EP3804283A1 - Verfahren, vorrichtungen und system zum datenaustausch zwischen einem verteilten datenbanksystem und geräten - Google Patents
Verfahren, vorrichtungen und system zum datenaustausch zwischen einem verteilten datenbanksystem und gerätenInfo
- Publication number
- EP3804283A1 EP3804283A1 EP19734298.3A EP19734298A EP3804283A1 EP 3804283 A1 EP3804283 A1 EP 3804283A1 EP 19734298 A EP19734298 A EP 19734298A EP 3804283 A1 EP3804283 A1 EP 3804283A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- data
- distributed database
- assigned
- message
- database system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
- 238000000034 method Methods 0.000 title claims description 161
- 238000004891 communication Methods 0.000 claims description 239
- 238000006243 chemical reaction Methods 0.000 claims description 163
- 230000005540 biological transmission Effects 0.000 claims description 49
- 238000012360 testing method Methods 0.000 claims description 46
- 230000008569 process Effects 0.000 claims description 34
- 238000012546 transfer Methods 0.000 claims description 12
- 238000004590 computer program Methods 0.000 claims description 11
- 230000008859 change Effects 0.000 abstract description 4
- 230000000875 corresponding effect Effects 0.000 description 362
- 238000004519 manufacturing process Methods 0.000 description 17
- 238000003860 storage Methods 0.000 description 17
- 230000006870 function Effects 0.000 description 13
- 238000012545 processing Methods 0.000 description 13
- 238000012790 confirmation Methods 0.000 description 9
- 238000012544 monitoring process Methods 0.000 description 8
- 238000004364 calculation method Methods 0.000 description 5
- 241000712062 Patricia Species 0.000 description 4
- 230000006399 behavior Effects 0.000 description 4
- 238000004422 calculation algorithm Methods 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 4
- 230000001681 protective effect Effects 0.000 description 4
- 230000004044 response Effects 0.000 description 4
- 238000011156 evaluation Methods 0.000 description 3
- 239000000463 material Substances 0.000 description 3
- 230000007246 mechanism Effects 0.000 description 3
- 101000651958 Crotalus durissus terrificus Snaclec crotocetin-1 Proteins 0.000 description 2
- 101100258328 Neurospora crassa (strain ATCC 24698 / 74-OR23-1A / CBS 708.71 / DSM 1257 / FGSC 987) crc-2 gene Proteins 0.000 description 2
- 125000002015 acyclic group Chemical group 0.000 description 2
- 238000013475 authorization Methods 0.000 description 2
- 230000001276 controlling effect Effects 0.000 description 2
- 238000009826 distribution Methods 0.000 description 2
- RFHAOTPXVQNOHP-UHFFFAOYSA-N fluconazole Chemical compound C1=NC=NN1CC(C=1C(=CC(F)=CC=1)F)(O)CN1C=NC=N1 RFHAOTPXVQNOHP-UHFFFAOYSA-N 0.000 description 2
- 239000000446 fuel Substances 0.000 description 2
- 238000005259 measurement Methods 0.000 description 2
- 238000005065 mining Methods 0.000 description 2
- 238000003012 network analysis Methods 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 229910000831 Steel Inorganic materials 0.000 description 1
- 239000003795 chemical substances by application Substances 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000006735 deficit Effects 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000009795 derivation Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000018109 developmental process Effects 0.000 description 1
- 238000005553 drilling Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005265 energy consumption Methods 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000005498 polishing Methods 0.000 description 1
- 239000000047 product Substances 0.000 description 1
- 238000012552 review Methods 0.000 description 1
- 239000010959 steel Substances 0.000 description 1
- 239000013589 supplement Substances 0.000 description 1
- 238000010200 validation analysis Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/23—Updating
- G06F16/2379—Updates performed during online database operations; commit processing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3239—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/50—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
- H04L2209/805—Lightweight hardware, e.g. radio-frequency identification [RFID] or sensor
Definitions
- the invention relates to methods, devices and a system for data exchange between a distributed database system and devices.
- Devices such as field devices and manufacturing devices, are becoming increasingly networked and can be provided / operated by different operators, for example. Command sequences that can be executed by the devices are often transmitted to these devices.
- the disadvantage here is that old devices often cannot easily communicate with the new IT infrastructure.
- An object of the present invention is to find an alternative to known solutions from the prior art.
- Distributed Ledgers is currently an intensively discussed technology that can be implemented in particular as a distributed database system or as a network application.
- applications for decentralized payment systems e.g. Bitcoin
- new applications are being developed in the financial industry.
- transactions between companies can be realized without manipulators or clearing agents. This enables new business models without a trustworthy intermediary, it reduces transaction costs, and new digital services can be offered flexibly without having to set up a specially designed infrastructure and trust relationships have to.
- a transaction record (or transaction for short) protected by a blockchain includes e.g. B.
- Program code which can also be referred to as a so-called "smart contract”.
- the invention relates to a receiving device comprising:
- a first communication interface for example, a first communication interface
- the first communication interface is set up to communicate with a distributed database system or a network application, for example the first communication interface is set up to send first messages or data (e.g. the first messages and / or further data such as e.g. to receive the data of a communication link) from the distributed database system or the network application;
- first messages or data e.g. the first messages and / or further data such as e.g. to receive the data of a communication link
- an identification module for example an identification module, wherein
- the identification module is set up to use the data or the respective message content of the first messages or the data to calculate (or calculate) an assignment for which devices a corresponding first message is intended or for which devices the data are intended;
- the conversion module is set up to convert the data or the message content of the corresponding first message or the data into a data format for the assigned device;
- the second communication interface is set up to transmit the converted data and / or the data and / or the converted message content and / or the message content of the data or the corresponding first message (and / or the first message itself) to the device, that is assigned to the corresponding first message.
- the invention relates to a receiving device comprising:
- a first communication interface for example, a first communication interface
- the first communication interface is set up to receive data from a network application
- the conversion module is set up to convert the data into a data format for a device assigned to the data
- the conversion module is set up for the device to determine whether and / or how this data is to be converted for the corresponding device (for example the assigned device);
- a second communication interface for example, a second communication interface
- the second communication interface is set up to transmit the converted data and / or the data to the device that is assigned to the data.
- the invention relates to a receiving device comprising:
- a first communication interface for example, a first communication interface, where for example the first communication
- interface is set up to receive data from a network application
- the conversion module is set up to determine a conversion test result for a device assigned to the data, whether and / or how the data is to be converted into a data format for the device assigned to the data, for example, the conversion module is set up to depend on the data convert the conversion test result into the data format for the device assigned to the data,
- a second communication interface for example, a second communication interface
- the second communication interface is set up to transmit the converted data and / or the data to the device that is assigned to the data.
- the invention relates to a receiving device comprising:
- a first communication interface (210), the first communication interface being set up to receive data from a network application;
- the conversion module is set up to determine a conversion test result for the data
- the conversion module is set up to determine whether and / or how when determining the data are to be converted into a data format for the device assigned to the data, the conversion module is set up to convert the data into the data format for the device assigned to the data depending on the conversion test result;
- the second communication interface is set up to transmit the converted data to the device that is assigned to the data.
- the conversion module checks in a test whether the device assigned to the data is able to process the data or parts of the data.
- the result of the corresponding test can then z. B. stored in the conversion check result.
- the data can be, for example, the first messages or the first message or the message content of the first message or data of a communication link.
- the terms “perform”, “calculate”, “computer-aided”, “calculate”, “determine”, “generate”, “configure”, “reconstruct” and The like preferably on actions and / or processes and / or processing steps that change and / or generate data and / or convert the data into other data, the data being represented or being able to be present in particular as physical quantities, for example as electrical impulses
- the expression “computer” should be interpreted as broadly as possible, in particular to cover all electronic devices with data processing properties.
- Computers can thus, for example, personal computers, servers, programmable logic controllers (PLC), handheld computer systems, pocket PC devices, mobile radio devices and other communication devices that can process computer-supported data. NEN, processors and other electronic devices for data processing.
- “computer-assisted” can be understood to mean, for example, an implementation of the method in which, in particular, a processor carries out at least one method step of the method.
- “computer-assisted” is also to be understood as “computer-implemented”.
- a processor can be understood in connection with the invention, for example, a machine or an electronic circuit device.
- a processor can be, in particular, a main processor (Central Processing Unit, CPU), a microprocessor or a microcontroller, for example an application-specific integrated circuit or a digital signal processor, possibly in combination with a memory unit for storing program commands, etc. act.
- a processor can also be, for example, an IC (Integrated Circuit), in particular an FPGA (Field Programmable Gate Array) or an ASIC (Application-Specific Integrated Circuit), or a DSP (digital signal
- a processor can also be understood to mean a virtualized processor, a virtual machine or a soft CPU. It can also be a programmable processor, for example, which is equipped with configuration steps for executing the aforementioned method according to the invention or is configured with configuration steps such that the programmable processor has the features according to the invention of the method, the component, the modules, or others Aspects and / or partial aspects of the invention realized.
- volatile memory in the form of random access memory (RAM) or permanent memory such as a hard disk or a data carrier.
- RAM random access memory
- permanent memory such as a hard disk or a data carrier.
- a “module” can be understood to mean, for example, a processor and / or a memory unit for storing program instructions.
- the processor is specifically designed to execute the program instructions in such a way that the processor performs functions in order to carry out the inventive
- a module can, for example, also be a node of the distributed database system, which, for example, implements the specific functions / features of a corresponding module.
- the respective modules can, for example, also be separate or independent modules
- the corresponding modules can include, for example, further elements.
- interfaces eg database interfaces, communication interfaces - eg network interface, WLAN interface
- evaluation unit e.g. B. a processor
- storage unit e.g. B. a storage unit.
- data can be exchanged using the interfaces (e.g.
- data can, for example, be computer-aided and / or automatically compared, checked, processed, assigned or calculated.
- data can be stored, called up or made available, for example, computer-aided and / or automatically.
- a first date is assigned a second date using a memory address or a unique identifier (UID), in which, for. B. the first date is stored together with the memory address or the unique identifier of the second date in a data set.
- UID unique identifier
- Provision in particular with regard to data and / or information, can be understood in connection with the invention to mean, for example, a computer-assisted provision.
- the provision is carried out, for example, via an interface (for example a database interface, a network interface, an interface to a storage unit)
- This interface can be used, for example, to transmit and / or send and / or retrieve and / or receive corresponding data and / or information.
- “provide” can also be understood to mean, for example, loading or storing, for example a transaction with corresponding data. This can be done, for example, on or from a memory module. “Providing” can also be used, for example, to transfer (or a sending or a transmission) of corresponding data from one node to another node of the block chain or the distributed database system (or its infrastructure) or the network application are understood.
- a cryptographic checksum or cryptographic hash or Hash value can be understood, in particular by means of a cryptographic hash function via a data record and / or data and / or one or more of the transactions and / or a partial area of a data block (e.g. the block header of a block of a block chain or data block header of a Data blocks of the distributed database system (or the network application) or only a part of the transactions of a data block) are formed or calculated.
- a checksum can in particular be a checksum or hash value (s) of a hash tree (e.g. Merkle Baum, Patricia-Baum). Furthermore, this can in particular also be understood to mean a digital signature or a cryptographic message authentication code. Using the checksums, for example, a cryptographic one can be created at different levels of the database system
- Protection / manipulation protection for the transactions and the data (records) stored therein can be implemented. If, for example, a high level of security is required, the checksums are generated at the transaction level and checked. If less security is required, the checksums are generated and checked at the block level (e.g. over the entire data block or only over part of the data block and / or part of the transactions).
- a “data block checksum” can be understood to mean a checksum that is calculated, for example, over part or all transactions of a data block.
- a node can then, for example, check the integrity / authenticity of the corresponding part of a data block by means of the data block checksum.
- the data block checksum can in particular also have been formed via transactions of a previous data block / predecessor data block of the data block.
- the data block checksum can in particular also have a hash tree, for example a Merkle tree [1]. or a Patricia tree can be realized, the data block checksum in particular the root checksum of the Merkle tree or a Patricia tree or a binary hash tree.
- transactions are secured by means of further checksums from the Merkle tree or Patricia tree (e.g. using the transaction checksums), the further checksums in particular being leaves in the Merkle tree or Patricia tree.
- the data block checksum can thus secure the transactions, for example, by forming the root checksum from the further checksums.
- the data block checksum can in particular be calculated for transactions of a specific data block of the data blocks.
- such a data block checksum can be included in a subsequent data block of the specific data block in order to concatenate this subsequent data block, for example, with its previous data blocks, and in particular thus to make it possible to check the integrity of the distributed database system (or the network application).
- the data block checksum can take over the function of the chaining checksum, for example, or be included in the chaining checksum.
- the header of a data block (e.g. a new data block or the data block for which the data block checksum was formed) can comprise, for example, the data block checksum.
- transaction checksum can be understood to mean a checksum which is formed in particular via a transaction of a data block.
- a calculation of a data block checksum for a corresponding data block can be accelerated, since for this purpose transaction checksums already calculated, for example, equal to Leaves of a Merkle tree, for example, can be used.
- a “chaining checksum” can be understood to mean a checksum which specifies, in particular, a respective data block of the distributed database system (or the network application) or the previous data block of the distributed database system (or the network application). referenced (often referred to in the specialist literature as "previous block hash") [1] .
- a corresponding chaining checksum is formed in particular for the corresponding previous data block.
- a chaining checksum for example, a transaction checksum or the data block checksum of a data block (i.e. an existing data block of the distributed database system or the network application) can be used to convert a new data block with an (existing) data block of the distributed database system (or the network Application).
- a checksum is formed via a header of the previous data block or over the entire previous data block and to be used as a chaining checksum. This can also be calculated for several or all of the previous data blocks, for example. It is also feasible, for example, that the chaining checksum is formed via the header of a data block and the data block checksum.
- a respective data block of the distributed database system preferably comprises a chaining checksum which was calculated for a previous data block, in particular even more preferably the directly preceding data block, of the respective data block or relates to this.
- a corresponding chaining checksum to be formed only over part of the corresponding data block (for example a previous data block).
- a data block can be realized which comprises an integrity-protected part and an unprotected part.
- integrity-protected means in particular that a change in integrity-protected data can be determined by means of a checksum.
- a network application can be used in the same way.
- the data which are stored, for example, in a transaction of a data block, can in particular be provided in different ways.
- user data such as measurement data or Da
- a transaction of a data block can only include the checksum for this data.
- the corresponding checksum can be implemented in different ways. This can e.g. B. be a corresponding data block checksum of a data block (with the corresponding data) of another database or the distributed database system or the network application, a transaction checksum of a data block with the corresponding data (of the distributed database system or another database) or a data checksum that was formed over the data.
- the corresponding transaction can contain a reference or an indication of a storage location (e.g. an address of a file server and details of where the corresponding data can be found on the file server; or an address of another distributed database which contains the data includes) to include.
- the corresponding data could then, for example, also be made available in a further transaction of a further data block of the distributed database system (or the network application) (e.g. if the corresponding data and the associated checksums are contained in different data blocks).
- this data is made available via another communication channel (e.g. via another database and / or a cryptographically secured communication channel).
- an additional data record (for example a reference or an indication of a storage location) can also be stored in the corresponding transactions, which in particular indicates a storage location where the data can be called up. This is particularly advantageous in that a data size of the block chain or the to keep the shared database system (or the network application) as low as possible.
- security-protected can be understood to mean, for example, protection that is implemented in particular by a cryptographic method. For example, this can be done by using the distributed database system (or the network application) for the provision or transmission or sending entspre sponding data / transactions are realized.
- security-protected in connection with the invention can also be understood to mean “cryptographically protected” and / or “manipulation-protected”, wherein “manipulation-protected” can also be referred to as “integrity-protected”.
