A method for constructing a distributed data communication structure within a system having multiple components.
The method ensures secure communication in critical infrastructure systems by using tamper-proof channels and signed certificates for authentication, addressing vulnerabilities in existing methods and enabling efficient, standardized protocols like TLS.
Patent Information
- Authority / Receiving Office
- JP · JP
- Patent Type
- Applications
- Current Assignee / Owner
- SMA SOLAR TECH AG
- Filing Date
- 2024-05-29
- Publication Date
- 2026-06-23
Smart Images

Figure 2026520393000001_ABST
Abstract
Description
Technical Field
[0001] The present invention relates to a method for constructing a distributed data communication structure in a system having a plurality of components, and to a system having a plurality of components configured to execute this method.
Background Art
[0002] To protect critical infrastructure, especially power supply systems to power generation and the public power grid, from cyberattacks, it is necessary to meet high security requirements. Therefore, the connection to the data network of such a system needs to be reduced to a functionally necessary level or completely eliminated. However, even if a cyberattack is only possible through direct access to one of the components or the communication link between components and can only be carried out on-site, the components of such a system must be able to communicate with each other in a way that prevents tampering and eavesdropping. For this purpose, methods have been developed that assume the existence of certificates already signed on the components of the system. However, the introduction of a system that provides the prerequisite conditions for executing such a method is complicated. This is because it is necessary to distribute such certificates to each component in a secure manner. The distribution should preferably be carried out from the manufacturing stage of the components or by directly connecting to the data of each component of an already introduced system. In particular, due to the lack of existing standards, it becomes difficult to use components from multiple manufacturers in one system.
[0003] U.S. Patent Application Publication 2021 / 0184864 A1 discloses a method for constructing a certificate infrastructure in a system with a hybrid signature protocol. Different digital certificates are generated for different protocols. Further, International Publication 2013 / 123548 A2 also shows a method for providing keys for secure communication between two users in a distributed network, or an application for sharing information between users via a shared data memory.
[0004] Another method relies on the component itself signing the certificate. While this method is easy to implement, it has a major drawback: it makes secure verification of the device's identity by other communication partners impossible. This method can encrypt communication between two devices, but it does not enable proper mutual authentication of the communication participants. Therefore, an unauthorized third party ("man-in-the-middle") can interrupt and intercept communication between the two devices. [Overview of the project]
[0005] Therefore, an object of the present invention is to provide a method for constructing a distributed data communication structure within a system having multiple components, which can be implemented securely and with little effort, and which allows the use of efficient and proven standard communication protocols within the distributed data communication structure.
[0006] This objective is achieved by a method having the features of independent claim 1. Preferred embodiments of this method and a system configured to carry out this method are subject to the dependent claims.
[0007] In a system having multiple components, each component has a private key, an associated public key, confidential information protected from reading, and certificate information that is initially unsigned but includes a public key. A method for constructing a distributed data communication structure within a system according to the present invention includes establishing a registered component among the multiple components, establishing a tamper-proof channel between the registered component and a first component among the other components, authenticating the first component at the registered component, and authenticating the first component using an entry list via the tamper-proof channel. Authentication includes the registered component signing the unsigned certificate information of the first component via the tamper-proof channel. Establishment includes storing a verification entry list.
[0008] In the context of this invention, the term "verification entry" is understood to mean an entry generated from the device-specific secrets of each of multiple components, which allows for verification of knowledge of those secrets without transmitting the device-specific secrets. A verification entry may contain the secret itself or consist solely of the secret, but it is advantageous if the verification entry contains only a dataset computed using the secret, from which the secret itself cannot be computed. A verification entry may, for example, include a salted hash value of the secret. However, a verification entry may also contain one nonce or multiple nonces (randomly generated datasets), and for each nonce, include a hash value associated with it as an expected response determined from the combination of the nonce and the secret. In the case of multiple nonces, to improve cybersecurity, each nonce may be used only once or only after another nonce has been used.
[0009] In a favorable embodiment, the signature may include sending the public key of the registered component over a tamper-proof channel. If the public key is sent only in the context of the signature, the security of the data communication structure against cyberattacks is improved because the public key is sent only to authenticated components.
