INDUSTRIAL DEVICES

TECHNICAL HELD

[001] The present disclosure generally relates to asset monitoring. More particularly, the present disclosure relates to a securing data integrity of industrial devices.

BACKGROUND

[002] An industrial plant comprises multiple industrial devices. The industrial devices include measurement devices that measure parameters such as temperature, pressure, flow, level, and the like. The measurement devices transmit the measured values (also termed as measurement data) to systems for storing, processing, analysis, and the like. Certain measurement data needs to be secured and transmitted to the system without being tampered. An example of the measurement data can include emission values of a plant. The emission values may be transmitted periodically to regulatory bodies. It is essential that such measurement data is not tampered. Hence, various techniques are used to secure the measurement data. For example, the industrial device may transmit the measurement data over a blockchain network in various applications such as emission monitoring, custody transfer, verification, and the like.

[003] The information disclosed in this background of the disclosure section is only for enhancement of understanding of the general background of the invention and should not be taken as an acknowledgement or any form of suggestion that this information forms the prior art already known to a person skilled in the art.

SUMMARY

[004] In an embodiment, the present disclosure discloses a method for securing data integrity of industrial devices. The method comprises receiving measurement data from the industrial device. Further, a cryptographic one-way function value is generated for the measurement data. Thereafter, the measurement data is transmitted to one or more entity servers and the cryptographic one-way function value is transmitted to a blockchain node. Hence, the one or more entity servers can access the measurement data, therefore ensuring privacy of the measurement data, while making the cryptographic one-way function value public for verification. [005] In an embodiment, the present disclosure discloses a system. The system comprises one or more processors and a memory-. The one or more processors are configured to receive measurement data from the industrial device. Further, the one or more processors are configured to generate a cryptographic one-way function value for the measurement data. Thereafter, the one or more processors are configured to transmit the measurement data to one or more entity servers and transmit the cryptographic one-way function value to a blockchain node.

[006] The foregoing summary is illustrative only and is not intended to be in any way limiting. In addition to the illustrative aspects, embodiments, and features described above, further aspects, embodiments, and features will become apparent by reference to the drawings and the following detailed description.

BRIEF DESCRIPTION OF THE ACCOMPANYING DRAWINGS

[007] The novel features and characteristics of the disclosure are set forth in the appended claims. The disclosure itself, however, as well as a preferred mode of use, further objectives, and advantages thereof, will best be understood by reference to the following detailed description of an illustrative embodiment when read in conjunction with the accompanying figures. One or more embodiments are now described, by way of example only, with reference to the accompanying figures wherein like reference numerals represent like elements and in which:

[008] Fig. 1 is an architecture of conventional systems;

[009] Fig. 2 illustrates proposed blockchain architecture for securing data integrity of industrial devices, in accordance with some embodiments of the present disclosure;

[0010] Fig. 3 shows internal architecture of a system for securing data integrity of industrial devices, in accordance with some embodiments of the present disclosure;

[0011] Fig. 4 shows an exemplary flow chart illustrating method steps for securing data integrity of industrial devices, in accordance with some embodiments of the present disclosure;

[0012] Figure 5 shows exemplary illustration for securing data integrity of an industrial device, in accordance with some embodiments of the present disclosure; [0013] Figure 6 shows a block diagram of a general -purpose computing system for securing data integrity of an industrial device, in accordance wife embodiments of fee present disclosure.

[0014] It should be appreciated by those skilled in fee art that any block diagram herein represents conceptual views of illustrative systems embodying fee principles of fee present subject matter. Similarly, it will be appreciated feat any flow charts, flow diagrams, state transition diagrams, pseudo code, and fee like represent various processes which may be substantially represented in computer readable medium and executed by a computer or processor, whether or not such computer or processor is explicitly shown.

DETAILED DESCRIPTION

[0015] In fee present document, fee word "exemplary" is used herein to mean "serving as an example, instance, or illustration." Any embodiment or implementation of fee present subject matter described herein as "exemplary" is not necessarily to be construed as preferred or advantageous over other embodiments.