- Linking the / of data blocks of a distributed database system (or the network application) can be understood in connection with the invention, for example, that data blocks each comprise information (eg chaining checksum) that relates to another data block or refer to or reference several other data blocks of the distributed database system (or the network application) [1] [4] [5].
- data blocks each comprise information (eg chaining checksum) that relates to another data block or refer to or reference several other data blocks of the distributed database system (or the network application) [1] [4] [5].
- “Insert into the distributed database system (or the network application)” and the like can be understood in connection with the invention, for example, that in particular a transaction or the transactions or a data block with its transactions to one or more nodes of a distributed database system (or the network application), for example, if these transactions are successfully validated (e.g. by the Nodes), these transactions are linked in particular as a new data block with at least one existing data block of the distributed database system (or the network application) [1] [4] [5].
- the corresponding transactions are stored, for example, in a new data block.
- this validation and / or chaining can be carried out by a trustworthy node (for example a mining node, a block chain oracle or a block chain platform).
- a block chain platform can be understood as a block chain as a service, as is particularly the case with
- a trustworthy node and / or a node can each store a node checksum (e.g. a digital signature) in a data block (e.g. in the data block they have validated and generated, which is then linked) in order to in particular to enable the creator of the data block to be identified and / or to enable the node to be identified.
- This node checksum indicates which node, for example, has linked the corresponding data block to at least one other data block of the distributed database system (or the network application).
- transaction or “transactions” can be understood to mean, for example, a smart contract [4] [5], a data structure or a transaction data record, which in particular comprises one of the transactions or more transactions.
- transaction or “transactions” can also be understood to mean, for example, the data of a transaction of a data block of a block chain.
- a transaction can in particular comprise a program code which, for example, implements a smart contract.
- a transaction can also be understood to mean a tax transaction and / or a confirmation transaction.
- a transaction can be, for example, a data structure that stores data (e.g.
- a “transaction” in connection with the invention can also be, for example, a message or a communication message or can be referred to as such.
- a message corresponds to a transaction, the message comprising, for example, control commands for controlling the devices and / or also includes requirements (e.g. specified requirements) for executing the control commands.
- Direct storage can mean, for example, that the corresponding data block (of the distributed database system or the network application) or the corresponding transaction of the distributed database system or the network application) comprises the respective data.
- Indirect storage can be understood here, for example, to mean that the corresponding data block or the corresponding transaction comprises a checksum and optionally an additional data record (for example a reference or an indication of a storage location) for corresponding data and therefore does not include the corresponding data are stored directly in the data block (or the transaction) (i.e. only a checksum for this data instead).
- these checksums can be validated, for example, as is explained, for example, under “inserting into the distributed database system (or into the network application”).
- a “program code” (for example a smart contract) can be understood to mean, for example, a program command or a number of program commands that are stored in particular in one or more transactions.
- the program code can be executed in particular and becomes, for example by the distributed database system (or by the network application).
- the program code is preferably executed by the infrastructure of the distributed database system (or the network application) [4] [5].
- a virtual machine is implemented through the infrastructure of the distributed database system (or the network application).
- a “smart contract” can be understood to mean, for example, an executable program code [4] [5] (see in particular definition “program code”).
- the smart contract is preferably stored in a transaction of a distributed database system (e.g. a block chain) or a network application, for example in a data block of the distributed database system (or the network application).
- the smart contract can be executed in the same way as is explained in the definition of "program code", in particular in connection with the invention.
- a “smart contract process” or a “smart contract” can in particular also execute a program code or a smart contract in a process through the distributed database system or its infrastructure (or through the network application and / or the corresponding infrastructure of the network application) can be understood.
- “Proof-of-work proof” can be understood in connection with the invention to mean, for example, solving a computation-intensive task that is to be solved in particular depending on the data block content / content of a specific transaction [1] [4] [5 Such a computationally intensive task is also referred to as a cryptographic puzzle, for example.
- a “network application” can include, for example, a decentrally distributed database, a distributed database system, a distributed database, a peer-to-peer application, a distributed memory management system, a block chain (English blockchain) , a distributed ledger, a distributed storage system, a distributed ledger technology (DLT) based system (DLTS), an audit-proof database system, a cloud, a cloud service, a block chain in a cloud or a peer-to-peer database
- a network application (or also referred to as a network application) can be a distributed database system that is implemented, for example, by means of a block chain or a distributed ledger.
- a block chain or a DLTS can also be used who, such as a block chain or a DLTS, which uses a Directed Acylic Graph (DAG), a k ryptographic puzzles, a hash graph or a combination of the implementation variants mentioned [6] [7].
- DAG Directed Acylic Graph
- k ryptographic puzzles e.g. a hash graph
- hash graph a combination of the implementation variants mentioned [6] [7].
- Different consensus algorithms can also be implemented, for example. This can be, for example, a consensus procedure using a cryptographic puzzle, Gossip about Gossip, Virtual Voting or a combination of the above-mentioned procedures (e.g. Gossip about Gossip combined with Virtual Voting) [6] [7].
- a block chain this can be implemented in particular by means of a Bitcoin-based implementation or an Ethereum-based implementation
- a “distributed database system” or a “network application” can also be understood to mean, for example, a distributed database system or a network application, of which at least some of its nodes and / or devices and / or infrastructure are provided by a cloud are realized.
- the corresponding components are implemented as nodes / devices in the cloud (e.g. as a virtual node in a virtual machine). This can be done, for example, using VM goods, Amazon Web Services or Microsoft Azure. Due to the high flexibility of the Implementation variants explained, in particular also partial aspects of the implementation variants mentioned can be combined with one another, for example by B. a hash graph is used as a block chain, the block chain itself z. B. can also be blockless.
- DAG Directed Acylic Graph
- IOTA Directed Acylic Graph
- Tangle transactions or blocks or nodes of the graph are linked to one another via directed edges.
- Acyclic means in particular that there are no directed loops in the graph.
- the distributed database system or the network application can be, for example, a public distributed database system or a public network application (for example a public block chain) or a closed (or private) distributed database system or a closed network Act application (e.g. a private block chain).
- a public distributed database system or a public network application for example a public block chain
- a closed (or private) distributed database system or a closed network Act application e.g. a private block chain
- a distributed database system or the network application is, for example, a closed, distributed database system, new nodes and / or devices require, for example, a valid proof of authorization and / or valid authentication information and / or valid credentials and / or valid login information to do this distributed database system or to be able to join the network application or to be accepted by it.
- a distributed database system or the network application can, for example, also be a distributed communication system for data exchange. This can be, for example, a network or a peer-to-peer network.
- a / the distributed database system can, for example, also be a decentralized distributed database system and / or a decentralized distributed communication system.
- a “network application” can also be, for example, a network application infrastructure or the network application comprises a corresponding network application infrastructure.
- This infrastructure can, for example, include nodes and / or communication networks and / or data interfaces and / or other components
- the network application can be, for example, a distributed network application (for example a distributed peer-to-peer application or a distributed database system) , which is executed on several nodes of the network application infrastructure, for example.
- a distributed database system can include a decentrally distributed database, a blockchain, a distributed ledger, a distributed storage system, and a distributed ledger technology (DLT) based system (DLTS), an audit-proof database system, a cloud, a cloud service, a block chain in a cloud or a peer-to-peer database.
- DLT distributed ledger technology
- a block chain or a DLTS can also be used, for example such as a block chain or a DLTS, which is generated using a Directed Acylic Graph (DAG), a cryptographic puzzle, a hash graph or a combination tion from the implementation variants mentioned [6] [7].
- DAG Directed Acylic Graph
- cryptographic puzzle a cryptographic puzzle
- hash graph a combination tion from the implementation variants mentioned [6] [7].
- Different consensus algorithms can also be implemented, for example. This can be, for example, a consensus method using a cryptographic puzzle, Gossip about Gossip, Virtual Voting or a combination of the above-mentioned methods (eg Gossip about Gossip combined with Virtual Voting) [6] [7]. If, for example, a block chain is used, this can be implemented in particular by means of a Bitcoin-based implementation or an Ethereum-based implementation
- a “distributed database system” can also be understood to mean, for example, a distributed database system, of which at least some of its nodes and / or devices and / or infrastructure are implemented by a cloud.
- the corresponding components are in the form of nodes / devices Cloud (eg as a virtual node in a virtual machine) can be implemented using VM goods, Amazon Web Services or Microsoft Azure, for example. Due to the high flexibility of the implementation variants explained, partial aspects of the implementation variants mentioned can also be combined with one another can be combined, for example by using a hash graph as a block chain, whereby the block chain itself can also be blockless, for example.
- DAG Directed Acylic Graph
- transactions or blocks or nodes of the graph are connected to one another via directed edges.
- edges preferably all edges
- Acyclic means in particular that there are no loops when the graph is traversed.
- the distributed database system can be, for example, a public distributed database system (e.g. a public block chain) or a closed (or private) distributed database system (e.g. a private block chain).
- new nodes and / or devices require, for example, a valid proof of authorization and / or valid authentication information and / or valid credentials and / or valid credentials for the distributed database system To be able to join the database system or to be accepted by it.
- a distributed database system can, for example, also be a distributed communication system for data exchange. This can be, for example, a network or a peer-2-peer network. Alternatively or additionally, the invention can also be implemented, for example, by means of a peer-2-peer application instead of the distributed database system.
- data block which can also be referred to as a "link” or “block”, depending on the context and implementation, in connection with the invention, for example, a data block of a distributed database system (e.g. a block chain or a peer to peer database) or a network application, which is implemented in particular as a data structure and preferably comprises one or more of the transactions.
- the database or the database system
- a data block can be a block of the block chain or the DLTS.
- a data block can include, for example, information on the size (data size in bytes) of the data block, a data block header, a transaction counter and one or more transactions [1].
- the data block header can, for example, contain a version, a chaining checksum, a data block checksum, a time stamp, a proof-of-work proof and a nonce (one-time value, random value or counter that is used for the proof-of-work proof) include [1] [4] [5].
- a data block can also be, for example, only a specific memory area or address area of the total data which are stored in the distributed database system. This allows, for example, blockless distributed database systems, such as. B. implement the IoT Chain (ITC), IOTA, and Byteball.
- ITC IoT Chain
- IOTA IOTA
- Byteball Byteball
- a data block can also comprise one or more transactions, for example, in the simplest case a data block corresponding to a transaction.
- nonce can be understood to mean, for example, a cryptographic nonce (abbreviation for “used only once” [2] or “number used once” [3]).
- a nonce denotes individual numbers or a combination of letters, which is preferably used once in the respective context (e.g. transaction, data transfer).
- Previous data blocks of a (certain) data block of the distributed database system can be understood in connection with the invention, for example, the data block of the distributed database system that in particular directly precedes a (certain) data block.
- previously data blocks of a (certain ) Data block of the distributed database system in particular all data blocks of the distributed database system are understood that precede the particular data block.
- the chaining checksum or the transaction checksum can in particular only be formed via the data block (or its transactions) preceding the particular data block directly or via all data blocks (or its transactions) preceding the first data block.
- nodes Under a “block chain node”, “node”, “node of a distributed database system or a network application” and the like, devices (eg field devices, mobile telephones), computers, smart phones, Clients or subscribers are understood who carry out operations (with) the distributed database system (for example a block chain) [1] [4] [5]
- Such nodes can, for example, transactions of a network application or a distributed database system or their data blocks Execute or insert or chain new data blocks with new transactions into the distributed database system (or into the network application) using new data blocks, in particular this can be validated and / or linked by a trustworthy node (e.g. a mining Node) or only by trusted nodes, for example a trusted node Node that has additional security measures (e.g.
- a trustworthy node can store a node checksum (e.g. a digital signature or a certificate) in the new data block. In particular, it can be used to provide evidence that indicates that the corresponding data block was inserted by a specific node or indicates its origin.
- the devices e.g. the corresponding device
- the devices are, for example, devices of a technical system and / or industrial system and / or an automation network and / or a production system, which in particular also a node of the distributed database system (or the Network application).
- the devices can, for example, be field devices or devices in the Internet of Things, which in particular are also a node of the distributed database system (or the network application).
- nodes can also include at least one processor in order to, for. B. to execute their computer-implemented functionality.
- a “block chain oracle” and the like can be understood to mean, for example, nodes, devices or computers which, for example, have a security module which can be used, for example, by means of software protection mechanisms (for example cryptographic methods), mechanical protective devices (e.g. a lockable housing) or electrical protective devices (e.g. tamper protection or a protection system that includes the data of the safety module in the event of unauthorized use / treatment of the block chain oracle deletes)
- Security module can include, for example, cryptographic keys that are necessary for the calculation of the checksums (e.g. transaction checksums or node checksums).
- a “computer” or a “device” can be understood to mean, for example, a computer (system), a client, a smart phone, a device or a server are arranged outside the block chain and are not part of the infrastructure of the distributed database system (or the network application) or form a separate, separate infrastructure.
- a device is, for example, a production device and / or an electromechanical device and / or an electronic device and / or a device of an automation network (e.g. for industrial technical systems, production systems, energy or resource distribution systems), these In particular, devices are not able to communicate directly with the distributed database system (direct) or the network application.
- Such a device outside of the distributed database system (or the network application) cannot, for example, access the data of the distributed database system (or the network application) because the device is, for example, too old and does not have the necessary cryptographic and / or IT Security capabilities are still compatible with the data format of the distributed database system (or network application).
- the invention it is particularly possible to couple a decentralized (block chain-based) infrastructure with old or legacy devices.
- such old devices can be coupled to a new blockchain-based infrastructure.
- This is advantageous, for example, for energy supply networks, the control of which is converted to a block chain infrastructure, but not every individual device in the existing energy supply network is replaced.
- the invention allows, for example, that. B. by means of a block chain messages (z. B. in transactions) with control commands to the individual devices ge, the receiving device being communicatively arranged between the devices and the distributed database system (or the network application) and the assignment and / or Transmission of the respective messages to a (corresponding) device.
- the corresponding appropriate message content or data is also converted into a data format that is compatible with a device.
- data or a message content can be cryptographically checked and / or cryptographic protection can be removed (e.g. by decrypting the message content or data).
- the receiving device retrieves a device status (e.g. error status, operating status) from the device assigned to a corresponding first message or the corresponding data (e.g. by means of the identification module or the second communication interface), wherein a Transfer to the assigned device takes place depending on the retrieved device status.
- a device status e.g. error status, operating status
- the receiving device is advantageous in that, in particular, before the transmission of the message content or the data to the device to check whether, for. B. the corresponding device is switched on or is ready for operation. In particular, this can prevent messages from being sent to devices that are in an error state. If, for example, a message is not sent to a correspondingly assigned device (e.g. because this is not possible depending on the device status), a corresponding message or transaction can be sent that includes this device status (e.g. the error status) , are transmitted to the distributed database system (or the network application) or are stored by the distributed database system (or the network application).
- the device status includes a data record about the available device resources and / or current device properties.
- the receiving device it is transmitted to the corresponding device if there are given requirements of the corresponding first message are fulfilled by the assigned device, for example the fulfillment of the previous requirements being checked on the basis of the device status.
- the receiving device is advantageous in particular to check whether a corresponding message can even be processed by a device. If a corresponding message includes, for example, control commands to start up or control a generator or a reserve power plant, the requirements may, for example, stipulate that at least a certain amount of energy should be generated. Alternatively (that is, in another application scenario), the specified requirements can be used to specify a specific manufacturing precision or manufacturing time that is to be adhered to. These requirements can be checked by the receiving device, for example, by the corresponding available device resources and / or the device status and / or the current device properties (e.g. the device is installed in the correct location, for example none) To violate data protection regulations; the device or the data processed by the device is protected against unauthorized access (e.g.
