DE102020112811B3 - Method and system for authenticating at least one unit - Google Patents

Abstract

The invention relates to a method for authenticating a unit (12) of a system (10). The system (10) has a central controller (11) which is in communication with one or more units (12). At least one task-answer algorithm is available to check the authenticity of an aggregate (12). If several task-response algorithms are available, at least one task-response algorithm is based on the use of an operating parameter. The operating parameter can be, for example, a control or regulating parameter (P) to be transmitted by the central controller (11) or an actual value describing the current operating state of the unit (12). The task or the answer can be based on the operating parameter. In a preferred embodiment, a control or regulating parameter (P) to be set in the selected unit (12), for example a target value, is modified and transmitted to the selected unit (12) as a modified parameter (Pmod). It is then checked whether the selected unit (12) is able to correctly convert the modified parameter (Pmod) into the control or regulating parameter (P) and then adapt the operation using the determined control or regulating parameter (P). If this is the case, the authentication of the aggregate (12) is successful.

Description

The invention relates to a method for authenticating at least one unit of a system, the system also having, in addition to the at least one unit, a central controller that is communicatively connected to the at least one unit. The unit can be set up, for example, to generate a fluid flow. The at least one unit can be, for example, a fan or a pump. The system can also have units of different types, for example at least one pump and at least one fan.

For the operation of such systems it is important that the individual components work together correctly. If the central controller communicates with the at least one unit, it must be ensured that the transmitted data is correctly received and interpreted by the respective recipient. Only then can correct operation of the system be ensured. If, for example, fans or pumps are provided to convey gaseous or liquid cooling media and to generate a cooling flow, faulty operation can lead to equipment not being adequately cooled and subject to increased wear and / or failure. It is therefore important that the compatibility of the central control and the units is ensured. The present invention therefore uses a method for authentication based on a communication between the central controller and the at least one unit.

Authentication methods are known from the prior art.

EP 0 995 288 B1 relates to a method for mutual authentication between a mobile component and a network. The so-called "challenge-response procedure" is used for this. In order to avoid time delays, the first task set by the network is answered by the mobile unit and, at the same time, a further task is transmitted to the network, which in turn can then be answered by the network.

An authentication process using the challenge-response process is also in EP 1 397 886 B1 described. In the described application, a chip card is authenticated against a terminal. To increase security, a variability of the data is generated, the data exchange during the authentication process depending on historical data, namely a preceding authentication process.

When using the authentication method according to DE 10 2017 212 809 B3 two separate communication links are used between data processing devices, with user data being transmitted via the first communication link and authentication requests via the second communication link. A challenge-response method can be used for authentication, in which user data is divided into blocks and a request for authentication is generated on the basis of a block.

EP 3 340 213 A1 describes a safety function for labeling products. The marking contains a so-called "Physical Unclonable Function (PUF)", which is sometimes also referred to as a "Physical Random Function". The marker also includes a representation of or a reference to a digital signature. The digital signature is used to sign a hash value that results from the application of a predetermined hash function to data which, based on the PUF, represent a response to a task in an authentication process (challenge-response process). The PUF already provides a certain level of security. In order to verify the authenticity of the identified object, a task is sent to the PUF and a hash value is generated from the response using the hash function. This hash value is then compared with the hash value contained in the digital signature. A similar procedure is also in EP 3 565 179 A1 described.

A method for authenticating fuel cartridges is off WO 2008/021101 A1 known. The fuel cartridge is first authenticated via a device to which the fuel cartridge is connected before it is possible to feed fuel from the fuel cartridge into the system. For example, the challenge-response method can be used for authentication for this purpose.

In the procedures according to WO 2015/030818 A1 is about the authentication of a toner cartridge in a printer. Time behavior is taken into account for authentication. The printer places a task on the toner cartridge and monitors not only the correctness of the answer, but also the time of the answer with a view to meeting a predetermined time window in which the answer is expected. If at least one of the two requirements is not met, the authentication has failed.

US 2004/0223011 A1 and WO 2004/102310 A2 relate to the authentication of a consumption unit in a device, for example a cartridge in a printer. the Consumption unit has an authentication code. This is compared with a verification code in order to determine the authenticity of the supply unit. An HMAC algorithm (Hash-Massage Authentication Code) can be used for this.

