the candidate block to their respective local copy of the blockchain, if all requirements imposed by the consensus protocol are fulfilled.
  • the consensus protocol may require the candidate block to include a proof of an amount of computing resource allocated, used or spent by the mining node when forming the candidate block.
  • Computing resources may be, for example, computing power, storage space, cryptocurrency amounts or similar.
  • the proof may be a proof-of-work, which may be an arbitrary nonce value comprised by the candidate block and se- lected such that the hash value of the candidate block is smaller than a predetermined threshold. It will be appreciated that due to the nature of the hash function, it is computationally difficult and will require computing resources such as processing power and time to select such a nonce value.
  • the level of difficulty may be determined by the predetermined threshold.
  • the proof may be a proof-of-stake, proof-of- burn, proof-of-activity or proof-of-raffle .
  • the consensus protocol configured in this way may have the benefit that an intruder using a malicious node can only add a malicious new transaction into the blockchain and/or manipulate an existing transaction stored by the blockchain, by allocating, using or spending a similar or higher amount of computing resources as the combined computing resources of all legitimate nodes participating in reaching the consensus.
  • the consensus protocol may thus be regarded as the source of trust in the transactions stored by the distributed database consti- tuted by the blockchain in spite of the absence of trust in at least some of the nodes .
  • the blockchain may advantageously still be able to serve as a trusted database.
  • a node may further be required to provide a cryptographic proof of authorization using, for example, a private key, before being allowed to communicate with other nodes in the real-time control network.
  • the consensus protocol may further require each transaction comprised by a candidate block to be a valid transaction. For example, if a transaction involves execution of a smart con- tract, the consensus protocol may require that each node executes the smart contract with an identical result. If no consensus is reached due to faulty execution on one of the nodes, the corresponding transaction may be discarded. In this way, the real-time control network may advantageously ensure fault- tolerant execution of the distributed control application.
  • a block time of the blockchain is adapted to be lesser than or equal to a predetermined realtime frame.
  • the block time may be an average or guaranteed period of time required by the plurality of nodes in order to reach the consensus to add a candidate transaction to the blockchain as a transaction of the plurality of transactions stored in the blockchain.
  • the block time may include the time required for a candidate transaction to disseminate over the real-time con- trol network, the time required by a mining node to create a proof, and the time required for a candidate block comprising the candidate transaction to disseminate over the real-time control network.
  • the block time may be adapted, for example, by adjusting a complexity requirement, i.e. the level of difficulty, for a proof-of-work required by the consensus proto- col of the blockchain, and/or by adjusting the computing power of the plurality of nodes.
  • the block time is adapted to be lesser than or equal to a predetermined real-time frame
  • smart contracts stored in the blockchain and executable by the blockchain based distributed virtual machine may be used to program a distributed control application with real-time capability.
  • a distributed control application with real-time capability may profit from the benefits of being executed by the blockchain-based virtual machine, such as reliability, security and transparency.
  • the predetermined real-time frame is one second or less.
  • the predetermined real-time frame may be 100 milliseconds or less.
  • the plurality of nodes are interconnected such that each of the plurality of nodes is connected to more than two of the plurality of nodes.
  • At least one node of the plurality of nodes comprises an interface adapted to be connected to a controlled device of the one or more controlled devices .
  • the interface may be embodied in software or hardware or a combination thereof.
  • the interface may comprise a device port, such as a serial port or a field bus port, and a corresponding driver software, and may be adapted to enable communication between the node and the control device.
  • an instruction set of the distributed virtual machine comprises an input instruction for reading data only from the blockchain and an output instruction for writing data only to the blockchain.
  • An "instruction set” may refer to a complete set of a plurality of instructions in a high-level or scripting programming language, which are usable by a programmer to write a smart contract, and/or to a complete set of a plurality of bytecode primitives that can be interpreted by the distributed virtual machine and may therefore be comprised by a smart contract stored in the blockchain.
  • the distributed control application may perform control of the controlled device only by indirect communication, i.e. by reading data, such as input values, from a transaction of the plurality of transactions stored in the blockchain, or writing data, such as output values, to a transaction of the plurality of transactions stored in the blockchain.
  • a portion of an interface such as a device driver being executed on a node to which the controlled device is connected, may perform communication with the controlled device based on the data written to the blockchain by the distributed control applica- tion, and may write data to the blockchain to be read by the distributed control application.
  • a runtime environment provided by the distributed virtual machine may be completely isolated. This may mean that the only target for any type of input or output operation performed by a smart contract stored in the blockchain may be the blockchain (a transaction stored in the blockchain) itself. This may achieve the benefit of any communication of the distributed control application, such as input values and output values, being transparently stored in the blockchain for later review or debugging. Also, in this way, by channelling any communication with the distributed control application through the blockchain, possibilities of attack are advantageously minimized, and any attack that takes place can be identified and analysed at any later point in time by referring to the transactions stored in the blockchain.
  • an instruction set of the distributed virtual machine comprises an instruction reading an input value from the controlled device and/or writing an output value to the controlled device.
  • the distributed virtual machine may take care of routing the input values and output values to and/or from the proper node that is connected to the controlled device in response to the instruction for reading an input value and/or the instruction for writing an output value being issued by the distributed control application.
  • the distributed control application executed by the distributed virtual machine may advantageously use the instruction to directly communicate with, and control, the controlled device, and may read measured values from the controlled device as input values and/or output command values to the controlled device as output values. This may achieve the benefit that less data overhead is stored in the blockchain, and the distributed control application may be executed with higher performance .
  • the distributed virtual machine is configured to execute a first portion of the distributed control application stored in a first contract transaction of the one or more contract transactions in response to a message transaction being added to the plurality of transactions stored in the blockchain.
  • the first portion of the distributed control application may be a first smart contract stored in the blockchain.
  • the dis- tributed control application may comprise one or more first smart contracts.
  • Each first smart contract may be associated with a unique address indicative of the smart contract.
  • the message transaction may be a transaction that comprises the address of the first smart contract as a message destination address.
  • the message transaction may further comprise an input value or parameter to be supplied to the smart contract for further computation. It is noted that "adding a message transaction to the blockchain" may also be referred to as "sending a message” herein below.
  • the consensus protocol of the blockchain may be configured such that a smart contract is executed if a message transaction comprising an address associated with a smart contract as a destination address is to be added to the blockchain, or, in simpler words, if a message is sent to a smart contract.
  • the message may be manually sent by an operator, or it may be sent automatically, for example by a device driver code running on a node that is connected to at least one of the controlled devices, and may include a measured value measured with the controlled device as an input value for the smart contract.
  • the message may also be sent by another smart contract that is being executed by the distributed virtual machine.
  • the first smart contract may be executed when a candidate block comprising the message transaction is verified for compliance with the consensus protocol. Due to a peer-to-peer nature of the blockchain described hereinabove, it may be difficult to predict which of the plurality of nodes will actually execute the smart contract. Any one or more of the plurality nodes may be used to execute the smart contract.
  • the distributed virtual machine is therefore highly resilient to attack, outage and failures and provides a high level of security.
  • the distributed virtual machine is configured to execute a second portion of the distributed control application stored in a second contract transaction of the one or more contract transactions in cyclic intervals .
  • the second portion of the distributed control application may be a second smart contract stored in the blockchain.
  • the distributed control application may comprise one or more second smart contracts.
  • the real-time control network enables the distributed control application to execute certain control operations repetitively without requiring and external trigger such as the sending of a message.
  • the distributed control ap- plication is configured to store logging data by creating a log transaction and adding the log transaction to the plurality of transactions stored in the blockchain.
  • the logging data may comprise data about the operation of the one or more controlled devices, such as time data, event data, error data, measured values received from or command values provided to the controlled devices, in human or machine readable form.
  • the logging data can be made available to an operator in a transparent way, and further, the logging data can be protected against tampering, since it may be prohibitively difficult for an intruder to introduce forged logging data into the block- chain so as to conceal an intrusion.
  • Any embodiment of the first aspect may be combined with any embodiment of the first aspect to obtain another embodiment of the first aspect.
  • a real-time control system comprises one or more controlled devices and a real-time control network according to the first aspect or an embodiment of the first aspect.
  • each of the one or more controlled devices is connected to at least one of the plurality of nodes.
  • At least one of the one or more controlled devices is connected to more than two of the plurality of nodes.
  • the one or more controlled devices comprise at least one sensor and/or at least one actuator. Any embodiment of the second aspect may be combined with any embodiment of the second aspect to obtain another embodiment of the second aspect.
  • a method for controlling one or more controlled devices in real-time comprises: providing a plurality of nodes, the plurality of nodes being interconnected and configured to host a blockchain, wherein the block- chain is a distributed consensus-based database configured to store a plurality of transactions, and to act as a distributed virtual machine; storing a distributed control application for controlling the one or more controlled devices in real time in one or more contract transaction of the plurality of transactions, and executing the distributed control application on the distributed virtual machine.
  • the step of storing the distributed control application in the one or more contract transactions may comprise adding the one or more contract transaction to the blockchain. This may also be referred to as "sending a contract creation transaction".
