Method and system for integration of wireless devices with a distributed control system

US 8,406,220 B2
Filed: 12/30/2005
Issued: 03/26/2013
Est. Priority Date: 12/30/2005
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

loading first and second gateway security keys into first and second gateway nodes, respectively, by a key server;

communicating to the key server first and second gateway authentication information from the first and second gateway nodes, respectively, wherein the first and second gateway authentication information is prepared using the first and second gateway security keys, respectively;

authenticating the first and second gateway nodes at the key server using the first and second gateway authentication information, respectively;

loading a leaf node security key into a leaf node by the key server;

communicating leaf node authentication information from the leaf node to the key server via at least one of the first and second gateway nodes, wherein the leaf node authentication information is prepared using the leaf node security key;

authenticating the leaf node at the key server using the leaf node authentication information;

receiving a subscription message from a process data consumer at one or more of the first and second gateway nodes, the subscription message identifying the leaf node and requesting that information supplied by the leaf node be published at a first rate;

determining first and second communication paths from the leaf node to the first and second gateway nodes, respectively;

repeatedly encrypting leaf node information using the leaf node security key and sending, at a second rate, wireless messages from the leaf node to the first and second gateway nodes via the first and second communication paths, respectively, wherein the wireless messages comprise the encrypted leaf node information;

receiving, by at least one of the first and second gateway nodes, the wireless messages sent by the leaf node at the second rate;

decrypting, at one or more of the first and second gateway nodes, the encrypted leaf node information; and

communicating, by the one or more of the first and second gateway nodes, the decrypted leaf node information to the process data consumer at the first rate.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method includes determining first and second communication paths from a leaf node of a plurality of leaf nodes to first and second gateway nodes, respectively, of a plurality of gateway nodes. The first and second communication paths may include first and second intermediate nodes, respectively, of a plurality of intermediate nodes. A wireless message is sent from the leaf node to the first and second gateway nodes via the first and second communication paths, respectively. Information in the wireless message is communicated from at least one of the first and second gateway nodes to a component of a process control system.

54 Citations

View as Search Results

21 Claims

1. A method comprising:
- loading first and second gateway security keys into first and second gateway nodes, respectively, by a key server;
  
  communicating to the key server first and second gateway authentication information from the first and second gateway nodes, respectively, wherein the first and second gateway authentication information is prepared using the first and second gateway security keys, respectively;
  
  authenticating the first and second gateway nodes at the key server using the first and second gateway authentication information, respectively;
  
  loading a leaf node security key into a leaf node by the key server;
  
  communicating leaf node authentication information from the leaf node to the key server via at least one of the first and second gateway nodes, wherein the leaf node authentication information is prepared using the leaf node security key;
  
  authenticating the leaf node at the key server using the leaf node authentication information;
  
  receiving a subscription message from a process data consumer at one or more of the first and second gateway nodes, the subscription message identifying the leaf node and requesting that information supplied by the leaf node be published at a first rate;
  
  determining first and second communication paths from the leaf node to the first and second gateway nodes, respectively;
  
  repeatedly encrypting leaf node information using the leaf node security key and sending, at a second rate, wireless messages from the leaf node to the first and second gateway nodes via the first and second communication paths, respectively, wherein the wireless messages comprise the encrypted leaf node information;
  
  receiving, by at least one of the first and second gateway nodes, the wireless messages sent by the leaf node at the second rate;
  
  decrypting, at one or more of the first and second gateway nodes, the encrypted leaf node information; and
  
  communicating, by the one or more of the first and second gateway nodes, the decrypted leaf node information to the process data consumer at the first rate.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein:
    - determining the first and second communication paths comprises determining the first communication path via a first intermediate node and determining the second communication path via a second intermediate node; and
      
      sending the wireless messages from the leaf node to the first and second gateway nodes comprises sending the wireless messages via the first and second intermediate nodes, respectively.
  - 3. The method of claim 2, wherein:
    - determining the second communication path further comprises determining the second communication path via a third intermediate node; and
      
      sending the wireless messages from the leaf node to the second gateway node further comprises sending at least some of the wireless messages via the third intermediate node.
  - 4. The method of claim 2, wherein, in response to an error in sending at least one of the wireless messages from the leaf node to the second gateway node via the second intermediate node, the method further comprises:
    - determining a third communication path from the leaf node to the second gateway node via a third intermediate node; and
      
      sending at least some of the wireless messages from the leaf node to the second gateway node via the third intermediate node.
  - 5. The method of claim 1, wherein the leaf node information encrypted at the leaf node is encrypted using the leaf node security key before sending the wireless messages to the first and second gateway nodes.
  - 6. The method of claim 2, further comprising:
    - loading first and second intermediate node security keys into the first and second intermediate nodes, respectively;
      