- the z. B. a corresponding data record are stored, for. B. from the identification module, the conversion module, the second communication interface (z. B. a network interface) or an evaluation module of the receiving device, which is arranged in front of the communication interface (z. B. a network interface) of a communication bus of the receiving device.
- the specified requirements can also be, for example, preconfigured control commands or include those, the preconfigured control commands, for example, stipulate that they should already be executed by one of the devices or the device before the corresponding data and / or messages or message content (e.g. the converted night content or the converted data) are transmitted to the devices.
- the control commands required can also relate to further devices, the further devices being, for example, devices of a further automation network.
- corresponding messages or transactions in the distributed database system (or in the network application) can be read out or checked, which, for example, confirm execution of the required control commands.
- corresponding messages or transactions can be identified, for example, net to confirm transactions and commands from the corresponding devices in play as oraus distressen according to an embodiment of the V control, z. B. by means of the transmitting device in the distributed th database system (or the network application) saved.
- the receiving device comprises a cryptography module, the cryptography module comprising cryptographic data assigned to the devices.
- the cryptography module uses the cryptographic data to check and / or decrypt at least part of the data or part of the message content of the corresponding first message for an assigned device, the appropriate ones being used for checking and / or decrypting cryptographic data can be loaded using the assigned device.
- the receiving device is advantageous in that it checks in particular the messages that are to be transmitted to a corresponding device.
- the message creator may have received, for example, a first cryptographic key, with which, for example, a checksum (e.g. a transaction checksum or a different of the checksums mentioned) about the data or the messages or the message content was formed.
- the message content or the data or part of the data may have been encrypted using this first cryptographic key.
- the first cryptographic key in the case of a symmetrical cryptographic method
- a second cryptographic key that is assigned to the first cryptographic key (e.g. in the case of an asymmetrical cryptographic method in which, for example, the first key is a private one Is key and the second key is a public key)
- the decryption or verification of the corresponding message content or the data is followed.
- the cryptographic data (e.g. the cryptographic key) can, for example, have been generated specifically for a device using device-specific data (e.g. a UID of the device, a random number that was generated by the corresponding device, or was based on calculated from sensor data characteristic of the device - e.g. a calculated characteristic for a noise signal determined by a sensor of the device).
- the cryptographic data is a combination of device-specific data and receiver-device-specific data (e.g. a UID of the receiver, a random number that was generated by the receiver, or was calculated on the basis of sensor data for the receiver - e.g. B. a calculated characteristic for a noise signal, which was determined by a sensor of the receiving device).
- the device-specific data and / or receiver-device-specific data for the corresponding device can determine the cryptographic data in a reproducible manner, or for this data to provide cryptographic protection (for example encryption) with which the corresponding cryptographic data of a device are protected, saved (e.g. decrypted) and / or checked (e.g. a digital signature is checked).
- the device-specific data can, for example, be called up when the device status is called up for a device.
- the device-specific data and / or receiver-device-specific data are preferably data which are difficult to forge, e.g. B.
- the device-specific data can also be determined or exchanged by means of a challenge response method, for example by configuring the method on the device side and on the receiving device side with corresponding initial values (for example by storing the device in a protected memory or receiving device) Corresponding initial values are preconfigured or these initial values are calculated and / or provided by the protected memory) and corresponding device-specific data (e.g. a cryptographic key or part of a cryptographic key) can be called up by the receiving device.
- the conversion module is set up to use the device to check which data (for example which data parts and / or which part of the data and / or all data) of the data can be processed by the (assigned) device.
- the result of this check is stored, for example, in the conversion test result, for example that
- the conversion test result indicates which parts of the data or whether data as such are to be converted for the assigned device.
- the conversion check result includes e.g. B. device-specific conversion instructions for the data, for example to convert the data specifically for the assigned device, so that the assigned Device z. B. can process the corresponding data (e.g. also the parts of the data to be converted).
- the device properties and / or the current device properties and / or device information of the assigned device can be taken into account for the test.
- the device information can, for example, also include the corresponding device properties (e.g. current device properties).
- the data can be in a text format, XML format or JSON format, but the assigned device can (only) process a certain binary data format according to its device properties.
- the conversion test result includes, for example, information that the data must be converted for processing by the device and / or can additionally include, for example, instructions on how to convert the data.
- data types that are incompatible with the assigned device can also be used in the data. These can be double data types, big integer data types or date formats, for example, that the assigned device cannot process. For this too, z. B. a corresponding conversion can be made, as has already been shown for other examples.
- Incompatible means, for example, that corresponding data (e.g. the data format or the data form of the data) cannot be processed or is not supported (e.g. by the network application or the distributed database system).
- Compatible means, for example, that corresponding data (e.g. the data format or the data form of the data) can be processed or supported (e.g. by the network application or the distributed database system). If, for example, it is determined during the check that parts of the data (for example part of a message content which is stored in the data) cannot be processed by the assigned device (for example the corresponding data format for the corresponding parts of the data is incompatible) and other parts of the data can be processed by the device, for example the conversion module preferably only converts the data that cannot be processed by the device (or are incompatible).
- converted parts of the data and the parts of the data that the assigned device was able to execute are then merged again into (converted) data (or a data record) which, for. B. can be processed as a whole by the assigned device.
- converted data or data record
- the assigned device can, for example, only process dates up to a certain point in time (e.g. December 31, 1999).
- z. B. current dates (1.1.2018) can be converted into a processable date (e.g. 1.1.1988).
- the incompatible data parts e.g. dates that lie after December 31, 1999
- a conversion rule for the device-specific conversion instructions e.g. current date - 30 years
- advised e.g. 1.1.1988
- corresponding data or parts of the data can be assigned standard values (e.g. an empty string, a date in a valid format that is e.g. not the current date). B. at least other parts of the data can be transmitted.
- the receiving device comprises an identification module.
- the identification module is in particular set up to use the data to calculate an assignment (or the assignment) for which devices the data is intended, for example.
- the identification module is in particular set up, for example, to calculate an assignment or the assignment based on the data, for example in order to determine the assigned device.
- the identification module uses the data to calculate (or determine) which device is to process the data. Accordingly, such a device is then, for example, by means of the assignment, for.
- assignment data record in the form of an assignment data record, assigned to the data.
- the assignment or the assignment data record can include, for example, device information or device properties of the assigned device.
- This assignment or the assignment data record can then be used, for example, by the conversion module, for example to B. to check which data (e.g. which part of the data and / or all data) of the data can be processed by the assigned device.
- these can additionally each include, for example, a configuration interface and / or a fan and / or a monitoring module.
- the configuration interface for example, updates or firmware versions can be imported.
- the fan z. B. the receiving device can be cooled ge.
- the monitoring module the state and / or the operating behavior of the corresponding receiving device can be monitored and z. B. saved in a file (e.g. a logging file).
- the invention relates to a transmission device, having, for example, a first communication interface, wherein
- the first communication interface is set up to communicate with devices
- the communication interface is set up to receive first messages or data from the devices
- an identification module for example an identification module, wherein
- the identification module is set up on the basis of the data or the respective message content of the first messages, an assignment is calculated which device sent a corresponding first message;
- the conversion module is set up to convert the data or the message content of the corresponding first message into a data format for the distributed database system or the network application;
- a second communication interface for example, a second communication interface
- the second communication interface is set up to communicate with a distributed database system or a network application, for example the communication interface is set up for the converted data and / or the data and / or the converted message content and / or the message content of the corresponding first message (and / or the first message itself) to the distributed database system or to the network
- the invention relates to a transmitting device comprising
- a first communication interface for example, a first communication interface
- the first communication interface is set up to communicate with devices
- the communication interface is set up to receive first messages or data from the devices
- an identification module for example an identification module, wherein
- the identification module is set up on the basis of the data or the respective message content of the first messages, an assignment is calculated which device sent the data or a corresponding first message;
- the conversion module is set up to convert the data or the message content of the corresponding first message into a data format for the distributed database system or for a network application,
- the conversion module is set up to convert the data specifically for the distributed database system or for the network application using the assigned device,
- the conversion module is set up to check which data formats can be processed by the distributed database system or by the network application or by further distributed database systems or other network applications, For example, the conversion module is set up to convert the data into a data format compatible with the distributed database system or the network application;
- a second communication interface for example, a second communication interface
- the second communication interface is set up to communicate with a distributed database system or the network application
- the communication interface is set up to transmit the converted data or the converted message content to the distributed database system or the network application.
- the invention relates to a transmitting device comprising
- a first communication interface for example, a first communication interface
- the first communication interface is set up to communicate with devices
- the communication interface is set up to receive first messages or data from the devices
- the identification module is set up on the basis of the data or the respective message content of the first messages, an assignment is calculated which device sent the data or a corresponding first message;
- a conversion module for example the conversion module being set up specifically for the data to determine associated device data format requirements, e.g. B. are predefined by the assigned device Ge,
- the conversion module is set up to determine a test result about which data formats distributed database systems or network applications can process. Convert application of the network applications or a distributed database system of the distributed database systems;
- a second communication interface for example, a second communication interface
- the second communication interface is set up to transmit the converted data or the converted message content to the distributed database system or the network application.
- the conversion module can be set up to convert the data or the message content of the corresponding first message into a data format for the distributed database system or for a network application.
- B. is predetermined by the assigned device.
- the conversion module can be set up to select the (corresponding) distributed database system from the distributed database systems or the (corresponding) network application from the network applications on the basis of the test result and / or the data format requirements.
- the second communication interface can be set up to convert the converted data and / or to transmit the data to the selected (corresponding) distributed database system or the selected (corresponding) network application.
- the network application is the selected network application or the distributed database system is the selected distributed database system.
- the data format requirements can be predetermined, for example, by the assignment and / or device properties (of the assigned device) that are stored in the assignment (or an assignment data record).
- multiple distributed database systems or multiple network applications meet the data format requirements - that is, they are each compatible with the data format requirements - B. for the respective compatible distributed database systems or the each compatible network applications are converted and / or respectively transferred to them.
- Compatible means, for example, that the respective distributed database system or the respective network application supports and / or can process at least one data format of the data format requirements.
- the data format specifies, for example, a format for data that can be processed by the network application or the distributed database system.
- the network application or the distributed database system can also be used for data conversion (or for converting the data) and / or data transmission (for the converted data or data).
- the selection criterion can be, for example, reliability, cryptographic requirements (e.g. key lengths used, cryptographic protocols) or requirements for the corresponding infrastructure (e.g. at least one pre-defined give a given number of nodes or the network application or the distributed database system are e.g. B. realized as a cloud service), which are to be supported by the network application or the distributed database system.
- a distributed database system or a network application is selected that best fulfills the selection criterion.
- the second communication interface can be set up with the distributed database systems (e.g. the distributed database system or the further distributed database systems or the selected distributed database system) or the network applications (for example the network application or the further network applications) or the selected network application) to communicate z. B. to retrieve the supported data formats of the network applications or the distributed database systems and / or to transmit the converted data.
- the distributed database systems e.g. the distributed database system or the further distributed database systems or the selected distributed database system
- the network applications for example the network application or the further network applications or the selected network application
- the data can be, for example, the first messages or the first message or the message content of the first message or data of a communication link.
- a decentralized infrastructure with old or legacy devices.
- such old devices can be coupled to a new block chain-based infrastructure.
- This is advantageous, for example, for energy supply networks, the control of which is converted to a block chain infrastructure, but not every individual device in the existing energy supply network is replaced.
- the invention allows, for example, that.
- B. a device messages (e.g. with control commands or status messages for processing control commands) to the distributed data sends banking system or the network application, the transmitting device being arranged communicatively between the devices and the distributed database system (or the network application) and the assignment and / or transmission of the respective messages to the distributed database system (or to the network application) realized.
- the corresponding message contents or data are also converted into a data format that is compatible with the distributed database system (or the network application).
- the devices do not have to be adapted to the new infrastructure.
- device properties of the assigned device dictate that the data can be stored in one or more data formats in the distributed database system or the network application.
- the data format requirements can stipulate that the data of the assigned device should be saved in an XML format or a JSON format, but not in a binary format.
- the distributed database system supports an XML format and the network application only a proprietary binary format.
- the second communication interface and / or the conversion module first check which data formats are supported by the distributed database system or the network application (supported means, for example, which data formats are supported by the distributed database system or the network). Application can be processed), also meet the data format requirements of the data format requirements of the assigned device.
- the second communication interface then transmits, for example, on the basis of the test result determined during this test, to which distributed database system (there may also be several distributed database systems) or to which network application the converted data are transmitted.
- This test result can alternatively be obtained in the same way by the conversion module or by the identification module. be averaged and z. B. the second communication interface can be provided.
- the second communication interface can be set up to transmit the converted data or the converted message content, depending on the test result, to the distributed database system or a further distributed database system or the network application or a further network application.
- the transmission device comprises a cryptography module, the cryptography module comprising cryptographic data assigned to the devices.
- the cryptography module loads corresponding cryptographic data on the basis of the assigned device, with at least part of the data or part of the message content of the corresponding first message being device-specific for the assigned device using the corresponding cryptographic data (which are preferably device-specific) Devices are cryptographically protected and, for example, the cryptographic protection takes place before sending the message content or data (or the converted variants of the data, messages and message content mentioned here).
- the sending device is advantageous in that, in particular, the messages that are sent to (and / or stored by) the distributed database system (or to the network application) are cryptographically protected. This can be done, for example, in that the corresponding data or the corresponding message content is protected and / or encrypted using a (cryptographic) checksum (e.g. a transaction checksum).
- the sending device can comprise, for example, a first cryptographic key (this is, for example, specific for the device), with which, for example, a checksum about the data or the news or the news content is formed.
- the message content can also be encrypted, for example, or the data can also be encrypted using this first cryptographic key.
- a recipient of the message can, for example, use the first cryptographic key (in the case of a symmetrical cryptographic method) or a second cryptographic key that is assigned to the first cryptographic key (e.g. in the case of an asymmetric cryptographic method in the example of the the first key is a private key and the second key is a public key), decrypt or check the corresponding message content or the corresponding data.
- the corresponding can be found here
- Key material may have been transmitted to the recipient, for example, via a secure channel.
- the cryptographic data (e.g. the cryptographic key) can be generated, for example, on the basis of device-specific data (e.g. a UID of the device, a random number that was generated by the corresponding device, or on the basis of characteristics that are characteristic of the device Sensor data was calculated - e.g. a calculated characteristic for a noise signal that was determined by a sensor of the device).
- the cryptographic data is a combination of device-specific data and transmission device-specific data (e.g. a UID of the transmission device, a random number that was generated by the transmission device, or was calculated on the basis of sensor data for the transmission device - e.g. B.
- the cryptographic data can be reproducibly determined for the corresponding device by means of the device-specific data and / or transmission device-specific data.
- cryptographic protection e.g. encryption
- the device-specific data and / or data specific to the transmission device with which the corresponding cryptographic data of a device is protected, stored (e.g. decrypted) and / or checked (e.g. a digital signature is checked or a (cryptographic) checksum for the cryptographic data is checked) if z.
- a separate cryptographic key is derived or calculated for this purpose from the device-specific data and / or transmit device-specific data.
- the device-specific data can, for example, be stored in the message of the corresponding device.
- the device-specific data and / or data specific to the transmission device are preferably data which are difficult to forge, e.g. B. a characteristic of a noise signal (z. B. detected by egg nem sensor or a tamper protection module) that is manipulated when the device is changed such that the characteristic changes such that the cryptographic data become invalid or not on this more accessible.