  • the invention relates to a computer program product comprising a program code for executing the above-described method for controlling one or more con- trolled devices in real-time when run on at least one computer .
  • a computer program product such as a computer program means, may be embodied as a memory card, USB stick, CD-ROM, DVD or as a file which may be downloaded from a server in a network.
  • a file may be provided by transferring the file comprising the computer program product from a wireless communication network.
  • Fig. 1 shows a real-time control network and a real-time control system according to a first embodiment.
  • Fig. 2 shows a real-time control network according to a second embodiment .
  • Fig. 3 shows steps of a real-time control method.
  • Fig. 4 shows portions of a real-time control system according to a third embodiment .
  • like reference numerals designate like or functionally equivalent elements, unless otherwise indicated.
  • Fig. 1 shows a real-time control network 1 according to a first embodiment of the invention.
  • the real-time control network 1 is formed by four nodes 11-14.
  • the nodes 11-14 are able to communicate with each other by being interconnected by multiple connection lines, which may represent Ethernet connections or the like. It is noted that in Fig. 1, each node 11-14 is connected to each other node 11- 14. In particular, each node 11-14 is connected to more than two of the nodes 11-14. However, there is no restriction to this configuration.
  • the nodes 11-14 may be configured to communicate in a peer-to-peer manner, and the number of interconnections of each of the nodes 11-14 may also be less than the number of other nodes 11-14 and may be one, two, three or any other number, as long as a communication path may be traced directly or indirectly, i.e.
  • nodes 11-14 via one or more hops or other nodes 11-14, from each of the nodes 11-14 to each other of the nodes 11-14. It is noted that there is no particular requirement as to the spatial arrangement of the nodes 11-14 of the real-time network.
  • the nodes 11-14 may be located in proximity to each other, such as within a piece of equipment like a train en- gine .
  • the nodes 11-14 may also be located remote to each other and may even be distributed worldwide. In other words, the nodes 11-14 may constitute a cloud, which is schematically visualized as a cloud in Fig. 1.
  • Each node 11-14 comprises a CPU, memory and storage (not shown) and executes a blockchain node software.
  • the blockchain node software configures the nodes 11-14 to host a blockchain 3 and act as a distributed virtual machine, as described herein below.
  • the blockchain 3 hosted by the nodes 11-14, which execute the blockchain node software, is schematically visualized in Fig. 1 as a chain of blocks 31, 32, wherein each block 31, 32 comprises two transactions 41, 42 and 43, 44, respectively. There is no particular limitation to the number of transactions 41- 44 in each block 31, 32, or to the number of blocks 31, 32 in the blockchain 3.
  • Each transaction 41-44 is, in its broadest sense, a sequence of data stored in the blockchain 3.
  • the blockchain 3 hosted by the hosts 11-14 may be described as a state machine.
  • a state of the state machine may be the state of a plurality of ac- counts, wherein each account may comprise a cryptocurrency balance, a smart contract code and/or other types of data.
  • Each account may be identified by a unique number, the unique number being an address of the account.
  • a state transition of the state machine happens whenever a block 31; 32 is added to the blockchain and is defined by the transactions 41, 42; 43,
  • transac- tion 41-44 comprised by the added block 31; 32. Therefore, a transac- tion 41-44 may also be described as defining a change of the state of the state machine.
  • the present or any past state of the state machine may thus be evaluated at any point in time by starting out at a predefined initial state of the state machine and then iterating through all blocks 31, 32 in their order of occurrence in the block- chain 3, and for each block 31, 32, evaluating the transactions 41, 42; 43, 44 comprised by the respective block 31, 32, in the order of their occurrence in the block.
  • any change of state of the state machine that has ever happened may be recorded in the blockchain 3 and may therefore be transparent to a user wishing to inspect the blockchain.
  • the blockchain 3 in Fig. 1 visualizes the consensus version of the blockchain 3 that is established by the nodes 11-14 according to the consensus protocol of the blockchain 3.
  • a local copy of this consensus version of the blockchain 3 may be stored in the storage of at least some of the nodes 11-14.
  • the consensus protocol of the blockchain 3 is based on peer-to-peer communication and may employ a proof -of- work or proof-of-stake method to ensure that a correct consensus on the contents of the blockchain 3 is reached by the nodes 11-14.
  • the number of participating nodes 11-14 is preferably selected to be significantly greater than four.
  • Each block 31, 32 of the blockchain 3 is secured using a cryp- tographic hash value of the transactions 41-44 comprised thereby, such as a Patricia tree root value (not shown) , and is further linked to its preceding block 31, 32 of the blockchain 3 using a cryptographic hash value (not shown) of the preceding block 31, 32.
  • a cryp- tographic hash value of the transactions 41-44 comprised thereby such as a Patricia tree root value (not shown)
  • a cryptographic hash value not shown
  • an intruder In order to successfully alter the contents of a transaction 41-44 stored in the blockchain 3, an intruder would also have to alter all the cryptographic hash values stored in the blockchain 3 after the transaction that the intruder wishes to alter. Furthermore, the intruder would have to modify the local copies of the blockchain 3 that are stored on each of the nodes 11-14. In other words, due to the plurality of nodes 11- 14 hosting the blockchain, there is advantageously no single point of attack. Thereby, the real-time control network 1 may advantageously be less susceptible to DDOS attacks.
  • An intruder could also engage in fraudulent mining activity, trying to create an alternative blockchain and make the nodes 11-14 of the real-time control network 1 reach the consensus that the alternative blockchain is the consensus version of the blockchain 3.
  • the blockchain 3 therefore pro- vides a highly reliable and secure transactional ledger for storing the transactions 41-44 therein.
  • the transactions 41 and 42 represent contract transactions 41, 42.
  • Each contract transaction 41, 42 comprises code - a so-called smart contract - which is code that may be referenced or called during a state transition of the state machine so as to perform calculations for defining the state transition.
  • An example of a smart contract may be code to transfer cryptocurrency from one account to another account if a certain condition is met.
  • the nodes 11-14 that are hosting the blockchain 3 are configured to act as a distributed virtual machine which is configured to execute code stored in the contract transactions 41, 42 of the blockchain 3.
  • the smart contracts comprised thereby are trans- parent and secured against fraudulent manipulations, as described above .
  • a smart contract stored in one of the contract transactions 41, 42 is not associated with any particular of the nodes 11-14.
  • the consensus protocol of the blockchain 3 has the effect that one or more nodes that will eventually execute a smart contract during a state transition of the state machine are selected in a probabilistic manner among the nodes 11-14 that are connected to the real-time control network 1. In other words, the functionality and reliability of the dis- tributed virtual machine is maintained even if some of the nodes 11-14 or some of the interconnections between certain of the nodes 11-14 fail. Also, additional nodes may be added to the real-time control network 1 without having to modify the code stored in the contract transactions 41, 42.
  • the distrib- uted virtual machine that is implemented based on the block- chain 3 hosted by the nodes 11-14 of the real-time control network 1 is therefore highly scalable and resilient to failure and attack.
  • the blockchain 3 constitutes a trustworthy execu- tion environment for smart contracts that can beneficially ensure a high level of reliability, resiliency, redundancy, security, scalability and transparency.
  • the real-time control network 1 of Fig. 1 is connected with two controlled devices 21, 22.
  • the controlled device 21 may be a sensor, and the controlled device 22 may be an actuator.
  • the controlled devices 21, 22 may comprise any device, system or even another network that is to be subjected to real-time control by the real-time control network 1.
  • the controlled devices 21, 22 may comprise any entity that may provide an input value to the real-time control network 1 and/or accept an output value or command value from the real-time control network 1. Therefore, the real-time control network 1 can be used for real-time control at various levels, such as high-level control or low-level control.
  • a combination of the real-time network 1 and the controlled devices 21, 22 constitutes a real-time control system 100.
  • a distributed control application is stored as multiple smart contracts in the contract transactions 41, 42.
  • the distributed control application comprises code that is configured to calculate an output or command value to be provided by the real-time control network 1 to the controlled device 22 based on an input value provided to the real-time control network 1 by the controlled device 21.
  • the controlled devices 21, 22 may be controlled in real-time while benefitting from the above-described advantages of the blockchaxn 3 and the distributed virtual machine.
  • Fig. 2 shows a real-time control network 1 and a real-time control system 200 according to a second embodiment.
  • each node 11-15 comprises a network port 61-65 such as an Ethernet port 61-65.
  • the nodes 11-15 are interconnected by interconnecting the network ports 61-65 us- ing cabling such as Ethernet cables. It will be appreciated that the lines shown in Fig. 2 represent logical connections and do not necessarily reflect the actual cabling. In particular, Ethernet switches and hubs may be used in a suitable manner to interconnect the nodes 11-15 using the network ports 61-65.
  • the node 12 further comprises a device port 52.
  • the device port 52 is connected to the controlled device 21, which may be a sensor.
  • the device port 52 and a device driver software (not shown) constitute an interface between the sensor 21 and the blockchain node software executed by the node 12.
  • the node 13 further comprises a device port 53.
  • the device port 53 is connected to the controlled device 22, which may be an actuator.
  • the device port 53 and a device driver software (not shown) constitute an interface between the actuator 22 and the block- chain node software executed by the node 12.
  • One node 15 of the nodes 11-15 of the real-time network 1 is provided as part of a programming device 7 such as a personal computer or notebook.
  • the notebook 7 may be used to program the real-time control network l, as will be described below.
  • step SI the nodes 11-15 as described hereinabove are provided.
  • multiple machines such as personal computers and PLCs, are provided, are interconnected using Ethernet or other suitable cabling, and a blockchain node software as described hereinabove is installed on each of the machines, thereby forming the nodes 11-15 that are interconnected and configured to host a blockchain 3 and to act as a distributed virtual machine.
  • a distributed control application is stored in the blockchain 3. This will now be described in greater detail.
  • the real-time network 1 may be programmed by creating a plurality of smart contracts.
  • a smart contract may be programmed on the notebook 7 by creating source code using a scripting language or a high-level language, such as C, Javascript, Scrypt, Mutan, LLL, Serpent or Solidity.
  • the source code is then compiled into bytecode that is executable by the distributed virtual machine, by executing a compiler on the notebook 7.
  • the resulting bytecode is stored in a plurality of candidate transactions - so called contract creation transactions - that are digitally signed using a key of the notebook 7 or of a user of the notebook 7.
  • the node 15 of the notebook 7 sends the contract creation transactions to at least one other nodes 11 of the real-time control network 1, and the at least one other node 11 passes the contract creation transactions on to further nodes 12-14 in a peer-to-peer manner, until they disseminate over the real-time control network 1.
  • the contract creation transactions are stored in the blockchain 3 as the contract transactions 41, 42, when a mining node of the nodes 11-15 creates the block 31 and successfully adds the block 31 to the blockchain 3, i.e. when a consensus 1 to add the block 31 to the blockchain 3 is reached by the nodes 11-15. In this way, the distributed control application is stored in the blockchain 3.
