System and method for determining or monitoring a process variable in an automation plant

Abstract

The present disclosure relates to a system and method for determining or monitoring a process variable having a higher-level unit and a plurality of field devices. The field devices generate data and are connected to one another for communication, and the higher-level unit and the field devices are nodes corresponding to a distributed ledger or blockchain technology comprising transaction creation units. Each field device is assigned a transaction creation unit for creating transactions. A created transaction contains data from the field devices assigned to the transaction creation units. A block creation unit processes a created transaction to form a data block. Validation units check the data block and/or transactions for validity. The data block is valid if at least one predefined number of validation units validates the data block, wherein each node is assigned one of the validation units. The valid data block is stored in a distributed database.

Claims

1. A system for determining or monitoring a process variable in an automation plant, comprising: at least one higher-level unit; and a plurality of field devices, wherein each of the field devices has a sensor and/or actuator and an electronic unit, wherein the field devices generate data including measurement data, control data, calibration data, diagnostic, historical and/or status data; wherein the field devices are connected to one another for communication via a wireless or wired communication network; wherein the higher-level unit and the field devices are nodes corresponding to a distributed ledger or blockchain technology: wherein the system is configured to: create transactions using a plurality of transaction creation units, wherein each of the field devices is assigned one of the transaction creation units, wherein a created transaction contains data from the field devices assigned to each of the transaction creation units wherein the transaction creation units are integrated in the electronic units of the field devices or modular auxiliary electronic units of the field devices; wherein the created transaction includes measurement values by sensors of the field devices; process at least one created transaction to form a data block at regular intervals using at least one block creation unit, wherein the block creation unit is implemented in the higher-level unit; check the data block and/or the transactions for validity using a plurality of validation units, wherein the transactions are generated by valid nodes, wherein the data block is valid if at least more than half of the validation units validates the data block successfully, wherein each of the nodes is assigned one of the validation units; and store data blocks using a plurality of decentrally distributed databases for storing data blocks, wherein the valid data block is stored in each of the databases.

2. The system of claim 1, wherein the data block is designed according to a data block of the blockchain technology and is linked according to blockchain technology with data blocks created at earlier points in time.

3. The system of claim 1, wherein one of the decentrally distributed databases is arranged in each node.

4. The system of claim 1, wherein the higher-level unit is a control unit or a workstation PC at a control level of the plant.

5. The system of claim 1, wherein the system includes additional nodes, wherein the additional nodes are gateways, remote input/output devices (RIOs), and/or edge devices containing the block creation unit and/or the validation unit.

6. The system of claim 1, wherein the validation units are integrated in the electronic units of the field devices and in the higher-level unit, or in modular auxiliary electronic units of the field devices and/or the higher-level unit.

7. The system of claim 6, wherein the transaction creation units and the validation units of the field devices are located in a common electronic unit or in a common auxiliary electronic unit.

8. The system of claim 7, wherein each field device has an energy supply unit that supplies the field device with energy that is obtained via the communication network.

9. The system of claim 7, wherein each of the field devices has an energy storage unit that absorbs and stores energy from the environment and/or provides energy, wherein the energy storage unit supplies the field device with the stored or provided energy.

10. The system of claim 9, wherein the energy storage unit is designed in such a manner that it absorbs energy via the communication network.

11. The system of claim 9, wherein the energy storage unit comprises a solar cell, a fuel cell and/or a battery.

12. The system of at least one of claim 9, wherein the energy storage unit comprises at least one capacitor and/or one accumulator.

13. The system of claim 1, wherein the communication network comprises a fieldbus of the automation plant.

14. The system of claim 1, wherein the communication network comprises a local area network or a wide area network.

15. A method for determining or monitoring a process variable in an automation plant having at least one higher-level unit and a plurality of field devices, wherein each field device has a sensor and/or actuator and an electronic unit, wherein the field devices generate data including measurement data, control data, calibration data, diagnostic, historical and/or status data, wherein the field devices are connected to one another for communication via a communication network, and wherein the higher-level unit and the field devices are nodes that function and interact according to blockchain technology, the method comprising steps of: creating at least one transaction, wherein the transaction contains at least one subset of the data generated by the field devices, wherein transaction creation units are integrated in the electronic units of the field devices or modular auxiliary electronic units of the field devices; processing the transaction into one data block, wherein block creation units are implemented in the higher-level unit; transmitting the data block to each of the nodes via the communication network; validating the data block by all the nodes, wherein the transaction is generated by a valid node, wherein the data block is valid if at least half of all nodes validate the data block successfully; and storing the valid data block in a plurality of decentrally distributed databases; wherein the created transaction includes measurement values by sensors of the field devices.

