“1::

“1::
US007530113B2
(12) Ulllted States Patent
(10) Patent N0.:
Braun
(54)
US 7,530,113 B2
(45) Date of Patent:
May 5, 2009
SECURITY SYSTEM AND METHOD FOR AN
2004/0259111 A1 *
12/2004 Marlowe et a1. ............. .. 435/6
INDUSTRIAL AUTOMATION SYSTEM
2004/0260518 A1 *
12/2004
PolZ et a1. ....... ..
2004/0260954 A1*
12/2004
Morse ...................... .. 713/202
Inventor;
Scott D, Braun, Fredonjaa
702/188
2005/0021158 A1 *
1/2005 De Meyer et al. ........... .. 700/23
2005/0021839 A1*
1/2005
Russell et a1. ............. .. 709/238
(73) Assignee: Rockwell Automation Technologies,
Inc., May?eld Heights, OH (US)
(*)
Notice:
(Continued)
Subject to any disclaimer, the term of this
patent is extended or adjusted under 35
U.S.C. 154(1)) by 712 days.
FOREIGN PATENT DOCUMENTS
1221160 A
(21) Appl. N0.: 10/902,453
(Continued)
(22)
Filed:
Jul. 29, 2004
(65)
Pnor Pubhcatlon Data
US 2006/0026672 A1
Feb. 2, 2006
(51)
Int, Cl,
-
OTHER PUBLICATIONS
-
-
Zecevic, Goran. “Web based interface to SCADA system”, Interna
tional Conference on Power System Technology, Aug. 1998*
Allen-Bradley User Manual entitled “1336 ImpactTM Adjustable Fre
quency AC Drive; 0.37-597 kW (0.5-800 HP) Version 1.XX-4.Xx”;
(date unknown); 50-page (as photocopied) brochure; Product of
G06F 7/04
(200601)
H0“ 9/32
Rockwell Automation.
(200601)
U s C]
I
,
726/28' 726/4- 726/17-
,
-
PI‘.
-page
as p O 0001)
(Continued)
Primary ExamineriMichael J Simitoski
Field of Classi?cation Search ................. .. 726/28,
726/4, 17; 713/168, 172, 183E186; 709/224i225;
_
ggaféggeykufziigsii 0r plrmipletcher Yoder Law;
'
709/9’ 237’ 83
(57)
See appl1cat10n ?le for complete search h1story.
(56)
-
Rockwell Automation‘
713/186; 709/224; 709/225; 700/9; 7070633873;
_
I
ied) brochure; Publication 1789-UM001B-EN-P; Product of
713/168; 713/172; 713/183; 713/184; 713/185;
(58)
I
gilinieéidléefslfiriléansu?591E? 23%??? 5 C°n<tr°11irl1789'
3
(52)
6/1999
ABSTRACT
References Cited
An industrial automation system comprises a security access
Us PATENT DOCUMENTS
device, an industrial automation device, a user interface, and
a security interface. The user interface is con?gured to pro
6,636,620 B1
10/2003 HOShiIlO
vide a user With access to data stored inside the industrial
2003/0030542 A1
2/2003 Von Hoffmann
*
E0111“ et :11‘
2003/0200008 A1,, 10/2003 wifsililet '
2003/0231l00 A1
12/2003 Chun
""""""""""" "
authorization for the user to access the data stored inside the
2004/0044420 A1
3/2004 Dingi et a1‘
2004/0162996 A1*
8/2004 Wallace et al. ............ .. 713/201
2004/0236954 A1
automation device. The security interface is con?gured to
receive information from the access device and, based on the
information received from the access device, to provide
340/5 53
700/2'36
industrial automation device using the user interface.
11/2004 Vogt et a1.
81 Claims, 8 Drawing Sheets
MGMT
122
ENG'G
14 WORKSTATION /
\
l"
I
m
OPERATOR
126
" WORKSTATION J
‘4 WORKSTATION /
x
\
l"
12a
OTHER
"2
I
125
1i WORKSTATION J
1/1
I
2
I
“1::
INFORMATION SERVER
102
102
MOTO\R DRIVE
MOTC; DRIVE 12
10s
1'14
:MI
12
(111% J 11211110
I \ 112
|
10
AUTOMZRI‘O’N
14 CONTROLLER )1
CONTROLLER
J T112111; 1J2
I \ 112
I‘ 112
“(H
/
AUTJIATION
I SECURITY
INTERFACE
l
I 112
12
J
11:
1°6\
ACTUATOR
I
’
I
111
SENSOR
12
I
I \ 112
I
")6
IIO MODULE
J
SECURITY
INTERFACE
12
12
I10 MODULE
J
SECURITY
INTERFACE
I
I 112
12
/
SECURITV
INTERFACE
\
I 112
US 7,530,113 B2
Page 2
“Securing Your Automation Ethernet Network”; (Jul. 6, 2001);
US. PATENT DOCUMENTS
2005/0155043 A1*
2005/0229004 A1*
2006/0143469 A1
7/2005
10/2005
SchulZ et al. ............. .. 719/328
Callaghan ................. .. 713/185
6/2006 Schmidt et a1.
CN
CN
CN
EP
12/2002
1465496 A
1485746 A
1306816 A2
l/2004
3/2004
5/2003
1443343 A
Eclipse Services.
“Rockwell Software Products”; l-page document; [obtained from
http://www.software.rockwell.com/navigation/products/indeX.
FOREIGN PATENT DOCUMENTS
1387159 A
14-page document; Automation Business Network Certi?cation Ser
vices; Schneider Automation Inc.; © 2001 Schneider Automation
cfm?print:1]; [page last updated: Jun. 10, 2004]; © 2004 Rockwell
Automation.
9/2003
“RSAutomation Desktop (An integrated control system design envi
ronment)”; 2-page document; [obtained from http://www.software.
rockwell.com/rsautomationdesktop/?print:1]; [page last updated:
Jun. 10, 2004]; © 2004 Rockwell Automation.
OTHER PUBLICATIONS
US. Department of Homeland Security “Information Analysis and
Infrastructure Protection”; 2-page document; [obtained from http://
www.ciao.gov/industry/indexhtml]; [page last updated: Feb. 3,
2004].
Allen-Bradley “Getting Results Manual” (DriveEXplorerTM, Version
“RSLogiX (Programming for Allen-Bradley PLC-5, SLC 500,
MicroLogix, and Logix5 000families)”; 2-page document; [obtained
from http://www.software.rockwell.com/rslogiX/?print:1]; [page
last updated: Jun. 10, 2004]; © 2004 Rockwell Automation.
“RSLogiX Emulate (Debugging Your Logic Has Never Been
Easier)”; l-page document; [obtained from http://www.software.
rockwell.com/rslogiXemulate/?print:1]; [page last updated: Jun. 10,
2.02); (Mar. 2001); 34-page (as photocopied) brochure; Publication
2004]; © 2004 Rockwell Automation.
9306-GR001B-EN-E; © 2000 Allen-Bradley Company, Inc.; Prod
“RSNetWorX (A Powerful Con?guration and Diagnostics Tool for
ControlNet, DeviceNet, and EtherNet/IP Users)”; 2-page document;
[obtained from http://www.software.rockwell.com/rsnetworX/?
uct of Rockwell Automation.
“Jump Onboard C-Manufacturing”; 4-page document; [obtained
from
http://www.ab.com/abj ournal/april2002/features/
jumpionboard/indexhtml]; [page last updated: Jan. 29, 2004]; A-B
Journal Online: Apr. 2002.
“Rockwell Software Products with Factory Talk Components” and
“Web-Based Manufacturing Portals”; 2-page document (published
prior to ?ling date).
Rockwell Software User’s Guide entitled “RSView Supervisory Edi
tionTM”; (Dec. 2003); 152-page (as photocopied) brochure; Doc ID
VIEWSE-UM003C-EN-E; © 2003 Rockwell Software Inc.; Product
of Rockwell Automation.
print:1]; [page last updated: Jun. 10, 2004]; © 2004 Rockwell Auto
mation.
“RSTestStand (Test Your Control System O?-lineiOut ofthe Critical
Path of Start-up)”; 2-page document; [obtained from http://www.
software.rockwell.com/rsteststand?print:1]; [page last updated:
Jun. 10, 2004]; © 2004 Rockwell Automation.
“RSTestStand Enterprise (InteractivelyDesign and Test Your Control
System)”; l-page document; [obtained from http://www.software.
rockwell.com/rsteststandenterprise/?print:1]; [page last updated:
Jun. 10, 2004]; © 2004 Rockwell Automation.
Stackhouse et al.; “Siemens Security and Safety White Paper” (Apr.
“RSView Studio (Development Environment for RS Wei/v Enterprise
2003); 21-page document.
Series)”; l-page document; [obtained from http://www.software.
rockwell.com/rsviewstudio/?print:1]; [page last updated: Jun. 10,
“PLC-5®A.I. SeriesTM Software Reference”; (Jun. 1997); 41 pages;
Product of Rockwell Software.
2004]; © 2004 Rockwell Automation.
“Integrated Architecture”; (Oct. 2003); 42-page (as photocopied)
“Arena (Forward J/lsibilityfor Your BusinessTM)”; 2-page document;
brochure; Publication IA-BR002B-EN-P; © 2003 Rockwell Auto
mation Inc.; Product of Rockwell Automation.
[obtained from http://www. software.rockwell .com/arenasimulation/
?print:1]; [page last updated: Jun. 10, 2004]; © 2004 Rockwell
Allen-Bradley User Manual entitled “DriveLogiX Controller”; (Oct.
2002); 172-page (as photocopied) brochure; Publication 20D
“RSView Enterprise Series (RSJTleW Machine & Supervisory Edi
UM002A-EN-P; © 2002 Rockwell International Corporation; Prod
uct of Rockwell Automation.
