WO2007036178A1 - Verfahren zum ausführen einer geschützten funktion eines elektrischen feldgerätes und elektrisches feldgerät - Google Patents
Verfahren zum ausführen einer geschützten funktion eines elektrischen feldgerätes und elektrisches feldgerät Download PDFInfo
- Publication number
- WO2007036178A1 WO2007036178A1 PCT/DE2005/001751 DE2005001751W WO2007036178A1 WO 2007036178 A1 WO2007036178 A1 WO 2007036178A1 DE 2005001751 W DE2005001751 W DE 2005001751W WO 2007036178 A1 WO2007036178 A1 WO 2007036178A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- data
- sender
- field device
- electric field
- identification
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B19/00—Programme-control systems
- G05B19/02—Programme-control systems electric
- G05B19/04—Programme control other than numerical control, i.e. in sequence controllers or logic controllers
- G05B19/042—Programme control other than numerical control, i.e. in sequence controllers or logic controllers using digital processors
- G05B19/0428—Safety, monitoring
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B2219/00—Program-control systems
- G05B2219/20—Pc systems
- G05B2219/24—Pc safety
- G05B2219/24167—Encryption, password, user access privileges
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B2219/00—Program-control systems
- G05B2219/20—Pc systems
- G05B2219/25—Pc structure of the system
- G05B2219/25428—Field device
Definitions
- Electric field devices are used today in many areas of automation technology.
- electric field devices can be used, for example, for monitoring and controlling chemical and process engineering processes, industrial manufacturing processes or else processes for transmitting and / or distributing electrical energy in electrical power supply networks.
- the electric field devices are in the vicinity of the process to be automated, where they record the process-describing measured values or issue commands for controlling process components.
- a field device in an electrical energy supply network can record current and voltage measurement values which indicate the instantaneous state of the electrical energy supply network. Furthermore, the electric field device may issue control commands, such as a command to open or close a circuit breaker in the electric power grid.
- electric field devices typically include an input device, such as a keypad, and a display device, such as a keyboard. As a display, on. All functions can be called up directly on the electric field device via the input device. For the safety of the automated process, relevant functions can usually only be performed after entering a corresponding password.
- the field devices also have on their front side as a data interface to a so-called control interface in the form of a serial connector.
- An external computer can be connected to this user interface via a serial data transmission cable, on which operating, monitoring and / or parameterizing software runs. With the help of this software settings can be made and changed in the device and the operation and observation of the device can be performed.
- the devices can also be equipped with a data interface in the form of an Ethernet interface, which enables a network connection of the device.
- a data interface in the form of an Ethernet interface, which enables a network connection of the device.
- the control of protected functions of the electric field device is blocked by default via the Ethernet interface, but can also be approved by the user of the field device (see page 12 of the system description).
- the object of the present invention is to provide a method for performing a protected function of an electric field device and an electric field device, wherein, regardless of the type of communication Connection with the electric Peld réelle a high safety standard against unwanted access is guaranteed.
- this object is achieved according to the invention by a method for carrying out a protected function of an electric Peld device, in which the following steps are carried out: command data is received from the electric field device indicating a function call to perform a protected function of the electric field device; from an identification device of the electric field device, sender characterization data characterizing the respective sender of the command data is determined and added to the command data; a safety device receives the instruction data extended by the sender characterization data and then checks whether they allow execution of the protected function of the electric field device specified by the instruction data, whereby the instruction data is transmitted to the protected function and this is carried out with existing permission and in the absence of permission, an execution of the protected function is denied.
- the essential advantage of the method according to the invention is that a verification of the authorization of the broadcaster can be carried out independently of the type of access to the electric field device. This is achieved by virtue of the field device having an identification device which subjects all command data to a sender identity determination, regardless of the way in which they have reached the field device. This means that independent sender characterization data is determined from the interface-specific or protocol-specific command data from the data interface. In interaction with the safety device of the electric field device, the on the basis of the sender identification made by the identification device either permits or blocks execution of the protected function of the electric field device, high security of the field device against unauthorized access to its protected functions can be achieved.
- An advantageous embodiment of the method according to the invention consists in that, for determining the sender characterization data from the identification device, sender-specific data associated with the command data is transferred to an identity database, sender characterization data corresponding to the sender-specific data is determined by the identity database, and the determined sender characterization data are sent to the identity data bank Identification device to be returned.
- sender-specific data are those data which are transmitted with the command data to the electric field device and which allow in some way a conclusion to the sender of the command data.
- the sender of the command data can be determined.
- the user of the field device can easily make changes in the identity database in order to include information about new senders in the database or to enable or block certain protected individual functions.
