-
1.发明公开Dynamic configuration of an industrial control system 审中-公开Dynamische Konfiguration eines Industriesteuserystems
公开(公告)号:EP2624083A1
公开(公告)日:2013-08-07
申请号:EP12153487.9
申请日:2012-02-01
申请人: ABB Research Ltd.
IPC分类号: G05B19/042 , G06F21/50
CPC分类号: G05B15/02 , G05B19/0428 , H04L63/20
摘要: The invention relates to a controller module (7) for the dynamic configuration of an industrial control system, comprising: a current settings receiver (71) configured to receive current configuration and security settings of the industrial control system; a changed settings receiver (72) configured to receive changed configuration settings of the industrial control system; a settings analyzer (73) configured to determine, on the basis of the current configuration and security settings and the changed configuration settings, updated configuration and security settings of the industrial control system; and a dynamic activator (74) configured to dynamically establish at least one communication path in order to activate updated configuration and security settings of the industrial control system.
摘要翻译: 本发明涉及一种用于工业控制系统的动态配置的控制器模块(7),包括:当前设置接收器(71),被配置为接收工业控制系统的当前配置和安全设置; 被配置为接收工业控制系统的改变的配置设置的改变的设置接收器(72) 设置分析器(73),其被配置为基于当前配置和安全设置以及改变的配置设置来确定工业控制系统的更新的配置和安全设置; 以及动态激活器(74),被配置为动态地建立至少一个通信路径,以激活所述工业控制系统的更新的配置和安全设置。
-
2.发明公开Access control in an industrial control system 审中-公开Zigriffskontrolle在einem industriellen Steuerungssystem
公开(公告)号:EP2658204A1
公开(公告)日:2013-10-30
申请号:EP12165895.9
申请日:2012-04-27
申请人: ABB Research Ltd.
IPC分类号: H04L29/06 , H04L29/08 , G05B19/418 , G05B19/048
CPC分类号: H04L67/12 , G05B2219/24167 , H04L63/104
摘要: Access control to embedded devices of an industrial control system wherein the embedded devices are grouped in security domains. When an access request is received, a security domain permission attribute associated with the access request and a security domain assignment attribute associated with the embedded device are retrieved. Access to the embedded device is denied, when the security domain permission attribute does not match with the security domain assignment attribute.
摘要翻译: 对工业控制系统的嵌入式设备的访问控制,其中将嵌入式设备分组在安全域中。 当接收到访问请求时,检索与该访问请求相关联的安全域权限属性和与嵌入式设备相关联的安全域分配属性。 当安全域权限属性与安全域分配属性不匹配时,对该嵌入式设备的访问被拒绝。
-
3.发明公开
公开(公告)号:EP2566097A1
公开(公告)日:2013-03-06
申请号:EP11180047.0
申请日:2011-09-05
申请人: ABB Research Ltd.
IPC分类号: H04L9/08 , G05B19/05 , G05B19/409 , G06Q10/06
CPC分类号: H04L9/3226 , G05B2219/24159 , G05B2219/24172 , G05B2219/36542 , H04L9/085 , H04L9/3218
摘要: A method for enabling a critical command of a device 16 in an industrial automation and/or control system 12 comprises the steps of: retrieving at least two authentication secrets, each authentication secret being assigned to a user group 26a, 26b, 26c and being retrieved by a user 18a, 18b, 18c assigned to the user group; proving to the device 16 that the user 18a, 18b, 18c is in possession of the retrieved authentication secret, and enabling the execution of the critical command, if possession of a predetermined minimal number of authentication secrets is proven successfully.
摘要翻译: 一种用于在工业自动化和/或控制系统12中启用设备16的关键命令的方法包括以下步骤:检索至少两个认证秘密,每个认证秘密被分配给用户组26a,26b,26c并被检索 由分配给用户组的用户18a,18b,18c; 向设备16证明,如果拥有预定的最小数量的认证秘密被成功验证,则用户18a,18b,18c拥有所检索的认证秘密,并且允许关键命令的执行。
-
公开(公告)号:EP2757498A1
公开(公告)日:2014-07-23
申请号:EP13151400.2
申请日:2013-01-16
申请人: ABB Research Ltd.
IPC分类号: G06F21/57
CPC分类号: G06F21/57
摘要: A method for controlling the security settings of an electronic endpoint device (12) of an industrial control system (10) comprises the steps of: receiving a command to implement new security settings in the endpoint device (12); retrieving new security baseline information (50) for the electronic endpoint device (12), wherein the new security baseline information (50) comprises security settings for at least one component of the endpoint device; generating implemented security baseline information (52) from the implemented security settings of components (28) of the endpoint device (12); comparing the new security baseline information (50) and the implemented security baseline information (52); and implementing new security settings in the endpoint device (12) based on the new security baseline information (50), when the new security baseline information (50) and the implemented security baseline information (52) are not equal.