  • the instruction set provided by the distrib- uted virtual machine and accessible to a programmer through the high level languages, such as Solidity, is preferably Turing complete.
  • any computational load to be executed by the real-time control network 1 to control the controlled devices 21, 22 may be successfully programmed as a smart contract to be stored in the blockchain 3 and to be executed by the nodes 11-15 acting as the distributed virtual machine.
  • the instruction set of the distributed virtual machine may provide a programmer of the smart con- tracts with functionality to perform mathematical calculations, functionality to exchanges messages via the blockchain 3 and functionality to store data as transactions 41-44 in the blockchain 3.
  • the instruction set of the distributed virtual machine comprises an input instruction for reading data from the blockchain 3 and an output instruction for writing data to the blockchain 3, but does not comprise an instruction for performing any other type of input or output. In particular, it does not comprise an instruction for performing direct input or output with the controlled devices 21, 22. In other words, the instruction set is isolated, i.e., it is restricted to input and output operations only to and from the blockchain 3. Input and output with the controlled devices 21, 22 is performed by the device drivers, which are part of the interfaces of the respective nodes 12, 13 to which the controlled devices 21, 22 are connected.
  • the distributed control application reads input values from the blockchain 3, for example, by receiving a message 43 comprising the input values, and writes output values to the blockchain, for example, by sending a message 44, or by storing another type of transaction 41-46.
  • the distributed control application reads input values from the blockchain 3, for example, by receiving a message 43 comprising the input values, and writes output values to the blockchain, for example, by sending a message 44, or by storing another type of transaction 41-46.
  • the contract transaction 41 stores a first smart contact comprising bytecode that is configured to calculate a command value for the actuator 22 based on an in- put value from the sensor 21.
  • the contract transaction 42 stores a second smart contract comprising bytecode that is configured to perform cyclic maintenance operations such as writing human-readable log data and/or cyclically operating the actuator 22 irrespective of the input value from the sensor 21.
  • step S3 the distributed control application is executed on the distributed virtual machine.
  • the blockchain-based distributed virtual machine may be described as a state machine. That is, each time a mining node of the nodes 11-15 creates a new block, the state machine undergoes a state transition. As part of each state transaction, one or more smart contracts stored in the contract transactions 41, 42 of the plurality of transactions 41-46 may be executed by the distributed virtual machine. The time between two such state transitions is also referred to as the block time of the blockchain 3.
  • the block time of the blockchain 3 according to the present embodiment is suitably adjusted by adjusting the computing power of the nodes 11-15 and by adjusting the difficulty level that is defined by the predetermined threshold of the proof-of work algorithm. The lower the threshold, the higher the difficulty.
  • the block time is more predictable when more nodes 11-15 are added to the realtime control network 1. If a sufficiently high number of nodes 11-15 is provided, the block time can be said to be guaranteed.
  • the difficulty, computing power and number of nodes 11-15 (not all nodes are shown in Fig. 2) is selected such that a block time of less than one second can be guaranteed with a probability of higher than 99.99 percent.
  • the block time may preferably also be selected to be less than 200 milliseconds with a probability of higher than 99.9999 percent.
  • the exact values chosen will depend on a use case of the real-time network 1.
  • the interface comprised by the device port 51 and the associated device driver, which is executed outside of the distributed virtual machine by the CPU of node 22, reads a measured value from the sensor 21.
  • the reading may happen cyclically, or it may be triggered by the sensor 21.
  • the sen- sor 21 may trigger the reading when a certain threshold is exceeded.
  • the device driver may create a candidate message transaction which comprises a call to the first smart contract stored by the contract transaction 41 and further comprises the measured value read from the sensor 21 as an input value to the first smart contract .
  • the candidate message transaction is added to the blockchain 3 as a message transaction 43.
  • the distributed virtual machine con- stituted by the nodes 11-15 recognizes the call to the first smart contract and executes the bytecode of the first smart contract as part of the state transition. In this way, the distributed virtual machine executes the first portion of the distributed control application stored as the first smart con- tract in the contract transaction 41 in response to the message transaction 43 being added to the blockchain 3.
  • the blockchain node software executed by the nodes 11-15 is configured in a way that does not allow a deterministic prediction of which, or how many, of the nodes Ills will actually execute the bytecode. This may depend e.g.
  • the first smart contract stored in the contract transaction 41 calculates a command value for the actuator 22 based on the input value read from the sensor 21 and provided to the first smart contract via the message transaction 43 that comprises the call to the first smart contract.
  • the first smart contract then creates another candidate message transaction that comprises the calculated output value.
  • the candidate message transaction including the output value may be included, as a message transaction 44, into the same block 32 that comprises the message transaction 43. In this case, the output value is sent as part of the same state transition of the state machine in which the input value is received.
  • the candidate message transaction including the output value may also be become included, as a message transac- tion 45, into another block 33 during the subsequent state transition.
  • the message transaction 44 or the message transaction 45 may be digitally signed using a private key associated with the first smart contract stored in the contract transaction 41. It is noted that each of the message transactions 43-45 is included into the blockchain 3 based on a consensus between the nodes 11-15.
  • the smart contract stored in the contract transaction 41 is executed once by a mining node of the nodes 11-15 when creating a candidate block for the block 32, 33 to be added to the blockchain 3.
  • the smart contract is executed again by other nodes of the nodes 11-15 when verifying the candidate block as part of the consensus protocol prior to adding the candidate block as a block 32, 33 to their respective local copies of the blockchain 3.
  • the real-time network 1 advantageously provides a fault-tolerant execution environment for the distributed control application.
  • the interface of the node 13 comprises the device port 53 and a device driver for the actuator 22.
  • the device driver is executed by the CPU of node 13 outside of the distributed virtual machine.
  • the device driver verifies the digital signature of the message transaction 44 or 45 and, upon successful verification, reads the output value from the message transaction 44 or 45 and transmits the output value as a command value to the ac- tuator 22, thereby causing the actuator 22 to perform a desired control action in real time.
  • the contract transaction 42 contains a second smart contract comprising bytecode that constitutes a second portion of the distributed control application.
  • the second smart contract is executed cyclically by the distributed virtual machine. Cyclic execution of the second smart contract stored in the contract transaction 42 may be hard-coded into the blockchain node software executed by the plurality of nodes 11-15.
  • the second smart contract when executed, may send a message to itself. Thereby, the second smart contract may be triggered once by an operator sending a message to the second smart contract, and after that, the second smart contract may trigger itself to be executed during each subsequent state transition of the blockchain 3.
  • the second smart contract stored in the second contract transaction 42 comprises code that monitors the execution of the first smart contract stored in the first contract transaction 41. That is, the second smart contract, when executed by the distributed virtual machine, refers to the blockchain 3 for message transactions 43, 44, 45 that have been created by the first smart contract stored in the first contract transaction 41 and/or by the device driver of the sensor 21. The second smart contract, when executed, checks the input values and command values stored in the respective message transactions 43, 44, 45. If the second smart contract detects any kind of anomaly, the second smart contract creates a log transaction 46 that comprises human- readable logging data describing the anomaly and adds the log transaction 46 to the blockchain 3.
  • Fig. 4 shows portions of a real-time control system 300 according to a third embodiment. It is noted that elements of the real-time control system 300 according to the third embodiment that are similar to elements of the real-time control system 200 or 100 of the first or second embodiment have been omitted from Fig. 4 to facilitate understanding.
  • the real-time control system 300 comprises the nodes 11-14.
  • Each node 61-64 includes a network port 61-64.
  • the network ports 61-64 according to the third embodiment are interconnected by a wireless communica- tion network.
  • Each node 61-64 further includes a device port 51-54.
  • the interconnected nodes 11-14 constitute a real-time control network according to the third embodiment .
  • the real-time control system 300 according to the third em- bodiment differs from the real-time control system 200 according to the second embodiment in that each controlled device, i.e. the sensor 21, and the actuator 22, is connected to more than two of the nodes 11-14 via the respective device ports 51-54.
  • Fig. 4 shows a preferred variant of the third embodi- ment, in which each controlled device 21, 22 is connected to each of the nodes 11-14.
  • the instruction set of the distributed virtual machine configured by the nodes 11-14 comprises instructions for directly communicating with the controlled devices 21, 22.
  • the instruc- tion set comprises an instruction for reading an input value from the sensor 21 and an instruction for writing an output value as a command value to the actuator 22.
  • the distributed control application executed by the distributed virtual machine which is configured by the nodes 11-14, i.e. the smart contracts constituting the distributed control application, may perform direct input/output operations on the controlled devices 21 to 22 without relying on message transactions 44, 45, 46 and/or device drivers and/or having to wait for a next state transition.
  • the func- tionality that transfers the input and output values between the smart contracts and the controlled devices 21, 22 may embodied by the blockchain node software that is executed by the nodes 11-14. In this way, the performance of the real-time control network and real-time controls system 300 according to the third embodiment may be improved.
  • a suitable control algorithm to be implemented by the distributed control application may be freely selected according to the desired control task that is to be achieved.
  • the real-time control network 1 and the real-time control system 100, 200, 300 may be applied to low-level real-time control tasks such as controlling a valve position based on a measured flow rate, or to high-level real-time control tasks such as controlling the positions of multiple switches and lights in a railway network based on a train schedule and the actual positions of multiple trains in the railway network; or to integrating various control tasks in a train engine, such as traction con- trol, breaking control and central control.
  • the real-time control network 1 may implement a cryptocurrency based on the blockchain 3.
  • the execution order of the smart contracts, which constitute the distributed control application, in the real-time network 1 may be prioritized, or scheduled, based on cryptocurrency amounts spent transferred or by a calling entity, such as a device driver of an interface of one of the nodes 11-15 or another smart contract.
  • a calling entity such as a device driver of an interface of one of the nodes 11-15 or another smart contract.