[0016] While the disclosure is susceptible to various modifications and alternative forms, specific embodiment thereof has been shown by way of example in the drawings and will be described in detail below. It should be understood, however that it is not intended to limit the disclosure to the particular forms disclosed, but on the contrary, the disclosure is to cover all modifications, equivalents, and alternatives felling within the scope of the disclosure.

[0017] The terms “comprises”, “comprising”, or any other variations thereof, are intended to cover a non-exclusive inclusion, such that a setup, device, or method that comprises a list of components or steps does not include only those components or steps but may include other components or steps not expressly listed or inherent to such setup or device or method. In other words, one or more elements in a system or apparatus proceeded by “comprises... a” does not, without more constraints, preclude the existence of other elements or additional elements in the system or apparatus.

[0018] Embodiments of the present disclosure relate to a securing data integrity of an industrial device. The present disclosure aims to secure data integrity while sharing device data with entity servers. This is achieved using blockchain technology. A system in an industrial plant receives measurement data from the industrial device (e.g., a sensor). The system generates a cryptographic one-way function value for fee measurement data. The cryptographic one-way function value is transmitted separately to a blockchain node, which may be a public server, and the measurement data is transmitted to one or more entity servers, which may be private servers. The data stored in the private servers can be mapped to the cryptographic one-way function value stored in the public server (blockchain network). Further, the private servers can access the blockchain node and use the stored cryptographic one-way function value to verify integrity of the measurement data. Hence, the data integrity is maintained as the cryptographic one-way function value is stored in the public server while the measurement data is stored in the private server.

[0019] Figure 1 illustrates an environment 100 of conventional systems. The environment 100 includes an industrial device 101 (also referred as device in the present disclosure), a system 102, and one or more entity servers 103a, 103b, ..., 103n. The device 101 may be part of an industrial plant or a process plant comprising multiple industrial devices. The device 101 maybe used to measure values of one or more parameters such as temperature, pressure, force, and the like. For example, the industrial device 101 may be a gas analyzer, a flowmeter, a level transmitter, a positioner, a pressure transmitter, a temperature sensor, and the like. In a non- limiting embodiment, the device 101 may also include actuators, such as motors, generators, and electronic components such as drive, circuit breakers. Asset management is a critical part of the industrial plant. Critical assets such as field devices, plant equipment, IT assets need to be timely monitored and maintained for effective working of the industrial plant. The system 102 may be an asset management system configured to monitor health and diagnostic information of the asset. The device 101 are used to measure important parameters of the critical assets. Such measurement data are received by the system 102 and are transmitted to the one or more entity servers 103a, 103b, ..., 103n for storing and/ or analysis. As the measured data is transmitted to the one or more entity servers 103a, 103b, ... , 103n, one-way cryptographic functions cannot be applied on the measurement data as the measurement data cannot be retrieved again. As such data security is not followed, the measurement data is prone to hacks and modifications. For example, measurement data such as emission data needs to be sent to regulatory servers for regulatory bodies to monitor emission values of the industrial plant. However, as the emission values are not cryptographically secured using one-way functions, the emission values can be modified while being transmitted to the regulatory servers. Also, the emission values can be manipulated by authorized persons, and log entries can also be deleted. Hence, the integrity of data is not maintained in conventional systems. In another example of existing systems, the cryptographic one-way function is applied to the measured data, and the integrity of the cryptographic one-way function itself is not verified. An authorized person can modify the measured data and apply the cryptographic one-way function on the modified data. Hence, the existing techniques do not provide a solution to the above problems. However, the present invention solves the above problems, as the cryptographic one-way function applied to the measured data is and the cryptographic one-way function values are stored in a blockchain network along with the timestamp of the measurement, thus any modifications made to the measured data can be easily identified. Also, storing the cryptographic one-way function values in the blockchain network ensures data integrity, as the record in the blockchain network cannot be modified without permission from participating entities.