Another authentication system or method is in WO 2013/048430 A1 described. The point is to authenticate a refillable unit (toner cartridge) in a device (printer). Analog serial numbers are used for this purpose, which clearly identify the exchangeable units. The analog serial number contains a special physical parameter of the chip on which it is stored. This physical parameter is coded digitally. In operation, the physical parameter is measured and compared with the stored value in order to authenticate the unit.

the end EP 3 297 834 B1 it is known to authenticate an exchangeable item (printer cartridge in a printer). This checks how many and which authentication values have already been transmitted to the system from the exchangeable item. If a maximum number is reached, no further stored authentication values are used, only the previously transmitted authentication values are used. A similar approach is also used in EP 3 338 143 B1 described.

WO 2013/062528 A1 describes the authentication of an exchangeable supply unit for a printer. For this purpose, a task code can be generated in the printer and transmitted to the exchangeable supply unit. This generates an answer. The response can contain additional information, such as the model of the replaceable supply unit, a service life specification, a serial number or a date of manufacture. Based on the response, the printer can check the authenticity of the replaceable supply unit.

the end EP 2 605 175 A2 is known to test a field replaceable unit. The exchangeable unit has an identification which is compared with an identification stored in a security module. The identification can contain the topology of a key chip.

In the off US 2005/0050325 A1 known authentication system, an authentication device of a first device generates a signal that is sent to another device. This in turn responds with a signal. The two signals are compared with one another. By comparing the signals, the identity of the additional device connected to the first device can be checked.

A method for contactless authentication of a smart card is out US 2010/0224682 A1 known. A reader measures an impulse response that is linked to the smart card. The impulse response is compared with reference data. Optionally, the reader can also transmit at least one task to the smart card and verify its response.

WO 2006/052111 A1 relates to a method for encrypting transmission between nodes. In essence, it is about the management of the keys used. It is proposed to create an unbranched chain with keys and to distribute the keys to the nodes according to the unbranched structure of the chain.

The authentication procedure EP 3 511 854 A1 uses a second circuit to authenticate a first circuit. A signature is generated in each circuit, taking into account the respective electrical nodes.

DE 10 2012 109 227 A1 describes an arrangement with at least one field device that is communicatively connected to a control room. In addition, there is a mobile computer unit that can communicate wirelessly with the field device and the control room. The data communication between the control room and the field device can also be transmitted via the mobile computer unit, so that a comparison can take place through this redundancy. This enables transmission errors to be detected. The signal transmission can be encrypted.

A function test device for a field device and a corresponding method are off DE 103 44 088 A1 known. For this purpose, for example, control signals can be regularly transmitted to field devices in order to check and monitor their correct functioning.

DE 103 52 071 A1 describes a procedure for the detection of unauthorized exchanged components. An encrypted message is sent to a component to be checked. The message contains a value that is generated by means of a random generator or a randomly applied sensor signal. The message is read in the component to be tested and an identifier is determined via a predefined assignment and transmitted back. The assignment is known to the control unit and it can then be checked whether the correct identifier was transmitted by the component to be checked as a response to the encrypted message.

On the basis of the prior art, it can be seen as the object of the present invention to create a simple possibility for authentication.

This object is achieved by a method with the features of claim 1 and a system with the features of claim 11 solved.

The invention concerns the authentication of at least one unit that is part of a system. The at least one unit can be a cooling unit. There are preferably several units that are communicatively connected to a common central controller. The communication link can be wireless and / or wired. The central controller and the at least one unit are preferably connected in communication via a bus system.

The authentication process is started, for example, when a test condition for checking the authenticity of an aggregate is met. The test condition can be, for example, reaching a randomly selected point in time. The test condition can also be met if communication for control or regulation between the central control and the unit that is to be authenticated is required anyway or takes place in accordance with the specifications of a communication protocol used.

First, an aggregate to be authenticated is selected. Following this, an operating parameter is recorded or determined, which is then used to check the authenticity. For this purpose, a task-response algorithm is used, in which the task and / or the response is generated based on the operating parameters.

In one embodiment of the method, the central controller can query an actual value of the selected unit, such as an actual temperature and / or an actual speed of a motor of the unit and / or an actual current of an electric motor of the unit, etc. At least any desired sensor value and / or or counter reading can be used which characterizes the current operating state of the unit, for example also the reading of an operating hours counter of the selected unit.

The request from the central controller to transmit the operating parameter and / or reading out the operating parameter can already be understood as a task for the selected unit. As an alternative to this, it is also possible for the central controller to transmit a message to the selected unit that represents an authentication task.

The selected unit can then carry out a predefined arithmetic operation based on the operating parameter. The arithmetic operation can be formed by at least one or more mathematical and / or logical operations. The arithmetic operation is known to both the unit and the central control. The result of the arithmetic operation is made available to the central controller as an answer to the task. The central controller can read out the response from a register of the selected unit or the selected unit can transmit the response to the central controller.

