Publishing data across a data diode for secured process control communications

US 10,530,748 B2
Filed: 10/24/2016
Issued: 01/07/2020
Est. Priority Date: 10/24/2016
Status: Active Grant

First Claim

Patent Images

1. A method for securely transporting communications from a process plant to another system, the method comprising:

at a field gateway interconnecting a network of the process plant and a data diode configured to prevent two-way communications between the field gateway and an edge gateway, recurrently announcing, during each context-setting phase of a plurality of context-setting phases, to the edge gateway across the data diode, respective context information descriptive of each of one or more devices included in a current set of data-generating devices of the process plant, the recurrently announcing including;

recurrently sending an indication of a respective identifier of the each of the one or more devices and an indication of a respective rate at which data generated by the each of the one or more devices is to be provided by the field gateway to the edge gateway across the data diode, andsending the respective context information descriptive of a specific device included in the current set of data-generating devices each time a pre-defined period of time elapses, a duration of the pre-defined period of time based on a tolerance of an application for lost data, the application being a consumer of the data generated by the specific device, and the application communicatively connected to the edge gateway,thereby causing the edge gateway to discover the current set of data-generating devices; and

during a respective data delivery phase occurring subsequent to the each context-setting phase, (i) receiving, at the field gateway via the process plant network, data generated by at least some of the one or more devices included in the current set of data-generating devices of the process plant while the process plant operates to control a process, and (ii) publishing, by the field gateway to the edge gateway across the data diode, the received process plant data generated by the at least some of the one or more devices included in the current set of data-generating devices.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

To secure communications from a process plant across a unidirectional data diode to a remote system, a sending device at the plant end publishes data across the diode to a receiving device at the remote end. The publication of various data is respectively in accordance with context information (e.g., identification of data sources, respective expected rate of data generation/arrival, etc.) that is descriptive of data sources of the plant and that is recurrently provided by the sending device across the diode. A recurrence interval may be based on a tolerance for lost data or another characteristic of an application, service, or consumer of data at the remote system. The publishing may leverage an industrial communication protocol (e.g., HART-IP) and/or a suitable general-purpose communication protocol (e.g., JSON).

Citations

43 Claims

1. A method for securely transporting communications from a process plant to another system, the method comprising:
- at a field gateway interconnecting a network of the process plant and a data diode configured to prevent two-way communications between the field gateway and an edge gateway, recurrently announcing, during each context-setting phase of a plurality of context-setting phases, to the edge gateway across the data diode, respective context information descriptive of each of one or more devices included in a current set of data-generating devices of the process plant, the recurrently announcing including;
  
  recurrently sending an indication of a respective identifier of the each of the one or more devices and an indication of a respective rate at which data generated by the each of the one or more devices is to be provided by the field gateway to the edge gateway across the data diode, andsending the respective context information descriptive of a specific device included in the current set of data-generating devices each time a pre-defined period of time elapses, a duration of the pre-defined period of time based on a tolerance of an application for lost data, the application being a consumer of the data generated by the specific device, and the application communicatively connected to the edge gateway,thereby causing the edge gateway to discover the current set of data-generating devices; and
  
