METHOD OF ACCESSING FUNCTIONS OF AN EMBEDDED DEVICE

Abstract

A method for accessing functions of an embedded device, for example a controller programmable from memory, wherein function blocks of the embedded device are assigned to at least two hierarchically superimposed levels, an access to a function block of the embedded device occurs from outside of the embedded device by a data interface, and for access an authentication must occur for the level to which the respective function block is assigned, and again for each individual level above the level to which the function block is assigned, to permit execution of a function of the function block, wherein the functions of the function blocks permit access to a firmware of the embedded device.

Claims

1-13. (canceled)

14. A method of accessing functions of an embedded device, the method comprising: (a) associating functional blocks of the embedded device with at least two levels disposed above one another hierarchically; (b) accessing to a functional block of the embedded device from outside the embedded device by a data interface; and (c) authenticating during the accessing for a level with which the respective functional block is associated and again for every single level above the level associated with the functional block to permit an execution of a function of the functional block; wherein the functions of the functional blocks permit access to firmware of the embedded device.

15. The method in accordance with claim 14, wherein the embedded device is a programmable logic controller.

16. The method in accordance with claim 14, wherein the functions of the functional blocks also permit access to an application program executed on the embedded device.

17. The method in accordance with claim 14, wherein the authentication for different levels takes place by different keys.

18. The method in accordance with claim 14, wherein the embedded device uses a key-based cryptographic process for authentication for a level.

19. The method in accordance with claim 14, wherein a first functional block that permits direct access to hardware of the embedded device is arranged in a first level that is a lowest level.

20. The method in accordance with claim 19, wherein a function belonging to the first functional block permits direct access to a network interface.

21. The method in accordance with claim 19, wherein a second functional block that permits direct access to an operating system kernel of the embedded device is arranged in a second level that is disposed above the first level.

22. The method in accordance with claim 21, wherein a function belonging to the second functional block permits direct access to a file system.

23. The method in accordance with claim 21, wherein a third functional block that permits access to the executed application program is arranged in a third level that is disposed above the second level.

24. The method in accordance with claim 23, wherein a function belonging to the second functional block permits a monitoring of the executed application program.

25. The method in accordance with claim 23, wherein a fourth functional block that permits access to a web server of the embedded device is arranged in a fourth level that is disposed above the third level.

26. The method in accordance with claim 15, wherein a function belonging to the fourth functional block permits a data input and a data output at the web server.

27. The method in accordance with claim 14, wherein access to functions of the embedded device is checked by a firewall of the embedded device.

28. The method in accordance with claim 14, wherein a user management is used in which users are stored to whom authentication for predefined functional blocks is permitted.

29. An embedded device, comprising: a data interface; a processing device; and a memory device; wherein the processing device is configured to: a) associate functional blocks of the embedded device with levels disposed above one another hierarchically; b) carry out an authentication during access to a functional block of the embedded device from outside the embedded device by the data interface for a level with which the functional block is associated and again for every single level disposed above the level associated with the functional block before an execution of a function of the functional block is permitted; c) wherein functions of the functional blocks permit access to firmware of the embedded device.

30. The embedded device in accordance with claim 29, wherein the functions of the functional blocks that permit access to firmware of the embedded device also permit access to an application program executed on the embedded device.

31. The embedded device in accordance with claim 30, wherein the embedded device is a programmable logic controller.

32. The embedded device in accordance with claim 29, wherein the embedded device is configured to execute a real-time application.

33. The embedded device in accordance with claim 29, further comprising a fieldbus connector and the embedded device is operable at a voltage of 24 volts.

Description

[0041] The invention will be described in the following purely by way of example with reference to the drawings. There are shown:

[0042] FIG. 1 a schematic view of an embedded device having levels disposed hierarchically above one another and having associated functional blocks; and

[0043] FIG. 2 a schematic view of the firmware and software of an embedded device.

[0044] FIG. 1 schematically shows an embedded device, namely a programmable logic controller (PLC) 10. The PLC 10 comprise an Ethernet connector 12 that serves as a data interface for communication with e.g. a web browser of a computer (not shown).

[0045] The data incoming via the Ethernet connector 12 are monitored by a firewall 14 using firewall rules 16. Only authorized queries or data are passed through by the firewall 14.

[0046] Once a query has passed the firewall 14, it is possible to access functional blocks that are disposed above one another hierarchically after a further authentication. In this respect, a web server 20 is arranged in a topmost level, i.e. the fourth level 18.

[0047] A monitoring service 24 is associated with the third level 22 below it. The access to an application program can also be associated with the third level 22.

[0048] The second level 26 is provided beneath the third level 22 and the operating system kernel 28, i.e. the runtime, is associated therewith. The lowest and thus first level 30 comprises a functional block for hardware access 32.