In the central control, the same arithmetic operation can be applied to the already known operating parameters and it can be checked whether the result corresponds to the response of the selected unit. If the answer of the selected aggregate to the received task is correct, the authenticity of the selected aggregate is determined. Otherwise the authenticity check of the selected unit was not successful and measures can be initiated, for example shutting down the unit.

When this application speaks of an arithmetic operation, it is to be understood as meaning at least one mathematical operation and / or at least one logical operation which encrypts a value, the value being able to be linked to at least one further value. The values are preferably binary numbers of any length, for example at least 8 bits. All arithmetic operations used in cryptology can be used here. In a very simple example, for example, two binary values can be combined with one another bit by bit using an XOR operation (logical exclusive OR operation) in order to determine the task and / or the answer.

In the above variant, the response of the selected unit is based on the operating parameter, that is to say, for example, an actual value of the operation of the selected unit. Since there may be a time delay between the acquisition of the actual value by the central controller and the transmission or reading out of the response, in which the operating parameters may change, it may be necessary to carry out the task-response procedure several times in order to ensure the authenticity of the to be able to confirm or deny the selected aggregate. For example, the task-answer method can be carried out several times (odd number) and then a majority decision can be made to confirm or reject the authenticity of the selected aggregate.

In an additional or alternative task-response algorithm of the method according to the invention, the operating parameter can be a control parameter or regulating parameter for the selected unit. For example, a setpoint value and / or a limit value and / or a parameter to be used in a control function or regulating function of the unit can be transmitted to the selected unit as a control parameter or control parameter. In this variant, the operating parameter is changed in a manner analogous to the variant described above by means of an arithmetic operation known to the central controller and the unit. It can be linked to one or more values known both in the central controller and in the selected unit. This mathematical and / or logical arithmetic operation generates a task that is transmitted from the central control to the selected unit. In response to the task received, the selected unit calculates the operating parameters contained in the task and then uses these operating parameters for further operation.

The central control can then check whether the operating parameters contained in the task are used correctly in the selected unit. For this purpose, for example, one or more actual values can be queried or read out, which characterize the current operation of the selected unit. The decoding of the task and the use of the determined operating parameter for the further operation of the selected unit represents the answer to the received task in this case. If the task was correctly implemented by the selected unit, the authenticity is confirmed and otherwise rejected.

In all variants of the method according to the invention, at least one task-response algorithm can be selected and used in which an operating parameter (e.g. setpoint, actual value, control parameter, control parameter) is used to generate the task and / or to generate the response to the task. The transmission of the operating parameter between the central controller and the selected unit is necessary or advantageous anyway during the operation of the system, for example to inform the central controller about the current operating states of the units or to use the central controller to adapt the operation of a unit, for example to changed ones Environmental conditions. This communication can also be used for authentication. The additional communication required for the authentication between the central controller and the at least one unit can be reduced and the required bandwidth can be minimized. The communication system used for communication is less stressed. The existing aggregates are thus authenticated extremely efficiently.

Preferably, all setpoint values transmitted from the central control to all existing units of the system are converted into a task and transmitted by at least one mathematical and / or logical arithmetic operation. Setpoint values are not communicated unencrypted in this embodiment of the method. As an alternative to this, operating parameters can only be transmitted in encrypted form in the form of a task if an additional test condition is met that requires a test of authenticity.

As explained, it is advantageous if the selected unit determines the operating parameters from the received task and uses them for further operation. This represents a very efficient possibility of authentication, since the transmission of such an operating parameter is necessary in any case for the control or regulation of the selected unit. The operating parameter can be, for example, a target value, such as the target speed of an electric motor of the selected unit or a target current of an electric motor of the unit or the like.

The at least one unit can be a cooling unit. The at least one unit can be set up to generate a fluid flow, for example an air flow or a coolant flow. In one embodiment, at least one of the units is a fan and / or a pump. The aggregates of a plant can be of the same type or of different types. For example, a system can have units formed exclusively by fans or pumps or contain pumps and fans.

The authenticity of each unit can be checked once, for example during commissioning. Additionally or alternatively, an authenticity check of an assembly can be repeated at regular or irregular time intervals or whenever a test condition is met.

The task and / or response based on the operating parameter can be determined using a further value that is known both to the central controller and to the selected unit, for example a value that is generated once and cannot be changed during further operation. For example, the central When initializing each aggregate, the control system specifies an initialization value and transmits it to the respective aggregate. Based on the initialization value and an arithmetic operation known both to the central controller and to the unit, the task in the central controller or the response in the selected unit can then be calculated. Subsequently, on the basis of this arithmetic operation, the task can be solved in the selected unit or the answer can be checked in the central control.