[0020] Fig. 2 illustrates proposed architecture, in accordance with some embodiments of the present disclosure. The environment 200 includes the device 101, the system 102, and the one or more entity servers 103a, 103b, ..., 103n and a blockchain node 201. As seen in the Fig. 2, the environment 200 includes a blockchain node 201 . The blockchain node 201 may be apublic ledger that stores cryptographic information relating to measurement data. Cryptographic data stored in the blockchain node 201 cannot be modified and can be used to verify if the data corresponding to the cryptographic data has been tampered or modified. In an embodiment, the device 101 transmits the measured values (also termed as measurement data) to the system 102. The system 102 may perform pre-processing, post-processing, analysis of the measurement data, and the like. For example, the system 102 may be an edge device. The system 102 may- be a computing device such as a laptop computer, a desktop computer, a Personal Computer (PC), a notebook, a smartphone, a tablet, e-book readers, a server, a network server, a cloud- based server, router, and the like. Further, the system 102 may transmit the measurement data to the blockchain node 201. The blockchain node 201 is a digital ledger used to record data transactions across multiple computer systems securely. The blockchain node 201. The blockchain node 201 may be accessed by the one or more entity servers 101a, 101b, ... 101n. For example, the one or more entity servers 101a, 101b, ...101n may be end customer organization, service organization, vendor organization, channel partner organization, integrator organization, control system organization, regulatory- bodies, and the like. The system 102 may transmit the measurement data to a server among the one or more entity servers 101a, 101b, ... 101n and a cryptographic one-way function value of the measurement data to the blockchain node 201 . In an example, the system 102 may perform pre-processing of the measurement data. Further, the system 102 may transmit the measurement data to the one or more entity servers 101a, 101b, ...101n for further processing of the measurement data, analysis of the measurement data for diagnosis of the device 101, and the like. In another example, the system 102 may perform pre-processing and analysis of the measurement data. Further, the system 102 may transmit measurement data to the one or more entity servers 101a, 101b, ... 101n for further analysis of the measurement data. In another embodiment, the system 102 may be a part of the blockchain node 201, where the system 102 retains the cryptographic one-way function value of the measurement data and transmits the measurement data to the one or more entity servers 101a, 101b, ... 101n.

[0021] In an embodiment, the device 101 may or may not encrypt, and send the measurement data to the system 102. The device 101 may communicate with the system 102 via communication lines such as MODBUS, PROFIBUS and the like. In an embodiment, the device 101 may also communicate with the system 102 wirelessly.

[0022] Figure 3 illustrates an internal architecture of the system 102, in accordance with some embodiments of the present disclosure. The system 102 may comprise one or more processors 301 , a memory 302, and a communication interface 303. Only one processor is shown in Figure 3, for illustrative purposes only, and should not be considered as limiting. In some embodiments, the memory 302 may be communicatively coupled to the one or more processors 301. The memory 302 stores instructions executable by the one or more processors 301. The one or more processors 301 may comprise at least one data processor for executing program components for executing user or system-generated requests. The memory 302 may be communicatively coupled to the one or more processors 301. The memory 302 stores instractions, executable by the one or more processors 301, which, on execution, may cause the one or more processors 301 to verily the identity of the device 101. The one or more processors 301 may be configured to receive the signed measurement data from the device 101, via the communication interface 303 over a communication network. The communication interface 303 may employ connection protocols including, without limitation, direct connect, Ethernet (e.g., twisted pair 10/100/1000 Base T), transmission control protocol/intemet protocol (TCP/IP), token ring, IEEE 802.11a/b/g/n/x, etc. The communication network may include, without limitation, a direct interconnection, local area network (LAN), wide area network (WAN), wireless network (e.g., using Wireless Application Protocol), the Internet, etc. The communication interlace 303 may employ connection protocols include, but not limited to, direct connect, Ethernet (e.g., twisted pair 10/100/1000 Base T), transmission control protocol/intemet protocol (TCP/IP), token ring, IEEE 802.Ha/b/g/n/x, etc.