摘要翻译: 一种用于控制工业控制系统(10)的电子终端设备(12)的安全设置的方法包括以下步骤:接收在端点设备(12)中实现新的安全设置的命令; 检索所述电子终端设备(12)的新的安全基准信息(50),其中所述新的安全基准信息(50)包括所述端点设备的至少一个组件的安全设置; 从实现的端点设备(12)的组件(28)的安全设置生成实现的安全基准信息(52); 比较新的安全基线信息(50)和实施的安全基线信息(52); 以及当所述新的安全基准信息(50)和所实现的安全基准信息(52)不相等时,基于所述新的安全基准信息(50)在所述端点设备(12)中实施新的安全设置。
-
公开(公告)号:EP2728824A1
公开(公告)日:2014-05-07
申请号:EP12190787.7
申请日:2012-10-31
申请人: ABB Research Ltd.
IPC分类号: H04L29/06
CPC分类号: H04L63/0442 , H04L63/123 , H04L63/126 , Y04S40/24
摘要: The present invention is concerned with securing messages 4 within a communication network of an industrial process control system, in particular of a substation automation system. The invention provides secure communication in an Industrial Automation and Control System IACS controlling an industrial process with a plurality of nodes 1, 2, 3, i.e. communicating devices. For this purpose, a sender node 1 has a sender private key and receiver nodes have a sender public key. In an initial step a message 4 is encrypted by means of the sender private key. Subsequently, the encrypted message 4 is transmitted, i.e. multicasted, to a plurality of receiver nodes 2, 3. Two or more distinct receiver nodes 2, 3 decrypt the transmitted encrypted message 4 by means of the sender public key where successful encryption authenticates the messages 4 origin, i.e. the sender node 1. This way the multicasted message 4 is transmitted confidential and traceable with a low overhead for transmission.
摘要翻译: 本发明涉及在工业过程控制系统,特别是变电站自动化系统的通信网络内保护消息4。 本发明在工业自动化和控制系统IACS中提供安全通信,其控制具有多个节点1,2,3,即通信设备的工业过程。 为此,发送方节点1具有发送方私钥,接收方节点具有发送方公钥。 在初始步骤中,消息4通过发送方私钥加密。 随后,加密的消息4被传输,即多播,到多个接收机节点2,3。两个或多个不同的接收机节点2,3通过发送者公开密钥来解密发送的加密消息4,其中成功的加密验证消息 4源,即发送方节点1.以这种方式,多播消息4以低开销发送机密和可溯源传输。
-
公开(公告)号:EP2677441A1
公开(公告)日:2013-12-25
申请号:EP12172550.1
申请日:2012-06-19
申请人: ABB Research Ltd.
CPC分类号: G06F21/6227 , G06F17/30436 , G06F2221/2107 , H04L9/008
摘要: A method for storing operational data 28 of an industrial control system 12 comprises the steps of: receiving operational data 28 of the industrial control system 12; encoding the operational data 28 with an encoding function; storing the encoded operational data 30 in a database 38; receiving a database query; transforming the database query into a transformed database query compatible with the encoding function; receiving encoded query data 32 by executing the transformed database query on the encoded operational data 30 in the database 38; and decoding the encoded query data 32 with a decoding function.
摘要翻译: 用于存储工业控制系统12的操作数据28的方法包括以下步骤:接收工业控制系统12的操作数据28; 用编码功能对操作数据28进行编码; 将编码的操作数据30存储在数据库38中; 接收数据库查询; 将数据库查询转换为与编码功能兼容的转换数据库查询; 通过对数据库38中的编码操作数据30执行经变换的数据库查询来接收编码查询数据32; 并用解码功能解码编码查询数据32。
-
7.发明公开
公开(公告)号:EP2775685A1
公开(公告)日:2014-09-10
申请号:EP13157971.6
申请日:2013-03-06
申请人: ABB Research Ltd.
IPC分类号: H04L29/06
CPC分类号: H04L63/105 , H04L63/0209 , H04L67/12
摘要: The present invention is concerned with security zoning or clustering, i.e. the task of defining a set of non-overlapping security zones and assigning each node or resource of an Industrial Automation and Control System (IACS) to exactly one zone. The invention is based on deterministic, engineered information about network nodes of the IACS as retrieved from an IACS system description file or equivalent representation of the system configuration. The invention suggests an automated, structured and repeatable approach for segmenting the network of an IACS to better provide cyber security functionalities in an IACS installation, to decrease the risk for unintentional errors and to provide traceable documentation on the network segregation. The invention allows for more thorough zoning than that performed manually by engineers, especially when dealing with complex network topologies, and reduces the time that engineers need to spend in designing an optimal solution that meets all the security zoning requirements and rules.