• - eine von der zentralen Steuerung an das ausgewählte Aggregat übermittelt Zufallszahl;
• - eine Seriennummer des ausgewählten Aggregats oder ein Teil davon;
• - ein im ausgewählten Aggregat gespeicherter unveränderlicher Registerwert (kann auch als Salt-Wert bezeichnet werden), der auch der zentralen Steuerung bekannt ist.

In addition or as an alternative to the initialization value, other numbers or values can also be used to form the task and / or the answer, e.g. at least one of the following values:

• - A random number transmitted from the central controller to the selected unit;
• - a serial number of the selected unit or part of it;
• - an unchangeable register value stored in the selected unit (can also be referred to as a salt value), which is also known to the central controller.

The number of values or numbers used and the arithmetic operation to change a value or to link several values with one another can be selected as desired.

A group of several different task-response algorithms is provided for authentication. A first algorithm corresponds to the task-response algorithm based on the operating parameter, as explained above. In this first algorithm, the task and / or the answer is based on an operating parameter for the selected unit or from the selected unit. In addition to the first algorithm, the group has at least one further algorithm. Before or after selecting an aggregate to be authenticated, one or more of the provided algorithms are selected in order to carry out the authentication. This can further improve the security of the authentication.

Another algorithm from the group of task-response algorithms can be based, for example, on a random value that the central controller determines and makes available to the selected unit, for example transmitted to the selected unit. In a preferred embodiment, the selected unit has a defined register in which the central controller enters the random value. The task is to provide the random value. The selected unit determines, based on the random value and at least one further value, in particular the initialization value, a response that is provided to the central controller. The answer is preferably written to a defined register of the selected unit and is available there for access by the central controller. The central control can read out the answer. The answer can be checked in the central controller in that the same arithmetic operation is carried out based on the random value and the at least one further value (e.g. initialization value) and the result is compared with the answer.

It is advantageous here to store the at least one further value and / or the arithmetic operation used for the calculation in the at least one unit or in the central control prior to installation in the system. In this way, it can be avoided that subsequently installed and incompatible units can be integrated as part of an initialization.

• 1 eine schematische Darstellung eines Ausführungsbeispiels einer Anlage mit einer zentralen Steuerung und mehreren damit kommunikationsverbundenen Aggregaten,
• 2 ein Blockschaltbild eines Ausführungsbeispiels eines Aggregats aus 1,
• 3 ein Blockschaltbild eines Ausführungsbeispiels eines Registers einer Aggregatsteuerung eines Aggregats aus den 1 oder 2 und
• 4 bis 6 Flussdiagramme unterschiedlicher Ausführungsbeispiele von Verfahren zur Authentifizierung eines Aggregats.

Advantageous embodiments of the invention emerge from the dependent claims, the description and the drawings. Preferred exemplary embodiments of the invention are explained below with reference to the accompanying drawings. In the drawings show:

• 1 a schematic representation of an exemplary embodiment of a system with a central controller and several units connected to it for communication,
• 2 a block diagram of an embodiment of a unit from 1 ,
• 3 a block diagram of an embodiment of a register of a unit control of a unit from the 1 or 2 and
• 4th until 6th Flowcharts of different exemplary embodiments of methods for authenticating an aggregate.

In 1 a system is highly schematized in the form of a block diagram 10 illustrates the central control 11 as well as several aggregates 12th having. The aggregates 12th and the central control 11 are by means of a communication system 13th communication-related. The communication system 13th can establish a wired and / or wireless communication link for this purpose. In the exemplary embodiment, the communication system is 13th a bus system 14th , which is a wired communication link between the central controller 11 and the aggregates 12th enables. The bus system 14th is based, for example, on a master-slave architecture or client-server architecture. The central control 11 provides the master M. represent. The aggregates 12th each form a slave S _x . The bus system can conform to any known architecture or standard, for example a fieldbus standard such as PROFIBUS or MODBUS.

The index "x" characterizes a number of the unit 12th . The number n of aggregates 12th can vary and each aggregate 12th forms a slave according to the example S _x with x = 1 to n. The index “x” describes, for example, that the parameter or value provided with the index “x” belongs to the SLAVE S _x heard.

With the aggregates 12th the plant 10 it is for example fans 15th . An exemplary block diagram-like representation of a fan 15th is in 2 illustrated. Additionally or alternatively, at least one unit 12th or there can be several or all of the aggregates 12th can also be formed by other controllable units, in particular units that cause fluid flow, for example by a pump.