[0023] The system 102 may act as an loT gateway, which gathers data from industrial and field devices and transmits the measurement data to the one or more entity serves 101a, 101b, ...101n. The measurement data is received by the processor 301 via the communication interface 303. In an embodiment, the processor 301 may note the time when the measurement data is received and associated a timestamp to each measurement. In one embodiment, the processor 301 may be a cryptographic processor configured to generate the cryptographic one- way function value of the measurement data. In an exemplary embodiment, the cryptographic one-way function value may be a hash value. The cryptographic one-way function value of each measurement data is stored in the blockchain node 201 as blocks. The processor 301 is configured to divide into a plurality of blocks and each block is associated with corresponding timestamp. The processor 301 may arrange the blocks according to timestamp and generate the cryptographic one-way function value for each block based on cryptographic one-way function value of previous block. The security of the cryptographic one-way function value increases with increase in the number of blocks. Therefore, with each measurement data being added to the blockchain node 201, the integrity of the measurement data become stronger. Further, the processor 301 is configured to transmit the measurement data to the one or more entity servers 101a, 101b, ...10 In. In an embodiment, the one or more entity servers 101a, 101b, ...101nmay generate its own key pair including a public key and a private key. The processor 301 may encrypt the measurement data using public key of each of the one or more entity servers 101a, 101b, ... 101n from the key pair and transmit the measurement data to the respective one or more entity serves 101a, 101b, ... 101n. The one ormore entity serves 101a, 101b, ...101nmay decrypt the measurement data using respective private key. Therefore, the measurement data is secured in private servers, while the cryptographic one-way function values of the measurement data are stored in public server. Hence, the privacy of the measurement data is ensured, while also ensuring data integrity as the cryptographic one-way function value is stored in the blockchain node 201. The integrity of the measurement data can be verified by generating a new cryptographic one-way function value using a same cryptographic function and comparing the result with the cryptographic one-way function value stored in the blockchain node 201.

[0024] Figure 4 shows an exemplary flow chart illustrating method steps, in accordance with some embodiments of the present disclosure. As illustrated in Figure 4, the method 400 may comprise one or more steps. The method 400 may be described in the general context of computer executable instructions. Generally, computer executable instructions can include routines, programs, objects, components, data structures, procedures, modules, and functions, which perform particular functions or implement particular abstract data types.

[0025] The order in which the method 400 is described is not intended to be construed as a limitation, and any number of the described method blocks can be combined in any order to implement the method. Additionally, individual blocks may be deleted from the methods without departing from the scope of the subject matter described herein. Furthermore, the method can be implemented in any suitable hardware, software, firmware, or combination thereof.

[0026] At step 401, the system 102 receives the measurement data from the device 101. The measurement data is the measurement data of the industrial device 101 associated with the digital signature. The measurement data may be received via the communication interface 303 over the communication network. In an embodiment, the measurement data may include measurement values captured or measured at different time. For example, the measurement data may include values measured over a day or a week or a month. For example, in case of emission monitoring, the measurement data may include emission values measured over a month. Each measurement is associated with a timestamp.

[0027] At step 402, the system 102 the system 102 generates the cryptographic one-way function value for the measurement data. In an embodiment, the system 102 uses a hash function to generate the cryptographic one-way function value. A person skilled will appreciate that any cryptographic function can be used and is not limited to the hash function. The measurement data is divided into the plurality of blocks. For example, the measurement data may be divided based on chronological order of the timestamp. Then, for each block the cryptographic one-way function value is generated based on cryptographic one-way function value of the previous block. As the cryptographic one-way function value for a block will be generated considering the measurement data and the cryptographic one-way function value of the previous block, the security of the data is increased many folds. Hence, the resulting cryptographic one-way function value cannot be decrypted.

