WO2014094982A1 - Commissioning system and method for a secure exchange of sensitive information for the commissioning and configuring of technical equipment - Google Patents

Commissioning system and method for a secure exchange of sensitive information for the commissioning and configuring of technical equipment Download PDF

Info

Publication number
WO2014094982A1
WO2014094982A1 PCT/EP2013/003657 EP2013003657W WO2014094982A1 WO 2014094982 A1 WO2014094982 A1 WO 2014094982A1 EP 2013003657 W EP2013003657 W EP 2013003657W WO 2014094982 A1 WO2014094982 A1 WO 2014094982A1
Authority
WO
WIPO (PCT)
Prior art keywords
commissioning
network
adapter
communication
wireless
Prior art date
Application number
PCT/EP2013/003657
Other languages
French (fr)
Inventor
Dirk Schulz
Ravish Kumar
Thomas Ruschival
Original Assignee
Abb Ag
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Abb Ag filed Critical Abb Ag
Publication of WO2014094982A1 publication Critical patent/WO2014094982A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • H04L41/0806Configuration setting for initial configuration or provisioning, e.g. plug-and-play
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0431Key distribution or pre-distribution; Key agreement
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0433Key management protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0492Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload by using a location-limited connection, e.g. near-field communication or limited proximity of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/50Service provisioning or reconfiguring
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/70Services for machine-to-machine communication [M2M] or machine type communication [MTC]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/80Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/18Self-organising networks, e.g. ad-hoc networks or sensor networks
    • H04W84/22Self-organising networks, e.g. ad-hoc networks or sensor networks with access to wired networks
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02PCLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
    • Y02P90/00Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
    • Y02P90/02Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]