The ventilator 15th has an aggregate control 16 on. The aggregate control 16 is used to control or regulate an electric motor 17th of the fan 15th set up. About the electric motor 17th can be a rotor unit 18th of the fan 15th to generate a gas flow, in particular air flow, are driven in rotation. By means of at least one sensor 19th of the fan 15th can be an operating state of the electric motor 17th and / or the rotor unit 18th detected and a corresponding sensor signal O _x to the unit control 16 be transmitted. Based on the at least one sensor signal O _x a closed control loop can be implemented.

The ventilator 15th assigns an interface 20th by means of which the connection to the bus system 14th is made. the interface 20th can be part of the unit control 16 be.

The aggregate control 16 also has a memory 21 in which values can be saved temporarily and / or permanently. Multiple registers of memory 21 are schematically in 3 illustrated. Part of the register can have data or values that are at the interface 20th are received. Parts of the register can be controlled by means of the unit control 16 and for access via the communication system 13th or the bus system 14th be provided externally, in particular for access by the central controller 11 (Master M. ).

The attachment 10 and especially the central control 11 and the aggregates 12th are set up to perform authentication. This can be used to determine whether within the system 10 one or more aggregates 12th added or replaced that may be incompatible.

An embodiment of a method is shown in 4th illustrated. According to the example, after starting in one step 30th when the system is commissioned for the first time 10 and / or one in the system 10 integrated unit 12th through the central control 11 carried out an initialization. The central control 11 when commissioning the system 10 each aggregate 12th an initialization value Init _x assigned and in a register of memory 21 filed ( 3 ).

If only one or more new units 12th into the plant 10 should be integrated, the central control 11 either all aggregates 12th a new initialization value each time Init _x or just initialize the newly added aggregates.

The initialization value Init _x can be any random number, for example. The initialization values of the aggregates 12th are all different from each other. When the system is in operation following the initialization, the initialization value is Init _x each aggregate 12th (Slave S _x ) immutable.

Additionally or alternatively to this assignment of the initialization value Init _x can be a register of memory 21 the serial number N _x of the respective unit 12th and / or an immutable register value F _x exhibit. The serial number N _x and / or the immutable register value F _x can be done before the unit is installed 12th into the plant 10 In the storage room 21 can be saved. The serial number N _x can be done by the central controller as part of the initialization 11 be queried. Additionally or alternatively, the unchangeable register value F _x be stored in a register belonging to the central control unit 11 is known and provided there for reading out as part of the initialization.

The immutable register value F _x of the aggregates 12th a plant 10 can alternatively, preferably before commissioning in the central controller 11 can be saved. This enables the unchangeable register value to be transmitted F _x via the communication system 13th can be avoided, for example during initialization. Assigning an initialization value Init _x and / or the exchange of values between the central controller 11 and the at least one unit 12th during the initialization as the basis for a subsequent authenticity check is optional and not absolutely necessary.

In the central control 11 as well as the aggregate control 16 can also use a Arithmetic operation C. be given. The arithmetic operation C. can be formed from one or more mathematical and / or logical operations. The arithmetic operation C. can in principle be freely selected. In some embodiments, the arithmetic operation is C. chosen in such a way that at least one value which is determined by means of the arithmetic operation C. is encrypted from the result of the arithmetic operation C. can be calculated again when the arithmetic operation C. is known. In the arithmetic operation C. operations used in cryptology can be used.

After the step 30th is in one step 31 asked whether authentication should take place. One or more test conditions can be specified for this. If none of the test conditions are met (branch NOK from step 31 ), the plant will 10 in step 32 commissioned or continued to operate. If one of the test conditions is met (OK branch from step 31 ) the procedure in step 33 continued. Each of the test conditions in the step 31 can be time-dependent and / or event-dependent and during operation of the system (step 32 ) are checked repeatedly (loop of steps 31 , 32 ).

A test condition can be, for example, that the system 10 or at least one aggregate 12th in step 30th should be initialized. Another test condition can be, for example, that an operating parameter from the central controller 11 to a selected aggregate 12th which is to be used for the subsequent operation of the selected unit. Yet another test condition can be that a current operating parameter (for example an actual value) of a selected unit is sent to the central controller 11 is transmitted or from the central control 11 is requested or read. A further test condition can be a random condition generated by a random generator in the central controller 11 is triggered. At random you can have one or more aggregates 12th can be selected to check their authenticity.

At the beginning of the authentication, a task is performed by the central controller 11 to the aggregate selected to be authenticated 12th transmitted (step 33 ). The central control 11 a group G several task-response algorithms are provided that make up the central controller 11 selects one or more algorithms for authentication. The task of the at least one task-response algorithm is then sent to the selected unit 12th transmitted.