  during a respective data delivery phase occurring subsequent to the each context-setting phase, (i) receiving, at the field gateway via the process plant network, data generated by at least some of the one or more devices included in the current set of data-generating devices of the process plant while the process plant operates to control a process, and (ii) publishing, by the field gateway to the edge gateway across the data diode, the received process plant data generated by the at least some of the one or more devices included in the current set of data-generating devices.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein receiving, at the field gateway, the data generated by the each of the one or more devices comprises receiving, at the field gateway, at least some of the data generated by the each of the one or more devices via a HART-IP®
    - protocol.
  - 3. The method of claim 2, wherein receiving at least some of the data generated by the each of the one or more devices via the HART-IP protocol comprises receiving data that has been published by the each of the one or more devices.
  - 4. The method of claim 1,further comprising transmitting, by the field gateway, a poll to a particular device;
    - and
5. The method of claim 1, wherein receiving the data generated by the each of the one or more devices comprises receiving data indicative of a diagnostic result.
6. The method of claim 1, wherein recurrently announcing the respective context information of the each of the one or more devices comprises recurrently sending the respective context information for the each of the one or more devices using at least one HART protocol command from a group of HART protocol commands including command 0, command 20, command 50, command 74, or command 105.
7. The method of claim 1, wherein publishing the process plant data across the data diode comprises publishing the process plant data across the data diode using a HART-IP®
- protocol.
8. The method of claim 1, wherein publishing the process plant data across the data diode comprises publishing the process plant data across the data diode using a JSON format.
9. The method of claim 1, wherein recurrently announcing the respective context information descriptive of the one or more devices comprises announcing updated context information respectively descriptive of at least one of the one or more devices.
10. The method of claim 1, further comprising sending, by the field gateway to the edge gateway across the data diode, updated context information descriptive of a particular device of the process plant upon an occurrence of a change corresponding to the particular device, the change corresponding to the particular device comprising an addition of the particular device to the current set of data-generating devices, a removal of the particular device from the current set of data-generated devices, a change in the respective rate at which data is generated by the particular device, or a change in a status of the particular device.
11. The method of claim 1, further comprising sending, by the field gateway to the edge gateway across the data diode and based on a user command, updated context information descriptive of a particular device of the process plant.

12. A system for securely transporting communications from a process plant to another system, the system comprising:
- a field gateway communicatively coupled to a network of the process plant;
  
  an edge gateway communicatively coupled to the another system; and
  
  a data diode interconnecting the field gateway and the edge gateway, the data diode implemented in hardware, firmware, and/or software that is particularly configured to prevent communications transmitted by the edge gateway from being ingressed into the field gateway,wherein;
  
  during a respective data delivery phase that occurs subsequent to each context-setting phase of a plurality of context-setting phases, data generated during run-time operations of the process plant by one or more devices included in the process plant is received at the field gateway via the process plant network and is published, by the field gateway, across the data diode to the edge gateway in accordance with respective context information descriptive of each of the one or more devices; and
  
  during the each context-setting phase, the respective context information is published, by the field gateway across the data diode to the edge gateway, in accordance with respective tolerances of one or more applications for lost data,the respective context information descriptive of the each of the one or more devices including an indication of a respective identifier of the each of the one or more devices and an indication of a respective rate at which data generated by the each of the one or more devices is to be provided by the field gateway to the edge gateway across the data diode,the one or more applications being consumers of the data generated by the one or more devices, and the one or more applications executing at the another system, andthe respective context information of a specific device of the one or more devices is published, by the field gateway across the data diode to the edge gateway, each time a pre-defined period of time elapses, a duration of the pre-defined period of time based on a tolerance of a specific application of the one or more applications for lost data, the specific application being a consumer of the data generated by the specific device.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 13. The system of claim 12, wherein the data generated by the one or more devices is published across the data diode using a HART-IP®
    - protocol.
  - 14. The system of claim 12, wherein the data generated by the one or more devices is published across the data diode using a JSON format.
  - 15. The system of claim 12, further including a wireless gateway at which the data generated by the one or more devices is received and provided to the field gateway.
  - 16. The system of claim 15, wherein the wireless gateway is a WirelessHART®
    - gateway.
  - 17. The system of claim 15, wherein the wireless gateway provides the data generated by the one or more devices to the field gateway using a HART-IP®
    - protocol.
  - 18. The system of claim 15, wherein at least one of the one or more devices publishes respective generated data to the wireless gateway.
  - 19. The system of claim 18, wherein the wireless gateway to which the respective generated data is published is a subscriber of the respective generated data.
  - 20. The system of claim 15, wherein the wireless gateway polls at least one of the one or more devices to obtain respective generated data.
  - 21. The system of claim 12, wherein:
    - a first application executing at the another system is a first consumer of at least some of the data generated by a first subset of the one or more devices included in the process plant, and the tolerance for lost data of the first application is a first tolerance for lost data;
      