Automation.
tions)”; 2-page document; [obtained from http://www.software.
rockwell.com/rsviewenterpriseseries/?print:1]; [page last updated:
“The New BuZZ . . . Factory Talk”; 8-page document; [obtained from
Jun. 10, 2004]; © 2004 Rockwell Automation.
http://www.ab.com/abjournal/april2002/cover/indeX.html];
[page
“RSView Machine Edition (Machine-Level HMI for Open and
last updated: Jan. 29, 2004]; A-B Journal Online: Apr. 2002.
Allen-Bradley brochure entitled “For an Integrated Architecture,
Embedded Solutions)”; 2-page document; [obtained from http://
www.software.rockwell.com/rsviewme/?print:1];
[page
last
Take Control with LogiX”; (May 2003); 36-page (as photocopied)
brochure; Publication LOGIX-BR001D-EN-P; © 2002 Rockwell
Automation; Product of Rockwell Automation.
Rockwell Software User’s Guide entitled “RSView Machine Edi
tionTM”; (Dec. 2003); 114-page (as photocopied) brochure; Doc ID
VIEWME-UM003C-EN-E; © 2003 Rockwell Software Inc.; Prod
uct of Rockwell Automation.
Siemens “Information Security in Industrial Communications”
White Paper; (Nov. 2003); 17-page document; © Siemens AG 2003.
“Establish Trust to Protect and GrowYour Online Business (Authen
tication and EncryptioniThe Cornerstones of Online Security)”;
12-page document; [obtained from http://www.verisign.com/re
sources/gd/authentication/authentication.html]; [page last updated:
Jun. 8, 2004]; © 2002 VeriSign, Inc.
“Best-In-Class Functionality” (DriveEXecutiveTM Software); (Aug.
2001); 2-page document; Publication 9303-PP002A-EN-P; © 2001
Rockwell Automation, Product of Rockwell Automation.
“Best-In-Class Software Offers Simpli?ed Programming for Drives”
(DriveToolsTM SP Software v3.01); (Jan. 2004); 4-page document;
Publication 9303 -PP002D-EN-P; © 2004 Rockwell Automation;
Product of Rockwell Automation.
“InformationiWhere and When You Need It”; The J/levv, vol. 4,
Issue 1; (Nov. 2003); 55-page (as photocopied) brochure; Publication
VIEW-BR004B-EN-P; © 2003 Rockwell Automation, Inc.; Product
of Rockwell Automation.
“The Clinton Administration’s Policy on Critical Infrastructure Pro
updated: Jun. 10, 2004]; © 2004 Rockwell Automation.
“RSView Supervisory Edition (Distributed HMIfor Enterprise Solu
tions)”; 3-page document; [obtained from http://www.software.
rockwell.com/rsviewse/?print:1]; [page last updated: Jun. 10,2004];
© 2004 Rockwell Automation.
“RSView32 (The Clearest Wew ofyour Enterprise)”; 2-page docu
ment; [obtained from http://www.software.rockwell.com/rsview32/?
print:1]; [page last updated Jun. 10, 2004]; © 2004 Rockwell Auto
mation.
“RSView32 Add-ons (Extend RS Wen/3 2 Core Features with Add-on
Architecture)”; 2-page document; [obtained from http://www.soft
ware.rockwell.com/rsview32addons/?print:1]; [page last updated:
Jun. 10, 2004]; © 2004 Rockwell Automation.
“RSLadder (ActiveXTM Control)”; l-page document; [obtained from
http://www.software.rockwell.com/rsladder/?print:1]; [page last
updated: Jun. 10, 2004]; © 2004 Rockwell Automation.
“RSView32 Messenger (Expand Your Wei/v WithAlarm Messaging)”;
l-page document; [obtained from http://www.software.rockwell.
com/rsview32-messenger/?print:1]; [page last updated: Jun. 10,
2004]; © 2004 Rockwell Automation.
“RSView32 RecipePro (Expand Your Wei/v with Recipe Manage
ment)”; l-page document; [obtained from http://www.software.
rockwell.com/rsview32-recipepro/?print:1]; [page last updated:
Jun. 10, 2004]; © 2004 Rockwell Automation.
“RSView32 SPC (Expanding the World ofHM] with Statistical Pro
tection: Presidential Decision Directive 63”; White Paper; (May 22,
cess Control)”; l-page document; [obtained from http://www.soft
ware.rockwell.com/rsview32-spc/?print:1]; [page last updated: Jun.
1998); 15-page document.
10, 2004]; © 2004 Rockwell Automation.
US 7,530,113 B2
Page 3
“RSView32 TrendX (Expanding Your Wew with Enhanced Trend
ing)”; l-page document; [obtained from http://www.software.
rockwell.com/rsview32-trendX/?print:l]; [page last updated: Jun.
10, 2004]; © 2004 Rockwell Automation.
“RSView32 Active Display System (Expand Your Wew Across Your
“RSSql Gateway for SAP (Get Data. Get Control)”; l-page docu
ment;
[obtained from http://www.software.rockwell.com/
rssqlgateway/?print:l]; [page last updated: Jun. 10, 2004]; © 2004
Rockwell Automation.
“RSTune (PID Loop Tuner)”; l-page document; [obtained from
http://www.softwarerockwell.com/rstune/?print:l]; [page last
Networks and Beyon?”; l-page document; [obtained from http://
www.software.rockwell.com/rsview32ads/?print:l]; [page last
updated: Jun. 10, 2004]; © 2004 Rockwell Automation.
updated: Jun. 10, 2004]; © 2004 Rockwell Automation.
“RSView32 GEMTool (Manage SE CS-IIMessaging)”; l-page docu
ware.rockwell.com/interchange/?print:l]; [page last updated: Jun.
ment;
[obtained
from
http ://www. software .rockwell . com/
rsview32gemtool/?print:l]; [page last updated: Jun. 10, 2004]; ©
2004 Rockwell Automation.
“RSView32 SECSHost (Communicate with Semiconductor Manu
facturing Equipment)”; l-page document; [obtained from http://
www.software.rockwell.com/rsview32secshost/?print:l]; [page last
updated: Jun. 10, 2004]; © 2004 Rockwell Automation.
“RSView32 WebServer (Expand Your WewAcross the Web)”; l-page
document; [obtained from http://www.software.rockwell.com/
rsview32webserver/?print:l]; [page last updated: Jun. 10, 2004]; ©
2004 Rockwell Automation.
“RSBiZWare Batch (Complete Process Management Solution for
Batch Manufacturing)”; 3-page document; [obtained from http://
www.software.rockwell.com/rsbiZwarebatch/?print:l]; [page last
updated: Jun. 10, 2004]; © 2004 Rockwell Automation.
“RSBiZWare BatchCampaign (Batch Production Optimization)”;
l-page document; [obtained from http://www.software.rockwell.
com/rsbiZwarebatchcampaign/?print:l]; [page last updated: Jun. 10,
2004]; © 2004 Rockwell Automation.
RSBiZWare BatchERP (Enterprise Integration for Batch Manufac
turing); l-page document; [obtained from http://www. software.
rockwell.com/rsbiZwarebatcherp/?print:l]; [page last updated: Jun.
10, 2004]; © 2004 Rockwell Automation.
“RSBiZWare eProcedure”; l-page document; [obtained from http://
www.software.rockwell.com/rsbiZwareeprocedure/?print:l]; [page
last updated: Jun. 10, 2004]; © 2004 Rockwell Automation.
“RSBiZWare MaterialTrack”; l-page document; [obtained from
http :// www. software .rockwell .com/r sbizwarematerialtracld?
print:l]; [page last updated: Jun. 10, 2004]; © 2004 Rockwell Auto
mation.
“RSBiZWare Historian (Turn Production Data intoActionable Infor
“Interchange”; l-page document; [obtained from http://www.soft
10, 2004]; © 2004 Rockwell Automation.
“ViewAnyWare (A Common I/isualization StrategyAcross theEnter
prise)”; Z-page document; [obtained from http://www.software.
rockwell.com/viewanyware/?print:l]; [page last updated: Jun. 10,
2004]; © 2004 Rockwell Automation.
“RSMACC (Maintenance Automation Control Center)”; l-page
document; [obtained from http://www.software.rockwell.com/
rsmacc/?print:l]; [page last updated: Jun. 10, 2004]; © 2004
Rockwell Automation.
“RSNetWorX MD (Diagnostic Monitoring)”; l-page document;
[obtained from http://www.software.rockwell.com/rsnetworxmdf?
print:l]; [page last updated: Jun. 10, 2004]; © 2004 Rockwell Auto
mation.
“Entek (The Complete Asset Management Solution for Operations
and Maintenance)”; 3-page document; [obtained from http://www.
software.rockwell.com/enteld?print:l]; [page last updated: Jun. 10,
2004]; © 2004 Rockwell Automation.
“Emonitor Process (Process Data Analysis Software System)”;
l-page document; [obtained from http://www.software.rockwell.
com/emonitorprocess/?print:l]; [page last updated: Jun. 10, 2004];
© 2004 Rockwell Automation.
“Emonitor Enlube PM (Machinery Oil Analysis Information Soft
ware System)”; l-page document; [obtained from http://www.soft
ware .rockwell .com/emonitorenlubepm/?print: 1];
[page
updated: Jun. 10, 2004]; © 2004 Rockwell Automation.
last
“Emonitor Odyssey (Complete Integrated Condition Monitoring
Software System)”; l-page document; [obtained from http://www.
software .rockwell .com/emonitorodyssey/?print: l ]; [page
updated: Jun. 10, 2004]; © 2004 Rockwell Automation.
last
mation)”; l-page document; [obtained from http://www.software.
rockwell.com/rsbiZwarehistorian/?print:l]; [page last updated: Jun.
“Emonitor Enshare (Plant Asset Management Software System)”;
l-page document; [obtained from http://www.software.rockwell.
com/emonitorenshare/?print:l]; [page last updated: Jun. 10, 2004];
10, 2004]; © 2004 Rockwell Automation.