Abstract

A real-time control network (1) for controlling one or more controlled devices (21, 22) in real time comprises a plurality of nodes (11-15) being interconnected and configured to host a blockchain (3), wherein the blockchain (3) is a distributed consensus-based database configured to store a plurality of transactions (41-46), and to act as a distributed virtual machine configured to execute a distributed control application for controlling the one or more controlled devices (21, 22) in real time, the distributed control application being stored in one or more contract transactions (41, 42) of the plurality of transactions (41-46). Further, a real-time control system (100, 200, 300) and a real-time control method based on the blockchain (3) and the distributed virtual machine are proposed. The real-time control network (1), system (100, 200, 300) and method may achieve high redundancy, fault tolerance, security, crypto immunity and transparency of the real-time control performed on the controlled devices (21, 22).

Description

BLOCKCHAIN-BASED REAL-TIME CONTROL NETWORK, REAL-TIME CONTROL SYSTEM AND REAL-TIME CONTROL METHOD
The present invention relates to a real-time control network, a real-time control system and a method for controlling one or more controlled devices in real time. The field of the present invention is automation control systems.
In the field of train and/or automation control systems, a low- level control task is conventionally performed by a programmable logic controller (PLC) , whereas a high-level control task may be performed by a central control unit (CCU) . Examples for existing central control units are the central control unit (CCU) in SIBAS 32, the Sibas PN Control System (SP CS) in SIBAS PN and Simatic S7 in SIMATIC, commercially available from Siemens AG, Munich, Germany. The central control unit is often required to operate within a real-time frame or constraint of one second or less. In order to improve the reliability and availability of the central control unit, two or more redundant central control units may be provided.
It is an object of the present invention to provide a real- time control network, system and method that are suitable for control at various levels and are improved in terms of reliability, redundancy, security and/or transparency.
According to a first aspect, a real-time control network for controlling one or more controlled devices in real time com- prises a plurality of nodes, the plurality of nodes being interconnected and configured to: host a blockchain, wherein the blockchain is a distributed consensus-based database configured to store a plurality of transactions; and act as a distributed virtual machine configured to execute a distributed control application for controlling the one or more controlled devices in real time, the distributed control application be- ing stored in one or more contract transactions of the plurality of transactions .
In other words, the one or more controlled devices are controlled by a distributed control application. The distributed control application may comprise a computational load configured to perform calculations for controlling the controlled devices. The distributed control application is stored in one or more contract transactions in the blockchain. A contract transaction may be a transaction that comprises code, such as a smart contract. In other words, the distributed control application may comprise one or more smart contracts stored in the blockchain, each smart contract constituting a portion of the distributed control application.
The distributed control application is executed by a distrib- uted virtual machine. The distributed virtual machine may be based on the blockchain and be configured by the nodes that host the blockchain. More specifically, each node may be configured to be able to participate in executing the distributed control application stored in the blockchain. One example for a blockchain is a private Ethereum blockchain, and one example for a distributed virtual machine is an Ethereum Virtual Machine of the private Ethereum blockchain.
By using the blockchain and the distributed virtual machine, which may be based on the blockchain, for executing the dis- tributed control application to control the controlled devices in real time, the following benefits may be achieved:
The real-time control network may preferably be highly redundant. Even if some of the nodes or interconnections fail temporarily or permanently, e.g. due to outage, a dedicated at- tack, or a distributed denial of service attack, the real-time control network as a whole may continue to operate. For this reason, the real-time control network may advantageously achieve a high level of reliability.
Further, by using the blockchain and the associated distributed virtual machine, all communications between the plurality nodes may be cryptographically secured. For this reason, the real-time control network may advantageously achieve a high level of security.
Still further, the blockchain may allow any of the plurality of nodes to access and verify all transactions stored in the blockchain. The execution of a smart contract stored in a contract transaction may be triggered by and/or result in the adding of a transaction to the blockchain. In this way, any execution of a smart contract, and therefore any execution of any portion of the distributed control application, may leave an immutable trace in the blockchain. Therefore, the real-time control network may advantageously achieve a high level of transparency, which may facilitate debugging or post-incident analysis and increase trust in the real-time control network.
Still further, it may be virtually impossible to falsify a transaction stored in a blockchain. Therefore, the real-time control network may have the benefit of high crypto immunity.
Still further, when a smart contract is executed by the distributed virtual machine, any result of such an execution may only be added to the blockchain based on consensus between the nodes. Preferably, faulty execution results, which may be due to memory corruption, random software bugs, an influence of radioactive particles, malicious manipulations or the like on one of the nodes, do not reach consensus between the plurality of nodes and are rejected, i.e. are not added to the block- chain. Thereby, the distributed virtual machine of the realtime control network may advantageously offer reliable and fault- tolerant execution of the distributed control application.
A "controlled device", as used herein, may refer to any device, system or network that may be subjected to automated control .
"Controlling in real time", as used herein, may refer to the real-time control network being configured to complete a control cycle within a predetermined real-time frame. The control cycle may comprise acquiring an input value from one of the controlled devices, calculating a command value based on the input value, and providing the command value as an output value to one or more of the controlled devices, wherein at least the step of calculating the command value may be executed by the distributed control application. A "node", as used herein, may refer to any unit that is configured to participate in the hosting of the blockchain and the distributed virtual machine. A node may be embodied in software and/or hardware. In particular, a node may be implemented using, for example, a control unit such as a programma- ble logic controller (PLC) , an embedded device, a personal computer device, a server computer device, or an application specific integrated circuit device. Each respective unit or device may implement one or more of the nodes .
The plurality of nodes may be interconnected using any type of wired or wireless physical connection, such as, for example, Ethernet, Fieldbus, EtherCAT, Wi-Fi, Bluetooth, a cellular data link, or a virtual connection, such as a virtual connection between a plurality of virtual machines. The plurality of nodes may be interconnected in any topology, such as a star topology, a line topology, a mesh topology or a random topology, wherein the mesh topology is preferred. The plurality of nodes may be configured to communicate in a peer-to-peer manner, wherein each node is aware of how to reach at least one further node, but may not be aware of how to reach all of the plurality of nodes, and where individual nodes can freely join or leave the real-time control network without significantly affecting its overall functionality.
A "transaction", as used herein, may refer to a sequence of data stored in the blockchaxn. The data comprised by a transaction may, for example, be a message, code such as a smart contract, a cryptocurrency transaction or protocol data. In particular, for example, the blockchaxn may implement a state machine, and the transaction may be data that describes a state transition of the state machine.
The blockchaxn may be distributed over the plurality of nodes . For example, the plurality of nodes may host the blockchain by each of the plurality of nodes storing, in a storage comprised by or accessible to each of the nodes, a partial or full copy of the blockchaxn.
In particular, the blockchain may store the plurality of transactions as a chain of blocks, and each block of the chain of blocks may comprise one or more of the transactions, a hash value of the transactions comprised by the block and a reference value referring back to a previous block of the chain of blocks, thereby forming the chain of blocks. The reference value referring back to the previous block of the chain of blocks may be, for example, a hash value of the entxre data comprised by the previous block of the blockchain.
The hash value of the transactions comprised by the block may be a hash value or root of a Merkle tree or a Patricia tree or a tree of hash values of each transaction comprised by the block. In some embodiments, the hash value of the transactions comprised by the block may be a hash value of a list of the hash values of each transaction of the block, or a hash value of a concatenation of each transaction of the block.
For example, each hash value may be a value calculated by ap- plying a hash function to a sequence of data. The hash function may be selected such that it is computationally easy to calculate the hash value for a given sequence of data, but it is computationally difficult to calculate a sequence of data for a given hash value. The hash function may be selected from one of the following: SHA-1, SHA-2, SHA-3, SHA256, SHA256d, Keccak, Keccak-256.
In this way, the blockchain may be a chain of blocks that are cryptographically linked by a sequence of hash values. This may have the benefit of making it difficult to alter or fal- sify the transactions stored in the blockchain.
The blockchain is a consensus-based database. A candidate block may be added as a block of the blockchain only on the condition that a consensus to add the candidate block to the blockchain is reached between the nodes hosting the block- chain, wherein the consensus may be reached according to a predetermined consensus protocol .
In particular, the plurality of nodes may be configured to exchange one or more candidate transactions to be added to the blockchain among each other in a peer-to-peer manner. The can- didate transactions may be passed on from node to node until they ultimately disseminate over the entire real-time control network. At least some of the plurality of nodes may be mining nodes. Each mining node may be configured to collect the one or more candidate transactions that are being passed from node to node and to form a candidate block from the one or more candidate transactions and a proof (to be described later) . The candidate block comprising the candidate transactions and the proof may be passed from the mining node to further nodes until it disseminates over the entire real-time control network. Each of the nodes may be configured to verify the candidate block according to the requirements of the consensus pro- tocol and only add the candidate block to their respective local copy of the blockchain, if all requirements imposed by the consensus protocol are fulfilled.
The consensus protocol may require the candidate block to include a proof of an amount of computing resource allocated, used or spent by the mining node when forming the candidate block. Computing resources may be, for example, computing power, storage space, cryptocurrency amounts or similar. For example, the proof may be a proof-of-work, which may be an arbitrary nonce value comprised by the candidate block and se- lected such that the hash value of the candidate block is smaller than a predetermined threshold. It will be appreciated that due to the nature of the hash function, it is computationally difficult and will require computing resources such as processing power and time to select such a nonce value. The level of difficulty may be determined by the predetermined threshold.
Alternatively, the proof may be a proof-of-stake, proof-of- burn, proof-of-activity or proof-of-raffle .
The consensus protocol configured in this way may have the benefit that an intruder using a malicious node can only add a malicious new transaction into the blockchain and/or manipulate an existing transaction stored by the blockchain, by allocating, using or spending a similar or higher amount of computing resources as the combined computing resources of all legitimate nodes participating in reaching the consensus. The consensus protocol may thus be regarded as the source of trust in the transactions stored by the distributed database consti- tuted by the blockchain in spite of the absence of trust in at least some of the nodes .
In other words, even if the real-time control network comprises, among the plurality of nodes, at least one malicious node that has been compromised or has been newly joined to the network by an intruder, the blockchain may advantageously still be able to serve as a trusted database.
