System and method for authentication and fail-safe transmission of safety messages
First Claim
1. A system for fail-safe transmission of safety messages in a network environment, said system comprising:
- an intelligent sensor apparatus including a sensor, a sensor processor, and a sensor computer readable media including instructions to implement;
a first safety-certified application;
a first safety-certified layer; and
a first non-safety-certified layer wherein said first safety-certified layer is operative to generate a safety message and associated digital signature based upon state information received from said sensor; and
an intelligent actuator apparatus disposed to receive said safety message and said digital signature via a communications network communcatively coupled to said intelligent sensor apparatus, said intelligent actuator apparatus including an actuator, an actuator processor, and an actuator computer readable media including instructions to implement;
a second safety-certified application;
a second safety-certified layer; and
a second non-safety-certified layer wherein said second safety-certified layer is operative to use said digital signature in order to verify authenticity of said safety message and thereby enable said actuator to perform an action in accordance with said state information.
3 Assignments
0 Petitions
Accused Products
Abstract
A system and method for fail-safe transmission of safety messages through communication channels containing non-safety-certified equipment is disclosed herein. Consistent with the disclosed method, digital signatures and/or encryption are used to authenticate both the origin and content of the safety messages. A watchdog timer ensures transition to a safe state if authenticated messages are not received periodically. In a particular implementation, the disclosed method includes generating a safety message indicating the state of a sensor. A digital signature is then generated to sign this safety message. The method further includes communicating the safety message and the digital signature to an actuator. Upon receipt, the safety message is authenticated using the digital signature. A watchdog timer ensures transition to a safe state if authenticated messages are not received periodically.
-
Citations
36 Claims
-
1. A system for fail-safe transmission of safety messages in a network environment, said system comprising:
-
an intelligent sensor apparatus including a sensor, a sensor processor, and a sensor computer readable media including instructions to implement; a first safety-certified application; a first safety-certified layer; and a first non-safety-certified layer wherein said first safety-certified layer is operative to generate a safety message and associated digital signature based upon state information received from said sensor; and an intelligent actuator apparatus disposed to receive said safety message and said digital signature via a communications network communcatively coupled to said intelligent sensor apparatus, said intelligent actuator apparatus including an actuator, an actuator processor, and an actuator computer readable media including instructions to implement; a second safety-certified application; a second safety-certified layer; and a second non-safety-certified layer wherein said second safety-certified layer is operative to use said digital signature in order to verify authenticity of said safety message and thereby enable said actuator to perform an action in accordance with said state information. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. A method for fail-safe transmission of safety messages in a network environment comprising:
-
generating, at an intelligent sensor processor, a safety message and associated digital signature, wherein said safety message is generated in a first safety-certified layer based at least in part on state information received from an intelligent sensor and wherein said first safety-certified layer is operative in a first non-safety certified layer; sending, via a communications network, said safety message and said digital signature; receiving said safety message and said digital signature at an intelligent actuator apparatus, said intelligent actuator apparatus including an intelligent actuator processor; verifying in a second safety-certified layer of said intelligent actuator apparatus, using said intelligent actuator processor, said safety message using said digital signature, wherein said second safety-certified layer is operative in a second non-safety certified layer; and enabling, responsive to said verifying, an action at said intelligent actuator apparatus, wherein said action is based at least in part on said state information. - View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35)
-
-
36. A system for fail-safe transmission of safety messages in a network environment, said system comprising:
-
an intelligent sensor apparatus including a sensor element and a sensor hardware apparatus configured to provide; a first safety-certified application; a first safety-certified layer; and a first non-safety-certified layer wherein said first safety-certified layer is operative to generate a safety message and associated digital signature based upon state information received from said sensor element; and an intelligent actuator apparatus disposed to receive said safety message and said digital signature, said intelligent actuator including an actuator element and an actuator hardware apparatus configured to provide; a second safety-certified application, a second safety-certified layer, and a second non-safety-certified layer wherein said second safety-certified layer is operative to use said digital signature in order to verify authenticity of said safety message and thereby enable said actuator element to perform an action in accordance with said state information.
-
Specification