The group G contains at least one task-response algorithm available, in which the task and / or the response is based on an operating parameter of the selected unit 12th based. For example, a control parameter or regulating parameter P, in particular a setpoint value, can be determined by means of the arithmetic operation C. modified and as modified parameter Pmod to the selected aggregate 12th be transmitted, this transmission being the task. The selected aggregate 12th must adapt further operation using the control parameter P in response to this task. This is only possible if the selected aggregate 12th the arithmetic operation C. knows and can determine the control or regulating parameter P, in particular a setpoint value, from the modified parameter Pmod and can use it for the control or regulation.

In the case of a task-response algorithm, the operating parameter can be any current actual value that indicates the current operation or state of the unit 12th characterized and from the central control 11 is read out or queried (task). The encrypted transmission can then be used as a response 11 the operating parameters already read out or queried from the selected unit 12th to the central control 11 take place.

After the selected aggregate 12th the task of the central control 11 generates the selected aggregate 12th an answer (step 34 ). The answer is adapted to the task at hand. In a subsequent step 35 is through the central control 11 checks that the answer is correct. In one embodiment of the task-response algorithm, this can be done by the operation of the selected unit 12th according to the places of the task in the step 33 through the central control 11 is monitored, so that it can be checked whether the transmitted control or regulating parameter P is used in further operation. In another exemplary embodiment of the task-response algorithm, an operating parameter encrypted by means of an arithmetic operation can be transmitted as a response to the central controller or can be read out in a register in the memory 21 can be saved.

If the answer is correct (branch OK from step 35 ) becomes the authenticity of the selected aggregate 12th in step 36 confirmed. If this is not the case (branch NOK from step 35 ) is done in one step 37 the lack of authenticity of the selected aggregate was determined. Optionally, in step 37 the unauthenticated aggregate 12th be shut down and / or a corresponding message via an interface of the system 10 issued to replace the unauthenticated aggregate 12th to cause.

Shutting down the unauthenticated aggregate 12th in step 37 can be done, for example, in that a corresponding control-technical or regulation-technical specification from the central control 11 to the unit 12th is transmitted, for example a setpoint value equal to zero. Of course, the command to shutdown takes place in such a way that the request from the unauthenticated unit 12th can be implemented, in particular unencrypted without using the arithmetic operation C. .

In the step 33 of the process, the task can also consist of the central control 11 an operating parameter of the selected unit 12th recorded. For example, an actual value of the selected aggregate 12th be determined. The one from the fan 15th formed aggregate 12th can for example be a motor current or the speed of the electric motor 17th through a sensor 19th detected and the sensor signal O _x as a sensor value OV _x , for example binary sensor value, in a register of the memory 21 are made available for reading. The sensor value OV _x can then through the central control 11 can be read out. This readout can also be a task for the selected unit 12th represent (step 33 ).

In response to this task, the selected unit can 12th or the unit control 16 the one in the register of the memory 21 stored sensor value OV _x about the arithmetic operation C. Encrypt and link, for example, with one or more other values, such as the serial number N _x or part of it, the immutable register value F _x and / or the initialization value Init _x . The sensor value encrypted in this way OV _x can be used as an output register value Rout _x in an output register of the memory 21 for reading out by the central control 11 can be provided or alternatively also to the central control 11 be transmitted. The calculated and provided output register value Rout _x forms the answer (step 34 ).

The central control 11 can give the answer based on the known values and / or the arithmetic operation C. use the sensor value O _x to be determined again and to compare the result with the recorded sensor value (step 35 ). If the values match, the answer was correct and the authenticity was confirmed (step 36 ). Otherwise the authenticity is denied (step 37 ).

In these exemplary task-solution algorithms, operating parameters, for example setpoint values, limit values or other control or regulating parameters or actual values, are used to form the task and / or the solution of the task-solution algorithm. As such operating parameters during the operation of the plant 10 have to be transmitted anyway at least from time to time, this method represents a particularly efficient possibility of authentication. Communication via the communication system 13th is not or only slightly increased.

In the 5 and 6th a further embodiment of a method for authentication is illustrated. After the start, each unit can be initialized 12th the plant 10 an initialization value Init _x be transmitted (step 40 ). Analogous to the step 30th the end 4th can also be used in addition to or as an alternative to this initialization before installation in the system 10 default values N _x or F _x can be used for the rest of the procedure. The exchange of values as part of the initialization in step 40 for later authentication is optional. For the step 40 the explanations for the step apply 30th according to the procedure 4th corresponding.