In a variant, in addition to the foregoing, a node may further be required to provide a cryptographic proof of authorization using, for example, a private key, before being allowed to communicate with other nodes in the real-time control network.
The consensus protocol may further require each transaction comprised by a candidate block to be a valid transaction. For example, if a transaction involves execution of a smart con- tract, the consensus protocol may require that each node executes the smart contract with an identical result. If no consensus is reached due to faulty execution on one of the nodes, the corresponding transaction may be discarded. In this way, the real-time control network may advantageously ensure fault- tolerant execution of the distributed control application.
According to an embodiment, a block time of the blockchain is adapted to be lesser than or equal to a predetermined realtime frame.
The block time may be an average or guaranteed period of time required by the plurality of nodes in order to reach the consensus to add a candidate transaction to the blockchain as a transaction of the plurality of transactions stored in the blockchain. The block time may include the time required for a candidate transaction to disseminate over the real-time con- trol network, the time required by a mining node to create a proof, and the time required for a candidate block comprising the candidate transaction to disseminate over the real-time control network. The block time may be adapted, for example, by adjusting a complexity requirement, i.e. the level of difficulty, for a proof-of-work required by the consensus proto- col of the blockchain, and/or by adjusting the computing power of the plurality of nodes.
When the block time is adapted to be lesser than or equal to a predetermined real-time frame, smart contracts stored in the blockchain and executable by the blockchain based distributed virtual machine may be used to program a distributed control application with real-time capability. Thereby, a distributed control application with real-time capability may profit from the benefits of being executed by the blockchain-based virtual machine, such as reliability, security and transparency. According to a further embodiment, the predetermined real-time frame is one second or less. Preferably, the predetermined real-time frame may be 100 milliseconds or less.
According to a further embodiment, the plurality of nodes are interconnected such that each of the plurality of nodes is connected to more than two of the plurality of nodes.
In this way, a failure of an individual interconnection may have no significant effect on the overall operation of the real-time control network, thereby achieving a high level of redundancy . According to a further embodiment, at least one node of the plurality of nodes comprises an interface adapted to be connected to a controlled device of the one or more controlled devices .
The interface may be embodied in software or hardware or a combination thereof. For example, the interface may comprise a device port, such as a serial port or a field bus port, and a corresponding driver software, and may be adapted to enable communication between the node and the control device.
According to a further embodiment, an instruction set of the distributed virtual machine comprises an input instruction for reading data only from the blockchain and an output instruction for writing data only to the blockchain.
An "instruction set" may refer to a complete set of a plurality of instructions in a high-level or scripting programming language, which are usable by a programmer to write a smart contract, and/or to a complete set of a plurality of bytecode primitives that can be interpreted by the distributed virtual machine and may therefore be comprised by a smart contract stored in the blockchain. Thereby, the distributed control application may perform control of the controlled device only by indirect communication, i.e. by reading data, such as input values, from a transaction of the plurality of transactions stored in the blockchain, or writing data, such as output values, to a transaction of the plurality of transactions stored in the blockchain. A portion of an interface, such as a device driver being executed on a node to which the controlled device is connected, may perform communication with the controlled device based on the data written to the blockchain by the distributed control applica- tion, and may write data to the blockchain to be read by the distributed control application.
According to a preferred variant, a runtime environment provided by the distributed virtual machine may be completely isolated. This may mean that the only target for any type of input or output operation performed by a smart contract stored in the blockchain may be the blockchain (a transaction stored in the blockchain) itself. This may achieve the benefit of any communication of the distributed control application, such as input values and output values, being transparently stored in the blockchain for later review or debugging. Also, in this way, by channelling any communication with the distributed control application through the blockchain, possibilities of attack are advantageously minimized, and any attack that takes place can be identified and analysed at any later point in time by referring to the transactions stored in the blockchain.
According to a further embodiment, an instruction set of the distributed virtual machine comprises an instruction reading an input value from the controlled device and/or writing an output value to the controlled device.
The distributed virtual machine may take care of routing the input values and output values to and/or from the proper node that is connected to the controlled device in response to the instruction for reading an input value and/or the instruction for writing an output value being issued by the distributed control application.
Thereby, the distributed control application executed by the distributed virtual machine may advantageously use the instruction to directly communicate with, and control, the controlled device, and may read measured values from the controlled device as input values and/or output command values to the controlled device as output values. This may achieve the benefit that less data overhead is stored in the blockchain, and the distributed control application may be executed with higher performance .
According to a further embodiment, the distributed virtual machine is configured to execute a first portion of the distributed control application stored in a first contract transaction of the one or more contract transactions in response to a message transaction being added to the plurality of transactions stored in the blockchain.
The first portion of the distributed control application may be a first smart contract stored in the blockchain. The dis- tributed control application may comprise one or more first smart contracts. Each first smart contract may be associated with a unique address indicative of the smart contract. The message transaction may be a transaction that comprises the address of the first smart contract as a message destination address. The message transaction may further comprise an input value or parameter to be supplied to the smart contract for further computation. It is noted that "adding a message transaction to the blockchain" may also be referred to as "sending a message" herein below. The consensus protocol of the blockchain may be configured such that a smart contract is executed if a message transaction comprising an address associated with a smart contract as a destination address is to be added to the blockchain, or, in simpler words, if a message is sent to a smart contract. The message may be manually sent by an operator, or it may be sent automatically, for example by a device driver code running on a node that is connected to at least one of the controlled devices, and may include a measured value measured with the controlled device as an input value for the smart contract. The message may also be sent by another smart contract that is being executed by the distributed virtual machine.
In other words, the first smart contract may be executed when a candidate block comprising the message transaction is verified for compliance with the consensus protocol. Due to a peer-to-peer nature of the blockchain described hereinabove, it may be difficult to predict which of the plurality of nodes will actually execute the smart contract. Any one or more of the plurality nodes may be used to execute the smart contract. The distributed virtual machine is therefore highly resilient to attack, outage and failures and provides a high level of security. According to a further embodiment, the distributed virtual machine is configured to execute a second portion of the distributed control application stored in a second contract transaction of the one or more contract transactions in cyclic intervals . The second portion of the distributed control application may be a second smart contract stored in the blockchain. The distributed control application may comprise one or more second smart contracts.
By comprising functionality to execute the second smart con- tracts in cyclic intervals, the real-time control network enables the distributed control application to execute certain control operations repetitively without requiring and external trigger such as the sending of a message.
According to a further embodiment, the distributed control ap- plication is configured to store logging data by creating a log transaction and adding the log transaction to the plurality of transactions stored in the blockchain.
The logging data may comprise data about the operation of the one or more controlled devices, such as time data, event data, error data, measured values received from or command values provided to the controlled devices, in human or machine readable form. By storing the logging data in the block chain, the logging data can be made available to an operator in a transparent way, and further, the logging data can be protected against tampering, since it may be prohibitively difficult for an intruder to introduce forged logging data into the block- chain so as to conceal an intrusion.
Any embodiment of the first aspect may be combined with any embodiment of the first aspect to obtain another embodiment of the first aspect.
According to a second aspect, a real-time control system comprises one or more controlled devices and a real-time control network according to the first aspect or an embodiment of the first aspect. According to an embodiment of the second aspect, each of the one or more controlled devices is connected to at least one of the plurality of nodes.
According to a further embodiment of the second aspect, at least one of the one or more controlled devices is connected to more than two of the plurality of nodes.
Thereby, redundancy and reliability may be improved.
According to a further embodiment, the one or more controlled devices comprise at least one sensor and/or at least one actuator. Any embodiment of the second aspect may be combined with any embodiment of the second aspect to obtain another embodiment of the second aspect.
According to a third aspect, a method for controlling one or more controlled devices in real-time comprises: providing a plurality of nodes, the plurality of nodes being interconnected and configured to host a blockchain, wherein the block- chain is a distributed consensus-based database configured to store a plurality of transactions, and to act as a distributed virtual machine; storing a distributed control application for controlling the one or more controlled devices in real time in one or more contract transaction of the plurality of transactions, and executing the distributed control application on the distributed virtual machine. The step of storing the distributed control application in the one or more contract transactions may comprise adding the one or more contract transaction to the blockchain. This may also be referred to as "sending a contract creation transaction".
The embodiments and features described with reference to the real-time control network of the present invention apply mutatis mutandis to the method of the present invention.
According to a further aspect, the invention relates to a computer program product comprising a program code for executing the above-described method for controlling one or more con- trolled devices in real-time when run on at least one computer .
A computer program product, such as a computer program means, may be embodied as a memory card, USB stick, CD-ROM, DVD or as a file which may be downloaded from a server in a network. For example, such a file may be provided by transferring the file comprising the computer program product from a wireless communication network.
Further possible implementations or alternative solutions of the invention also encompass combinations - that are not ex- plicitly mentioned herein - of features described above or below with regard to the embodiments. The person skilled in the art may also add individual or isolated aspects and features to the most basic form of the invention.
Further embodiments, features and advantages of the present invention will become apparent from the subsequent description and dependent claims, taken in conjunction with the accompanying drawings, in which:
Fig. 1 shows a real-time control network and a real-time control system according to a first embodiment. Fig. 2 shows a real-time control network according to a second embodiment .
Fig. 3 shows steps of a real-time control method.
Fig. 4 shows portions of a real-time control system according to a third embodiment . In the figures, like reference numerals designate like or functionally equivalent elements, unless otherwise indicated.
Fig. 1 shows a real-time control network 1 according to a first embodiment of the invention.