      a second application executing at the another system is a second consumer of at least some of the data generated by a second subset of the one or more devices included in the process plant, the second subset of the one or more devices being different than the first subset of the one or more devices, and the second application having a second tolerance for lost data different than the first tolerance for lost data of the first application; and
      
      the respective context information of the first subset of the one or more devices is published, by the field gateway, across the data diode to the edge gateway in accordance with the first tolerance for lost data of the first application; and
      
      the respective context information of the second subset of the one or more devices is published, by the field gateway, across the data diode to the edge gateway in accordance with the second tolerance for lost data of the second application.
  - 22. The system of claim 12, wherein the edge gateway publishes, by using a communication protocol, at least some of the data generated by the one or more devices included in the process plant, and an application executing at the another system is a subscriber of the data published by the edge gateway.
  - 23. The system of claim 12, wherein the data generated during the run-time operations of the process plant by the one or more devices comprises at least one of dynamic data generated by the one or more devices or diagnostic data generated as a result of a diagnosis or test of the one or more devices.
  - 24. The system of claim 12, wherein the data diode is Ethernet-connected.
  - 25. The system of claim 12, wherein the data diode is serial-connected.
  - 26. The system of claim 12, wherein the respective information descriptive of the each of the one or more devices further includes an indication of a current status of the each of the one or more devices.
  - 27. The system of claim 12, wherein the another system includes one or more tangible memories storing computer-executable instructions that, when executed by one or more processors, causes the another system to at least one of:
    - monitor conditions and/or events occurring at the process plant based on the generated data;
      
      sense the conditions and/or events occurring at the process plant based on the generated data;
      
      monitor at least a portion of a process being controlled by the process plant based on the generated data;
      
      perform descriptive analytics using the generated data;
      
      perform prescriptive analytics using the generated data;
      
      orgenerate, based on the generated data, a prescriptive function to modify at least a portion of the process plant.
  - 28. The system of claim 12, wherein the another system is implemented at least in part at one or more cloud computing systems.
  - 29. The system of claim 12, wherein the field gateway periodically publishes, by using a communications protocol, updated respective context information that is currently descriptive of the each of the one or more devices across the data diode to the edge gateway, and wherein respective durations of one or more periodicities of the publishing of the updated respective context information is in accordance with the respective tolerances of the one or more applications for lost data.
  - 30. The system of claim 12, wherein updated context information of a particular device included in the one or more devices is published across the data diode upon an occurrence of a change corresponding to the particular device, the change corresponding to the particular device comprising an addition of the particular device to the process plant, a removal of the particular device from the process plant, a change in a burst configuration of the particular device, or a change in a status of the particular device.

31. A method for securely transporting communications from a process plant to another system, the method comprising:
- during each context-setting phase of a plurality of context-setting phases, at a field gateway interconnecting a network of the process plant and a data diode configured to prevent two-way communications between the field gateway and an edge gateway, announcing, to the edge gateway across the data diode, respective context information descriptive of each of one or more devices of the process plant,the respective context information including an indication of a respective identifier of the each of the one or more devices and an indication of a respective rate at which data generated by the each of the one or more devices is to be provided by the field gateway to the edge gateway across the data diode, andthe respective context information descriptive of a specific device included in the one or more devices announced each time a pre-defined period of time elapses, a duration of the pre-defined period of time based on a tolerance of an application for lost data, the application being a consumer of the data generated by the specific device, and the application communicatively connected to the edge gateway; and
  