- the device-specific data can also be determined or exchanged by means of a challenge-response method, for example by configuring the method on the device side and on the transmitting device side with corresponding initial values (e.g. by correspondingly in a protected memory of the device or the transmitting device Initial values are preconfigured or these initial values are calculated by the protected memory
- corresponding device-specific data for example a cryptographic key or part of a cryptographic key
- the network application or the distributed database system is a block chain, wherein, for example, the messages which are sent and / or received by the distributed database system (or the network application) are transactions.
- the transmitting device and / or the receiving device at least some of the devices are devices of an automation network.
- these can additionally each comprise, for example, a configuration interface and / or a fan and / or a monitoring module.
- the configuration interface for example, updates or firmware versions can be imported.
- the fan z. B. the transmission device can be cooled ge.
- the monitoring module the state and / or the operating behavior of the corresponding Sendevor device can be monitored and z. B. saved in a file (e.g. a logging file).
- the invention relates to a system comprising: for example a receiving device according to the invention or a receiving device according to one of the embodiments mentioned;
- a transmission device for example, a transmission device according to the invention or a transmission device according to one of the above-mentioned embodiments.
- the invention relates to a method for the computer-aided reception of messages or data with the following method steps:
- a method step for calculating an assignment for the first messages the calculation determining which devices a corresponding first message or the data is intended for; for example a method step for converting the data or the message content of the corresponding first message into a data format for the assigned device;
- the method comprises further method steps in order to implement the functional features or further features of the receiving device or its embodiments.
- the invention relates to a method for computer-aided reception of data with the following method steps:
- the data is converted into the data format for the device assigned to the data, depending on the conversion check result,
- the method comprises further method steps to perform the functional Features or to realize further features of the receiving device or its embodiments.
- the invention relates to a method for computer-aided reception of data with the following method steps:
- the data is converted into the data format for the device assigned to the data, depending on the conversion check result,
- the method comprises further method steps in order to implement the functional features or further features of the receiving device or its embodiments.
- the invention relates to a method for computer-aided transmission of messages with the following method steps:
- a method step for receiving data or first (further) messages from devices using a communication interface For example, a method step for calculating an assignment based on the data or the respective message content of the first (further) subsequent direct, calculating which device sent a corresponding first further message or data;
- a method step for transferring the converted message content or the converted data to the distributed database system or the network application for example, a method step for transferring the converted message content or the converted data to the distributed database system or the network application.
- the method comprises further method steps in order to implement the functional features or further features of the transmitting device or its embodiments.
- the invention relates to a method for computer-aided transmission of data or messages with the following method steps:
- the data specifically for the distributed database system or for the network application be converted based on the assigned device
- the data can be converted into a data format compatible with the distributed database system or the network application;
- the method comprises further method steps in order to implement the functional features or further features of the transmitting device or its embodiments.
- the invention relates to a method for computer-aided sending of messages or data with the following method steps:
- a method step for determining data format requirements that are determined specifically for the device assigned to the data. B. be specified by the assigned device; For example, a method step for determining a test result as to which data formats distributed database systems or network applications can process;
- the method comprises further method steps in order to implement the functional features or further features of the transmitting device or its embodiments.
- a variant of the computer program product with program commands for configuring a creation device for example a 3D printer, a computer system or a production machine suitable for creating processors and / or devices, is claimed, the creation device being configured with the program commands in such a way that the said one transmitting device and / or receiving device according to the invention is created.
- the provision device is, for example, a data carrier that stores and / or provides the computer program product.
- the provision device is, for example, a network service, a computer system, a server system, in particular a distributed computer system, a cloud-based computer system and / or a virtual computer system, which preferably stores and / or provides the computer program product in the form of a data stream.
- This provision is made, for example, as a download in the form of a program data block and / or command data block, preferably as a file, in particular as a download file, or as a data stream, in particular as a download data stream, of the complete computer program product.
- This provision can, for example, also take the form of a partial download, which consists of several parts and in particular is downloaded via a peer-to-peer network or provided as a data stream.
- Such a computer program product is, for example, read into a system using the provision device in the form of the data carrier and executes the program commands, so that the method according to the invention is carried out on a computer or the creation device is configured such that it transmits the inventive transmission device and / or created the receiving device.
- Figure 1 shows a first embodiment of the invention.
- Fig. 2 shows a further exemplary embodiment of the invention
- 3 shows a further exemplary embodiment of the invention
- Fig. 5 shows another embodiment of the invention.
- the following exemplary embodiments have at least one processor and / or a memory unit in order to implement or execute the method.
- a combination of hardware (components) and software (components) according to the invention can occur in particular if some of the effects according to the invention are preferably carried out exclusively by special hardware (e.g. a processor in the form of an ASIC or FPGA) and / or another part by (processor and / or memory-based) software is effected.
- special hardware e.g. a processor in the form of an ASIC or FPGA
- processor and / or memory-based software is effected.
- Fig. 1 shows a first embodiment of the inven tion.
- Fig. 1 shows a system SYS which includes a Sendevor direction S and a receiving device E. 1 additionally shows an automation network AN with a first device D1, a second device D2 and a third device D3.
- the devices (DI, D2, D3) of the automation network (which can also be referred to as an automation network) are communicatively connected to one another via a second network NW2 (for example a communication network such as the Internet or an Ethernet network).
- NW2 for example a communication network such as the Internet or an Ethernet network
- FIG. 1 shows blocks B, for example a first block B1, a second block B2 and a third block B3, of a block chain BC, a section of the block chain BC in particular being shown here by way of example.
- Blocks B each comprise several transactions T. Transactions T can include control transactions and / or confirmation transactions.
- the first block B1 comprises, for example, a first transaction Tla, a second transaction Tlb, a third transaction Tic and a fourth transaction Tld.
- the second block B2 comprises, for example, a fifth transaction T2a, a sixth transaction T2b, a seventh transaction T2c and an eighth transaction T2d.
- the third block B3 comprises, for example, a ninth transaction T3a, a tenth transaction T3b, an eleventh transaction T3c and a twelfth transaction T3d.
- the blocks B each additionally comprise one of the chaining checksums CRC, which is formed as a function of the direct predecessor block.
- the first block B1 comprises a first chaining checksum CRC1 from its predecessor block
- the second block B2 a second chaining checksum CRC2 from the first block B1
- the third block B3 a third chaining checksum CRC3 from the second block B2.
- the respective chaining checksum CRC1, CRC2, CRC3 is preferably formed via the block header of the corresponding predecessor block.
- the chaining checksums CRC can preferably be done using a cryptographic hash function such as SHA-256, KECCAK-256 or SHA-3 can be formed.
- the chaining checksum can also be calculated using the data block checksum or the header includes the data block checksum (the data block checksum is explained below).
- each of the blocks can include a data block checksum. This can be implemented, for example, using a hash tree.
- a transaction checksum (e.g. also a hash value) is calculated for each transaction of a data (block).
- a transaction checksum can be generated by the transaction creator preferably created when the transaction was created, can be used for this purpose.
- a hash tree e.g. B. a Merkle Tree or Patricia Tree, whose root hash value / root checksum is preferably stored as a corresponding data block checksum in the respective blocks.
- the data block checksum is used as the chaining checksum.
- a block can furthermore have a time stamp, a digital signature, a proof of work proof, as was explained in the embodiments of the invention.
- the block chain BC itself is realized by a block chain infrastructure with several block chain nodes BCN.
- the nodes can be, for example, block chain oracles or trustworthy nodes or a system SYS.
- the nodes are communicatively connected to one another via a first network NW1 (for example a communication network such as the Internet or an Ethernet network).
- NW1 for example a communication network such as the Internet or an Ethernet network.
- the automation network AN is connected to the distributed database system or a network application by means of the system SYS. B.
- the network application z. B. includes or implements the distributed database system (e.g. a block chain).
- the system SYS comprises, in addition to the transmitting device S and the receiving device E, a first communication interface Nil, which is connected to the first network NW1 and thus realizes a communication connection with the distributed database system (or the network application).
- the SYS system also includes a second communication interface NI2, which is connected to the second network NW2 is connected and thus realizes a communication link with the automation network AN.
- the receiving device E is communicatively connected via a first bus BEI to the first communication interface Nil and communicatively connected to the second communication interface NI2 via a second bus BE2.
- the transmitting device S is communicatively connected via a third bus BS1 to the second communication interface NI2 and communicatively connected to the first communication interface Nil via a fourth bus BS2.
- the system SYS or the sending device S and / or the receiving device E preferably prevents direct communication between the automation network AN and the distributed database system (eg implemented as a blockchain BC) or the network application.
- the automation network AN with the devices (D1, D2, D3) can be an old system, the operation of which can be disturbed, for example, if the messages of the distributed database system (or the network application ) are transferred directly to the automation network. Problems can occur with regard to bandwidth, for example, so that communication between the devices (D1-D3) z. B. because of a high network load (which are generated by the messages from the distributed database system or the network application) of the two-th network NW2 is restricted or disrupted.
- the operation of the devices can be disturbed, for example, because the devices receive messages that are in a data format that cannot be processed or processed.
- the system SYS can also include the sending device S or the receiving device E. If the system SYS comprises the sending device S (ie without the receiving device E, in which case the sending device S corresponds to the system SYS), such a system is advantageous in that, for example, (only) the messages can be sent from the devices. This can be the case if the devices e.g. B. Send status information or send control commands, but should not have to process any information from the distributed database system (or the network application).
- the system SYS for example, include a receiving device E (without the sending device S, the receiving device E corresponds to the system SYS), this can be advantageous if the devices (D1-D3) are only supposed to receive data, for example, and process them without to send / send messages back to the distributed database system (or to the network application).
- information about the status of the processing of the messages by the devices could be transmitted via another communication channel (for example by means of sensors which communicate with the distributed database system or the network via a third communication network or via the first communication network werk application are connected).
- the receiving device E comprises a first communication interface 210 (e.g. a network interface to one
- Ethernet network an identification module 220, a conversion module 230 and a second communication interface 240 (e.g. a network interface to an Ethernet network), which are communicatively connected to one another via a bus 201.
- second communication interface 240 e.g. a network interface to an Ethernet network
- the receiving device E is communicatively connected via a first bus BEI to the first communication interface Nil and communicatively connected to the second communication interface NI2 via a second bus BE2.
- the communication interfaces of the receiving device or the transmitting device can, for example, also be referred to as a communication module or network interface.
- the first communication interface 210 is set up to communicate with a distributed database system or a network application and is connected to the first bus BEI.
- the first communication interface 210 is thus communicatively connected to the first communication interface Nil of the system SYS via the first bus BEI.
- the first communication interface is set up to receive first messages (for example the first transaction Tla and / or further transactions of the first block B1) or data from the distributed database system (or the network application).
- the first messages or data are stored, for example, in a data format (for example an XML data format) of the distributed database system (or the network application).
- the identification module is set up to use the data or the respective message content of the data or the respective message content of the first messages to calculate an assignment for which devices a corresponding first message TE (e.g. the first message is a message of the first one) Messages) or the (corresponding) data is or are determined.
- the (corresponding) data or a corresponding message content can be a digital signature, a digital certificate, a device address (e.g. a network address), a specific technical task, a unique identifier (e.g. a UID) or a combination thereof, from which the device or devices can be determined.
- the data or the message or the message content can include an indication that the devices are intended to perform a specific technical task.
- the identification module 220 then identifies which devices are suitable for performing this task. For example, the The task must be that a reserve power plant should provide a specified output (eg 500 MW) within a specified time (e.g. 4 hours) for a specified period (e.g. 24 hours). The identification module 220 then determines the devices that are necessary for the implementation of such a task.
- the first device D1 can be a gas turbine with a power of 200 MW
- the second device can be a gas turbine with a power of 200 MW
- the third device can be a gas turbine with a power of 200 MW. If the automation network or the devices are able to perform the task, a corresponding confirmation message is sent to the distributed database system (or the network application). If the automation network or the devices are not able to perform the task, a corresponding rejection message for the task is sent to the distributed database system (or the network application).
- the assignment can, for example, be implemented as an assignment data record which, for. B. includes the corresponding information for assignment.
- This can be, for example, a digital certificate of the device, a device address (e.g. a network address), a unique identification (e.g. a UID) or a combination thereof.
- the assignment or the assignment data record can include further data, for example.
- These can be device properties, for example, the z. B. specify which data (or parts of data) z. B. of data or messages or of a corresponding message content (z. B.
- the message content of the first message or the first message itself can be processed by a corre sponding device (ie by a specific device) and / or which data or which Data of the message and / or the message content for the device must be converted.
- the assignment can also include, for example, specific conversion information on how the data or the corresponding message content or the corresponding message must be converted.
- (the corresponding) data or a corresponding message or a corresponding message content, for. B. can be assigned to a device that can process this data or this message or the corresponding message content.
- Such a device, which is assigned in this way can also be referred to as an assigned device, for example.
- the conversion module 230 is set up to convert the data or the message content of the corresponding first message TE (for example the first message is a message of the first messages) into a data format for the assigned device (for example the first device DI) convert.
- the assigned device is used to check which data or which data of the message content can be processed by the device at all and / or it is also checked using the assigned device via how these data can be converted for a corresponding device.
- control of the reserve power plant which is stored in the message, it can be converted into specific control commands for the devices or generators.
- the control commands are determined according to the requirements of the task.
- the first two devices or gas turbines are used or driven at full power and the third gas turbine only at half power in order to achieve the required 500 MW power.
- the data format is z. B. a proprietary data format of the devices.
- the second communication interface 240 is set up to transmit the converted message content to the device that is assigned to the corresponding first message.
- the second communication interface 240 is connected to the second bus BE2 and protrudes this communicatively communicates with the second communication interface NI2 of the SYS system.
- the data or the corresponding message content, which is transmitted to the corresponding device or devices, can, for.
- the conversion module 230 is an optional module in particular. This is the case, for example, when the data or the message content of the corresponding first message does not have to be converted or the data or the message content or the corresponding first message has a data format which can be processed by the devices.
- the converted message content (or the converted data) corresponds to the (unconverted) message content of the corresponding first message (or the unconverted data) when transmitted to the device or devices. Consequently, for example, the corresponding first message is sent to the device or the corresponding devices as a second message. Consequently, the message content of the corresponding first message corresponds to the converted message content, in particular for other embodiments of the receiving device.
- the receiving device can include the following features:
- a first communication interface for example, a first communication interface
- the first network interface is set up to communicate with a distributed database system or a network application
- the first communication interface is set up to receive data or first messages from the distributed database system or the network application;
- an identification module for example an identification module, wherein for example, the identification module is set up to use the data or the respective message content of the first messages to calculate an association for which devices a corresponding first message or the data is / are intended;
- a second communication interface for example, a second communication interface
- the second communication interface is set up to transmit the data or the converted data or the converted message content and / or the message content of the corresponding first message (and / or the first message itself) to the device that corresponds to the first Message is assigned.
- the receiving device retrieves a device status from the device associated with a corresponding first message TE or the data (for example device D1). A transfer to the assigned device depends on the device status called up.
- a data record about the available device resources and / or current device properties can also be called up.
- the second turbine (second device) currently has a reduced power due to wear or a technical defect
- this can be taken into account, for example, when determining the devices and also taken into account when converting or creating the control commands for starting or controlling the gas turbines
- the first and the third device can be full Power is used or started and the second device is used accordingly with half the power.
- the transmission to the corresponding device or devices takes place if predefined requirements of the data or the corresponding first message TE are met by the assigned device, for example by checking the fulfillment of the previous requirements on the basis of the device status.
- the technical task can be determined for example by the specified requirements.
- the specified requirements can be stored in a corresponding data record of the corresponding first message TE or the data.