Definitions

  • the invention relates to a commissioning system and a method for the secure and/or fail-safe or reliable exchange of sensitive information for the commissioning and configuration of technical equipment, in particular of a plant or process automation system, by means of wireless connections according to the preamble of the independent claims.
  • wireless connections which intrinsically seem to be unsecure in real practice, may still be used securely by applying specific communication means, in particular interfaces, and restrictions.
  • WirelessHART as a new communication standard in industrial automation introduces a number of new challenges compared to classical wired communication, which have to be addressed at an early stage in the respective Device Management System (DMS) during topology engineering and commissioning.
  • DMS Device Management System
  • the DMS requires instances for gateways and devices and must reflect the logical communication topology from the previous network layout.
  • security measures defined in the HART standard introduce additional complexity into the commissioning workflow.
  • WirelessHART WirelessHART
  • the WirelessHART standard defines mandatory authentication and encryption mechanisms for the wireless communication. It further requires that the related encryption keys are exchanged through secure connections. Wired FSK (Frequency Shift Keying) communication is considered to fulfill this security requirement, are even fully autonomous wireless devices must provide a corresponding interface. Just like any other device parameter, also encryption keys may be pre-parameterized by the device manufacturer.
  • WirelessHART uses symmetric encryption, namely usage of the same key for encryption and decryption, for the authentication and communication between field devices and wireless access points. Corresponding keys must be available within both the gateway and the field device that wish to communicate.
  • a gateway receives an individual join key per device. To validate a join request, it requires a list of join keys and corresponding device IDs (hardware addresses). There is no way to disable encryption and authentication, but for ease of use the security level can be lowered. A common join key may then be shared between the devices in a network, and any device with a valid key is allowed to join.
  • the WirelessHART - devices must be connected to a "join key source", for example a commissioning station/engineering/handheld, via a secure connection or communication line.
  • Said connection typically is realized via a wired FSK Modem connection or a short-range IR connection, which all devices must support, even fully autonomous ones.
  • a HMI (human machine interface) port is also technically possible, but not standardized among manufacturers. Any wired port must be exposed during commissioning, whereby only the non-standard HMI port allows the device to remain closed.
  • the object of the invention is to provide an enhanced possibility for the secure exchange and easy management of sensitive information of technical equipment and in particular field devices by use of wireless connections, in particular also for wide range exchange.
  • the invention relates to a commissioning system for a secure exchange of sensitive information for the commissioning and/or configuring of technical equipment, in particular field devices of a process automation system or plant automation system, comprising at least two components and/or devices, in particular field devices, using communication means to secure a wireless communication without the need to use higher protocol layers, like in particular authentication or encryption functionalities, wherein the communication means comprise a commissioning device and a commissioning network, in particular a commissioning network comprising a regular wireless gateway which in the wireless management system is integrated like a multi-drop wired modem, and/or a key storage device for dedicated join key storage and/or generation is provided, which key storage device comprises a storage unit for a number of key/device and network IDs and is connectable to an engineering client and/or the commissioning device via a wired or wireless short range connection, in particular a handheld and/or USB stick with at least one of a FSK (Frequency Shift Keying)-, RFID-, IR-interface or HMI (Human
  • the at least two components or devices may be "regular” field devices but also dedicated “care-free” routers, providing an adapter and an energy source, in particular a battery or an accumulator and/or a photovoltaic or solar cell.
  • fully autonomous devices which in particular are equipped with wireless communication and autonomous energy sources, for example like batteries, which might physically be hard to access because of their site of operation or place of installation, and accordingly do not need or do not have to be accessed or opened and connected through a wired interface.
  • the communication between devices in particular field devices , for example from specific and/or special WirelessHART gateways, from WirelessHART handhelds, or from handhelds supporting IR or RFID communication providing near-range communication, wherein a handheld may be any type of smartphone, mobile, tablet PC, net- book, PDA (personal digital assistant) or mobile computer, may be treated as being relatively secure.
  • field devices for example from specific and/or special WirelessHART gateways, from WirelessHART handhelds, or from handhelds supporting IR or RFID communication providing near-range communication, wherein a handheld may be any type of smartphone, mobile, tablet PC, net- book, PDA (personal digital assistant) or mobile computer, may be treated as being relatively secure.
  • the system according to the invention allows a pre-parameterization or installation or putting into operation / commissioning of wireless - devices, in particular WirelessHART - devices for example by use of a portable commissioning device or station or handheld, in general a portable data processing device or unit, in a secure environment.
  • Secure in the context of this application means with high safety from interception but also a relatively high data or information transfer rate and/or a relatively high data or information transfer quality and/or high connectivity, independent from the circumstances and the environmental conditions in the plant or field.
  • the system provides a time efficient, in particular with a reduced or minimized join time, flexible, secure and reliable interface or communication interface respectively and access to different type of distributed, in particular wireless or non-wireless, field devices in particular in a plant or field with a relatively high distance in between the different devices and/or with a relatively high pollution and/or dirt and/or dangerous environment, for example high temperatures and/or pressures, and/or high voltages, so that wired connections or cable connections would require an extended wide range cable net, which cables and/or cable connection might be damaged during operation of the plant and accordingly may not work properly anymore. Furthermore, assembly of the wired network as well as its maintenance will take a lot of effort and material.
  • the invention allows a reduction of and/or minimizes the join time and/or commission time for one or more field devices arranged in a plant or field in industrial automation industry.
  • the communication means to secure wireless communication comprise properties of a physical layer and/or link layer and/or measurements.
  • physical layer describes the first and lowest layer in the seven-layer OSI model (Open System Interconnection Reference Model).
  • the physical layer accordingly comprises all the basic networking hardware transmission technologies of a network and all the necessary means for implementing said technologies and in particular for transmitting raw bits as well as logical data packets over physical link connecting network nodes, whereas the data which have to be transmitted are converted to a physical signal that may be transmitted.
  • identification means are provided, which use device identification information to determine the trustworthiness of a communication partner.
  • verification means are provided to introduce a verification step executed by a human to yet increase the attained level of security.
  • the system comprises communication means which provide or include a commissioning network, in particular a commissioning network comprising a regular wireless gateway which in the wireless management system is integrated like a multi-drop wired modem, wherein said dedicated commissioning network, in particular a Wire- lessHART Network, uses a well-known Network ID and a shared Join Key and which network is not used for any production purpose whatsoever, and wherein the devices joined in this network are visible to the integration component for the wireless network implemented by the gateway, for example, an FDT (Field Device Tool) communication DTM (Device Type Manager) or an FDI (Field Device Integration) communication device or server, in the same manner as devices connected to an FSK (Frequency Shift Keying) modem, thus any such device may be assigned to the target network, in particular
  • FDT Field Device Tool
  • DTM Device Type Manager
  • FDI Field Device Integration
  • this commissioning network can be shared between all communication DTMs and/or FDIs and/or communication servers, wherein device assignment is a manual task and accordingly not more than one such DTM (Device Type Manager) or FDI or communication server might be opened at a time and communicates with the gateway.
  • DTM Device Type Manager
  • a device which initiates and/or executes a reset of the Network ID and Join Key to the well- known values, a so called soft reset, in particular by demand or request or rule based or signal based.
  • a device is provided which supports and initiates and/or executes a "hard reset of the security data" to the default values using for example magnetic pins at the respective HMI (Human Machine Interface).
  • the antenna of the commissioning gateway is enclosed in a radio-shielded tube, in particular made of plastic with embedded metal mesh, and connected via cable to the gateway.
  • a radio-shielded tube in particular made of plastic with embedded metal mesh, and connected via cable to the gateway.
  • this tube is simply put over the device antenna, resulting in secure and directed or targeted, almost vectored, communication already on the physical layer.
  • a handheld wherein the commissioning network is provided by a wireless handheld.
  • the term "handheld” is synonymously used for all type of handheld devices or handheld computer, in particular mobile computers and/or mobile phones and /or cell phones and or smart phones and /or PDA ' s and /or handhelds or handheld organizers and or tablet computer, whereas a handheld is a relatively small hand-held computing device with an operating system and a power supply, in particular a battery or rechargeable accumulator power source.
  • IR infrared
  • RFID radio frequency identification
  • a RFID key storage may be provided, wherein an RFID chip stores the join key.
  • This key can, contrary to WirelessHART, be read from the chip but only from about half a meter of distance, what still seems to be very secure, in particular in view of the risk of tapping or interception. Presuming that the RFID chip still works even in a damaged device, device exchange on location is possible without any connection to the device management system; the handheld can read the key from the old device and download it into the replacement device.
  • a key storage device for dedicated key storage and/or generation is provided, which contains a storage unit for a number of key/device and network IDs and which is connected to the engineering client and the commissioning device respectively, in particular via USB, to receive a list of key/ID triples.
  • the respective commissioning engineer may simply walk by each all wireless devices and establish a connection with each at one time, which will automatically cause the download of the key/network ID pair to a device whose ID is in the list.
  • USB stick with any of the previously described interfaces at the other end, like in particular FSK, RFID, IR, HMI Port or the like.
  • a commissioning/maintenance adapter in particular a "pre- secured portable wireless" connection device, for an HMI Port is provided as commissioning device, comprising a WirelessHART adapter equipped with an HMI interface so it can be plugged directly onto the device to provide wireless connectivity during commissioning or maintenance.
  • the FDT DTM Field Device Tool Device Type Manager
  • the FDT DTM Field Device Tool Device Type Manager
  • Said roaming adapter avoids the need for a handheld when distributing join keys to wireless devices, in particular wireless devices which have their own wireless connection once they have received the keys and/or in hybrid plants, where only some devices use wireless communication technologies, to parameterize the wired devices in the same way as the wireless ones.
  • a secure connectivity over unsecure channels for all variants of key distribution and device parameterization is provided, using either standardized interfaces or the ABB HMI interface.
  • the commissioning adapter may be used for configuring a wired or wireless device wirelessly.
  • the commissioning adapter is equipped with at least two interfaces, in particular comprising a wireiessHART- and a FSK- interface.