“RSBiZWare PlantMetrics (Exploit Plant ?oor Data to Maximize
“Emonitor MAXIMO Gateway (Integration to Rockwell Automa
Operational Equipment Ej?ciency)”; l-page document; [obtained
from http://www.software.rockwell.com/rsbiZwareplantmetrics/?
print:l]; [page last updated: Jun. 10, 2004]; © 2004 Rockwell Auto
mation.
“RSBiZWare Scheduler (Add Value to Production Scheduling)”;
l-page document; [obtained from http://www.software.rockwell.
com/rsbiZwarescheduler/?print:l]; [page last updated: Jun. 10,
2004]; © 2004 Rockwell Automation.
“RSEnergyMetriX (Scaleable Web-based Energy Management)”;
l-page document; [obtained from http://www.software.rockwell.
com/rsenergymetrix/ilprint:l]; [page last updated: Jun. 10, 2004]; ©
2004 Rockwell Automation.
“RSLinX Family of Products (An Industrial Communication Hub)”;
Z-page document; [obtained from http://www.software.rockwell.
com/rslinx/?print:l]; [page last updated: Jun. 10, 2004]; © 2004
Rockwell Automation.
“RSLoop Optimizer (Advanced Optimization Analysis)”; 3-page
document; [obtained from http://www.software.rockwell.com/
rsloopoptimiZer/?print:l]; [page last updated: Jun. 10, 2004]; ©
2004 Rockwell Automation.
© 2004 Rockwell Automation.
tion’s Comprehensive Solution for EnterpriseAsset Health Informa
tion)”; l-page document; [obtained from http://www.software.
ro ckwell . com/emonitormaXimogateway/?print:l ];
[page
last
updated: Jun. 10, 2004]; © 2004 Rockwell Automation.
“Plantlink (Graphical Machinery Annunciation software)”; l-page
document; [obtained from http://www.software.rockwell.com/
emonitorplantlink/?print:l]; [page last updated: Jun. 10, 2004]; ©
2004 Rockwell Automation.
“Eshape (Operating De?ection Shape Software)”; l-page document;
[obtained
from
http://www.software.rockwell.com/
emonitoreshape/?print:l]; [page last updated: Jun. 10, 2004]; ©
2004 Rockwell Automation.
“EntrX (High Speed TransientData Analysis System)”; l-page docu
ment; [obtained from http://www.software.rockwell.com/entrX/?
print:l]; [page last updated: Jun. 10, 2004]; © 2004 Rockwell Auto
mation.
“Enline 66 (Data andAlarm Status Displayfrom Entek 6600 Protec
tion Monitors)” l-page document; [obtained from http://www.soft
ware.rockwell.com/emonitorenline66/?print: l ]; [page last updated:
“RSPower32 (The Multi-Purpose Power and Energy Management
Jun. 10, 2004]; © 2004 Rockwell Automation.
Tool)”; l-page document; [obtained from http://www.software.
rockwell.com/rspower32/?print:l]; [page last updated: Jun. 10,
“Lubelink (Oil Analysis Bench Kit Software)”; l-page document;
[obtained from http://www.software.rockwell.com/lubelinld?
2004]; © 2004 Rockwell Automation.
print:l]; [page last updated: Jun. 10, 2004]; © 2004 Rockwell Auto
“RSSql (GetData. Get Control)”; l-page document; [obtained from
http://www.software.rockwell.com/rssql/?print:l]; [page last
mation.
updated: Jun. 10, 2004]; © 2004 Rockwell Automation.
* cited by examiner
US. Patent
12
May 5, 2009
Sheet 1 of8
INDUSTRIAL AuToIvIATIoN
DEVICE
US 7,530,113 B2
USER INTERFACE
14
\r_18__\______1
19\
I SECURITY INTERFACE |
rl8_\_______1/
I SECURITY INTERFACE |
\
I
\
/
\
/
\
/
\
/
1°
16
\
/
\ ACCESS DEVICE
/
SECURITY
_18_\______
I SECURITY INTERFACE 1|
FIG. 2
FIG_ 1
US. Patent
May 5, 2009
30
\
Sheet 2 of8
INPUT RECEIVED
FROM ACCESS
DEVICE
32
\ ACCESS DATABASE
34
\ PROMPT USER VIA
USER INTERFACE
36
RECEIVE USER
\
INPUT VIA USER
INTERFACE
38 PERMIT ACCESS TO
\
AUTOMATION
DEVICE
FIG. 3
US 7,530,113 B2
US. Patent
May 5, 2009
Sheet 3 of8
US 7,530,113 B2
FIG. 4
ADAPTER
/
US. Patent
May 5, 2009
Sheet 4 0f 8
US 7,530,113 B2
7%
BIO-
16 REQEER
74
/
RECOGNITION 1s
\
DEVICE
J
/ 64
El
)2
INTERFACE
SECURITY
18 J
\ 71
E
68
14
76 \
0
000000000
‘66 k14
FIG. 5
US. Patent
May 5,2009
.01
@
Sheet 5 of8
US 7,530,113 B2
.QE
N
US. Patent
May 5,2009
Sheet 7 of8
US 7,530,113 B2
TO AUTOMATION DEVICE
INFORMATION SERVER
130
150
SECURITY MODULE /
/
AUDIT MODULE
156
DIRECTORY
/152
MODULE
15s
REAL'T'ME DATA 154
MODULE
DATA MODEL
/
165
To NETWORK
FIG. 9
MODULE
PORTAL MODULE
US. Patent
May 5, 2009
Sheet 8 of8
US 7,530,113 B2
WORKSTATION
MONITORING]
VIEWING TOOL
182
CONFIGURATION
TOOL
/
f 184
190
ANALYSIS TOOL
/
/ 192
DIAGNOSTICS TOOL
14
HISTORIAN TOOL
REPORTING/AUDIT
TRAIL TOOL
/
186 r 188
/
194 / 196
SCHEDULER TOOL
MESSENGER TOOL
198
/
INVENTORY
MANAGEMENT
TOOL
FIG. 10
US 7,530,113 B2
1
2
SECURITY SYSTEM AND METHOD FOR AN
INDUSTRIAL AUTOMATION SYSTEM
manufacturer. Alternatively, an industrial automation device
may be connected via an Ethernet connection to a local area
netWork or other company-Wide busines s/management infor
mation systems (e.g., a company-Wide intranet) in order to
provide management With real-time access to plant ?oor data.
HoWever, since such intranets are also commonly connected
to the Internet, the industrial automation devices become
BACKGROUND
The present invention relates to security systems and meth
ods for industrial automation systems.
Industrial automation systems are knoWn for automating
industrial processes. For example, industrial automation sys
tems have been used for material handling, robotics, airport
baggage handling, Water and WasteWater treatment, cement
production, semiconductor fabrication, electric poWer, enter
indirectly connected to the Internet. Once an industrial auto
mation device is connected to the Internet, either directly or
indirectly, it becomes vulnerable to threats.
A need therefore exists for systems and methods Which
provide security for industrial automation devices. Although
tainment, food processing, mining, beverage and packaging
operations, ski lift operations, forest products processing, life
certain advantages are described herein, it should be under
stood that the disclosed systems/methods may also be used to
sciences, logistic processes, ?bers and textiles processing,
metal forming, automotive, petroleum and chemical process
essarily achieving any of the advantages described herein.
achieve different and/ or additional advantages, Without nec
ing, plastics processing, automated transportation, health
SUMMARY
care, agriculture, postal and shipping, and other manufactur
ing processes, to name but a feW examples.
There exists an ongoing need to provide security for indus
trial automation systems. Security is desirable in order to
20
limit access that may obtained to the automation system, for
interface. The user interface is con?gured to provide a user
With access to data stored inside the industrial automation
example, for purposes of obtaining information from the sys
tem, for purposes of making changes to the system, and so on.
For example, responsibility for operating/maintaining certain
25
device. The security interface is con?gured to receive infor
mation from the access device and, based on the information
aspects of an industrial automation system may be given only
to certain quali?ed individuals. It is typically desirable to
received from the access device, to provide authorization for
the user to access the data stored inside the industrial auto
prevent other individuals from gaining access to the system to
make changes since those individuals may not be quali?ed to
make such changes. Further, it is typically desirable to limit
According to a ?rst preferred embodiment, an industrial
automation system comprises a security access device, an
industrial automation device, a user interface, and a security
30
mation device using the user interface.
According to a second preferred embodiment, an industrial
the ability of unauthorized individuals to gain access to the
automation device comprises a data storage area and a secu
system even just for purposes of checking system settings or
otherWise obtaining information about system operation. For
rity interface. The data storage area has con?guration and
operational information stored therein. The security interface
example, if a particular manufacturing process is held as a
trade secret, it may be desirable to closely guard read access
is coupled (directly or indirectly) to the data storage area. The
35
cannot obtain detailed information about the manufacturing
process. LikeWise, it may also be desirable to limit access to
other types of manufacturing information, such as production
quantities, defect rates, and so on. Further, it may be desirable
to prevent ill-intentioned individuals, such as computer hack
40
ers or terrorists, from gaining access to the industrial automa
tion system for purposes of causing damage to the automation
system, to the items it processes or manufacturers, or to
related infrastructure.
At the site of an industrial automation system, it may be
possible to gain access to the industrial automation system by
security interface is con?gured to authenticate a user and to
permit the user to access the data storage area based on
identi?cation information received from a security access
to the automation system so that an unauthorized individual
45
device.
According to a third preferred embodiment, an industrial
automation system comprises a user interface, a security
access device, a plurality of security interfaces, a communi
cation netWork, a plurality of motor drives, and a plurality of
automation controllers. The plurality of motor drives are
coupled to each other by Way of the communication netWork.