- an advantageous further development provides that a type of user of the sender specifying type data from the identity database is determined on the basis of the sender-specific data and these are returned to the identification device as sender characterization data, and the safety device uses this type of data to verify the sender's permission to perform the secured function.
- Type data in this context is data that does not specify the individual, concrete sender, but rather a group or a type assigned to it. By reading type data from the identity database, therefore, it is not necessary to determine the specific sender himself. Rather, it is sufficient if the sender is merely assigned to a group as a general rule, since usually certain groups of persons who access the electric field device have matching access rights within their group. For example, it is sufficient to identify the identity of the sender as "parameterization personnel" in order to release the functions required for the parameterization for the sender.
- An alternative development for this provides that from the identity database using the sender-specific data, a user type of the sender specifying type data are determined by the identity database based on the type data the user type of the sender corresponding access rights data and returned as sender characterization data to the identification device, and of the Security device is checked on the basis of this access rights data, the sender's permission to perform the secure function.
- the security device does not have to make an assignment of the type data to corresponding access right data, since this takes over the identity database.
- Role data in this context should be regarded as such data indicating a task.
- an intermediate layer which contains role data corresponding to the type data, is created between the type data and the access right data, as it were.
- the roles "Parameterize” and "Execute Device Test” can be assigned to the type "Parameterization personnel.”
- the insertion of this intermediate layer can ultimately result in a more convenient parameterization of the identity database since the role data is stored as preset task areas can already be linked to the matching access rights data by the manufacturer and only the desired type data must be linked to corresponding role data by the operator of the field device for commissioning only comparatively few settings have to be made in the identity database.
- the method is specified in that, in the case of a session-less communication connection between the sender and the electric field device, the sender-specific data indicating a sender-data processing device and from the identity database (4) the sender characterization data are assigned to the identification data.
- the sender-specific data contain identification data characterizing the sender data processing device.
- the identity database can check whether the sender data processing device is trusted and to which user type the sender data processing device is assigned. Thus, without great effort, an identification of the sender data processing device take place.
- the identification data may consist of a MAC address of the sender data processing device.
- the identity database uses the MAC address to identify the slot type of the sender.
- the sender-specific data contain key data of the sender and the sender characterization data are assigned to the key data from the identity database.
- Key data in this context is data that includes a coding key, as used for example for electronic encryption.
- the identity database can easily be used in a session-based communication connection according to, for example, For example, the https protocol (Hyper Text Transfer Protocol Secure) uses key data, such as the sender's public key, to identify the sender.
- HTTP Hyper Text Transfer Protocol Secure
- Key data is transferred from the USB stick to the identification device.
- the field device is operated via the local keypad of the field device, only the sender identification is made on the basis of the key on the USB stick.
- the sender-specific data contain password data entered by the sender. In this way, an identification of a user working directly on the device can be made in a simple manner.
- an electric field device having at least one data interface via which a communication link for transmitting command data for executing a secure Function of the electric field device is produced, solved, in which the data interface an identification device is in communication, wherein the identification means is adapted such that it adds a sender of the command data indicating sender characterization data to the command data received from the interface, and with the identification means a safety device in .
- Connection stands, wherein the safety device is designed such that it checks the extended by the transmitters Abender malfunctionmaschineschal command data on a permission to perform the secure function of the electric field device, and only with an existing permission to perform the secure function allows.
- an advantageous embodiment of the electric field device according to the invention is given by the fact that the identification device has an identity database which is designed such that it determines the sender characterization data on the basis of sender-specific data contained in the command data.
- identity database By providing the identity database, a comparatively flexible and simple adaptation of the identification device to the conditions at the operator of the electric field device can be carried out.
- a further advantageous embodiment of the electric field device according to the invention finally provides that the data interface is an Ethernet interface, a USB interface or a serial interface.
- These data interfaces can, for. B. after a so-called Master-slave protocol, a point-to-point protocol (PPP) or a network-capable protocol (IP-based protocol) work.
- PPP point-to-point protocol
- IP-based protocol network-capable protocol
- FIG. 1 shows a schematic block diagram of an electric field device
- FIG. 2 shows a first exemplary embodiment of an identity database
- FIG. 3 shows a second exemplary embodiment of an identity database
- FIG. 4 shows a schematic process flow diagram for explaining an identification of a sender in the case of a session-based communication connection.
- the electric field device 1 shows a schematic representation of a block diagram of an electric field device 1.
- the electric field device 1 can, for. B. be part of an automation system for controlling and regulating the distribution of electrical energy in a power grid.