  • the commissioning adapter communicates with the wireiessHART gateway using the wireiessHART interface and device, which needs to be configured, using FSK interface.
  • the commissioning adapter provides more flexibility and mobility for remotely device configuration and secure handing of network credentials.
  • An exemplary setup is shown in Fig. 1.
  • the commissioning adapter is acting in a similar way like the other WireiessHART field devices. It joins the wireiessHART network in the same manner as specified in wireiessHART standard. After joining the network it will be used as remote device configurator.
  • the device which needs to be commissioned should have connection with
  • the device commissioning related commands can be sent to the commissioning adapter via the wireiessHART Gateway. After receiving the commissioning command, the commissioning adapter will start the device commissioning operation and will send back the command execution result to the engineering workplace via response message.
  • the commissioning adapter can have at least one of a RFID- or IR- HMI-Port or a combination thereof to establish or provide a connection to the field device which needs to be commissioned.
  • a commissioning adapter by means of a commissioning adapter a secure network credentials handling may be provided, wherein from an engineering workplace the distribution of device network credentials is initiated and executed in a completely secure manner.
  • a remote device diagnostic and troubleshooting operation is performed, wherein the commissioning adapter diagnoses the field device on the site location and sends the diagnostic information remotely to the network manager.
  • an easy commissioning is provided by means of the commissioning adapter because device commissioning workflow will be easy as there is no need to use a handheld device for importing/exporting device credentials.
  • join time of a device may be reduced and/or minimized.
  • the radio transmissions in the physical layer are influenced without any modification to the field device to restrict the transmissions to a secure area. This is done by various means and at least one of setting transmission power to a level sufficiently high for local communication but low enough so communication cannot be overheard from outside of the commissioning area; encasing at least the antenna, if not the entire device, of device and gateway in a common, shielded housing; restricting the radio direction of device and gateway by shields/reflectors which are not part of the device but for the gateway may be part of a static gateway setup.
  • the required interaction by the respective user according to the invention is a simple plug & play. Compared to a state-of-the-art handheld no manual parameterization task is needed, no knowledge of join keys is required. By integrating the secure connectivity with the DCS engineering clients, the join keys never need to be exposed or disclosed to a user.
  • the invention relates to a method for a secure exchange of sensitive information of technical equipment, in particular by use of a system according to the invention as described above, whereas a secure wireless communication between at least two components and/or devices, in particular field devices, is provided and established by using communication means to ensure a secure near-range communication, in particular by restricting communication signals to a secure area and determining if a device is within a certain area and allow communication if it is or refuse to communicate if it is not, without the need to use higher protocol layers, like in particular authentication or encryption functionalities.
  • device identification information is used to determine the trustworthiness of a communication partner.
  • a verification step is executed by a human to yet increase the attained level of security.
  • the radio transmissions in the physical layer are influenced without any modification to the field device to restrict the transmissions to a secure area.
  • this is done by various means and at least one of setting transmission power to a level sufficiently high for local communication but low enough so communication cannot be overheard from outside of the commissioning area; encasing at least the antenna, if not the entire device, of device and gateway in a common, shielded housing; restricting the radio direction of device and gateway by shields/reflectors which are not part of the device but for the gateway may be part of a static gateway setup.
  • the method for a secure exchange of sensitive information of technical equipment is applied to a commissioning network with a wireless gateway and uses a well-known Network ID and a shared Join Key wherein the devices joined in this network are visible to the respective Communication DTM (device type manager) for the wireless gateway in the same manner as devices connected to an FSK (Frequency Shift Keying) modem, thus any such device may be assigned to the target network, in particular by a commissioning engineer, and to secure this process, the identification information, in particular the device type, the manufacturer, the serial number or the like, or the device proximity to the commissioning network can be used by man or machine to check the legitimacy of the device; the latter is achieved by evaluating receive signal levels and used transmission energy.
  • FSK defines a common frequency modulation technique.
  • this commissioning network can be shared between all Communication DTMs and/or FDIs and/or communication servers, wherein device assignment is a manual task and accordingly not more than one such DTM or FDI or communication server might be opened at a time and communicates with the gateway.
  • a handheld wherein the commissioning network is provided by a wireless handheld.
  • the term "handheld” is synonymously used for all type of handheld devices or handheld computer, in particular mobile computers and/or mobile phones and /or cell phones and or smart phones and /or PDA ' s and/or handhelds or handheld organizers and or tablet computer, whereas a handheld is a relatively small hand-held computing device with an operating system and a power supply, in particular a battery or rechargeable accumulator power source.
  • IR infrared
  • RFID radio frequency identification
  • a RFID key storage may be provided, wherein an RFID chip stores the join key.
  • This key can, contrary to WirelessHART, be read from the chip but only from about half a meter of distance, what still seems to be very secure, in particular in view of the risk of tapping or interception. Presuming that the RFID chip still works even in a damaged device, device exchange on location is possible without any connection to the device management system; the handheld can read the key from the old device and download it into the replacement device.
  • a number of key/device and network IDs may be retrieved and accessed via a key storage, for example acommissioning and/or handheld device for dedicated key storage and/or generation, which contains a storage unit for said key/device and network ID's and which is connected to the engineering client to receive a list of key/ID triples.
  • a key storage for example acommissioning and/or handheld device for dedicated key storage and/or generation, which contains a storage unit for said key/device and network ID's and which is connected to the engineering client to receive a list of key/ID triples.
  • a connection with each wireless device may be established at one time, which will automatically initiate and cause the download of the key/network ID pair to a device whose ID is the list.
  • this key storage/commissioning device or handheld could be a USB stick with any of the previously described interfaces at the other end, like in particular FSK, RFID, IR, HMI Port or the like.
  • a commissioning/maintenance adapter in particular a "pre- secured portable wireless" connection device, for a maintenance port, comprising a WirelessHART adapter equipped with an FSK interface so it can be plugged directly onto the device to provide wireless connectivity during commissioning or maintenance.
  • the FDT DTM field device tool device type manager
  • the FDT DTM field device tool device type manager
  • Said roaming adapter avoids the need for a handheld when distributing join keys to wireless devices, in particular wireless devices which have their own wireless connection once they have received the keys and/or in hybrid plants, where only some devices use wireless communication technologies, to parameterize the wired devices in the same way as the wireless ones.
  • a secure connectivity over unsecure channels for all variants of key distribution and device parameterization is provided, using either standardized interfaces or the ABB HMI interface.
  • the required interaction by the respective user according to the invention is a simple plug & play. Compared to a state-of-the-art handheld no manual parameterization task is needed, no knowledge of join keys is required. By integrating the secure connectivity with the DCS (distributed control system) engineering clients, the join keys never need to be exposed or disclosed to a user.
  • DCS distributed control system
  • the figure 1 discloses a commissioning system for a secure exchange of sensitive information of technical equipment by use of at least one wireless connection comprising communication means which provide or include a commissioning network, wherein said dedicated commissioning network uses a well-known Network ID and a shared Join Key and which network is not used for any production purpose whatsoever, and wherein the devices 1 ,4,6,8, joined in this network are visible to the integration component for the wireless network or gateway such as a communication DTM (device type manager) or FDI gateway or communication device package instance for the WirelessHART Gateway 1 in the same manner as devices connected to an FSK (frequency shift keying) modem, thus any such device may be assigned to the target network, in particular by a commissioning engineer.
  • a communication DTM device type manager
  • FDI gateway communication device package instance for the WirelessHART Gateway 1
  • the commissioning system for a secure exchange of sensitive information of technical equipment comprises at least three field devices 4,6,8 and
  • communication means comprise a commissioning device and a wireless Hart network as commissioning network comprising a regular WirelessHART gateway 1 which in the wireless management system is integrated like a multi-drop wired modem, wherein a commissioning / maintenance adapter 10 for an HMI Port, in particular an FSK interface 12, is provided as commissioning device, comprising a WirelessHART adapter so it can be plugged directly onto the respective field device 4 to provide wireless connectivity during commissioning and/or maintenance, so that no join key or network credentials have to be exchanged.
  • the commissioning adapter 10 may be used for configuring a wired or wireless device wirelessly, wherein the commissioning adapter is equipped with at least two interfaces, in particular comprising a WirelessHART- and a FSK- interface 12, wherein the commissioning adapter 10 communicates with the WirelessHART gateway 1 of the commissioning network using the WirelessHART interface and with the respective field device 4, which needs to be configured and/or commissioned using the FSK interface 12.
  • the commissioning adapter 10 is acting in a similar way like the other WirelessHART field devices and joins the WirelessHART network in the same man- ner as specified in WirelessHART standard, wherein after joining the network it will be used as remote device configurator, wherein device commissioning related commands may be send to the commissioning adapter via the commissioning network gateway and in particular the WirelessHART gateway and wherein after receiving the commissioning command, the commissioning adapter will start the device commissioning operation and will send back the command execution result to the engineering workplace via response message.
  • a secure network credentials handling may be provided, wherein from the engineering workplace the distribution of device network credentials is initiated and executed in a completely secure manner.
  • a remote device diagnostic and troubleshooting operation is performed by the commissioning adapter, wherein the commissioning adapter diagnoses the field device on the site location and sends the diagnostic information remotely to the respective network manager.
  • a commissioning network in particular a commissioning network comprising a regular wireless gateway which in the wireless management system is integrated like a multidrop wired modem, and a commissioning device is provided, wherein the commissioning device is connected to the field device which has to be commissioned and is connected to the commissioning network so that information can be exchanged and communication can be established between the at least one field device and the commissioning device and/or commissioning network securely, in particular to exchange one or more join keys and/or ID triples and/or commissioning commands and/or parameters.
  • the commissioning network is shared between all Communication DTMs, wherein device assignment is a manual task and accordingly not more than one such DTM might be opened at
  • the present invention also comprises any combination of preferred embodiments as well as individual features and developments provided they do not exclude each other.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Selective Calling Equipment (AREA)