- the previous requirements can, for example, be a requirement to provide 500 MW for 24 hours on a given date (e.g. July 9, 2018 at 2:43 p.m.) at a given location or region (e.g. Kunststoff or Bavaria or Germany).
- the previous requirements can include, for example, manufacturing instructions or the manufacturing specifications in order to, for example, B.
- a gearbox or gearbox parts on a specified date e.g. July 9, 2018 at 2:43 p.m.
- a specified location or region e.g. Munich or Bavaria or Germany
- a counter precision e.g. deviation of CAD data by max. times 1 mm.
- the specified requirements can, for example, also include or include control commands.
- the specified requirements give z. B. before that the required control commands, for example from one of the devices or the corresponding device should already be executed before the data or the corresponding messages or message content (z. B. the converted message content) are transmitted to the devices.
- the prerequisite control commands can also concern further devices, the further devices for example Devices of another automation network.
- the further automation network e.g. a distribution network for fuel
- control commands e.g. turbines, Gas turbines
- corresponding messages or transactions in the distributed database system can be read out or checked, which, for example, confirm execution of the required control commands.
- These corresponding messages or transactions can, for example, be referred to as confirmation transactions and are commanded by the corresponding devices, for example, after execution of the required control, e.g. B. by means of the transmission device S, stored in the distributed database system (or in the network application).
- confirmation transactions can include, for example, information about the execution of the required control commands (e.g. location, time and execution time of the required control commands), device properties (e.g. which devices have executed the required control commands), device states (e.g. B. was the Ge advises in a regular operating state, it was in a maintenance state).
- the control commands presented are also advantageous in that the automation network AN and the devices are a production system (e.g. the devices are production machines).
- the prerequisite control commands can also be used to ensure that a workpiece to be manufactured is in a (production) state so that the control instructions of the (converted) message content to be transferred or the data to be transferred are carried out correctly for further processing of the workpiece can be.
- the (current, converted) message content or the (current, converted) data with control commands that is to be transmitted is, for example, intended for a polishing machine ((for example, the second device D2) (that is, should be transmitted to it) that picks up and polishes the corresponding workpiece at the specified position.
- a polishing machine (for example, the second device D2) (that is, should be transmitted to it) that picks up and polishes the corresponding workpiece at the specified position.
- the preceding control commands are also advantageous in that the automation network AN and the devices are, for example, networked ATMs or ATMs.
- the required tax provisions can also be used to ensure that a cash payment is made by an automated teller machine (e.g. by the device Dl) if the bank customer has previously been authenticated and confirmed in corresponding confirmation transactions by the distributed customer Database system (or the network application) has been saved.
- the prerequisite control commands that is, the specified requirements
- a user authentication or user authentication by means of a predetermined authentication method z. B. two-factor authentication, pin input
- the receiving device E only then transmits the corresponding (converted) data or the corresponding (converted) message content (the corresponding first message) with control commands to the device (for example the ATM) if z. B. in the distributed database system (or in the network application) there is a confirmation transaction which, for example, confirms successful user authentication or user authentication.
- the control commands are then used, for example, to configure the money counter that the user or Bank customers requested amount of money is provided and then the flap is opened to withdraw money.
- the sending device S is designed to transmit the corresponding messages or confirmation transactions, if necessary for the required control commands, to the distributed database system (or to the network application) or in the distributed database system (or in the Network application) when the devices have successfully executed the corresponding required control commands or control command. If the execution was not successful, for example, this can also be saved in confirmation transactions or corresponding messages in the distributed database system (or in the network application).
- the conversion module 230 is e.g. B. set up the data or the message content of the corresponding first message TE (z. B. the first message is a message of the first messages) in a data format for the assigned device (z. B. the first device Dl) convert.
- old devices so-called legacy devices
- the assigned device is used to check which of the data or parts of the data or data of the message content can be processed by the device (for example the assigned device) and / or the assigned device is used to check how this data relates to a corresponding device Device (e.g. the assigned device) can be converted.
- the conversion module is then set up, for example, to check for the devices (e.g. using the assignment, which was calculated, for example, for the determination of a corresponding device), such as this data (e.g. the message content or the message or parts of the data) for that corresponding device (e.g. the assigned device) must be converted.
- this data e.g. the message content or the message or parts of the data
- control of the reserve power plant which is stored in the data or in the message, can be converted into specific control commands for the devices (for example the assigned device) or generators.
- the control commands are determined according to the requirements of the task. For example, the first two devices or gas turbines are used or driven at full power and the third gas turbine only at half power in order to achieve the required 500 MW power.
- the data format is z. B. a proprietary data format of the devices.
- data can also be used, for example, instead of first messages or the message content of the first message TE.
- the data can be, for example, the first messages or the first message or the message content of the first message or data of a communication link.
- the receiving device can comprise the following features:
- a first communication interface for example, a first communication interface
- the first network interface is set up to communicate with a distributed database system (or a network application),
- the first communication interface is set up for data or receive first messages from the distributed database system (or the network application);
- an identification module for example an identification module, wherein
- the identification module is set up to calculate an assignment based on the data or the respective message content of the first messages. B. to determine for which devices a corre sponding first message is intended;
- the conversion module is set up to convert the data or the message content of the corresponding first message TE into a data format for a device (e.g. a device determined by the assignment, such as a legacy device or one of the devices D1-D3 ) to convert,
- a device e.g. a device determined by the assignment, such as a legacy device or one of the devices D1-D3
- the conversion module is set up to use the device (for example, using the corresponding assignment for a corresponding device) to check which data (or data parts) z.
- the device for example, using the corresponding assignment for a corresponding device
- the data or the message content can be processed by the device
- the conversion module is set up to check for the devices (e.g. using the assignment that was calculated, for example, for the determination of a corresponding device) such as this data (e.g. the message content or the message). or parts of data are to be converted for the corresponding device (e.g. the assigned device); for example, a second communication interface, where
- the second communication interface is set up for this purpose, the data and / or the converted data and / or the convert message content and / or the message content of the corresponding first message (and / or the first message itself) to the device that is assigned to the corresponding first message.
- the receiving device can comprise the following features:
- a first communication interface for example, a first communication interface
- the first network interface is set up to communicate with a distributed database system (or a network application),
- the first communication interface is set up to receive data or first messages from the distributed database system (or the network application);
- the conversion module is set up to convert the data or the message content of the corresponding first message TE into a data format for a device (for example an assigned device such as a legacy device or one of the devices D1-D3 or z. B. to convert a device determined by the assignment, such as a legacy device or one of the devices D1-D3),
- the conversion module is set up to use the device to check which data (or data parts) z. B. the data or the message content can be processed by the device, for example the conversion module is set up to check for the device (z. B. the assigned device) how this data (or parts of data) are to be converted for the corresponding device (e.g. the assigned device);
- a second communication interface for example, a second communication interface
- the second communication interface is set up to transmit the converted message content and / or the message content of the corresponding first message (and / or the first message itself) to the device which is assigned to the corresponding first message.
- the receiving device can comprise the following features:
- a first communication interface for example, a first communication interface
- the first communication interface is set up to receive data or first messages from the distributed database system (or a network application);
- the conversion module is set up to have the data or the message content of the corresponding first message TE (e.g. the first message is a message of the first messages) in a data format for a device (e.g. an associated device such as e.g. to convert a legacy device or one of the devices D1-D3 or e.g. a device determined by the assignment such as a legacy device or one of the devices D1-D3),
- a device e.g. an associated device such as e.g. to convert a legacy device or one of the devices D1-D3 or e.g. a device determined by the assignment such as a legacy device or one of the devices D1-D3
- the conversion module is set up to use the device to check which data (or data parts) z. B. the data or the message content can be processed by the device, for example the conversion module is set up to check for the device (e.g. the assigned device) how this data (or parts of data) for the corresponding device (e.g. the assigned device) Device) are to be converted;
- a second communication interface for example, a second communication interface
- the second communication interface is set up to transmit the data and / or the converted data and / or the converted message content and / or the message content of the corresponding first message (and / or the first message itself) to the device, that of the corresponding first Message is assigned.
- the receiving device can comprise the following features:
- a first communication interface for example, a first communication interface
- the first communication interface is set up to receive data or first messages from the distributed database system (or the network application);
- the conversion module is set up to have the data or the message content of the corresponding first message TE (e.g. the first message is a message of the first messages) in a data format for a device (e.g. an associated device such as e.g. a legacy device or one of the devices D1-D3 or e.g. one assigned by the certain device such. B. to convert a legacy device or one of the devices D1-D3),
- a device e.g. an associated device such as e.g. a legacy device or one of the devices D1-D3 or e.g. one assigned by the certain device such. B. to convert a legacy device or one of the devices D1-D3
- the conversion module is set up to use the device to check which data (or data parts) z. B. the data or the message content can be processed by the device, for example the conversion module is set up to check for the device (e.g. the assigned device) how this data (or data parts) for the corresponding device (e.g. the assigned device) are to be converted;
- a second communication interface for example, a second communication interface
- the second communication interface is set up to transmit the data and / or the converted data and / or the converted message content and / or the message content of the corresponding first message (and / or the first message itself) to the device, that of the corresponding first Message is assigned.
- the device for which the message content of the first message TE and / or the first message TE is converted can be converted, for example, on the basis of the device assigned to the data or to the message content and / or the first message TE.
- This can e.g. B.
- On the basis of the assignment and / or the assignment data record and the data stored therein can be controlled by z. B. include the assignment and / or the assignment data record corresponding information or instructions for the conversion.
- the receiving device can include the following features: for example, a first communication interface, where
- the first communication interface is set up to receive data or first messages from the distributed database system (or the network application);
- the conversion module is set up to convert the data or the message content of the corresponding first message TE (e.g. the first message is a message of the first messages) into a data format,
- a device e.g. an assigned device such as a legacy device or one of the devices D1-D3 or e.g. a device determined by the assignment such as a legacy device or one of the devices D1-D3
- a device e.g. an assigned device such as a legacy device or one of the devices D1-D3 or e.g. a device determined by the assignment such as a legacy device or one of the devices D1-D3
- the device is assigned by means of / to the assignment of the data or the message content of the corresponding first message TE or the first message TE, for example the conversion module is set up to use the device to check which data (or data parts) z. B. the data or the message content can be processed by the device,
- the conversion module is set up to check for the device (e.g. the assigned device) how these data (or data parts) are to be converted for the corresponding device (e.g. the assigned device);
- a second communication interface for example, a second communication interface, where for example the second communication
- Interface is set up to transmit the data and / or the converted data and / or the converted message content and / or the message content of the corresponding first message (and / or the first message itself) to the device that is assigned to the corresponding first message.
- Data parts or part of the data or parts of the data are understood to mean, for example, a data area (for example an address area or a memory area) and / or data types where, for example, binary data and / or text-based data (for example XML Data or JSON, ASCII data), which preferably have a specific data format.
- binary data is e.g. B. is data from a binary file and the text-based data is, for example, data from a text file.
- the receiving device can also be an identification module, as is explained in the various variants and exemplary embodiments of the receiving device.
- the receiving device can convert the message TE itself or also the data (for example the first messages) of a communication link and / or assign it to a device and / or transmit it to the assigned device.
- the first communication interface is e.g. B. set up to communicate with a distributed database system (or a network application).
- the first communication interface is set up to receive data or first messages from the distributed database system (or the network application) and / or to communicate with the distributed database system (or the network application) via a communication link, and e.g. B. Exchange data with the distributed database system (or the network application).
- the identification module is set up to calculate an assignment based on the data or the respective message content of the first messages or the first messages or a message TE of the first messages or the data of the communication link. B. to determine for which devices the data or a corresponding first message TE or first messages or the message content of a message (or messages) or the data of the communication link are intended.
- the identification module z. B. data (z. B. the respective message content of the first messages or the first messages or the first message TE of the first messages or the data of the communication link or the message content) to a corresponding device.
- the conversion module is set up to convert the data or the message content of the corresponding first message TE or the first messages or the first message or the data of the communication link into a data format for a device (for example a device determined by the assignment such as, for B. to convert a legacy device or one of the devices D1-D3).
- a device for example a device determined by the assignment such as, for B. to convert a legacy device or one of the devices D1-D3
- the conversion module is set up to use the device (for example, using the corresponding assignment for a corresponding device or the assigned device) to check which data, for. B. the message content or the data of the communication link or the messages or the first message can be processed by the device.
- the conversion module is set up to check for the device (e.g. using the assignment that was calculated, for example, for the determination of a corresponding device) such as this data (e.g. the message content or the message) for the corresponding device (e.g. the assigned device).
- this data e.g. the message content or the message
- the second communication interface is set up to transmit the converted data to the device that is assigned to the corresponding data.
- the converted data may be the respective converted message content of the first messages or the converted first messages or the converted message content or the converted first message TE of the first messages or the converted data of the communication link.
- a network application (or also called a network application) can also be used.
- the receiving device can include the following features, for example:
- a first communication interface for example, a first communication interface
- the first communication interface is set up to receive data from a network application
- the conversion module is set up to convert the data into a data format
- a device e.g. an assigned device such as a legacy device or one of the devices D1-D3 or e.g. a device determined by the assignment such as a legacy device or one of the devices D1-D3
- a device e.g. an assigned device such as a legacy device or one of the devices D1-D3 or e.g. a device determined by the assignment such as a legacy device or one of the devices D1-D3
- the device is assigned by means of an assignment of the data,
- the conversion module is set up to use the device to check which data (for example which part of the data or which part of the data) z. B. the data can be processed by the device, for example the conversion module is set up to check for the device (e.g. the assigned device) how this data (e.g. the corresponding part of the data) for the corresponding device ( e.g. the assigned device) is to be converted;
- a second communication interface for example, a second communication interface
- the second communication interface is set up to transmit the converted data to the device that is assigned to the data or data parts.
- the receiving device can comprise, for example, an identification module, wherein, for example, the identification module is set up to calculate the assignment on the basis of the data in order, for. B. to determine for which devices the data is intended.
- the receiving device comprises, for example, a first communication interface 210, for example the first communication interface being set up to receive data from a network application.
- the receiving device comprises, for example, a conversion module, for example the conversion module being set up to convert the data into a data format for a device assigned to the data.
- the conversion module is set up to determine whether and / or how for the (assigned) device this data is to be converted for the corresponding (assigned) device (e.g. the assigned device).
- the receiving device comprises, for example, a second communication interface (240), wherein, for example, the second communication interface is designed to transmit the converted data and / or the data to the device that is assigned to the data.
- a second communication interface (240)
- the second communication interface is designed to transmit the converted data and / or the data to the device that is assigned to the data.
- the receiving device comprises, for example, a first communication interface, for example the first communication interface being set up to receive data from a network application.
- the receiving device comprises, for example, a conversion module, wherein, for example, the conversion module is set up to determine a conversion check result for the data.
- the conversion test result gives z. B. on whether and / or how the data example to be converted into a data format for the device assigned to the data.
- the determination of the conversion check result is preferably device-specific for a device assigned to the data (or the device assigned to the devices) in order, for. B. determine whether the assigned device can process the corresponding data (or parts of the data) and / or if necessary, to vertically convert the data or parts of the data specifically for the assigned device.
- the conversion module is e.g. B. set up to determine the conversion test result for the data, z. B. the conversion test result depending on the assigned device is determined.
- the conversion test result it is checked, for example, whether the ordered device can process the data (at all) and / or it is also checked using the assigned device how this data is converted for a corresponding device so that the assigned device can process this data e.g. B. can process.
- the conversion test result then gives e.g. B. whether and / or how the data are to be converted, for example, into a data format for the device assigned to the data.
- the conversion module z. B. set up to convert the data depending on the conversion test result in the data format for the device assigned to the data.
- the receiving device comprises, for example, a second communication interface, for example the second communication interface being set up to transmit the converted data and / or the data to the device which is assigned to the data.
