Method and system for secure data transmission

US 8,537,726 B2
Filed: 11/13/2007
Issued: 09/17/2013
Est. Priority Date: 11/15/2006
Status: Active Grant

First Claim

Patent Images

1. A method for secure data transmission between at least a first and a second station of a communications system designed for serial data transmission between said stations, with the first station comprising a first evaluator and the second station comprising a second evaluator, the method comprising:

transmitting a data report from the first station to the second station;

checking said data report by means of the second evaluator arranged in the second station;

transmitting an acknowledgement report from the second station to the first station depending on the results of the check of the data report; and

checking the acknowledgement report by means of the first evaluator arranged in the first station, wherein a redundant evaluation of safety-oriented data is performed, wherein said safety-oriented data serves to control safety-relevant processes of a machine or installation;

wherein in said evaluation the first and second evaluators respectively form one part of a corresponding pair of evaluators for achieving a shared redundancy,wherein each of the first and second evaluators is adapted to incorporate a functionality of the respective other evaluator; and

wherein said functionality comprises the ability to evaluate at least one of safety-oriented input data of a sensor and safety-oriented output data of an actuator.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system are disclosed that secure data transmission in a communications system employed to control safety-relevant processes, through the provision of cooperating evaluators arranged in a shared manner in communications stations in order to evaluate safety-oriented data in a simple and cost-effective way. In the disclosed method, a data report is transmitted from a first station, by means of a communications system designed for serial data transmission, to a second station and said data report is checked by means of a second evaluator arranged in the second station. Depending on the results of the check of the data report, an acknowledgement report is transmitted from the second station to the first station, which acknowledgement report likewise is checked by the evaluator arranged in the first station. Furthermore, the disclosed system carries out the method.

17 Citations

32 Claims

1. A method for secure data transmission between at least a first and a second station of a communications system designed for serial data transmission between said stations, with the first station comprising a first evaluator and the second station comprising a second evaluator, the method comprising:
- transmitting a data report from the first station to the second station;
  
  checking said data report by means of the second evaluator arranged in the second station;
  
  transmitting an acknowledgement report from the second station to the first station depending on the results of the check of the data report; and
  
  checking the acknowledgement report by means of the first evaluator arranged in the first station, wherein a redundant evaluation of safety-oriented data is performed, wherein said safety-oriented data serves to control safety-relevant processes of a machine or installation;
  
  wherein in said evaluation the first and second evaluators respectively form one part of a corresponding pair of evaluators for achieving a shared redundancy,wherein each of the first and second evaluators is adapted to incorporate a functionality of the respective other evaluator; and
  
  wherein said functionality comprises the ability to evaluate at least one of safety-oriented input data of a sensor and safety-oriented output data of an actuator.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The method according to claim 1, with serial data transmission occurring between the stations by means of a data transmission protocol.
  - 3. The method according to claim 1, with serial data transmission occurring between the stations by means of a serial bus of wired or wireless design.
  - 4. The method according to claim 1, with the first and/or second station being designed as a sensor or actuator of an automation system.
  - 5. The method according to claim 1, with the data report comprising an input or output signal of a sensor or actuator.
  - 6. The method according to claim 1, with a check of the data report and/or of the acknowledgement report comprising a check for plausibility of the data contained in said report.
  - 7. The method according to claim 1, with a check of the acknowledgement report comprising a comparison of data contained in the acknowledgement report with data contained in the data report.
  - 8. The method according to claim 1, with the acknowledgment report comprising an additional valid data report.
  - 9. The method according to claim 1, with a controller or sensor that does not include an evaluator being switched between the first and second station.
  - 10. The method according to claim 9, with the controller or sensor being designed as a mechanical element.
  - 11. The method according to claim 1, with a monitoring circuit being assigned to each evaluator, wherein the monitoring circuit monitors the data stream to and/or from the associated evaluator for validity according to a specified protocol and, in the event of a fault, sets the associated evaluator and/or the sensor or actuator controlled by means of the associated evaluator to a secure status.
  - 12. The method according to claim 11, with monitoring of the data stream by means of the monitoring circuit comprising the recognition of a specified pattern.
  - 13. The method according to claim 11, with the monitoring circuit monitoring the functional capability of the associated evaluator.
  - 14. The method according to claim 1, with the check of the data report by the second evaluator, the check of the acknowledgement report by the first evaluator, the monitoring of a data stream by means of a monitoring circuit and/or the monitoring of the functional capability of associated evaluator by means of the monitoring circuit occurring by means of execution of a function stored in an executing station, and with, prior to execution of the function, parts of the function to be executed and/or parameters for executing the function being transmitted from an additional station to the executing station.
  - 15. The method according to claim 1, with the communications system comprising the first and second station being designed as a master/slave system, with the first or second station being designed as the master.
  - 16. The method according claim 1, with the first or second station being connected to a higher-level bus system.