- the field device 1 has data interfaces 2 a to 2 e, the data interface 2 a representing a so-called human-machine interface ("HMI"), ie an input device provided locally on the electric field device such as a keypad and
- HMI human-machine interface
- the data interfaces 2a-2e contain not only the pure physical interface, but also the information technology data connection, such as the data abstraction levels assigned to the respective data interface up to layer 4 of the data interface well-known OSI Layer Modules ("Open Systems Interconnection Reference Model").
- the data interface 2b is shown in FIG. 1 as a serial interface to which a serial data transmission line can be connected.
- USB universal serial bus
- further devices such as a laptop
- the USB interface is designed for a significantly higher data transfer rate than the serial interface, which works according to the RS 232 standard, for example.
- passive data memories such as a USB stick, can also be connected to the electric field device via the USB interface.
- the data interface 2d represents a data connection for connecting a modem, such a modem allowing remote access to the electric field device.
- the data interface 2d can be designed as any electrical communication interface that allows the connection of a modem.
- the data interface 2d can also be a serial interface or a USB interface.
- the data interface 2e finally represents an Ethernet interface through which the electric field device can be integrated into a data network according to the Ethernet standard. This makes it possible for the electric field device, for example, with a company intranet or even the home ternet to connect.
- the electric field device 1 can also be integrated via the Ethernet interface 2e into a field device network, for example in accordance with the international standard IEC 61850.
- the electric field device furthermore has an identification device 3, which is connected to an identity database 4.
- the identification device 3 is also connected to a safety device 5.
- the safety device 5 is followed by a highly-schematic representation of different device function blocks 6a to 6g.
- These function blocks 6a to 6g represent basic functions of the electric field device 1, for example a reading function of set electrical parameters in the electric field device 1 or a switching function for opening or closing a circuit breaker connected to the electric field device.
- the identification device 3, the identity database 4, the safety device 5 and the device function blocks 6a to 6g will not be present as separate electrical components in the electric field device 1, but rather be designed as program modules of a device software.
- the interaction of the identification device 3, the identity database 4 and the security device 5 ensures that protected functions of the electric field device 1, independently of the electrical data interface 2a to 2e, via which a user establishes a communication link with the electric field device 1, only by authorized users can be executed.
- This will be explained below with reference to the five data interfaces exemplified in FIG.
- a method for performing a protected function of the electric field device 1 is considered when the user of the electric field device accesses the electric field device via the local input device, that is, via the data interface 2a.
- the user uses a provided on the electric field device keypad and a display to call various functions of the electric field device.
- function menus These functions are usually arranged for easier clarity in so-called function menus, as they are known today from a wide variety of application programs in the computer sector.
- the user can navigate with the aid of the keypad through the function menu displayed on the display of the electric field device and select functions of the electric field device to be executed.
- a protected function of the electric field device such as opening an electrical power switch
- the electric field device prompts him to enter a password authorizing him to perform this protected function.
- the user inputs via the keypad the corresponding password which is added to the command data indicating the function call of the protected function of the electric field device as sender-specific data.
- the identification device receives the command data with the sender-specific data in the form of the password data and transfers this password data to the identity database 5.
- the identity database 5 uses the password data to determine sender characterization data that identifies the sender of the command data, that is, on the keypad of the electrical system Field device user, sign. This sender characterization data is returned to the identification device 3.
- the identification device 3 appends the sender characterization data to the command data for invoking the protected function of the electrical Field device 1 and transmits this record to the safety device 5.
- the safety device 5 checks whether the sender characterization data transmitted with the command data allow the desired protected function of the electric field device 1 to be executed, in this case whether the device operating on the electric field device User is authorized to open the circuit breaker.
- the safety device 5 determines a positive result, ie the user is authorized to execute the protected function, then it transmits the function call to the corresponding function module with the desired protected function of the electric field device 1, for example the function block 6d. Then the corresponding function of the electric field device 1 is executed.
- the security device 5 determines that the sender characterization data do not permit the desired protected function of the electric field device 1 to be carried out, ie the user is not authorized to execute the protected function of the electric field device 1, then it refuses to carry out the desired protected function of the electric field device 1 electric field device 1. In this case, the circuit breaker is therefore not opened via the function block 6d.
- a communication connection is established via the serial data interface 2b between the user of the electric field device 1 and the electric field device 1.
- a serial data cable can be connected to the serial interface 2b, which is connected at its other end to an external data processing device, for example a laptop.
- the user no longer enters function calls locally on the electric field device 1 via the keypad but instead uses the function via the serial data Interface 2b connected laptop.
- it can transmit a function call via the laptop to the electric field device with which certain safety-relevant parameters of the electric field device are to be changed.
- the process would be similar to the one described above for the local data interface.
- the user on the laptop would in turn be prompted for a passphrase to identify his identity.
