Patents by Inventor Florian Kohnhaeuser

Florian Kohnhaeuser has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20260099584
    Abstract: A method for confidentiality-preserving fleet management for automation equipment in industrial plants includes providing a platform comprising a fleet management for automation equipment application within a trusted execution environment, TEE, wherein the fleet management for automation equipment application comprises a calculation module and is associated with a first company; receiving first data indicative of information about a first fleet of automation equipment associated with a second company into the fleet management for automation equipment application within the trusted execution environment; processing the first data by using the calculation module; and outputting from the trusted execution environment a result of the processing.
    Type: Application
    Filed: October 1, 2025
    Publication date: April 9, 2026
    Applicant: ABB Schweiz AG
    Inventors: Thomas Gamer, Florian Kohnhaeuser, Christian Goettel
  • Publication number: 20260094099
    Abstract: A method for providing insights into confidential company data in case of data deviations in an industrial plant context includes processing company data by a calculation module in a first processing state and obtaining key performance indicator (KPI) values from the processing; wherein the company data are secured by first IT security means and are associated with a process related to a first company; wherein the calculation module is secured by second IT security means and is associated with a second company; and wherein the method further comprises determining data deviations by determining whether a predetermined KPI threshold is violated by the obtained KPI values; and, based on a result of the determining, using an a posteriori method and/or using an a priori method.
    Type: Application
    Filed: September 30, 2025
    Publication date: April 2, 2026
    Applicant: ABB Schweiz AG
    Inventors: Thomas Gamer, Florian Kohnhaeuser, Sten Gruener, Christian Goettel
  • Publication number: 20260044603
    Abstract: A method for protecting an application within a trusted execution environment, TEE, against reverse-engineering in industrial plants comprises equipping the TEE or an interface of the TEE with at least one protection module; and directing data related to the application to go through the at least one protection module.
    Type: Application
    Filed: August 6, 2025
    Publication date: February 12, 2026
    Applicant: ABB Schweiz AG
    Inventors: Thomas Gamer, Florian Kohnhaeuser, Christian Goettel
  • Patent number: 12536253
    Abstract: A method for providing a secure onboarding of a component from at least one first host device into a second host device includes verifying the integrity, authenticity and/or execution environment of the first host device by an orchestrator; providing a trusted root certificate to the second host device by the orchestrator; providing an onboarding identity by the orchestrator to the first host device, when the integrity, the authenticity and/or the execution environment of the first host device has been verified; receiving the onboarding identity from the orchestrator by the first host device and assigning the onboarding identity to the component; providing the assigned onboarding identity to the second host device; and securely onboarding the component from the first host device into the second host device based on the assigned onboarding identity and the provided trusted root certificate.
    Type: Grant
    Filed: April 3, 2024
    Date of Patent: January 27, 2026
    Assignee: ABB Schweiz AG
    Inventors: Florian Kohnhaeuser, Roland Braun, Rhaban Hark, Pablo Rodriguez
  • Patent number: 12481766
    Abstract: A computer-implemented method for providing vetting and/or functional validation of software components, comprising: providing a software component and software component data indicating the software component; writing the software component data in a distributed ledger; functional validating and/or vetting the software component and providing functional validation and/or vetting data of the software component; writing the functional validation and/or vetting data in the distributed ledger; providing the data written in the distributed ledger to a software component consumer.
    Type: Grant
    Filed: December 8, 2023
    Date of Patent: November 25, 2025
    Assignee: ABB Schweiz AG
    Inventors: Soeren Finster, Thomas Gamer, Florian Kohnhaeuser, Nicolas Coppik, Piotr Powroznik
  • Publication number: 20250343807
    Abstract: A method for security incident detection in a cloud-native distributed control system (DCS) in industrial process automation includes monitoring information technology, IT-related data and operation technology, OT-related data at a production process and at a containerized DCS associated with the production process. The method further comprises joint analysing of first data indicative of first monitoring data from the monitoring of the IT-related data and of second data indicative of second monitoring data from the monitoring of the OT-related data. The method further comprises, based on the joint analysing, detecting a security incident under consideration of predetermined security incident detection rules: The method further comprises, based on a result of the detecting, responding on a detected security incident for handling of the detected security incident under consideration of predetermined security incident response rules.