Abstract

The invention relates to a commissioning system and corresponding method for a secure exchange of sensitive information for the commissioning and/or configuring of technical equipment comprising at least two components and/or devices, in particular field devices using communication means to secure a wireless communication, in particular without the need to use higher protocol layers, like for example authentication or encryption functionalities, wherein the communication means comprise a commissioning device and a commissioning network, in particular a commissioning network comprising a regular wireless gateway which in the wireless management system is integrated like a multi-drop wired modem, and/or a key storage device for dedicated join key storage and/or generation is provided, which key storage device comprises a storage unit for a number of key/device and network IDs and is connectable to an engineering client and/or the commissioning device via a wired or wireless short range connection, in particular a handheld and/or USB stick with at least one of a FSK-, RFID-, IR-interface or HMI Port or the like, to receive and/or store one or more join keys and/or ID triples.

Description

Commissioning system and method for a secure exchange of sensitive information for the commissioning and configuring of technical equipment
Description
The invention relates to a commissioning system and a method for the secure and/or fail-safe or reliable exchange of sensitive information for the commissioning and configuration of technical equipment, in particular of a plant or process automation system, by means of wireless connections according to the preamble of the independent claims. According to the invention wireless connections which intrinsically seem to be unsecure in real practice, may still be used securely by applying specific communication means, in particular interfaces, and restrictions.
The use of WirelessHART as a new communication standard in industrial automation introduces a number of new challenges compared to classical wired communication, which have to be addressed at an early stage in the respective Device Management System (DMS) during topology engineering and commissioning.
As for wired communication, the DMS requires instances for gateways and devices and must reflect the logical communication topology from the previous network layout. Unlike wired communication, security measures defined in the HART standard introduce additional complexity into the commissioning workflow.
Highlights of the WirelessHART solution are for example the efficient and seamless handling of wireless devices in the DMS; for matters of topology engineering and commissioning, they largely appear just like wired HART devices with the same (even less) effort. The WirelessHART standard defines mandatory authentication and encryption mechanisms for the wireless communication. It further requires that the related encryption keys are exchanged through secure connections. Wired FSK (Frequency Shift Keying) communication is considered to fulfill this security requirement, are even fully autonomous wireless devices must provide a corresponding interface. Just like any other device parameter, also encryption keys may be pre-parameterized by the device manufacturer.
WirelessHART uses symmetric encryption, namely usage of the same key for encryption and decryption, for the authentication and communication between field devices and wireless access points. Corresponding keys must be available within both the gateway and the field device that wish to communicate.
In the most secure setting, a gateway receives an individual join key per device. To validate a join request, it requires a list of join keys and corresponding device IDs (hardware addresses). There is no way to disable encryption and authentication, but for ease of use the security level can be lowered. A common join key may then be shared between the devices in a network, and any device with a valid key is allowed to join.
Accordingly, during (re-)commissioning or pre-parameterization or installation or putting into operation the WirelessHART - devices must be connected to a "join key source", for example a commissioning station/engineering/handheld, via a secure connection or communication line. Said connection typically is realized via a wired FSK Modem connection or a short-range IR connection, which all devices must support, even fully autonomous ones. A HMI (human machine interface) port is also technically possible, but not standardized among manufacturers. Any wired port must be exposed during commissioning, whereby only the non-standard HMI port allows the device to remain closed.
Since existing join keys cannot be read back from any device through any port, the pre-parameterization of keys requires that they are distributed through another chan- nel, which finally leads to additional effort, potentials and higher risk for mistakes, and diminishes the security.
Similar problems are also valid for the existing Handhelds, which solely allow keys to be entered manually. They have no FDT (Field Device Tool) or FDI (Field Device Integration) integration to exchange the keys with an engineering client.
Therefore, the object of the invention is to provide an enhanced possibility for the secure exchange and easy management of sensitive information of technical equipment and in particular field devices by use of wireless connections, in particular also for wide range exchange.
This object is achieved and solved by a commissioning system for a secure exchange of sensitive information for the commissioning and/or configuration of technical equipment by means of a commissioning device according to the features of claim 1. Advantageous embodiments and developments as well as a corresponding method are disclosed in the description and further claims.
The invention relates to a commissioning system for a secure exchange of sensitive information for the commissioning and/or configuring of technical equipment, in particular field devices of a process automation system or plant automation system, comprising at least two components and/or devices, in particular field devices, using communication means to secure a wireless communication without the need to use higher protocol layers, like in particular authentication or encryption functionalities, wherein the communication means comprise a commissioning device and a commissioning network, in particular a commissioning network comprising a regular wireless gateway which in the wireless management system is integrated like a multi-drop wired modem, and/or a key storage device for dedicated join key storage and/or generation is provided, which key storage device comprises a storage unit for a number of key/device and network IDs and is connectable to an engineering client and/or the commissioning device via a wired or wireless short range connection, in particular a handheld and/or USB stick with at least one of a FSK (Frequency Shift Keying)-, RFID-, IR-interface or HMI (Human Machine Interface) Port or the like, to receive and/or store one or more join keys and/or ID triples and/or commissioning commands and/or parameters.
The at least two components or devices may be "regular" field devices but also dedicated "care-free" routers, providing an adapter and an energy source, in particular a battery or an accumulator and/or a photovoltaic or solar cell. In particular fully autonomous devices, which in particular are equipped with wireless communication and autonomous energy sources, for example like batteries, which might physically be hard to access because of their site of operation or place of installation, and accordingly do not need or do not have to be accessed or opened and connected through a wired interface.
The communication between devices, in particular field devices , for example from specific and/or special WirelessHART gateways, from WirelessHART handhelds, or from handhelds supporting IR or RFID communication providing near-range communication, wherein a handheld may be any type of smartphone, mobile, tablet PC, net- book, PDA (personal digital assistant) or mobile computer, may be treated as being relatively secure.
Moreover, the system according to the invention, in particular using WirelessHART technology, allows a pre-parameterization or installation or putting into operation / commissioning of wireless - devices, in particular WirelessHART - devices for example by use of a portable commissioning device or station or handheld, in general a portable data processing device or unit, in a secure environment. Secure in the context of this application means with high safety from interception but also a relatively high data or information transfer rate and/or a relatively high data or information transfer quality and/or high connectivity, independent from the circumstances and the environmental conditions in the plant or field.
The system provides a time efficient, in particular with a reduced or minimized join time, flexible, secure and reliable interface or communication interface respectively and access to different type of distributed, in particular wireless or non-wireless, field devices in particular in a plant or field with a relatively high distance in between the different devices and/or with a relatively high pollution and/or dirt and/or dangerous environment, for example high temperatures and/or pressures, and/or high voltages, so that wired connections or cable connections would require an extended wide range cable net, which cables and/or cable connection might be damaged during operation of the plant and accordingly may not work properly anymore. Furthermore, assembly of the wired network as well as its maintenance will take a lot of effort and material.
Furthermore, the invention allows a reduction of and/or minimizes the join time and/or commission time for one or more field devices arranged in a plant or field in industrial automation industry.
This might be the case for example in an offshore park environment and/or in the oil, gas and minerals site or industry, in particular a roller plant and/or in the chemical or pharmaceutical industry.
Furthermore, the communication means to secure wireless communication comprise properties of a physical layer and/or link layer and/or measurements.
In the context of this invention the term physical layer describes the first and lowest layer in the seven-layer OSI model (Open System Interconnection Reference Model).
The physical layer accordingly comprises all the basic networking hardware transmission technologies of a network and all the necessary means for implementing said technologies and in particular for transmitting raw bits as well as logical data packets over physical link connecting network nodes, whereas the data which have to be transmitted are converted to a physical signal that may be transmitted.
In a further refinement, identification means are provided, which use device identification information to determine the trustworthiness of a communication partner.