Following the step 40 is in one step 41 checks whether a control or regulating parameter P from the central controller 11 to one of the units 12th should be transferred. It is done in step 41 therefore a test as to whether a test condition is met, which is the verification of the authenticity of a selected aggregate 12th triggers.

If this is not the case (branch NOK from step 41 ) is done in one step 42 checked whether another test condition is met, for example a random condition in the central controller 11 . If this is the case (branch OK from step 42 ) becomes a procedural routine V according to 6th called (step 43 ). Otherwise (branch NOK from step 42 ) the procedure returns to step 41 return.

If a control or regulation parameter P is to be transferred (branch OK from step 41 ), is done in one step 44 using the arithmetic operation C. , the control or regulation parameter P and optionally at least one of the values Init _x , N _x , F _x the modified parameter Pmod is generated and sent to the selected aggregate 12th transmitted.

The selected aggregate 12th receives the modified parameter Pmod and can respond to it, provided the arithmetic operation C. and the optionally used values Init _x , N _x , F _x are known, determine the control or regulating parameter P and adapt the control or regulation on the basis of the control or regulating parameter P (step 45 ).

In step 46 it is checked whether the selected aggregate 12th based on the modified parameter Pmod was able to determine the encrypted transmitted control or regulating parameter P from the modified parameter Pmod and based thereon the operation of the selected unit 12th adapt. If, for example, the transmitted control or regulating parameter P is a setpoint value, the central controller can 11 check whether the associated actual value agrees or approaches the transmitted setpoint within the specified tolerance. Adjusting the operation based on the received control or regulation parameter P provides the response of the selected aggregate 12th represent.

If the answer is correct and the operation has been adjusted correctly (branch OK from step 46 ) is done in one step 47 the authenticity of the selected aggregate 12th confirmed. Otherwise it is done in one step 48 the authenticity of the selected aggregate 12th negates and optionally the unauthenticated aggregate 12th shut down. After the step 47 or the step 48 the procedure is back in step 41 continued.

Regarding the steps 44 and 45 will also refer to the explanation of the steps 33 and 34 of the procedure 4th Referenced.

When a transmission of an operating parameter in step 41 is not required, but a different test condition for checking the authenticity of one of the aggregates 12th is fulfilled (branch OK from step 42 ), the procedural routine V in step 43 called. One embodiment of the process routine V is in 6th shown.

After the start of the procedural routine V is in one step 50 a random value, for example a random number, is generated and used as an input register value Rin _x into an input register of the memory 21 registered. Writing the input register value Rin _x The task for the selected unit is placed in the input register 12th represent.

In a subsequent step 51 creates the selected aggregate 12th a response based on that in the input register Rin _x entered random number. The input register value is used for this Rin _x by the arithmetic operation C. encrypted, with the arithmetic operation C. the input register value Rin _x can optionally be linked to one or more additional values. The result of the arithmetic operation C. is the output register value Rout _x , the answer by the selected aggregate 12th for the central control unit 11 provided. According to the example, the response is in the output register for access by the central controller 11 provided.

The central control 11 knows the arithmetic operation C. and the at least one further value with which the transmitted random number was linked, for example the serial number N _x and / or unchangeable register value F _x and / or the initialization value Init _x . In step 52 checks the central control 11 whether the input register value Rin _x has been correctly modified or linked. If this is the case (OK branch from step 52 ) is done in one step 53 the authenticity of the selected aggregate 12th confirmed. Otherwise (branch NOK from step 52 ) becomes the authenticity of the selected aggregate 12th negative and measures can be taken, for example the selected unit 12th stopped (step 54 ).

After the step 53 or the step 54 is in the procedure for authentication according to 5 jumped back and the procedure is there after the completion of the procedural routine V in step 41 continued.

In addition or as an alternative to the values already explained, in step 51 to calculate the response also an operating parameter, in particular an actual value of the operation of the unit 12th can be used, such as an actual temperature, an actual speed, an actual current, a current number of operating hours of the unit 12th , etc. The corresponding operating parameters can be set by the central control 11 from a register in memory 21 read out and when checking in step 52 consider.

It should be noted that especially when using current actual values of an aggregate 12th There may be deviations in the authentication in individual cases. The deviations can be due to the fact that there is an actual value between the query by the central controller 11 and generating the response by the aggregate 12th changes. With such an authentication it may be necessary to repeat the authentication process several times in order to then decide whether the authenticity can be affirmed or denied. For example, a majority decision can be made here.