The real-time control network 1 is formed by four nodes 11-14. The nodes 11-14 are able to communicate with each other by being interconnected by multiple connection lines, which may represent Ethernet connections or the like. It is noted that in Fig. 1, each node 11-14 is connected to each other node 11- 14. In particular, each node 11-14 is connected to more than two of the nodes 11-14. However, there is no restriction to this configuration. The nodes 11-14 may be configured to communicate in a peer-to-peer manner, and the number of interconnections of each of the nodes 11-14 may also be less than the number of other nodes 11-14 and may be one, two, three or any other number, as long as a communication path may be traced directly or indirectly, i.e. via one or more hops or other nodes 11-14, from each of the nodes 11-14 to each other of the nodes 11-14. It is noted that there is no particular requirement as to the spatial arrangement of the nodes 11-14 of the real-time network. The nodes 11-14 may be located in proximity to each other, such as within a piece of equipment like a train en- gine . The nodes 11-14 may also be located remote to each other and may even be distributed worldwide. In other words, the nodes 11-14 may constitute a cloud, which is schematically visualized as a cloud in Fig. 1.
Each node 11-14 comprises a CPU, memory and storage (not shown) and executes a blockchain node software. The blockchain node software configures the nodes 11-14 to host a blockchain 3 and act as a distributed virtual machine, as described herein below.
The blockchain 3 hosted by the nodes 11-14, which execute the blockchain node software, is schematically visualized in Fig. 1 as a chain of blocks 31, 32, wherein each block 31, 32 comprises two transactions 41, 42 and 43, 44, respectively. There is no particular limitation to the number of transactions 41- 44 in each block 31, 32, or to the number of blocks 31, 32 in the blockchain 3.
Each transaction 41-44 is, in its broadest sense, a sequence of data stored in the blockchain 3. The blockchain 3 hosted by the hosts 11-14 may be described as a state machine. A state of the state machine may be the state of a plurality of ac- counts, wherein each account may comprise a cryptocurrency balance, a smart contract code and/or other types of data. Each account may be identified by a unique number, the unique number being an address of the account. A state transition of the state machine happens whenever a block 31; 32 is added to the blockchain and is defined by the transactions 41, 42; 43,
44 comprised by the added block 31; 32. Therefore, a transac- tion 41-44 may also be described as defining a change of the state of the state machine.
The present or any past state of the state machine may thus be evaluated at any point in time by starting out at a predefined initial state of the state machine and then iterating through all blocks 31, 32 in their order of occurrence in the block- chain 3, and for each block 31, 32, evaluating the transactions 41, 42; 43, 44 comprised by the respective block 31, 32, in the order of their occurrence in the block. In other words, any change of state of the state machine that has ever happened may be recorded in the blockchain 3 and may therefore be transparent to a user wishing to inspect the blockchain.
It is noted that the blockchain 3 in Fig. 1 visualizes the consensus version of the blockchain 3 that is established by the nodes 11-14 according to the consensus protocol of the blockchain 3. A local copy of this consensus version of the blockchain 3 may be stored in the storage of at least some of the nodes 11-14. The consensus protocol of the blockchain 3 is based on peer-to-peer communication and may employ a proof -of- work or proof-of-stake method to ensure that a correct consensus on the contents of the blockchain 3 is reached by the nodes 11-14.
Since the trust and reliability of the blockchain 3 is based on the consensus between the nodes 11-14, security of the blockchain 3 increases with an increasing number of nodes 11- 14 that participate in the blockchain. Therefore, the number of participating nodes 11-14 is preferably selected to be significantly greater than four.
Each block 31, 32 of the blockchain 3 is secured using a cryp- tographic hash value of the transactions 41-44 comprised thereby, such as a Patricia tree root value (not shown) , and is further linked to its preceding block 31, 32 of the blockchain 3 using a cryptographic hash value (not shown) of the preceding block 31, 32.
In order to successfully alter the contents of a transaction 41-44 stored in the blockchain 3, an intruder would also have to alter all the cryptographic hash values stored in the blockchain 3 after the transaction that the intruder wishes to alter. Furthermore, the intruder would have to modify the local copies of the blockchain 3 that are stored on each of the nodes 11-14. In other words, due to the plurality of nodes 11- 14 hosting the blockchain, there is advantageously no single point of attack. Thereby, the real-time control network 1 may advantageously be less susceptible to DDOS attacks.
An intruder could also engage in fraudulent mining activity, trying to create an alternative blockchain and make the nodes 11-14 of the real-time control network 1 reach the consensus that the alternative blockchain is the consensus version of the blockchain 3. However, due to the nature of the consensus protocol, doing so is inhibitively difficult in terms of the required computing resources . The blockchain 3 therefore pro- vides a highly reliable and secure transactional ledger for storing the transactions 41-44 therein.
Further, in Fig. 1, the transactions 41 and 42 represent contract transactions 41, 42. Each contract transaction 41, 42 comprises code - a so-called smart contract - which is code that may be referenced or called during a state transition of the state machine so as to perform calculations for defining the state transition. An example of a smart contract may be code to transfer cryptocurrency from one account to another account if a certain condition is met. Thereby, the nodes 11-14 that are hosting the blockchain 3 are configured to act as a distributed virtual machine which is configured to execute code stored in the contract transactions 41, 42 of the blockchain 3.
Since the contract transactions 42, 42 are stored in the blockchain 3, the smart contracts comprised thereby are trans- parent and secured against fraudulent manipulations, as described above .
Further, a smart contract stored in one of the contract transactions 41, 42 is not associated with any particular of the nodes 11-14. The consensus protocol of the blockchain 3 has the effect that one or more nodes that will eventually execute a smart contract during a state transition of the state machine are selected in a probabilistic manner among the nodes 11-14 that are connected to the real-time control network 1. In other words, the functionality and reliability of the dis- tributed virtual machine is maintained even if some of the nodes 11-14 or some of the interconnections between certain of the nodes 11-14 fail. Also, additional nodes may be added to the real-time control network 1 without having to modify the code stored in the contract transactions 41, 42. The distrib- uted virtual machine that is implemented based on the block- chain 3 hosted by the nodes 11-14 of the real-time control network 1 is therefore highly scalable and resilient to failure and attack.
In this way, the blockchain 3 constitutes a trustworthy execu- tion environment for smart contracts that can beneficially ensure a high level of reliability, resiliency, redundancy, security, scalability and transparency.
The real-time control network 1 of Fig. 1 is connected with two controlled devices 21, 22. The controlled device 21 may be a sensor, and the controlled device 22 may be an actuator. There is no particular limitation to this, and the controlled devices 21, 22 may comprise any device, system or even another network that is to be subjected to real-time control by the real-time control network 1. In the broadest sense, the controlled devices 21, 22 may comprise any entity that may provide an input value to the real-time control network 1 and/or accept an output value or command value from the real-time control network 1. Therefore, the real-time control network 1 can be used for real-time control at various levels, such as high-level control or low-level control.
It is noted that a combination of the real-time network 1 and the controlled devices 21, 22 constitutes a real-time control system 100.
According to the present embodiment, a distributed control application is stored as multiple smart contracts in the contract transactions 41, 42. The distributed control application comprises code that is configured to calculate an output or command value to be provided by the real-time control network 1 to the controlled device 22 based on an input value provided to the real-time control network 1 by the controlled device 21. By using the real-time control network 1 to execute the distributed control application on the distributed virtual machine, the controlled devices 21, 22 may be controlled in real-time while benefitting from the above-described advantages of the blockchaxn 3 and the distributed virtual machine. Fig. 2 shows a real-time control network 1 and a real-time control system 200 according to a second embodiment. According to the second embodiment, each node 11-15 comprises a network port 61-65 such as an Ethernet port 61-65. The nodes 11-15 are interconnected by interconnecting the network ports 61-65 us- ing cabling such as Ethernet cables. It will be appreciated that the lines shown in Fig. 2 represent logical connections and do not necessarily reflect the actual cabling. In particular, Ethernet switches and hubs may be used in a suitable manner to interconnect the nodes 11-15 using the network ports 61-65. The node 12 further comprises a device port 52. The device port 52 is connected to the controlled device 21, which may be a sensor. The device port 52 and a device driver software (not shown) constitute an interface between the sensor 21 and the blockchain node software executed by the node 12. The node 13 further comprises a device port 53. The device port 53 is connected to the controlled device 22, which may be an actuator. The device port 53 and a device driver software (not shown) constitute an interface between the actuator 22 and the block- chain node software executed by the node 12. One node 15 of the nodes 11-15 of the real-time network 1 is provided as part of a programming device 7 such as a personal computer or notebook. The notebook 7 may be used to program the real-time control network l, as will be described below.
A method of controlling the controlled devices 21 in real-time will now be described by reference to the steps illustrated in Fig. 3 and the real-time control system 200 shown in Fig. 2.
In step SI, the nodes 11-15 as described hereinabove are provided. For example, multiple machines, such as personal computers and PLCs, are provided, are interconnected using Ethernet or other suitable cabling, and a blockchain node software as described hereinabove is installed on each of the machines, thereby forming the nodes 11-15 that are interconnected and configured to host a blockchain 3 and to act as a distributed virtual machine. In step S2, a distributed control application is stored in the blockchain 3. This will now be described in greater detail. The real-time network 1 may be programmed by creating a plurality of smart contracts. A smart contract may be programmed on the notebook 7 by creating source code using a scripting language or a high-level language, such as C, Javascript, Scrypt, Mutan, LLL, Serpent or Solidity. The source code is then compiled into bytecode that is executable by the distributed virtual machine, by executing a compiler on the notebook 7. The resulting bytecode is stored in a plurality of candidate transactions - so called contract creation transactions - that are digitally signed using a key of the notebook 7 or of a user of the notebook 7. The node 15 of the notebook 7 sends the contract creation transactions to at least one other nodes 11 of the real-time control network 1, and the at least one other node 11 passes the contract creation transactions on to further nodes 12-14 in a peer-to-peer manner, until they disseminate over the real-time control network 1. The contract creation transactions are stored in the blockchain 3 as the contract transactions 41, 42, when a mining node of the nodes 11-15 creates the block 31 and successfully adds the block 31 to the blockchain 3, i.e. when a consensus 1 to add the block 31 to the blockchain 3 is reached by the nodes 11-15. In this way, the distributed control application is stored in the blockchain 3.
It is noted that the instruction set provided by the distrib- uted virtual machine and accessible to a programmer through the high level languages, such as Solidity, is preferably Turing complete. This means that any computational load to be executed by the real-time control network 1 to control the controlled devices 21, 22 may be successfully programmed as a smart contract to be stored in the blockchain 3 and to be executed by the nodes 11-15 acting as the distributed virtual machine. In particular, the instruction set of the distributed virtual machine may provide a programmer of the smart con- tracts with functionality to perform mathematical calculations, functionality to exchanges messages via the blockchain 3 and functionality to store data as transactions 41-44 in the blockchain 3. It is noted that according to the present embodiment, the instruction set of the distributed virtual machine comprises an input instruction for reading data from the blockchain 3 and an output instruction for writing data to the blockchain 3, but does not comprise an instruction for performing any other type of input or output. In particular, it does not comprise an instruction for performing direct input or output with the controlled devices 21, 22. In other words, the instruction set is isolated, i.e., it is restricted to input and output operations only to and from the blockchain 3. Input and output with the controlled devices 21, 22 is performed by the device drivers, which are part of the interfaces of the respective nodes 12, 13 to which the controlled devices 21, 22 are connected. In order to communicate with the respective device drivers, the distributed control application reads input values from the blockchain 3, for example, by receiving a message 43 comprising the input values, and writes output values to the blockchain, for example, by sending a message 44, or by storing another type of transaction 41-46. In this way, all action performed by the smart contracts constituting the distributed control application are automatically logged in the blockchain 3 and are advantageously transparent for later inspection.
