Security system and method for an industrial automation system

US 7,530,113 B2
Filed: 07/29/2004
Issued: 05/05/2009
Est. Priority Date: 07/29/2004
Status: Active Grant

First Claim

Patent Images

1. An industrial automation system comprising:

a security access device;

an industrial automation device;

a user interface configured to provide a user with access to data stored inside the industrial automation device;

a first security interface configured to receive information from the access device and, based on the information received from the access device, to provide authorization for the user to access the data stored inside the industrial automation device using the user interface;

a second security interface;

a communication network coupled between (i) the combination of the industrial automation device and the first security interface, and (ii) the combination of the user interface and the second security interface;

a plurality of additional automation devices coupled to the communication network;

a plurality of additional user interfaces coupled to the communication network; and

a plurality of additional security interfaces, wherein the plurality of additional security interfaces are respectively associated with different ones of the plurality of additional automation devices and the plurality of additional user interfaces;

wherein communication between participants formed of combinations of respective ones of the plurality of additional automation devices requires, at least in some instances, authentication of at least one of the participants in the communication, the authentication being performed using the security interfaces associated with the participants in the communication; and

wherein communication between participants formed of combinations of respective ones of the plurality of additional automation devices with respective ones of the plurality of additional user interfaces requires, at least in some instances, the authentication of the respective user interface by the security interface of the respective automation device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An industrial automation system comprises a security access device, an industrial automation device, a user interface, and a security interface. The user interface is configured to provide a user with access to data stored inside the industrial automation device. The security interface is configured to receive information from the access device and, based on the information received from the access device, to provide authorization for the user to access the data stored inside the industrial automation device using the user interface.

148 Citations

81 Claims

1. An industrial automation system comprising:
- a security access device;
  
  an industrial automation device;
  
  a user interface configured to provide a user with access to data stored inside the industrial automation device;
  
  a first security interface configured to receive information from the access device and, based on the information received from the access device, to provide authorization for the user to access the data stored inside the industrial automation device using the user interface;
  
  a second security interface;
  
  a communication network coupled between (i) the combination of the industrial automation device and the first security interface, and (ii) the combination of the user interface and the second security interface;
  
  a plurality of additional automation devices coupled to the communication network;
  
  a plurality of additional user interfaces coupled to the communication network; and
  
  a plurality of additional security interfaces, wherein the plurality of additional security interfaces are respectively associated with different ones of the plurality of additional automation devices and the plurality of additional user interfaces;
  
  wherein communication between participants formed of combinations of respective ones of the plurality of additional automation devices requires, at least in some instances, authentication of at least one of the participants in the communication, the authentication being performed using the security interfaces associated with the participants in the communication; and
  