Each respective motor drive has associated thereWith a
respective one of the plurality of security interfaces. The
respective security interface is con?gured to receive informa
using a user interface associated With one or more of the
tion from the access device and, based on the information
automation devices that forms the industrial automation sys
received from the access device, to provide authorization for
tem. For example, an individual may use a user interface 50 the user to access the data stored inside the respective motor
drive using the user interface. LikeWise, the plurality of auto
associated With a motor drive to gain access to the motor
drive. Alternatively, standard interfaces are sometimes pro
vided that alloW access to be gained by connecting a laptop or
other computer to a communication netWork that connects
portions of the industrial automation system.
55
Further, it is becoming more and more common to connect
industrial automation devices to the Internet, and the same
types of threats that are posed on-site can also be posed from
remote locations via the Internet. For example, industrial
automation devices such as motor drives, multiplexed input/
mation controllers are coupled to each other and to the plu
rality of motor drives by Way of the communication netWork.
Each respective automation controller has associated there
With a respective one of the plurality of security interfaces.
The respective security interface for each automation control
ler is con?gured to receive information from the access device
and, based on the information received from the access
device, to provide authorization for the user to access the data
60
stored inside the respective automation controller using the
output devices, automation controllers, and others have been
user interface.
provided With ports for an Ethernet connection. Such an Eth
ernet connection may be used to connect the device to the
Internet, for example, directly or via a local area netWork.
Connecting an industrial automation device directly to the
Internet may be desirable, for example, to alloW ?rmWare to
be doWnloaded to the industrial automation device from the
According to a fourth preferred embodiment, an industrial
automation system comprises a communication netWork, a
security access device, a security interface, a user interface, a
plurality of motor drives, a plurality of automation control
65
lers, and a security module. The security interface is con?g
ured to receive information from the security access device.
US 7,530,113 B2
3
4
The user interface is coupled to the security interface and to
the communication netWork. The plurality of motor drives are
coupled to each other by Way of the communication netWork.
appreciated that the user interface 14 may also be integrated
With the automation device 12.
The user interface 14 is con?gured to provide a user With
access to data stored inside the industrial automation device
The plurality of automation controllers coupled to each other
and to the plurality of motor drives by Way of the communi
cation netWork. The security module is con?gured to provide
12. For example, the user interface 14 may cooperate With the
automation device 12 to provide the user With read access to
the user With access, via the user interface, to data stored in the
information for the automation device 12, to provide the user
plurality of motor drives and to data stored in the plurality of
With read/Write access to information for the automation
device 12, and so on. The data to Which the user is provided
automation controllers based on an authentication of the user
using the security access device.
It should be understood that the detailed description and
access may include, for example, con?guration information
(e.g., device settings), I/O status information, data tables,
program logic, diagnostics/alarms/events information, and so
speci?c examples, While indicating preferred embodiments
on. The user interface 14 may be connected directly or indi
of the present invention, are given by Way of illustration and
not limitation. Many modi?cations and changes Within the
scope of the present invention may be made Without departing
from the spirit thereof, and the invention includes all such
rectly to the automation device 12, e.g., by Way of a link 19,
Which may be a point-to-point link, a netWork link, or other
link, depending at least in part on Whether the user interface
14 is integrated With or separate from the automation device
modi?cations.
12. Although generally herein the reference number 12 is
BRIEF DESCRIPTION OF THE DRAWINGS
20
FIG. 1 is an industrial automation system Which includes
an automation device and a security access device;
FIG. 2 is an industrial automation system Which includes a
motor drive and a key fob security access device;
FIG. 3 is a ?owchart shoWing the operation of the system of
FIG. 2;
25
used to refer to automation devices and the reference number
14 is used to refer to user interfaces, it Will be appreciated that
in some instances a given piece of hardWare may operate as
both. For example, a human-machine interface that is also
programmed With control logic is both a user interface and an
automation device.
The access device 16 is con?gured to provide the security
interface 18 With information that may be used to authenticate
a user that is attempting to obtain access to the automation
device 12. In one embodiment, the access device 16 is hand
FIG. 4 is an industrial automation system Which includes
an automation device, a laptop computer, and a netWork inter
held and is capable of authenticating the user by virtue of the
face;
FIG. 5 is an industrial automation system Which includes a
30
plurality of industrial automation devices and a plurality of
security access devices connected by Way of a communica
tion netWork;
remote control key chain transmitter (sometimes referred to
FIG. 6 is an industrial automation device of FIG. 1 shoWn
in greater detail;
35
FIG. 7 is a human-machine interface of FIG. 1 shoWn in
located locally With respective industrial automation devices;
authentication code, or other device. If a handheld computer
is employed (e.g., a PDA), the handheld computer may serve
40
detail; and
45
DETAILED DESCRIPTION OF THE
EMBODIMENTS
Referring noW to FIG. 1, an example of an industrial auto
50
this embodiment, authenticating the user involves identifying
55
determining the identity of the individual. Herein, “authenti
cation” refers to verifying the identity of an individual (or
tem), or other device. The automation device 12 may also be
device), for example, by identifying the individual, by iden
60
tion. Although a separate netWork connection for the indus
trial automation device 12 is not shoWn in FIG. 1, it Will be
appreciated that the arrangement of FIG. 1 may be provided in
a stand-alone or in a netWork con?guration.
as being separate from the automation device 12, it Will be
the user as one of a group of individuals that is authoriZed to
access a particular automation device, Without speci?cally
automation controller (e.g., programmable controller sys
The automation device 12 is accessible to a user by Way of
the user interface 14. Although the user interface 14 is shoWn
16 given to each user need not be unique. For example, each
member of a group of technicians may be given access cards
that are identical, and may each contain an identical code that
is unique to the group but not to each individual member. In
industrial automation device 12, a user interface 14, an elec
a sensor or an actuator, for example, in a netWork con?gura
a different user). For example, multiple cards With magnetic
strips may be provided to different users, With the magnetic
strip of each card being uniquely encoded to alloW the card
(and thereby the user) to be uniquely identi?ed. As Will be
apparent, the integrity of this arrangement is enhanced if any
lost or stolen cards are immediately reported so that the lost/
stolen card may be disabled. Alternatively, the access device
mation system 10 according to a preferred embodiment is
illustrated. The industrial automation system 10 comprises an
tronic security access device 16, and a security interface 18.
The industrial automation device 12 is used to control at
least a portion of an industrial process (not shoWn). The
automation device 12 may, for example, be a motor drive, an
as both the user interface 14 and the access device 16.
Multiple hand-held devices 16 may be provided to alloW
access by different users (i.e., each device being provided to
FIG. 9 is an information server of FIG. 8 shoWn in greater
FIG. 10 is a Workstation including set of softWare tools of
FIG. 8 shoWn in greater detail.
in the automotive industry as a key fob), a hand-held com
puter equipped With a Wireless transmitter (e.g., Bluetooth
transmitter, infrared transmitter, etc.) for transmitting an
greater detail;
FIG. 8 is an industrial automation system Which includes
an information server and a plurality of security interfaces
fact that it is in the possession of the user. The access device
16 may comprise an off-the-shelf handheld device. For
example, in this embodiment, the access device 16 may be a
smart card, a card With a magnetic strip, a Wireless electronic
tifying the individual as a member of a group of individuals,
and so on. As Will be seen beloW, in the preferred embodi
ment, not only individuals but also devices, such as automa
tion controllers, motor drives, sensors, actuators, and so on,
are authenticated.
65
In another embodiment, the access device 16 comprises
one or more sensors Which may be used to obtain information
useable to authenticate an individual. For example, the access
US 7,530,113 B2
5
6
device 16 may be a biometric measurement device con?gured
to sense biometric information from the user. Again, this may
be an off-the-shelf device. For example, the security access
Write a certain piece of information, etc.). Such information
may be stored in a database, such as in the database used to
store the code, biometric, or other information as described
above.
In another embodiment, rather than retrieve the access
rights of the user from a database, the access rights of the user
device 16 may be a retinal scanner con?gured to scan the
retina of the individual that is attempting to gain access to the
automation device 12. Alternatively, the security access
device 16 may be a ?ngerprint reader con?gured to scan the
are included in the information received from the access
?ngerprint of the user. As another example, the security
access device 16 may be a voice recognition device con?g
ured to receive an audible signal from the user (e.g., spoken
10
Words).
Other functions that may be performed by the security
interface 18 may include implementing, ensuring and/or
enabling such things as availability restrictions (determining
Combinations of identi?cation techniques may also be
used. For example, the access device 16 may comprise a PDA
With a built-in ?ngerprint reader. The PDA may be con?gured
to transmit both a unique code associated With the PDA and
When users can perform certain functions, ensuring that infor
mation is accessible to authorized participants While avoiding
biometric information characterizing the ?ngerprint of the
user of the PDA. The PDA may further serve as both the user
interface 14 in addition to the access device 16.
The security interface 18 is con?gured to receive informa
tion from the access device 16 and to compare the information
With stored information to authenticate the user. For example,
20
the access device 16 is a smart card, a card With a magnetic
25
30
user if a code/biometric match is found, or not authenticate
the user if no match is found, for example.
The security interface 18 may be located With the automa
tion device 12, With the user interface 14, With the security
35
access device 16, may be provided as a separate device, may
be provided With combinations thereof (i.e., a separate secu
40
of a non-integrally provided user interface 24. The non-inte
gral user interface 24 may, for example, be a handheld user
interface 24 that is connected by Way of a cable 28 to an I/O
port of the motor drive 22. A security interface 18 (not shoWn
in FIG. 2) may be provided With the motor drive 22 and/or
With the user interfaces 23, 24, for example, as previously
information characterizing the retinas of authorized individu
described. Also, a database of individuals that are authorized
the motor drive 22 may be stored in the motor drive 22, in the
user interface 23, 24, or in another location.