[0049] To obtain access to the functional blocks 20, 24, 28, 32 of the different levels 18, 22, 26, 30, a separate authentication process 34, that is symbolized by an openable switch in FIG. 1, has to be carried out for each level. On each authentication process 34, a random number is generated in the embodiment shown that is transmitted to the accessing browser via the Ethernet connector 12. The browser encrypts the random number using a public key that is included in a certificate of the browser. The encrypted random number is subsequently sent back to the PLC 10 and is decrypted there using a private key. If the result of the decryption coincides with the original random number, access is granted to the respective level 18, 22, 26, 30. In order, for example, to obtain access to the operating system kernel 28, three authentication processes 34 are thus necessary, namely for the fourth level 18, for the third level 22, and for the second level 26.

[0050] The schematic design of the PLC 10 is shown in more detail in FIG. 2, with the PLC 10 substantially comprising three sectors. The first sector is a hardware level 36 to which the Ethernet connector 12 belongs. The hardware level 36 additionally comprises the hardware components for a CAN bus (controller area network bus), for a USB connection 40 (universal serial bus), for an encoder 42, and for a touch-sensitive screen 44.

[0051] The hardware layer 36 is controlled by an operating system 46 that forms the second sector and is, for example real-time capable. The operating system 46 comprises a CAN driver 48 that controls the CAN bus 38. The operating system 46 furthermore comprises a USB driver 50 for controlling the USB connection 40.

[0052] The encoder 42 is controllable by the operating system 46 via an encoder driver 52. An Ethernet stack 54 ensures the function of the Ethernet connector 12. A graphics driver 56 takes over the control of the touch-sensitive screen 44.

[0053] The operating system 46 additionally provides different services which include an input/output management 58 (I/O management), the monitoring service 34 and a hot code swap service 60. The I/O management 58 in this respect enables access to hardware functions, for example to the CAN bus 38. The monitoring service 24 permits processes of the operating system 46 to be monitored and individual registers of the operating system 46 to be displayed, for example.

[0054] To change the functionality of the PLC 10 in ongoing operation, the hot code swap service 60 is used that enables changes to be made to the operating system 46 with respect to the runtime.

[0055] The operating system 46 additionally provides the web server 20.

[0056] A code management 62 that represents the third sector of the PLC 10 sits on top of the operating system 46. The code management 62 substantially serves to execute a user program 64. The user program 64 can serve for the control of an automation plant, for example. The operating system 46 of the PLC 10 can generally also be called firmware and the user program 64 software or an application program.

[0057] To execute the user program 64, the code management 62 comprises libraries 66 that are not included in the information contained in the user program 64. The code management 62 furthermore comprises websites 68 that can be displayed by the web server 20 as well as a key management 70.

[0058] The key management 70 present in the embodiment essentially provides the functionality shown in FIG. 1 of the authentication at different levels 18, 22, 26, 30 by means of a plurality of authentication processes 34. The key management 70 additionally comprises a user management (not shown) in the form of an access control matrix (ACM). For the authentication, the key management generates the random numbers for the respective authentication processes 34. The key management 70 communicates with the different functional blocks 20, 24, 28, 32, 60 by means of a DBus 72. In this respect, communication takes place with the I/O management 58 for authentication for the first level 30 to permit hardware accesses 32 and accesses to the operating system kernel of the operating system 46 in the second level 26.

[0059] Accesses to the monitoring service 24 require an authentication process 34 for the third level 22, for which purpose the key management 70 communicates with the monitoring service 24. The hot code swap service 60 is likewise associated with the third level 22 (not shown in FIG. 1) so that the key management also communicates with the hot code swap service 60. A data exchange between the key management 70 and the web server 20 takes place for accesses to the web server 20.

[0060] In addition to accesses to the hardware level 36 and to the operating system 46, the key management can also carry out an authentication process 34 for the user program 64, whereby, for example, blocked parts of the user program 64 can be executed.

[0061] Depending on the importance of the different functional blocks 20, 24, 28, 32, 60, a different safety level can be generated by the breakdown of the PLC 10 into different levels 18, 22, 26, 30 and to the association of different functional blocks 20, 24, 28, 32, 60 with these levels. In this respect, a weighing up can be made between the required effort and the required safety level.

REFERENCE NUMERAL LIST

[0062] 10 PLC [0063] 12 Ethernet connector [0064] 14 firewall [0065] 16 firewall rules [0066] 18 fourth level [0067] 20 web server [0068] 22 third level [0069] 24 monitoring service [0070] 26 second level [0071] 28 operating system kernel [0072] 30 first level [0073] 32 hardware access [0074] 34 authentication process [0075] 36 hardware level [0076] 38 CAN bus [0077] 40 USB connection [0078] 42 encoder [0079] 44 touch-sensitive screen [0080] 46 operating system [0081] 48 CAN driver [0082] 50 USB driver [0083] 52 encoder driver [0084] 54 Ethernet stack [0085] 56 graphics driver [0086] 58 input/output management [0087] 60 hot code swap service [0088] 62 code management [0089] 64 user program [0090] 66 libraries [0091] 68 websites [0092] 70 key management [0093] 72 DBus