[0028] At step 403, the system 101 transmits the cryptographic one-way function values to the blockchain node 201 and the measurement data to the one or more entity servers 101a, 101b, ... 10 In. The cryptographic one-way function values can be made public as the measurement data itself is not exposed. The blockchain node 201 can be accessed by public including the one or more entity servers 101a, 101b, ... 101n. The one or more entity servers 101a, 101b, ... 101n can verify the integrity of the measurement data by obtaining the cryptographic function values of a specific measurement from the blockchain node 201 and comparing the cryptographic one- way function values with newly generated cryptographic one-way function values for the measurement data. A match in the comparison indicates that the measurement data is not tampered, and a mismatch indicates that the measurement data is tampered. In an embodiment, the measurement data that is transmitted to the one or more entity servers 101a, 101b, ... 101n are encrypted as described before. Further, the measurement data may be associated with a status. The status may indicate a condition of the measurement data. For example, for emission values, the status may include, but not limited to, “ALERT’, “NORMAL”, “ABNORMAL” and the like. Based on the status, the one or more entity servers 101a, 101b, ... 101n may take appropriate actions. In one embodiment, the status may also be associated with the cryptographic one-way function values that is transmitted to the blockchain node 201. In an embodiment, the status is based on threshold values for the measurement data defined by the one or more entity servers 101a, 101b, ... 101n.

[0029] Referring to Fig. 6, an exemplary illustration is provided of securing data of a gas analyzer 101. The gas analyzer measures and analyzes emissions in plant. The gas analyzer 101 is connected to an edge device 102 such as a computer or a router. The edge device 102 receives the emission data from the gas analyzer 101. Further, the edge device generates the cryptographic one-way function value for the emission data using a hash function. The hash values are then transmitted to the blockchain node 201, and the emission values are transmitted to a regulatory server 101a and a plant cloud server 101b. The regulatory server 101a may belong to a regulatory body such as an emission control authority, and the plant cloud server 101b is a server configured for monitoring and analysing the emission values by the stakeholders. Thus, decoupling the data and the integrity allows data privacy while ensuring data integrity. Fig. 6 shows an exemplary- table of values that are transmitted to the blockchain node 201.

COMPUTER SYSTEM

[0030] Fig. 7 illustrates a block diagram of an exemplary computer system 700 for implementing embodiments consistent with the present disclosure. In an embodiment, the computer system 700 may be used to implement the system 102. Thus, the computer system 700 may be used to secure data integrity. The computer system 700 may comprise a Central Processing Unit 702 (also referred as “CPU” or “processor”). The processor 702 may comprise at least one data processor. The processor 702 may include specialized processing units such as integrated system (bus) controllers, memory- management control units, floating point units, graphics processing units, digital signal processing units, etc.

[0031] The processor 702 may be disposed in communication with one or more input/output (I/O) devices (not shown) via I/O interface 701. The I/O interface 701 may employ communication protocols/methods such as, without limitation, audio, analog, digital, monoaural, RCA, stereo, IEEE (Institute of Electrical and Electronics Engineers) -1394, serial bus, universal serial bus (USB), infrared, PS/2, BNC, coaxial, component, composite, digital visual interface (DVI), high-definition multimedia interface (HDMI), Radio Frequency (RF) antennas, S- Video, VGA, IEEE 7O2.n /b/g/n/x, Bluetooth, cellular (e.g., code-division multiple access (CDMA), high-speed packet access (HSPA+), global system for mobile communications (GSM), long-term evolution (LIE), WiMAX, or the like), etc.

[0032] Using the I/O interface 701, the computer system 700 may communicate with one or more I/O devices. For example, the input device 710 may be an antenna, keyboard, mouse, joystick, (infrared) remote control, camera, card reader, fax machine, dongle, biometric reader, microphone, touch screen, touchpad, trackball, stylus, scanner, storage device, transceiver, video device/source, etc. The output device 711 may be a printer, fax machine, video display (e.g., cathode ray tube (CRT), liquid crystal display (LCD), light-emitting diode (LED), plasma. Plasma display panel (PDP), Organic light-emitting diode display (OLED) or the like), audio speaker, etc.