Referring noW also to FIG. 3, in operation, the user presses
als. As another example, if the access device 16 comprises an
off-the- shelf ?ngerprint reader connected to a universal serial
bus (USB) port on the automation device 12, the logic and
stored information used to compare the biometric informa
tion characterizing the ?ngerprint of the user With the infor
mation characterizing the ?ngerprints of authorized individu
Will appreciated, some of these functions are overlapping.
FIG. 2 is a more detailed variation of the example of FIG.
1. For convenience, in FIG. 2, like reference numerals are
used to refer to like parts as compared to FIG. 1. In FIG. 2, the
security access device 16 is a key fob 26, and the automation
device 12 is shoWn to be a motor drive 22.
As previously indicated, the user interface 14 may be inte
grated With or physically separate from the industrial auto
mation device 12. In the arrangement of FIG. 2, both arrange
ments are shoWn: The motor drive 22 is accessible by Way of
an integrally provided (built-in) user interface 23 and by Way
rity interface 18 for each), and/ or may be provided With
another device. For example, if the security access device 16
is a retinal scanner, the retinal scanner may include not only
the sensor used to characterize the user’s retina, but also the
logic and stored information used to compare the biometric
information characterizing the retina of the user With the
and Why), nonrepudiation (ensuring that it is possible to prove
What happened, and Who did What), privacy/con?dentiality
(ensuring that information is protected from being accessed
by third parties), and integrity (ensuring that information is
secure from unauthorized modi?cation or manipulation). As
information received from the access device 16 With biomet
ric information stored in a database characterizing biometrics
of authorized users (e.g., Where the access device 16 is a
retinal scanner, ?ngerprint reader, or voice recognition
device). The security interface 18 may then authenticate the
communication overload), archiving (vaulting of con?gura
tion history), recovery (restoring system con?guration after
changes Were made), auditing (establishing electronic
records and validation), reporting (providing traceable
records shoWing Who did What and When, or What happened
the security interface 18 may compare a unique code received
from a handheld device With a database of codes (e. g., Where
strip, a key fob transmitter, or a handheld computer). Alter
natively, the security interface 18 may compare biometric
device 16. In other Words, the code transmitted by the access
device 16 may include not only a code uniquely identifying
the individual, but also a code specifying the access rights of
the individual.
one of the buttons 29 on the key fob 26 to access the motor
50
drive 22. The keypress from the user is received by the button
29 and, in response, the keyfob 26 transmits a Wireless,
als may be stored in the automation device 12. The database
of codes or biometric information accessed by the security
interface 18 may be located With the automation device 12,
uniquely coded signal to the security interface 18 (step 30).
The coded signal uniquely identi?es the key fob 26 and there
With the user interface 14, With the access device 16, With the
the key fob 26. In response, the security interface 18 matches
the code signal against the information stored database and
fore identi?es a particular user assumed to be in possession of
security interface 18, or at another location, such as by being
distributed over multiple locations. Herein, the term “data
base” refers to any data storage arrangement and does not
imply any organizational structure or other limitation.
In one embodiment, the security interface 18 is further
55
con?gured to perform additional functions. For example, the
60
accesses the database to obtain additional information perti
nent to the user based on the coded signal, including poten
tially a passWord for the user (step 32). Preferably, the secu
rity interface 18 causes one or both of the user interfaces 23,
security interface 18 may be con?gured to access stored infor
mation describing the access rights of the user (e.g., Whether
the user has read-only access or Whether the user also has
Write-access, the types of information of information for
Which the user has Write access, and so on), and to con?rm
that the user is authorized to engage in a particular data
transaction (e.g., to read a certain piece of information, to
24 to provide a prompt screen to the user (step 34). By Way of
example, it Will be assumed for present purposes that the user
accesses the motor drive 22 by Way of the user interface 24,
although it Will be understood that the user interface 23 may
also be used by the user to access the motor drive 22.
65
In one embodiment, the system 10 is provided in an envi
ronment in Which other industrial automation devices are
located that are compatible With (and that respond to) the key
US 7,530,113 B2
7
8
fob 26. The user interface 24 provides the user with a response
only access whereas other users may have read-write access.
screen to indicate that a key press from the key fob 26 has been
Also, the parameters that may be accessed or the functions
that may be performed may vary depending on access level.
detected. The response screen may prompt the user to enter a
For example, the access rights may de?ne various privilege
key press or otherwise manipulate a user input device on the
user interface 24 in order to con?rm that the user desires to
access the motor drive 22. If the user provides the required
classes to control users’ ability to access memory of the
device, create or delete data table ?les and program ?les,
perform logical and physical reads or writes, change an oper
ating mode of the device, clear memory, restore device
memory, perform online edits, ?ash the memory, reset, auto
tune, clear faults/ alarms, link read/write, resets, ?ashing,
response (step 36), then the user is permitted to proceed to
access the motor drive 42 (step 38). If the user does not enter
the required response on the user interface 24 within a pre
determined period of time, the response screen may time out
and the user interface 24 returns to its initial state.
view diagnostics/events, upload con?guration information
In one embodiment, the response screen is a login screen.
settings, force I/O transitions, adjust operation of a drive or
Accordingly, when the user presses the button 29 on the key
fob 26, additional login screens may appear on other indus
trial automation in addition to that shown in FIG. 2. The login
automation controller, and so on. Different classes may be
de?ned which give different users different levels of access or
different types of access to perform different functions. Also,
screen preferably requires at least that the user enter a pass
access levels (e.g., read vs. read-write) may vary on a param
word. The login ID for the user may also be entered by the
eter-by-parameter basis. The access rights may also give cer
tain users (e.g., administrators) the ability to add or delete
user or may be automatically displayed to the user for conve
nience and to provide a visual acknowledgment of the user’s
key press. The login screen ensures that, when an authorized
users, modify password/privilege options, specify access
20
rights, and so on. For example, one of the key fobs may be an
individual uses the key fob 26 to access a ?rst industrial
administrator key fob, with complete ability to add additional
automation device, an unauthorized individual (i.e., an indi
vidual lacking authorization to engage in a particular data
transaction) is not able to access a nearby industrial automa
tion device based on the same key press. The unauthorized
users/key fobs to the database and to specify access rights of
those users in the database.
The access rights may be administered not only by the user,
25
individual is prevented from accessing the second industrial
automation device by virtue of the fact that a password must
still be entered. Preferably, the password is customized to the
holder/user of the key fob 26 as identi?ed by the coded signal,
such that a different password must be used in combination
with each key fob 26. The login screen also ensures that, if the
unauthorized individual happens to come into possession of
the key fob 26, the unauthorized individual will not able to use
the key fob 26 without knowing the password of the owner of
the key fob 26. When no password is entered (e.g., as in the
case where multiple industrial automation devices respond to
the wireless transmission from the key fob 26 and the user
the user, job function of the user, time and/or date, system
status, and/or by type or group of devices. For example, with
30
returns to its original state prior to detection of the wireless
transmission from the key fob 26.
If the user provides a login name and password (step 36),
and if a comparison of the password received from the user in
response via the login screen matches the stored information
respect to location of the user, access rights may be adminis
tered so as to allow the user to perform certain functions only
at certain locations. For example, a particular user interface
may be located adjacent to an emergency stop (“E-stop”)
switch for an automation device. By allowing the user to
perform certain functions only from that user interface, it is
possible to ensure that the user is able to visually monitor the
35
effects of any changes made by the user and immediately
press the E-stop switch in the event that any changes have
unintended consequences. This also ensures that the user has
passed through plant security and is on-site. With respect to
enters a password on a different one of the industrial automa
tion devices), or when the user is unable to enter the correct
password, the screen times out and the user interface 24
but also as a function of other parameters, such as location of
date and time, access rights may be administered to re?ect
40
shift schedules and other time-dependent security issues. For
example, a given user may only have access rights during the
shift they are scheduled to be at work, and the same access
rights may be given to other users during other shifts. With
respect to system status, access rights may be administered to
regarding the password of the user associated with the key fob
effect a lock-out arrangement. In other words, when a ?rst
user takes an automation device off-line to update control
26, then the user is given access to the motor drive 22 in
accordance with the user’s access rights as speci?ed in the
logic of the automation device, for example, the ?rst user may
be given “ownership” of the automation device such that
45
information retrieved from the database (step 38).
In one embodiment, when a user gains or attempts to gain
50
access at a ?rst industrial automation device (e.g., by entering
a password), the automation device broadcasts a message to
other devices on the network. The purpose of the message is
to alert the other automation devices that the user is in the
process of gaining access, or has gained access, at the auto
mation device, so that another user can not surreptitiously
gain access at one of the other automation devices based on
the same key fob press. Based on this message, the other
automation devices may then prevent access to the second
user. When the authorized user has logged out, a follow-up
Referring now to FIG. 4, as previously noted, the security
interface 18 may be provided in a motor drive or an automa
tion controller or it may be provided in a peripheral. FIG. 4 is
another variation of the example of FIG. 1. In FIG. 4, a ?rst
55
peripheral in the form of communication adapter 52 connects
a laptop computer 56 to an I/O port of motor drive 58 for
point-to-point communication. Another peripheral 54 con
nects the motor drive 58 to a network 59. The peripheral 54
may, for example, be a communication adapter that connects
60
message may be sent by the automation device in order to
allow the user to login to other automation devices.
the motor drive 58 to the network 59. Another user interface
55 is also connected to the motor drive 58.
As described previously, usemames and passwords asso
ciated with the security access device 16 may be stored in the
In one embodiment, the access device 16 gives the user
complete access to the automation device 12. Preferably,
however, a multi-tiered access arrangement may be used,
with different individuals having different levels of access to
the motor drive 22. For example, some users may have read
access to the control logic by other users may be temporarily
restricted until the work of the ?rst user is complete.
security interface 18, which may locally manage security to
65
authenticate users to their con?gured access levels. The secu
rity interface 18 may also obtain security information from a
high level authority over the network 59.