摘要翻译: 本发明涉及安全分区或聚类,即定义一组不重叠的安全区并且将工业自动化和控制系统(IACS)的每个节点或资源分配给正好一个区域的任务。 本发明基于从IACS系统描述文件或系统配置的等效表示检索的关于IACS的网络节点的确定性的工程信息。 本发明提出了一种自动化,结构化和可重复的方法,用于分割IACS的网络,以更好地在IACS安装中提供网络安全功能,以减少无意错误的风险,并提供网络隔离的可追溯文件。 本发明允许比由工程师手动执行的更全面的分区,特别是在处理复杂的网络拓扑时,并减少了工程师在设计满足所有安全分区要求和规则的最佳解决方案时花费的时间。
-
8.发明公开Operating a programmable logic controller 审中-公开Betrieb eines programmeierbaren logischenSteuergerätes
公开(公告)号:EP2711797A1
公开(公告)日:2014-03-26
申请号:EP12185466.5
申请日:2012-09-21
申请人: ABB Research Ltd.
CPC分类号: G05B19/0426 , G05B19/056 , G05B19/058 , G05B2219/1179 , G05B2219/13109 , G05B2219/13196 , G05B2219/13198 , G05B2219/24214 , G06F8/65
摘要: A programmable logic controller (14) for an industrial control system (10) comprises an application logic execution layer (42) and at least one of an update checking layer (40) and an output checking layer (44).
The application logic layer (42) is adapted for receiving sensor input data (32) from at least one sensor (16) coupled to the programmable logic controller (14) and for processing the sensor input data (32) to generate an output parameter (30) for an actuator (18).
The output checking layer (44) is adapted for receiving the output parameter (30), for checking the output parameter, whether the output parameter is an allowed output parameter corresponding to a list (52) of allowed output parameters; and for outputting only an allowed output parameter to the actuator (16).
The update checking layer (40) is adapted for receiving application logic update data (50), wherein the application logic update data contains information for updating the application logic (43). The update checking layer (40) is adapted for checking the application logic update data (50), whether the application logic update data is allowed application logic update data, by verifying, whether every application logic update defined by the application logic update data (50) corresponds to an application logic update in a list (48) of allowed logic updates, and for updating the application logic (43), only if the update data is allowed application logic update data.摘要翻译: 一种用于工业控制系统(10)的可编程逻辑控制器(14)包括应用逻辑执行层(42)和更新检查层(40)和输出检验层(44)中的至少一个。 应用逻辑层(42)适于从耦合到可编程逻辑控制器(14)的至少一个传感器(16)接收传感器输入数据(32)并且用于处理传感器输入数据(32)以产生输出参数 30)用于致动器(18)。 输出检查层(44)适于接收输出参数(30),用于检查输出参数,输出参数是否是对应于允许输出参数的列表(52)的允许输出参数; 并且仅将允许的输出参数输出到致动器(16)。 更新检查层(40)适于接收应用逻辑更新数据(50),其中应用逻辑更新数据包含用于更新应用逻辑(43)的信息。 更新检查层(40)适于通过验证由应用程序逻辑更新数据(50)定义的每个应用程序逻辑更新来检查应用程序逻辑更新数据(50),无论应用程序逻辑更新数据是否被允许应用程序逻辑更新数据 )对应于允许的逻辑更新的列表(48)中的应用程序逻辑更新,并且仅在更新数据被允许应用程序逻辑更新数据时才更新应用程序逻辑(43)。
-
公开(公告)号:EP2536096A1
公开(公告)日:2012-12-19
申请号:EP11170324.5
申请日:2011-06-17
申请人: ABB Research Ltd.
IPC分类号: H04L29/06
CPC分类号: H04L63/083
摘要: A new single password which may be valid for all control devices 20 of an industrial control system 10 may be entered by a user. After that, for each control device 20 the password is combined with a respective control device identifier, hashed and sent to the respective control device 20, which stores its specific hash value.
摘要翻译: 可以由用户输入可能对工业控制系统10的所有控制装置20有效的新的单个密码。 之后,对于每个控制装置20,密码与相应的控制装置标识符组合,散列并发送到存储其特定散列值的相应控制装置20。
-
10.发明公开
公开(公告)号:EP2688019A1
公开(公告)日:2014-01-22
申请号:EP12176684.4
申请日:2012-07-17
申请人: ABB Research Ltd.
IPC分类号: G06Q10/06
CPC分类号: G06Q10/06315 , G06F9/5072 , H04L67/10 , Y02P90/86
摘要: A method for planning a reconfiguration of an industrial control system 10 comprises the steps of: receiving operational requirements 48 for at least one industrial computing facility 12 of the industrial control system 10; receiving cloud computing characteristics 54 of a plurality of cloud computing facilities 30; receiving cloud computing deployment rules 52; and generating a cloud computing deployment plan 58 by applying cloud computing deployment rules 52 on the operational requirements 48 and the cloud computing characteristics 54.
摘要翻译: 一种用于规划工业控制系统10的重新配置的方法包括以下步骤:接收工业控制系统10的至少一个工业计算设备12的操作要求48; 接收多个云计算设备30的云计算特性54; 接收云计算部署规则52; 以及通过在操作需求48和云计算特性54上应用云计算部署规则52来生成云计算部署计划58。
-
-
-
-
-
-
-
-
-
搜索结果
13 条记录 (耗时 0.01 秒)