[0033] The processor 702 may be disposed in communication with the communication network 709 via a network interface 703. The network interface 703 may communicate with the communication network 709. The network interface 703 may employ connection protocols including, without limitation, direct connect, Ethernet (e.g., twisted pair 10/100/1000 Base T), transmission control protocol/intemet protocol (TCP/IP), token ring, IEEE 802.1 la/b/g/n/x, etc. The communication network 709 may include, without limitation, a direct interconnection, local area network (LAN), wide area network (WAN), wireless network (e.g., using Wireless Application Protocol), the Internet, etc. The network interface 703 may employ connection protocols include, but not limited to, direct connect, Ethernet (e.g., twisted pair 10/100/1000 Base T), transmission control protocol/intemet protocol (TCP/IP), token ring, IEEE 802.11a/b/g/n/x, etc.

[0034] The communication network 709 includes, but is not limited to, a direct interconnection, an e-commerce network, a peer to peer (P2P) network, local area network (LAN), wide area network (WAN), wireless network (e.g, using Wireless Application Protocol), the Internet, Wi- Fi, and such. The first network and the second network may either be a dedicated network or a shared network, which represents an association of the different types of networks that use a variety of protocols, for example, Hypertext Transfer Protocol (HTTP), Transmission Control Protocol/intemet Protocol (TCP/IP), Wireless Application Protocol (WAP), etc., to communicate with each other. Further, the first network and the second network may include a variety of network devices, including routers, bridges, servers, computing devices, storage devices, etc.

[0035] In some embodiments, the processor 702 may be disposed in communication with a memory 705 (e.g, RAM, ROM, etc. not shown in Figure 8) via a storage interface 704. The storage interface 704 may connect to memory 705 including, without limitation, memory drives, removable disc drives, etc, employing connection protocols such as serial advanced technology attachment (SATA), Integrated Drive Electronics (IDE), IEEE-1394, Universal Serial Bus (USB), fiber channel, Small Computer Systems Interface (SCSI), etc. The memory drives may further include a drum, magnetic disc drive, magneto-optical drive, optical drive, Redundant Array of Independent Discs (RAID), solid-state memory devices, solid-state drives, etc.

[0036] The memory 705 may store a collection of program or database components, including, without limitation, user interface 706, an operating system 707, web browser 708 etc. In some embodiments, computer system 700 may store user/application data, such as, the data, variables, records, etc., as described in this disclosure. Such databases may be implemented as fault-tolerant, relational, scalable, secure databases such as Oracle ® or Sybase®.

[0037] The operating system 707 may facilitate resource management and operation of the computer system 700. Examples of operating systems include, without limitation, APPLE MACINTOSH ^R OS X, UNIX ^R , UNIX-like system distributions (E.G, BERKELEY SOFTWARE DISTRIBUTION ^TM (BSD), FREEBSD ^TM , NETBSD ^TM , OPENBSD ^TM , etc.), LINUX DISTRIBUTIONS ^TM (E G, RED HAT ^TM , UBUNTU ^TM , KUBUNTU ^TM , etc.), IBM ^TM OS/2, MICROSOFT ^TM WINDOWS ^TM (XP ^TM , VISTA ^TM /7/8, 10 etc.), APPLE ^R IOS ^TM , GOOGLE ^R ANDROID ^TM , BLACKBERRY ^R OS, or the like.

[0038] In some embodiments, the computer system 700 may implement the web browser 708 stored program component. The web browser 708 may be a hypertext viewing application, for example MICROSOFT ^R INTERNET EXPLORER ^TM , GOOGLE ^R CHROME ^TM0 , MOZILLA ^R FIREFOX ^TM , APPLE ^R SAFARI ^TM , etc. Secure web browsing may be provided using Secure Hypertext Transport Protocol (HTTPS), Secure Sockets Layer (SSL), Transport Layer Security (TLS), etc. Web browsers 708 may utilize facilities such as AJAX ^TM , DHTML ^TM , ADOBE ^R FLASH ^TM , JAVASCRIPT ^TM , JAVA ^TM , Application Programming Interfaces (APIs), etc. In some embodiments, the computer system 700 may implement a mail server (not shown in Figure) stored program component. The mail server may be an Internet mail server such as Microsoft Exchange, or the like. The mail server may utilize facilities such as ASP ^TM , ACTIVEX ^TM , ANSI ^TM C++/C#, MICROSOFT ^R , .NET ^TM , CGI SCRIPTS ^TM , JAVA ^TM , JAVASCRIPT ^TM , PERL ^TM , PHP ^TM , PYTHON ^TM , WEBOBJECTS ^TM , etc. The mail server may utilize communication protocols such as Internet Message Access Protocol (IMAP), Messaging Application Programming Interface (MAPI), MICROSOFT ^R exchange, Post Office Protocol (POP), Simple Mail Transfer Protocol (SMTP), or the like. In some embodiments, the computer system 700 may implement a mail client stored program component. The mail client (not shown in Figure) may be a mail viewing application, such as APPLE ^R MAIL ^TM , MICROSOFT ^R ENTOURAGE ^TM , MICROSOFT ^R OUTLOOK ^TM , MOZILLA ^R THUNDERBIRD ^TM , etc.