[0010] The establishment of registered components among multiple components can be performed, for example, by an authorized party, the installer, via an encrypted and tamper-proof data connection. Verification entries can be generated by the installer entering the serial numbers of the components to be included in the distributed data communication structure into a terminal device, and the terminal device identifying and transmitting verification entries to send to the registered components. Identification can be performed via a database stored locally on the terminal device or by retrieving serial number verification entries from a remotely stored database. Other components of the system do not need to be operational at that time, nor do they need to be accessible via the data connection.
[0011] The establishment of a tamper-proof channel between the registered component and the first component of the system can be carried out using a pre-shared key. For this purpose, an authorized party could connect to the first component via an encrypted, tamper-proof data connection and transmit the pre-shared key, such as the registered component's public key. Alternatively, the pre-shared key could be stored from the manufacturing stage, along with device-specific secrets, in a memory area specifically protected from read access. In addition to preventing tampering with transmitted data, the channel is encrypted and / or protected against unauthorized retransmissions (so-called replay attacks).
[0012] Authentication of a component responding to authentication can be performed by the first component sending unsigned certificate information to the registration component via a tamper-proof channel. Authentication further includes verifying whether the first component stores a secret corresponding to a verification entry included in the list of components. During this verification, the secret must be held by the first component and not transmitted. This can be done, for example, by the registration component sending the first dataset to the first component in the form of a nonce stored in the verification entry, the first component calculating a hash value of the combination of the first dataset and the stored secret, and sending it back to the registration component as a second dataset. Signing and retransmission of signed certificate information is performed only if the second dataset matches the expected response of the verification entry associated with the first dataset. Signing can be done by encrypting the unsigned certificate information, a portion thereof, or a dataset calculated therefrom, such as a hash value, with the registration component's private key. Each component can verify the authenticity of the signed certificate information using the registration component's public key. Additional information can also be added to the certificate information by the registration component at the time of signing. Specifically, this could include adding validity periods that signed certificates must meet to be classified as trustworthy, as well as additional validity criteria.
[0013] Unsigned certificate information may include not only the public key of the associated component, but also additional components such as domain names and IP addresses, which are necessary to establish a data connection to the associated component.
[0014] Authentication can be performed on each component of the system, and certificate information signed by the registered component can be obtained. After authentication is performed, the component can use the signed certificate information to prove its trustworthiness to other components of the system. Subsequently, using a known protocol, a session key can be agreed upon with other components that provide the certificate information signed by the registered component, and a secure communication channel can be established. The communication channel can be protected in particular by symmetric encryption via the session key. The protocol used can be the TLS protocol. This allows for high data transmission speeds with minimal effort.
[0015] The authenticity of signed certificate information can be proven in a known way via the registration component's public key. This can be queried from the registration component at any time and can also be transmitted over insecure communication channels without compromising the integrity of the communication structure.
[0016] In a further aspect of the present invention, a system having a plurality of components having the above-described features is configured to perform the method according to the present invention. Advantageously, one of the plurality of components has an interface for system user login, which is configured to set the component as a registered component and to store a list of verification entries for the other components of the system. The interface may preferably be a wired communication interface, such as a LAN interface, to which a system user's terminal device can be connected. In an advantageous embodiment, the system has a generator, consumer, converter, or energy storage device for electrical energy. Preferably, the system is configured to exchange power with an energy transmission network.
[0017] Preferably, the system does not have data connections to external entities, such as internet connections. This makes external data access to the system, particularly cyberattacks, impossible. Alternatively, only one of the components may have such data connections. Such a component can be specially protected against cyberattacks, for example, by being accessible only by selected entities or only through specially protected connections. [Brief explanation of the drawing]
[0018] The present invention will be described below with reference to the drawings. [Figure 1] Figure 1 shows the data structure of the components of the system according to the present invention. [Figure 2] Figure 2 shows a flowchart of the method according to the present invention. [Figure 3] Figure 3 shows some of the steps in the flowchart in Figure 2. [Figure 4] Figure 4 shows the system according to the present invention after the method according to the present invention has been performed. [Modes for carrying out the invention]
[0019] Figure 1 shows the data structure of component K of a system configured to build a distributed data communication structure. Component K has an interface IN for data communication with other components. Component K further includes a processor PR and memory MEM that provide essential functions for the component. In addition to a key pair consisting of a private key PrK and its corresponding public key PuK used for data encryption and decryption, component K stores secret information SCR in a memory area protected from external read access. The private key PrK can also be stored in a memory area protected from external read access. For example, the key pair can be generated and stored during the manufacturing of the component, or the component can generate the key pair using randomly generated data during commissioning, or based on commands received via interface IN. The private key is preferably generated during the manufacturing of the component, and a copy is stored in a database at the component manufacturer. Alternatively, the secret can be determined from the component's serial number, affixed to the component in an easily readable manner, or included in the documentation accompanying the component.
