公开(公告)号：US10795990B2

公开(公告)日：2020-10-06

申请号：US16102045

申请日：2018-08-13

Applicant: ABB Schweiz AG

Inventor： Johannes Schneider ,  Matus Harvan ,  Sebastian Obermeier ,  Thomas Locher ,  Yvonne-Anne Pignolet

IPC: G06F21/54 ,  G06F21/14 ,  G06F21/12 ,  G06F8/30 ,  G06F21/60 ,  H04L9/00

Abstract: A method of automatically generating secure code includes: receiving source code and security constraints for the source code, the security constraints encoding, to what extend a variable in the source code is considered secure; and generating secure code from the source code and the security constraints by replacing non-secure operations in the source code, which operate on the variables considered as secure, with secure operations; wherein a secure operation is an operation, which, when applied to at least one encrypted variable, generates an encrypted result, which, when decrypted, is the result of the non-secure operation applied to the not encrypted variable.

公开(公告)号：US10187411B2

公开(公告)日：2019-01-22

申请号：US14945692

申请日：2015-11-19

Applicant: ABB Schweiz AG

Inventor： Sebastian Obermeier ,  Roman Schlegel ,  Michael Wahler

IPC: H04L29/06 ,  G06F9/54 ,  G06F17/30 ,  G06F21/55 ,  H04L12/24

Abstract: A method and system for automatic signalling an alert when a possible intrusion occurs in an industrial automation and control system, based on security events which occur in the industrial automation and control system or are externally fed into the system. The method includes the steps of: (a) determining a correlation of a first and second security event and storing the correlation in an event database, wherein the correlation includes a probability that the first security event is followed by the second security event within a normalized time period, (b) identifying a candidate event as the first security event, based on event information of the candidate event, upon occurrence of the candidate event, (c) classifying the candidate event as anomalous when the probability exceeds a predetermined threshold and no second security event follows the candidate event within the normalized time period, and (d) signalling the alert indicating the candidate event.

公开(公告)号：US20190005233A1

公开(公告)日：2019-01-03

申请号：US16102045

申请日：2018-08-13

Applicant: ABB Schweiz AG

Inventor： Johannes Schneider ,  Matus Harvan ,  Sebastian Obermeier ,  Thomas Locher ,  Yvonne-Anne Pignolet

IPC: G06F21/54 ,  G06F21/14 ,  G06F8/30 ,  G06F21/60 ,  H04L9/00

CPC classification number: G06F21/54 ,  G06F8/30 ,  G06F21/125 ,  G06F21/14 ,  G06F21/602 ,  G06F2221/033 ,  G06F2221/0748 ,  H04L9/008

Abstract: A method of automatically generating secure code includes: receiving source code and security constraints for the source code, the security constraints encoding, to what extend a variable in the source code is considered secure; and generating secure code from the source code and the security constraints by replacing non-secure operations in the source code, which operate on the variables considered as secure, with secure operations; wherein a secure operation is an operation, which, when applied to at least one encrypted variable, generates an encrypted result, which, when decrypted, is the result of the non-secure operation applied to the not encrypted variable.

公开(公告)号：US10862886B2

公开(公告)日：2020-12-08

申请号：US15888650

申请日：2018-02-05

Applicant: ABB Schweiz AG

Inventor： Roman Schlegel ,  Sebastian Obermeier

IPC: H04W48/02 ,  H04W12/08 ,  H04L29/06 ,  G05B19/042 ,  G05B19/418 ,  H04W64/00

Abstract: An industrial automation and control system is provided with a control unit and at least one electronic device. The system establishes a first data connection to an external maintenance unit. The control unit is connected to the electronic device. The electronic device establishes a second data connection to the external maintenance unit and receives or retrieves a proximity information from the external maintenance unit through the second data connection. The electronic device sends the proximity information to the control unit. The control unit grants access to the electronic device by the external maintenance unit through the first data connection to perform maintenance of the electronic device if the proximity information indicates that the external maintenance unit is within a predetermined range from the electronic device.

公开(公告)号：US11075748B2

公开(公告)日：2021-07-27

申请号：US16189108

申请日：2018-11-13

Applicant: ABB Schweiz AG

Inventor： Thomas Locher ,  Johannes Schneider ,  Matus Harvan ,  Sebastian Obermeier ,  Yvonne-Anne Pignolet

IPC: H04L9/06 ,  H04L9/30 ,  H04L9/00

Abstract: The application relates to a method for computing a probabilistic encryption scheme for encrypting a data item in an electronic device including: computing a plurality of random bit strings in a computation cluster; sending the computed plurality of random strings to the electronic device; generating a random string (rE) for using in the encryption scheme in the electronic device using a subset of the plurality of the random strings computed in the computation cluster and encrypting the data item using the random string computed in the electronic device. The present application also relates to a corresponding system and corresponding computer program product including one or more computer readable media having computer executable instructions for performing the steps of the method.