- the conversion module is set up to use the device to check which data (for example which part of the data and / or all data) of the data can be processed by the (assigned) device.
- the result of this check is stored, for example, in the conversion test result, for example that
- the conversion test result indicates which parts of the data or whether the data as such are to be converted for the assigned device.
- the conversion check result includes e.g. B. device-specific conversion instructions for the data, for example to convert the data specifically for the assigned device, so that the assigned device z. B. can process the corresponding data (e.g. also the parts of the data to be converted).
- the device properties and / or the current devices can be used for the test. properties and / or device information of the assigned device are taken into account.
- the device information can also include the corresponding device properties (e.g. current device properties), for example.
- the data can be in a text format, XML format or JSON format, but the assigned device can (only) process a certain binary data format according to its device properties. This is then determined during the check and the conversion test result then includes, for example, information that the data must be converted for processing by the device and / or can additionally include, for example, instructions on how the data are to be converted.
- data types that are incompatible with the assigned device can also be used in the data. These can be, for example, double data types, big integer data types or date formats that the assigned device cannot process. For this too, z. B. a corresponding conversion can be made, as has already been shown for other examples ge.
- the conversion module preferably only converts the data that cannot be processed by the device (or are incompatible).
- the converted parts of the data and the parts of the data that the assigned device was able to execute are then merged again into (converted) data (or a data record) which, for. B. can be processed as a whole by the assigned device.
- These converted data (or data record) are then transferred to the assigned device accordingly.
- the assigned device can, for example, only process dates up to a certain point in time (e.g. December 31, 1999).
- z. B. current dates (1.1.2018) can be converted into a processable date (e.g. 1.1.1988).
- the incompatible data parts e.g. dates that lie after December 31, 1999
- a conversion rule for the device-specific conversion instructions e.g. current date - 30 years
- advised e.g. 1.1.1988
- corresponding data or parts of the data can be assigned standard values (e.g. an empty string, a date in a valid format that is e.g. not the current date). B. at least other parts of the data can be transmitted.
- the receiving device comprises an identification module (if not yet available), the identification module being set up in particular to use the data to calculate an assignment for which devices the data is intended, for example, and the identification module being set up for this purpose, for example to calculate an assignment or the assignment based on the data, for example to determine the assigned device.
- the identification module being set up in particular to use the data to calculate an assignment for which devices the data is intended, for example, and the identification module being set up for this purpose, for example to calculate an assignment or the assignment based on the data, for example to determine the assigned device.
- the identification module uses the data to calculate (or determine) which ches device to process the data. Accordingly, such a device is then, for example, by means of the assignment, for.
- assignment data record in the form of an assignment data record, assigned to the data.
- the assignment or the assignment data record can include, for example, device information or device properties of the assigned device.
- This assignment or the assignment data record can then be used, for example, by the conversion module, for example to B. to check which data (e.g. which part of the data and / or all data) of the data can be processed by the assigned device.
- these can additionally each include, for example, a configuration interface and / or a fan and / or a monitoring module.
- the configuration interface for example, updates or firmware versions can be imported.
- the fan z. B. the receiving device can be cooled ge.
- the monitoring module the state and / or the operating behavior of the corresponding receiving device can be monitored and z. B. saved in a file (e.g. a logging file).
- the transmission device S comprises a first communication interface 310 (e.g. a network interface to one
- Ethernet network an identification module 320, a conversion module 330 and a second communication interface (e.g. a network interface to an Ethernet network) 340, which are communicatively connected to one another via a bus 301.
- second communication interface e.g. a network interface to an Ethernet network
- the first communication interface 310 is set up to communicate with the devices.
- the first communication interface 310 is connected to the third bus BS1 and is therefore communicatively connected to the second communication interface NI2 of the system SYS.
- the first communication interface is set up to receive first messages or data from the devices. there are the the dates or the first messages z. B. stored in a proprietary data format of the devices.
- the identification module 320 is set up to use the data or the respective message content of the first messages to calculate an assignment of which device has sent a corresponding first message NS or the data.
- the data or a corresponding message content can identify a digital signature, a digital certificate, a device address (e.g. a network address), a device status (e.g. a device status) or a unique identifier (e.g. a UID), on the basis of which the corresponding device or devices can be determined.
- the data or the message or the message content can include a device status, to what degree the technical task has been fulfilled by the devices or the automation network.
- the devices do not deliver the required performance in total.
- the total output can only be 300 MW.
- individual messages can be sent through the devices, which can be, for. B. to what degree or to what extent they have each fulfilled the technical task (e.g. first device 50 MW, second device 100 MW, third device 150 MW he brought power).
- the sending device S or another device (e.g., which has sent the message to the sending device S ge) of the automation network AN then calculate to what extent the technical task has been accomplished.
- the missing part of the power can, for example, be sent again as a message via the distributed database system (or the network application) to a further automation network of a coal-fired power plant or a wind power plant as a second message TS. These can then, for example, provide the performance deficit in energy generation.
- the second message TS is then, for example, in Transactions (e.g. the twelfth transaction T3d) of the distributed database system (or the network application) are stored or the second message (e.g. the twelfth transaction T3d) is already one in the distributed database system (or the Network application) saved transaction after it was successfully sent or transferred.
- the conversion module 330 is set up to convert the data or the message content of the corresponding first message NS into a data format for the distributed database system (or the network application).
- the data or the message content of the corresponding first message can be converted into a general data format (e.g. XML or according to an XML schema) that is compatible with the distributed database system (or the network application).
- a general data format e.g. XML or according to an XML schema
- the conversion module 330 is an optional module in particular. This is the case, for example, if the data or the message content of the corresponding first message does not have to be converted or the message content or the corresponding first message has a data format which is processed by the distributed database system (or the network application) can. In such a case, the converted message content or the converted data corresponds to the (unconverted) message content of the corresponding first message when it is transmitted to the network application or the distributed database system. Consequently, for example, the corresponding first message is sent as a second message to the distributed database system (or the network application) or, analogously, the unconverted data is sent to the distributed database system or the network application. Consequently, in particular for corresponding embodiments of the sending device, the message content of the corresponding first message may correspond to the converted message content.
- the transmission device can include the following features:
- a first communication interface for example, a first communication interface
- the first communication interface is set up to communicate with devices
- the communication interface is set up to receive first messages or data from the devices
- an identification module for example an identification module, wherein
- the identification module is set up on the basis of the data or the respective message content of the first messages, an assignment is calculated which device sent a corresponding first message;
- a second communication interface for example, a second communication interface
- the second communication interface is set up to communicate with a distributed database system (or a network application), for example the communication interface is set up for the data or the converted data or the converted message content and / or the message content of the corresponding first message (and / or to transmit the first message itself) to the distributed database system (or the network application).
- the second communication interface 340 is set up to transmit the converted message content or the converted data to the distributed database system (or the network application).
- the second communication interface 340 is with the fourth bus BS2 is connected and is communicatively connected via this to the second communication interface NI2 of the SYS system.
- the (corresponding) data or the corresponding message content that is transmitted to the distributed database system (or the network application) can, for. B. in the form of a second message TE to the devices / the device.
- the second message TE can be, for example, a transaction of the distributed database system (or the network application), the second message comprising / storing the converted message content or the converted data.
- the transmission device S and the reception device E can each comprise an independent cryptography module in different variants. This is advantageous in order to increase the security, since z. B. have received unauthorized access to the cryptographic data of one of the cryptography module, this unauthorized person does not automatically get access to the other cryptographic data of the other cryptographic module.
- the sending device S and the receiving device E can use a common cryptography module. This is advantageous in order to keep the manufacturing costs for the individual modules low.
- the corresponding cryptographic data can be shared between the sending device S and / or the receiving device E.
- the cryptography module is preferably provided with a tamper protection module (e.g. tamper protection module).
- a tamper protection module e.g. tamper protection module
- the cryptography module can comprise a mechanical and / or an electrical and / or electronic and / or electromechanical protection device. This can be realized, for example, by the cryptography module storing the cryptographic data for the devices in a protected memory module or memory (for example a key memory), the data of which (only) the cryptography module can access. Accordingly, this memory and / or the cryptography module are protected by a steel housing (mechanical
- the z. B. prevents access by unauthorized persons.
- the cryptography module or the memory can be protected by a protective film against drilling. As soon as someone tries to access the memory in an unauthorized manner or via an unauthorized interface, e.g. B. deleted the cryptographic data.
- the cryptography module includes, for example, cryptographic data specific to the devices (device-specific cryptographic data).
- the cryptographic data can be, for example, one or more cryptographic keys that have been calculated specifically for a particular device.
- the cryptographic keys can e.g. B. are symmetric cryptographic keys or asymmetric cryptographic keys (e.g. a public / private key pair).
- This cryptographic data can, for example, be stored permanently in or by the cryptography module.
- the cryptographic data can be deleted from the cryptography module after a predetermined time (for example if a corresponding device has not communicated any data / messages for a few hours). If the corresponding device communicates again later, the necessary cryptographic key can be recalculated.
- the cryptographic data can be calculated in a reproducible manner for a respective device or calculated again.
- unique device-specific data of the corresponding device can be used. Unique device-specific data are, for example, a UID of the device, a unique identifier that was calculated on the basis of sensor data characteristic of the device - e.g. B. a calculated characteristic for a noise signal, the was determined by a sensor of the device.
- This unambiguous device-specific data can be used, for example, in combination with a secret starting value (e.g. a seed), which is securely stored or managed, for example, by the cryptography module, in order to recalculate the corresponding cryptographic data.
- a secret starting value e.g. a seed
- a first secret starting value can be used to calculate the cryptographic data for the transmitting device and a second secret starting value can be used to calculate the cryptographic data for the receiving device.
- the calculations mentioned are preferably carried out by the cryptography module, so that e.g. B. the algorithms used and temporarily calculated data are protected from unauthorized access.
- the cryptography module can then, for example, load, calculate or access the corresponding cryptographic data using the assigned device.
- the cryptographic data can also be loaded, for example, by first using the device-specific data and / or device-specific data (for example, send device-specific data and / or receiver-device-specific data) to add another cryptographic data
- the (device-specific) cryptographic data are - as already mentioned - preferably stored by or in the cryptography module.
- a UID of a corresponding device is combined with a secret starting value of the transmitting device S and / or the receiving device E and / or the system SYS in order to form the further cryptographic key in order to decrypt the cryptographic data in the case of example.
- the further cryptographic key z. B. the data are combined into a combined character string (UID + secret start value).
- the combined character string or part of the combined nated character string as an input parameter for a key derivation function, a corresponding key being able to be derived in a reproducible manner, provided, for example, B.
- the content-identical / identical character string is used as an input parameter.
- the sending device S for example, by means of the corresponding cryptographic data, at least some of the data or the message content of the corresponding first message can be cryptographically protected device-specifically for the assigned device (for example, a device-specific cryptographic protection can be generated). This cryptographic protection takes place, for example, before sending the message content or data.
- a receiving device E at least part of the data or the message content of the corresponding first message is checked and / or decrypted for an assigned device using the cryptographic data.
- a device-specific cryptographic protection is to be understood to mean that e.g. B. the data or the messages (or their message content), which originate from a corresponding device, are protected by means of the device-specific cryptographic data, in order to make an authenticity of the corresponding data or the corresponding messages or the message content preferably verifiable.
- the sending device S this is advantageous in that, in particular, the messages that are sent to (and / or stored by) the distributed database system (or the network application) are cryptographically protected (or messages that were sent by the devices) to be checked cryptographically, e.g. analogous to the receiving device).
- This can be done, for example, by the corresponding data or the corresponding message content being protected and / or encrypted using a (cryptographic) checksum.
- the sending device S can include, for example, a first cryptographic key (this is, for example, specific to the device). with which, for example, a checksum about the data or the messages or the message content is formed.
- the message content or the data can be encrypted with this first cryptographic key, for example.
- a recipient of the message or the data can for example use the first cryptographic key (in the case of a symmetrical cryptographic method) or a second cryptographic key which is assigned to the first cryptographic key (e.g. in the case of an asymmetrical cryptographic method in the e.g. ,
- the first key is a private key and the second key is a public key
- the corresponding key material may have been transmitted to the receiver, for example, via a secure channel.
- the cryptographic data (e.g. the cryptographic key), for e.g. B. the transmitting device S, he can have been generated for example based on device-specific data or unique device-specific data of a corresponding device (e.g. a UID of the device, a random number that was generated by the corresponding device, or based on characteristic sensor data for the device was calculated - e.g. a calculated characteristic for a noise signal, which was determined by a sensor of the device).
- the cryptographic data is a combination of (unique) device-specific data and transmission device-specific data (e.g.
- a UID of the transmission device a random number that was generated by the transmission device, or was calculated on the basis of sensor data for the transmission device - e.g. a calculated characteristic for a noise signal, which was determined by a sensor of the transmitting device).
- the sensor data can be detected, for example, by a sensor which, for. B. the thermal noise of a
- Circuit of the device or the noise of the transmitter sors themselves can be used.
- This can be, for example (e.g. for the devices or for the SYS system) a token ring network interface of a device or an RS232 interface.
- Also, e.g. B. will use the noise of data acquisition hardware.
- the transmitting device S that the device-specific data and / or device-specific data (e.g. the secret start value) for the corresponding device are used to reproducibly determine the cryptographic data or that this data is used to provide cryptographic protection (e.g. encryption), with which the corresponding cryptographic data of a device is protected, canceled (e.g. decrypted) and / or checked (e.g. a digital signature is checked).
- the device-specific data can, for example, be stored in the message of the corresponding device.
- the device-specific data and / or device-specific data are preferably data which are difficult to forge, e.g. B. a characteristic of a noise signal (e.g.
- this device-specific data and / or (sending) device-specific data would be changed such that, for. B. changed the characteristic such that the cryptographic data become invalid or can no longer be accessed.
- cryptographic data or key material or device-specific data or clearly device-specific data of a corresponding device can also be exchanged by means of a challenge-response method.
- This can be done, for example, by configuring the method on the device side and on the transmitting device side with corresponding initial values (e.g. by Protected memory of the device or the transmitting device are preconfigured corresponding initial values or these initial values are calculated and / or provided by the protected memory) and / or corresponding device-specific data (e.g. a cryptographic key or part of a cryptographic key ) can be called up from the sending device.
- the receiving device E with a cryptography module is advantageous in that, in particular, the messages that are to be transmitted to a corresponding device are to be cryptographically checked (or, for example, to be cryptographically protected analogously to the transmitting device).
- the message creator may have received, for example, a first cryptographic key with which, for example, a check sum of the messages or the message content or the data was received that was received by the receiving device E.
- the message content or the data can also have been encrypted with this first cryptographic key.
- the first cryptographic key in the case of a symmetrical cryptographic method
- a second cryptographic key which is assigned to the first cryptographic key for example in the case of an asymmetrical cryptographic method in which the first key is used, for example
- the corresponding message content or data is decrypted or checked.
- the cryptographic data (for example the cryptographic keys) of the receiving device E can be generated, for example, on the basis of device-specific data or unique device-specific data of a corresponding device (e.g. a UID of the device, a random number which is given by the corresponding device) Device was generated, or was calculated based on sensor data characteristic of the device - e.g. B. a calculated characteristic for a noise signal, which was determined by a sensor of the device).
- a corresponding device e.g. a UID of the device, a random number which is given by the corresponding device
- the sensor data can be detected for the receiving device E and / or the system SYS, for example, by a sensor who, for. B. the thermal noise of a circuit of the device is detected or the noise of the sensor itself is used ver.
- the noise at an unused data interface or also at a ge used data interface can be used. This can be, for example, a token ring network interface of a device or an RS232 interface. Also, e.g. B. will use the noise of data acquisition hardware.