  during a respective data delivery phase subsequent to the each context-setting phase, (i) receiving, at the field gateway via the process plant network, data generated by the each of the one or more devices while the process plant operates to control a process, and (ii) publishing, by the field gateway, the process plant data to the edge gateway across the data diode at a rate at which the data generated by the each of the one or more devices is received at the field gateway, the edge gateway being communicatively connected to the other system.
- View Dependent Claims (32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43)
- - 32. The method of claim 31, wherein receiving, at the field gateway via the process plant network, the data generated by the each of the one or more devices comprises receiving, at the field gateway via the process plant network, data published by at least one of the one or more devices.
  - 33. The method of claim 32, wherein the field gateway or another gateway disposed between the at least one of the one or more devices and the field gateway is a subscriber to the data published by the at least one of the one or more devices.
  - 34. The method of claim 32, wherein receiving the data published by the at least one of the one or more devices comprises receiving data published by the at least one of the one or more devices using a HART-IP®
    - protocol.
  - 35. The method of claim 31, wherein receiving, at the at the field gateway via the process plant network, the data generated by the each of the one or more devices comprises receiving, at the field gateway via the process plant network, a response to a poll initiated by the field gateway or by another gateway disposed between at least some of the one or more devices and the field gateway, the response to the poll including data generated by the at least some of the one or more devices.
  - 36. The method of claim 35, wherein the poll initiated by the field gateway is initiated based on respective burst configurations of the at least some of the one or more devices.
  - 37. The method of claim 31, wherein:
    - receiving, at the field gateway via the process plant network, the data generated by the each of the one or more devices comprises receiving, at the field gateway via the process plant network, data generated by the each of the one or more devices that has been encrypted using a first encryption mechanism; and
      
      publishing, by the field gateway, the process plant data to the edge gateway across the data diode comprises encrypting the process plant data using a second encryption mechanism and publishing, by the field gateway, the process plant data encrypted by the second encryption mechanism to the edge gateway across the data diode.
  - 38. The method of claim 31, wherein announcing the respective context information of the one or more devices comprises announcing respective context information descriptive of each of one or more devices included in a current set of data-generating devices of the process plant, thereby causing the edge gateway to discover the current set of data-generating devices.
  - 39. The method of claim 38, wherein:
    - announcing the respective context information descriptive of the each of the devices included in the current set of data-generating devices of the process plant comprises recurrently announcing respective updated context information descriptive of each of the devices included in an updated current set of data-generating devices; and
      
      an interval of the recurrent announcing is based on a tolerance of an application for lost data, the application being a consumer of at least some of the data generated by the each of the updated current set of data-generating devices, and the application executing at the another system.
  - 40. The method of claim 31, wherein receiving, at the field gateway via the process plant network, the data generated by the each of the one or more devices comprises receiving, at the field gateway via the process plant network, at least one of dynamic data generated by the one or more devices or diagnostic data generated as a result of a diagnosis or test of the one or more devices.
  - 41. The method of claim 31, wherein publishing, by the field gateway, the process plant data to the edge gateway across the data diode comprises publishing, by the field gateway using a HART-IP®
    - protocol, the process plant data to the edge gateway across the data diode.
  - 42. The method of claim 31, wherein publishing, by the field gateway, the process plant data to the edge gateway across the data diode comprises publishing, by the field gateway using a JSON format, the process plant data to the edge gateway across the data diode.
  - 43. The method of claim 31, wherein the data generated by the each of the one or more devices is provided, by the edge gateway, to the another system, the another system being configured to at least one of:
    - monitor conditions and/or events occurring at the process plant based on the generated data;
      
      sense the conditions and/or events occurring at the process plant based on the generated data;
      
      monitor at least a portion of a process being controlled by the process plant based on the generated data;
      
      perform descriptive analytics using the generated data;
      
      perform prescriptive analytics using the generated data;
      
      orgenerate, based on the generated data, a prescriptive function to modify at least a portion of the process plant.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fisher-Rosemount Systems Incorporated (Emerson Electric Company)
Original Assignee
Fisher-Rosemount Systems Incorporated (Emerson Electric Company)
Inventors
Rotvold, Eric, Nixon, Mark J.
Primary Examiner(s)
Waliullah, Mohammed

Application Number

US15/332,622
Publication Number

US 20180115516A1
Time in Patent Office

1,170 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/0209 Architectural arrangements,...

H04L 63/10 for controlling access to d...

Publishing data across a data diode for secured process control communications

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

43 Claims

Specification

Solutions

Use Cases

Quick Links

Publishing data across a data diode for secured process control communications

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

43 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links