16. The method of claim 15, wherein the transaction is transmitted to all nodes before it is processed into the data block and validated by the nodes, wherein the transaction is only processed into the data block if it is successfully validated by at least one of the nodes.

17. The method of claim 15, wherein a potential node will transmit a request to participate to all nodes and will only be integrated as a new node if at least one predefined number of nodes successfully validate the request to participate.

Description

BRIEF DESCRIPTION OF THE DRAWINGS

(1) The invention is explained in greater detail with reference to the following figures. The following is shown:

(2) FIG. 1 shows an exemplification of data blocks designed according to blockchain technology; and

(3) FIG. 2 shows a first embodiment of the system according to the present disclosure.

DETAILED DESCRIPTION

(4) FIG. 1 shows an exemplification of data blocks BL1, BL2, BL3, which are designed according to blockchain technology. Blockchain technology has become known as the backbone of the “Bitcoin” Internet currency. A blockchain, i.e. a chain of linked data blocks BL1, BL2, BL3, allows a high degree of data integrity. In the following, the functionality of a blockchain, designed for the method according to the invention, is briefly described.

(5) As a rule, any such data block BL1, BL2, BL3 consists of at least two components: On the one hand, this is a data field DF. This data field DF stores data in the form of transactions TA. A transmission of data from a first node TK to a second node TK in a communication network F is designated as a transaction TA. A transaction TA contains a transmitted value, in this case data, along with the transmitter and receiver of the transaction TA. All devices that use blockchain technology in the communication network F are designated as nodes TK.

(6) A data field DF of a data block BL1, BL2, BL3 contains at least one transaction TA, more often multiple transactions TA.

(7) On the other hand, a data block BL1, BL2, BL3 contains a checksum #1, #2, #3. Such a checksum #1, #2, #3 is a hash value and is sometimes created by complex calculations. For this purpose, all transactions TA of the data field of a block BL1, BL2, BL3 are calculated for an intermediate value. For example, the Merkle root of the total number of transactions TA is calculated for this purpose. The exact functional principle is not discussed at this juncture. For this purpose, reference is made to https://en.wikipedia.org/wiki/Merkle_tree.

(8) Such calculated intermediate value is then set off against the checksum #1, #2, #3 of the previous data block BL1, BL2, BL3 for the checksum #1, #2, #3 of the current data block BL1, BL2, BL3. For example, the data block BL2 shown in FIG. 1 contains a checksum #2. Thus, such checksum #2 was calculated from the transactions TA stored in the data field DF of the data block B2 and the checksum #1 of the preceding data block BL1. By analogy, the data block BL3 shown in FIG. 1 contains a checksum #3. Thus, such checksum #3 was calculated from the transactions TA stored in the data field DF of data block B3 and the checksum #2 of the preceding data block BL2.

(9) The integrity of the data, i.e. the protection of the data against subsequent manipulation, is thus ensured by storing the checksum #1, #2, #3 of the preceding data block BL1, BL2 in the following data block BL2, BL3. Thus, a blockchain consists of a series of data blocks BL1, BL2, BL3, in each of which one or more transactions TA are combined and provided with the checksum #1, #2, #3. A change of data generates a changed intermediate value, by which the checksum #1, #2, #3 of the respective data block BL1, BL2, BL3 also changes. Therefore, the following data block BL1, BL2, BL3 no longer matches the preceding data block BL1, BL2, BL3. As a result, data of a successfully validated data block BL1, BL2, BL3 can no longer be changed by an attacker.

(10) New data blocks BL1, BL2, BL3 are created at regular intervals. In the data field of the new data block BL1, BL2, BL3, all transactions TA that were created after the time of the creation of the last data block BL1, BL2, BL3 are stored.

