Industrial automation system device with secure communication, system and method

What is claimed is: 1. An industrial automation system device, comprising: a secure communication hardware processor configured to communicate securely with a further trusted industrial automation system device; and a pre-shared secret module comprising a pre-shared secret, the pre-shared secret comprising shared asymmetric key pair generation data, wherein the secure communication hardware processor is configured to: derive a shared asymmetric key pair comprising a shared secret key and a shared public key from the shared asymmetric key pair generation data; derive a shared certificate comprising the shared public key; sign the shared certificate with the shared secret key; generate a device asymmetric key pair comprising a device secret key and a device public key; and derive a device certificate comprising the device public key and signed with the shared secret key. 2. The industrial automation system device of The industrial automation system device of further comprising: an OPC Unified Architecture device, wherein the device certificate comprises a device specific Application Instance Certificate, and wherein the shared certificate comprises a shared Application Instance Certificate. 3. The industrial automation system device of claim 1 , wherein the pre-shared secret further comprises shared certificate related information, and wherein the communication hardware processor is configured to derive the shared certificate from the shared certificate related information of the pre-shared secret. 4. The industrial automation system device of claim 1 , wherein the device certificate comprises pre-configured default data. 5. The industrial automation system device of claim 1 , wherein a key generation algorithm for generating the shared asymmetric key pair comprises an algorithm identical to an algorithm used by the further device. 6. The industrial automation system device of claim 1 , wherein the pre-shared secret provides a sufficient entropy to derive the shared asymmetric key pair in a cryptographically secure way. 7. The industrial automation system device of claim 1 , wherein the secure communication hardware processor is further configured to use a regular entropy source for generating the device asymmetric key pair. 8. The industrial automation system device of claim 1 , further comprising: a certificate store comprising the device certificate; and a trust list comprising the shared certificate. 9. The industrial automation system device of claim 3 , wherein the shared certificate related information of the pre-shared secret comprises one or more of the following: subject name, validity period, certificate signature algorithm, version, serial number, signature hash algorithm, issuer, public key, public key parameters, basic constraints, alternative name, subject key identifier, authority key identifier, key usage, and/or thumbprint. 10. The industrial automation system device of claim 3 , wherein the shared certificate related information for the shared certificate and the device certificate of the pre-shared secret are each interpreted as an X.509 certificate. 11. The industrial automation system device of claim 1 , wherein the pre-shared secret is provided to the device by pre-configuration or through an external access interface. 12. An industrial automation system, comprising: at least one industrial automation system device that comprises: a secure communication hardware processor configured to communicate securely with a further trusted industrial automation system device; and a pre-shared secret module comprising a pre-shared secret, the pre-shared secret comprising shared asymmetric key pair generation data, wherein the secure communication hardware processor is configured to: derive a shared asymmetric key pair comprising a shared secret key and a shared public key from the shared asymmetric key pair generation data; derive a shared certificate comprising the shared public key; sign the shared certificate with the shared secret key; generate a device asymmetric key pair comprising a device secret key and a device public key; and derive a device certificate comprising the device public key and signed with the shared secret key. 13. The industrial automation system of claim 12 , wherein at least the further trusted device comprises an identical pre-shared secret for deriving identical shared asymmetric key pairs and an identical shared certificate. 14. A method for secure communication in an industrial automation system, comprising: providing a pre-shared secret comprising asymmetric key pair generation data; deriving a shared asymmetric key pair comprising a shared secret key and a shared public key from the asymmetric key pair generation data; deriving a shared certificate comprising the shared public key; signing the shared certificate with the shared secret key; generating a device asymmetric key pair comprising a device secret key and a device public key; and deriving a device certificate comprising the device public key and signed with the shared secret key. 15. The method of claim 14 , further comprising: trusting a further device based on the shared certificate and communicating securely with the further device based on the shared certificate and the device asymmetric key pair.