In the present example, the contract transaction 41 stores a first smart contact comprising bytecode that is configured to calculate a command value for the actuator 22 based on an in- put value from the sensor 21. The contract transaction 42 stores a second smart contract comprising bytecode that is configured to perform cyclic maintenance operations such as writing human-readable log data and/or cyclically operating the actuator 22 irrespective of the input value from the sensor 21.
In step S3, the distributed control application is executed on the distributed virtual machine. As described hereinabove, the blockchain-based distributed virtual machine may be described as a state machine. That is, each time a mining node of the nodes 11-15 creates a new block, the state machine undergoes a state transition. As part of each state transaction, one or more smart contracts stored in the contract transactions 41, 42 of the plurality of transactions 41-46 may be executed by the distributed virtual machine. The time between two such state transitions is also referred to as the block time of the blockchain 3. The block time of the blockchain 3 according to the present embodiment is suitably adjusted by adjusting the computing power of the nodes 11-15 and by adjusting the difficulty level that is defined by the predetermined threshold of the proof-of work algorithm. The lower the threshold, the higher the difficulty.
Further, by virtue of statistical averaging, the block time is more predictable when more nodes 11-15 are added to the realtime control network 1. If a sufficiently high number of nodes 11-15 is provided, the block time can be said to be guaranteed.
In the present embodiment, the difficulty, computing power and number of nodes 11-15 (not all nodes are shown in Fig. 2) is selected such that a block time of less than one second can be guaranteed with a probability of higher than 99.99 percent. There is no particular limitation to these values, and the block time may preferably also be selected to be less than 200 milliseconds with a probability of higher than 99.9999 percent. The exact values chosen will depend on a use case of the real-time network 1. By selecting the block time lower than a predetermined real-time frame, and selecting the probability with which this block time is achieved to a value that is sufficiently high for a use case at hand, the distributed virtual machine becomes a suitable execution environment for the dis- tributed real-time control application stored in the contract transactions 41, 42 of the blockchain 3.
The mechanism of executing the byte code stored in the contract transaction 41 - which constitutes a first portion of the distributed control application - will now be described. The interface comprised by the device port 51 and the associated device driver, which is executed outside of the distributed virtual machine by the CPU of node 22, reads a measured value from the sensor 21. The reading may happen cyclically, or it may be triggered by the sensor 21. For example, the sen- sor 21 may trigger the reading when a certain threshold is exceeded. Upon reading the measured value from the sensor 21, the device driver may create a candidate message transaction which comprises a call to the first smart contract stored by the contract transaction 41 and further comprises the measured value read from the sensor 21 as an input value to the first smart contract .
During the next state transition of the state machine, the candidate message transaction is added to the blockchain 3 as a message transaction 43. The distributed virtual machine con- stituted by the nodes 11-15 recognizes the call to the first smart contract and executes the bytecode of the first smart contract as part of the state transition. In this way, the distributed virtual machine executes the first portion of the distributed control application stored as the first smart con- tract in the contract transaction 41 in response to the message transaction 43 being added to the blockchain 3. It is noted that the blockchain node software executed by the nodes 11-15 is configured in a way that does not allow a deterministic prediction of which, or how many, of the nodes Ills will actually execute the bytecode. This may depend e.g. on which node of the nodes 11-15 actually mines the block 32. There is, however, a guarantee that the bytecode will be executed at least once by at least one of the nodes 11-15 throughout the state transition. The real-time network 1 network is therefore highly resilient. If any of the nodes 11-15 fails, another node 11-15 will take over.
When executed, the first smart contract stored in the contract transaction 41 calculates a command value for the actuator 22 based on the input value read from the sensor 21 and provided to the first smart contract via the message transaction 43 that comprises the call to the first smart contract. The first smart contract then creates another candidate message transaction that comprises the calculated output value. The candidate message transaction including the output value may be included, as a message transaction 44, into the same block 32 that comprises the message transaction 43. In this case, the output value is sent as part of the same state transition of the state machine in which the input value is received. Alternatively, the candidate message transaction including the output value may also be become included, as a message transac- tion 45, into another block 33 during the subsequent state transition. The message transaction 44 or the message transaction 45 may be digitally signed using a private key associated with the first smart contract stored in the contract transaction 41. It is noted that each of the message transactions 43-45 is included into the blockchain 3 based on a consensus between the nodes 11-15. In particular, the smart contract stored in the contract transaction 41 is executed once by a mining node of the nodes 11-15 when creating a candidate block for the block 32, 33 to be added to the blockchain 3. The smart contract is executed again by other nodes of the nodes 11-15 when verifying the candidate block as part of the consensus protocol prior to adding the candidate block as a block 32, 33 to their respective local copies of the blockchain 3. If the mining node has calculated the output value of the smart contract in a wrong way due to memory corruption, radioactive influence, malicious manipulations or the like, at least the consensus on the message transaction 44, 45 comprising the output value will not be reached between the nodes 11-15, and the block 32, 33 comprising the message transaction 44, 45 will not be added to the blockchain 3. Therefore, the real-time network 1 advantageously provides a fault-tolerant execution environment for the distributed control application.
The interface of the node 13 comprises the device port 53 and a device driver for the actuator 22. The device driver is executed by the CPU of node 13 outside of the distributed virtual machine. When the device driver sees the message transaction 44 or the message transaction 45 comprising the output value, the device driver verifies the digital signature of the message transaction 44 or 45 and, upon successful verification, reads the output value from the message transaction 44 or 45 and transmits the output value as a command value to the ac- tuator 22, thereby causing the actuator 22 to perform a desired control action in real time.
Further to this, the contract transaction 42 contains a second smart contract comprising bytecode that constitutes a second portion of the distributed control application. According to the present embodiment, the second smart contract is executed cyclically by the distributed virtual machine. Cyclic execution of the second smart contract stored in the contract transaction 42 may be hard-coded into the blockchain node software executed by the plurality of nodes 11-15. Alternatively, the second smart contract, when executed, may send a message to itself. Thereby, the second smart contract may be triggered once by an operator sending a message to the second smart contract, and after that, the second smart contract may trigger itself to be executed during each subsequent state transition of the blockchain 3.
According to the present embodiment, the second smart contract stored in the second contract transaction 42 comprises code that monitors the execution of the first smart contract stored in the first contract transaction 41. That is, the second smart contract, when executed by the distributed virtual machine, refers to the blockchain 3 for message transactions 43, 44, 45 that have been created by the first smart contract stored in the first contract transaction 41 and/or by the device driver of the sensor 21. The second smart contract, when executed, checks the input values and command values stored in the respective message transactions 43, 44, 45. If the second smart contract detects any kind of anomaly, the second smart contract creates a log transaction 46 that comprises human- readable logging data describing the anomaly and adds the log transaction 46 to the blockchain 3.
Fig. 4 shows portions of a real-time control system 300 according to a third embodiment. It is noted that elements of the real-time control system 300 according to the third embodiment that are similar to elements of the real-time control system 200 or 100 of the first or second embodiment have been omitted from Fig. 4 to facilitate understanding.
The real-time control system 300 according to the third em- bodiment comprises the nodes 11-14. Each node 61-64 includes a network port 61-64. The network ports 61-64 according to the third embodiment are interconnected by a wireless communica- tion network. Each node 61-64 further includes a device port 51-54. The interconnected nodes 11-14 constitute a real-time control network according to the third embodiment .
The real-time control system 300 according to the third em- bodiment differs from the real-time control system 200 according to the second embodiment in that each controlled device, i.e. the sensor 21, and the actuator 22, is connected to more than two of the nodes 11-14 via the respective device ports 51-54. Fig. 4 shows a preferred variant of the third embodi- ment, in which each controlled device 21, 22 is connected to each of the nodes 11-14.
The instruction set of the distributed virtual machine configured by the nodes 11-14 comprises instructions for directly communicating with the controlled devices 21, 22. The instruc- tion set comprises an instruction for reading an input value from the sensor 21 and an instruction for writing an output value as a command value to the actuator 22.
In this way, the distributed control application executed by the distributed virtual machine, which is configured by the nodes 11-14, i.e. the smart contracts constituting the distributed control application, may perform direct input/output operations on the controlled devices 21 to 22 without relying on message transactions 44, 45, 46 and/or device drivers and/or having to wait for a next state transition. The func- tionality that transfers the input and output values between the smart contracts and the controlled devices 21, 22 may embodied by the blockchain node software that is executed by the nodes 11-14. In this way, the performance of the real-time control network and real-time controls system 300 according to the third embodiment may be improved.
Although the present invention has been described in accordance with preferred embodiments, it is obvious for the person skilled in the art that modifications are possible in all embodiments .
A suitable control algorithm to be implemented by the distributed control application may be freely selected according to the desired control task that is to be achieved.
The real-time control network 1 and the real-time control system 100, 200, 300 according to embodiments and their variations may be applied to low-level real-time control tasks such as controlling a valve position based on a measured flow rate, or to high-level real-time control tasks such as controlling the positions of multiple switches and lights in a railway network based on a train schedule and the actual positions of multiple trains in the railway network; or to integrating various control tasks in a train engine, such as traction con- trol, breaking control and central control.
In a sophisticated real-time control network 1, various tasks of various urgency may need to be performed concurrently. The real-time control network 1 may implement a cryptocurrency based on the blockchain 3. The execution order of the smart contracts, which constitute the distributed control application, in the real-time network 1 may be prioritized, or scheduled, based on cryptocurrency amounts spent transferred or by a calling entity, such as a device driver of an interface of one of the nodes 11-15 or another smart contract. Reference Numerals
real-time control network
11-15 nodes
21, 22 controlled devices
3 blockchain
31, 32 blocks
41-46 transactions
51-54 device ports
61-65 network ports
programming device
100, 200, 300 real-time control system
SI, S2, S3 method steps