  wherein communication between participants formed of combinations of respective ones of the plurality of additional automation devices with respective ones of the plurality of additional user interfaces requires, at least in some instances, the authentication of the respective user interface by the security interface of the respective automation device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41)
- - 2. A system according to claim 1, wherein the industrial automation device comprises a motor drive.
  - 3. A system according to claim 2, wherein the motor drive is a stand-alone motor drive not connected to an industrial automation control network.
  - 4. A system according to claim 1, wherein the industrial automation device comprises an automation controller.
  - 5. A system according to claim 1, wherein the first security interface is configured to compare the information from the access device with stored information associated with the user.
  - 6. A system according to claim 5, wherein the information received from the access device is a first unique code, and wherein the stored information comprises a second unique code associated with the access device and with the user.
  - 7. A system according to claim 6, wherein the security interface compares the first unique code with the second unique code to determine whether a match exists.
  - 8. A system according to claim 6, wherein the access device is a handheld card.
  - 9. A system according to claim 6, wherein the access device is a key fob.
  - 10. A system according to claim 6, wherein the second unique code is one of a plurality of codes stored in a database and associated with a plurality of different users, and wherein the database further stores access rights information for the plurality of different users.
  - 11. A system according to claim 5, wherein the information received from the access device is biometric information, and wherein the stored information comprises biometric information associated with the user.
  - 12. A system according to claim 11, wherein the first security interface compares the biometric information received from the access device with the stored biometric information associated with the user to determine whether a match exists.
  - 13. A system according to claim 11, wherein the access device is a fingerprint reader.
  - 14. A system according to claim 11, wherein the access device is a retinal scanner.
  - 15. A system according to claim 11, wherein the biometric information is stored in a database along with other biometric information associated with a plurality of different users, and wherein the database further stores access rights information for the plurality of different users.
  - 16. A system according to claim 1,wherein first security interface receives the information from the access device indirectly by way of the first security interface,wherein the first security interface uses the information identifying the user to determine access rights of the user, andwherein the first security interface permits access to the data stored inside the industrial automation device based on a determination that the access rights of the user permit access to the data.
  - 17. A system according to claim 16,wherein the industrial automation device is a first industrial automation device,wherein the system further comprises a third security interface and a second industrial automation device, andwherein the communication network is coupled between (i) the combination of the first industrial automation device and the first security interface, (ii) the combination of the user interface and the second security interface, and (iii) the combination of the second industrial automation device and the third security interface.
  - 18. A system according to claim 17, wherein the third security interface cooperates with the first security interface to provide the second automation device with access to the data stored inside the first industrial automation device.
  - 19. A system according to claim 18,wherein the third security interface transmits information identifying the second automation device to the first security interface,wherein the first security interface uses the information identifying the second automation device to determine access rights of the second automation device, andwherein the first security interface permits access to the data stored inside the first industrial automation device based on a determination that the access rights of the second automation device permit access to the data.
  - 20. A system according to claim 1, further comprising an information server configured to standardize communication from different ones of the plurality of additional automation devices, manufacturing execution systems, and external business computing systems.
  - 21. A system according to claim 20, wherein the information server comprises a directory module configured to provide a common address book for parameters associated with different ones of the plurality of automation devices.
  - 22. A system according to claim 21, wherein the information server further comprises a real-time data module configured to provide access to real-time information from the plurality of industrial automation devices.
  - 23. A system according to claim 22, wherein the information server further comprises a data model module configured to provide a common terminology to describe manufacturing operations.
  - 24. A system according to claim 22, wherein the information server further comprises a portal module configured to provide access to information stored in the plurality of industrial automation devices to workstations remotely connected to the industrial automation system by way of the Internet.
  - 25. A system according to claim 22, wherein the information server further comprises an audit module configured to maintain a comprehensive list of changes made to the plurality of industrial automation devices.
  - 26. A system according to claim 1, wherein the user interface comprises a viewer tool configured to display trending, alarming, and other runtime information pertaining to the industrial automation device and the plurality of additional automation devices.
  - 27. A system according to claim 1, wherein the user interface comprises a viewer tool configured to provide real time animation of the equipment controlled by the industrial automation device and the plurality of additional automation devices.
  - 28. A system according to claim 1, wherein the user interface comprises an analysis tool configured to provide information regarding the performance of the industrial automation system, the analysis tool including tools configured to provide information regarding causes of downtime, efficiency of equipment, scrap/defect rates, and drifting parameters.
  - 29. A system according to claim 1, wherein the user interface comprises a historian tool configured to analyze historical information regarding past performance of the industrial automation system to provide information regarding process variability.
  - 30. A system according to claim 1, wherein the user interface comprises a scheduler tool configured to provide information useable to develop a schedule to track labor, material, and equipment resources.
  - 31. A system according to claim 30, wherein the scheduler tool is configured to provide scheduling information as a function of shift patterns, labor/tooling/material availability, planned maintenance, current loading, and capacities.
  - 32. A system according to claim 30, wherein the scheduler tool is configured to provide information regarding production sequences, information regarding the effects of schedule changes, and information regarding delivery dates.
  - 33. A system according to claim 1, wherein the user interface comprises a configuration tool useable to centrally manage configuration of the industrial automation device and the plurality of additional industrial automation devices.
  - 34. A system according to claim 1, wherein the user interface comprises a diagnostics tool configured to display diagnostic messages generated by the industrial automation device and the plurality of additional industrial automation devices.
  - 35. A system according to claim 1, wherein the user interface comprises a reporting/audit trail tool configured to generate detailed reports showing an audit trail of changes to one or more of the industrial automation device and the plurality of additional industrial automation devices the automation system.
  - 36. A system according to claim 1, wherein the user interface comprises a messenger tool configured to provide alarm annunciation, paging, and messaging based on the information accessed from the industrial automation device and the plurality of additional industrial automation devices.
  - 37. A system according to claim 1, wherein the user interface comprises an inventory management tool configured to provide information concerning consumption of raw materials and other resources in the industrial automation system.
  - 38. A system according to claim 1, wherein the user interface is connected to the industrial automation device by way of the Internet.
  - 39. A system according to claim 1, wherein the user interface is configured to display a login screen to the user to obtain a user password.
  - 40. A system according to claim 1, wherein the security interface is integrally provided with the user interface.
  - 41. A system according to claim 1, wherein the security interface is integrally provided with the industrial automation device.