- a check can then take place with the safety device 5 as to whether the user is authorized to execute the desired protected function of the electric field device 1, in this case to change the safety-relevant parameters of the electric field device 1. Only if the check result is positive, the corresponding function is executed and the parameter settings of the device are changed.
- a laptop in the case of electric field devices which have a USB interface could also be connected to the electric field device via the USB interface 2c and transmit the function call for executing the protected function of the electric field device via this.
- the method would run in principle as well as described to the serial interface.
- USB interface 2c to the electric field device 1
- the user with the electric field device via the local data interface, so the keypad and the display, establishes a communication connection, but in addition a passive data storage module, such as a USB stick, via the USB interface with the electric field device connects.
- the USB stick can contain key data as sender-specific data instead of the Password data to the identification device 3 are transmitted.
- the identification device 3 in interaction with the identity database 4, can determine the identity of the sender.
- the identity database 4 would thus use the sender-specific data in the form of the key data to determine sender characterization data for identifying the sender of the command data and to transmit these together with the command data to the security device 5. This in turn checks whether the sender characterization data authorize execution of the desired protected function of the electric field device 1.
- a modem Via the data interface 2d, a modem can be connected to the electric field device 1, via which a remote access to the electric field device 1 is made possible.
- a remote access can in principle be similar to a local access to the electric field device 1 via the serial data interface 2b or via the USB interface 2c.
- password data or key data would in turn be transmitted to the identification device 3 as sender-specific data.
- identification data which characterize a sender data processing device can also be transmitted to the identification device 3 as user-specific data.
- Ethernet data interface 2e of the electric field device 1 A remote access to the electric field device 1 will usually take place via the Ethernet data interface 2e. However, it is also possible to use a sender data processing direction via a comparatively short Ethernet communication cable to connect locally with the electric field device.
- a sender data processing direction via a comparatively short Ethernet communication cable to connect locally with the electric field device.
- sessionless means that no fixed communication channel is established between the sender of the command data and the receiver, ie the electric field device
- the command data is packaged, so to speak, in an envelope addressed to an addressee, in this case the electric field device, for example, the addressee is specified via a so-called IP address or a MAC address of the receiving device
- sender-specific data is provided in the form of identification data identifying the sender of the command data in the envelope
- this identification data may be a MAC address of the sender data processing specify the device.
- the identification device 3 and the identity database 4 can determine the identity of the sender or the identity of the sender data processing device. If the sender data processing device is classified as trustworthy (this would be the case, for example, if the sender data processing device is one in the identity).
- a session-based communication connection a fixed communication channel is established between the sender and the electric field device 1. This is comparable, for example, to a telephone call between two communication partners via an analog telephone line Command data transmit sender-specific data in the form of key data, on the basis of which the identity database 4 can determine the sender characterization data for identifying the sender
- the further procedure proceeds as described for the other data interfaces 2a to 2d.
- FIG. 2 shows a schematic representation of the identity database 4.
- the sender-specific data is transmitted from the identification device 3 to the identity database 4.
- the identity database 4 receives the sender-specific data.
- the identity database 4 determines the sender indicated by the sender-specific data. This can lead to a person-specific identification of the sender. In such a case, an entry in the identity database 4 must be provided for each possible user of the electric field device 1, and each possible user of the electric field device must have his own sender-specific data.
- a user type can mean "parameterizing personnel" of the electric field device.
- all users who are normally allowed to undertake parameterizing tasks of the electric field device would be assigned to the user type "parameterizing personnel”.
- Other ways of user types include “reading personnel” which may see while readings and settings of the electrical field device, but they can not change, and "In jos für episperso- nal n, may change the all settings on the electric field device, but no switching operations with the electric It is sufficient if all persons belonging to a user type transmit the same sender-specific data to the electric field device with the command data and only to a single user
- Entries in the identity database 4 the user type of the sender is determined. A more precise identification of the sender is - as mentioned above - not necessary. As a result, in particular, the commissioning phase of the electrical Field device considerably shortened, since significantly fewer entries in the identity database 4 must be made.
- type data which indicates the user type of the sender would be assigned to the sender-specific data arriving via the data input port 21 on the basis of the first assignment table 22.
- the identity database assigns to this type data according to a second allocation table 23 the access right data permitted for this user type.
- the access rights data in each case indicate those device functions of the electric field device 1 which the respective user type is permitted to carry out.
- the user type "Parametrierpersonal ⁇ access rights should be assigned, the device functions such as” read device parameters "," change device parameters ",” storage of device parameters ",” testing device parameters "correspond.
- a user type "operating personnel” would be provided access rights data for the device functions, "perform switching operation (opening) on the circuit breaker” and “perform switching operation (closing) on the circuit breaker".
- the access rights data determined in accordance with the second allocation table 23 are returned to the identification device 3 via a data output port 24 along the arrow 25.
