Abstract: A method includes receiving data indicating an event from at least one industrial device; providing the received data indicating an event to nodes of a distributed ledger; in response, selecting at least one of the nodes of a distributed ledger and writing a transaction into the distributed ledger, wherein the writing of a transaction into the distributed ledger is authorized by the selected at least one of the nodes of the distributed ledger, wherein the transaction comprises transaction data, wherein the transaction data allows an accessing of event data; wherein the transaction data comprises a pointer pointing to original or pre-processed data existing in one or more industrial databases of the at least one industrial device; providing immutable and tamper-resistant event data, event reaction data, control data, or training data for training a machine learning or an artificial intelligence based industrial control system based on the transaction data.

Abstract: An industrial automation system device includes: a secure communication processing unit for communicating securely with a further trusted industrial automation system device; and a pre-shared secret module including a pre-shared secret, the pre-shared secret including shared asymmetric key pair generation data. The secure communication processing unit: derives a shared asymmetric key pair including a shared secret key and a shared public key from the shared asymmetric key pair generation data, derives a shared certificate including the shared public key, signs the shared certificate with the derived shared secret key, and generates a device asymmetric key pair including a device secret key and a device public key.

Abstract: A method for securely supplying data to be used in parameterizing a device for an industrial automation system includes a first party supplying a second party with a machine-readable standardized container for the exchange of device parameters in industrial automation systems, wherein the supplying comprises writing into the container an encrypted primary security credential to be used by the device for establishing trust with the industrial automation system. In another aspect, a method for securely obtaining data to be used in parameterizing a device for an industrial automation system includes obtaining, from a first party, by a second party, a machine-readable standardized container for the exchange of device parameters in industrial automation systems, the container comprising an encrypted primary security credential to be used by the device for establishing trust with the industrial automation system.

Abstract: A method for enabling a secure communication with a target device over a network includes: opening an unsecured OPC UA Endpoint by an OPC UA Server that runs on the target device; connecting to the OPC UA Server over the network by an OPC UA Client running on a first device, and requesting the initial device certificate; receiving the initial device certificate by unsecured communication over the network; validating, by the first device, the initial device certificate; establishing, by the first device, a device certificate; encrypting, by the first device, at least the device certificate; sending the encrypted data over the network; decrypting, by the target device, the encrypted data using an initial device private key associated with the initial device certificate to obtain at least the device certificate; storing the device certificate on the target device; and opening a secured OPC UA Endpoint by the OPC UA Server.

Abstract: A system for building data exchange includes an information modelling unit, which includes a digital twin model, a building information modelling, wherein the information modelling unit provides modelling data, an extractor configured to determine extraction data from an instance, an extractor configured to determine extraction data from an instance of the model using the modelling data, at least one converter engine, a compositor to populate the converted data into a converted instance, and a compositor to populate the converted data into a converted instance.

Abstract: A method for protecting the integrity of measurement data acquired by a sensor includes: in response to the measurement data being acquired, determining, by the sensor, whether an aggregate value has already been generated, and: if the aggregate value has not yet been obtained, mapping, by a predetermined aggregation function that takes the measurement data as a mandatory argument and a previously generated aggregate value as an optional argument, the measurement data to the aggregate value; whereas if the aggregate value has already been obtained, mapping, by the predetermined aggregation function, the combination of the aggregate value and the measurement data to a new aggregate value; and in response to a predetermined condition being met, computing, using a secret key of the sensor, a signature of the aggregate value; and outputting the signature via a communication interface of the sensor, and/or storing the signature in a memory.

Abstract: An industrial automation system device includes: a secure communication processing unit for communicating securely with a further trusted industrial automation system device; and a pre-shared secret module including a pre-shared secret, the pre-shared secret including shared asymmetric key pair generation data. The secure communication processing unit: derives a shared asymmetric key pair including a shared secret key and a shared public key from the shared asymmetric key pair generation data, derives a shared certificate including the shared public key, signs the shared certificate with the derived shared secret key, and generates a device asymmetric key pair including a device secret key and a device public key.

Abstract: A method for enabling a secure communication with a target device over a network includes: opening an unsecured OPC UA Endpoint by an OPC UA Server that runs on the target device; connecting to the OPC UA Server over the network by an OPC UA Client running on a first device, and requesting the initial device certificate; receiving the initial device certificate by unsecured communication over the network; validating, by the first device, the initial device certificate; establishing, by the first device, a device certificate; encrypting, by the first device, at least the device certificate; sending the encrypted data over the network; decrypting, by the target device, the encrypted data using an initial device private key associated with the initial device certificate to obtain at least the device certificate; storing the device certificate on the target device; and opening a secured OPC UA Endpoint by the OPC UA Server.