    Type: Application
    Filed: May 2, 2025
    Publication date: November 6, 2025
    Applicant: ABB Schweiz AG
    Inventors: Heiko Koziolek, Florian Kohnhaeuser, Rhaban Amelung
  • Publication number: 20250334948
    Abstract: A method for providing observability data in industrial plant includes obtaining, at a first local observer associated with a first distributed control system, DCS, first data indicative of first observability data associated with the first DCS. The method further comprises pre-processing the first data. The method further comprises providing the pre-processed first data to a global observer for joint processing of the pre-processed first data and pre-processed second data indicative of second observability data associated with a second DCS.
    Type: Application
    Filed: April 29, 2025
    Publication date: October 30, 2025
    Applicant: ABB Schweiz AG
    Inventors: Heiko Koziolek, Sofia Linsbauer, Nada Sahlab, Florian Kohnhaeuser
  • Publication number: 20250274283
    Abstract: A method for ensuring a correct application of a changeset includes signing and encrypting, by a central server, the changeset; transmitting, by the central server, the encrypted changeset to the industrial device; decrypting, by the industrial device, the encrypted changeset; applying, by the industrial device, the changeset to the industrial device; logging, by the industrial device, the decrypting and the applying of the changeset as an event log; querying, by the central server, the event log; retrieving and encrypting, by the industrial device, the event log; transmitting, by the industrial device, the encrypted event log to the central server; and verifying, by the central server, the encrypted event log.
    Type: Application
    Filed: February 25, 2025
    Publication date: August 28, 2025
    Applicant: ABB Schweiz AG
    Inventors: Florian Kohnhaeuser, Soeren Finster, Pekka Jarvinen, Tapio Loponen, Abdallah Dawoud
  • Publication number: 20250258894
    Abstract: A method for providing a secure onboarding of a component from at least one first host device into a second host device includes verifying the integrity, authenticity and/or execution environment of the first host device by an orchestrator; providing a trusted root certificate to the second host device by the orchestrator; providing an onboarding identity by the orchestrator to the first host device, when the integrity, the authenticity and/or the execution environment of the first host device has been verified; receiving the onboarding identity from the orchestrator by the first host device and assigning the onboarding identity to the component; providing the assigned onboarding identity to the second host device; and securely onboarding the component from the first host device into the second host device based on the assigned onboarding identity and the provided trusted root certificate.
    Type: Application
    Filed: April 3, 2024
    Publication date: August 14, 2025
    Applicant: ABB Schweiz AG
    Inventors: Florian Kohnhaeuser, Roland Braun, Rhaban Hark, Pablo Rodriguez
  • Publication number: 20250233892
    Abstract: A computer-implemented method for automatically generating a security configuration for a control system includes providing first data configured as engineering data related to information about the control system; providing second data related to topology model data of the control system; generating the security configuration for the control system by a policy generator based on the first data and/or the second data; wherein the generated security configuration includes a security dataset for the control system.
    Type: Application
    Filed: January 16, 2025
    Publication date: July 17, 2025
    Applicant: ABB Schweiz AG
    Inventors: Florian Kohnhaeuser, Sofia Linsbauer, Rhaban Hark
  • Patent number: 12132822
    Abstract: A method for protecting the integrity of measurement data acquired by a sensor includes: in response to the measurement data being acquired, determining, by the sensor, whether an aggregate value has already been generated, and: if the aggregate value has not yet been obtained, mapping, by a predetermined aggregation function that takes the measurement data as a mandatory argument and a previously generated aggregate value as an optional argument, the measurement data to the aggregate value; whereas if the aggregate value has already been obtained, mapping, by the predetermined aggregation function, the combination of the aggregate value and the measurement data to a new aggregate value; and in response to a predetermined condition being met, computing, using a secret key of the sensor, a signature of the aggregate value; and outputting the signature via a communication interface of the sensor, and/or storing the signature in a memory.