42. An industrial automation system comprising:
- a user interface;
  
  a security access device;
  
  a plurality of security interfaces;
  
  a communication network;
  
  a plurality of motor drives coupled to each other by way of the communication network, each respective motor drive having associated therewith a respective one of the plurality of security interfaces, the respective security interface being configured to receive information from the access device and, based on the information received from the access device, to provide authorization for the user to access the data stored inside the respective motor drive using the user interface;
  
  a plurality of automation controllers coupled to each other and to the plurality of motor drives by way of the communication network, each respective automation controller having associated therewith a respective one of the plurality of security interfaces, the respective security interface being configured to receive information from the access device and, based on the information received from the access device, to provide authorization for the user to access the data stored inside the respective automation controller using the user interface;
  
  wherein at least one of the plurality of automation controllers is configured to transmit messages to other ones of the plurality of automation controllers that may have also received the information from the security access device, the message alerting the plurality of automation controllers that access is in the process of being granted or has been granted to at least one of the plurality of automation controllers.
- View Dependent Claims (43, 44, 45, 46, 47)
- - 43. A system according to claim 42, wherein the communication network comprises a plurality of sub-networks including a control communication network and an enterprise information communication network, wherein the user interface is a first workstation, wherein the system further comprises a plurality of additional workstations coupled to the enterprise information communication network, and wherein the plurality of automation controllers and the plurality of motor drives are connected to the control communication network.
  - 44. A system according to claim 43, wherein the system further comprises an information server coupled to the control communication network and to the enterprise information communication network.
  - 45. A system according to claim 42, wherein the user interface is associated with one of the plurality of security interfaces, and wherein the security interface associated with the user interface cooperates with the security interfaces associated with the plurality of motor drives and the security interfaces respectively associated with the plurality of automation controllers to provide the user with access to the data stored inside the plurality of motor drives and the plurality of automation controllers.
  - 46. A system according to claim 42, wherein the access device is a hand-held device having a wireless transmitter.
  - 47. A system according to claim 42, wherein the access device is configured to receive biometric information from the user.

48. A method of providing a user with access to data stored in an industrial automation device, comprising:
- receiving a wireless signal from a hand-held security access device in the possession of the user;
  
  processing the wireless signal to determine a password associated with the hand-held security access device;
  
  presenting the user with a password prompt on a login screen using a user interface associated with the industrial automation device;
  
  receiving a password from the user via the password prompt;
  
  comparing the password received from the user with the password associated with the hand-held security access device to confirm that the user has entered the correct password;
  
  identifying the user based on the wireless signal from the hand-held security access device and/or based on information received from the user via the user interface;
  
  determining access rights of the user based on the identity of the user; and
  
  providing access to the data stored in the industrial automation device in accordance with the access rights of the user;
  
  wherein the industrial automation device is a first industrial automation device, and wherein the method further comprises transmitting a message from the industrial automation device to other industrial automation devices that may have also received the wireless signal from the hand-held security access device, the message alerting the other industrial automation devices that access is in the process of being granted or has been granted at the first industrial automation device.
- View Dependent Claims (49, 50, 51)
- - 49. A method according to claim 48, wherein processing the wireless signal to determine the password comprises retrieving the password from a database based on information contained in the wireless signal.
  - 50. A method according to claim 48, wherein the user is presented with the login screen responsive to reception of the wireless signal from the hand-held security access device.
  - 51. A method according to claim 48, further comprising preventing access at the other industrial automation devices responsive to the message transmitted from the first industrial automation device.

52. An industrial automation system comprising:
- a communication network;
  
  a security access device;
  
  a security interface configured to receive information from the security access device and to compare the information from the security access device with stored information associated with a user;
  
  a user interface coupled to the security interface and to the communication network;
  
  a plurality of motor drives coupled to each other by way of the communication network;
  
  a plurality of automation controllers coupled to each other and to the plurality of motor drives by way of the communication network;
  
  a security module configured to provide the user with access via the user interface to data stored in the plurality of motor drives and to data stored in the plurality of automation controllers based on an authentication of the user using the security access device; and
  
