EP4288841A1 - Procédé de fonctionnement d'un dispositif de terrain, et système de fonctionnement de dispositifs de terrain - Google Patents

Procédé de fonctionnement d'un dispositif de terrain, et système de fonctionnement de dispositifs de terrain

Info

Publication number
EP4288841A1
EP4288841A1 EP21703427.1A EP21703427A EP4288841A1 EP 4288841 A1 EP4288841 A1 EP 4288841A1 EP 21703427 A EP21703427 A EP 21703427A EP 4288841 A1 EP4288841 A1 EP 4288841A1
Authority
EP
European Patent Office
Prior art keywords
field device
parameter
parameter set
unit
changed
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
EP21703427.1A
Other languages
German (de)
English (en)
Inventor
Clemens Hengstler
Stefan Kaspar
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Vega Grieshaber KG
Original Assignee
Vega Grieshaber KG
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Vega Grieshaber KG filed Critical Vega Grieshaber KG
Publication of EP4288841A1 publication Critical patent/EP4288841A1/fr
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B19/00Programme-control systems
    • G05B19/02Programme-control systems electric
    • G05B19/04Programme control other than numerical control, i.e. in sequence controllers or logic controllers
    • G05B19/042Programme control other than numerical control, i.e. in sequence controllers or logic controllers using digital processors
    • G05B19/0423Input/output
    • G05B19/0425Safety, monitoring
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B19/00Programme-control systems
    • G05B19/02Programme-control systems electric
    • G05B19/04Programme control other than numerical control, i.e. in sequence controllers or logic controllers
    • G05B19/042Programme control other than numerical control, i.e. in sequence controllers or logic controllers using digital processors
    • G05B19/0426Programming the control sequence
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3239Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B2219/00Program-control systems
    • G05B2219/20Pc systems
    • G05B2219/23Pc programming
    • G05B2219/23213Check validity of entered data
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B2219/00Program-control systems
    • G05B2219/20Pc systems
    • G05B2219/25Pc structure of the system
    • G05B2219/25428Field device

