This invention relates to a process automation system and a process device and method for such a process automation system.
There is a growing demand for transmission of data between a process automation system, or parts or components thereof, and external sites. Examples include remote programming, remote parameterization, remote servicing and remote diagnosis. Thus, it is known, e.g., from German Patent Application DE 198 48 618 A1 that, for remote servicing and/or diagnosis, data, e.g., a control command, to be transmitted from the external site to the process automation system may be packaged in an email, which is then addressed and sent to the process automation system. The email is then received within the process automation system by the addressee, who extracts the control command by decoding and relays it to the application for which the control command is intended. Conversely, in the same manner, data can be transmitted from the process automation system to external sites.
Special data links between the process automation system and the external sites are not necessary for this purpose, because standard data transmission systems (global and/or local data networks such as the Internet or Intranet) may be used in combination with an electronic firewall to protect the process automation system. Specifically, the electronic firewall allows email to pass through (so-called email tunneling).
To increase security against unauthorized penetration through the firewall of the process automation system, the data packaged in the email can be encrypted and then decrypted again on extraction from the email and prior to being forwarded. The encryption of the data to be transmitted to the external site and/or the decryption of the data received from the external site takes place within the process automation system in a single encryption/decryption device. It is therefore not readily possible to exchange a selected portion of the data, e.g., data relevant to security, between the process automation system and the external site in encrypted form, and to exchange the remaining data in unencrypted form. Rather, if encryption is provided, all the data to be exchanged via the electronic firewall are encrypted together. This, however, results in a corresponding complexity and a reduction in the data transmission rate. Furthermore, exchange of encrypted data between the process automation system and the external sites is limited to the pathway via the encryption and decryption device in the process automation system. It is therefore made impossible to communicate encrypted data at different sites within the process automation system. Finally, data to be transmitted can be manipulated within the process automation system before it is encrypted, and the received data can be manipulated within the process automation system after being decrypted.
Encryption of confidential data before transmission to a recipient is known in general. With the so-called public encryption method, the sender uses a public key of the authorized recipient for encrypting the data so that only this recipient is able to decrypt the data using his own private key. On the other hand, authentication of the sender can be performed by signing the data. To do so, the sender encrypts the data using his own private key, while the recipient uses the public key of the sender for decrypting the data. Data encrypted using public keys is not necessarily authentic, whereas data signed with private keys is not confidential. To establish both confidentiality and authenticity, encryption and signing can therefore be combined, whereby the sender first encrypts the data using his own private key and then encrypts it using the recipient's public key. Finally, to ensure the integrity, i.e., the authenticity, of the transmitted data, the sender can determine a test code which is transmitted to the recipient in signed form, i.e., encrypted with the sender's own private key. The recipient decrypts the test code using the sender's public key and compares the test code thus decrypted with the test code calculated from the received data. If the two test codes are identical, the integrity of the data is ensured.