- the security device 5 which is connected downstream of the identification device 3, can carry out the verification with respect to the authorization for carrying out the protected function.
- FIG. 3 shows a possibility, alternative to FIG. 2, of how the sender characterization data can be determined with the identity database.
- FIG. 3 essentially corresponds to FIG. 2. Therefore, the matching components of FIGS. 2 and 3 are also identified by the same reference numerals.
- the sender-specific data are transmitted from the identification device 3 along the arrow 20 to the identity database 4. These are received by the identity database 4 with the input data port 21.
- the sender-specific data is assigned the user type of the sender indicating type data.
- Role data indicates the user roles commonly represented by the corresponding user type.
- the role data indicates the task areas usually to be performed by the corresponding user type.
- the task types "Parameterization” and “Testing” can be assigned to the user type "Parameterization personnel.”
- the user type "Operator” would be assigned the role data “Execute switching action” and "Read measured values”.
- the fine granulated access right data are first assigned to this thus determined roller data on the basis of the second allocation table 23.
- the role data “perform switching operation” would be, for example, the access rights data.
- the access rights data determined in this way are transmitted to the identification device 3 as sender characterization data analogously to FIG. 2 via the data output port 24 of the identity database 4.
- the advantage of the exemplary embodiment according to FIG. 3 lies in the fact that the manufacturer of the electric field device can already largely preconfigure the identity database 4. For example, corresponding access rights data can already be assigned to all device functions, which in turn are subdivided into corresponding task areas on the basis of the second assignment table 23 and thus assigned to the corresponding role data. Ultimately only corresponding user types must be agreed with the operator of the electric field device, and appropriate role data must be assigned to these user types in accordance with the intermediate assignment table 26. As a result, the configuration phase is shortened noticeably at the operator of the electric field device. Since such configuration phases are usually associated with a very large outlay, the manufacturer's preconfiguration can save considerable costs.
- certificates which enable a signature of the command data.
- the X.509 certificate known from electronic encryption technology can be used in the currently current version 3 or a higher version.
- the certificate contains three in this case Key: a key pair of the user, consisting of a user's public key also known to the field device and a private key of the user known only to the user and a public certificate key for indicating the authenticity of the certificate.
- the electric field device checks on the basis of a public certificate key, which is transmitted with the command data, whether it has been issued by the same certification authority provided in the electric field device certificate.
- a public certificate key On the basis of this public certificate key, it is checked whether the sender has been certified by the certification authority specified for the field device 1 (or an entire automation system, of which field device 1 is a component), that is, to be classified as trustworthy. If the sender has been recognized as trustworthy, it is checked whether the sender is actually identical to the certificate holder.
- the public key of the certificate assigned to the sender is used. For this, the sender requires the private certificate key for the certificate which is only accessible to the certificate holder. The sender is therefore requested to enter any text, eg. For example, a random string to sign with its private certificate key. The validity of this signature can then be checked with the public key of the certificate.
- FIG. 4 To securely identify the sender of the command data and to form a secure communication channel, the method illustrated in FIG. 4 is performed.
- a first box 41 the operations in the electrical Field device and a second box 42, the operations on the part of the sender data processing device to the user of the electric field device.
- a first step 43 is in this case of the electric
- Field device generates a random string RND and encrypted with a public key of the user of the field device. This is done in step 44.
- the encrypted random string RND is present in the electric field device. It is, as indicated by the arrow 46, transmitted to the sender data processing device.
- the encrypted random string is present on the user's sender's data processing device and is used in step 48 by means of the private associated with the public key of the electrical user
- step 51 Entering the code string or PIN (personal identity number) activates the use of the user's private key, so to speak.
- step 49 the now decrypted random string RND is present in the sender data processing device.
- step 50 This is now re-encrypted in step 50 with the aid of the public key of the electric field device, which has been known to the user or transmitted, for example, with the command data.
- the random string RND is re-encrypted at step 52 on the sender computing device.
- step 53 this re-encrypted random string RND is transmitted back to the electric field device and is present in step 54 on the electric field device.
- step 55 the random string is decrypted using the private key of the field device.
- step 56 the random string is again present in decrypted form on the electric field device in step 56 and can be compared with the output random string according to step 43. If both random strings match, then the sender has been uniquely identified and a secure communication connection between the electric field device and the user has been established. To encrypt the data exchanged between the sender and the electric field device, the random string can be used.
- the electric field device has now determined based on the public certificate key of the user, which is transmitted with the command data, the identity of the user and verified by means of the downstream verification by means of the random string.
- the further process is analogous to the procedure described above.