Definitions

  • the present application relates to a method for operating a field device according to the preamble of patent claim 1 and a system for operating field devices with the features of patent claim 15.
  • Field device refers to the area outside of control rooms. Field devices can therefore be actuators, sensors and measuring transducers in particular.
  • the present application also relates to self-sufficient field devices, in particular self-sufficient measuring arrangements, such as for example self-sufficient filling level or point level sensors.
  • the self-sufficient filling level or point level sensors are preferably designed as radar sensors and, in order to ensure the self-sufficiency of the sensors, have, in addition to a sensor for acquiring measurement data, a transmission device for preferably wireless transmission of acquired measurement data or measurement values, and their own power supply.
  • the transmission device can preferably be a radio module for narrowband radio technology (LoRa, Sigfox, LTE-M, NB-IOT), which transmits the measurement data or measurement values to a cloud, ie to a server on the World Wide Web.
  • the energy supply is preferably designed as a battery or accumulator and can also include an energy harvesting module. Typical application scenarios for such self-sufficient field devices include inventory management or measurement tasks on mobile containers.
  • Known field devices of the aforementioned type previously made it possible to transmit measured values, so that a higher-level unit triggered a predetermined action based on the determined measured value. For example, based on the measured value of a fill level measuring device, an inlet can be closed or an outlet can be opened if a limit value is exceeded.
  • Self-sufficient field devices are characterized by particularly simple installation without attaching a communication or supply line and thus open up particularly flexible options for arrangement, i.e. in particular their attachment in the process environment.
  • the measured values determined by these field devices are typically transmitted to a cloud, i.e. to a server on the World Wide Web, using narrowband radio technology (LoRa, Sigfox, NB-IOT).
  • Typical application scenarios for such field devices include areas such as flood forecasting, inventory management or other distributed measuring tasks. Due to the direct connection to the World Wide Web, such field devices are inherently exposed to a permanent threat of hacker attacks from the network.
  • Field devices also usually have parameterization interfaces that can be operated locally.
  • An unauthorized or accidental change to the parameterization can completely falsify the output measured value and, as a result, especially in safety applications, result in major damage to the process plant, but also to people and the environment.
  • a method for operating a field device used in automation technology with an input interface, a memory in which at least one parameter set for operating the field device is stored, and with a first communication interface, is characterized in that when at least one parameter of the parameter set changes by a first instance, at least the changed parameter or the changed parameters and/or data calculated therefrom are transmitted to a superordinate unit and a second instance is informed of the change.
  • the higher-level unit can then in turn inform a second entity about the change that has been made.
  • the higher-level unit can only inform the second entity about the fact that a parameter has changed was made, or specifically state what change was made, i.e. in particular which parameter or parameters was or were changed.
  • the second instance can also have different characteristics, for example an operator of the higher-level unit, another device that is informed by the higher-level unit, or a group or combination thereof.
  • the present method thus automatically detects every parameter change and informs, for example, a responsible person (monitor) or responsible persons, so that countermeasures that may be necessary can be initiated.
  • the entire parameter set can be transmitted in the transmission step. This ensures that the second instance has all relevant information for assessing the change made in the currently valid version and can thus optimally evaluate the change made.
  • a hash value which is calculated from the parameter set, can also be transmitted to the superordinate unit.
  • Such a Hash value uniquely identifies a parameter set, so that at a later point in time it can be traced, for example, which parameter set was valid at an earlier point in time. In this way, it is possible to verify which parameters were stored in the field device at the time of damage, for example, without transmitting the complete parameter set to the higher-level unit.
  • the parameter sets can be stored, for example, on an additional storage medium which, for example, is only accessible to the owner of the field device.
  • a hash function (also known as a hash function) is a mathematical mapping that maps a large input quantity (the key) to a smaller target quantity (the hash value).
  • a hash function is therefore not injective in general.
  • the input set can contain elements of different lengths, whereas the elements of the target set usually have a fixed length.
  • a parameter set or a subset of a parameter set is mapped to a hash value in this way, and this parameter set or subset is thus uniquely identified.
  • a change counter can be calculated for the parameter set.
  • Such a change counter can, for example, be incremented each time a parameter or the parameter set is changed, so that it can be traced at any time whether the currently applicable parameter set has been changed compared to a verified parameter set.
  • the parameter set and/or the data calculated from it can be stored in a distributed ledger.
  • the term distributed ledger describes a technique that can be used to document certain transactions.
  • a central ledger is usually managed by just one instance, here any number of copies of the ledger, which are in principle equal, are maintained decentrally by different parties. Appropriate measures are taken to ensure that new transactions to be added are adopted in all copies of the ledger and that there is agreement (consensus) on the current status of the ledger.
  • the parameter sets and/or the hash values and/or other information can be stored in the distributed ledger.
  • the relevant information is stored transparently and securely for all parties involved, e.g. the first instance and/or the second instance and/or an owner and/or an operator and/or a maintenance service provider and/or a manufacturer of the field device, so that manipulations from all sides can be prevented.
  • the hash values in the distributed ledger can be used to determine when a parameter change took place. Since the hash values can be clearly assigned to a parameter set, this can be clearly identified even if it is not initially known to the manufacturer, so that the configuration that led to the damage can be clearly and transparently understood by all parties. In the event of damage, it is thus possible to clearly determine whether the field device was operated with a permissible parameter combination, for example.
  • the higher-level unit can be designed, for example, as a distributed computer network.
  • a distributed computer network can, for example, be designed as a cloud system in which, for example, in addition to monitoring the parameters of the field device, evaluations of measured values determined by the field device are carried out. This can e.g. as software as a service by the manufacturer of the field devices.
  • the hash value, the change counter or an encryption of the parameter set can be calculated in the higher-level unit. In this way, resources in the field device can be saved and computationally intensive operations can be carried out in the higher-level unit. In this way, for example, an energy store in the field device can be spared, so that longer autonomous operation is possible.
  • the transmission can take place cyclically and/or event-oriented. This means that at least the changed parameter or the changed parameters, the entire parameter set and/or the data calculated from them are transmitted to the higher-level unit cyclically, i.e. e.g. at specifiable or fixed time intervals, and/or triggered by specifiable or fixed events will.
  • a relay station can be provided locally.
  • local transmission can be unencrypted and transmission from the relay station to the superordinate unit can be encrypted, for example.
  • arithmetic operations can also be outsourced to the relay station.
  • the method can be designed to be unidirectional. This means that the field device can only send to the superordinate unit via the communication interface, but the field device is not designed to receive data via the interface used. This avoids creating an additional gateway for attacks on the field device.
