The present invention relates to a method and a system for transmitting data relating to objects of a system operator.
The present invention belongs to the field of agent-based data collections for what are known as cloud-based systems and service. The invention additionally relates to the field of what is known as the “Internet of Things” (IoT) or “Web of Systems” (WoS). In agent-based data collections, agents represent the interface between a data source and a cloud-based system. They collect the data, perform any preliminary evaluations, and send the data to the system. Data can be sent directly, via proxies or via gateways. Automation units or computing units in an industrial environment, in particular in an automation system, are the data source. These units can be programmable logic controllers, field devices with controllers such as motors, converters, sensors, or also controllers in cars, light signals, cameras or the like. The agents can be pure software agents, which in this case are integrated directly in the aforementioned controllers or control systems, use their computing capacity and operate there as data collectors. Alternatively the agent can also run on dedicated hardware, which then connects the data source indirectly via communications protocols (Siemens S7, Profibus, Modbus, OPC DA/UA, SOAP/XML, etc.). With respect to the requirements when coupling the data source via agents, these can be subdivided into the types described below.
In one case, the agent collects data from the data source, sends it to the cloud-based system and/or can receive control signals from the cloud-based system to the data source. One example of a data collection and control agent of this kind could be an agent in a motor which, in a simple use case, reads data from sensors in the motor, for example acceleration data, and sends this data for analysis purposes to the cloud-based system. If a motor is involved, which is exposed for the industrial automation system because of its function and therefore has to be monitored, after evaluating the data the cloud-based system could detect an anomaly and send a stop command to the agent, which then in turn sends the motor controller a corresponding signal to stop the motor.
In another case, the agent is a passive data collector which simply collects data and sends it to the cloud-based system, which performs further analysis functions using this data. This type of agent does not receive any commands from the cloud-based system.
For security reasons, the communication between agents and a cloud-based external computer system is typically encrypted. The encryption uses secure communications protocols such as e.g. TLS, SSL, HTTPS. This leads to the following problems.
On the one hand, in most cases the agent software runs on hardware with a comparatively lower performance capability (known as Pico controllers or single-chip microcomputers, such as Arduino, Raspberry Pi, etc.). However, technologies for encrypting all the data traffic from the agent to the cloud-based computing unit are computationally intensive. This means that less computing power is available for other necessary activities such as data collection and data pre-processing. If the agent software runs on the field device's hardware, for example on a converter, and consequently uses the field device's resources, in many cases there is also insufficient computing power available as the performance capability of the field device's hardware has generally been matched to its primary functions and also therefore only has little reserve capacity left for these functions. Where agents are installed on battery-powered devices, the additional computing power of the agents leads to an even faster discharging of the batteries.
On the other hand, secure transmission channels between the agent and the cloud-based computing unit at the same transmission speed also demand comparatively higher bandwidths, since encryption protocols initiate secure network sessions which, because of what is known as overhead, significantly increase the total volume of data to be exchanged (e.g. because of certificates). The net effect becomes even worse if the secure communication session has to be repeatedly re-established many times, since establishing the communication is precisely what produces high overheads. Other IoT devices can have agents that use mobile communication channels (e.g. GSM, GPRS, EDGE, UMTS) for the exchange of data. In this case, costs may be dependent on the volume of data actually exchanged, which can make using secure communication channels for all data to be transmitted comparatively expensive and/or slow.
This problem is typically handled by using high-performance hardware and making the necessary bandwidths available. Although the problem of overheads for secure communication on small IoT devices has been acknowledged, it has not really been addressed.
It would therefore be desirable and advantageous to provide an improved system and method to obviate prior art shortcomings and to ensure the necessary security during data transmission with a reduced outlay of resources for encryption.