- the certificate with the corresponding keys of the user can also be present, for example, on a USB stick of the user instead of on a sender data processing device, which is connected to the electric field device via the USB interface.
- the user would establish a communication connection with the electric field device via the local input device and the display on the electric field device.
- the electric field device would query the certificate on the USB stick and, as it were, between the electric field device and the user using the zeros stored on the USB stick. Certificates are established analogous to the illustrated in Figure 4 and explained above method a secure communication connection.
- the PIN entry for activating the private key according to step 51 would in this case also be made directly by the user via the input keyboard on the electric field device. This has the advantage that the user does not have to remember different password data, but only the coding string or PIN belonging to the corresponding USB stick.
Landscapes
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Engineering & Computer Science (AREA)
- Automation & Control Theory (AREA)
- Small-Scale Networks (AREA)
- Storage Device Security (AREA)
Abstract
Description
Claims
Priority Applications (5)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US12/088,600 US8132240B2 (en) | 2005-09-29 | 2005-09-29 | Electric field unit and method for executing a protected function of an electric field unit |
DE112005003771T DE112005003771A5 (de) | 2005-09-29 | 2005-09-29 | Verfahren zum Ausführen einer geschützten Funktion eines elektrischen Feldgerätes und elektrisches Feldgerät |
PCT/DE2005/001751 WO2007036178A1 (de) | 2005-09-29 | 2005-09-29 | Verfahren zum ausführen einer geschützten funktion eines elektrischen feldgerätes und elektrisches feldgerät |
CNA200580051953XA CN101297247A (zh) | 2005-09-29 | 2005-09-29 | 实施现场电气设备的被保护功能的方法以及现场电气设备 |
EP05792491A EP1932066A1 (de) | 2005-09-29 | 2005-09-29 | Verfahren zum ausführen einer geschützten funktion eines elektrischen feldgerätes und elektrisches feldgerät |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/DE2005/001751 WO2007036178A1 (de) | 2005-09-29 | 2005-09-29 | Verfahren zum ausführen einer geschützten funktion eines elektrischen feldgerätes und elektrisches feldgerät |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2007036178A1 true WO2007036178A1 (de) | 2007-04-05 |
Family
ID=36407560
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/DE2005/001751 WO2007036178A1 (de) | 2005-09-29 | 2005-09-29 | Verfahren zum ausführen einer geschützten funktion eines elektrischen feldgerätes und elektrisches feldgerät |
Country Status (5)
Country | Link |
---|---|
US (1) | US8132240B2 (de) |
EP (1) | EP1932066A1 (de) |
CN (1) | CN101297247A (de) |
DE (1) | DE112005003771A5 (de) |
WO (1) | WO2007036178A1 (de) |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE102007062915A1 (de) * | 2007-12-21 | 2009-06-25 | Endress + Hauser Process Solutions Ag | Verfahren zum Betreiben einer speicherprogrammierbaren Steuerung |
WO2009092399A1 (de) * | 2008-01-24 | 2009-07-30 | Siemens Aktiengesellschaft | Feldgerät und verfahren zu dessen betrieb |
WO2009100733A1 (de) * | 2008-02-11 | 2009-08-20 | Siemens Aktiengesellschaft | Sichere übermittlung von daten an ein feldgerät |
EP2139162A1 (de) | 2008-06-26 | 2009-12-30 | Abb Research Ltd. | Konfigurierung eines intelligenten elektronischen Geräts |
EP2247987A1 (de) * | 2008-02-25 | 2010-11-10 | Endress + Hauser Process Solutions AG | Verfahren zum betreiben eines feldgerätes |
CH706997A1 (de) * | 2012-09-20 | 2014-03-31 | Ferag Ag | Zugriffskontrolle auf Bedienmodule einer Bedieneinheit. |
DE102008022655B4 (de) | 2008-05-07 | 2018-08-09 | Sew-Eurodrive Gmbh & Co Kg | Verfahren zur sicheren Bedienung eines elektrischen Geräts und elektrisches Gerät |
CN112491929A (zh) * | 2020-12-15 | 2021-03-12 | 北京四方继保工程技术有限公司 | 一种基于数纹特征识别的信息安全方法 |
Families Citing this family (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE102014105076A1 (de) * | 2014-04-09 | 2015-10-15 | Krohne Messtechnik Gmbh | Verfahren zum gesicherten Zugriff auf ein Feldgerät |