  • the method is bidirectional, i.e. the field device can also receive data via the communication interface.
  • the field device can be provided, for example, that the changed parameter or the changed parameters in the field device are not activated until they have been confirmed by the second entity.
  • the higher-level unit and/or the second entity can reset the parameter set to a last valid value.
  • artificial intelligence can be used to assess the parameters.
  • the transmitted parameter sets can be checked for consistency and information can be collected in a self-learning system which parameters do not cause problems.
  • a user can be offered support in the parameterization of his field device, in which, for example, based on a parameter set, values are offered that other users have also used and retained, which means that the field device has performed well.
  • information is only sent to the monitor's device if the artificial intelligence has detected an inconsistency in the parameters.
  • the monitor is supported by the artificial intelligence, so that, for example, confirmation of a parameter set is only requested from the monitor if the entered parameters were classified as problematic by the artificial intelligence.
  • a system for operating field devices comprising at least one field device used in automation technology, with an input interface, a memory in which at least one set of parameters for operating the field device is stored, and a first communication interface, further comprising at least one higher-level unit with a second communication interface, is characterized in that the field device and the higher-level unit are designed and set up in such a way that the field device transmits the changed parameter or the changed parameters or data calculated from them to the higher-level unit when at least one parameter of the parameter set is changed by a first entity, and a second instance is informed about the change.
  • the present system for operating field devices is designed in such a way that parameter changes are transmitted to the second entity through the interaction of field device and higher-level unit.
  • the higher-level unit can check the parameter set and/or an identity of the first instance before transmission to the second instance.
  • the input interface and the communication interface can also be identical. This means that, for example, communication and input can take place via a Bluetooth radio interface.
  • the communication unit can also be in the form of a pure transmission unit.
  • the communication unit can also be in the form of a pure transmission unit.
  • the higher-level unit can be designed, for example, as a distributed computer network.
  • a distributed computer network for example a cloud, can improve the availability and accessibility of the higher-level unit.
  • the parameter set or the value calculated from the parameter set can preferably be stored in the distributed computer network, preferably in a distributed ledger.
  • the entire parameter set and/or a hash value calculated from the parameter set and/or a change counter can be stored in the distributed computer network, preferably the distributed ledger.
  • FIG. 4 shows a second embodiment of a method for operating a field device.
  • a higher-level unit of the system 1 is designed as a distributed computer network (cloud) 5 , with the first field device 3 communicating via a relay 6 and the second field device 4 directly with the higher-level unit 5 .
  • the communication between the relay 6 and the second field device 4 takes place wirelessly via a radio link.
  • a first instance 11 which is present as a mobile terminal device, for example as a user's smartphone is formed, shown.
  • the first entity 11 accesses the first field device 3 in order to parameterize it, ie to enter information about the media to be detected, their density, the frequency of measurements and the conditions for the switching command (uncovered/uncovered). If parameters of the recorded field device 3 are changed by the first entity 11, the field device recognizes this change and communicates this to the higher-level unit 5 via the relay 6.
  • the entire set of parameters also referred to below as the parameter set, is transmitted to the superordinate unit 5 and stored there together with a time stamp.
  • first entity 11 on a field device 3, 4 only becomes effective if this is confirmed by a second entity 12.
  • the two devices shown in the exemplary embodiment in FIG. 1 as first entity 11 and second entity 12 can each be assigned to an employee, so that only two employees can carry out a parameter change together. Consequential damage caused by unintentional or undesired parameter changes can be minimized in this way and ideally avoided completely.
  • FIG. 2 shows an exemplary embodiment of a field device as can be used in the system from FIG.
  • the field device shown in FIG. 2 corresponds to the first field device 3, which communicates with the higher-level unit 5 via the relay 6 in the exemplary embodiment in FIG.
  • the field device 3 is shown only schematically in the present case and has electronics 30 by means of which measured values determined by a sensor 37 can be further processed and made available to the process controller 9 via an output interface 34, for example. Furthermore, the field device 3 has an input interface 31 by means of which various inputs, configurations and parameter changes can also be made directly on the field device 3 .
  • the final set of parameters for the field device 3 is stored in a memory 32 of a computing unit 35 of the electronics 30 in the present exemplary embodiment. If the computing unit 35 registers a change in parameters in the memory 32, communication takes place with the higher-level unit 5 via a communication interface 33 arranged in the electronics 30.
  • the communication interface 33 can, for example, be a short-range radio interface, for example a Bluetooth or NFC interface be trained or alternatively may use a narrow band radio technology such as Lora or NB OT. Since a short-range radio interface with a short range was selected in the present exemplary embodiment, communication with the higher-level unit 5 takes place via the relay 6, as shown in FIG.
  • the communication interface 33 can also be used for radio communication with the first entity 11 to facilitate the commissioning and parameterization of the field device 3 . In this case, however, the communication interface 33 must be bidirectional.
  • FIG. 3 shows an exemplary method for operating a field device.
  • a first step 301 the method is started.
  • a second step 302 it is checked whether a parameter change has been carried out. If this is the case, information about the parameter change is sent to the superordinate unit 5 in a third step.
  • the higher-level unit 5 then informs the second entity 12 and the method begins again with the second step 302.
  • the second step 302 can, for example, cyclically d. H. at fixed time intervals or event-oriented, for example when an input is made on the field device or a connection is established.
  • the third step in which a transmission to the superordinate unit 5 takes place, can be carried out cyclically or event-oriented. A combination of cyclic and event-oriented execution is also possible for both steps.
  • FIG. 4 shows a variant of the method according to the present application that is expanded compared to the method according to FIG.
  • a first step 401 the method is also started here. Before a cyclically running and event-controlled check of parameter changes takes place in a second step 402 .
  • the information for transmission to the higher-level unit 5 is first encrypted and then transmitted in encrypted form to the higher-level unit 5 in the fourth step 404 .
  • the transmitted data are stored in encrypted form on the one hand and on the other hand decrypted and subjected to a check in a sixth step 406 by an artificial intelligence. If the transmitted parameters are classified as problematic by the artificial intelligence, the present method begins again with the second step, in which a check for parameter changes takes place.
  • the second entity 12 is modified via the parameter changes.
  • the second instance 12 sends feedback to the field device 3 via the superordinate unit 5, with this feedback being able to contain a confirmation of the changes made, a discarding of the changes made or a modification of the parameters.
  • the set parameters are only adopted if there is feedback and the method starts again with the second step 402.
  • the field device continues either with the previously applicable parameters is operated or automatically switches to a safe state, for example by the process monitored by the field device being transferred to a safe state or shut down.

