US-12621172-B2 - Method for verifying a first time recording unit of a field device in automation technology

Abstract

A method for verifying a first time recording unit of a field device that supplies the field device with a first date and/or a first time. The method includes receiving a ticket at the field device that comprises cryptographically secured information and a time stamp. The time stamp is obtained from a second time recording unit and contains a second date and/or second time. The method includes carrying out a trust assessment of the time stamp, wherein the trustworthiness of the second time recording unit is checked against the first time recording unit. If the trust assessment shows that the second time recording unit is more trustworthy than the first time recording unit, the method includes comparing the first date or the first time with the second date or the second time, and creating a warning message if a deviation greater than a predetermined factor is determined.

Inventors

• Björn Haase
• Thomas Alber
• Oliver Durm
• Roman Griesser
• Martin Lohmann
• Stefan Robl
• Karsten Traub

Assignees

• ENDRESS+HAUSER CONDUCTA GMBH+CO. KG

Dates

Publication Date

20260505

Application Date

20241009

Priority Date

20231009

Claims (11)

1. 1 . A method for verifying a first time recording unit of a field device of automation technology, wherein the first time recording unit supplies the field device with a first date and/or with a first time, comprising: receiving a ticket at the field device, wherein the ticket comprises at least cryptographically secured information and a time stamp, wherein the time stamp is obtained from a second time recording unit, and wherein the time stamp contains a second date and/or second time; carrying out a trust assessment of the time stamp contained in the ticket, wherein the trustworthiness of the second time recording unit is checked against the first time recording unit in the course of the trust assessment; in the event that the trust assessment shows that the second time recording unit is more trustworthy than the first time recording unit: comparing the first date or the first time with the second date or the second time, and creating a warning message if a deviation greater than a predetermined factor is determined between the first date or first time and the second date or second time.
2. 2 . The method according to claim 1 , wherein the warning message is only created if the time stamp of the ticket is younger than the time stamps of all tickets received by the field device to date.
3. 3 . The method according to claim 1 , wherein the trust assessment is only carried out in the event that the field device can successfully verify the cryptographically secured information.
4. 4 . The method according to claim 1 , wherein the ticket is created by a ticket server, wherein the ticket server transmits the ticket to the field device, wherein the second time recording unit is assigned to the ticket server, wherein the second time recording unit assigned to the ticket server has a higher trust assessment than the first time recording unit of the field device.
5. 5 . The method according to claim 4 , wherein the transmission of the ticket is carried out via an operating unit by the ticket server transmitting the ticket to the operating unit and by the operating unit transmitting the ticket to the field device.
6. 6 . The method according to claim 1 , wherein the ticket is created by an operating unit, wherein the operating unit transmits the ticket to the field device, wherein the second time recording unit is assigned to the operating unit, and wherein the second time recording unit assigned to the operating unit only has a higher trust assessment than the first time recording unit of the field device if the operating unit has already been made known to the field device.
7. 7 . The method according to claim 6 , wherein the ticket server has transmitted a certificate to the operating unit as proof of being a trustworthy time source, wherein the operating unit incorporates the certificate into the ticket and transmits it to the field device, wherein the field device only performs the steps following receipt of the ticket if the field device can successfully verify the certificate.
8. 8 . The method according to claim 7 , wherein a mobile device, in particular a tablet or a smartphone, is used as the operating unit.
9. 9 . The method according to claim 8 , wherein the operating unit transmits the ticket to the field device via a wireless communication link, in particular based on Bluetooth or WiFi.
10. 10 . The method according to claim 6 , wherein a third time recording unit is assigned to the operating unit, wherein the operating unit transmits the ticket to the field device together with a third date and/or third time obtained from the third time recording unit, wherein the plausibility condition is fulfilled in the event that the third date and/or the third time substantially matches the second date or the second time.
11. 11 . The method according to claim 1 , wherein the first time recording unit is reset to the second date or the second time if the second date or the second time fulfills at least one plausibility condition.

Description

CROSS-REFERENCE TO RELATED APPLICATION The present application is related to and claims the priority benefit of German Patent Application No. 10 2023 127 518.6, filed on Oct. 9, 2023, the entire contents of which are incorporated herein by reference. TECHNICAL FIELD The present disclosure relates to a method for verifying a first time recording unit of a field device of automation technology, wherein the time recording unit supplies the field device with a first date and/or with a first time. BACKGROUND Field devices that are used in industrial installations are already known from the prior art. Field devices are often used in process automation engineering, as well as in manufacturing automation engineering. In principle, all devices which are process-oriented and which supply or process process-relevant information are referred to as field devices. Field devices are thus used for detecting and/or influencing process variables. Measuring devices, or sensors, are used for detecting process variables. These are used, for example, for pressure and temperature measurement, conductivity measurement, flow measurement, pH measurement, fill level measurement etc., and detect the corresponding process variables of pressure, temperature, conductivity, pH value, fill level, flow etc. Actuators are used for influencing process variables. These are, for example, pumps or valves that can influence the flow of a fluid in a pipe or the fill level in a tank. In addition to the aforementioned measuring devices and actuators, field devices are also understood to include remote I/Os, radio adapters, or, generally, devices that are arranged at the field level. A multitude of such field devices is produced and marketed by the Endress+Hauser group. In modern industrial plants, field devices are usually connected to superordinate units via communication networks such as fieldbuses (Profibus®, Foundation® Fieldbus, HART® etc.). Usually, the superordinate units are control systems (DCS) or control units, such as an SPC (stored program control). The superordinate units are used for, among other things, process control, process visualization, and process monitoring, as well as commissioning of the field devices. The measured values recorded by the field devices, such as by sensors, are transmitted via the respective bus system to a (or in some cases a plurality of) superordinate unit(s). In addition, data transmission from the superordinate unit via the bus system to the field devices is also required, such as for configuration and parameterization of field devices and for controlling actuators. Protocols such as the Internet Network Time Protocol (NTP, RFC 958) are known for the distribution of time information and the synchronization of clocks, but they require a direct IP network connection between the device and the time server, which is not usually available in the case of field devices. Mobile control units can also be used to operate field devices that have implemented an FDT frame application. For example, there are control units that are connected to the fieldbus network. However, the control unit can also communicate with the field devices via a wireless communications connection, in particular based upon a Bluetooth standard. The applicant produces and sells devices which, as so-called Bluetooth gateways, allow the control units to be coupled to the field devices. The field device is connected to a Bluetooth gateway via wires, in particular using the HART or CDI communication standards. Alternatively, the field devices themselves have their own Bluetooth interfaces. In contrast to field devices, operating units can have at least temporary access to a network infrastructure and can use mechanisms such as those listed in RFC 958 for synchronizing their clocks. If a mobile device, such as a smartphone or tablet, is used as a control unit for wireless communication with the field devices, application programs, so-called apps, are available which make the operating functions for the field device available to the mobile device. In industrial environments, most of the installed field devices have no or only very basic protection against unauthorized access. In these field devices, all device parameters can usually be accessed directly or, for example, after entering an unlock code. As a result of the Federal Security Act (Bundessicherheitsgesetz) in Germany, more and more field devices are coming onto the market that have individual user accounts and role-based authorization. For access via a user interface or machine interface, an, in a certain sense “permanent,” authorization is required, which is usually granted by prior authentication. The authorization must be chosen in such a way that the access user has (permanently) all the authorizations they need to carry out their tasks. In order to reduce the administrative effort for the administration of the individual field devices to an acceptable level, there are isolated efforts