US 7,530,113 B2
9
10
The security interface 18 may be provided in the commu
nication adapter 52, in the communication adapater 54, in the
72 and a biorecognition device 74. Again, other access
devices may be employed. The motor drives 62, the automa
user interface 55, or in the motor drive 58. In one embodi
tion controller 64, the HMI 66, and the security interface 71
ment, the security interface 18 is provided in the form of a
are all connected to control netWork 76. In one embodiment,
stand-alone device or as part of a separate peripheral con
nected to the motor drive 58. One reason for implementing the
security interface 18 in this manner is to facilitate use of the
the control netWork 76 is a closed, proprietary netWork. In
another embodiment, the control netWork 76 is an open, non
proprietary netWork, that is, any computing device (e.g., desk
top computer, laptop computer, handheld computer, etc.) may
techniques described herein With legacy equipment. For
example, it may be desirable to incorporate the features
described herein into existing equipment While eliminating or
communicate on the control netWork 76 so long as it has been
adequately con?gured With suitable drivers or other softWare,
and such drivers/ other softWare may be commonly available
minimizing the overall number of modi?cations that need to
be made to such equipment. Another reason is that, even for
for little or no cost.
non-legacy equipment, it may be desirable for security to be
handled by a peripheral so that changes in security do not
result in the process controlled by the automation device
having to be revalidated.
In one embodiment, the adapter 52, the adapter 54, and the
In a netWork con?guration, it may be desirable to have each
automation device 12 enforce access restrictions locally.
Accordingly, in one embodiment, the motor drives 62, the
automation controller 64, and the HMI 66 each include secu
rity interfaces 18 (not shoWn). Security is therefore provided
locally and at the device level. In this arrangement, prefer
ably, only devices that operate through a security interface are
user interface 55 may each be connected to a different com
munication port on the motor drive 58. Security may then be
implemented by controlling the access level available
through each port. For example, if the security interface 18 is
20
located in the user interface 55, the user interface 55 may
control the level of access to the motor drive 58 that is avail
able through the other ports. When a user tries to Write neW
con?guration information to the motor drive 58 using the
laptop computer 56, the user is ?rst authenticated by the user
interface 55. Upon authenticating the user, the user interface
55 may change the con?guration of the port to Which the
adapter 52 is connected so that it is possible to Write infor
mation to the motor drive 58 via that port. In this embodiment,
the only port Which alWays has complete read-Write access to
the motor drive 58 is the port to Which the user interface 55 is
tWo automation controllers, a user interface and a motor drive
or an automation controller, and so on) at least initially begins
With authentication of one or both of the participants in the
25
cannot be authenticated are given little or no access. This
prevents a rogue tool from gaining access to an automation
device by pretending to be another automation device, such as
30
35
output (e.g., an indicator). It Will be appreciated that the
40
so on), based on the type of netWork (enterprise netWork,
control netWork, and so on) With Which it is con?gured to
45
message transmitted to the devices connected to the ports on
the motor drive 58 may then be transmitted so that all periph
erals knoW Which ports have access in real-time. Preferably,
the access mask is contained in the motor drive 58, so that
50
human-machine interface) does not pose a problem. It may
also be desirable for the motor drive 58 to provide information
When access to a given port is denied. For example, if no
access is available through a given and a device tries to access
the motor drive 58 via that port, an error message such as
“secured host: port 1 Write access not alloWed” may be pro
automation device. In the case of communication With a
55
60
Way of the laptop computer 68, for example. In this case, the
user may be authenticated by the card reader 72 (e.g., for
reading a card With a magnetic strip) or by a biorecognition
device 74 (e. g., a ?nger print reader or a retinal scanner). The
security interface 71 may have a port that alloWs the security
interface 71 to be connected to the laptop computer 68 (e.g.,
by Way of a USB or Ethernet port). As generally described
above in connection With FIGS. 1-2, after receiving the input
devices 12 are shoWn to include a plurality of motor drives 62
and an automation controller (e. g., a rack mounted program
from the card reader 72 or biorecognition device 74, the
security interface 71 may then prompt the user via the laptop
mable controller system) 64. User interfaces 14 include a
interfaces 70 that are integrally provided With the motor
drives 62.A security interface 71 is connected to a card reader
ing it has a security interface 18, may not require the same
degree of protection or level of functionality as an automation
controller.
In general, each automation device 12 may communicate
human user, in FIG. 5, such communication may occur by
example of FIG. 1. In FIG. 5, the industrial automation
panel display-type HMI 66, a laptop computer 68, and user
operate, and so on. Different security interfaces 18 may have
different levels of functionality depending on the device to
Which it is connected. A simple programmable sensor, assum
With a human user using a user interface or With another
vided.
Referring noW to FIG. 5, as previously indicated, the auto
mation device 12 shoWn in FIG. 1 may be connected to an
automation control netWork. FIG. 5 is another variation of the
security interface 18 need not be identical for each device but
rather may be con?gured/optimized based on the type of
device (Workstation, motor drive, automation controller, and
may then Write to the access mask in order to con?gure the
removal of the peripheral (e. g., if the peripheral is a portable
With a security interface. For example, for reasons of cost and
simplicity of implementation, some devices may not be pro
vided With a security interface if protection for a given device
is deemed to be non-essential. For example, a security inter
face may not be provided for a sensor that measures a non
critical parameter or an actuator that effectuates a non-critical
Write access is permitted through a given port. The peripheral
accessibility of the drive on a port-by-port basis. A ping
by pretending to be an automation controller that is commu
nicating con?guration information to a motor drive.
In another embodiment, only some devices are provided
In one embodiment, an access mask may be provided in the
motor drive 58 that describes the accessibility of the motor
drive 58 on a port-by-port basis. For example, one bit in the
mask may indicate Whether read access is permitted through
a given port, and another bit in the mask may indicate Whether
communication through cooperation of the respective secu
rity interfaces associated With the tWo devices. Devices that
connected. The user interface 55 is therefore able to control
access to the motor drive 58 not only for users using the user
interface 55 but also for users using the laptop computer 56
and for users connecting by Way of the communication ada
pater 54.
able to be authenticated. Communication betWeen tWo par
ticipants (e.g., a motor drive and an automation controller,
65
computer 68 to provide a passWord. Upon receiving the pass
Word, the security interface 71 completes authentication of
the user.
US 7,530,113 B2
11
12
rity to be handled locally and avoids a single point of failure.
In another embodiment, the list may be centrally maintained
at a central authority. This would facilitate global updates to
In the case of communication with another automation
device, manual entry of a login name and password is not
necessary. Preferably, however, identi?cation information is
still stored within each device to allow each device to identify
itself. A list of authorized users/devices and access levels for
the access lists, e.g., to add a new employee to a number of
lists at once. In like manner, identi?cation and password
information for human users may be stored at each security
each user/device may then be maintained by each automation
device 12. Particularly, each automation device 12 (or at least
interface 18. The system may be con?gured such the user’s
pas sword or other information may be updated only locally at
each security interface 18, or a central authority may be used
to update the user’s password across multiple security inter
those which have a security interface) may store a list of users
and automation devices that are allowed access to its infor
mation and the level of access that is permitted.
Identi?cation information for users and devices may then
faces. If desired, a default level of access may also be allowed
for users/devices that are not on the list of authorized users,
be transmitted by way of the network 76 to allow the user/
device to obtain access to a given automation device 12. For
example, in the situation where a human user is attempting to
access one of the motor drives 62 from the laptop computer
68, the security interface 18 located in the motor drive 62 may
receive the information from the access device 16 (e.g., a
signal identifying the access the access device 16 and thereby
which may be a minimal level of access.
The system of FIG. 5 has a number of features. First, it
provides device-level security in a network environment.
Each automation device 12 is ultimately responsible for
enforcing access restrictions in connection with the I/O data
and con?guration information stored therein. Because secu
rity is handled locally, with a security interface 18 provided
the user). Receipt of this information by the security interface
18 located in the motor drive 62 occurs indirectly by way of
20
the security interface 71. The process of authenticating the
user by comparing the information received from the access
device 16 with stored information concerning the user may be
performed by the security interface 71 or by the security
interface 18 associated with the motor rive 62. In either case,
though, the information from the access device 16 ends up at
25
the level of access that is permitted based on the stored infor
mation.
Alternatively, if it is the automation controller 64 that is
attempting to access the motor drive 62, then the identi?ca
tion information may be sent from the security interface 18 of
the automation controller 64 to the security interface 18 of the
motor drive 62. Again, the security interface 18 of the motor
drive 62 may then compare the identity of the automation
controller with its stored list of users/devices that are allowed
30
35
40
access to the information in the motor drive 62 and determine
the level of access that is permitted based on the stored infor
mation.
In one embodiment, in order to prevent a rogue tool from
listening to network traf?c to discern identi?cation informa
tion of authorized users/devices, the identi?cation informa
tion is transmitted on the network 76 in encrypted format. For
45
example, a symmetric key encryption arrangement may be
automation controller 64 to transmit its identi?cation infor
mation to the motor drive 62, for example, the automation
controller 64 may encrypt its identi?cation information using
the using public key of the motor drive 62. The automation
controller 64 then transmits both encrypted items (the iden
ti?cation information and the symmetric key) to the motor
drive 62. The motor drive 62 uses its private key to decrypt the
network 76 in secure fashion.
In the embodiment described above, a separate access list
with user identi?cation and access rights information is pref
erably stored at each automation device 12. This allows secu
the network 76. Accordingly, the laptop computer 68 may
execute software tools such as enterprise management tools
that may be used to monitor operation of the automation
system. Examples of such tools will be described below.
Further, users do not need to remember different passwords
for different devices. A single password may be used for all
devices in the entire system. This makes it practical to avoid
also susceptible to allowing unauthorized access.