[0020] Furthermore, component K initially contains an unsigned certificate CU, which contains a copy of component K's public key PuK, indicated by a key symbol within the certificate CU. The certificate CU may contain further information, such as an address for addressing component K via interface IN. A system is formed by multiple components K with such a structure, creating a distributed data communication structure protected from external access and tampering among these components K. This system can be a power plant connected to a power grid.
[0021] In the method for constructing a distributed data communication structure within a system having multiple components, as shown in Figure 2, the first step S1 includes establishing a registered component among the multiple components. In principle, any component of the system can be selected as a registered component. This establishment can be performed by the installer as part of the system commissioning. This establishment includes storing in the registered component's memory a list of verification entries that determine which authentications of the other components of the system are accepted by the registered component. The list of verification entries can be generated from a list of device-specific secrets, which are included with the device as printed material or printed on a nameplate. To generate verification entries, it is necessary to query the manufacturer's database for the secrets associated with each device. The component selected as a registered component can be stored in the registered component's memory.
[0022] In the second step S2, another component can construct a channel protected from tampering by the registered component. Such construction can be done using known methods such as the Diffie-Hellman method. This method does not require proof of trustworthiness between the communication partners.
[0023] In the third step, the other component authenticates itself to the registered component. This is shown in detail in FIG. 3. For this purpose, in the first sub-step S3.1, the other component sends an initially unsigned certificate to the registered component. The registered component checks the authority of the other component using the verification entry. For example, the check in the second sub-step S3.2 can include sending an entry of the verification entry from the registered component to the other component, and the other component calculates a response from that entry and the secret information stored in the other component, and returns it to the registered component in the third sub-step S3.3. If the response in the fourth sub-step S3.4 matches an entry in the list of verification entries associated with the expected response, the registered component authenticates the other component in the fifth sub-step S3.5. If not, authentication is rejected in the sixth sub-step S3.6. Authentication consists of signing the unsigned certificate information of the other component using the private key of the registered component and returning the signed certificate via a secure channel. When returning the signed certificate, it is desirable to also send the public key of the registered component so that the reliability of the certificate can be verified later. Alternatively, the public key can be sent at another time, particularly after mutual authentication between the communication parties. This ensures that the public key of the registered component is actually sent from the registered component.
[0024] In this way, each of the other components can sequentially perform authentication in the registration component and receive a certificate signed by the registration component. Therefore, in the fourth step S4, if it is determined that all components of the system have been successfully authenticated, this method can end. As a result, subsequently, each component of the system can obtain the certificate signed by the registration component and the public key of the registration component, and use this information to agree on a session key with each other component of the system using a known protocol such as the Transport Layer Security (TLS) protocol, and establish a secure and reliable data connection. Also, since the external component does not have a private key that matches the list of verification entries, it cannot achieve authentication by the registration component, so it is also impossible for the external component to establish such a connection with the components of the system or intervene without being noticed. Therefore, the distributed data communication structure constructed using the method of the present invention is a closed structure.
[0025] If necessary, this method can be repeatedly executed at any time to eliminate the suspicion of infringement. All that is required is for the registration component to generate a new key pair, that is, a new private key and public key, and replace the old public key in the system with the newly generated public key. Thereby, other components can recognize that re - authentication of the certificate is necessary and can start re - authentication with the registration component.
[0026] It is also easy to add a new component to the system later. In that case, the verification entry of the new component is added to the verification entry list. Thereby, the new component can also normally perform self - authentication as a registration component.