- the cryptographic data for a receiving device E are a combination of device-specific data and receiving device-specific data (e.g. a UID of the receiving device, a random number that was generated by the receiving device, or was calculated on the basis of sensor data for the receiving device - e.g. a calculated characteristic for a noise signal that was determined by a sensor of the receiving device).
- the cryptographic data it is also possible for the cryptographic data to be reproducibly determined by means of the device-specific data and / or receiving device-specific data for the corresponding device.
- cryptographic protection e.g. encryption
- can be canceled e.g.
- a cryptographic key can be calculated on the basis of this data in order to carry out the cryptographic operations required for this.
- the device-specific data of the devices for the receiving device E can be obtained, for example, when the device Stand for a device can be accessed.
- the device-specific data and / or receiver-device-specific data are preferably data which are difficult to forge, e.g. B. a secret start value or a characteristic of a noise signal (z. B. from a sensor or a tamper protection module is detected), which is changed when the device is tampered with such that. B. changed the characteristics such that the cryptographic data become invalid or can no longer be accessed.
- a device has been replaced by a manipulated other device by an unauthorized person, it is very difficult, for example, to duplicate or falsify the characteristic of a noise signal of the original device by the manipulated device.
- the characteristic of the noise signal (of the manipulated device) is now used, for example, to generate a cryptographic key.
- the cryptographic key is now tried z. B. to decrypt the cryptographic data. Since based on the changed characteristics of the noise signal not the correct key for decrypting who could be formed, z. B. the decryption of the cryptographic data unsuccessfully.
- device-specific data or unique device-specific data can also be determined or exchanged using a challenge-response method (for example when a device status is called up), for example by configuring the method on the device side and on the receiving device side with corresponding initial values (e.g. B. in the protected memory of the device or the receiving device corresponding initial values are preconfigured or these initial values are calculated and / or provided by the protected memory) and corresponding device-specific data (e.g. a cryptographic key or part) a cryptographic key) can be called up by the receiving device.
- the transmitting device S and / or the receiving device E can also each comprise an initialization module or use a common initialization module. This initialization module is set up so that, for. B.
- the corresponding cryptographic data be calculated if data are to be received for the first time for this device or are to be sent to it.
- This can e.g. B. generated using the above-mentioned method (a clear device-specific data + seed).
- the transmitting device S and / or the receiving device E can also form virtual devices which have the appropriate interfaces and technical features in order to communicate with the distributed database system (or the network application).
- corresponding virtual devices can be instantiated with a predetermined configuration, the configuration being determined or calculated depending on corresponding device information about the physical device.
- Configuration means, for example, which interfaces and functions a corresponding virtual device should provide.
- the transmitting device S and / or the receiving device E forwards the corresponding information to the old device or legacy device, whereby before the corresponding conversion and processing is carried out as described above.
- B. are not blockchain capable, but should be controlled by a blockchain-based control system.
- the identification module can use the corresponding virtual devices for this, or the identification module is a component / element that is made by one or multiple virtual devices.
- the virtual devices preferably behave like a node of the distributed database system (or of the network application) and emulate or supplement functions for the physical devices which are used for communication or cooperation with the nodes of the distributed database system (or the network application) are missing.
- a corresponding identification module (with virtual devices) for a receiving device E can be implemented as follows, for example.
- the identification module is set up to use the data or the respective message content of the first messages to calculate an assignment for which virtual devices a corresponding first message is intended.
- the virtual devices include z. B. the conversion module and / or the second communication interface or each include its own virtual variant of these or access the conversion module and / or the second communication interface to the data or the messages or the message content to the physical device associated with the corresponding virtual device.
- a receiving device with corresponding virtual devices can have the following features, for example:
- a first communication interface for example, a first communication interface
- the first network interface is set up to communicate with a distributed database system (or a network application),
- the first communication interface is set up to receive first messages or data from the distributed database system (or the network application);
- a corresponding (physical) device e.g. of the automation network AN
- AN corresponding (physical) device
- an assignment is calculated for which the virtual devices a corresponding first message or data is intended;
- the conversion module is set up to convert the data or the message content of the corresponding first message into a data format for the assigned device;
- a second communication interface for example, a second communication interface
- the second communication interface is set up to transmit the data and / or the converted data and / or the converted message content and / or the message content of the corresponding first message (and / or the first message itself) to the device, that of the corresponding first Message is assigned.
- a corresponding identification module for a Sendevor direction S can for example be implemented as follows.
- the identification module is set up to use the data or the respective message content of the first messages to calculate an assignment of the physical device from which a message was received. This assignment is now used to determine which virtual device should process and / or send a corresponding message.
- the virtual devices include the conversion module and / or the second communication interface or each include their own virtual variant thereof or access the conversion module and / or the second communication interface in order to transfer the data or the messages or the message content to the distributed database system (or the network) by means of the corresponding virtual device - application).
- a transmission device S with corresponding virtual devices can have the following features, for example:
- a first communication interface for example, a first communication interface
- the first communication interface is set up to communicate with devices
- the communication interface is set up to receive first messages or data from the devices
- a corresponding (physical) device e.g. an automation network
- a corresponding (physical) device e.g. an automation network
- an assignment is calculated to which device sent a corresponding first message or the data;
- the conversion module is set up to convert the data or the message content of the corresponding first message into a data format for the distributed database system (or the network application);
- a second communication interface for example, a second communication interface, where for example the second communication
- Interface is set up to communicate with a distributed database system (or a network application), for example the communication interface is set up to have the data and / or the converted data and / or the converted message content and / or the message content of the corresponding first message
- the variants mentioned with the virtual devices can, for example, also do without the conversion module if, for example, no data conversion is necessary.
- the variants with the virtual devices can also each comprise a corresponding cryptography module that encompasses the corresponding cryptographic data for one device (physical and / or virtual) and / or for several devices (physical and / or virtual).
- a virtual device can each comprise a corresponding cryptography module, or the virtual devices access a common cryptography module.
- the receiving device E can, for example, be implemented passively or actively.
- the first messages are sent, for example, directly through the distributed database system (or the network application) to the receiving device E or the system SYS (or received by the receiving device E or the system SYS).
- the corresponding messages can z. B. include an indication for which of the devices of the automation network AN the corresponding message is intended.
- the first messages are received indirectly, for example, by the receiving device E or the system SYS.
- the receiving device E or the system SYS detects or receives the messages from the first network NW1, for example using a packet filter or a network analysis tool (e.g. Wireshark) or a tool to retrieve data packets from the network (e.g. WinPCap , libpcap).
- the corresponding messages are e.g. B. not directed to the receiving device E (or the system SYS) or its network address, but are directed to the devices of the automation network AN (eg by specifying a specific device type in the message or its content).
- the receiving device comprises, for example, a device database that includes a directory of the devices of the automation network AN.
- device information on the respective devices can also be stored in this directory, for example.
- the device information can include, for example, general information about a device. This can e.g. B. technical features such as performance, manufacturing speed, energy consumption, manufacturing precision, location of the device or a combination thereof.
- the corresponding device information can also include the device status last received or retrieved.
- the device information can for example also include the corresponding device properties (e.g. current device properties).
- the transmitting device S can, for example, be implemented passively or actively.
- the first messages are sent, for example, directly by the devices of the automation network to the sending device S or the system SYS.
- the corresponding messages can z. B. include an indication for which network application or which distributed database system (if there are several of these systems) or network (for example the first communication network) the corresponding message is intended.
- the first messages are received indirectly, for example, by the transmitting device S or the system SYS.
- the sending device S or the system SYS detects or receives the messages from the second network NW2, for example using a packet filter or a network analysis tool (e.g. Wireshark) or a tool to retrieve data packets from the network (e.g. WinPCap , libpcap).
- the corresponding messages are e.g. B. not directed to the sending device S (or the system SYS) or its network address, but are z.
- the sending device S can also include a device database (e.g. analogous to the receiving device), for example to determine which device has sent a corresponding message. If the messages are initially received passively, for example, such information can be determined, for example, using the send address of the message.
- the device information e.g. B. accessed by means of the Sen de address.
- the invention is advantageous in that z. B. Legacy Ge devices, whose configuration may not be changed, to communicate with a new block chain infrastructure.
- the conversion of the data is carried out by the device or the system.
- the devices eg the transmitting device or the receiving device
- the system can also execute smart contracts for the legacy systems or devices.
- the devices can be made blockchain-compatible without changing anything on these devices.
- these devices or the system comprises the necessary components to communicate with a block chain.
- These are, for example, key stores with cryptographic keys to sign transactions / messages for the block chain or to check corresponding checksums.
- one module, several modules or all modules can be implemented as software components or as hardware components or as a combination of hardware and software components.
- the system and / or the modules and / or the transmitting device and / or the receiving device and / or the distributed database system and / or the network application and / or the network infrastructure of the network application and / or nodes of the network application and / or the nodes of the distributed th database system (e.g. blockchain nodes) and / or devices can, for example, each additionally include a further one or more additional components, such as a processor, a memory unit, further communication interfaces (e.g. Ethernet , WLAN), an input device, in particular a computer keyboard or a computer mouse, and a display device (e.g. a monitor).
- the processor can, for example, include several further processors, which can be used in particular to implement further exemplary embodiments.
- the processor can be, for example, an ASIC that was implemented in an application-specific manner for the functions of a respective module or all modules of the exemplary embodiment (and / or further exemplary embodiments), the program component or the program commands being implemented in particular as integrated circuits.
- the processor may also be an FPGA, for example, which is configured in particular by means of the program instructions in such a way that the FPGA performs the functions of a respective module or all modules of the exemplary embodiment
- the network interfaces can also be formed as integral network interfaces.
- the first communication interface Nil of the system SYS and the first communication interface 210 of the receiving device E and / or the second communication interface 340 of the transmitting device S can be designed as a first integral communication interface.
- the second communication interface NI2 of the system SYS and the second communication interface 240 of the receiving device E and / or the first communication interface 310 of the transmitting device S can be formed as a second integral communication interface.
- the first integral communication interface and the second integral communication tion interface as a common integral communication interface.
- the transmitting device S and / or the receiving device E and / or the system SYS can be designed, for example, as an integral component of one of the devices, the corresponding communication interfaces for communicating with the corresponding device, for example in such a case, a communication interface for one Data bus is (e.g. a PCI interface, a USB interface).
- legacy devices or devices can be connected directly to the distributed database system (or the network application), for example by sending the device S and / or the receiving device E and / or the system SYS in a communication interface of the legacy device or the device is integrated (e.g. as ASIC or FPGA).
- the communication interface of the device can be, for example, an interchangeable network card, for example an old network card having been replaced by a corresponding communication interface according to the invention.
- a communication interface can include the sending device S and / or the receiving device E and / or the system SYS, or the communication interface is designed as the sending device S and / or the receiving device E and / or the system SYS.
- the transmission device comprises the following:
- a first communication interface for example, a first communication interface
- the first communication interface is set up to communicate with devices
- the communication interface is set up to receive first messages or data from the devices;
- an identification module wherein, for example, the identification module is set up on the basis of the data or the respective message content of the first messages, an assignment is calculated which device sent the data or a corresponding first message;
- the conversion module is set up to convert the data or the message content of the corresponding first message into a data format for the distributed database system or for a network application,
- the conversion module is set up to convert the data specifically for the distributed database system or for the network application using the assigned device,
- the conversion module is set up to check which data formats can be processed by the distributed database system or by the network application or by further distributed database systems or other network applications, for example the conversion module is set up to include the data in a convert the compatible data format to the distributed database system or the network application;
- a second communication interface for example, a second communication interface
- the second communication interface is set up to communicate with a distributed database system or the network application
- the communication interface is set up to convert the data or to transmit the converted message content to the distributed database system or the network application.
- the transmission device comprises the following:
- a first communication interface for example, a first communication interface
- the first communication interface is set up to communicate with devices
- the communication interface is set up to receive first messages or data from the devices
- the identification module is set up on the basis of the data or the respective message content of the first messages, an assignment is calculated which device sent the data or a corresponding first message;
- a conversion module (330), for example, the conversion module is set up to determine data format requirements specifically for the device assigned to the data. B. are predefined by the assigned device Ge,
- the conversion module is set up to determine a test result about which data formats can be processed by distributed database systems or network applications.
- a second communication interface for example, a second communication interface
- the second communication interface is set up to transmit the converted data or the converted message content to the distributed database system or the network application.
- the conversion module can be set up to convert the data or the message content of the corresponding first message into a data format for the distributed database system or for a network application.
- B. is predetermined by the assigned device.
- the conversion module can be set up to select the (corresponding) distributed database system from the distributed database systems or the (corresponding) network application from the network applications on the basis of the test result and / or the data format requirements.
- the second communication interface can be set up to convert the converted data
- the network application is the selected network application or the distributed database system is the selected distributed database system.
- the data format requirements can be predetermined, for example, by the assignment and / or device properties (of the assigned device) that are stored in the assignment (or an assignment data record). For example, if multiple distributed database systems or multiple network applications meet the data format requirements - that is, they are each compatible with the data format requirements - B. for the ever compatible distributed database systems or because each compatible network applications are converted and / or respectively transferred to them. Compatible means, for example, that the respective distributed database system or the respective network application supports and / or can process at least one data format of the data format requirements.
- the data format specifies, for example, a format for data that can be processed by the network application or the distributed database system.
- the network application or the distributed database system can also be used for data conversion (or for converting the data) and / or data transmission (for the converted data or data). can be selected that meets an additional selection criterion.
- the selection criterion can be, for example, reliability, cryptographic requirements (for example key lengths used, cryptographic protocols) or requirements for the corresponding infrastructure (for example there must be at least a predetermined number of nodes or the network application or the distributed database system are, for example, implemented as a cloud service) which are to be supported by the network application or the distributed database system. For example, only a distributed database system or a network application is selected that best fulfills the selection criterion.
- the second communication interface can be set up with the distributed database systems (for example the distributed database system or the further distributed database systems or the selected distributed data system).
- the distributed database systems for example the distributed database system or the further distributed database systems or the selected distributed data system.
- tenbank system or the network applications (e.g. the network application or the other network applications or the selected network application) to communicate z. B. to retrieve the supported data formats of the network applications or the distributed database systems and / or to transmit the converted data.
- the data can be, for example, the first messages or the first message or the message content of the first message or data of a communication link.
- a decentralized infrastructure with old or legacy devices.
- old devices e.g. legacy devices
- a new blockchain-based infrastructure This is advantageous, for example, for energy supply networks, the control of which is converted to a block chain infrastructure, but not every individual device in the existing energy supply network is replaced.
- the invention allows, for example, that.
- B. a device sends messages (e.g. with control commands or status messages for processing control commands) to the distributed database system or the network application, the transmitting device being arranged communicatively between the devices and the distributed database system (or the network application) and the assignment and / or transmission of the respective messages to the distributed database system (or to the network application) is realized.
- the corresponding message contents or data are also converted into a data format that is compatible with the distributed database system (or the network application).
- the devices do not have to be adapted to the new infrastructure.
- device properties of the assigned device dictate that the data can be stored in one or more data formats in the distributed database system or the network application.
- the data format requirements can stipulate that the data of the assigned device should be saved in an XML format or a JSON format, but not in a binary format.
- the distributed database system supports an XML format and the network application only a proprietary binary format.
- the second communication interface and / or the conversion module first check which data formats are supported by the distributed database system or the network application (supported means, for example, which data formats are supported by the distributed database system or the network). Application can be processed), also meet the data format requirements of the data format requirements of the assigned device.
- the second communication interface then transmits, for example, on the basis of the test result determined during this test, to which distributed database system (there may also be several distributed database systems) or to which network application the converted data are transmitted.