US9946868B2 (en) * | 2015-10-12 | 2018-04-17 | Dresser, Inc. | Device functionality control |
CN106506452A (zh) * | 2016-09-30 | 2017-03-15 | 国网北京市电力公司 | 配网设备的配置方法和*** |
US20190084638A1 (en) * | 2017-09-21 | 2019-03-21 | Thomas W. Melcher | Leaning Quad-Wheeled All-Terrain Vehicle |
JP6984301B2 (ja) * | 2017-10-13 | 2021-12-17 | 横河電機株式会社 | 設定システム、設定装置、設定方法、及び設定プログラム |
EP3657285B1 (de) * | 2018-11-26 | 2023-05-10 | Siemens Aktiengesellschaft | Einbindung von technischen modulen in eine übergeordnete steuerungsebene |
EP3798754A1 (de) * | 2019-09-27 | 2021-03-31 | Siemens Schweiz AG | Verfahren zum automatischen anmelden eines benutzers an einem feldgerät und automationssystem |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE19812424A1 (de) * | 1998-03-20 | 1999-09-23 | Moeller Gmbh | Passwortschutz |
GB2368701A (en) | 2000-06-16 | 2002-05-08 | Fisher Rosemount Systems Inc | Function-based process control verification and security |
US20030182396A1 (en) * | 2002-03-22 | 2003-09-25 | Daniel Reich | Internet based distributed control system |
US20040107025A1 (en) * | 2000-11-28 | 2004-06-03 | Ransom Douglas S. | System and method for implementing XML on an energy management device |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5768119A (en) * | 1996-04-12 | 1998-06-16 | Fisher-Rosemount Systems, Inc. | Process control system including alarm priority adjustment |
US6868538B1 (en) * | 1996-04-12 | 2005-03-15 | Fisher-Rosemount Systems, Inc. | Object-oriented programmable controller |
US5909368A (en) * | 1996-04-12 | 1999-06-01 | Fisher-Rosemount Systems, Inc. | Process control system using a process control strategy distributed among multiple control elements |
US5980078A (en) * | 1997-02-14 | 1999-11-09 | Fisher-Rosemount Systems, Inc. | Process control system including automatic sensing and automatic configuration of devices |
ES2215804T3 (es) * | 2001-04-03 | 2004-10-16 | Beta Systems Software Ag | Creacion automatica de roles para un sistema de control de acceso basado en roles. |
-
2005
- 2005-09-29 DE DE112005003771T patent/DE112005003771A5/de not_active Withdrawn
- 2005-09-29 US US12/088,600 patent/US8132240B2/en active Active
- 2005-09-29 CN CNA200580051953XA patent/CN101297247A/zh active Pending
- 2005-09-29 EP EP05792491A patent/EP1932066A1/de not_active Ceased
- 2005-09-29 WO PCT/DE2005/001751 patent/WO2007036178A1/de active Application Filing
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE19812424A1 (de) * | 1998-03-20 | 1999-09-23 | Moeller Gmbh | Passwortschutz |
GB2368701A (en) | 2000-06-16 | 2002-05-08 | Fisher Rosemount Systems Inc | Function-based process control verification and security |
US20040107025A1 (en) * | 2000-11-28 | 2004-06-03 | Ransom Douglas S. | System and method for implementing XML on an energy management device |
US20030182396A1 (en) * | 2002-03-22 | 2003-09-25 | Daniel Reich | Internet based distributed control system |
Cited By (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE102007062915A1 (de) * | 2007-12-21 | 2009-06-25 | Endress + Hauser Process Solutions Ag | Verfahren zum Betreiben einer speicherprogrammierbaren Steuerung |
WO2009092399A1 (de) * | 2008-01-24 | 2009-07-30 | Siemens Aktiengesellschaft | Feldgerät und verfahren zu dessen betrieb |
WO2009100733A1 (de) * | 2008-02-11 | 2009-08-20 | Siemens Aktiengesellschaft | Sichere übermittlung von daten an ein feldgerät |
EP2247987A1 (de) * | 2008-02-25 | 2010-11-10 | Endress + Hauser Process Solutions AG | Verfahren zum betreiben eines feldgerätes |
US9141106B2 (en) | 2008-02-25 | 2015-09-22 | Endress + Hauser Process Solutions Ag | Method for operating a field device |
DE102008022655B4 (de) | 2008-05-07 | 2018-08-09 | Sew-Eurodrive Gmbh & Co Kg | Verfahren zur sicheren Bedienung eines elektrischen Geräts und elektrisches Gerät |
EP2139162A1 (de) | 2008-06-26 | 2009-12-30 | Abb Research Ltd. | Konfigurierung eines intelligenten elektronischen Geräts |
US8051215B2 (en) | 2008-06-26 | 2011-11-01 | Abb Research Ltd. | Configuring of an intelligent electronic device |
CH706997A1 (de) * | 2012-09-20 | 2014-03-31 | Ferag Ag | Zugriffskontrolle auf Bedienmodule einer Bedieneinheit. |
