METHOD AND APPARATUS FOR COMPUTER-ASSISTED PROVISION OF A SECURITY-PROTECTED DIGITAL TWIN
20210081938 ยท 2021-03-18
Inventors
Cpc classification
H04L2209/56
ELECTRICITY
G06Q20/38215
PHYSICS
International classification
H04L9/32
ELECTRICITY
Abstract
Provided is a method for computer-assisted creation of a security-protected digital twin, including the following method steps providing at least one selected subset of data of a primary digital twin; storing transactions, wherein the transactions comprise the selected subset of the data and/or first checksums for the selected subset of the data are calculated and the transactions comprise the first checksum; creating the security-protected digital twin by generating links of a block chain, wherein the links comprise the transactions and the links are joined to one another to form the block chain.
Claims
1. A method for computer-assisted creation of a security-protected digital twin, including the following method steps: providing at least one selected portion of data of a primary digital twin; storing transactions, wherein the transactions comprise the selected portion of the data and/or first checksums are calculated for the selected portion of the data and the transactions comprise the first checksums; creating the security-protected digital twin by producing blocks of a blockchain or of a distributed database, wherein the blocks comprise the transactions, the blocks are linked together to form the blockchain or the distributed database.
2. The method as claimed in claim 1, wherein the blocks are linked together by way of a cryptographic hash function.
3. The method as claimed in claim 1, wherein a datum of the selected data, a portion of the selected data or all selected data of the transactions are respectively updated by virtue of a further block with at least one further transaction being linked with correspondingly updated data with at least one of the other blocks of the blockchain or of the distributed database.
4. The method as claimed in claim 2, wherein an integrity of the primary digital twin is determined on a basis of the security-protected digital twin.
5. The method as claimed in claim 4, wherein a check of the integrity is controlled by the primary digital twin itself and/or controlled by system components and/or controlled by a physical object that is mapped by the primary digital twin.
6. The method as claimed in claim 1, wherein a physical object, which is mapped by the primary digital twin, transfers device certification information to the primary digital twin, the primary digital twin inserts the device certification information as first further transaction of a first further block into the blockchain or into the distributed database and this first further block is linked to at least one of the other blocks of the blockchain or of the distributed database.
7. The method as claimed in claim 6, wherein the device certification information is protected by a second checksum, and a second further transaction of a second further block or the first further transaction comprises the first cryptographic checksum.
8. An apparatus for computer-assisted creation of a security-protected digital twin, comprising: a provision module for providing at least one selected portion of data of a primary digital twin; a memory module for storing transactions, wherein the transactions comprise the selected portion of the data and/or first checksums are calculated for the selected portion of the data and the transactions comprise the first checksums; a creation module for creating the security-protected digital twin by producing blocks of a blockchain or of a distributed database, wherein the blocks comprise the transactions, the blocks are linked together to form the blockchain or the distributed database.
9. The apparatus as claimed in claim 8, wherein the apparatus comprises a transfer module for transferring the security-protected digital twin.
10. A computer program product, comprising a computer readable hardware storage device having a computer readable program code stored therein, said program code executable by a processor of a computer system to implement a method, comprising program commands for carrying out the methods as claimed claim 1.
11. A computer program product, comprising a computer readable hardware storage device having a computer reliable program code stored therein, said program code executable by a processor of a computer system to implement a method comprising program commands for a creation device, which is configured by means of the program commands to create the apparatus as claimed in claim 8.
12. A provision apparatus for the computer program product as claimed in claim 10, wherein the provision apparatus stores and/or provides the computer program product.
Description
BRIEF DESCRIPTION
[0064] Some of the embodiments will be described in detail, with reference to the following figures, wherein like designations denote like members, wherein:
[0065]
[0066]
[0067]
[0068]
[0069] Provided nothing else is specified, functionally equivalent elements are provided with the same reference signs in the figures.
DETAILED DESCRIPTION
[0070] Provided nothing else is specified or has already been specified, the following exemplary embodiments comprise at least one processor and/or a memory unit for implementing or executing the method.
[0071] Additionally, a (relevant) person skilled in the art, in particular, who is aware of the method claim/method claims, naturally also knows of all possibilities for realizing products or implementation possibilities that are conventional in the prior art such that, in particular, there is no need for a separate disclosure in the description. In particular, these conventional realization variants that are known to a person skilled in the art can be realized only by way of hardware (components) or only by way of software (components). As an alternative and/or in addition thereto, a person skilled in the art can, within their usual action in the art, choose largely arbitrary combinations according to embodiments of the invention of hardware (components) and software (components) in order to implement realization variants according to embodiments of the invention.