[0027] Figure 4 shows a system after performing the method according to the present invention. The registered component rK and several other components aK are configured to communicate with each other via a bus BUS and are connected to the bus via interface IN. This can be a wired or wireless connection (e.g., a wireless connection). After performing the method according to the present invention, each component has a certificate CS signed by the registered component rK. This is indicated by the symbol of the public key of the registered component rK within the signed certificate CS. The registered component rK has a self-signed certificate CS. Other components of the system, such as the processor PR, memory MEM, the component's own key pair PrK, PuK, and secret information SCR, correspond to the components of the same name in Figure 1.
[0028] By providing its own certificate to a second component within the system as the desired communication partner, the first component can receive the first component's public key, verify its authenticity using a known method, and send back its own signed certificate as a response to establish a connection. The latter can similarly verify the authenticity of the first component. After mutual trust assurance is successful, a temporary key for secure communication can be easily agreed upon using the public key. Examples of communication methods include TLS and Secure Sockets Layer (SSL), which can maintain a high level of cybersecurity while providing high data rates and reducing the computational load on the processor PR of the communication partner. [Explanation of symbols]
[0029] List of reference symbols K, K1, K2, aK components rK registration component PrK private key PuK public key CU Unsigned Certificate CS signed certificate PR Processor MEM memory SCR confidential information S1~S4 Steps Steps S3.1~S3.6
Claims
1. A method for constructing a distributed data communication structure in a system having multiple components (K), wherein each component includes a private key (PrK), an associated public key (PuK), read-protected confidential information (SCR), and certificate information (CU) which is initially unsigned and includes the public key (PuK), and the method is: - A step of establishing a registration component (rK) of the plurality of components (K), wherein the establishment step includes storing a list of verification entries, - The steps of establishing a tamper-proof channel between the registered component (rK) and the first component (K1) of another component (aK), - A step of authenticating the first component (K1) with the registered component (rK) using the list of verification entries via the tamper-proof channel, Includes, A method characterized in that authentication includes signing the unsigned certificate information (CU) of the first component (K1) by the registration component (rK) via the tamper-proof channel.
2. In the method according to claim 1, A method characterized in that the signing step includes transmitting the public key (PuK) of the registration component (rK) via the tamper-proof channel.
3. The method according to claim 1 or 2, further, - The steps of establishing a tamper-proof channel between the registered component (rK) and the second component (K2) of the other component (aK), - A step of authenticating the second component (K2) with the registration component (rK) using the list of entries via the tamper-proof channel, Includes, A method characterized in that authentication includes signing the unsigned certificate information (CU) of the second component (K2) by the registration component (rK) via the tamper-proof channel.
4. The method according to claim 3, further, A method comprising the steps of establishing the secure communication channel between the first component (K1) and the second component (K2) by exchanging the signed certificate information of the first and second components and transmitting a session key for an encrypted secure communication channel using one of the signed certificate information.
5. In the method according to claim 4, The method is characterized in that the secure communication channel has symmetric encryption via the transmitted session key.
6. In the method according to claim 4 or 5, A method characterized in that the secure communication channel uses the TLS protocol.
7. In the method according to any one of claims 4 to 6, The method is characterized in that the step of establishing the secure communication channel includes querying the registration component (rK) for its public key (PuK) and verifying the signed certificate information using the queryed public key (PuK).
8. In the method according to any one of claims 1 to 7, A method for signing the aforementioned unsigned certificate information (CU), characterized in that the signature includes an expiration date.
9. A system having a plurality of components (K) and configured to perform the method described in any one of claims 1 to 8.
10. In the system described in claim 9, A system characterized in that one of the plurality of components has an interface for logging in a system user, and the interface is configured to establish the one component as a registration component and store the list of verification entries.
11. In the system according to claim 9 or 10, A system characterized in that one of the components is a generator, a consumer, a converter, or an electrical energy storage device.
12. In the system according to any one of claims 9 to 11, The system is characterized by not having data connections with entities outside of the system.
13. In the system according to any one of claims 9 to 11, A system characterized in that only one of the components (K) has a data connection to an entity outside the system.