Claims

Patent claims
1. A real-time control network (1) for controlling one or more controlled devices (21, 22) in real time, the real-time control network (1) comprising a plurality of nodes (11-15) , the plurality of nodes (11-15) being interconnected and configured to:
- host a blockchain (3) , wherein the blockchain (3) is a distributed consensus-based database configured to store a plurality of transactions (41-46) , and - act as a distributed virtual machine configured to execute a distributed control application for controlling the one or more controlled devices (21, 22) in real time, the distributed control application being stored in one or more contract transactions (41, 42) of the plurality of transactions (41- 46) .
2. The real-time control network according to claim 1, wherein a block time of the blockchain (3) is adapted to be lesser than or equal to a predetermined real-time frame.
3. The real-time control network according to claim 2, wherein the predetermined real-time frame is one second or less.
4. The real-time control network according to any of claims 1 to 3, wherein the plurality of nodes (11-15) are interconnected such that each of the plurality of nodes (11-15) is connected to more than two of the plurality of nodes (11-15) .
5. The real-time control network according to any of claims 1 to 4, wherein at least one node (12, 13) of the plurality of nodes comprises an interface (52, 53) adapted to be connected to a controlled device (21, 22) of the one or more controlled devices (21, 22) .
6. The real-time control network according to any of claims 1 to 5, wherein an instruction set of the distributed virtual machine comprises an input instruction for reading data only from the blockchain (3) and an output instruction for writing data only to the blockchain (3) .
7. The real-time control network according to any of claims 1 to 5, wherein an instruction set of the distributed virtual machine comprises an instruction for reading an input value from the controlled device (21) and/or writing an output value to the controlled device (22) .
8. The real-time control network according to any of claims 1 to 7, wherein the distributed virtual machine is configured to execute a first portion of the distributed control application stored in a first contract transaction (41) of the one or more contract transactions (41-46) in response to a message transaction (43) being added to the plurality of transactions (41- 46) stored in the blockchain (3) .
9. The real-time control network according to any of claims 1 to 8 , wherein the distributed virtual machine is configured to execute a second portion of the distributed control application stored in a second contract transaction (42) of the one or more contract transactions (41-46) in cyclic intervals.
10. The real-time control network according to any of claims 1 to 9, wherein the distributed control application is configured to store logging data by creating a log transaction (46) and adding the log transaction (46) to the plurality of transactions (41-44) stored in the blockchain (3) .
11. A real-time control system (100, 200, 300), comprising one or more controlled devices (21, 22) and a real-time control network (1) according to any one of claims 1 to 10.
12. The real-time control system according to claim 11, wherein each of the one or more controlled devices (21, 22) is connected to at least one of the plurality of nodes (11-15) .
13. The real-time control system according to claim 12, wherein at least one of the one or more controlled devices (21, 22) is connected to more than two of the plurality of nodes (11-15) .
14. The real-time control system according to one of claims 11 to 13, wherein the one or more controlled devices (21, 22) comprise at least one sensor (21) and/or at least one actuator (22) .
15. A method for controlling one or more controlled devices (21, 22) in real-time, comprising: providing a plurality of nodes (11-15) , the plurality of nodes (11-15) being interconnected and configured to host a blockchain (3) , wherein the blockchain (3) is a distributed consensus-based database configured to store a plurality of transactions (41-46) , and to act as a distributed virtual machine ; storing a distributed control application for controlling the one or more controlled devices (21, 22) in real time in one or more contract transactions (41, 42) of the plurality of transactions (41-46) , and executing the distributed control application on the distributed virtual machine .
EP17788324.6A 2017-08-31 2017-08-31 Blockchain-based real-time control network, real-time control system and real-time control method Withdrawn EP3656084A1 (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/RU2017/000635 WO2019045589A1 (en) 2017-08-31 2017-08-31 Blockchain-based real-time control network, real-time control system and real-time control method

Publications (1)

Publication Number Publication Date
EP3656084A1 true EP3656084A1 (en) 2020-05-27

Family

ID=60164771

Family Applications (1)

Application Number Title Priority Date Filing Date
EP17788324.6A Withdrawn EP3656084A1 (en) 2017-08-31 2017-08-31 Blockchain-based real-time control network, real-time control system and real-time control method

Country Status (2)

Country Link
EP (1) EP3656084A1 (en)
WO (1) WO2019045589A1 (en)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11386375B2 (en) * 2018-09-20 2022-07-12 Software Ag Systems and/or methods for securing and automating process management systems using distributed sensors and distributed ledger of digital transactions
JP7304963B2 (en) * 2019-03-15 2023-07-07 ライン プラス コーポレーション Program, data authentication method, and computer device
US20210110382A1 (en) * 2019-10-13 2021-04-15 MobileCoin System and method for providing auxiliary curve cold storage
GB2588660A (en) * 2019-10-31 2021-05-05 Nchain Holdings Ltd Request and response protocol using blockchain transactions
CN111381938B (en) * 2020-05-29 2020-09-25 支付宝(杭州)信息技术有限公司 Method and system for executing intelligent contracts in block chain based on basic instruction set
CN114697343B (en) * 2022-03-08 2023-10-27 杭州锘崴信息科技有限公司 Block chain system and method for resisting network damage
CN114531248B (en) * 2022-04-24 2022-07-05 国网浙江省电力有限公司电力科学研究院 Decentralized control method and system for block chain and 5G fused distributed energy system
CN116663852A (en) * 2023-07-21 2023-08-29 中国铁道科学研究院集团有限公司通信信号研究所 Decentralised train line resource negotiation method

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
AU2016376097B2 (en) * 2015-12-22 2019-11-07 Financial & Risk Organisation Limited Methods and systems for identity creation, verification and management

Also Published As

Publication number Publication date
WO2019045589A1 (en) 2019-03-07

Similar Documents

Publication Publication Date Title
EP3656084A1 (en) Blockchain-based real-time control network, real-time control system and real-time control method
ES2869395T3 (en) Procedure and control system to control and/or supervise equipment
JP7065956B2 (en) Methods and control systems for controlling and / or monitoring equipment
CN110730973A (en) Method and apparatus for computer-aided testing of blockchains
CN108293017A (en) Device and method for using Internet of Things gras generally recognized as safe gateway
US20210349443A1 (en) Method and apparatus for the computer-aided creation and execution of a control function
CN112041833A (en) Method and system for facilitating data transfer between block chains
US11412047B2 (en) Method and control system for controlling and/or monitoring devices
US20210081546A1 (en) System and method for the cryptographically protected monitoring of at least one component of a device or an apparatus
CN111492355B (en) Method and control system for controlling and/or monitoring a device
CN113490937A (en) Block chain system and computer-implemented method for identifying attacks on a computer system or computer network
US11231958B2 (en) Method and control system for controlling and/or monitoring devices
US20230266731A1 (en) Digital Twin-Based Process Control in an IoT Network
US20220179384A1 (en) Method and control system for controlling an execution of transactions
Ahmadian et al. Distributed Real-Time Architecture for Mixed-Criticality Systems
CN111602372B (en) Method and control system for controlling and/or monitoring a device
CN112425121A (en) Usage control data network for distributed databases
Mundhenk et al. Dynamic platforms for uncertainty management in future automotive E/E architectures
CN113826369A (en) Intrusion identification for computer system
CN113497795A (en) Access control method of production equipment, equipment controller and cloud service system
CN110730959A (en) Method and system for performing actions requested by blockchain
Schwab et al. Integration of Scalable Safety and Security Actions in IEC 61499 Control Applications
Obermaisser et al. DREAMS Architectural Style
TW202401458A (en) Systems and methods for blockchain-based industrial automation
CN113574483A (en) Method and control system for controlling execution of a transaction

Legal Events

Date Code Title Description
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: UNKNOWN

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE

PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE

17P Request for examination filed

Effective date: 20200214

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

AX Request for extension of the european patent

Extension state: BA ME

DAV Request for validation of the european patent (deleted)
DAX Request for extension of the european patent (deleted)
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20220301