[0072] A combination according to the invention of hardware (components) and software (components) can occur, in particular, if some of the effects according to embodiments of the invention are only brought about by specialist hardware (e.g., a processor in the form of an ASIC or FPGA) and/or another part can be brought about by the (processor-assisted and/or memory-assisted) software.
[0073] In particular, in view of the great number of different realization options, it is neither possible nor productive or necessary for the understanding of embodiments of the invention to specify all these realization options. In this respect, all the subsequent exemplary embodiments, in particular, should only, by way of example, highlight a few ways of how, in particular, such realizations of the teaching according to embodiments of the invention could appear.
[0074] Consequently, the features of the individual exemplary embodiments, in particular, are not restricted to the specific exemplary embodiment but, in particular, relate to embodiments of the invention in general. Accordingly, features of one exemplary embodiment may also serve as features for another exemplary embodiment, in particular without this having to be explicitly mentioned in the respective exemplary embodiment.
[0075]
[0076] The method comprises a first method step of providing 110 at least one selected portion of data of a primary digital twin. Here it is possible, for example, to select security-critical data of the primary digital twin, the protection of the integrity of which being deemed to be important.
[0077] The method comprises a second method step of storing 120 transactions. Here, the transactions comprise the selected portion of the data, with this being realizable in different ways. It is conceivable for one of the transactions to comprise in each case one or more of the data records of the selected portion of the datai.e., the latter are stored in the corresponding transaction. Alternatively, the transactions may comprise first checksums that are calculated for the data records of the selected portion of the data. In this variant, one of the transactions comprises one or more first checksums, which were each calculated for one of the data records of the selected portion of the data. In addition to the first checksums, the transactions may comprise, for example, a specification (e.g., an Internet address or a storage location on a data medium) in relation to from where a computer or a node can call the corresponding data (records) of the selected portion of the data. By way of example, it is also conceivable for this specification to be rendered known to computers and nodes in general (e.g., by way of a computer configuration or user profiles).
[0078] The method comprises a third method step of creating 130 the security-protected digital twin by producing blocks of a blockchain, wherein the blocks comprise the transactions and the blocks are linked together to form the blockchain.
[0079] As a result, an apparatus (e.g., a control module or a controller with a primary digital twin), for example, can insert the transactions with the security-protected digital twin into the blockchain or link the corresponding blocks with the transaction/transactions with at least one block of the blockchain.
[0080] Expressed differently, embodiments of the invention allows the provision of, in particular, information of a digital twin in security-protected fashion.
[0081] A conventional digital twin provides information about a physical object in digital form. These days, these data of such an object are found on specific servers, e.g., belonging to the manufacturer of a product or the operator of an installation. However, this is disadvantageous in that there is only restricted access to the data and that the stored data can be falsified.
[0082] Using the method according to embodiments of the invention, a digital twin is replicated, at least in part or only in part, in a blockchain. This is advantageous since this does not make the complete data of the primary digital twin available in the freely accessible blockchain. In particular, this would be neither practical (data volume) nor desirable (confidential, business-critical data).
[0083] Consequently, the security-protected digital twin comprises a subset of the information of the complete primary digital twin, in particular. However, this security-protected digital twin is freely accessible or at least accessible in relatively simple fashion for different users. The data or data records of the primary digital twin stored in the blockchain are, e.g., preprocessed (e.g., filtered, compressed, analyzed) in this case.
[0084] The data (records) of the security-protected digital twin can be updated by the primary digital twin, for example. To this end, the primary digital twin forms a transaction which, for example, comprises filtered and optionally preprocessed data of the physical object. In particular, the transactions are inserted into a blockchain or a block with a corresponding transaction is produced and linked with at least one block of the blockchain.
[0085] Consequently, a subset of the primary digital twin (or of its data record), for example, is provided in tamper-proof and freely or at least more freely accessible fashion by means of the blockchain.
[0086] By way of example, the primary digital twin can be realized by a project plan server or by a cloud-based IoT backend (Siemens Mindsphere, Microsoft Azure). In particular, the primary digital twin can continue to check its data for consistency using the data stored in tamper-proof fashion in the security-protected digital twin. As a result, tampering with, and inconsistencies of, the data of the primary digital twin can be identified and corrected where necessary.
[0087] However, it is also possible for this to be implemented on a gateway in one variant. A gateway, which transfers the data of the device to a primary digital twin of a backend, for example, can process or preprocess these data (records) and can form transactions as a function thereof, said transactions being used to produce the security-protected digital twin; that is to say, in particular, said gateway inserts or links these data (records) into the blockchain.