Abstract

La présente invention concerne un procédé de fonctionnement d'un appareil de terrain d'automatisation (3, 4), comprenant une interface d'entrée (31), une mémoire (32) qui stocke au moins un ensemble de paramètres de fonctionnement de l'appareil de terrain (3, 4), et une première interface de communication (33). Si au moins un paramètre de l'ensemble de paramètres est modifié par une première entité (11), les étapes suivantes sont exécutées dans cet ordre : - transmettre au moins le ou les paramètres modifiés et/ou les données calculées à partir de ceux-ci à une unité supérieure (5), - informer une seconde entité (12) de la modification.
EP21703427.1A 2021-02-03 2021-02-03 Procédé de fonctionnement d'un dispositif de terrain, et système de fonctionnement de dispositifs de terrain Pending EP4288841A1 (fr)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/EP2021/052569 WO2022167073A1 (fr) 2021-02-03 2021-02-03 Procédé de fonctionnement d'un dispositif de terrain, et système de fonctionnement de dispositifs de terrain

Publications (1)

Publication Number Publication Date
EP4288841A1 true EP4288841A1 (fr) 2023-12-13

Family

ID=74553826

Family Applications (1)

Application Number Title Priority Date Filing Date
EP21703427.1A Pending EP4288841A1 (fr) 2021-02-03 2021-02-03 Procédé de fonctionnement d'un dispositif de terrain, et système de fonctionnement de dispositifs de terrain