    Type: Grant
    Filed: November 10, 2021
    Date of Patent: October 29, 2024
    Assignee: ABB Schweiz AG
    Inventors: Soeren Finster, Florian Kohnhaeuser
  • Publication number: 20240193279
    Abstract: A computer-implemented method for providing vetting and/or functional validation of software components, comprising: providing a software component and software component data indicating the software component; writing the software component data in a distributed ledger; functional validating and/or vetting the software component and providing functional validation and/or vetting data of the software component; writing the functional validation and/or vetting data in the distributed ledger; providing the data written in the distributed ledger to a software component consumer.
    Type: Application
    Filed: December 8, 2023
    Publication date: June 13, 2024
    Applicant: ABB Schweiz AG
    Inventors: Soeren Finster, Thomas Gamer, Florian Kohnhaeuser, Nicolas Coppik, Piotr Powroznik
  • Publication number: 20240152124
    Abstract: A method includes receiving data indicating an event from at least one industrial device; providing the received data indicating an event to nodes of a distributed ledger; in response, selecting at least one of the nodes of a distributed ledger and writing a transaction into the distributed ledger, wherein the writing of a transaction into the distributed ledger is authorized by the selected at least one of the nodes of the distributed ledger, wherein the transaction comprises transaction data, wherein the transaction data allows an accessing of event data; wherein the transaction data comprises a pointer pointing to original or pre-processed data existing in one or more industrial databases of the at least one industrial device; providing immutable and tamper-resistant event data, event reaction data, control data, or training data for training a machine learning or an artificial intelligence based industrial control system based on the transaction data.
    Type: Application
    Filed: November 3, 2023
    Publication date: May 9, 2024
    Applicant: ABB Schweiz AG
    Inventors: Thomas Gamer, Soeren Finster, Florian Kohnhaeuser, Nicolas Coppik, Piotr Powroznik
  • Patent number: 11809170
    Abstract: An industrial automation system device includes: a secure communication processing unit for communicating securely with a further trusted industrial automation system device; and a pre-shared secret module including a pre-shared secret, the pre-shared secret including shared asymmetric key pair generation data. The secure communication processing unit: derives a shared asymmetric key pair including a shared secret key and a shared public key from the shared asymmetric key pair generation data, derives a shared certificate including the shared public key, signs the shared certificate with the derived shared secret key, and generates a device asymmetric key pair including a device secret key and a device public key.
    Type: Grant
    Filed: August 4, 2021
    Date of Patent: November 7, 2023
    Assignee: ABB Schweiz AG
    Inventors: Soeren Finster, Florian Kohnhaeuser
  • Publication number: 20220158827
    Abstract: A method for protecting the integrity of measurement data acquired by a sensor includes: in response to the measurement data being acquired, determining, by the sensor, whether an aggregate value has already been generated, and: if the aggregate value has not yet been obtained, mapping, by a predetermined aggregation function that takes the measurement data as a mandatory argument and a previously generated aggregate value as an optional argument, the measurement data to the aggregate value; whereas if the aggregate value has already been obtained, mapping, by the predetermined aggregation function, the combination of the aggregate value and the measurement data to a new aggregate value; and in response to a predetermined condition being met, computing, using a secret key of the sensor, a signature of the aggregate value; and outputting the signature via a communication interface of the sensor, and/or storing the signature in a memory.
    Type: Application
    Filed: November 10, 2021
    Publication date: May 19, 2022
    Inventors: Soeren Finster, Florian Kohnhaeuser
  • Publication number: 20220043428
    Abstract: An industrial automation system device includes: a secure communication processing unit for communicating securely with a further trusted industrial automation system device; and a pre-shared secret module including a pre-shared secret, the pre-shared secret including shared asymmetric key pair generation data. The secure communication processing unit: derives a shared asymmetric key pair including a shared secret key and a shared public key from the shared asymmetric key pair generation data, derives a shared certificate including the shared public key, signs the shared certificate with the derived shared secret key, and generates a device asymmetric key pair including a device secret key and a device public key.
    Type: Application
    Filed: August 4, 2021
    Publication date: February 10, 2022
    Inventors: Soeren Finster, Florian Kohnhaeuser