[0039] Furthermore, one or more computer-readable storage media may be utilized in implementing embodiments consistent with the present disclosure. A computer-readable storage medium refers to any type of physical memory on which information or data readable by a processor may be stored. Thus, a computer-readable storage medium may store instractions for execution by one or more processors, including instructions for causing the processors) to perform steps or stages consistent with the embodiments described herein. The term “computer- readable medium” should be understood to include tangible items and exclude carrier waves and transient signals, i.e., be non-transitory. Examples include Random Access Memory (RAM), Read-Only Memory (ROM), volatile memory, non-volatile memory, hard drives. Compact Disc Read-Only Memory- (CD ROMs), Digital Video Disc (DVDs), flash drives, disks, and any other known physical storage media. [0040] Embodiments of the present disclosure allows data integrity while still providing data privacy. Hence, the plant data is secured. Further, the validity of the data is ensured as the blockchain node is a public server.

[0041] The terms "an embodiment", "embodiment", "embodiments", "the embodiment", "the embodiments", "one or more embodiments", "some embodiments", and "one embodiment" mean "one or more (but not all) embodiments of the invention(s)" unless expressly specified otherwise.

[0042] The terms "including", "comprising", “having” and variations thereof mean "including but not limited to", unless expressly specified otherwise.

[0043] The enumerated listing of items does not imply that any or all of the items are mutually exclusive, unless expressly specified otherwise. The terms "a", "an" and "the" mean "one or more", unless expressly specified otherwise.

[0044] A description of an embodiment with several components in communication with each other does not imply that all such components are required. On the contrary a variety of optional components are described to illustrate the wide variety of possible embodiments of the invention.

[0045] When a single device or article is described herein, it will be readily apparent that more than one device/article (whether or not they cooperate) may be used in place of a single device/article. Similarly, where more than one device or article is described herein (whether or not they cooperate), it will be readily apparent that a single device/article may be used in place of the more than one device or article or a different number of devices/articles may be used instead of the shown number of devices or programs. The functionality and/or the features of a device may be alternatively embodied by one or more other devices which are not explicitly described as having such functionality/features. Thus, other embodiments of the invention need not include the device itself.

[0046] The illustrated operations of Figures 4 shows certain events occurring in a certain order. In alternative embodiments, certain operations may be performed in a different order, modified, or removed. Moreover, steps may be added to the above-described logic and still conform to the described embodiments. Further, operations described herein may occur sequentially or certain operations may be processed in parallel. Yet further, operations may be performed by a single processing unit or by distributed processing units.

[0047] Finally, the language used in the specification has been principally selected for readability and instructional purposes, and it may not have been selected to delineate or circumscribe the inventive subject matter. It is therefore intended that the scope of the invention be limited not by this detailed description, but rather by any claims that issue on an application based here on. Accordingly, the disclosure of the embodiments of the invention is intended to be illustrative, but not limiting, of the scope of the invention, which is set forth in the following claims.

[0048] While various aspects and embodiments have been disclosed herein, other aspects and embodiments will be apparent to those skilled in the art. The various aspects and embodiments disclosed herein are for purposes of illustration and are not intended to be limiting, with the true scope being indicated by the following claims.