- This test result can alternatively be determined by the conversion module or by the identification module in the same way and z. B. the second communication interface can be provided.
- the second communication interface can be set up to transmit the converted data or the converted message content, depending on the test result, to the distributed database system or a further distributed database system or the network application or a further network application.
- the transmitting devices and / or receiving devices and / or distributed database systems (or their exemplary embodiments, embodiments) explained in the patent application or variants) and / or network application can additionally each include, for example, a configuration interface and / or a fan and / or a monitoring module.
- the configuration interface for example, updates or firmware versions can be imported.
- the fan ter z. B the corresponding transmitting device S and / or the receiving device E and / or the distributed database system can be cooled.
- the monitoring module the state and / or the operating behavior of a corresponding transmitting device and / or a corresponding receiving device and / or the distributed database system can be monitored and z. B. saved in a file (e.g. a logging file).
- Fig. 4 shows a fourth embodiment of the inven tion as a flowchart of the inventive method.
- the method is preferably implemented with the aid of a computer.
- the method comprises a first method step 410 for receiving first messages from a distributed database system by means of a first communication interface.
- the first messages are stored, for example, in a data format (for example an XML data format) of the distributed database system or a network application.
- the method comprises a second method step 420 for calculating an assignment for the first messages, wherein the calculation determines which devices a corresponding first message is intended for.
- the method comprises a third method step 430 for converting the message content of the corresponding first message into a data format for the assigned device.
- the Data format is in particular a proprietary data format of the devices.
- the third process step is in particular an optional process step. This is the case, for example, when the message content of the corresponding first message does not have to be converted or the message content or the corresponding first message has a data format that can be processed by the devices.
- the converted message content of the fourth method step corresponds to the (unconverted) message content of the corresponding first message or the corresponding first message is sent as a second message to the corresponding device or devices.
- the method comprises a fourth method step 440 for transmitting the converted message content to the device that is assigned to the corresponding first message.
- Fig. 5 shows a fifth embodiment of the inven tion as a flowchart of the inventive method.
- the method is preferably implemented with the aid of a computer.
- the method comprises a first method step 510 for receiving first (further) messages from devices by means of a communication interface. These messages are stored, for example, in a proprietary data format of the devices.
- the method comprises a second method step 520 for calculating an assignment on the basis of the respective message content of the first (further) messages, it being calculated which device has sent a corresponding first further message.
- the method comprises a third method step 530 for converting the message content of the corresponding first (further) message into a data format for the distributed database system (or the network application).
- B. can be processed by the distributed database system (or the network application).
- the data format can be e.g. For example, an XML data format for which a suitable XML schema is available.
- the nodes of the distributed database system (or the network application) can, for. B. evaluate a device status of one of the devices of the automation network to z. B. the corresponding automation network or the corresponding device depending on the device status to send a message.
- the third process step is in particular an optional process step. This is the case, for example, when the message content of the corresponding first message does not have to be converted or the message content or the corresponding first message has a data format that can be processed by the distributed database system (or the network application).
- the converted message content of the fourth method step corresponds to the (unconverted) message content of the corresponding first message or the corresponding first message is sent as a second message to the distributed database system (or to the network application).
- the method comprises a fourth method step 540 for transferring the converted message content to the distributed database system (or the network application).
- the invention relates, for example, to a gateway or a network adapter with which old devices or legacy devices can be connected to a distributed database system (or to a network application) such as a block chain, without having to change a configuration in the old devices
- a distributed database system or to a network application
- the messages that are sent or received by the distributed database system are transactions.
- the messages that are sent to the distributed database system are transactions.
- the second network NW2 with its devices is also a distributed database system (or a network application)
- the invention can also be used to create two different distributed database systems ( or network applications) communicate with each other.
- a receiving device (E) comprising:
- a first communication interface (210), the first network interface or communication interface (e.g. the first communication interface) being set up to communicate with a distributed database system,
- the first communication interface is set up to receive first messages from the distributed database system
- the identification module is set up to use the respective message content of the first messages to calculate an association for which devices a corresponding first message is intended;
- the conversion module is set up to handle the message content of the corresponding first convert the message into a data format for the associated device
- the second communication interface is set up to transmit the converted message content to the device that is assigned to the corresponding first message.
- the receiving device retrieves a device status from the device assigned to a corresponding first message, a transmission to the assigned device taking place depending on the device status called up.
- the device status comprises a data record about the available device resources and / or current device properties.
- a transmission to the corresponding device takes place when predetermined requirements of the corresponding first message are met by the assigned device, for example the fulfillment of the previous requirements being checked on the basis of the device state.
- the receiving device comprises a cryptography module, the cryptography module comprising cryptographic data assigned to the devices.
- the cryptography module uses the cryptographic data to check and / or decrypt at least part of the message content of the corresponding first message for an assigned device, for example for checking and / or decrypting the corresponding cryptographic data are loaded using the assigned device.
- a first communication interface (310), the first communication interface being set up to communicate with devices, the communication interface being set up to receive first messages from the devices;
- the identification module is set up to calculate an assignment based on the respective message content of the first messages, which device has sent a corresponding first message;
- the conversion module is set up to convert the message content of the corresponding first message into a data format for the distributed database system
- the second communication interface is set up to communicate with a distributed database system
- the communication interface is set up to transmit the converted message content to the distributed database system.
- the transmission device comprises a cryptography module, the cryptography module comprising cryptographic data assigned to the devices.
- the cryptography module discharges on the basis of the assigned device. speaking cryptographic data, with at least part of the message content of the corresponding first message being device-specifically protected for the assigned devices by means of the corresponding cryptographic data, and for example cryptographic protection takes place before the message content is sent.
- the distributed database system is a block chain, for example the messages that are sent and / or received by the distributed database system are transactions.
- At least some of the devices are devices of an automation network.
- One system comprising:
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Databases & Information Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Data Mining & Analysis (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
Description
Claims
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP18182973.0A EP3595267B1 (de) | 2018-07-11 | 2018-07-11 | Verfahren, vorrichtungen und system zum datenaustausch zwischen einem verteilten datenbanksystem und geräten |
PCT/EP2019/065873 WO2020011491A1 (de) | 2018-07-11 | 2019-06-17 | Verfahren, vorrichtungen und system zum datenaustausch zwischen einem verteilten datenbanksystem und geräten |
Publications (1)
Publication Number | Publication Date |
---|---|
EP3804283A1 true EP3804283A1 (de) | 2021-04-14 |
Family
ID=62981014
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP18182973.0A Active EP3595267B1 (de) | 2018-07-11 | 2018-07-11 | Verfahren, vorrichtungen und system zum datenaustausch zwischen einem verteilten datenbanksystem und geräten |
EP19734298.3A Withdrawn EP3804283A1 (de) | 2018-07-11 | 2019-06-17 | Verfahren, vorrichtungen und system zum datenaustausch zwischen einem verteilten datenbanksystem und geräten |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP18182973.0A Active EP3595267B1 (de) | 2018-07-11 | 2018-07-11 | Verfahren, vorrichtungen und system zum datenaustausch zwischen einem verteilten datenbanksystem und geräten |
Country Status (7)
Country | Link |
---|---|
US (1) | US11640394B2 (de) |
EP (2) | EP3595267B1 (de) |
CN (1) | CN112640394A (de) |
BR (1) | BR112021000341B1 (de) |
ES (1) | ES2816012T3 (de) |
PT (1) | PT3595267T (de) |
WO (1) | WO2020011491A1 (de) |
Families Citing this family (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20220100739A1 (en) * | 2019-03-23 | 2022-03-31 | British Telecommunications Public Limited Company | Distributed sequential transactional database selection |
US11954681B2 (en) * | 2019-09-30 | 2024-04-09 | Southeast University | Blockchain-enhanced open internet of things access architecture |
DE102019130067B4 (de) * | 2019-11-07 | 2022-06-02 | Krohne Messtechnik Gmbh | Verfahren zur Durchführung einer erlaubnisabhängigen Kommunikation zwischen wenigstens einem Feldgerät der Automatisierungstechnik und einem Bediengerät |
US11658966B2 (en) * | 2019-12-17 | 2023-05-23 | Fisher-Rosemount Systems, Inc. | Personnel profiles and fingerprint authentication for configuration engineering and runtime applications |
EP3902224A1 (de) * | 2020-04-24 | 2021-10-27 | Siemens Aktiengesellschaft | Vorrichtung und verfahren zum einfügen von gerätedaten in ein verteiltes datenbanksystem |
EP3958501A1 (de) | 2020-08-21 | 2022-02-23 | Siemens Aktiengesellschaft | Verfahren, vorrichtungen und system zum datenaustausch zwischen einem verteilten datenbanksystem und geräten |
US11438834B2 (en) | 2021-06-14 | 2022-09-06 | Ultralogic 6G, Llc | Searchable database of 5G/6G network access information |
US11934447B2 (en) * | 2022-07-11 | 2024-03-19 | Bank Of America Corporation | Agnostic image digitizer |
Family Cites Families (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8020201B2 (en) | 2001-10-23 | 2011-09-13 | Intel Corporation | Selecting a security format conversion for wired and wireless devices |
US7987489B2 (en) | 2003-01-07 | 2011-07-26 | Openpeak Inc. | Legacy device bridge for residential or non-residential networks |
US7409400B2 (en) * | 2003-10-22 | 2008-08-05 | Intel Corporation | Applications of an appliance in a data center |
CN101888284B (zh) * | 2010-07-08 | 2013-08-28 | 中国科学院高能物理研究所 | 一种用于数据单向传输的方法及其装置 |
WO2013184093A1 (en) * | 2012-06-04 | 2013-12-12 | Hewlett-Packard Development Company, L.P. | User-defined loading of data onto a database |
US9961494B2 (en) * | 2012-08-14 | 2018-05-01 | Google Llc | Sharing content with nearby devices |
CN105005935A (zh) * | 2014-04-23 | 2015-10-28 | 国家电网公司 | 多种智能用电交互渠道和交互设备兼容接入方法及装置 |
WO2017167549A1 (en) * | 2016-03-30 | 2017-10-05 | British Telecommunications Public Limited Company | Untrusted code distribution |
DE102016215914A1 (de) * | 2016-08-24 | 2018-03-01 | Siemens Aktiengesellschaft | Absichern einer Gerätenutzungsinformation eines Gerätes |
DE102016118614A1 (de) | 2016-09-30 | 2018-04-05 | Endress+Hauser Gmbh+Co. Kg | Verfahren zum manipulationssicheren Speichern von Daten eines Feldgeräts |
WO2018231255A1 (en) * | 2017-06-16 | 2018-12-20 | Visa International Service Association | Blockchain network interaction controller |
US20190306155A1 (en) * | 2018-03-28 | 2019-10-03 | Ca, Inc. | Generating cryptographic keys using supplemental authentication data |
WO2019244312A1 (ja) * | 2018-06-21 | 2019-12-26 | 三菱電機株式会社 | データ処理装置、データ処理システム、データ処理方法及びプログラム |
-
2018
- 2018-07-11 ES ES18182973T patent/ES2816012T3/es active Active
- 2018-07-11 EP EP18182973.0A patent/EP3595267B1/de active Active
- 2018-07-11 PT PT181829730T patent/PT3595267T/pt unknown
-
2019
- 2019-06-17 CN CN201980059339.XA patent/CN112640394A/zh active Pending
- 2019-06-17 US US17/259,174 patent/US11640394B2/en active Active
- 2019-06-17 BR BR112021000341-0A patent/BR112021000341B1/pt active IP Right Grant
- 2019-06-17 EP EP19734298.3A patent/EP3804283A1/de not_active Withdrawn
- 2019-06-17 WO PCT/EP2019/065873 patent/WO2020011491A1/de unknown
Also Published As
Publication number | Publication date |
---|---|
US11640394B2 (en) | 2023-05-02 |
EP3595267B1 (de) | 2020-06-17 |
WO2020011491A1 (de) | 2020-01-16 |
PT3595267T (pt) | 2020-07-01 |
EP3595267A1 (de) | 2020-01-15 |
ES2816012T3 (es) | 2021-03-31 |
CN112640394A (zh) | 2021-04-09 |
BR112021000341A2 (pt) | 2021-04-06 |
BR112021000341B1 (pt) | 2024-01-02 |
US20210271665A1 (en) | 2021-09-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2020011491A1 (de) | Verfahren, vorrichtungen und system zum datenaustausch zwischen einem verteilten datenbanksystem und geräten | |
EP3673623B1 (de) | Verfahren und steuersystem zum steuern und/oder überwachen von geräten | |
EP3382616A1 (de) | Verfahren und vorrichtung zum rechnergestützten bereitstellen eines sicherheitsgeschützten digitalen zwillings | |
EP3388994A1 (de) | Verfahren und vorrichtung zum rechnergestützten testen einer blockkette | |
EP3719713A1 (de) | Verfahren und steuersystem zum steuern und/oder überwachen von geräten | |
EP3763089B1 (de) | Verfahren und steuersystem zum steuern und/oder überwachen von geräten | |
EP3777088B1 (de) | Verfahren und system zum steuern einer freigabe einer ressource | |
WO2020148001A1 (de) | Verfahren, vorrichtungen und system zum sicherheitsgeschützten bereitstellen von datensätzen | |
EP3714575B1 (de) | Verfahren und system zum steuern und/oder überwachen von geräten | |
WO2019081434A1 (de) | Verfahren und steuersystem zum steuern und/oder überwachen von geräten | |
EP3718263B1 (de) | Verfahren und steuersystem zum steuern und/oder überwachen von geräten | |
WO2022022992A1 (de) | Digital-twin basierte prozesssteuerung in einem iot-netzwerk | |
EP4169207B1 (de) | Verfahren, vorrichtungen und system zum datenaustausch zwischen einem verteilten datenbanksystem und geräten | |
WO2020207717A1 (de) | Verfahren und steuersystem zum steuern einer ausführung von transaktionen | |
WO2020126236A1 (de) | Verfahren zum betreiben eines verteilten datenbanksystems, verteiltes datenbanksystem und industrieautomatisierungssystem | |
WO2022022997A1 (de) | Kanalbasierte kommunikation in einem iot-netzwerk | |
EP3787251A1 (de) | Verfahren, kommunikationsvorrichtung und netzwerkapplikation zum geschützten übermitteln von einem datensatz | |
WO2020043430A1 (de) | Einrichtung und verfahren zum bereitstellen einer orakel-transaktion in einem verteilten datenbanksystem | |
EP3617976A1 (de) | Verfahren zum betreiben eines verteilten datenbanksystems, verteiltes datenbanksystem und industrieautomatisierungssystem | |
WO2020120051A1 (de) | Verfahren, vorrichtungen und system zur bereitstellung eines leistungsgegenstandes | |
WO2020193044A1 (de) | Verfahren und steuersystem zum steuern einer ausführung von transaktionen | |
EP3817315A1 (de) | Prüfvorrichtung, vorrichtung und verfahren zum validieren von transaktionen | |
EP3945480A1 (de) | System, gerät und verfahren zur ausführung von programmbefehlen für eine ressource | |
EP3829103A1 (de) | Vorrichtung und verfahren zum bilden von datenblöcken | |
EP3828798A1 (de) | Vorrichtung und verfahren zum bilden von datenblöcken |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: UNKNOWN |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE |
|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE |
|
17P | Request for examination filed |
Effective date: 20210105 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
AX | Request for extension of the european patent |
Extension state: BA ME |
|
DAV | Request for validation of the european patent (deleted) | ||
DAX | Request for extension of the european patent (deleted) | ||
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN |
|
18D | Application deemed to be withdrawn |
Effective date: 20230103 |