Integrated security in a process plant having a process control system and a safety system
First Claim
1. A security system for use in a process plant having a process control system that performs product manufacturing related control functions and a safety system that performs safety related control functions with respect to the process plant, comprising:
- a computer having a processor and a memory;
a process controller communicatively coupled to the computer and adapted to perform process control functionality using one or more process control field devices;
a safety system controller communicatively coupled to the computer and adapted to perform safety system functionality using one or more safety system field devices;
a security database adapted to store access privileges related to both the process control functionality and the safety system functionality;
one or more user applications stored in the memory of the computer and adapted to be executed on the processor to communicate process control system messages to or from the process controller and to communicate safety system messages to or from the safety controller; and
an integrated security application stored on the memory of the computer and adapted to be executed on the processor to use the security database to enable a user of the one or more user applications to access both the process controller and the safety system controller via the process control system messages and the safety system messages based on access privileges for the user stored in the security database.
1 Assignment
0 Petitions
Accused Products
Abstract
A process plant includes a safety system that is physically and logically integrated with a process control system such that the safety system and the process control system can use common security, communication and display hardware and software within the process plant while still providing functional isolation between the safety system controllers and the process control system controllers. This integrated process control and safety system uses a common data communication structure for both the safety system and the process control system so that applications can send data to and receive data from devices in either system in the same manner, e.g., using the same communication hardware and software. However, the common data communication structure is set up enable a security application to distinguish process control system devices from safety system devices using tags, addresses or other fields within the messages sent to or received from the devices, which enables data associated with the process control system to be distinguishable from data associated with the safety system, thereby enabling the security application within a user interface to automatically treat this data differently depending on the source (or destination) of the data.
69 Citations
67 Claims
-
1. A security system for use in a process plant having a process control system that performs product manufacturing related control functions and a safety system that performs safety related control functions with respect to the process plant, comprising:
-
a computer having a processor and a memory; a process controller communicatively coupled to the computer and adapted to perform process control functionality using one or more process control field devices; a safety system controller communicatively coupled to the computer and adapted to perform safety system functionality using one or more safety system field devices; a security database adapted to store access privileges related to both the process control functionality and the safety system functionality; one or more user applications stored in the memory of the computer and adapted to be executed on the processor to communicate process control system messages to or from the process controller and to communicate safety system messages to or from the safety controller; and an integrated security application stored on the memory of the computer and adapted to be executed on the processor to use the security database to enable a user of the one or more user applications to access both the process controller and the safety system controller via the process control system messages and the safety system messages based on access privileges for the user stored in the security database. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. A security system for use in a process plant having a process control system that performs product manufacturing related control related functions using one or more process control field devices and a safety system that performs safety related control functions using one or more safety field devices, the security system comprising:
-
a computer having a processor and a memory; a process controller communicatively coupled to the computer and adapted to perform process control system functionality using the one or more process control field devices; a safety system controller communicatively coupled to the computer and adapted to perform safety system functionality using the one or more safety system field devices; a security database adapted to store access privileges related to both the process control system functionality and the safety system functionality; one or more user applications stored in the memory of the computer and adapted to be executed on the processor to communicate process control system messages to or from the process controller and to communicate safety system messages to or from the safety system controller using a common communication format, wherein each message has a data field indicating whether the message is associated with a process control system entity or a safety system entity; and an integrated security application stored on the memory and adapted to be executed on the processor to distinguish whether an operation to be implemented by one of the one or more user applications is related to a process control system entity or to a safety system entity and to use the security database to enable a user of the one of the one or more user applications to perform the operation based on access privileges for the user stored in the security database. - View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43)
-
-
44. A security system for use in a process plant having a process control system with a process controller adapted to perform product manufacturing related control functionality using one or more process control field devices, a safety system having a safety system controller adapted to perform safety related control functionality using one or more safety system field devices, and a host computer having a processor communicatively coupled to the process controller and to the safety system controller and one or more user applications executed on the processor to communicate process control system messages to or from the process controller and to communicate safety system messages to or from the safety controller, the security system comprising:
-
a memory; a security database adapted to store access privileges related to both the process control system and the safety system; and a security application stored on the memory and adapted to be executed on the processor to enable the one or more user applications to access the process control system and the safety system via the process control system messages and the safety system messages based the access privileges stored in the security database. - View Dependent Claims (45, 46, 47, 48, 49, 50, 51, 52, 53)
-
-
54. A method of performing security procedures in a process plant having a process control system with a process controller adapted to perform product manufacturing control functionality using one or more process control field devices and a safety system having a safety system controller adapted to perform safety related functionality using one or more safety system field devices, the method comprising:
-
storing access privileges related to both the process control system and the safety system in a security database; detecting whether an action to be taken with respect to the process plant is an action related to the process control system or to the safety system; determining an appropriate set of access privileges from the security database based on whether the action to be taken is related to the process control system or to the safety system; and preventing or allowing the action to be taken based on the appropriate set of access privileges. - View Dependent Claims (55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67)
-
Specification