In a further refinement, verification means are provided to introduce a verification step executed by a human to yet increase the attained level of security. According to one embodiment of the system for a secure exchange of sensitive information of technical equipment at least one wireless connection is used, wherein the system comprises communication means which provide or include a commissioning network, in particular a commissioning network comprising a regular wireless gateway which in the wireless management system is integrated like a multi-drop wired modem, wherein said dedicated commissioning network, in particular a Wire- lessHART Network, uses a well-known Network ID and a shared Join Key and which network is not used for any production purpose whatsoever, and wherein the devices joined in this network are visible to the integration component for the wireless network implemented by the gateway, for example, an FDT (Field Device Tool) communication DTM (Device Type Manager) or an FDI (Field Device Integration) communication device or server, in the same manner as devices connected to an FSK (Frequency Shift Keying) modem, thus any such device may be assigned to the target network, in particular by a commissioning engineer, and to secure this process, the identification information, in particular the device type, the manufacturer, the serial number or the like, or the device proximity to the commissioning network can be used by man or machine to check the legitimacy of the device; the latter is achieved by evaluating receive signal levels and used transmission energy. FSK defines a common frequency modulation technique.
In a further embodiment this commissioning network can be shared between all communication DTMs and/or FDIs and/or communication servers, wherein device assignment is a manual task and accordingly not more than one such DTM (Device Type Manager) or FDI or communication server might be opened at a time and communicates with the gateway.
Furthermore, as part of decommissioning in a further refinement a device is provided which initiates and/or executes a reset of the Network ID and Join Key to the well- known values, a so called soft reset, in particular by demand or request or rule based or signal based. Generally, in a further embodiment of the invention a device is provided which supports and initiates and/or executes a "hard reset of the security data" to the default values using for example magnetic pins at the respective HMI (Human Machine Interface).
In a further refinement the antenna of the commissioning gateway is enclosed in a radio-shielded tube, in particular made of plastic with embedded metal mesh, and connected via cable to the gateway. When connecting a device, this tube is simply put over the device antenna, resulting in secure and directed or targeted, almost vectored, communication already on the physical layer.
In another embodiment of the invention a handheld is provided, wherein the commissioning network is provided by a wireless handheld. In view of this disclosure and invention the term "handheld" is synonymously used for all type of handheld devices or handheld computer, in particular mobile computers and/or mobile phones and /or cell phones and or smart phones and /or PDA's and /or handhelds or handheld organizers and or tablet computer, whereas a handheld is a relatively small hand-held computing device with an operating system and a power supply, in particular a battery or rechargeable accumulator power source.
In a further refinement IR (infrared) or RFID (radio frequency identification) connections and near-range communication is supported by the device according to the invention, wherein a handheld or an engineering client is equipped with a corresponding interface and accordingly information can be exchanged securely.
Furthermore, a RFID key storage may be provided, wherein an RFID chip stores the join key. This key can, contrary to WirelessHART, be read from the chip but only from about half a meter of distance, what still seems to be very secure, in particular in view of the risk of tapping or interception. Presuming that the RFID chip still works even in a damaged device, device exchange on location is possible without any connection to the device management system; the handheld can read the key from the old device and download it into the replacement device. In a further refinement a key storage device for dedicated key storage and/or generation is provided, which contains a storage unit for a number of key/device and network IDs and which is connected to the engineering client and the commissioning device respectively, in particular via USB, to receive a list of key/ID triples.
Furthermore, in the field, the respective commissioning engineer may simply walk by each all wireless devices and establish a connection with each at one time, which will automatically cause the download of the key/network ID pair to a device whose ID is in the list.
In essence this could be a USB stick with any of the previously described interfaces at the other end, like in particular FSK, RFID, IR, HMI Port or the like.
In another embodiment a commissioning/maintenance adapter, in particular a "pre- secured portable wireless" connection device, for an HMI Port is provided as commissioning device, comprising a WirelessHART adapter equipped with an HMI interface so it can be plugged directly onto the device to provide wireless connectivity during commissioning or maintenance.
Furthermore, to be actually able to efficiently use the commissioning adapter, the FDT DTM (Field Device Tool Device Type Manager) for the gateway allows and/or causes the assignment of a roaming role or function to any adapter connected to an FDK or FSK modem. Such a roaming adapter is never associated permanently with a device, which is contrary to the bulk commissioning of adapters, where this is the intended behavior.
Said roaming adapter avoids the need for a handheld when distributing join keys to wireless devices, in particular wireless devices which have their own wireless connection once they have received the keys and/or in hybrid plants, where only some devices use wireless communication technologies, to parameterize the wired devices in the same way as the wireless ones. According to the invention a secure connectivity over unsecure channels for all variants of key distribution and device parameterization is provided, using either standardized interfaces or the ABB HMI interface.
The commissioning adapter may be used for configuring a wired or wireless device wirelessly. In a further refinement the commissioning adapter is equipped with at least two interfaces, in particular comprising a wireiessHART- and a FSK- interface. The commissioning adapter communicates with the wireiessHART gateway using the wireiessHART interface and device, which needs to be configured, using FSK interface.
The commissioning adapter provides more flexibility and mobility for remotely device configuration and secure handing of network credentials. An exemplary setup is shown in Fig. 1.
In a further embodiment the commissioning adapter is acting in a similar way like the other WireiessHART field devices. It joins the wireiessHART network in the same manner as specified in wireiessHART standard. After joining the network it will be used as remote device configurator.
The device which needs to be commissioned should have connection with
commissioning adapter via FSK interface as exemplarily shown in figure 1.
From the engineering workplace the device commissioning related commands can be sent to the commissioning adapter via the wireiessHART Gateway. After receiving the commissioning command, the commissioning adapter will start the device commissioning operation and will send back the command execution result to the engineering workplace via response message.
To provide more extensibility, in a further refinement the commissioning adapter can have at least one of a RFID- or IR- HMI-Port or a combination thereof to establish or provide a connection to the field device which needs to be commissioned. In advantage, by means of a commissioning adapter a secure network credentials handling may be provided, wherein from an engineering workplace the distribution of device network credentials is initiated and executed in a completely secure manner.
Advantageously a remote device diagnostic and troubleshooting operation is performed, wherein the commissioning adapter diagnoses the field device on the site location and sends the diagnostic information remotely to the network manager.
Furthermore, according to the commissioning adapter, there is no need to change the standard, which in deed means that no changes are required in WirelessHART stack to perform commissioning adapter operation.
Moreover, an easy commissioning is provided by means of the commissioning adapter because device commissioning workflow will be easy as there is no need to use a handheld device for importing/exporting device credentials.
Accordingly the join time of a device may be reduced and/or minimized.
In another embodiment the radio transmissions in the physical layer are influenced without any modification to the field device to restrict the transmissions to a secure area. This is done by various means and at least one of setting transmission power to a level sufficiently high for local communication but low enough so communication cannot be overheard from outside of the commissioning area; encasing at least the antenna, if not the entire device, of device and gateway in a common, shielded housing; restricting the radio direction of device and gateway by shields/reflectors which are not part of the device but for the gateway may be part of a static gateway setup.
The required interaction by the respective user according to the invention is a simple plug & play. Compared to a state-of-the-art handheld no manual parameterization task is needed, no knowledge of join keys is required. By integrating the secure connectivity with the DCS engineering clients, the join keys never need to be exposed or disclosed to a user. Furthermore, the invention relates to a method for a secure exchange of sensitive information of technical equipment, in particular by use of a system according to the invention as described above, whereas a secure wireless communication between at least two components and/or devices, in particular field devices, is provided and established by using communication means to ensure a secure near-range communication, in particular by restricting communication signals to a secure area and determining if a device is within a certain area and allow communication if it is or refuse to communicate if it is not, without the need to use higher protocol layers, like in particular authentication or encryption functionalities.
Furthermore, to ensure security of the wireless communication properties of a physical layer and/or link layer and/or measurements are processed.
In a further refinement, device identification information is used to determine the trustworthiness of a communication partner.
In a further refinement, a verification step is executed by a human to yet increase the attained level of security.