(11) The complexity of the block creation can be increased by the fact that the created checksum #1, #2, #3 must have a predefined format. For example, it is specified that the checksum must be 24 digits long, with the first four digits having a numerical value of 0. For this purpose, in addition to the intermediate value of the transactions TA and the checksum of the previous data block, a sequence of numbers to be determined, known as a “nonce,” with a fixed length, is used to calculate the checksum #1, #2, #3 of the current data block BL1, BL2, BL3. The calculation of the new checksum #1, #2, #3 takes longer, because there are only a few nonces that lead to the calculation of a checksum #1, #2, #3 with the given criteria. Finding such a suitable nonce thereby causes the described additional expenditure of time.

(12) After the checksum #1, #2, #3 of a new data block BL1, BL2, BL3 has been created, the data block is transmitted to all nodes TK. The nodes TK then examine the checksum #1, #2, #3 of the new data block BL1, BL2, BL3. Only after successful validation is the data block BL1, BL2, BL3 stored in all nodes TK. In particular, this requires the successful validation of more than half of all nodes TK. Therefore, to infiltrate/create a foreign, harmful data block BL1, BL2, BL3, an attacker would have to manipulate or control a large number of nodes TK in order to successfully validate the infiltrated data block BL1, BL2, BL3. With an increasing number of TK nodes, this can be regarded as virtually impossible.

(13) The validation of a data block BL1, BL2, BL3 requires significantly less effort than the creation of the data block BL1, BL2, BL3. The checksum #1, #2, #3 is calculated back, the intermediate value of the transactions TA or the checksum #1, #2, #3 of the previous data block BL1, BL2, BL3, as the case may be, is recovered and this is compared with the actual intermediate value or with the actual checksum #1, #2, #3 of the previous data block BL1, BL2, BL3. If such values match, the data block BL1, BL2, BL3 is successfully validated.

(14) The following section describes how this method can be used to store data from a process automation plant A in a manner secure against manipulation.

(15) FIG. 2 shows one design of the system according to the invention. A plant A with automation technology is shown. Multiple computer units WS1, WS2 in the form of workstation PCs in the control level of plant A are connected to a communication network F. Such computer units serve as higher-level units (control system or control unit), among other things for process visualization, process monitoring and engineering, such as for operating and monitoring field devices F1, F2, F3, F4. The control level of plant A is connected to multiple field devices F1, F2, F3, F4 via a control unit SPS, which is designed, for example, as a programmable logic controller and is essentially also designated as a higher-level unit. The field devices F1, F2, F3, F4 can be either sensors or actuators. The fieldbus FB works according to one of the well-known fieldbus standards, such as PROFIBUS, FOUNDATION Fieldbus or HART. Instead of the fieldbus, it can also comprise a local area network or a wide area network, for example the Internet. Furthermore, a visualization unit VE for visualizing process measured values or status values of the field devices F1, F2, F3, F4 [is] connected to the field devices F1, F2, F3, F4 via a link device GW/RIO/ED, which can be a gateway GW, a remote IO RIO or an edge device ED.

(16) Each of the components, i.e. the workstation PCs WS1, WS2, the field devices F1, F2, F3, F4, along with the control unit SPS, the link device GW/RIO/ED and the visualization unit VI form nodes TK for a blockchain communication network.

(17) Each of the nodes TK has a database DB. The DB databases are designed in such a manner that one of the decentrally distributed DB databases is arranged in each node TK. The databases DB receive all data blocks at any time, such that all databases DB have the identical amount of data. For the databases DB, non-volatile memories such as hard disks or solid-state drives (SSD), memory cards or memory sticks are used in particular.

(18) Each node has a transaction creation unit TE to create transactions TA in accordance with the requirements (see FIG. 1). The transactions TA receive data of the respective nodes TK. In addition to measurement data from field devices F1, F2, F3, F4, which have sensors, such data also includes control data, for example for position control of a field device F1 F2, F3, F4, which has an actuator. Furthermore, the data comprise diagnostic, historical and/or status data, which inform the plant operator of problems with field devices or the current status of the individual field devices F1, F2, F3, F4.

(19) The transaction creation units TE are integrated in the electronic units of the nodes TK. However, it can also be provided that the transaction creation unit TE is made available on modular auxiliary electronic units, in particular plug-in modules.