  an information server configured to standardize communication from different ones of a plurality of additional automation devices, manufacturing execution systems, and external business computing systems.
- View Dependent Claims (53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81)
- - 53. A system according to claim 52, wherein the information received from the access device is a first unique code, and wherein the stored information comprises a second unique code associated with the access device and with the user.
  - 54. A system according to claim 53, wherein the security interface compares the first unique code with the second unique code to determine whether a match exists.
  - 55. A system according to claim 53, wherein the access device is a handheld card.
  - 56. A system according to claim 53, wherein the access device is a key fob.
  - 57. A system according to claim 53, wherein the second unique code is one of a plurality of codes stored in a database and associated with a plurality of different users, and wherein the database further stores access rights information for the plurality of different users.
  - 58. A system according to claim 52, wherein the information received from the access device is biometric information, and wherein the stored information comprises biometric information associated with the user.
  - 59. A system according to claim 58, wherein the security interface compares the biometric information received from the access device with the stored biometric information associated with the user to determine whether a match exists.
  - 60. A system according to claim 58, wherein the access device is a fingerprint reader.
  - 61. A system according to claim 58, wherein the access device is a retinal scanner.
  - 62. A system according to claim 58, wherein the biometric information is stored in a database along with other biometric information associated with a plurality of different users, and wherein the database further stores access rights information for the plurality of different users.
  - 63. A system according to claim 52, wherein the information server comprises a directory module configured to provide a common address book for parameters associated with different ones of the plurality of additional automation devices.
  - 64. A system according to claim 52, wherein the information server further comprises a real-time data module configured to provide access to real-time information from the plurality of additional industrial automation devices.
  - 65. A system according to claim 52, wherein the information server further comprises a data model module configured to provide a common terminology to describe manufacturing operations.
  - 66. A system according to claim 52, wherein the information server further comprises a portal module configured to provide access to information stored in the plurality of industrial automation devices to workstations remotely connected to the industrial automation system by way of the Internet.
  - 67. A system according to claim 52, wherein the information server further comprises an audit module configured to maintain a comprehensive list of changes made to the plurality of additional industrial automation devices.
  - 68. A system according to claim 52, wherein the user interface comprises a viewer tool configured to display trending, alarming, or a combination thereof, pertaining to the plurality of automation controllers and the plurality of motor drives.
  - 69. A system according to claim 52, wherein the user interface comprises a viewer tool configured to provide real time animation of the equipment controlled by an industrial automation device and the plurality of additional automation devices.
  - 70. A system according to claim 52, wherein the user interface comprises an analysis tool configured to provide information regarding the performance of the industrial automation system, the analysis tool including tools configured to provide information regarding causes of downtime, efficiency of equipment, scrap/defect rates, and drifting parameters.
  - 71. A system according to claim 52, wherein the user interface comprises a historian tool configured to analyze historical information regarding past performance of the industrial automation system to provide information regarding process variability.
  - 72. A system according to claim 52, wherein the user interface comprises a scheduler tool configured to provide information useable to develop a schedule to track labor, material, and equipment resources.
  - 73. A system according to claim 72, wherein the scheduler tool is configured to provide scheduling information as a function of shift patterns, labor/tooling/material availability, planned maintenance, current loading, and capacities.
  - 74. A system according to claim 72, wherein the scheduler tool is configured to provide information regarding production sequences, information regarding the effects of schedule changes, and information regarding delivery dates.
  - 75. A system according to claim 52, wherein the user interface comprises a configuration tool useable to centrally manage configuration of the industrial automation device and the plurality of additional industrial automation devices.
  - 76. A system according to claim 52, wherein the user interface comprises a diagnostics tool configured to display diagnostic messages generated by the industrial automation device and the plurality of additional industrial automation devices.
  - 77. A system according to claim 52, wherein the user interface comprises a reporting/audit trail tool configured to generate detailed reports showing an audit trail of changes to one or more of the industrial automation device and the plurality of additional industrial automation devices the automation system.
  - 78. A system according to claim 52, wherein the user interface comprises a messenger tool configured to provide alarm annunciation, paging, and messaging based on the information accessed from the industrial automation device and the plurality of additional industrial automation devices.
  - 79. A system according to claim 52, wherein the user interface comprises an inventory management tool configured to provide information concerning consumption of raw materials and other resources in the industrial automation system.
  - 80. A system according to claim 52, wherein the user interface is connected to the industrial automation device by way of the Internet.
  - 81. A system according to claim 52, wherein the communication network comprises a plurality of separate sub-networks.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Rockwell Automation Technologies Incorporated (Allen-Bradley Co., Inc.)
Original Assignee
Rockwell Automation Technologies Incorporated (Allen-Bradley Co., Inc.)
Inventors
Braun, Scott D.
Primary Examiner(s)
Simitoski; Michael J

Application Number

US10/902,453
Publication Number

US 20060026672A1
Time in Patent Office

1,741 Days
Field of Search

726/28, 726/4, 726/17, 713/168, 713/172, 713183-186, 709224-225, 700/9, 700/237, 700/83
US Class Current

726/28
CPC Class Codes

G05B 19/042   using digital processors G0...

G05B 2219/24159   Several levels of security,...

G05B 2219/24162   Biometric sensor, fingerpri...

G05B 2219/24167   Encryption, password, user ...

G05B 2219/24168   Identify connected programm...

G07C 9/22   in combination with an iden...

Y02P 90/80   Management or planning

Security system and method for an industrial automation system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

148 Citations

81 Claims

Specification

Solutions

Use Cases

Quick Links

Security system and method for an industrial automation system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

148 Citations

81 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links