Referring now to FIG. 6, the arrangement of security inter
face 18 is shown in greater detail for the example of the
automation device 12. In the example of FIG. 6, the security
interface 18 is provided integrally with the automation device
12. As previously mentioned, the security interface 18 may
50
also be provided separately or may be located in another
device.
In the case of an automation device 12, the security inter
face 18 is preferably connected to control logic 80, commu
55
rights storage area 86, and log storage area 88. It may be noted
that the control logic 80, the communication interface 82, the
account data storage area 84, the access rights storage area 86,
and the log storage area 88 are present in the arrangements
nication interface 82, account data storage area 84, access
symmetric key, and then uses the decrypted symmetric key to
decrypt the identi?cation information of the automation con
troller 64. A variety of other arrangements may also be used
for authenticating other automation devices 12 and/ or for
transmitting identi?cation information back and forth on the
tecture. Automation devices 12 that include a security inter
face 18 and support the authentication and authorization sys
tem are able to prevent access by rogue tools. Accordingly, the
automation devices 12 are protected from rogue tools that
may be connected to the network 76. At the same time, autho
rized tools, such as the laptop computer 68, may obtain access
to any/all of the automation devices 12 that are connected to
the use of semi-secret “back doors” that are con?gured to
allow access in the event of a forgotten password, but that are
used in which all devices having a security interface 18 are
provided with a public key and a private key, with all devices
knowing the public keys of all the other devices. For the
authentication and authorization system. The system is the
same for both human users accessing the control network by
way of a user interface and for automation devices connected
to the control network as part of a networked control archi
the security interface 18 associated with the motor drive 62,
either in pre-authenticated or post-authenticated form. The
security interface 18 may then compare the identity of the
user with its stored list of users/devices that are allowed
access to the information in the motor drive 62 and determine
for each device, a server or other central authority is not
needed to prevent unauthorized access by rogue tools or to
allow authorized access by a user. Additionally, the automa
tion devices 12 are provided with and support a consistent
60
depicted in other Figures in which the security interface 18 is
shown, even though they are not speci?cally depicted.
The control logic 80 is logic that the automation device
uses to control or monitor at least part of an industrial process.
For example, for a motor drive, the control logic 80 comprises
65
the logic that is used to control operation of an electric motor
controlled by the motor drive. For an automation controller,
the control logic 80 may comprise logic that is used to control
the output states of a plurality of output devices based on
US 7,530,113 B2
13
14
input states of a plurality of input devices, such as logic
other information. For example, records may be kept of any
embodied in an RSLogix program. For a sensor or actuator,
data transaction that occurs Which requires access rights, such
as those described above in connection With the access rights
data storage area 86.
With reference to FIG. 7, FIG. 7 is similar to FIG. 6 except
that it shoWs the security interface 18 in the context of a
Workstation or otheruser interface 14. Instead of control logic
the control logic 80 may comprise logic used to control opera
tion of the sensor/actuator, to scale outputs, and to perform
other signal processing.
The communication interface 82 comprises communica
tion drivers and other logic used to connect the automation
80, application softWare 89 is shoWn. The application soft
device 12 to a communication link 19, such as a point-to-point
link or a communication netWork. The account data storage
area 84 stores information identifying individual users. For
example, the account data storage area 84 may be used to
Ware 89 comprises softWare tools that may be used by the
user, e.g., to obtain a device level vieW of a particular auto
mation device 12 or to obtain system-level information relat
store login IDs, passWords, and other identifying information
ing to the overall automation system 10. Examples of such
for use in authenticating an individual user using the security
access device 16 (e.g., biometric information, codes associ
ated With handheld access devices, and so on). If identi?ca
tion information is transmitted betWeen devices in an
encrypted format, the account data storage area 84 may also
tools are described in greater detail beloW in connection With
FIG. 10. Again, the security interface 18 may be used to
authenticate a human user, as generally described above in
connection With FIGS. 1-3. The user interface 14 may then
communicate With other devices on the netWork 19, including
devices With an associated security interface 18, in order to
store information to facilitate this process (e.g., public key
information of other devices, as discussed above).
The access rights data storage area 86 stores information
gather information about the operation of the automation
20
concerning What access rights individual users/devices pos
sess. For example, as previously indicated, the access rights
data storage area 86 may de?ne various privilege classes to
Referring noW to FIG. 8, an industrial automation system is
control users’ ability to modify passWord/privilege options,
access memory of the device, create or delete data table ?les
and program ?les, perform logical and physical reads or
Writes, change an operating mode of the device, clear
memory, restore device memory, perform online edits, ?ash
the memory, reset, autotune, clear faults/alarms, link read/
Write, resets, ?ashing, vieW diagnostics/events, upload con
25
and Which are each connected to a control netWork 114.
The system further includes a plurality of Workstations
30
ated that the security interface 112 need not be identical for
different levels of access or different types of access to per
35
ured to operate, and so on. Also, While the security interfaces
112 are shoWn as being embedded Within each of the devices
40
45
data storage area 84 in a manner as previously described. In
another embodiment, the information is received from an
automation device 12 or user interface 14 With its oWn asso
ciated security interface 18, e. g., over a netWork as described
50
a secure transmission and the requesting user/device has
already been authenticated. If the message is a request for
data, the security interface 18 identi?es Whether the request
ing user has read-access rights for that data and, if so, pro
vides the requested data to the user. If the message is a request
to Write an output, the security interface 18 identi?es Whether
55
the requesting user has permission to has Write-access rights
for that data and, if so, Writes the data as requested. In this
case, for example, the automation device 12 may be an actua
tor and the user requesting to Write data to the actuator may be
each device but rather may be con?gured/optimized based on
the type of device (Workstation, motor drive, automation con
troller, and so on), based on the type of netWork (enterprise
netWork, control netWork, and so on) With Which it is con?g
In operation, communication betWeen the control logic 80
and the communication interface 82 (and thereby communi
cation link 19) passes through the security interface 18.
above in connection With FIG. 5, such that the transmission is
122-128 Which are connected to a netWork 129 by Way of
respective security interfaces 112. Again, it Will be appreci
operation of a drive or automation controller, and so on.
Different classes may be de?ned Which give different users
Therefore, any message that comes in from the communica
tion link 19 is evaluated by the security interface 18. In one
embodiment, the information may be received from a user
interface 14 that is directly connected to the automation
device 12, as described above in connection With FIGS. 1-3,
such that the user is authenticated by reference to the account
shoWn Which combines the security offered by the access
device 16 With further additional features. The industrial
automation system comprises a plurality of industrial auto
mation devices 12 including motor drives 102, automation
controllers 104, I/O modules 106, HMIs 108, sensors 110,
and actuators 111 Which each include a security interface 112
?guration information settings, force I/O transitions, adjust
form different functions. Also, access levels (e.g., read vs.
read-Write) may vary on a parameter-by-parameter basis.
system.
102-111 and Workstations 122-128, it Will be appreciated that
the functionality of the security interface 112 may be pro
vided via a separate stand-alone peripheral.
In one embodiment, the netWork 114 is a control netWork
and the netWork 129 is a management information system
netWork. The control netWork 114 may, for example, be pro
vided in accordance With the ControlNet or DeviceNet auto
mation netWork standards. Control netWorks are typically
highly deterministic. The netWork 129 is a general-purpose
netWork associated With business/management information
systems in an of?ce environment (as opposed to a plant-?oor
environment) (e. g., a company-Wide intranet). The netWork
129 may be used to connect personal/ laptop computers, such
as used in of?ce-Wide intranets, extranets, and also including
the Internet. The netWork 129 may, for example, be an Eth
emet-based netWork.
The system 100 further comprises an information server
130 Which is connected to the netWork 110 and to the netWork
129. Although the information server 130 is depicted as being
located betWeen the netWorks 114 and 129, it Will be appre
ciated that other con?gurations are possible. For example,
60
one or more bridges or gateWays may also be used to inter
connect separate netWorks. Additionally, While the informa
an automation controller.
The log storage area 88 is used to store information about
tion server 130 is shoWn as a separate component, it Will be
changes to con?guration information for the automation
device 12, including When the change Was made and the
identity of the user/device that made the change. The log
example, the functionality of the information server 130 may
be distributed to the individual automation devices 12.
storage area 88 may be used to maintain a comprehensive list
of all changes made to the automation device 12 as Well as
appreciated that other con?gurations are possible. For
65
The information server 130 standardiZes communication
from different automation devices, manufacturing execution
US 7,530,113 B2
15
16
systems, and external business computing systems including
programs from entire lines or areas of an application and can
databases to connect the automation devices to each other and
be reused in the same application.
The directory module 152 may be used to support central
to the manufacturing execution systems and external business
iZed management of the security features described herein.
For example, using the directory module 152, a system
administrator responsible for setting the access rights of vari
systems. The information server 130 provides a common
framework for communication by offering a consistent for
mat for sharing data, alloWing users to share information from
the automation devices 12 With the rest of the enterprise. The
ous users may quickly broWse various automation devices
and/or I/O points in the automation system to set the access
rights of a user, potentially on a device-by-device or param
information server 130 preferably resides on a separate
server, although the separate server may be a virtual server
and the server may be hosted on a computer that is also
eter-by-parameter basis. The security module 150 (and/or the
security interfaces 18) may also be used to limit a user’s
ability to vieW and access information by Way of the directory
hosting another server.
Referring noW to FIG. 9, FIG. 9 shoWs the information
module 152.
server 130 in greater detail. The information server 130 com
The real-time data module 154 provides reliable, enter
prises a security module 150, a directory module 152, a real
prise-Wide access to real-time information from the automa
tion system 10. The real-time data module 154 provides ser
time data module 154, an audit module 156, a data model
module 158, and a portal module 160.