17. A system for transmission of safety-oriented data for control of an automation system, comprising:
- a serial communications system having at least a first and a second station connected thereto;
  
  a first evaluator arranged in the first station; and
  
  a second evaluator arranged in the second station, with the second evaluator being designed in order to check a data report received from the first station and in order to generate an acknowledgement report depending on the results of the check of the data report, the first evaluator being designed in order to check the acknowledgement report received from the second station, and with the first and/or second station being designed in order to execute a security function in the event of a fault;
  
  wherein the first and second evaluators respectively form one part of a corresponding pair of evaluators for achieving a shared redundancy;
  
  wherein the pair of evaluators are adapted to perform a redundant evaluation of safety-oriented data, wherein said safety-oriented data serves to control safety-relevant processes of a machine or installation, wherein each of the first and second evaluators is adapted to incorporate a functionality of the respective other evaluator; and
  
  wherein said functionality comprises the ability to evaluate at least one of safety-oriented input data of a sensor and safety-oriented output data of an actuator.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
- - 18. The system according to claim 17, with a data transmission protocol of the communications system being designed as a secure communications protocol.
  - 19. The system according to claim 17, with the communications system for serial data transmission between the stations comprising a wired or wireless serial bus.
  - 20. The system according to claim 17, with the first and/or second station being designed as a sensor or actuator of the automation system.
  - 21. The system according to claim 17, with the first and/or second evaluator being designed in order to check data contained in the data report or acknowledgement report for plausibility.
  - 22. The system according to claim 17, with the first and/or second evaluator being designed in order to compare data contained in the data report with data contained in the acknowledgment report.
  - 23. The system according to claim 17, with at least the second evaluator being designed in order to generate the acknowledgement report, which comprises an additional valid data report.
  - 24. The system according to claim 17, with a controller or sensor element which does not include an evaluator, being switched between the first and second station.
  - 25. The system according to claim 24, with the controller or sensor being designed as a mechanical element.
  - 26. The system according to claim 17, with the first and second stations being arranged in a common subassembly.
  - 27. The system according to claim 17, with a monitoring circuit being assigned to each evaluator, wherein the monitoring circuit is designed in order to monitor a data stream to and/or from the associated evaluator for validity according to a specified protocol and, in the event of the fault, sets the associated evaluator and/or the sensor or actuator controlled by means of the associated evaluator to a secure status.
  - 28. The system according to claim 27 with the monitoring circuit being designed in order to recognize a specified pattern.
  - 29. The system according to claim 27, with the monitoring circuit being designed in order to monitor the functional capability of the associated evaluator by means of a function.
  - 30. The system according to claim 17, with at least one station being designed in order to carry out a check of the data report by means of its associated evaluator, a check of the acknowledgement report by means of the associated evaluator, the monitoring of the data stream by means of a monitoring circuit and/or the monitoring of the functional capability of the associated evaluator by means of a monitoring circuit executing a function stored in the station with the at least one station moreover being designed, in order to execute the function, to request executable parts of functions and/or parameters from an additional station.
  - 31. The system according to claim 17, with the communications system comprising the first and second stations, being designed as a master/slave system, with the first or second station being designed as the master.
  - 32. The system according to claim 17, with the first or second station being connected to an additional, higher-level communications system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Phoenix Contact GmbH & Company KG
Original Assignee
Phoenix Contact GmbH & Company KG
Inventors
Kalhoff, Johannes, Meyer-Graefe, Karsten
Primary Examiner(s)
Thier, Michael
Assistant Examiner(s)
Alia, Curtis A

Application Number

US11/939,283
Publication Number

US 20080150713A1
Time in Patent Office

2,135 Days
Field of Search

370/241, 370/249, 370/252, 370277-278, 370/282, 370/310, 709/227, 709230-232, 709/236, 709/237, 340500-509, 340/514, 340531-533
US Class Current

370/282
CPC Class Codes

G05B 19/0428   Safety, monitoring G05B19/0...

G05B 19/048   Monitoring; Safety

G05B 19/058   Safety, monitoring

G05B 19/4185   characterised by the networ...

H04L 1/0061   Error detection codes

H04L 1/16   in which the return channel...

H04L 1/1671   the supervisory signal bein...

H04L 12/403   with centralised control, e...

H04L 43/00   Arrangements for monitoring...

H04L 63/123   received data contents, e.g...

Y02P 90/02   Total factory control, e.g....

Method and system for secure data transmission

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

17 Citations

32 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for secure data transmission

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

17 Citations

32 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links