      communicating first and second intermediate node authentication information from the first and second intermediate nodes, respectively, to the key server, wherein the first and second intermediate node authentication information is prepared using the first and second intermediate node security keys, respectively; and
      
      authenticating the first and second intermediate nodes at the key server using the first and second intermediate node authentication information, respectively.
  - 7. The method of claim 6, wherein the leaf node information encrypted at the leaf node is encrypted using the leaf node security key before sending the wireless messages to the first and second gateway nodes.
  - 8. The method of claim 1, wherein the first gateway node comprises a cache memory, the method further comprising:
    - receiving at the first gateway node a request from the process data consumer for the leaf node information;
      
      if the leaf node information is not stored in the cache memory of the first gateway node;
      
      sending a request to the leaf node requesting the leaf node information, wherein the wireless messages are received from the leaf node in response to the request from the first gateway node; and
      
      storing the leaf node information from the wireless messages in the cache memory;
      
      if the leaf node information is stored in the cache memory of the first gateway node, retrieving the leaf node information from the cache memory; and
      
      communicating the leaf node information to the process data consumer in response to the request from the process data consumer.
  - 9. The method of claim 1, further comprising:
    - in response to a failure of at least one of the communication paths and a determination that a single point of failure for communication with the leaf node exists, generating a notice to a system operator identifying the at least one failed communication path and a warning that fully redundant communication pathways can no longer be established.
  - 10. The method of claim 1, further comprising:
    - exchanging the leaf node information directly between the first and second gateway nodes via a wireless path between the first and second gateway nodes; and
      
      upon a determination, at the second gateway node, that at least one of the wireless messages from the leaf node to the second gateway node is incomplete, using the leaf node information from the first gateway node to complete the at least one of the wireless messages.
  - 11. The method of claim 1, further comprising:
    - encrypting the leaf node information at the leaf node using an encryption key provided to the leaf node by the key server during an authentication procedure;
      
      wherein decrypting the leaf node information at one or more of the first and second gateway nodes comprises using the key server to decrypt the leaf node information at one or more of the first and second gateway nodes.

12. A system, comprising:
- first and second gateway nodes each configured to communicate with a process data consumer and to communicate wirelessly with a leaf node; and
  
  a key server configured to;
  
  communicate with the first and second gateway nodes; and
  
  authenticate the first and second gateway nodes and the leaf node using authentication information received from the first and second gateway nodes and the leaf node,wherein;
  
  the first gateway node is further configured to determine a first communication path from the leaf node to the first gateway node;
  
  the second gateway node is further configured to determine a second communication path from the leaf node to the second gateway node;
  
  the first and second gateway nodes are further configured to;
  
  load first and second gateway security keys, respectively, the first and second gateway security keys created by the key server;
  
  prepare first and second gateway authentication information using the first and second gateway security keys, respectively;
  
  communicate the first and second gateway authentication information, respectively, to the key server for authentication; and
  
  communicate wirelessly with the leaf node, wherein at least one of the first and second gateway nodes is configured to receive a subscription message from the process data consumer, wherein the subscription message identifies the leaf node, requests information supplied by the leaf node, and requests that the information be published at a first rate;
  
  the leaf node is configured to;
  
  load a leaf node security key created by the key server;
  
  send to at least one of the first and second gateway nodes a wireless leaf node authentication message comprising leaf node authentication information prepared using the leaf node security key; and
  
  repeatedly encrypt leaf node information using the leaf node security key and send, at a second rate, a wireless messages containing the encrypted leaf node information to the first and second gateway nodes;
  
  the first and second gateway nodes are further configured to;
  
  communicate the leaf node authentication information to the key server for authentication;
  
  receive the wireless messages from the leaf node via the first and second communication paths, respectively, at the second rate; and
  
  decrypt the encrypted leaf node information; and
  
  at least one of the first and second gateway nodes is further configured to send the decrypted leaf node information to the process data consumer at the first rate.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
- - 13. The system of claim 12, further comprising:
    - first and second intermediate nodes each configured to communicate wirelessly with at least one of the gateway nodes and with the leaf node;
      
      wherein;
      
      the first intermediate node is further configured to determine the first communication path from the leaf node to the first gateway node via the first intermediate node;
      
      the second intermediate node is further configured to determine the second communication path from the leaf node to the second gateway node via the second intermediate node; and
      
      the first and second intermediate nodes are further configured to route the wireless messages from the leaf node to the first and second gateway nodes, respectively.
  - 14. The system of claim 13, wherein:
    - a third intermediate node is configured to determine the second communication path from the leaf node to the second gateway node via the third intermediate node; and
      