In another embodiment the radio transmissions in the physical layer are influenced without any modification to the field device to restrict the transmissions to a secure area. As disclosed above, this is done by various means and at least one of setting transmission power to a level sufficiently high for local communication but low enough so communication cannot be overheard from outside of the commissioning area; encasing at least the antenna, if not the entire device, of device and gateway in a common, shielded housing; restricting the radio direction of device and gateway by shields/reflectors which are not part of the device but for the gateway may be part of a static gateway setup.
In a further embodiment the method for a secure exchange of sensitive information of technical equipment is applied to a commissioning network with a wireless gateway and uses a well-known Network ID and a shared Join Key wherein the devices joined in this network are visible to the respective Communication DTM (device type manager) for the wireless gateway in the same manner as devices connected to an FSK (Frequency Shift Keying) modem, thus any such device may be assigned to the target network, in particular by a commissioning engineer, and to secure this process, the identification information, in particular the device type, the manufacturer, the serial number or the like, or the device proximity to the commissioning network can be used by man or machine to check the legitimacy of the device; the latter is achieved by evaluating receive signal levels and used transmission energy. FSK defines a common frequency modulation technique.
In a further embodiment this commissioning network can be shared between all Communication DTMs and/or FDIs and/or communication servers, wherein device assignment is a manual task and accordingly not more than one such DTM or FDI or communication server might be opened at a time and communicates with the gateway.
Furthermore, as part of decommissioning a device a reset of the Network ID and Join Key to the well-known values, a so called soft reset, is provided.
Generally, it is proposed to support a "hard reset of the security data" to the default values using e.g. magnetic pins at the HMI to initiate and execute the reset procedure and function.
In another embodiment of the invention a handheld is provided, wherein the commissioning network is provided by a wireless handheld. In view of this disclosure and invention the term "handheld" is synonymously used for all type of handheld devices or handheld computer, in particular mobile computers and/or mobile phones and /or cell phones and or smart phones and /or PDA's and/or handhelds or handheld organizers and or tablet computer, whereas a handheld is a relatively small hand-held computing device with an operating system and a power supply, in particular a battery or rechargeable accumulator power source. In a further refinement IR (infrared) or RFID (radio frequency identification) Connections and near-range communication is supported by the device according to the invention, wherein a handheld or an engineering client is equipped with a corresponding interface and accordingly information can be exchanged securely.
Furthermore, a RFID key storage may be provided, wherein an RFID chip stores the join key. This key can, contrary to WirelessHART, be read from the chip but only from about half a meter of distance, what still seems to be very secure, in particular in view of the risk of tapping or interception. Presuming that the RFID chip still works even in a damaged device, device exchange on location is possible without any connection to the device management system; the handheld can read the key from the old device and download it into the replacement device.
In a further refinement a number of key/device and network IDs may be retrieved and accessed via a key storage, for example acommissioning and/or handheld device for dedicated key storage and/or generation, which contains a storage unit for said key/device and network ID's and which is connected to the engineering client to receive a list of key/ID triples.
Furthermore, in the field, a connection with each wireless device may be established at one time, which will automatically initiate and cause the download of the key/network ID pair to a device whose ID is the list.
In essence this key storage/commissioning device or handheld could be a USB stick with any of the previously described interfaces at the other end, like in particular FSK, RFID, IR, HMI Port or the like.
In another embodiment a commissioning/maintenance adapter, in particular a "pre- secured portable wireless" connection device, for a maintenance port is provided, comprising a WirelessHART adapter equipped with an FSK interface so it can be plugged directly onto the device to provide wireless connectivity during commissioning or maintenance.
Furthermore, to be actually able to efficiently use the commissioning adapter, the FDT DTM (field device tool device type manager) for the gateway allows and/or causes the assignment of a roaming role or function to any adapter connected with an FSK interface. Such a roaming adapter is never associated permanently with a device, it is only used for field device (re)commissioning purpose where this is the intended behavior.
Said roaming adapter avoids the need for a handheld when distributing join keys to wireless devices, in particular wireless devices which have their own wireless connection once they have received the keys and/or in hybrid plants, where only some devices use wireless communication technologies, to parameterize the wired devices in the same way as the wireless ones.
According to the invention a secure connectivity over unsecure channels for all variants of key distribution and device parameterization is provided, using either standardized interfaces or the ABB HMI interface.
The required interaction by the respective user according to the invention is a simple plug & play. Compared to a state-of-the-art handheld no manual parameterization task is needed, no knowledge of join keys is required. By integrating the secure connectivity with the DCS (distributed control system) engineering clients, the join keys never need to be exposed or disclosed to a user.
The further disclosure and explanation of the invention as well as advantageous embodiments and further developments are presented according to at least one illustrative embodiment. The figure 1 discloses a commissioning system for a secure exchange of sensitive information of technical equipment by use of at least one wireless connection comprising communication means which provide or include a commissioning network, wherein said dedicated commissioning network uses a well-known Network ID and a shared Join Key and which network is not used for any production purpose whatsoever, and wherein the devices 1 ,4,6,8, joined in this network are visible to the integration component for the wireless network or gateway such as a communication DTM (device type manager) or FDI gateway or communication device package instance for the WirelessHART Gateway 1 in the same manner as devices connected to an FSK (frequency shift keying) modem, thus any such device may be assigned to the target network, in particular by a commissioning engineer.
To secure and simplify this process, the commissioning system for a secure exchange of sensitive information of technical equipment according to the exemplary embodiment of figure 1 comprises at least three field devices 4,6,8 and
communication means to secure a wireless communication without the need to use higher protocol layers, like in particular authentication or encryption functionalities, and an engineering client and/or engineering workplace 2, wherein the
communication means comprise a commissioning device and a wireless Hart network as commissioning network comprising a regular WirelessHART gateway 1 which in the wireless management system is integrated like a multi-drop wired modem, wherein a commissioning / maintenance adapter 10 for an HMI Port, in particular an FSK interface 12, is provided as commissioning device, comprising a WirelessHART adapter so it can be plugged directly onto the respective field device 4 to provide wireless connectivity during commissioning and/or maintenance, so that no join key or network credentials have to be exchanged.
Accordingly the commissioning adapter 10 may be used for configuring a wired or wireless device wirelessly, wherein the commissioning adapter is equipped with at least two interfaces, in particular comprising a WirelessHART- and a FSK- interface 12, wherein the commissioning adapter 10 communicates with the WirelessHART gateway 1 of the commissioning network using the WirelessHART interface and with the respective field device 4, which needs to be configured and/or commissioned using the FSK interface 12.
Furthermore, the commissioning adapter 10 is acting in a similar way like the other WirelessHART field devices and joins the WirelessHART network in the same man- ner as specified in WirelessHART standard, wherein after joining the network it will be used as remote device configurator, wherein device commissioning related commands may be send to the commissioning adapter via the commissioning network gateway and in particular the WirelessHART gateway and wherein after receiving the commissioning command, the commissioning adapter will start the device commissioning operation and will send back the command execution result to the engineering workplace via response message.
By means of the commissioning adapter a secure network credentials handling may be provided, wherein from the engineering workplace the distribution of device network credentials is initiated and executed in a completely secure manner.
Furthermore, a remote device diagnostic and troubleshooting operation is performed by the commissioning adapter, wherein the commissioning adapter diagnoses the field device on the site location and sends the diagnostic information remotely to the respective network manager.
According to the method for a secure exchange of sensitive information of technical equipment, in particular by means of a pre-described commissioning system, for a secure exchange of sensitive information of technical equipment comprising at least two components and/or devices, in particular field devices, using communication means to secure a wireless communication without the need to use higher protocol layers, like in particular authentication or encryption functionalities, wherein a commissioning network, in particular a commissioning network comprising a regular wireless gateway which in the wireless management system is integrated like a multidrop wired modem, and a commissioning device is provided, wherein the commissioning device is connected to the field device which has to be commissioned and is connected to the commissioning network so that information can be exchanged and communication can be established between the at least one field device and the commissioning device and/or commissioning network securely, in particular to exchange one or more join keys and/or ID triples and/or commissioning commands and/or parameters. Moreover the commissioning network is shared between all Communication DTMs, wherein device assignment is a manual task and accordingly not more than one such DTM might be opened at a time and communicates with the gateway.
The present invention also comprises any combination of preferred embodiments as well as individual features and developments provided they do not exclude each other.