Country Status (4)

Country Link
US (1) US20240111264A1 (fr)
EP (1) EP4288841A1 (fr)
CN (1) CN116783560A (fr)
WO (1) WO2022167073A1 (fr)

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102016118614A1 (de) * 2016-09-30 2018-04-05 Endress+Hauser Gmbh+Co. Kg Verfahren zum manipulationssicheren Speichern von Daten eines Feldgeräts
DE102017205832A1 (de) * 2017-04-05 2018-10-11 Siemens Aktiengesellschaft Verfahren zum Parametrieren eines Feldgeräts sowie parametrierbares Feldgerät

Also Published As

Publication number Publication date
US20240111264A1 (en) 2024-04-04
WO2022167073A1 (fr) 2022-08-11
CN116783560A (zh) 2023-09-19

Similar Documents

Publication Publication Date Title
EP3379447B1 (fr) Procédé et dispositif d'enregistrement inviolable d'informations par rapport à des mesures relatives à un objet
DE102017116161A1 (de) Zwei-Faktor-Authentifizierung für Benutzerschnittstelleneinrichtungen in einer Prozessanlage
DE102017124884A1 (de) Prozessgerätzustand- und Leistungsüberwachung
DE102017116311A1 (de) Authentifizierung und autorisierung zum kontrollieren des zugriffs auf prozesskontrolleinrichtungen in einer prozessanlage
EP3070556B1 (fr) Procédé, dispositif de calcul, unité d'utilisateur et système de paramétrage d'un appareil électrique
DE102017116139A1 (de) Flottenmanagementsystem für tragbare Wartungswerkzeuge
DE102020124501A1 (de) Edge-gateway-system mit datentypisierung für die gesicherte lieferung von prozessanlagendaten
DE102016124350A1 (de) Verfahren und System zum Überwachen einer Anlage der Prozessautomatisierung
EP3101275A1 (fr) Procede de configuration d'une eolienne et eolienne
DE102014111361A1 (de) Verfahren zum Betreiben einer Sicherheitssteuerung und Automatisierungsnetzwerk mit einer solchen Sicherheitssteuerung
DE102008043336A1 (de) Modulares Messgerät mit verteilten Daten und Algorithmen
WO2012110338A1 (fr) Dispositif pour le stockage décentralisé de données de maintenance d'installations de conversion d'énergie
WO2005104055A2 (fr) Procede et systeme pour la telesurveillance, la telecommande et/ou le telediagnostic d'un appareil
DE102020124820A1 (de) Sicherer externer zugriff auf prozesssteuerungsdaten durch eine mobile vorrichtung
EP4288841A1 (fr) Procédé de fonctionnement d'un dispositif de terrain, et système de fonctionnement de dispositifs de terrain
EP2054782B1 (fr) Dispositif d'enregistrement de données
DE202016103635U1 (de) Sensoranordnung mit einem Sensor und einer Halterung
DE102010040054A1 (de) Verfahren zur Sicherstellung der korrekten Funktionsweise einer Automatisierungsanlage
EP4025965B1 (fr) Système de surveillance de l'intégrité et procédé de fonctionnement d'un système de surveillance de l'intégrité ainsi qu'unité de surveillance de l'intégrité
EP3182383A1 (fr) Dispositif de collecte de données ainsi que procédé de fonctionnement avec mode de sécurité hybride
LU101163B1 (de) Verfahren und Vorrichtungen für eine Lastzuweisung und Überwachung für eine zuzuweisende versorgungssicherheitskritische Ressource in einem Netzwerk
EP3306514B1 (fr) Procédé et dispositif de certification d'une chaîne de fonctions critique pour la sécurité
WO2018114101A1 (fr) Procédé de vérification d'une attribution à un mandant, produit programme informatique et système d'automatisation comportant des appareils de terrain
DE202016101441U1 (de) System mit einem mobilen Schlüsselgerät
EP3208982B1 (fr) Routeur comprenant une interface séparée destinée à la configuration du routeur et procédé de configuration d'un routeur

Legal Events

Date Code Title Description
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: UNKNOWN

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE

PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE

17P Request for examination filed

Effective date: 20230831

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR