公开(公告)号：US11582210B2

公开(公告)日：2023-02-14

申请号：US17313496

申请日：2021-05-06

Applicant: ABB Schweiz AG

Inventor： Johannes Schmitt ,  Soeren Finster

IPC: H04L29/06 ,  H04L9/40 ,  H04L9/30 ,  H04L9/32

Abstract: A method for enabling a secure communication with a target device over a network includes: opening an unsecured OPC UA Endpoint by an OPC UA Server that runs on the target device; connecting to the OPC UA Server over the network by an OPC UA Client running on a first device, and requesting the initial device certificate; receiving the initial device certificate by unsecured communication over the network; validating, by the first device, the initial device certificate; establishing, by the first device, a device certificate; encrypting, by the first device, at least the device certificate; sending the encrypted data over the network; decrypting, by the target device, the encrypted data using an initial device private key associated with the initial device certificate to obtain at least the device certificate; storing the device certificate on the target device; and opening a secured OPC UA Endpoint by the OPC UA Server.

公开(公告)号：US12132822B2

公开(公告)日：2024-10-29

申请号：US17523013

申请日：2021-11-10

Applicant: ABB Schweiz AG

Inventor： Soeren Finster ,  Florian Kohnhaeuser

IPC: H04L9/08 ,  G06F8/65 ,  H04L9/32

CPC classification number: H04L9/0819 ,  G06F8/65 ,  H04L9/3247

Abstract: A method for protecting the integrity of measurement data acquired by a sensor includes: in response to the measurement data being acquired, determining, by the sensor, whether an aggregate value has already been generated, and: if the aggregate value has not yet been obtained, mapping, by a predetermined aggregation function that takes the measurement data as a mandatory argument and a previously generated aggregate value as an optional argument, the measurement data to the aggregate value; whereas if the aggregate value has already been obtained, mapping, by the predetermined aggregation function, the combination of the aggregate value and the measurement data to a new aggregate value; and in response to a predetermined condition being met, computing, using a secret key of the sensor, a signature of the aggregate value; and outputting the signature via a communication interface of the sensor, and/or storing the signature in a memory.

公开(公告)号：US20210352051A1

公开(公告)日：2021-11-11

申请号：US17313496

申请日：2021-05-06

Applicant: ABB Schweiz AG

Inventor： Johannes Schmitt ,  Soeren Finster

IPC: H04L29/06 ,  H04L9/32 ,  H04L9/30

Abstract: A method for enabling a secure communication with a target device over a network includes: opening an unsecured OPC UA Endpoint by an OPC UA Server that runs on the target device; connecting to the OPC UA Server over the network by an OPC UA Client running on a first device, and requesting the initial device certificate; receiving the initial device certificate by unsecured communication over the network; validating, by the first device, the initial device certificate; establishing, by the first device, a device certificate; encrypting, by the first device, at least the device certificate; sending the encrypted data over the network; decrypting, by the target device, the encrypted data using an initial device private key associated with the initial device certificate to obtain at least the device certificate; storing the device certificate on the target device; and opening a secured OPC UA Endpoint by the OPC UA Server.

公开(公告)号：US20230125527A1

公开(公告)日：2023-04-27

申请号：US17974693

申请日：2022-10-27

Applicant: ABB Schweiz AG

Inventor： Dirk Schulz ,  Soeren Finster ,  Sten Gruener ,  Thomas Gamer

IPC: H04L9/08 ,  H04L9/40

Abstract: A method for securely supplying data to be used in parameterizing a device for an industrial automation system includes a first party supplying a second party with a machine-readable standardized container for the exchange of device parameters in industrial automation systems, wherein the supplying comprises writing into the container an encrypted primary security credential to be used by the device for establishing trust with the industrial automation system. In another aspect, a method for securely obtaining data to be used in parameterizing a device for an industrial automation system includes obtaining, from a first party, by a second party, a machine-readable standardized container for the exchange of device parameters in industrial automation systems, the container comprising an encrypted primary security credential to be used by the device for establishing trust with the industrial automation system.

公开(公告)号：US20220382234A1

公开(公告)日：2022-12-01

申请号：US17824624

申请日：2022-05-25

Applicant: ABB Schweiz AG

Inventor： Markus Aleksy ,  Reuben Borrison ,  Matthias Berning ,  Philipp Bauer ,  Patric Ackermann ,  Soeren Finster

IPC: G05B19/042 ,  G06F16/28 ,  G06F16/25

Abstract: A system for building data exchange includes an information modelling unit, which includes a digital twin model, a building information modelling, wherein the information modelling unit provides modelling data, an extractor configured to determine extraction data from an instance, an extractor configured to determine extraction data from an instance of the model using the modelling data, at least one converter engine, a compositor to populate the converted data into a converted instance, and a compositor to populate the converted data into a converted instance.

公开(公告)号：US12298725B2

公开(公告)日：2025-05-13

申请号：US17824624

申请日：2022-05-25

Applicant: ABB Schweiz AG

Inventor： Markus Aleksy ,  Reuben Borrison ,  Matthias Berning ,  Philipp Bauer ,  Patric Ackermann ,  Soeren Finster

IPC: G06F16/25 ,  G05B19/042 ,  G06F16/28

Abstract: A system for building data exchange includes an information modelling unit, which includes a digital twin model, a building information modelling, wherein the information modelling unit provides modelling data, an extractor configured to determine extraction data from an instance, an extractor configured to determine extraction data from an instance of the model using the modelling data, at least one converter engine, a compositor to populate the converted data into a converted instance, and a compositor to populate the converted data into a converted instance.

公开(公告)号：US20240152124A1

公开(公告)日：2024-05-09

申请号：US18501646

申请日：2023-11-03

Applicant: ABB Schweiz AG

Inventor： Thomas Gamer ,  Soeren Finster ,  Florian Kohnhaeuser ,  Nicolas Coppik ,  Piotr Powroznik

IPC: G05B19/418

CPC classification number: G05B19/4184 ,  G05B19/41885

Abstract: A method includes receiving data indicating an event from at least one industrial device; providing the received data indicating an event to nodes of a distributed ledger; in response, selecting at least one of the nodes of a distributed ledger and writing a transaction into the distributed ledger, wherein the writing of a transaction into the distributed ledger is authorized by the selected at least one of the nodes of the distributed ledger, wherein the transaction comprises transaction data, wherein the transaction data allows an accessing of event data; wherein the transaction data comprises a pointer pointing to original or pre-processed data existing in one or more industrial databases of the at least one industrial device; providing immutable and tamper-resistant event data, event reaction data, control data, or training data for training a machine learning or an artificial intelligence based industrial control system based on the transaction data.

公开(公告)号：US20240430310A1

公开(公告)日：2024-12-26

申请号：US18754364

申请日：2024-06-26

Applicant: ABB Schweiz AG

Inventor： Soeren Finster

IPC: H04L9/40

Abstract: A computer-implemented method for configuring a communication network based on a given intent comprising providing communications, the method comprising determining from the given intent by a given orchestration engine a candidate network configuration that, when implemented, causes the given intent to be realized; determining one or more changes to the security posture of the network that result from the candidate network configuration; determining based on a criterion, whether there is sufficient correspondence between the intent and the changes to the security posture; in response to determining that this correspondence is not sufficient, determining at least one amendment to the given intent such that, when a new candidate network configuration is determined based on this amendment to have a better correspondence between the amended intent and the resulting changes to the security posture of the network; and implementing the new candidate configuration in the communication network.

公开(公告)号：US20240193279A1

公开(公告)日：2024-06-13

申请号：US18533573

申请日：2023-12-08

Applicant: ABB Schweiz AG

Inventor： Soeren Finster ,  Thomas Gamer ,  Florian Kohnhaeuser ,  Nicolas Coppik ,  Piotr Powroznik

IPC: G06F21/57

CPC classification number: G06F21/577 ,  G06F2221/033

Abstract: A computer-implemented method for providing vetting and/or functional validation of software components, comprising: providing a software component and software component data indicating the software component; writing the software component data in a distributed ledger; functional validating and/or vetting the software component and providing functional validation and/or vetting data of the software component; writing the functional validation and/or vetting data in the distributed ledger; providing the data written in the distributed ledger to a software component consumer.

公开(公告)号：US11809170B2

公开(公告)日：2023-11-07

申请号：US17393420

申请日：2021-08-04

Applicant: ABB Schweiz AG

Inventor： Soeren Finster ,  Florian Kohnhaeuser

IPC: G05B19/418 ,  H04L9/08 ,  H04L9/14 ,  H04L9/32

CPC classification number: G05B19/4185 ,  H04L9/0825 ,  H04L9/14 ,  H04L9/3263

Abstract: An industrial automation system device includes: a secure communication processing unit for communicating securely with a further trusted industrial automation system device; and a pre-shared secret module including a pre-shared secret, the pre-shared secret including shared asymmetric key pair generation data. The secure communication processing unit: derives a shared asymmetric key pair including a shared secret key and a shared public key from the shared asymmetric key pair generation data, derives a shared certificate including the shared public key, signs the shared certificate with the derived shared secret key, and generates a device asymmetric key pair including a device secret key and a device public key.