[0088] In a further variant, a physical object itself can update its data, stored in a blockchain, of its security-protected digital twin assigned thereto. This variant is advantageous in that it is usable and updatable independently of a conventional digital twin.
[0089] In a further variant, a plurality of sources (primary digital twin, gateway, device mapped by the primary digital twin) each insert transactions with data for the security-protected digital twin into the blockchain. This facilitates a better check of the consistency/integrity of the data, in particular.
[0090] In a further variant, a device provides device certification information, i.e., device information protected by a second (cryptographic) checksum, and transfers said device certification information to the primary digital twin. As a result, this information cannot be tampered with by the primary digital twin.
[0091] This device certification information can be provided to the security-protected digital twin as a portion of one of the transactions. In particular, it is only identified as valid within the blockchain if the certification is cryptographically valid (e.g., the digital signature has been successfully confirmed).
[0092] Examples of information or data (records) of a security-protected digital twin include: [0093] current mode of operation of the device (operational, standby, failure, service, sealed/unseal ed) [0094] current configuration, firmware status (identification information, e.g., a hash value or a configuration identifier) [0095] servicing information, use information (usage data) [0096] self-test data [0097] battery status [0098] estimated residual use duration [0099] membership to the installation (system, group)
[0100]
[0101] In detail,
[0102] By way of example, the fifth device D5 transmits device data 230, e.g., its monitoring data (device monitoring data) or current system data (e.g., information about operating temperature, power consumption), as a device status update message to its primary digital twin in the IoT backend 210 (e.g., via a CoAP, MQTT, Web Socket, XMPP protocol). The IoT backend 210 processes the information (update of the information of the primary digital twin, e.g., by filtering, processing).
[0103] The IoT backend 210 checks whether the device data belong to the selected portion of the data that should be provided by the security-protected digital twin by way of the blockchain. Should this be the case, the IoT backend 210 generates one or more transactions 235 as a function of the device data and provides said transactions to the nodes. These enter the transaction into the blockchain in the case of successful validation, for example by virtue of a block with these transactions being linked to a block of the blockchain. In this way, the nodes confirm the transaction in the blockchain, in particular.
[0104]
[0105] In a further variant, the fifth device D5 itself, or one of the other devices (D1-D4), provides one or more transactions for the nodes as a function of the device data of the fifth device D5. The node inserts the transactions into the blockchain in an analogous fashionas already explained above.
[0106] The gateway GW and the IoT backend 210 act as nodes of the blockchain. This means that they are involved in the formation or checking of the blockchain, together with further nodes.
[0107] By way of example, if the other devices are also nodes of the blockchain (e.g., the first device D1 and/or the second device D2) but have no access to the IoT backend 210 (e.g., they are not registered or have no authorization), these other devices can use/call at least the information of the fifth device D5 that is stored in the blockchain. Consequently, they are able to use, in particular, the information stored in the blockchain in tamper-proof fashion without having access to the primary digital twin. As a result, the data of the security-protected digital twin can be used, e.g., in flexible fashion by different stakeholders.
[0108]
[0109] In detail,
[0110] The blocks G each comprise a plurality of transactions T. By way of example, the first block G1 comprises a first transaction T1a, a second transaction T1b, a third transaction T1c and a fourth transaction T1d. By way of example, the second block G2 comprises a fifth transaction T2a, a sixth transaction T2b, a seventh transaction T2c and an eighth transaction T2d. The third block G3 comprises a ninth transaction T3a, a tenth transaction T3b, an eleventh transaction T3c and a twelfth transaction T3d.
[0111] Additionally, the blocks G each still comprise a link checksum CRC, which is formed as a function of the directly preceding block. Consequently, the first block G1 comprises a first link checksum CRC1 from its preceding block, the second block G2 comprises a second link checksum CRC2 from the first block G1 and the third block G3 comprises a third link checksum CRC3 from the second block G2. The link checksum is formed by way of the block header of the corresponding preceding block. The link checksum CRC can be formed using a cryptographic hash function such as, e.g., SHA-256, KECCAK-256 or SHA-3.
[0112] Additionally, each of the blocks may comprise a transaction checksum. This can be realized by means of a hash tree.
[0113] In order to form the hash tree, a third/further checksum (e.g., likewise a hash value that is formed as a function of the transactions/transaction data records) is calculated for each transaction of a block. Usually, use is made of a hash tree, e.g., a Merkle tree or Patricia tree, whose root hash value/root checksum is stored in the respective block as a transaction checksum.
[0114] In one variant, the transaction checksum is used as a link checksum.