      the third intermediate node is further configured to route the wireless messages from the leaf node to the second gateway node.
  - 15. The system of claim 13, wherein, in response to an error in sending at least one of the wireless messages from the leaf node to the second gateway node via the second intermediate node:
    - a third intermediate nodes is configured to determine a third communication path from the leaf node to the second gateway node via the third intermediate node; and
      
      the third intermediate node is further configured to route at least some of the wireless messages from the leaf node to the second gateway node.
  - 16. The system of claim 12, wherein the leaf node is further configured to encrypt the leaf node information using the leaf node security key before sending the wireless messages to the first and second gateway nodes.
  - 17. The system of claim 13, wherein:
    - the first and second intermediate nodes are further configured to;
      
      load first and second intermediate node security keys, respectively;
      
      prepare first and second intermediate node authentication information using the first and second intermediate node security keys, respectively; and
      
      communicate the first and second intermediate node authentication information, respectively, to the key server for authentication; and
      
      the leaf node is further configured to send the wireless leaf node authentication message to the at least one of the first and second gateway nodes via at least one of the first and second intermediate nodes.
  - 18. The system of claim 17, wherein the leaf node is further configured to encrypt the leaf node information using the leaf node security key before sending the wireless messages to the first and second gateway nodes via the first and second intermediate nodes, respectively.
  - 19. The system of claim 12, wherein:
    - the first gateway node comprises a cache memory; and
      
      the first gateway node is further configured to;
      
      receive a request from the process data consumer for the leaf node information;
      
      if the leaf node information is not stored in the cache memory of the first gateway node;
      
      send a request to the leaf node requesting the leaf node information, wherein the wireless messages are received from the leaf node in response to the request from the first gateway node; and
      
      store the leaf node information from the wireless messages in the cache memory;
      
      if the leaf node information is stored in the cache memory of the first gateway node, retrieve the leaf node information from the cache memory; and
      
      communicate the leaf node information to the process data consumer in response to the request from the process data consumer.

20. A system, comprising:
- a key server;
  
  first and second gateway nodes each configured to communicate wirelessly with a leaf node; and
  
  first and second intermediate nodes each configured to communicate wirelessly with at least one of the gateway nodes and with the leaf node;
  
  wherein;
  
  at least one of the first and second gateway nodes is configured to receive a subscription message from a process data consumer, wherein the subscription message identifies the leaf node, requests information supplied by the identified leaf node, and requests that the information be published at a first rate;
  
  the identified leaf node is configured to;
  
  load a security key created by the key server;
  
  repeatedly encrypt leaf node information using the security key and send, at a second rate, wireless messages to the first and second gateway nodes via the first and second intermediate nodes, respectively, wherein each of the wireless messages comprises the encrypted leaf node information; and
  
  the first and second gateway nodes are configured to;
  
  receive the wireless messages sent by the leaf node at the second rate;
  
  decrypt the encrypted leaf node information; and
  
  send the decrypted leaf node information to the process data consumer at the first rate.
- View Dependent Claims (21)
- - 21. The system of claim 20, wherein the first and second gateway nodes are further configured to exchange the leaf node information with each other.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Honeywell International Inc.
Original Assignee
Honeywell International Inc.
Inventors
McLaughlin, Paul F., Samad, Tariq, Chernoguzov, Alexander
Primary Examiner(s)
Banks Harold, Marsha D.
Assistant Examiner(s)
WYLLIE, CHRISTOPHER T

Application Number

US11/323,488
Publication Number

US 20070153677A1
Time in Patent Office

2,643 Days
Field of Search

370/310, 370/218, 370/225, 370/331, 455/404.1, 455/403, 707/104.1, 713/177, 709/203, 738/66
US Class Current

370/351
CPC Class Codes

H04L 45/00   Routing or path finding of ...

H04L 45/24   Multipath

H04L 45/28   using route fault recovery

H04L 51/58   Message adaptation for wire...

H04L 63/0428   wherein the data content is...

H04L 63/06   for supporting key manageme...

H04L 63/08   for authentication of entit...

H04W 12/068   using credential vaults, e....

H04W 12/069   using certificates or pre-s...

H04W 4/38   for collecting sensor infor...

H04W 40/02   Communication route or path...

H04W 84/18   Self-organising networks, e...

Method and system for integration of wireless devices with a distributed control system

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

54 Citations

21 Claims

Specification

Use Cases

Quick Links

Others

Method and system for integration of wireless devices with a distributed control system

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

54 Citations

21 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others