CN112491929A (zh) * | 2020-12-15 | 2021-03-12 | 北京四方继保工程技术有限公司 | 一种基于数纹特征识别的信息安全方法 |
CN112491929B (zh) * | 2020-12-15 | 2023-06-20 | 北京四方继保工程技术有限公司 | 一种基于数纹特征识别的信息安全方法 |
Also Published As
Publication number | Publication date |
---|---|
US8132240B2 (en) | 2012-03-06 |
DE112005003771A5 (de) | 2008-08-28 |
US20080282332A1 (en) | 2008-11-13 |
CN101297247A (zh) | 2008-10-29 |
EP1932066A1 (de) | 2008-06-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2007036178A1 (de) | Verfahren zum ausführen einer geschützten funktion eines elektrischen feldgerätes und elektrisches feldgerät | |
EP2250598B1 (de) | Client/server-system zur kommunikation gemäss dem standardprotokoll opc ua und mit single sign-on mechanismen zur authentifizierung sowie verfahren zur durchführung von single sign-on in einem solchen system | |
EP1883867A1 (de) | Verfahren zum einstellen eines elektrischen feldgerätes | |
EP3582033B1 (de) | Verfahren zur gesicherten bedienung eines feldgeräts | |
WO2011113651A1 (de) | Verfahren und vorrichtung zum bereitstellen mindestens eines sicheren kryptographischen schlüssels | |
DE102013106119A1 (de) | Hierarchisches Authentifizierungs- und Autorisierungssystem | |
DE102016200382A1 (de) | Verfahren zur Überprüfung einer Sicherheitseinstufung eines ersten Geräts mit Hilfe eines digitalen Zertifikats, ein erstes und zweites Gerät sowie eine Zertifikat-Ausstellungsvorrichtung | |
EP2548358B1 (de) | Verfahren zur dynamischen autorisierung eines mobilen kommunikationsgerätes | |
DE10200681B4 (de) | Temporäre Zugansberechtigung zum Zugriff auf Automatisierungseinrichtungen | |
EP2929665B1 (de) | Verfahren, anordnung zur verarbeitung von informationen in einem haushaltsgerät sowie haushaltsgerät | |
EP4054143A1 (de) | Authentifizieren eines gerätes in einem kommunikationsnetz einer automatisierungsanlage | |
EP1496664A2 (de) | Vorrichtung und Verfahren sowie Sicherheitsmodul zur Sicherung eines Datenzugriffs eines Kommunikationsteilnehmers auf mindestens eine Automatisierungskomponente eines Automatisierungssystems | |
DE102016120306A1 (de) | Verfahren und System zum Aktivieren zumindest einer Bedien-/Parametrierfunktion eines Feldgerätes der Automatisierungstechnik | |
WO2013164042A1 (de) | Sicherung eines energiemengenzählers gegen unbefugten zugriff | |
DE102011081803A1 (de) | Verfahren und System zum Bereitstellen von gerätespezifischen Eigenschaftsdaten für ein Automatisierungsgerät einer Automatisierungsanlage | |
DE102022113080A1 (de) | Sicherheitszuhaltung | |
EP2446599B1 (de) | Gegen manipulation geschützte datenübertragung zwischen automatisierungsgeräten | |
DE10107883B4 (de) | Verfahren zur Übertragung von Daten, Proxy-Server und Datenübertragungssystem | |
EP2243058A1 (de) | Sichere übermittlung von daten an ein feldgerät | |
EP2618522A1 (de) | Verfahren zum rechnergestützten Entwurf einer Automatisierungsanlage | |
WO2010124707A1 (de) | Zugriffssteuerung für automatisierungsgeräte | |
EP4147096A1 (de) | Nachrüstmodul für ein feldgerät und modular aufgebautes feldgerät | |
EP3816946A1 (de) | Zutrittskontrollsystem für ein gebäude sowie ein entsprechendes verfahren | |
EP3937451B1 (de) | Verfahren zu herstellung einer verschlüsselten verbindung | |
DE202020005937U1 (de) | Nachrüstmodul für ein Feldgerät und modular aufgebautes Feldgerät |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WWE | Wipo information: entry into national phase |
Ref document number: 200580051953.X Country of ref document: CN |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
WWE | Wipo information: entry into national phase |
Ref document number: 2005792491 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 1179/KOLNP/2008 Country of ref document: IN |
|
WWE | Wipo information: entry into national phase |
Ref document number: 1120050037711 Country of ref document: DE |
|
WWP | Wipo information: published in national office |
Ref document number: 2005792491 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 12088600 Country of ref document: US |
|
REF | Corresponds to |
Ref document number: 112005003771 Country of ref document: DE Date of ref document: 20080828 Kind code of ref document: P |