METHOD FOR VALIDATING OR VERIFYING A FIELD DEVICE

Abstract

A method for validating a field device is disclosed. The field device includes a plurality of hardware and software modules and is provided with a first cryptographic signature on the manufacturer side. The first cryptographic signature identifies the device manufacturer or the original delivery state of the field device. The origin and integrity of the field device is validated on the customer side using the first cryptographic signature. Once the field device is adapted to a defined machinery, the field device is provided with a second cryptographic signature on the customer side. The second cryptographic signature identifies the adaptations of the field device made on the customer side as a machinery-specific desired state of the field device. At least one validation of the field device is carried out on the customer side using the second cryptographic signature during the period of installation of the field device in the defined machinery.

Claims

1-6. (canceled)

7. A method for validating or verifying a field device which determines or monitors a physical, chemical, or biological process variable of a process medium in automation technology, wherein the field device is composed of a plurality of hardware and software modules, wherein on the manufacturer side the field device is provided with a first cryptographic signature; wherein the first cryptographic signature unambiguously identifies the device manufacturer and/or the original delivery state of the field device, defined by genuine hardware and software/firmware and genuine configuration settings; wherein the origin and integrity of the field device is validated/verified on the customer side using the first cryptographic signature; wherein, after an adaptation of the field device to a defined application, the field device is provided on the customer side with a second cryptographic signature; wherein the second cryptographic signature unambiguously identifies the adaptations of the field device made on the customer side as an application-specific intended state of the field device; and wherein, during the period of installation of the field device in the defined application, at least one validation or verification of the field device is performed on the customer side via the second cryptographic signature.

8. The method of claim 1, wherein especially a customer-specific, system-specific, and/or device-specific signature are/is used as a second cryptographic signature.

9. The method of claim 1, wherein a check is made, using the validation or verification of the field device, as to whether a respective actual state of the field device matches the intended state and the field device is intact, or whether an unauthorized change has been made to the hardware modules and/or the software modules of the field device.

10. The method of claim 1, wherein the first cryptographic signature and/or the second cryptographic signature are created via an asymmetric cryptosystem consisting of private key and a public verification key, a public key.

11. The method of claim 1, wherein electronic assemblies are identified as hardware modules.

12. The method of claim 1, wherein firmware or configuration parameters are identified as software modules.

Description

[0019] The method according to the invention for validating or verifying a field device FG which determines or monitors a physical, chemical, or biological process variable of a process medium in automation technology is explained in more detail using FIG. 1. FIG. 1 shows a plurality of field devices FG on the manufacturer side HS and on the customer side KS. Each of the field devices FG is composed of a plurality of hardware and software modules. On the manufacturer side HS, the field device FG is provided with a first cryptographic signature S1 before delivery to the customer. The first cryptographic signature S1 unambiguously identifies the device manufacturer and/or the original delivery state of the field device FG. The field device has guaranteed genuine hardware and software/firmware and genuine configuration settings.

[0020] On the customer side KS, the origin and integrity of the field device FG are validated/verified by a service employee S by means of the first cryptographic signature S1.

[0021] Usually, a new configuration is effected on the customer side in order to adapt the field device FG optimally to a defined application in which it is installed. The field device FG is next provided on the customer side KS with a second cryptographic signature S2 by a service employee S. The second cryptographic signature S2 unambiguously identifies the adaptation of the field device FG performed on the customer side as an application-specific intended state of the field device FG. This gives the customer the option of using the second cryptographic signature S2 to establish at any time—even during operation of the field device FG in the defined application—whether the field device is still in its validated and verified intended state. Since the validation/verification process can be automated, an actual/intended check is also possible without a great expenditure of time, even during operation of the field device FG.