Claims

Claims
1. Commissioning system for a secure exchange of sensitive information for the commissioning and/or configuring of technical equipment comprising at least two components and/or devices, in particular field devices using communication means to secure a wireless communication, in particular without the need to use higher protocol layers like in particular authentication or encryption functionalities, wherein the communication means comprise a commissioning device and a commissioning network, in particular a commissioning network comprising a regular wireless gateway which in the wireless management system is integrated like a multi-drop wired modem, and/or a key storage device for dedicated join key storage and/or generation is provided, which key storage device comprises a storage unit for a number of key/device and network IDs and is connectable to an engineering client and/or the commissioning device via a wired or wireless short range connection, in particular a handheld and/or USB stick with at least one of a FSK-, RFID-, IR-interface or HMI Port or the like, to receive and/or store one or more join keys and/or ID triples and/or commissioning commands and/or parameters.
2. System according to claim 1 , characterized in that the commissioning network is shared between all Communication DTMs and/or FDIs and/or communication servers, wherein device assignment is a manual task and accordingly not more than one such DTM or FDI or communication server might be opened at a time and communicates with the gateway.
3. System according to one of the preceding claims, characterized in that a device is provided which initiates and/or executed a reset of the Network ID and Join Key to the well-known values, a so called soft reset.
4. System according to one of the preceding claims, characterized in that a device is provided which supports and initiates and/or executes a "hard reset of the security data" to the default values using e.g. magnetic pins at the respective HMI.
5. System according to one of the preceding claims, characterized in that a handheld is provided as commissioning device wherein the commissioning network is provided by said handheld.
6. System according to one of the preceding claims characterized in that the at least one field device provides an IR or RFID interface and/or connection and supports near-range communication, wherein the commissioning device, in particular a handheld or an engineering client, comprises a corresponding interface, so that information can be exchanged and communication can be established between the at least one field device and the commissioning device securely.
7. System according to one of the preceding claims, characterized in that a RFID key storage as key storage device is provided, wherein an RFID chip on the respective device stores the join key, which can be accessed and/or read and processed by a short-range connection by means of the commissioning device and/or key storage device, wherein during commissioning the commissioning network join key from an old field device may be accessed/ read and downloaded into a new replacement device.
8. System according to one of the preceding claims 1 to 4, characterized in that a WirelessHART network as commissioning network and a commissioning / maintenance adapter for an HMI Port, in particular a USB port or interface, is provided as commissioning device, comprising a WirelessHART adapter equipped with at least one of a RFID- or IR- HMI-Port or interface, so it can be plugged directly onto the respective field device to provide wireless connectivity during commissioning and/or maintenance, so that no join key or network credentials have to be exchanged. .
9. System according to claim 8, characterized in that to efficiently use the commissioning adapter, the FDT DTM for the commissioning network gateway allows and/or causes the assignment of a roaming role or function to any adapter connected to an FSK modem, wherein such a roaming adapter is never associated permanently with a device.
10. System according to one of the preceding claims 8 or 9, characterized in that commissioning adapter may be used for configuring a wired or wireless device wirelessly, wherein the commissioning adapter is equipped with at least two interfaces, in particular comprising a wirelessHART- and a FSK- interface.
11. System according to claim 10, characterized in that the commissioning adapter communicates with a wirelessHART gateway of the commissioning network using the wirelessHART interface and a respective field device, which needs to be configured, by using a FSK interface.
12. System according to one of the preceding claims 8 to 10, characterized in that the commissioning adapter is acting in a similar way like the other wirelessHART field devices and joins the wirelessHART network in the same manner as specified in wirelessHART standard, wherein after joining the network it will be used as remote device configurator.
13. System according to one of the preceding claims 8 to 12, characterized in that the device commissioning related commands can be sent to the commissioning adapter via the commissioning network gateway and in particular the wirelessHART gateway and wherein after receiving the commissioning command, the commissioning adapter will start the device commissioning operation and will send back the command execution result to the engineering workplace via response message.
14. System according to one of the preceding claims, characterized in that the commissioning adapter comprises at least one of a RFID- or IR- HMI-Port or interface a combination thereof to establish and provide a connection to the field device which needs to be commissioned.
15. System according to one of the preceding claims 8 to 14, characterized in that by means of the commissioning adapter a secure network credentials handling may be provided, wherein from an engineering workplace the distribution of device network credentials is initiated and executed in a completely secure manner.
16. System according to one of the preceding claims 8 to 15, characterized in that a remote device diagnostic and troubleshooting operation is performed by the commissioning adapter, wherein the commissioning adapter diagnoses the field device on the site location and sends the diagnostic information remotely to the respective network manager.
17. Method for a secure exchange of sensitive information of technical equipment, in particular by means of a system according to claims 1 to 16, for a secure exchange of sensitive information for the commissioning and/or configuring of technical equipment comprising at least two components and/or devices, in particular field devices, using communication means to secure a wireless communication, in particular without the need to use higher protocol layers like in particular authentication or encryption functionalities, wherein a commissioning network, in particular a commissioning network comprising a regular wireless gateway which in the wireless management system is integrated like a multi-drop wired modem, and a commissioning device is provided, wherein the commissioning device is connected to the field device which has to be commissioned and is connected to the commissioning network so that information can be exchanged and communication can be established between the at least one field device and the commissioning device and/or commissioning network securely, in particular to exchange one or more join keys and/or ID triples and/or commissioning commands and/or parameters.
18. Method according to claim 17, characterized in that the commissioning network is shared between all Communication DTMs and/or FDIs and/or communication servers, wherein device assignment is a manual task and accordingly not more than one such DTM or FDI or communication server might be opened at a time and communicates with the gateway.
19. Method according to one of the preceding claims 17 or 18, characterized in that a reset of the Network ID and Join Key to well-known values, a so called soft reset, may be initiated and/or executed.
20. Method according to one of the preceding claims 17 to 19, characterized in that a "hard reset of the security data" to the default values, in particular by using magnetic pins at the respective HMI, may be supported and initiated and/or executed.
21. Method according to one of the preceding claims 17 to 20, characterized in that the near-range communication is provided and supported between the respective field device and the commissioning device, so that information can be exchanged and communication can be established between the at least one field device and the commissioning device securely.
22. Method according to one of the preceding claims 17 to 21 , characterized in that join key information are accessed and/or read from a key storage on the field device which has to be commissioned, in particular an RFID key storage, by use of a short-range connection, wherein during commissioning the commissioning network join key from an old field device may be accessed/ read and downloaded into a new replacement device.
23. Process automation system comprising a commissioning system according to one of the preceding claims 1 to 16. 23
PCT/EP2013/003657 2012-12-20 2013-12-04 Commissioning system and method for a secure exchange of sensitive information for the commissioning and configuring of technical equipment WO2014094982A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
IN1437/KOL/2012 2012-12-20
IN1437KO2012 2012-12-20

Publications (1)

Publication Number Publication Date
WO2014094982A1 true WO2014094982A1 (en) 2014-06-26

Family

ID=49999861

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2013/003657 WO2014094982A1 (en) 2012-12-20 2013-12-04 Commissioning system and method for a secure exchange of sensitive information for the commissioning and configuring of technical equipment

Country Status (1)

Country Link
WO (1) WO2014094982A1 (en)

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3291510A1 (en) * 2016-09-02 2018-03-07 United Technologies Corporation Characterization of single or multiple devices in a system
GB2558056A (en) * 2016-10-24 2018-07-04 Fisher Rosemount Systems Inc Securely transporting data across a data diode for secured process control communications
GB2558055A (en) * 2016-10-24 2018-07-04 Fisher Rosemount Systems Inc Publishing data across a data diode for secured process control communications
US10051345B2 (en) 2014-02-28 2018-08-14 United Technologies Corporation Shielded electromagnetic communication with functional components of a machine
CN108431705A (en) * 2015-10-12 2018-08-21 费希尔-罗斯蒙特***公司 Use the configuration in the process plant of the I/O field device configurations being abstracted
US10057663B2 (en) 2014-02-28 2018-08-21 United Technologies Corporation Remote communication and powered sensing/control/identification devices
US20180246499A1 (en) * 2015-01-27 2018-08-30 Nippon Seiki Co., Ltd. Plant equipment state gathering system
WO2019100150A1 (en) * 2017-11-24 2019-05-31 Elsi Inc. Devices, systems, and methods for securely storing and managing sensitive information
CN110383755A (en) * 2017-01-05 2019-10-25 皇家飞利浦有限公司 The network equipment and trusted third party's equipment
US10619760B2 (en) 2016-10-24 2020-04-14 Fisher Controls International Llc Time-series analytics for control valve health assessment
US10877465B2 (en) 2016-10-24 2020-12-29 Fisher-Rosemount Systems, Inc. Process device condition and performance monitoring
CN113297091A (en) * 2021-06-18 2021-08-24 海光信息技术股份有限公司 SoC chip debugging method and device and SoC chip
US11438307B2 (en) 2019-02-07 2022-09-06 AO Kaspersky Lab Systems and methods for configuring a gateway for protection of automated systems
US11546367B2 (en) 2019-02-07 2023-01-03 AO Kaspersky Lab Systems and methods for protecting automated systems using a gateway
JP7346520B2 (en) 2014-10-02 2023-09-19 フィッシャー-ローズマウント システムズ,インコーポレイテッド Method of facilitating communications, plant wireless access point, and non-transitory tangible computer-readable medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2096505A1 (en) * 2008-02-26 2009-09-02 ABB Research Ltd. Methods, products and system for configuring a new node of an industrial wireless network
US20100290351A1 (en) * 2009-05-15 2010-11-18 Fisher-Rosemount Systems, Inc. Maintenance of wireless field devices
US20120036568A1 (en) * 2010-08-09 2012-02-09 Yokogawa Electric Corporation Provisioning device
US20120237034A1 (en) * 2007-11-13 2012-09-20 Rosemount Inc. Wireless mesh network with secure automatic key loads to wireless devices

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120237034A1 (en) * 2007-11-13 2012-09-20 Rosemount Inc. Wireless mesh network with secure automatic key loads to wireless devices
EP2096505A1 (en) * 2008-02-26 2009-09-02 ABB Research Ltd. Methods, products and system for configuring a new node of an industrial wireless network
US20100290351A1 (en) * 2009-05-15 2010-11-18 Fisher-Rosemount Systems, Inc. Maintenance of wireless field devices
US20120036568A1 (en) * 2010-08-09 2012-02-09 Yokogawa Electric Corporation Provisioning device