(20) Those nodes TK that have a sufficient energy supply or sufficiently large computing power have a block creation unit BE, with which data blocks BL1, BL2, BL3, as described above, are created.

(21) Furthermore, it is provided that each node TK has a validation unit VE. Using such validation units VE, the nodes TK validate newly created data blocks BL1, BL2, BL3. An additional function of the validation units VE is that the created transactions TA are transmitted to all nodes TK prior to processing in a data block BL1, BL2, BL3 and are validated by the nodes TK. A created transaction TA is only processed in the data block BL1, BL2, BL3 if it is successfully validated by at least one of the nodes TK. In particular, the system checks whether the creator of transaction TA is a valid node TK, or whether the data contained in transaction TA is within a valid range of values, for example.

(22) The validation units VE are integrated in the electronic units of the nodes TK. However, it can also be provided that the validation units VE are made available on modular auxiliary electronic units, in particular plug-in modules. Furthermore, it can be provided that the transaction creation units TE and the validation units VE of the nodes are located in a common electronic unit or in a common auxiliary electronic unit. The space requirement is reduced and efficiency is increased through the use of interconnected electronic components.

(23) In particular, the field devices F1, F2, F3, F4 frequently have a low energy supply. For this reason, it is provided that the block creation units BE are integrated in the field devices only if the energy supply or the computing power of the field devices F1, F2, F3, F4 is sufficient for this purpose.

(24) Conventionally, it is provided that each of the field devices F1, F2, F3, F4 has an energy supply unit EV, which supplies the field devices F1, F2, F3, F4, in particular the electronic unit of the field devices F1, F2, F3, F4, by means of energy that is obtained via the communication network F. Since, in this manner, the energy output as described above is frequently low, it is possible that each of the field devices F1, F2, F3, F4 has an energy storage unit ES, which receives and stores energy from the environment and/or provides energy, and supplies the field devices F1, F2, F3, F4, in particular the electronic unit of the field devices F1, F2, F3, F4, with the stored or provided energy.

(25) For example, the energy absorbed via the communication network F is temporarily stored in the energy storage unit ES. It may be provided that the temporarily stored energy is only made available to the electronic unit of the corresponding field device F1, F2, F3, F4 when the temporarily stored amount of energy exceeds a predefined value or when the energy storage device is completely charged. Thereby, the energy storage unit has at least one capacitor and/or one accumulator. Both components permit the storage and output of energy without the component having to be fully charged.

(26) However, it may also be provided that the energy storage unit ES comprises a solar cell, a fuel cell and/or a battery, in particular a rechargeable battery. In this case, the energy storage unit ES is independent of the communication network F.

(27) It is advantageous to combine the energy supply unit EV with the energy storage unit ES. In normal operating mode, the field device F1, F2, F3, F4 is supplied with the energy provided by the communication network F via the energy supply unit EV. To carry out an additional functionality using the transaction creation unit TE and/or the validation unit VE, the field device F1, F2, F3, F4 receives the additional energy required via the energy storage unit ES.

(28) Finally, a few advantages of the system according to the invention are listed once again: Decentralized storage of data of plant A in multiple DB databases instead of one central DB database, reducing data vulnerability; Data integrity through linking the data blocks BL1, BL2, BL3; and Passing through of multiple validation processes, by which only transactions TA that meet the requirements or valid data blocks BL1, BL2, BL3 are stored.

(29) It is self-evident that that the embodiments shown are of an exclusively exemplary nature and that the method in accordance with the invention can be carried out with any type and arrangement of nodes TK in a process automation plant A.

LIST OF REFERENCE SIGNS

(30) A Process automation plant

(31) BE Block creation unit

(32) BL1, BL2, BL3 Data block

(33) DB Database

(34) ED Edge device

(35) ES Energy storage unit

(36) EV Energy supply unit

(37) F1, F2, F3, F4 Field device

(38) F Communication network

(39) GW Gateway

(40) RIO Remote IO

(41) SPS Control unit

(42) TA Transaction

(43) TE Transaction creation unit

(44) TK Node

(45) VE Validation unit

(46) VI Visualization unit

(47) WS1, WS2 Workstation PC

(48) #1, #2, #3 Hash values of the data blocks