The invention relates to a method for authenticating an assembly 12th a plant 10 . The attachment 10 has a central control 11 on that with one or more aggregates 12th is in communication. To check the authenticity of an aggregate 12th at least one task-answer algorithm is available. If several task-response algorithms are available, at least one task-response algorithm is based on the use of an operating parameter. The operating parameter can be one from the central controller, for example 11 to the unit 12th to be transmitted control or regulating parameters P act or in the current operating state of the unit 12th descriptive actual value. The task or the answer can be based on the operating parameter. In a preferred embodiment, one in the selected aggregate 12th control or regulating parameter P to be set, for example a setpoint value, modified and as a modified parameter Pmod to the selected unit 12th transfer. It is then checked whether the selected unit 12th is able to correctly convert the modified parameter Pmod into the control or regulating parameter P and then to adapt the operation using the determined control or regulating parameter P. If so, the aggregate is authenticated 12th successfully.

List of reference symbols

10

system

11

central control

12th

Aggregate

13th

Communication system

14th

Bus system

15th

fan

16

Aggregate control

17th

Electric motor

18th

Rotor unit

19th

sensor

20th

interface

21

Storage

30th

Step of a first procedure

31

Step of a first procedure

32

Step of a first procedure

33

Step of a first procedure

34

Step of a first procedure

35

Step of a first procedure

36

Step of a first procedure

37

Step of a first procedure

39

Step of a second procedure

40

Step of a second procedure

41

Step of a second procedure

42

Step of a second procedure

43

Step of a second procedure

44

Step of a second procedure

45

Step of a second procedure

46

Step of a second procedure

47

Step of a second procedure

48

Step of a second procedure

50

Step of a procedural routine

51

Step of a procedural routine

52

Step of a procedural routine

53

Step of a procedural routine

54

Step of a procedural routine

C.

Arithmetic operation

Fx

unchangeable register value

G

group

Initx

Initialization value

M.

master

Nx

serial number

Ox

Sensor signal

OVx

Sensor value

Rinx

Input register value

Routx

Output register value Rout _x

Sx

Slave

V

Procedural routine

Claims (11)

A method for authenticating at least one unit (12) of a system (10), which also has a central controller (11) which is communicatively connected to the at least one unit (12), the method comprising the following steps: - Selecting one of the units ( 12), which is to be authenticated when a test condition is met, - detecting an operating parameter (O _x ) of the selected unit (12) or determining an operating parameter (P) for the selected unit (12), - generating a task and generating a Response to the received task by the selected unit (12), the task and / or the response being based on the operating parameter (P, O _x ), - providing a group (G) with two or more task-response algorithms that has the task-response algorithm based on the operating parameters (P, O _x ), with at least one task-response algorithm before or after the selection of one of the units (12) for authentication Algorithm from group (G) is selected to perform the authentication, - Transferring the task of the selected task-response algorithm to the selected unit (12), - Checking by the central controller (11) whether the response from the selected unit (12) after the receipt of the task is correct, Confirming the authenticity of the selected unit (12) if the answer from the selected unit (12) is correct. Procedure according to Claim 1 , the selected unit (12) determining the operating parameter (P) from the received task (P _mod ) and using it for further operation. Procedure according to Claim 1 or 2 , the operating parameter (P) being a setpoint value which is transmitted to the selected unit (12) _{in the form of the task (P mod).} Procedure according to Claim 3 , wherein the selected unit (12) determines the setpoint value from the received task (P _mod ) and controls or regulates the operation of the unit (12) based on the setpoint value determined. Procedure according to Claim 3 or 4th , with setpoint values being transmitted to all units (12) of the system (10) exclusively as a task (P _mod). Method according to one of the preceding Claims 2 until 5 , wherein the central controller (11) monitors the operation of the selected unit (12) to determine whether the operation of the unit (12) has been correctly adapted to the operating parameters (P) contained _{in the task (P mod).} Method according to one of the preceding claims, wherein the selected unit (12) is set up to determine a response to the received task and to provide it to the central controller (11). Method according to one of the preceding claims, wherein the task is formed on the basis of the operating parameters (P, O _x ) and an initialization value (Init _x ) of the selected unit (12), which is defined during the initialization. Procedure according to Claim 8 , wherein a further task-response algorithm is based on a random value that is provided to the selected unit (12) by the central controller (11), and wherein the selected unit (12) provides a response based on the random value and the initialization value (Init _x ) and provides the central control (11). Method according to one of the Claim 8 or 9 , wherein a further algorithm is based on a random value which is provided to the selected unit (12) by the central controller (11) and wherein the selected unit (12) determines a response based on the random value and an unchangeable register value (F _x ) and the central control (11) provides. System (10) having a central controller (11) and at least one controlled unit (12) which are connected to one another in communication, the central controller (11) and the at least one unit (12) being set up to implement the method according to one of the preceding To carry out claims.

Images