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
RAINER FALK ET AL: "Security Service for the Rollout of Security Credentials in Ubiquitous Industrial Automation Environments", SERVICE COMPUTATION 2010, 21 November 2010 (2010-11-21), pages 104 - 110, XP055073477, Retrieved from the Internet <URL:http://www.thinkmind.org/index.php?view=article&articleid=service_computation_2010_5_20_20033> [retrieved on 20130730] *

Cited By (37)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11089389B2 (en) 2014-02-28 2021-08-10 Raytheon Technologies Corporation Remote communication and powered sensing/control/identification devices using high temperature compatible semiconductor materials
US11937031B2 (en) 2014-02-28 2024-03-19 Rtx Corporation Remote communication and powered sensing/control/identification devices using high temperature compatible semiconductor materials
US10051345B2 (en) 2014-02-28 2018-08-14 United Technologies Corporation Shielded electromagnetic communication with functional components of a machine
US10531166B2 (en) 2014-02-28 2020-01-07 United Technologies Corporation Metal ceramic composite for electromagnetic signal transparent materials
US10057663B2 (en) 2014-02-28 2018-08-21 United Technologies Corporation Remote communication and powered sensing/control/identification devices
US10469920B2 (en) 2014-02-28 2019-11-05 United Technologies Corporation Electromagnetic sensing of components in electromagnetic communication and method
US10091562B2 (en) 2014-02-28 2018-10-02 United Technologies Corporation Electromagnetic communication from waveguide confinement
US10638207B2 (en) 2014-02-28 2020-04-28 United Technologies Corporation Component counterfeit prevention
US10491970B2 (en) 2014-02-28 2019-11-26 United Technologies Corporation Characterization of single or multiple devices in a system
US10405066B2 (en) 2014-02-28 2019-09-03 United Technologies Corporation Electromagnetic communication through components of a machine
US10484760B2 (en) 2014-02-28 2019-11-19 United Technologies Corporation Electromagnetic communication from waveguide confinement
US10419831B2 (en) 2014-02-28 2019-09-17 United Technologies Corporation Remote communication and powered sensing/control/identification devices using high temperature compatible semiconductor materials
JP7346520B2 (en) 2014-10-02 2023-09-19 フィッシャー-ローズマウント システムズ,インコーポレイテッド Method of facilitating communications, plant wireless access point, and non-transitory tangible computer-readable medium
EP3252699A4 (en) * 2015-01-27 2018-10-10 Nippon Seiki Co., Ltd. Plant equipment state gathering system
US10416659B2 (en) 2015-01-27 2019-09-17 Nippon Seiki Co., Ltd. Plant equipment state gathering system
US20180246499A1 (en) * 2015-01-27 2018-08-30 Nippon Seiki Co., Ltd. Plant equipment state gathering system
CN108431705B (en) * 2015-10-12 2022-04-05 费希尔-罗斯蒙特***公司 Configuration in a process plant using I/O abstracted field device configuration
CN108431705A (en) * 2015-10-12 2018-08-21 费希尔-罗斯蒙特***公司 Use the configuration in the process plant of the I/O field device configurations being abstracted
EP3291510A1 (en) * 2016-09-02 2018-03-07 United Technologies Corporation Characterization of single or multiple devices in a system
US11240201B2 (en) 2016-10-24 2022-02-01 Fisher-Rosemount Systems, Inc. Publishing data across a data diode for secured process control communications
GB2558055B (en) * 2016-10-24 2022-04-06 Fisher Rosemount Systems Inc Publishing data across a data diode for secured process control communications
GB2558056A (en) * 2016-10-24 2018-07-04 Fisher Rosemount Systems Inc Securely transporting data across a data diode for secured process control communications
US10877465B2 (en) 2016-10-24 2020-12-29 Fisher-Rosemount Systems, Inc. Process device condition and performance monitoring
GB2558055A (en) * 2016-10-24 2018-07-04 Fisher Rosemount Systems Inc Publishing data across a data diode for secured process control communications
US10530748B2 (en) 2016-10-24 2020-01-07 Fisher-Rosemount Systems, Inc. Publishing data across a data diode for secured process control communications
US11700232B2 (en) 2016-10-24 2023-07-11 Fisher-Rosemount Systems, Inc. Publishing data across a data diode for secured process control communications
GB2558056B (en) * 2016-10-24 2022-01-12 Fisher Rosemount Systems Inc Securely transporting data across a data diode for secured process control communications
US10619760B2 (en) 2016-10-24 2020-04-14 Fisher Controls International Llc Time-series analytics for control valve health assessment
CN110383755A (en) * 2017-01-05 2019-10-25 皇家飞利浦有限公司 The network equipment and trusted third party's equipment
WO2019100150A1 (en) * 2017-11-24 2019-05-31 Elsi Inc. Devices, systems, and methods for securely storing and managing sensitive information
GB2583250B (en) * 2017-11-24 2022-05-11 Wolverton Jerry Devices, systems, and methods for securely storing and managing sensitive information
US11062050B2 (en) 2017-11-24 2021-07-13 Elsi Inc Devices, systems, and methods for securely storing and managing sensitive information
GB2583250A (en) * 2017-11-24 2020-10-21 Wolverton Jerry Devices, systems, and methods for securely storing and managing sensitive information
US11438307B2 (en) 2019-02-07 2022-09-06 AO Kaspersky Lab Systems and methods for configuring a gateway for protection of automated systems
US11546367B2 (en) 2019-02-07 2023-01-03 AO Kaspersky Lab Systems and methods for protecting automated systems using a gateway
CN113297091B (en) * 2021-06-18 2022-04-29 海光信息技术股份有限公司 SoC chip debugging method and device and SoC chip
CN113297091A (en) * 2021-06-18 2021-08-24 海光信息技术股份有限公司 SoC chip debugging method and device and SoC chip

Similar Documents

Publication Publication Date Title
WO2014094982A1 (en) Commissioning system and method for a secure exchange of sensitive information for the commissioning and configuring of technical equipment
JP5399554B2 (en) Improved maintenance of field wireless devices
CN101855854B (en) Wireless mesh network with secure automatic key loads to wireless devices
CN101960888B (en) Join key provisioning of wireless devices
CN103885394B (en) System and method for configuring the field device of control system
RU2666495C2 (en) Technological parameter transmitter with wireless transceiver with loop power supply
JP2017516367A (en) Wireless power measurement and metrics
CN103218876B (en) Information security management module of remote control intelligent electric energy meter
CN103198574B (en) Be embedded with the remote-control intelligent water meter of information security management module
CN105208554A (en) Method and system for realizing network access of zigbee terminal equipment, and equipment
CN106597873A (en) Method, device and system for carrying out remote maintenance of automation equipment
CN103152166A (en) Information security management module of remote-control intelligent water meters
Haase et al. Wireless sensor/actuator device configuration by NFC
CN107925630A (en) Communication strategy control in machine-to-machine communication system
WO2014094983A1 (en) Commissioning system and method for a secure exchange of sensitive information for the commissioning and configuring of technical equipment
CN103259649A (en) Remote control intelligent heat meter provided with information security management module in embedded mode
CN103152175B (en) Remote-control intelligent gas meter information security management module
CN203104484U (en) Remote control intelligent gas meter information security management module
KR20170039609A (en) Method for reinforcing pc security and enhancing convenience using wearable device
Hjalmarsson et al. Wireless remote control of a PLC system
CN105205363A (en) Security management module for information of water meters
CN206833185U (en) The micro climate control device of micro climate in space is controlled by various types of wireless connections
Haase et al. Configuration of smart embedded devices in the field using NFC
Trevisan Automation system of powder-based 3D printer in the Industry 4.0 environment
CN104504815A (en) Remote control intelligent heat energy meter with embedded information security management module

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13823934

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 13823934

Country of ref document: EP

Kind code of ref document: A1