公开(公告)号：US10685141B2

公开(公告)日：2020-06-16

申请号：US16266151

申请日：2019-02-04

Applicant: ABB Schweiz AG

Inventor： Johannes Schneider ,  Matus Harvan ,  Sebastian Obermeier ,  Thomas Locher ,  Yvonne-Anne Pignolet

IPC: H04L29/06 ,  G06F21/62 ,  G06F21/64 ,  H04L9/08 ,  H04L9/32 ,  G06F11/14 ,  G06F3/06

Abstract: The invention relates to a method for storing data blocks from client devices to a cloud storage system, the method includes the steps of: d) storing an encrypted first data block and a challenge of the first data block of a first client device on the cloud storage system, e) determining if a hash of a second data block of a second client device stored on the cloud storage system equals the hash of the first data block, f) if yes, transmitting the challenge of the first data block from the cloud storage system to the second client device, g) extracting, at the second client device, the bits at the positions or at the range contained in the challenge, hashing the extracted bits, encrypting the hashed bits with a public key of the first client device or of the second client device and uploading the encrypted bits from the second client device to the cloud storage system, and h) storing the encrypted bits from the second client device on the cloud storage system.

公开(公告)号：US20190171847A1

公开(公告)日：2019-06-06

申请号：US16266151

申请日：2019-02-04

Applicant: ABB Schweiz AG

Inventor： Johannes Schneider ,  Matus Harvan ,  Sebastian Obermeier ,  Thomas Locher ,  Yvonne-Anne Pignolet

IPC: G06F21/62 ,  G06F3/06 ,  H04L9/08 ,  G06F21/64 ,  H04L9/32 ,  H04L29/06

Abstract: The invention relates to a method for storing data blocks from client devices to a cloud storage system, the method includes the steps of: d) storing an encrypted first data block and a challenge of the first data block of a first client device on the cloud storage system, e) determining if a hash of a second data block of a second client device stored on the cloud storage system equals the hash of the first data block, f) if yes, transmitting the challenge of the first data block from the cloud storage system to the second client device, g) extracting, at the second client device, the bits at the positions or at the range contained in the challenge, hashing the extracted bits, encrypting the hashed bits with a public key of the first client device or of the second client device and uploading the encrypted bits from the second client device to the cloud storage system, and h) storing the encrypted bits from the second client device on the cloud storage system.

公开(公告)号：US20190130113A1

公开(公告)日：2019-05-02

申请号：US16134342

申请日：2018-09-18

Applicant: ABB Schweiz AG

Inventor： Sebastian Obermeier ,  Roman Schlegel ,  Johannes Schneider ,  Thomas Locher ,  Matus Harvan

IPC: G06F21/57 ,  G06F21/55 ,  G05B19/418 ,  G05B15/02

Abstract: The present invention generally relates to a context-aware security self-assessment method or module that determines the context in which the device is used and based on this, assesses the devices security settings. The context may refer to the system environment, the applications the device is used for, and/or the current life-cycle stage of the device, without being limited to said contexts. The method of the present invention preferably prioritizes and rates the security relevant findings and presents them in combination with mitigation options through a web interface, a configuration tool, or through notifications in the control system.

公开(公告)号：US20190097787A1

公开(公告)日：2019-03-28

申请号：US16189126

申请日：2018-11-13

Applicant: ABB Schweiz AG

Inventor： Johannes Schneider ,  Matus Harvan ,  Sebastian Obermeier ,  Thomas Locher ,  Yvonne-Anne Pignolet

IPC: H04L9/00

CPC classification number: H04L9/008 ,  H04L2209/46 ,  H04L2209/76

Abstract: The invention relates to a method for aggregation of a performance indicator of a device comprising the steps of: concatenating a respective first data item to a plurality of second data items in the device; encrypting the plurality of concatenated second data items relevant for computing the performance indicator using a first encryption key in the device, wherein the first encryption key is based on an additive homomorphic encryption scheme; sending the encrypted concatenated second data items to a computation cluster; computing the performance indicator on the computation cluster using the encrypted concatenated second data items and computing an aggregate value regarding the performance indicator by summing up the encrypted concatenated second data items; sending the aggregate value to a server of a service provider of the device; decrypting the aggregate value using a second encryption key on the server of the service provider; and verifying the decrypted result by checking whether the decrypted sum computed by summing up the encrypted concatenated second data items comprises a predetermined value. The present invention also relates to a corresponding system and corresponding computer program product comprising one or more computer readable media having computer executable instructions for performing the steps of the method.

公开(公告)号：US11551035B2

公开(公告)日：2023-01-10

申请号：US16055705

申请日：2018-08-06

Applicant: ABB Schweiz AG

Inventor： Johannes Schneider ,  Matus Harvan ,  Sebastian Obermeier ,  Thomas Locher ,  Yvonne-Anne Pignolet

IPC: G06N20/00 ,  G06K9/62 ,  H04L9/00 ,  G06F17/18 ,  H04L9/06

Abstract: A method for evaluating data is based on a computational model, the computational model comprising model data, a training function and a prediction function. The method includes training the computational model by: receiving training data and training result data for training the computational model, and computing the model data from the training data and the training result data with the training function. The method includes predicting result data by: receiving field data for predicting result data; and computing the result data from the field data and the model data with the prediction function. The training data may be plaintext and the training result data may be encrypted with a homomorphic encryption algorithm, wherein the model data may be computed in encrypted form from the training data and the encrypted training result data with the training function. The field data may be plaintext, wherein the result data may be computed in encrypted form from the field data and the encrypted model data with the prediction function.