[0115] Furthermore, a block may comprise a timestamp, a digital signature, proof-of-work evidence, as explained in the embodiments of the invention.
[0116]
[0117] In detail,
[0118] The first data record 420 comprises identification data for the device to which the security-protected digital twin relates (MID: Siemens SiXY SN3175438). The second data record 430 comprises information about the hardware version (e.g., 3.12a). The third data record 440 comprises information about the firmware version (e.g., 17.12.6). The fourth data record 450 comprises an identifier or unique ID of the configuration of the device (e.g., Homag-XY41-V2a). The fifth data record 460 comprises a status indication of the battery of the device (e.g., battery 70% charged). The sixth data record 470 comprises information about the mode of operation of the device (e.g., service/maintenance mode, real-time mode, work mode). The seventh data record 480 comprises a timestamp that specifies, e.g., a capture time of the data (records) (e.g., 20161207-102237).
[0119] A transaction checksum (e.g., a hash value) is ascertained, as a function of the transaction, and inserted into a block of a blockchain, for example the blockchain of
[0120] The transaction or the transaction checksum thereof is transferred to a node. When forming the next block, the transaction information (e.g., the transaction and/or the transaction checksum) is included in the next block.
[0121] As a result, the information about the transaction (i.e., corresponding data (records) of the selected portion of the data that are stored in the security-protected digital twin) is protected from tampering at later times on the basis of the block of the blockchain. The security-protected digital twin can be checked by third parties.
[0122] In particular, the data (records) of the transaction are ascertained as a function of the data of the primary digital twin of the device (as was already explained in the preceding exemplary embodiments).
[0123] This is implemented by a control module (e.g., the IoT backend of
[0124] However, it is also possible for this to be implemented on a gateway or on other system components, or on the device itself (e.g., the fifth device of
[0125]
[0126] The apparatus comprises a provision module 510, a memory module 520, a creation module 530 and an optional first communications interface 504 (e.g., for a link to the network of
[0127] By way of example, the apparatus still additionally comprises a further component or a plurality of further components, such as, e.g., a processor, a memory unit, an input device, more particularly a computer keyboard or a computer mouse, and a display device (e.g., a monitor). By way of example, the processor may comprise a plurality of further processors, wherein, for example, the further processors each realize one or more of the modules. Alternatively, the processor realizes all modules of the exemplary embodiment in particular. The further component(s) can likewise be connected to one another in communicative terms by way of the first bus 503, for example.
[0128] By way of example, the processor can be an ASIC, which has been realized in application-specific fashion for the functions of a respective module or of all modules of the exemplary embodiment (and/or of further exemplary embodiments), wherein the program component or the program commands, in particular, are realized as integrated circuits. By way of example, the processor may also be an FPGA which, in particular, is configured by means of the program commands in such a way that the FPGA realizes the functions of a respective module or of all modules of the exemplary embodiment (and/or of further exemplary embodiment).
[0129] The provision module 510 is configured to provide at least one selected portion of data of a primary digital twin.
[0130] By way of example, the provision module 510 can be implemented or realized by means of the processor, the memory unit and a first program component, wherein, for example, the processor is configured in such a way by executing program commands of the first program component or the processor is configured in such a way by the program commands that the selected portion of the data is provided.
[0131] The memory unit 520 is configured to store transactions, wherein [0132] the transactions comprise the selected portion of the data and/or [0133] first checksums are calculated for the selected portion of the data and the transactions comprise the first checksums.
[0134] By way of example, the memory module 520 can be implemented or realized by means of the processor, the memory unit and a second program component, wherein, for example, the processor is configured in such a way by executing program commands of the second program component or the processor is configured in such a way by the program commands that the transactions are stored.
[0135] The creation module 530 is configured to create the security-protected digital twin by producing blocks of a blockchain, wherein the blocks each comprise at least one of the transactions and the blocks are linked together to form the blockchain.
[0136] By way of example, the creation module 530 can be implemented or realized by means of the processor, the memory unit and a third program component, wherein, for example, the processor is configured in such a way by executing program commands of the third program component or the processor is configured in such a way by the program commands that the security-protected digital twin is created.
[0137] Here, the program commands of the respective modules can be executed by means of the processor itself and/or by means of an initialization component, for example a loader, or a configuration component.
[0138] Although the present invention has been disclosed in the form of preferred embodiments and variations thereon, it will be understood that numerous additional modifications and variations could be made thereto without departing from the scope of the invention.
[0139] For the sake of clarity, it is to be understood that the use of a or an throughout this application does not exclude a plurality, and comprising does not exclude other steps or elements.