The security module 150 cooperates With the other mod
ules 152-160 to provide security features in the context of a
system Whichuses an information server 130. For example, to
the extent desired, the security module 150 may be used to
centrally manage at least some of the security features. For
example, in one embodiment, described above, it is desirable
to have the access rights managed entirely locally at each
device. In another embodiment, for convenience, it may be
desirable to change the security con?guration of multiple
20
an up-to-date vieW of What is happening in the automation
environment. The information may come, for example, from
any of the automation devices 12 shoWn in FIG. 8.
Preferably, the real time data module 154 operates to
25
devices simultaneously over the network. This arrangement is
native environment (e. g., at the motor drives 102, at the auto
mation controllers 104, etc.), rather than being transferred
managed from a single location. Other features of the security
30
The directory module 152 provides a directory or common
address book of the automation devices 12, user interfaces 14,
related parameter names (e.g., tags), and other parameters
and devices located in the automation environment. For
example, When a system programmer is programming the
automation system 10 using a programming tool, the user
may assign parameter names (e.g., tags) to I/O points, Which
may be real or virtual, or to other devices (e.g., sensors,
actuators, and so on). Such parameter names may be used in
the control program to refer to a particular device or I/O point.
retrieve data on an as-needed basis and pass it along to the
requesting entity. Data remains distributed in its original,
more convenient in as much as it alloWs access rights to be
module 150 are described beloW.
vices that transfer high-speed manufacturing data among
multiple processes throughout the system and make it avail
able for broWsing from softWare tools executing in the Work
stations 122-128, alloWing the Workstations 122, 124 to have
retrieved and stored in a central location. This avoids storing
the information in a central database that could be a single
point of failure.
The security module 150 (and/ or the security interfaces 18)
35
may be used to limit access via the real time data module 154
to data stored in the automation devices 12 in accordance With
access rights of individual users. In one embodiment, the
information server 120 may operate to pass identi?cation
information back and forth betWeen to alloW the automation
device 12 to authenticate a requesting user. The decision
Whether to grant a particular user/device is handled locally, at
Through the directory module 152, such parameter names
the device level. The information may be passed once, or a
secure connection may be established betWeen the automa
may then be made available for broWsing and access in other
tools. For example, if a second system programmer is pro
gramming a user interface for the automation system, the
second system programmer may use the directory module
152 to broWse and access the parameter names assigned by
the ?rst programmer in the control program. The directory
module 152 provides a distributed namespace. That is, the
tion device and the Workstation. In another embodiment, the
decision Whether to grant a particular user/ device is handled
by the information server 130. In this arrangement, the system
10 may be con?gured such that the information server 130 is
given full access to all of the automation devices 12 in the
system 10. The responsibility then rests With the information
directory module 152 preferably is not a single database, but
rather alloWs data to reside in multiple places. The directory
40
45
50
module 152 provides searchable references to resources
stored anyWhere across a distributed system. Users may,
therefore, perceive the directory module 152 as one search
of the users/devices may be stored and centrally managed at
the information server 130.
able single database.
Preferably, parameter names are not hard coded to the
server 130 to determine Whether a particular user/ device has
authoriZation to engage in a particular data transaction With
another automation device. To this end, access rights of each
55
physical location of devices or I/O points. The directory mod
ule 152 maintains information regarding physical locations
separately from information regarding device names. This
alloWs programmers to de?ne resources and resource group
The audit module 156 maintains a comprehensive list of all
changes made to the industrial automation system. The audit
module may be implemented at least in part using the log
storage area 88 located Within each automation device 12, as
described above in connection With FIG. 6. Alternately, the
audit module 156 may be implemented using a central data
base Which stores a comprehensive, central record of all
ings once and then reuse them repeatedly. A large distributed
changes made to the automation control system. Any changes
system may be programmed on one computer, taken to an
that are made to the system are forWarded on to an audit
automation environment and deployed to the correct loca
tions by simply changing the name of the hardWare on Which
the parameter resides. This also Works in reverse, by alloWing
database, Which includes details on What changes Were made,
When and by Whom. Such records may contain detailed infor
mation about the product as it Was manufactured, stored, and
released; the process used to manufacture a product; and other
information. Audit messages are generated When users log
users to go out to a site, move the deployed system onto a 65
notebook computer, modify it and then re-deploy it. Entire
duplicate entire HMI projects can be duplicated and logic
into the system, change data con?gurations, or change I/O
US 7,530,113 B2
17
18
Assuming by way of example that the user is using work
con?gurations. The audit module 156 routes these audit mes
sages from all participating devices to a central audit log for
storage and analysis. Because all users are authenticated, a
station 122 to execute software tool 182, the user may be
authenticated by the security interface 112 associated with
high level of certainty is achieved that the details on what
changes were made, when, and by whom, are correct.
the workstation 122. For example, a user may be authenti
cated by biometric information (e.g., using a ?ngerprint
The data model module 158 provides a common terminol
reader or a retinal scanner connected to the security interface
112 of the workstation 122, or by having a handheld security
ogy used to describe operations in the automation system 10.
The data model module 158 allows software applications to
store, log and view data the same way, based on a repository
of information about how the automation environment oper
device, or by another mechanism. Once the user has been
authenticated, the user is provided with access to some or all
information in the automation system 10. Access is provided
ates. For example, a user can install one software product and
in as much as the user is able to use the software tool 182 (or
one of the other software tools 184-198), which needs access
to the information in the automation system 10 in order to
completely operate. The workstation 122 may transmit a
include information about the way a plant operates. Then,
when a second product is installed, that information can be
reused, thereby avoiding the need to gather it again. Advan
tageously, this provides a single, reusable, consistent view of
request for information along with the identity of the user to
the automation environment delivered throughout the enter
the information server 130 or to individual automation
prise.
devices 12, depending on how the system is con?gured. In
The portal module 160 provides global access to produc
one embodiment, the information server 130 may respond to
the request for information, as described above. In another
tion data and manufacturing reports from an Internet browser
or related remote device. The workstations 122-128 may
connect to the information server 130 by way of the Internet
to obtain access to real-time manufacturing information. The
information server 130 may also be made available to other
20
of the user may be provided each time information is
handheld computing devices, such as personal digital assis
tants. As with the real time data module 154, the security
module 150 (and/or the security interfaces 18) may be used to
embodiment, the request for information is passed along to
individual automation devices, which then provide the
requested information. It will be appreciated that the identity
25
requested, or a secure connection may be established in order
to avoid the need to transmit identi?cation information each
time. It may also be noted that the software tools 182-198 may
be made available by way of a web browser. In this instance,
the user may enter a URL address, and the program logic
limit access to data stored in the automation devices 12 via the
portal module 160 in accordance with access rights of indi
vidual users. In one embodiment, the system may be con?g
associated with the software tools 182-198 may reside on the
ured such that access rights are also a function of the manner 30 automation system side of the Internet.
in which the workstation is connected to the information
server 130, in addition to being a function of the particular
user trying to access the information. For example, if a work
station is connected to the information server 130 by way of
the Internet, the user may be given more limited access rights.
For example, the user may be allowed to view data but not
35
the following are merely presented as examples. Different,
write data. This would provide a higher level of security
against Internet threats.
Referring now to FIG. 10, a number of exemplary software
tools 182-198 that may be made available by way of the
workstations 122-128 are shown. In general, the software
tools 182-198 may be made available to technicians, engi
fewer or additional tools may also be provided.
A viewer tool 182 provides enterprise-wide access to real
time manufacturing information using the real-time data
40
come from the motor drives 102 and/or the automation con
and maintaining the automation system and related business
tions 122-128 may be provided with reliable, real-time manu
45
stored throughout the automation system 10, including from
facturing data while providing machine status reports, oper
ating diagnostics, and audit trails.
Based on identi?cation of the user, the information that is
presented may be customiZed to the user, or may be presented
automation controllers, motor drives, individual sensors and
actuators, and so on.
In general, in operation, the tools 182-198 may be used to
provide various information including device-level and sys
module 154. Real-time manufacturing data, such as may
trollers 104, is available immediately to all remaining devices
in the automation environment. Accordingly, the worksta
neers, and management personnel in designing, operating,
operations. The software tools 182-198 may access data
The exemplary software tools 182-198 that may be made
available by way of the workstations 122-128 will now be
described. The tools 182-198 may be supported by the mod
ules 150-160 described above in connection with the infor
mation server 130. As elsewhere, it will be appreciated that
in a manner that is customiZed to the user. For example, the
tem-level views, reports, and so on, as described below.
information that is presented, or the way the information is
presented, may be customiZed based on the j ob function of the
Accordingly, execution of the tools 182-198 requires that
user.
50
information be obtained from the automation devices 12. A
Individual machines or small processes may be monitored.
user at one of the workstations 122-128 may be authenticated
The viewer tool 182 may support trending, alarming, data/
in the manner previously described. Access to this informa
tion may be handled on a device-by-device basis. Alterna
55
activity and alarm logging, and so on. The viewer tool 182
may be used to monitor runtime activity of automation pro
tively, using the security module 150, the user may be given
cesses or to monitor network health. A graphics editor may be
access to certain views/reports that, in order to be generated,
requires access to certain information in the automation
provided with drawings objects to support real time anima
tion of the automation system. Graphical images of a plant or
devices 12 to which the user would not otherwise have access. 60 machinery may be combined with other information to pro
That is, the views/reports may be such that it is considered
to obtain such views/reports may be managed by the security
vide a pictorial view of the status of a plant. Graphical images
may be acquired and transmitted, and combined with real
time plant information. Alarms may also be controlled and set
using the viewer tool 182.
An analysis tool 184 may be used to evaluate the perfor
mance of the industrial automation system by providing tools
module 150.
to identify causes of downtime, increase output by accurately
acceptable for the user to have access to the reports, even
though the user is not permitted access to the underlying
information used to generate the them from the automation
devices 12. In this arrangement, the access rights of the user
65
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertisement