“1::
Contents
1. Siemens AG 2003 Establish Trust to Protect and Grow Your Online Business Authen tication and Encryption The Cornerstones of Online Security 12 page document obtained from http www verisign com re sources gd authentication authentication html page last updated Jun 8 2004 2002 VeriSign Inc Best In Class Functionality DriveExecutive Software Aug 2001 2 page document Publication 9303 PP002A EN P 2001 Rockwell Automation Product of Rockwell Automation Best In Class Software Offers Simplified Programming for Drives DriveTools SP Software v3 01 Jan 2004 4 page document Publication 9303 PP002D EN P 2004 Rockwell Automation Product of Rockwell Automation Information Where and When You Need It The View vol 4 Issue 1 Nov 2003 55 page as photocopied brochure Publication VIEW BRO004B EN P 2003 Rockwell Automation Inc Product of Rockwell Automation The Clinton Administration s Policy on Critical Infrastructure Pro tection Presidential Decision Directive 63 White Paper May 22 1998 15 page document Securing Your Automation Ethernet Network Jul 6 2001 14 page document Automation Business Network Certification Ser vices Schneider Automation Inc 2001 Schneider Automation Eclipse Services Rockwell Software Products 1 page document obtained from http www software rockwell com navigation products index cfm print 1 page last2. The security interface is configured to receive infor mation from the access device and based on the information received from the access device to provide authorization for the user to access the data stored inside the industrial auto mation device using the user interface According to a second preferred embodiment an industrial automation device comprises a data storage area and a secu rity interface The data storage area has configuration and operational information stored therein The security interface is coupled directly or indirectly to the data storage area The security interface is configured to authenticate a user and to permit the user to access the data storage area based on identification information received from a security access device According to a third preferred embodiment an industrial automation system comprises a user interface a security access device a plurality of security interfaces a communi cation network a plurality of motor drives and a plurality of automation controllers The plurality of motor drives are coupled to each other by way of the communication network Each respective motor drive has associated therewith a respective one of the plurality of security interfaces The respective security interface is configured to receive informa tion from the access device and based on the information received from the access device to provide authorization for the user to access the data stored inside
3. a plurality of automation controllers coupled to each other and to the plurality of motor drives by way of the com munication network a security module configured to provide the user with access via the user interface to data stored in the plurality of motor drives and to data stored in the plurality of automation controllers based on an authentication ofthe user using the security access device and an information server configured to standardize communi cation from different ones of a plurality of additional automation devices manufacturing execution systems and external business computing systems 53 system according to claim 52 wherein the informa tion received from the access device is a first unique code and wherein the stored information comprises a second unique code associated with the access device and with the user 54 A system according to claim 53 wherein the security interface compares the first unique code with the second unique code to determine whether a match exists US 7 530 113 B2 27 55 system according to claim 53 wherein the access device is a handheld card 56 system according to claim 53 wherein the access device is a key fob 57 system according to claim 53 wherein the second unique code is one of a plurality of codes stored in a database and associated with a plurality of different users and wherein the database further stores access rights information for the plurality of diffe
4. 12 with the user interface 14 with the security access device 16 may be provided as a separate device may be provided with combinations thereof i e a separate secu rity interface 18 for each and or may be provided with another device For example if the security access device 16 is a retinal scanner the retinal scanner may include not only the sensor used to characterize the user s retina but also the logic and stored information used to compare the biometric information characterizing the retina of the user with the information characterizing the retinas of authorized individu als As another example if the access device 16 comprises an off the shelf fingerprint reader connected to a universal serial bus USB port on the automation device 12 the logic and stored information used to compare the biometric informa tion characterizing the fingerprint of the user with the infor mation characterizing the fingerprints of authorized individu als may be stored in the automation device 12 The database of codes or biometric information accessed by the security interface 18 may be located with the automation device 12 with the user interface 14 with the access device 16 with the security interface 18 or at another location such as by being distributed over multiple locations Herein the term data base refers to any data storage arrangement and does not imply any organizational structure or other limitation In one embodiment the
5. 152 page as photocopied brochure Doc ID VIEWSE UMO03C EN E 2003 Rockwell Software Inc Product of Rockwell Automation Stackhouse et al Siemens Security and Safety White Paper Apr 2003 21 page document PLC 5 Series Software Reference Jun 1997 41 pages Product of Rockwell Software Integrated Architecture Oct 2003 42 page as photocopied brochure Publication IA BR002B EN P 2003 Rockwell Auto mation Inc Product of Rockwell Automation Allen Bradley User Manual entitled DriveLogix Controller Oct 2002 172 page as photocopied brochure Publication 20D UM002A EN P 2002 Rockwell International Corporation Prod uct of Rockwell Automation The New Buzz Factory Talk 8 page document obtained from http www ab com abjournal april2002 cover index html last updated Jan 29 2004 A B Journal Online Apr 2002 Allen Bradley brochure entitled For an Integrated Architecture Take Control with Logix May 2003 36 page as photocopied brochure Publication LOGIX BR001D EN P 2002 Rockwell Automation Product of Rockwell Automation Rockwell Software User s Guide entitled RSView Machine Edi tion Dec 2003 114 page as photocopied brochure Doc ID VIEWME UMO003C EN E 2003 Rockwell Software Inc Prod uct of Rockwell Automation Siemens Information Security in Industrial Communications White Paper Nov 2003 17 page document
6. FIG 2 may be provided with the motor drive 22 and or with the user interfaces 23 24 for example as previously described Also a database of individuals that are authorized the motor drive 22 may be stored in the motor drive 22 in the user interface 23 24 or in another location Referring now also to FIG 3 in operation the user presses one of the buttons 29 on the key fob 26 to access the motor drive 22 The keypress from the user is received by the button 29 and in response the keyfob 26 transmits a wireless uniquely coded signal to the security interface 18 step 30 The coded signal uniquely identifies the key fob 26 and there fore identifies a particular user assumed to be in possession of the key fob 26 In response the security interface 18 matches the code signal against the information stored database and accesses the database to obtain additional information perti nent to the user based on the coded signal including poten tially a password for the user step 32 Preferably the secu rity interface 18 causes one or both of the user interfaces 23 24 to provide a prompt screen to the user step 34 By way of example it will be assumed for present purposes that the user accesses the motor drive 22 by way of the user interface 24 although it will be understood that the user interface 23 may also be used by the user to access the motor drive 22 In one embodiment the system 10 is provided in an envi ronment in which ot
7. It is understood that all such variations are within the scope ofthe invention Likewise software and web implementations of the present invention could be accom plished with standard programming techniques with rule based logic and other logic to accomplish the various data base searching steps correlation steps comparison steps and decision steps The invention is described above with reference to draw ings These drawings illustrate certain details of specific embodiments that implement the systems and methods and programs of the present invention However describing the invention with drawings should not be construed as imposing on the invention any limitations associated with features shown in the drawings The present invention contemplates methods systems and program products on any machine readable media for accomplishing its operations The embodiments of the present invention may be implemented using an existing computer processor or by a special purpose computer processor incorporated for this or another purpose or by a hardwired system As noted above embodiments within the scope of the present invention include program products comprising machine readable media for carrying or having machine ex ecutable instructions or data structures stored thereon Such machine readable media can be any available media which can be accessed by a general purpose or special purpose computer or other machine with a processor When informa
8. RSMACC Maintenance Automation Control Center l page document obtained from http www software rockwell com rsmacc print 1 page last updated Jun 10 2004 2004 Rockwell Automation RSNetWorx MD Diagnostic Monitoring l page document obtained from http www software rockwell com rsnetworxmd print 1 page last updated Jun 10 2004 2004 Rockwell Auto mation Entek The Complete Asset Management Solution for Operations and Maintenance 3 page document obtained from http www software rockwell com entek print 1 page last updated Jun 10 2004 O 2004 Rockwell Automation Emonitor Process Process Data Analysis Software System l page document obtained from http www software rockwell com emonitorprocess print 1 page last updated Jun 10 2004 2004 Rockwell Automation Emonitor Enlube PM Machinery Oil Analysis Information Soft ware System 1 document obtained from http www soft ware rockwell com emonitorenlubepm print 1 page last updated Jun 10 2004 O 2004 Rockwell Automation Emonitor Odyssey Complete Integrated Condition Monitoring Software System 1 page document obtained from http www software rockwell com emonitorodyssey print 1 last updated Jun 10 2004 O 2004 Rockwell Automation Emonitor Enshare Plant Asset Management Software System l page document obtained from http www software rockwell com emonito
9. a pictorial view ofthe status of a plant Graphical images may be acquired and transmitted and combined with real time plant information Alarms may also be controlled and set using the viewer tool 182 An analysis tool 184 may be used to evaluate the perfor mance ofthe industrial automation system by providing tools to identify causes of downtime increase output by accurately US 7 530 113 B2 19 measuring the efficiency of equipment measure scrap defect rates capture changeover measurements accurately measure production components identify drifting parameters in real time and so on For example real time data may be moni tored and historical trending information from data logs may be provided Variables may be plotted against each other x y plotting or may be plotted against time historian tool 186 may provide data integration and analysis tools For example the historian tool 186 may be used to analyze process variability by analyzing a process and production data such as temperatures pressures and flow rates The historian tool 186 may be used to analyze process variability with historical knowledge of past performance The historian tool 186 may be used to identify drifting process parameters in real time The historian tool 186 may be used to edit performance parameters without interrupting data col lection A scheduler tool 188 allows a detailed schedule to be developed to track labor and material equipment res
10. according to claim 11 wherein the access device is a retinal scanner 15 A system according to claim 11 wherein the biometric information is stored in a database along with other biometric information associated with a plurality of different users and wherein the database further stores access rights information for the plurality of different users US 7 530 113 B2 23 16 system according to claim 1 wherein first security interface receives the information from the access device indirectly by way of the first security interface wherein the first security interface uses the information identifying the user to determine access rights of the user and wherein the first security interface permits access to the data stored inside the industrial automation device based on a determination that the access rights of the user permit access to the data 17 A system according to claim 16 wherein the industrial automation device is a first industrial automation device wherein the system further comprises a third security inter face and a second industrial automation device and wherein the communication network is coupled between 1 the combination of the first industrial automation device and the first security interface 1i the combina tion of the user interface and the second security inter face and iii the combination of the second industrial automation device and the third security interface 18 A system accordin
11. be provided in a peripheral FIG 4 is another variation of the example of FIG 1 In FIG 4 a first peripheral in the form of communication adapter 52 connects a laptop computer 56 to an I O port of motor drive 58 for point to point communication Another peripheral 54 con nects the motor drive 58 to a network 59 The peripheral 54 may for example be a communication adapter that connects the motor drive 58 to the network 59 Another user interface 55 is also connected to the motor drive 58 As described previously usernames and passwords asso ciated with the security access device 16 may be stored in the security interface 18 which may locally manage security to authenticate users to their configured access levels The secu rity interface 18 may also obtain security information from a high level authority over the network 59 US 7 530 113 B2 9 The security interface 18 may be provided in the commu nication adapter 52 in the communication adapater 54 in the user interface 55 or in the motor drive 58 In one embodi ment the security interface 18 is provided in the form of a stand alone device or as part of a separate peripheral con nectedto the motor drive 58 One reason for implementing the security interface 18 in this manner is to facilitate use of the techniques described herein with legacy equipment For example it may be desirable to incorporate the features described herein into existing equipment while eliminating or m
12. decision whether to grant a particular user device is handled by the information server 130 Inthis arrangement the system 10 may be configured such that the information server 130 is given full access to all of the automation devices 12 in the system 10 The responsibility then rests with the information server 130 to determine whether a particular user device has authorization to engage in a particular data transaction with another automation device To this end access rights of each of the users devices may be stored and centrally managed at the information server 130 The audit module 156 maintains a comprehensive list of all changes made to the industrial automation system The audit module may be implemented at least in part using the log storage area 88 located within each automation device 12 as described above in connection with FIG 6 Alternately the audit module 156 may be implemented using a central data base which stores a comprehensive central record of all changes made to the automation control system Any changes that are made to the system are forwarded on to an audit database which includes details on what changes were made when and by whom Such records may contain detailed infor mation about the product as it was manufactured stored and released the process used to manufacture a product and other information Audit messages are generated when users log into the system change data configurations or change I O US
13. define various privilege classes to control users ability to access memory of the device create or delete data table files and program files perform logical and physical reads or writes change an oper ating mode of the device clear memory restore device memory perform online edits flash the memory reset auto tune clear faults alarms link read write resets flashing view diagnostics events upload configuration information settings force I O transitions adjust operation of a drive or automation controller and so on Different classes may be defined which give different users different levels of access or different types of access to perform different functions Also access levels e g read vs read write may vary on a param eter by parameter basis The access rights may also give cer tain users e g administrators the ability to add or delete users modify password privilege options specify access rights and so on For example one of the key fobs may be an administrator key fob with complete ability to add additional users key fobs to the database and to specify access rights of those users in the database The access rights may be administered not only by the user but also as a function of other parameters such as location of the user job function of the user time and or date system status and or by type or group of devices For example with respect to location of the user access rights may be adminis tered s
14. security interface 18 is further configured to perform additional functions For example the security interface 18 may be configured to access stored infor mation describing the access rights ofthe user e g whether the user has read only access or whether the user also has write access the types of information of information for which the user has write access and so on and to confirm that the user is authorized to engage in a particular data transaction e g to read a certain piece of information to 20 25 30 35 40 45 50 55 60 65 6 write a certain piece of information etc Such information may be stored in a database such as in the database used to store the code biometric or other information as described above In another embodiment rather than retrieve the access rights ofthe user from a database the access rights ofthe user are included in the information received from the access device 16 In other words the code transmitted by the access device 16 may include not only a code uniquely identifying the individual but also a code specifying the access rights of the individual Other functions that may be performed by the security interface 18 may include implementing ensuring and or enabling such things as availability restrictions determining when users can perform certain functions ensuring that infor mation is accessible to authorized participants while avoiding communication overloa
15. the access device to provide authorization for the user to access the data stored inside the industrial automation device using the user interface 81 Claims 8 Drawing Sheets SECURITY INTERFACE US 7 530 113 B2 Page2 U S PATENT DOCUMENTS 2005 0155043 Al 7 2005 Schulz etal 719 328 2005 0229004 10 2005 Callaghan 713 185 2006 0143469 6 2006 Schmidt et al FOREIGN PATENT DOCUMENTS 1387159 A 12 2002 CN 1443343 A 9 2003 CN 1465496 A 1 2004 CN 1485746 A 3 2004 EP 1306816 A2 5 2003 OTHER PUBLICATIONS U S Department of Homeland Security Information Analysis and Infrastructure Protection 2 page document obtained from http www ciao gov industry index html page last updated Feb 3 2004 Allen Bradley Getting Results Manual DriveExplorer Version 2 02 Mar 2001 34 page as photocopied brochure Publication 9306 GR001 B EN E 2000 Allen Bradley Company Inc Prod uct of Rockwell Automation Jump Onboard C Manufacturing 4 page document obtained from http www ab com abjournal april2002 features jump onboard index html page last updated Jan 29 2004 Journal Online Apr 2002 Rockwell Software Products with Factory Talk Components and Web Based Manufacturing Portals 2 page document published prior to filing date Rockwell Software User s Guide entitled RSView Supervisory Edi tionT V Dec 2003
16. the functions described in such steps Embodiments of the present invention may be practiced in a networked environment using logical connections to one or more remote computers having processors Logical connec tions may include a local area network LAN and a wide area network WAN that are presented here by way of example and not limitation Such networking environments are com monplace in office wide or enterprise wide computer net works intranets and the Internet and may use a wide variety of different communication protocols Those skilled in the art will appreciate that such network computing environments will typically encompass many types of computer system configurations including personal computers hand held devices multi processor systems microprocessor based or programmable consumer electronics network PCs mini computers mainframe computers and the like Embodi ments of the invention may also be practiced in distributed computing environments where tasks are performed by local and remote processing devices that are linked either by hard wired links wireless links or by a combination of hardwired or wireless links through a communications network In a distributed computing environment program modules may be located in both local and remote memory storage devices The foregoing description ofembodiments ofthe invention has been presented for purposes of illustration and descrip tion It is not intended to be exha
17. the respective motor drive using the user interface Likewise the plurality of auto mation controllers are coupled to each other and to the plu rality of motor drives by way ofthe communication network Each respective automation controller has associated there with a respective one of the plurality of security interfaces The respective security interface for each automation control ler is configured to receive information from the access device and based on the information received from the access device to provide authorization for the user to access the data stored inside the respective automation controller using the user interface According to a fourth preferred embodiment an industrial automation system comprises a communication network a security access device a security interface a user interface a plurality of motor drives a plurality of automation control lers and a security module The security interface 1s config ured to receive information from the security access device US 7 530 113 B2 3 The user interface is coupled to the security interface and to the communication network The plurality of motor drives are coupled to each other by way of the communication network The plurality of automation controllers coupled to each other and to the plurality of motor drives by way of the communi cation network The security module is configured to provide theuser with access via the user interface to data stored in t
18. the security interfaces 18 may be used to limit access to data stored inthe automation devices 12 via the portal module 160 in accordance with access rights of indi vidual users In one embodiment the system may be config ured such that access rights are also a function ofthe manner in which the workstation is connected to the information server 130 in addition to being a function of the particular user trying to access the information For example if a work station is connected to the information server 130 by way of the Internet the user may be given more limited access rights For example the user may be allowed to view data but not write data This would provide a higher level of security against Internet threats Referring now to FIG 10 a number of exemplary software tools 182 198 that may be made available by way of the workstations 122 128 are shown In general the software tools 182 198 may be made available to technicians engi neers and management personnel in designing operating and maintaining the automation system and related business operations The software tools 182 198 may access data stored throughout the automation system 10 including from automation controllers motor drives individual sensors and actuators and so on In general in operation the tools 182 198 may be used to provide various information including device level and sys tem level views reports and so on as described below Accordingly execu
19. tion information is transmitted between devices in an encrypted format the account data storage area 84 may also store information to facilitate this process e g public key information of other devices as discussed above The access rights data storage area 86 stores information concerning what access rights individual users devices pos sess For example as previously indicated the access rights data storage area 86 may define various privilege classes to control users ability to modify password privilege options access memory of the device create or delete data table files and program files perform logical and physical reads or writes change an operating mode of the device clear memory restore device memory perform online edits flash the memory reset autotune clear faults alarms link read write resets flashing view diagnostics events upload con figuration information settings force I O transitions adjust operation of a drive or automation controller and so on Different classes may be defined which give different users different levels of access or different types of access to per form different functions Also access levels e g read vs read write may vary on a parameter by parameter basis In operation communication between the control logic 80 and the communication interface 82 and thereby communi cation link 19 passes through the security interface 18 Therefore any message that comes in from the comm
20. tion is transferred or provided over a network or another communications connection either hardwired wireless or a combination of hardwired or wireless to a machine the machine properly views the connection as a machine read able medium Thus any such a connection is properly termed a machine readable medium Combinations of the above are also included within the scope of machine readable media Machine executable instructions comprise for example instructions and data which cause a general purpose com puter special purpose computer or special purpose process ing machines to perform a certain function or group of func tions US 7 530 113 B2 21 Embodiments of the invention will be described in the general context of method steps which may be implemented in one embodiment by a program product including machine executable instructions such as program code for example in the form of program modules executed by machines in net Worked environments Generally program modules include routines programs objects components data structures etc that perform particular tasks or implement particular abstract data types Machine executable instructions associated data structures and program modules represent examples of pro gram code for executing steps of the methods disclosed herein The particular sequence of such executable instruc tions or associated data structures represent examples of cor responding acts for implementing
21. to display diag nostic messages generated by the industrial automation device and the plurality of additional industrial automation devices 35 A system according to claim 1 wherein the user inter face comprises a reporting audit trail tool configured to gen erate detailed reports showing an audit trail of changes to one or more of the industrial automation device and the plurality of additional industrial automation devices the automation system 36 A system according to claim 1 wherein the user inter face comprises a messenger tool configured to provide alarm annunciation paging and messaging based on the informa tion accessed from the industrial automation device and the plurality of additional industrial automation devices 37 system according to claim 1 wherein the user inter face comprises an inventory management tool configured to provide information concerning consumption of raw materi als and other resources in the industrial automation system 38 system according to claim 1 wherein the user inter face is connected to the industrial automation device by way of the Internet 39 A system according to claim 1 wherein the user inter face is configured to display a login screen to the user to obtain a user password 40 A system according to claim 1 wherein the security interface is integrally provided with the user interface 41 A system according to claim 1 wherein the security interface is integrally pro
22. updated only locally at each security interface 18 or a central authority may be used to update the user s password across multiple security inter faces If desired a default level of access may also be allowed for users devices that are not on the list of authorized users which may be a minimal level of access The system of FIG 5 has a number of features First it provides device level security in a network environment Each automation device 12 is ultimately responsible for enforcing access restrictions in connection with the I O data and configuration information stored therein Because secu rity is handled locally with a security interface 18 provided for each device a server or other central authority is not needed to prevent unauthorized access by rogue tools or to allow authorized access by a user Additionally the automa tion devices 12 are provided with and support a consistent authentication and authorization system The system is the same for both human users accessing the control network by way of a user interface and for automation devices connected to the control network as part of a networked control archi tecture Automation devices 12 that include a security inter face 18 and support the authentication and authorization sys tem are able to prevent access by rogue tools Accordingly the automation devices 12 are protected from rogue tools that may be connected to the network 76 At the same time autho rized tools s
23. voice recognition device config ured to receive an audible signal from the user e g spoken words Combinations of identification techniques may also be used For example the access device 16 may comprise a PDA with a built in fingerprint reader The PDA may be configured to transmit both a unique code associated with the PDA and biometric information characterizing the fingerprint of the user of the PDA The PDA may further serve as both the user interface 14 in addition to the access device 16 The security interface 18 is configured to receive informa tion from the access device 16 and to compare the information with stored information to authenticate the user For example the security interface 18 may compare a unique code received from a handheld device with a database of codes e g where the access device 16 is a smart card a card with a magnetic strip a key fob transmitter or a handheld computer Alter natively the security interface 18 may compare biometric information received from the access device 16 with biomet ric information stored in a database characterizing biometrics of authorized users e g where the access device 16 is a retinal scanner fingerprint reader or voice recognition device The security interface 18 may then authenticate the user if a code biometric match is found or not authenticate the user if no match is found for example The security interface 18 may be located with the automa tion device
24. 2 page document obtained from http www soft ware rockwell com rsview32addons print 1 page last updated Jun 10 2004 O 2004 Rockwell Automation RSLadder ActiveX Control 1 page document obtained from http www software rockwell com rsladder print 1 page last updated Jun 10 2004 2004 Rockwell Automation RSView32 Messenger Expand Your View with Alarm Messaging l page document obtained from http www software rockwell com rsview32 messenger print 1 page last updated Jun 10 2004 2004 Rockwell Automation RSView32 RecipePro Expand Your View with Recipe Manage ment l page document obtained from http www software rockwell com rsview32 recipepro print 1 page last updated Jun 10 2004 O 2004 Rockwell Automation RSView32 SPC Expanding the World of HMI with Statistical Pro cess Control 1 document obtained from http www soft ware rockwell com rsview32 spc print 1 page last updated Jun 10 2004 2004 Rockwell Automation US 7 530 113 B2 Page3 RSView32 TrendX Expanding Your View with Enhanced Trend ing l page document obtained from http www software rockwell com rsview32 trendx print 1 page last updated Jun 10 2004 O 2004 Rockwell Automation RSView32 Active Display System Expand Your View Across Your Networks and Beyond 1 page document obtained from http www software rockwell com rsview32ads print 1 page l
25. 7 530 113 B2 17 configurations The audit module 156 routes these audit mes sages from all participating devices to a central audit log for storage and analysis Because all users are authenticated a high level of certainty is achieved that the details on what changes were made when and by whom are correct The data model module 158 provides a common terminol ogy used to describe operations in the automation system 10 The data model module 158 allows software applications to store log and view data the same way based on a repository of information about how the automation environment oper ates For example a user can install one software product and include information about the way a plant operates Then when a second product is installed that information can be reused thereby avoiding the need to gather it again Advan tageously this provides a single reusable consistent view of the automation environment delivered throughout the enter prise The portal module 160 provides global access to produc tion data and manufacturing reports from an Internet browser or related remote device The workstations 122 128 may connect to the information server 130 by way ofthe Internet to obtain access to real time manufacturing information The information server 130 may also be made available to other handheld computing devices such as personal digital assis tants As with the real time data module 154 the security module 150 and or
26. Allunoas zit ALANIS 2 NOLLVLSYHOM Pl NOLLVLSXMOM 7 921 YOLVYadO vel 221 8 91 01 e 39V3MH31NI 5 JAYA YOLOW col v U S Patent May 5 2009 Sheet 7 of 8 US 7 530 113 B2 TO AUTOMATION DEVICE INFORMATION SERVER SECURITY MODULE AUDIT MODULE 156 DIRECTORY DATA MODEL MODULE MODULE REAL TIME DATA MODULE PORTAL MODULE TO NETWORK FIG 9 U S Patent May 5 2009 Sheet 8 of 8 US 7 530 113 B2 WORKSTATION MONITORING CONFIGURATION VIEWING TOOL TOOL 182 184 ANALYSIS TOOL DIAGNOSTICS TOOL REPORTING AUDIT HISTORIAN TOOL TRAIL TOOL SCHEDULER TOOL MESSENGER TOOL INVENTORY MANAGEMENT TOOL FIG 10 US 7 530 113 B2 1 SECURITY SYSTEM AND METHOD FOR AN INDUSTRIAL AUTOMATION SYSTEM BACKGROUND The present invention relates to security systems and meth ods for industrial automation systems Industrial automation systems are known for automating industrial processes For example industrial automation sys tems have been used for material handling robotics airport baggage handling water and wastewater treatment cement production semiconductor fabrication electric power enter tainment food processing mining beverage and packaging operations ski lift operations forest products processing life sciences logistic processes fibers and textiles pr
27. US007530113B2 az United States Patent 10 Patent No US 7 530 113 B2 Braun 45 Date of Patent May 5 2009 54 SECURITY SYSTEM AND METHOD FOR AN 2004 0259111 1 12 2004 Marlowe etal 435 6 INDUSTRIAL AUTOMATION SYSTEM 2004 0260518 Al 12 2004 Polzetal 702 188 2004 0260954 12 2004 Morse 713 202 75 Inventor Scott D Braun Fredonia WI US 2005 0021158 A1 1 2005 De Meyer et al 700 23 2005 0021839 A1 1 2005 Russell et al 709 238 73 Assignee Rockwell Automation Technologies Inc Mayfield Heights OH US Continued Notice Subject to any disclaimer the term of this FOREIGN PATENT DOCUMENTS patent is extended or adjusted under 35 U S C 154 b by 712 days CN 1221160 6 1999 21 Appl No 10 902 453 Continued 22 Filed Jul 29 2004 OTHER PUBLICATIONS EST Zecevic Goran Web based interface to SCADA system Interna 65 Erion Publication Data tional Conference on Power System Technology Aug 1998 US 2006 0026672 A1 Feb 2 2006 Allen Bradley User Manual entitled 1336 Impact Adjustable Fre quency AC Drive 0 37 597 kW 0 5 800 HP Version 1 4 51 Int CI date unknown 50 page as photocopied brochure Product of G06F 7 04 2006 01 Rockwell Automation HOAL 9 32 2006 01 Allen Bradley User Manual entitled SoftLogix 5 Controller 1789 81 5 1789 SL51 1789 SL52 Apr 2001 68 pa
28. ast updated Jun 10 2004 O 2004 Rockwell Automation RSView32 GEMTool Manage SECS II Messaging 1 page docu ment obtained http www software rockwell com rsview32gemtool print 1 page last updated Jun 10 2004 2004 Rockwell Automation RSView32 SECSHost Communicate with Semiconductor Manu facturing Equipment 1 document obtained from http www software rockwell com rsview32secshost print 1 page last updated Jun 10 2004 O 2004 Rockwell Automation RSView32 WebServer Expand Your View Across the Weby 1 page document obtained from http www software rockwell com rsview32webserver print 1 page last updated Jun 10 2004 O 2004 Rockwell Automation RSBizWare Batch Complete Process Management Solution for Batch Manufacturing 3 page document obtained from http www software rockwell com rsbizwarebatch print 1 page last updated Jun 10 2004 O 2004 Rockwell Automation RSBizWare BatchCampaign Batch Production Optimization l page document obtained from http www software rockwell com rsbizwarebatchcampaign print 1 page last updated Jun 10 2004 O 2004 Rockwell Automation RSBizWare BatchERP Enterprise Integration for Batch Manufac turing l page document obtained from http www software rockwell com rsbizwarebatcherp print 1 page last updated Jun 10 2004 O 2004 Rockwell Automation RSBizWare eProcedure 1 page document obtained
29. ation devices 77 system according to claim 52 wherein the user interface comprises a reporting audit trail tool configured to generate detailed reports showing an audit trail of changes to one or more of the industrial automation device and the plu rality of additional industrial automation devices the automa tion system 78 A system according to claim 52 wherein the user interface comprises a messenger tool configured to provide alarm annunciation paging and messaging based on the information accessed from the industrial automation device and the plurality of additional industrial automation devices 79 A system according to claim 52 wherein the user interface comprises an inventory management tool config ured to provide information concerning consumption of raw materials and other resources in the industrial automation system 80 A system according to claim 52 wherein the user interface is connected to the industrial automation device by way of the Internet 81 A system according to claim 52 wherein the commu nication network comprises a plurality of separate sub net works
30. ation devices 12 are shown to include a plurality of motor drives 62 and an automation controller e g a rack mounted program mable controller system 64 User interfaces 14 include a panel display type HMI 66 a laptop computer 68 and user interfaces 70 that are integrally provided with the motor drives 62 A security interface 71 is connected to a card reader 20 25 30 35 40 45 50 55 60 65 10 72 and a biorecognition device 74 Again other access devices may be employed The motor drives 62 the automa tion controller 64 the HMI 66 and the security interface 71 are all connected to control network 76 In one embodiment the control network 76 is a closed proprietary network In another embodiment the control network 76 is an open non proprietary network that is any computing device e g desk top computer laptop computer handheld computer etc may communicate on the control network 76 so long as it has been adequately configured with suitable drivers or other software and such drivers other software may be commonly available for little or no cost Ina network configuration it may be desirable to have each automation device 12 enforce access restrictions locally Accordingly in one embodiment the motor drives 62 the automation controller 64 and the HMI 66 each include secu rity interfaces 18 not shown Security is therefore provided locally and at the device level In this arrangement pref
31. automation controller 64 to transmit its identification infor mation to the motor drive 62 for example the automation controller 64 may encrypt its identification information using the using public key of the motor drive 62 The automation controller 64 then transmits both encrypted items the iden tification information and the symmetric key to the motor drive 62 The motor drive 62 uses its private key to decrypt the symmetric key and then uses the decrypted symmetric key to decrypt the identification information of the automation con troller 64 A variety of other arrangements may also be used for authenticating other automation devices 12 and or for transmitting identification information back and forth on the network 76 in secure fashion In the embodiment described above a separate access list with user identification and access rights information is pref erably stored at each automation device 12 This allows secu 20 25 30 35 40 45 50 55 60 65 12 rity to be handled locally and avoids a single point of failure In another embodiment the list may be centrally maintained at a central authority This would facilitate global updates to the access lists e g to add a new employee to a number of lists at once In like manner identification and password information for human users may be stored at each security interface 18 The system may be configured such the user s password or other information may be
32. cation network and a plurality of additional security interfaces wherein the plurality of additional security interfaces are respec tively associated with different ones of the plurality of additional automation devices and the plurality of addi tional user interfaces wherein communication between participants formed of combinations of respective ones of the plurality of addi tional automation devices requires at least in some instances authentication of at least one of the partici pants in the communication the authentication being performed using the security interfaces associated with the participants in the communication and wherein communication between participants formed of combinations of respective ones of the plurality of addi tional automation devices with respective ones of the plurality of additional user interfaces requires at least in some instances the authentication ofthe respective user interface by the security interface ofthe respective auto mation device 2 A system according to claim 1 wherein the industrial automation device comprises a motor drive 3 A system according to claim 2 wherein the motor drive is a stand alone motor drive not connected to an industrial automation control network 4 A system according to claim 1 wherein the industrial automation device comprises an automation controller 5 system according to claim 1 wherein the first security interface is configured to compare th
33. ce and wherein the method further comprises transmitting a message from the industrial automation device to other industrial automation devices that may have also received the wireless signal from the hand held security access device the message alerting the other industrial automation devices that access is in the process of being granted or has been granted at the first industrial automation device 49 A method according to claim 48 wherein processing the wireless signal to determine the password comprises retrieving the password from a database based on information contained in the wireless signal 50 A method according to claim 48 wherein the user is presented with the login screen responsive to reception ofthe wireless signal from the hand held security access device 51 A method according to claim 48 further comprising preventing access at the other industrial automation devices responsive to the message transmitted from the first industrial automation device 52 An industrial automation system comprising a communication network a security access device a security interface configured to receive information from the security access device and to compare the informa tion from the security access device with stored infor mation associated with a user a user interface coupled to the security interface and to the communication network a plurality of motor drives coupled to each other by way of the communication network
34. ce manual entry of a login name and password is not necessary Preferably however identification information is still stored within each device to allow each device to identify itself A list of authorized users devices and access levels for each user device may then be maintained by each automation device 12 Particularly each automation device 12 or at least those which have a security interface may store a list of users and automation devices that are allowed access to its infor mation and the level of access that is permitted Identification information for users and devices may then be transmitted by way of the network 76 to allow the user device to obtain access to a given automation device 12 For example in the situation where a human user is attempting to access one of the motor drives 62 from the laptop computer 68 the security interface 18 located in the motor drive 62 may receive the information from the access device 16 e g signal identifying the access the access device 16 and thereby the user Receipt ofthis information by the security interface 18 located in the motor drive 62 occurs indirectly by way of the security interface 71 The process of authenticating the user by comparing the information received from the access device 16 with stored information concerning the user may be performed by the security interface 71 or by the security interface 18 associated with the motor rive 62 In either case though the infor
35. computer 56 and for users connecting by way of the communication ada pater 54 Inone embodiment an access mask may be provided in the motor drive 58 that describes the accessibility of the motor drive 58 on a port by port basis For example one bit in the mask may indicate whether read access is permitted through a given port and another bit in the mask may indicate whether write access is permitted through a given port The peripheral may then write to the access mask in order to configure the accessibility of the drive on a port by port basis ping message transmitted to the devices connected to the ports on the motor drive 58 may then be transmitted so that all periph erals know which ports have access in real time Preferably the access mask is contained in the motor drive 58 so that removal of the peripheral e g if the peripheral is a portable human machine interface does not pose a problem It may also be desirable for the motor drive 58 to provide information when access to a given port is denied For example if no access 15 available through a given and a device tries to access the motor drive 58 via that port an error message such as secured host port 1 write access not allowed may be pro vided Referring now to FIG 5 as previously indicated the auto mation device 12 shown in FIG 1 may be connected to an automation control network FIG 5 is another variation ofthe example of FIG 1 In FIG 5 the industrial autom
36. d archiving vaulting of configura tion history recovery restoring system configuration after changes were made auditing establishing electronic records and validation reporting providing traceable records showing who did what and when or what happened and why nonrepudiation ensuring that it is possible to prove what happened and who did what privacy confidentiality ensuring that information is protected from being accessed by third parties and integrity ensuring that information is secure from unauthorized modification or manipulation As will appreciated some of these functions are overlapping FIG 2 is a more detailed variation of the example of FIG 1 For convenience in FIG 2 like reference numerals are used to refer to like parts as compared to FIG 1 In FIG 2 the security access device 16 is a key fob 26 and the automation device 12 is shown to be a motor drive 22 As previously indicated the user interface 14 may be inte grated with or physically separate from the industrial auto mation device 12 In the arrangement of FIG 2 both arrange ments are shown The motor drive 22 is accessible by way of an integrally provided built in user interface 23 and by way of a non integrally provided user interface 24 The non inte gral user interface 24 may for example be a handheld user interface 24 that is connected by way of a cable 28 to an I O port of the motor drive 22 A security interface 18 not shown in
37. device 12 The user interface 14 is configured to provide a user with access to data stored inside the industrial automation device 12 For example the user interface 14 may cooperate with the automation device 12 to provide the user with read access to information for the automation device 12 to provide the user with read write access to information for the automation device 12 and so on The data to which the user is provided access may include for example configuration information e g device settings I O status information data tables program logic diagnostics alarms events information and so on The user interface 14 may be connected directly or indi rectly to the automation device 12 e g by way of a link 19 which may be a point to point link a network link or other link depending at least in part on whether the user interface 14 is integrated with or separate from the automation device 12 Although generally herein the reference number 12 is used to refer to automation devices and the reference number 14 is used to refer to user interfaces it will be appreciated that in some instances a given piece of hardware may operate as both For example a human machine interface that is also programmed with control logic is both a user interface and an automation device The access device 16 is configured to provide the security interface 18 with information that may be used to authenticate a user that is attempting to obtain acces
38. dual lacking authorization to engage in a particular data transaction is not able to access a nearby industrial automa tion device based on the same key press The unauthorized individual is prevented from accessing the second industrial automation device by virtue of the fact that a password must still be entered Preferably the password is customized to the holder user ofthe key fob 26 as identified by the coded signal such that a different password must be used in combination with each key fob 26 The login screen also ensures that if the unauthorized individual happens to come into possession of the key fob 26 theunauthorized individual will not able to use the key fob 26 without knowing the password of the owner of the key fob 26 When no password is entered e g as in the case where multiple industrial automation devices respond to the wireless transmission from the key fob 26 and the user enters a password on a different one of the industrial automa tion devices or when the user is unable to enter the correct password the screen times out and the user interface 24 returns to its original state prior to detection of the wireless transmission from the key fob 26 Ifthe user provides a login name and password step 36 and ifa comparison ofthe password received from the user in response via the login screen matches the stored information regarding the password of the user associated with the key fob 26 then the user is given access t
39. e effi ciency of equipment scrap defect rates and drifting param eters 71 A system according to claim 52 wherein the user interface comprises a historian tool configured to analyze historical information regarding past performance of the industrial automation system to provide information regard ing process variability 72 system according to claim 52 wherein the user interface comprises a scheduler tool configured to provide information useable to develop a schedule to track labor material and equipment resources 73 A system according to claim 72 wherein the scheduler tool is configured to provide scheduling information as a function of shift patterns labor tooling material availability planned maintenance current loading and capacities 74 system according to claim 72 wherein the scheduler tool is configured to provide information regarding produc tion sequences information regarding the effects of schedule changes and information regarding delivery dates 75 A system according to claim 52 wherein the user interface comprises a configuration tool useable to centrally manage configuration ofthe industrial automation device and the plurality of additional industrial automation devices 716 A system according to claim 52 wherein the user interface comprises a diagnostics tool configured to display diagnostic messages generated by the industrial automation device and the plurality of additional industrial autom
40. e information from the access device with stored information associated with the user 6 A system according to claim 5 wherein the information received from the access device is a first unique code and wherein the stored information comprises a second unique code associated with the access device and with the user 7 system according to claim 6 wherein the security interface compares the first unique code with the second unique code to determine whether a match exists 8 A system according to claim 6 wherein the access device is a handheld card 9 A system according to claim 6 wherein the access device is a key fob 10 A system according to claim 6 wherein the second unique code is one ofa plurality of codes stored in a database and associated with a plurality of different users and wherein the database further stores access rights information for the plurality of different users 11 A system according to claim 5 wherein the information received from the access device is biometric information and wherein the stored information comprises biometric informa tion associated with the user 12 A system according to claim 11 wherein the first secu rity interface compares the biometric information received from the access device with the stored biometric information associated with the user to determine whether a match exists 13 A system according to claim 11 wherein the access device is a fingerprint reader 14 system
41. ed Jun 10 2004 O 2004 Rockwell Automation RSView Studio Development Environment for RSView Enterprise Series l page document obtained from http www software rockwell com rsviewstudio print 1 page last updated Jun 10 2004 O 2004 Rockwell Automation Arena Forward Visibility for Your Business 1M 2 page document obtained from http www software rockwell com arenasimulation print 1 page last updated Jun 10 2004 O 2004 Rockwell Automation RSView Enterprise Series RSView Machine amp Supervisory Edi tions 2 page document obtained from http www software rockwell com rsviewenterpriseseries print 1 page last updated Jun 10 2004 O 2004 Rockwell Automation RSView Machine Edition Machine Level HMI for Open and Embedded Solutions 2 page document obtained from http www software rockwell com rsviewme print 1 page last updated Jun 10 2004 2004 Rockwell Automation RSView Supervisory Edition Distributed HMI for Enterprise Solu tions 3 page document obtained from http www software rockwell com rsviewse print 1 page last updated Jun 10 2004 2004 Rockwell Automation RSView32 The Clearest View of your Enterprise 2 page docu ment obtained from http www software rockwell com rsview32 print 1 page last updated Jun 10 2004 2004 Rockwell Auto mation RSView32 Add ons Extend RSView32 Core Features with Add on Architecture
42. ed on the type of network enterprise network control network and so on with which it is configured to operate and so on Different security interfaces 18 may have different levels of functionality depending on the device to which it is connected A simple programmable sensor assum ing it has a security interface 18 may not require the same degree of protection or level of functionality as an automation controller In general each automation device 12 may communicate with a human user using a user interface or with another automation device In the case of communication with a human user in FIG 5 such communication may occur by way of the laptop computer 68 for example In this case the user may be authenticated by the card reader 72 e g for reading a card with a magnetic strip or by a biorecognition device 74 e g a finger print reader or a retinal scanner The security interface 71 may have a port that allows the security interface 71 to be connected to the laptop computer 68 e g by way of a USB or Ethernet port As generally described above in connection with FIGS 1 2 after receiving the input from the card reader 72 or biorecognition device 74 the security interface 71 may then prompt the user via the laptop computer 68 to provide a password Upon receiving the pass word the security interface 71 completes authentication of the user US 7 530 113 B2 11 In the case of communication with another automation devi
43. ent in the arrangements depicted in other Figures in which the security interface 18 is shown even though they are not specifically depicted The control logic 80 is logic that the automation device uses to control or monitor at least part of an industrial process Forexample for a motor drive the control logic 80 comprises the logic that is used to control operation of an electric motor controlled by the motor drive For an automation controller the control logic 80 may comprise logic that is used to control the output states of a plurality of output devices based on US 7 530 113 B2 13 input states of a plurality of input devices such as logic embodied in an RSLogix program For a sensor or actuator the control logic 80 may comprise logic used to control opera tion of the sensor actuator to scale outputs and to perform other signal processing The communication interface 82 comprises communica tion drivers and other logic used to connect the automation device 12 to a communication link 19 such as a point to point link or a communication network The account data storage area 84 stores information identifying individual users For example the account data storage area 84 may be used to store login IDs passwords and other identifying information for use in authenticating an individual user using the security access device 16 e g biometric information codes associ ated with handheld access devices and so on If identifica
44. er ably only devices that operate through a security interface are able to be authenticated Communication between two par ticipants e g a motor drive and an automation controller two automation controllers a user interface and a motor drive or an automation controller and so on at least initially begins with authentication of one or both of the participants in the communication through cooperation of the respective secu rity interfaces associated with the two devices Devices that cannot be authenticated are given little or no access This prevents a rogue tool from gaining access to an automation device by pretending to be another automation device such as by pretending to be an automation controller that is commu nicating configuration information to a motor drive In another embodiment only some devices are provided with a security interface For example for reasons of cost and simplicity of implementation some devices may not be pro vided with a security interface if protection for a given device is deemed to be non essential For example a security inter face may not be provided for a sensor that measures a non critical parameter or an actuator that effectuates a non critical output e g an indicator It will be appreciated that the security interface 18 need not be identical for each device but rather may be configured optimized based on the type of device workstation motor drive automation controller and so on bas
45. er additional features The industrial automation system comprises a plurality of industrial auto mation devices 12 including motor drives 102 automation controllers 104 I O modules 106 HMIs 108 sensors 110 and actuators 111 which each include a security interface 112 and which are each connected to a control network 114 The system further includes a plurality of workstations 122 128 which are connected to a network 129 by way of respective security interfaces 112 Again it will be appreci ated that the security interface 112 need not be identical for each device but rather may be configured optimized based on the type of device workstation motor drive automation con troller and so on based on the type of network enterprise network control network and so on with which it is config ured to operate and so on Also while the security interfaces 112 are shown as being embedded within each of the devices 102 111 and workstations 122 128 it will be appreciated that the functionality of the security interface 112 may be pro vided via a separate stand alone peripheral In one embodiment the network 114 is a control network and the network 129 is a management information system network The control network 114 may for example be pro vided in accordance with the ControlNet or DeviceNet auto mation network standards Control networks are typically highly deterministic The network 129 is a general purpose network associated with b
46. for mation server 130 As elsewhere it will be appreciated that the following are merely presented as examples Different fewer or additional tools may also be provided A viewer tool 182 provides enterprise wide access to real time manufacturing information using the real time data module 154 Real time manufacturing data such as may come from the motor drives 102 and or the automation con trollers 104 is available immediately to all remaining devices in the automation environment Accordingly the worksta tions 122 128 may be provided with reliable real time manu facturing data while providing machine status reports oper ating diagnostics and audit trails Based on identification of the user the information that is presented may be customized to the user or may be presented in a manner that is customized to the user For example the information that is presented or the way the information is presented be customized based on the job function ofthe user Individual machines or small processes may be monitored The viewer tool 182 may support trending alarming data activity and alarm logging and so on The viewer tool 182 may be used to monitor runtime activity of automation pro cesses orto monitor network health graphics editor may be provided with drawings objects to support real time anima tion ofthe automation system Graphical images of a plant or machinery may be combined with other information to pro vide
47. from http www software rockwell com rsbizwareeprocedure print 1 page last updated Jun 10 2004 2004 Rockwell Automation RSBizWare MaterialTrack 1 document obtained from http www software rockwell com rsbizwarematerialtrack print 1 page last updated Jun 10 2004 2004 Rockwell Auto mation RSBizWare Historian Turn Production Data into Actionable Infor mation 1 document obtained from http www software rockwell com rsbizwarehistorian print 1 page last updated Jun 10 2004 O 2004 Rockwell Automation RSBizWare PlantMetrics Exploit Plant floor Data to Maximize Operational Equipment Efficiency 1 document obtained from http www software rockwell com rsbizwareplantmetrics print 1 page last updated Jun 10 2004 2004 Rockwell Auto mation RSBizWare Scheduler Add Value to Production Scheduling l page document obtained from http www software rockwell com rsbizwarescheduler print 1 page last updated Jun 10 2004 O 2004 Rockwell Automation RSEnergyMetrix Scaleable Web based Energy Management l page document obtained from http www software rockwell com rsenergymetrix print 1 page last updated Jun 10 2004 2004 Rockwell Automation RSLinx Family of Products An Industrial Communication Huby 2 page document obtained from http www software rockwell com rslinx print 1 page last updated J
48. g to claim 17 wherein the third security interface cooperates with the first security interface to provide the second automation device with access to the data stored inside the first industrial automation device 19 A system according to claim 18 wherein the third security interface transmits information identifying the second automation device to the first security interface wherein the first security interface uses the information identifying the second automation device to determine access rights of the second automation device and wherein the first security interface permits access to the data stored inside the first industrial automation device based on a determination that the access rights of the second automation device permit access to the data 20 A system according to claim 1 further comprising an information server configured to standardize communication from different ones of the plurality of additional automation devices manufacturing execution systems and external busi ness computing systems 21 A system according to claim 20 wherein the informa tion server comprises a directory module configured to pro vide a common address book for parameters associated with different ones of the plurality of automation devices 22 A system according to claim 21 wherein the informa tion server further comprises a real time data module config ured to provide access to real time information from the plurality of industrial a
49. ge as photocop pou 10 3 ied brochure Publication 1789 UMO00IB EN P Product of i Rockwell Automation 52 U S Cl 726 28 726 4 726 17 713 168 713 172 713 183 713 184 713 185 Continued 113 1863703 224 703 2257003 peo Primary Examiner Michael J Simitoski 58 Field of Classification Search 726 28 P oe anode Pletcher Yoder Law 726 4 17 713 168 172 183 186 709 224 225 Alexander Kuszewski 700 9 237 83 gt 57 ABSTRACT See application file for complete search history on 56 References Cited An industrial automation system comprises a security access 6 636 620 B1 2003 0030542 U S PATENT DOCUMENTS 10 2003 Hoshino 2 2003 Von Hoffmann 2003 0140094 7 2003 Collier et al 2003 0141959 A1 7 2003 Keogh etal we 340 5 53 2003 0200008 A1 10 2003 Wilson 700 236 2003 0231100 A1 12 2003 Chung 2004 0044420 3 2004 Dinges et al 2004 0162996 A1 8 2004 Wallace et al 713 201 2004 0236954 11 2004 Vogt et al MGMT 14 WORKSTATION SECURITY INTERFACE device an industrial automation device a user interface and a security interface The user interface is configured to pro vide a user with access to data stored inside the industrial automation device The security interface is configured to receive information from the access device and based on the information received from
50. h access to some or all information in the automation system 10 Access is provided in as much as the user is able to use the software tool 182 or one ofthe other software tools 184 198 which needs access to the information in the automation system 10 in order to completely operate The workstation 122 may transmit a request for information along with the identity of the user to the information server 130 or to individual automation devices 12 depending on how the system is configured In one embodiment the information server 130 may respond to the request for information as described above In another embodiment the request for information is passed along to individual automation devices which then provide the requested information It will be appreciated that the identity of the user may be provided each time information is requested or a secure connection may be established in order to avoid the need to transmit identification information each time It may also be noted that the software tools 182 198 may be made available by way of a web browser In this instance the user may enter a URL address and the program logic associated with the software tools 182 198 may reside on the automation system side of the Internet The exemplary software tools 182 198 that may be made available by way of the workstations 122 128 will now be described The tools 182 198 may be supported by the mod ules 150 160 described above in connection with the in
51. h respective industrial automation devices FIG 9 is an information server of FIG 8 shown in greater detail and FIG 10 is a workstation including set of software tools of FIG 8 shown in greater detail DETAILED DESCRIPTION OF THE EMBODIMENTS Referring now to FIG 1 an example of an industrial auto mation system 10 according to a preferred embodiment is illustrated The industrial automation system 10 comprises an industrial automation device 12 a user interface 14 an elec tronic security access device 16 and a security interface 18 The industrial automation device 12 is used to control at least a portion of an industrial process not shown The automation device 12 may for example be a motor drive an automation controller e g programmable controller sys tem or other device The automation device 12 may also be a sensor or an actuator for example in a network configura tion Although a separate network connection for the indus trial automation device 12 is not shown in FIG 1 it will be appreciated that the arrangement of FIG 1 may be provided in a stand alone or in a network configuration The automation device 12 is accessible to a user by way of the user interface 14 Although the user interface 14 is shown as being separate from the automation device 12 it will be 20 25 30 35 40 45 50 55 60 65 4 appreciated that the user interface 14 may also be integrated with the automation
52. h the schedules For example if an individual is not scheduled to be working that individual is not given access to automation devices Alternatively an individual that is call may be given access only after an alarm notifica tion is sent An inventory management tool 198 may be used to facili tate just in time material management to batch execution sys tems allowing more effective management of materials and recipes The inventory management tool 198 tracks consump tion of raw materials and other resources by receiving opera tional data from the automation devices 12 For example if a particular resource is used in the fabrication of a particular product the inventory management tool 198 may receive information from the automation devices 12 to determine how many such products have been produced and therefore how many resources have been consumed This information may then be used to update inventory records in an inventory management system for example to order more materials and resources This facilitates supply chain optimization and e business fulfillment It should be noted that although flow charts may be pro vided herein to show a specific order of method steps it is understood that the order of these steps may differ from what is depicted Also two or more steps may be performed con currently or with partial concurrence Such variation will depend on the software and hardware systems chosen and on designer choice
53. he plurality of motor drives and to data stored in the plurality of automation controllers based on an authentication of the user using the security access device It should be understood that the detailed description and specific examples while indicating preferred embodiments of the present invention are given by way of illustration and not limitation Many modifications and changes within the scopeofthe present invention may be made without departing from the spirit thereof and the invention includes all such modifications BRIEF DESCRIPTION OF THE DRAWINGS FIG 1 is an industrial automation system which includes an automation device and a security access device FIG 2 is an industrial automation system which includes a motor drive and a key fob security access device FIG 3 is a flowchart showing the operation ofthe system of FIG 2 FIG 4 is an industrial automation system which includes an automation device a laptop computer and a network inter face FIG 5 is an industrial automation system which includes a plurality of industrial automation devices and a plurality of security access devices connected by way of a communica tion network FIG 6 is an industrial automation device of FIG 1 shown in greater detail FIG 7 is a human machine interface of FIG 1 shown in greater detail FIG 8 is an industrial automation system which includes an information server and a plurality of security interfaces located locally wit
54. he change The log storage area 88 may be used to maintain a comprehensive list of all changes made to the automation device 12 as well as jak 5 20 25 30 35 40 45 50 55 60 65 14 other information For example records may be kept of any data transaction that occurs which requires access rights such as those described above in connection with the access rights data storage area 86 With reference to FIG 7 FIG 7 is similar to FIG 6 except that it shows the security interface 18 in the context of a workstation or other user interface 14 Instead of control logic 80 application software 89 is shown The application soft ware 89 comprises software tools that may be used by the user e g to obtain a device level view of a particular auto mation device 12 or to obtain system level information relat ing to the overall automation system 10 Examples of such tools are described in greater detail below in connection with FIG 10 Again the security interface 18 may be used to authenticate a human user as generally described above in connection with FIGS 1 3 The user interface 14 may then communicate with other devices on the network 19 including devices with an associated security interface 18 in order to gather information about the operation of the automation system Referring now to FIG 8 an industrial automation system is shown which combines the security offered by the access device 16 with furth
55. her industrial automation devices are located that are compatible with and that respond to the key US 7 530 113 B2 7 fob 26 The user interface 24 provides the user with a response screen to indicate that a key press from the key fob 26 has been detected The response screen may prompt the user to enter a key press or otherwise manipulate a user input device on the user interface 24 in order to confirm that the user desires to access the motor drive 22 If the user provides the required response step 36 then the user is permitted to proceed to access the motor drive 42 step 38 If the user does not enter the required response on the user interface 24 within a pre determined period of time the response screen may time out and the user interface 24 returns to its initial state In one embodiment the response screen is a login screen Accordingly when the user presses the button 29 on the key fob 26 additional login screens may appear on other indus trial automation in addition to that shown in FIG 2 Thelogin screen preferably requires at least that the user enter a pass word The login ID for the user may also be entered by the user or may be automatically displayed to the user for conve nience and to provide a visual acknowledgment of the user s key press The login screen ensures that when an authorized individual uses the key fob 26 to access a first industrial automation device an unauthorized individual i e an indi vi
56. ial automa tion system the analysis tool including tools configured to provide information regarding causes of downtime effi ciency of equipment scrap defect rates and drifting param eters 29 A system according to claim 1 wherein the user inter face comprises a historian tool configured to analyze histori cal information regarding past performance of the industrial automation system to provide information regarding process variability 30 A system according to claim 1 wherein the user inter face comprises a scheduler tool configured to provide infor mation useable to develop a schedule to track labor material and equipment resources 31 A system according to claim 30 wherein the scheduler tool is configured to provide scheduling information as a function of shift patterns labor tooling material availability planned maintenance current loading and capacities 32 A system according to claim 30 wherein the scheduler tool is configured to provide information regarding produc tion sequences information regarding the effects of schedule changes and information regarding delivery dates 33 A system according to claim 1 wherein the user inter face comprises a configuration tool useable to centrally man age configuration of the industrial automation device and the plurality of additional industrial automation devices 34 A system according to claim 1 wherein the user inter face comprises a diagnostics tool configured
57. inimizing the overall number of modifications that need to be made to such equipment Another reason is that even for non legacy equipment it may be desirable for security to be handled by a peripheral so that changes in security do not result in the process controlled by the automation device having to be revalidated In one embodiment the adapter 52 the adapter 54 and the user interface 55 may each be connected to a different com munication port on the motor drive 58 Security may then be implemented by controlling the access level available through each port For example if the security interface 18 is located in the user interface 55 the user interface 55 may control the level of access to the motor drive 58 that is avail able through the other ports When a user tries to write new configuration information to the motor drive 58 using the laptop computer 56 the user is first authenticated by the user interface 55 Upon authenticating the user the user interface 55 may change the configuration of the port to which the adapter 52 is connected so that it is possible to write infor mation to the motor drive 58 via that port In this embodiment the only port which always has complete read write access to the motor drive 58 is the port to which the user interface 55 is connected The user interface 55 is therefore able to control access to the motor drive 58 not only for users using the user interface 55 but also for users using the laptop
58. l Auto mation cited by examiner U S Patent May 5 2009 Sheet 1 of 8 US 7 530 113 B2 INDUSTRIAL AUTOMATION USER INTERFACE FIG 1 FIG 2 U S Patent May 5 2009 Sheet 2 of 8 US 7 530 113 B2 INPUT RECEIVED FROM ACCESS DEVICE ACCESS DATABASE PROMPT USER VIA USER INTERFACE RECEIVE USER INPUT VIA USER INTERFACE PERMIT ACCESS TO AUTOMATION DEVICE FIG 3 U S Patent May 5 2009 Sheet 3 of 8 US 7 530 113 B2 ADAPTER 52 U S Patent May 5 2009 Sheet 4 of 8 US 7 530 113 B2 72 BIO js 16 RECOGNITION 16 DEVICE 64 ui 12 SECURITY INTERFACE 18 71 76 ooo000000 FIG 5 US 7 530 113 B2 Sheet 5 of 8 May 5 2009 U S Patent NOILVOINPIWINOO NOILVOINQWWOO 39V3831NI NOILVOMddV ALINOAS NS 68 1 Old 5 viva YSN FOVAYSLNI ALIYADAS 08 9 Sls vV1vQ SS399V 9 39IA3Q NOILVWOLNY 19 915 US 7 530 113 B2 Sheet 6 of 8 May 5 2009 U S Patent e 821 z am m J9V4Y31NI 30VJW31NI Allsfio3s ALIMNOAS ALIENS 8 MOLYNLOW 901 901 2 OLL m am 30vJH3INI 30vJH31NI 3ov4H31NI Ausnoss px o Ainino3s Allun23S ALINNOAS YATIONLNOO z wr ouNoo NOLLYWOLNY NOLLYWOLNY JAYO SOLON YOL 0l 801 ZOL YJAYIS NOILYWYOJNI 06 30v4H31NI 3OvJu31NI Aliun23S
59. mation from the access device 16 ends up at the security interface 18 associated with the motor drive 62 either in pre authenticated or post authenticated form The security interface 18 may then compare the identity of the user with its stored list of users devices that are allowed access to the information in the motor drive 62 and determine the level of access that is permitted based on the stored infor mation Alternatively if it is the automation controller 64 that is attempting to access the motor drive 62 then the identifica tion information may be sent from the security interface 18 of the automation controller 64 to the security interface 18 ofthe motor drive 62 Again the security interface 18 of the motor drive 62 may then compare the identity of the automation controller with its stored list of users devices that are allowed access to the information in the motor drive 62 and determine the level of access that is permitted based on the stored infor mation In one embodiment in order to prevent a rogue tool from listening to network traffic to discern identification informa tion of authorized users devices the identification informa tionis transmitted on the network 76 in encrypted format For example a symmetric key encryption arrangement may be used in which all devices having a security interface 18 are provided with a public key and a private key with all devices knowing the public keys of all the other devices For the
60. n controllers 46 system according to claim 42 wherein the access device is a hand held device having a wireless transmitter 47 system according to claim 42 wherein the access device is configured to receive biometric information from the user 48 A method of providing a user with access to data stored in an industrial automation device comprising receiving a wireless signal from a hand held security access device in the possession of the user processing the wireless signal to determine a password associated with the hand held security access device 20 25 30 35 40 45 50 55 60 65 26 presenting the user with a password prompt on a login Screen using a user interface associated with the indus trial automation device receiving a password from the user via the password prompt comparing the password received from the user with the password associated with the hand held security access device to confirm that the user has entered the correct password identifying the user based on the wireless signal from the hand held security access device and or based on infor mation received from the user via the user interface determining access rights of the user based on the identity of the user and providing access to the data stored in the industrial auto mation device in accordance with the access rights ofthe user wherein the industrial automation device is a first industrial automation devi
61. nd other parameters and devices located in the automation environment For example when a system programmer is programming the automation system 10 using a programming tool the user may assign parameter names e g tags to I O points which may be real or virtual or to other devices e g sensors actuators and so on Such parameter names may be used in the control program to refer to a particular device or I O point Through the directory module 152 such parameter names may then be made available for browsing and access in other tools For example if a second system programmer is pro gramming a user interface for the automation system the second system programmer may use the directory module 152 to browse and access the parameter names assigned by the first programmer in the control program The directory module 152 provides a distributed namespace That is the directory module 152 preferably is not a single database but rather allows data to reside in multiple places The directory module 152 provides searchable references to resources stored anywhere across a distributed system Users may therefore perceive the directory module 152 as one search able single database Preferably parameter names are not hard coded to the physical location of devices or I O points The directory mod ule 152 maintains information regarding physical locations separately from information regarding device names This allows programmers to define reso
62. nformation from the security access device the message alerting the plurality of automation controllers that access is in the process of being granted or has been granted to at least one of the plurality of automation controllers 43 A system according to claim 42 wherein the commu nication network comprises a plurality of sub networks including a control communication network and an enterprise information communication network wherein the user inter face is a first workstation wherein the system further com prises a plurality of additional workstations coupled to the enterprise information communication network and wherein the plurality of automation controllers and the plurality of motor drives are connected to the control communication network 44 A system according to claim 43 wherein the system further comprises an information server coupled to the con trol communication network and to the enterprise informa tion communication network 45 A system according to claim 42 wherein the user interface 15 associated with one of the plurality of security interfaces and wherein the security interface associated with the user interface cooperates with the security interfaces asso ciated with the plurality of motor drives and the security interfaces respectively associated with the plurality of auto mation controllers to provide the user with access to the data stored inside the plurality of motor drives and the plurality of automatio
63. nufacturing data among multiple processes throughout the system and make it avail able for browsing from software tools executing in the work stations 122 128 allowing the workstations 122 124 to have an up to date view of what is happening in the automation environment The information may come for example from any of the automation devices 12 shown in FIG 8 Preferably the real time data module 154 operates to retrieve data on an as needed basis and pass it along to the requesting entity Data remains distributed in its original native environment e g at the motor drives 102 at the auto mation controllers 104 etc rather than being transferred retrieved and stored in a central location This avoids storing the information in a central database that could be a single point of failure The security module 150 and or the security interfaces 18 may be used to limit access via the real time data module 154 to data stored in the automation devices 12 in accordance with access rights of individual users In one embodiment the information server 120 may operate to pass identification information back and forth between to allow the automation device 12 to authenticate a requesting user The decision whether to grant a particular user device is handled locally at the device level The information may be passed once or a secure connection may be established between the automa tion device and the workstation In another embodiment the
64. o as to allow the user to perform certain functions only at certain locations For example a particular user interface may be located adjacent to an emergency stop E stop switch for an automation device By allowing the user to perform certain functions only from that user interface it is possible to ensure that the user is able to visually monitor the effects of any changes made by the user and immediately press the E stop switch in the event that any changes have unintended consequences This also ensures that the user has passed through plant security and is on site With respect to date and time access rights may be administered to reflect shift schedules and other time dependent security issues For example a given user may only have access rights during the shift they are scheduled to be at work and the same access rights may be given to other users during other shifts With respect to system status access rights may be administered to effect a lock out arrangement In other words when a first user takes an automation device off line to update control logic ofthe automation device for example the first user may be given ownership of the automation device such that access to the control logic by other users may be temporarily restricted until the work of the first user is complete Referring now to FIG 4 as previously noted the security interface 18 may be provided in a motor drive or an automa tion controller or it may
65. o the motor drive 22 in accordance with the user s access rights as specified in the information retrieved from the database step 38 In one embodiment when a user gains or attempts to gain access at a first industrial automation device e g by entering a password the automation device broadcasts a message to other devices on the network The purpose of the message is to alert the other automation devices that the user is in the process of gaining access or has gained access at the auto mation device so that another user can not surreptitiously gain access at one of the other automation devices based on the same key fob press Based on this message the other automation devices may then prevent access to the second user When the authorized user has logged out a follow up message may be sent by the automation device in order to allow the user to login to other automation devices In one embodiment the access device 16 gives the user complete access to the automation device 12 Preferably however a multi tiered access arrangement may be used with different individuals having different levels of access to the motor drive 22 For example some users may have read 20 25 30 35 40 45 50 55 60 65 8 only access whereas other users may have read write access Also the parameters that may be accessed or the functions that may be performed may vary depending on access level For example the access rights may
66. ocessing metal forming automotive petroleum and chemical process ing plastics processing automated transportation health care agriculture postal and shipping and other manufactur ing processes to name but a few examples There exists an ongoing need to provide security for indus trial automation systems Security is desirable in order to limit access that may obtained to the automation system for example for purposes of obtaining information from the sys tem for purposes of making changes to the system and so on For example responsibility for operating maintaining certain aspects ofan industrial automation system may be given only to certain qualified individuals It is typically desirable to prevent other individuals from gaining access to the system to make changes since those individuals may not be qualified to make such changes Further it is typically desirable to limit the ability of unauthorized individuals to gain access to the system even just for purposes of checking system settings or otherwise obtaining information about system operation For example if a particular manufacturing process is held as a trade secret it may be desirable to closely guard read access to the automation system so that an unauthorized individual cannot obtain detailed information about the manufacturing process Likewise it may also be desirable to limit access to othertypes of manufacturing information such as production quantities defec
67. on device directly to the Internet may be desirable for example to allow firmware to be downloaded to the industrial automation device from the 20 25 30 35 40 45 50 55 60 65 2 manufacturer Alternatively an industrial automation device may be connected via an Ethernet connection to a local area network or other company wide business management infor mation systems e g a company wide intranet in order to provide management with real time access to plant floor data However since such intranets are also commonly connected to the Internet the industrial automation devices become indirectly connected to the Internet Once an industrial auto mation device is connected to the Internet either directly or indirectly it becomes vulnerable to threats A need therefore exists for systems and methods which provide security for industrial automation devices Although certain advantages are described herein it should be under stood that the disclosed systems methods may also be used to achieve different and or additional advantages without nec essarily achieving any of the advantages described herein SUMMARY According to a first preferred embodiment an industrial automation system comprises a security access device an industrial automation device a user interface and a security interface The user interface is configured to provide a user with access to data stored inside the industrial automation device
68. ources and so on Through the scheduler tool 188 the user may be provided with information useable to identify and act on late orders manage capacities and constraints including labor and material and determine the consequences of making changes such as expediting orders The scheduler tool 204 allows resource management and provides time to react to any unintended consequences The information provided by the scheduler tool 204 considers factors that reduce the ability of a production resource to process including shift patterns labor tooling material availability planned maintenance current loading and capacities The scheduler tool 204 may be used to generate realistic production sequences provide information regarding the effects of schedule changes and provide more accurate delivery dates A configuration tool 190 allows device configurations to be managed and verified The configuration tool 190 allows the configuration of the automation devices 12 to be centrally managed A diagnostics tool 192 provides a consistent way of log ging system activity information for each of the devices in system 10 which can then be used for diagnostic purposes The diagnostics tool 192 may be used to display diagnostic messages generated by the automation devices 12 For example the diagnostic messages may be displayed to a user while developing applications and at runtime Operator actions and changes that occur to a running system may be cap
69. r comprises a data model module configured to provide a common terminology to describe manufacturing operations 66 A system according to claim 52 wherein the informa tion server further comprises a portal module configured to provide access to information stored in the plurality of indus trial automation devices to workstations remotely connected to the industrial automation system by way of the Internet 67 A system according to claim 52 wherein the informa tion server further comprises an audit module configured to maintain a comprehensive list of changes made to the plural ity of additional industrial automation devices 68 A system according to claim 52 wherein the user interface comprises a viewer tool configured to display trend ing alarming or a combination thereof pertaining to the plurality of automation controllers and the plurality of motor drives 69 A system according to claim 52 wherein the user interface comprises a viewer tool configured to provide real time animation of the equipment controlled by an industrial automation device and the plurality of additional automation devices 20 25 30 35 40 45 50 55 28 70 A system according to claim 52 wherein the user interface comprises an analysis tool configured to provide information regarding the performance ofthe industrial auto mation system the analysis tool including tools configured to provide information regarding causes of downtim
70. renshare print 1 page last updated Jun 10 2004 2004 Rockwell Automation Emonitor MAXIMO Gateway Integration to Rockwell Automa tion s Comprehensive Solution for Enterprise Asset Health Informa tion l page document obtained from http www software rockwell com emonitormaximogateway print 1 last updated Jun 10 2004 2004 Rockwell Automation Plantlink Graphical Machinery Annunciation software 1 page document obtained from http www software rockwell com emonitorplantlink print 1 page last updated Jun 10 2004 2004 Rockwell Automation Eshape Operating Deflection Shape Software 1 document obtained from http www software rockwell com emonitoreshape print 1 page last updated Jun 10 2004 2004 Rockwell Automation Entrx High Speed Transient Data Analysis System 1 docu ment obtained from http www software rockwell com entrx print 1 page last updated Jun 10 2004 2004 Rockwell Auto mation Enline 66 Data and Alarm Status Display from Entek 6600 Protec tion Monitors 1 page document obtained from http www soft ware rockwell com emonitorenline66 print 1 page last updated Jun 10 2004 O 2004 Rockwell Automation Lubelink Analysis Bench Kit Software 1 document obtained http www software rockwell com lubelink print 1 page last updated Jun 10 2004 2004 Rockwel
71. rent users 58 A system according to claim 52 wherein the informa tion received from the access device is biometric information and wherein the stored information comprises biometric information associated with the user 59 A system according to claim 58 wherein the security interface compares the biometric information received from the access device with the stored biometric information asso ciated with the user to determine whether a match exists 60 A system according to claim 58 wherein the access device is a fingerprint reader 61 A system according to claim 58 wherein the access device is a retinal scanner 62 A system according to claim 58 wherein the biometric information is stored in a database along with other biometric information associated with a plurality of different users and wherein the database further stores access rights information for the plurality of different users 63 A system according to claim 52 wherein the informa tion server comprises a directory module configured to pro vide a common address book for parameters associated with different ones of the plurality of additional automation devices 64 A system according to claim 52 wherein the informa tion server further comprises a real time data module config ured to provide access to real time information from the plurality of additional industrial automation devices 65 A system according to claim 52 wherein the informa tion server furthe
72. rs to share information from the automation devices 12 with the rest of the enterprise The information server 130 preferably resides on a separate server although the separate server may be a virtual server and the server may be hosted on a computer that is also hosting another server Referring now to FIG 9 FIG 9 shows the information server 130 in greater detail The information server 130 com prises a security module 150 a directory module 152 a real time data module 154 an audit module 156 a data model module 158 and a portal module 160 The security module 150 cooperates with the other mod ules 152 160 to provide security features in the context of a system which uses an information server 130 For example to the extent desired the security module 150 may be used to centrally manage at least some of the security features For example in one embodiment described above it is desirable to have the access rights managed entirely locally at each device In another embodiment for convenience it may be desirable to change the security configuration of multiple devices simultaneously over the network This arrangement is more convenient in as much as it allows access rights to be managed from single location Other features ofthe security module 150 are described below The directory module 152 provides a directory or common address book ofthe automation devices 12 user interfaces 14 related parameter names e g tags a
73. s to the automation device 12 In one embodiment the access device 16 is hand held and is capable of authenticating the user by virtue ofthe fact that it is in the possession of the user The access device 16 may comprise an off the shelf handheld device For example in this embodiment the access device 16 may be a smart card a card with a magnetic strip a wireless electronic remote control key chain transmitter sometimes referred to in the automotive industry as a key fob a hand held com puter equipped with a wireless transmitter e g Bluetooth transmitter infrared transmitter etc for transmitting an authentication code or other device If a handheld computer is employed e g a PDA the handheld computer may serve as both the user interface 14 and the access device 16 Multiple hand held devices 16 may be provided to allow access by different users 1 each device being provided to a different user For example multiple cards with magnetic strips may be provided to different users with the magnetic strip of each card being uniquely encoded to allow the card and thereby the user to be uniquely identified As will be apparent the integrity of this arrangement is enhanced if any lost or stolen cards are immediately reported so that the lost stolen card may be disabled Alternatively the access device 16 given to each user need not be unique For example each member of a group of technicians may be given access cards tha
74. t are identical and may each contain an identical code that is unique to the group but not to each individual member In this embodiment authenticating the user involves identifying the user as one of a group of individuals that is authorized to access a particular automation device without specifically determining the identity of the individual Herein authenti cation refers to verifying the identity of an individual or device for example by identifying the individual iden tifying the individual as a member of a group of individuals and so on will be seen below in the preferred embodi ment not only individuals but also devices such as automa tion controllers motor drives sensors actuators and so on are authenticated In another embodiment the access device 16 comprises one or more sensors which may be used to obtain information useable to authenticate an individual For example the access US 7 530 113 B2 5 device 16 may be a biometric measurement device configured to sense biometric information from the user Again this may be an off the shelf device For example the security access device 16 may be a retinal scanner configured to scan the retina of the individual that is attempting to gain access to the automation device 12 Alternatively the security access device 16 may be a fingerprint reader configured to scan the fingerprint of the user As another example the security access device 16 may be a
75. t rates and so on Further it may be desirable to prevent ill intentioned individuals such as computer hack ers or terrorists from gaining access to the industrial automa tion system for purposes of causing damage to the automation system to the items it processes or manufacturers or to related infrastructure At the site of an industrial automation system it may be possible to gain access to the industrial automation system by using a user interface associated with one or more of the automation devices that forms the industrial automation sys tem For example an individual may use a user interface associated with a motor drive to gain access to the motor drive Alternatively standard interfaces are sometimes pro vided that allow access to be gained by connecting a laptop or other computer to a communication network that connects portions of the industrial automation system Further it is becoming more and more common to connect industrial automation devices to the Internet and the same types of threats that are posed on site can also be posed from remote locations via the Internet For example industrial automation devices such as motor drives multiplexed input output devices automation controllers and others have been provided with ports for an Ethernet connection Such an Eth ernet connection may be used to connect the device to the Internet for example directly or via a local area network Connecting an industrial automati
76. tion of the tools 182 198 requires that information be obtained from the automation devices 12 A user at one ofthe workstations 122 128 may be authenticated in the manner previously described Access to this informa tion may be handled on a device by device basis Alterna tively using the security module 150 the user may be given access to certain views reports that in order to be generated requires access to certain information in the automation devices 12 to which the user would not otherwise have access That 15 the views reports may be such that it is considered acceptable for the user to have access to the reports even though the user is not permitted access to the underlying information used to generate the them from the automation devices 12 In this arrangement the access rights of the user to obtain such views reports may be managed by the security module 150 15 20 25 30 35 40 45 50 55 60 65 18 Assuming by way of example that the user is using work station 122 to execute software tool 182 the user may be authenticated by the security interface 112 associated with the workstation 122 For example a user may be authenti cated by biometric information e g using a fingerprint reader or a retinal scanner connected to the security interface 112 of the workstation 122 or by having a handheld security device or by another mechanism Once the user has been authenticated the user is provided wit
77. tured and archived in order to facilitate compliance with industry and government regulations Diagnostic information may be gathered locally atthe automation devices 12 and then transmitted to a central repository reporting audit trail tool 194 may be used to generate detailed reports showing an audit trail of all changes to the automation system Preferably information concerning all log in attempts including user name machine name and time 15 tracked and stored Records may then be viewed by the user A detailed audit trail of all changes to configuration data initiated by users may be maintained Information concerning changes to automation processes may also be provided For example for recipes some examples of user initiated changes that may be displayed are adding steps to a recipe copying a step overwriting an existing recipe or area model or creating a new recipe or area model messenger tool 196 may be provided to provide alarm annunciation paging and messaging tools Messages may be sent via pagers faxes e mail telephones cell phones or locally on a computer e g using a sound card Scheduling functions may also be incorporated such that alarms may be sent to particular individuals in accordance with the work 20 25 30 35 40 45 50 55 60 65 20 schedules of the individuals who is on call Security may beimplemented such that individuals are only given access in accordance wit
78. uch as the laptop computer 68 may obtain access to any all of the automation devices 12 that are connected to the network 76 Accordingly the laptop computer 68 may execute software tools such as enterprise management tools that may be used to monitor operation of the automation system Examples of such tools will be described below Further users do not need to remember different passwords for different devices A single password may be used for all devices in the entire system This makes it practical to avoid the use of semi secret back doors that are configured to allow access in the event of a forgotten password but that are also susceptible to allowing unauthorized access Referring now to FIG 6 the arrangement of security inter face 18 is shown in greater detail for the example of the automation device 12 In the example of FIG 6 the security interface 18 is provided integrally with the automation device 12 As previously mentioned the security interface 18 may also be provided separately or may be located in another device In the case of an automation device 12 the security inter face 18 is preferably connected to control logic 80 commu nication interface 82 account data storage area 84 access rights storage area 86 and log storage area 88 It may be noted that the control logic 80 the communication interface 82 the account data storage area 84 the access rights storage area 86 and the log storage area 88 are pres
79. un 10 2004 2004 Rockwell Automation RSLoop Optimizer Advanced Optimization Analysis 3 page document obtained from http www software rockwell com rsloopoptimizer print 1 page last updated Jun 10 2004 2004 Rockwell Automation RSPower32 The Multi Purpose Power and Energy Management Tool l page document obtained from http www software rockwell com rspower32 print 1 page last updated Jun 10 2004 O 2004 Rockwell Automation 554 Get Data Get Control 1 document obtained from http www software rockwell com rssql print 1 last updated Jun 10 2004 O 2004 Rockwell Automation 5541 Gateway for SAP Get Data Get Control 1 docu ment obtained http www software rockwell com rssq1gateway print 1 page last updated Jun 10 2004 2004 Rockwell Automation RSTune PID Loop Tuner l page document obtained from http www software rockwell com rstune print 1 last updated Jun 10 2004 2004 Rockwell Automation Interchange 1 page document obtained from http www soft ware rockwell com interchange print 1 page last updated Jun 10 2004 O 2004 Rockwell Automation ViewAny Ware A Common Visualization Strategy Across the Enter prise 2 page document obtained from http www software rockwell com viewanyware print 1 page last updated Jun 10 2004 2004 Rockwell Automation
80. unica tion link 19 is evaluated by the security interface 18 In one embodiment the information may be received from a user interface 14 that is directly connected to the automation device 12 as described above in connection with FIGS 1 3 such that the user is authenticated by reference to the account data storage area 84 in a manner as previously described In another embodiment the information is received from an automation device 12 or user interface 14 with its own asso ciated security interface 18 e g over a network as described above in connection with FIG 5 such that the transmission is a secure transmission and the requesting user device has already been authenticated If the message is a request for data the security interface 18 identifies whether the request ing user has read access rights for that data and if so pro vides the requested data to the user If the message is a request to write an output the security interface 18 identifies whether the requesting user has permission to has write access rights for that data and if so writes the data as requested In this case for example the automation device 12 may be an actua tor and the user requesting to write data to the actuator may be an automation controller The log storage area 88 is used to store information about changes to configuration information for the automation device 12 including when the change was made and the identity of the user device that made t
81. updated Jun 10 2004 2004 Rockwell Automation RSAutomation Desktop An integrated control system design envi ronment 2 page document obtained from http www software rockwell com rsautomationdesktop print 1 page last updated Jun 10 2004 O 2004 Rockwell Automation RSLogix Programming for Allen Bradley PLC 5 SLC 500 MicroLogix and Logix5000 families 2 page document obtained from http www software rockwell com rslogix print 1 page last updated Jun 10 2004 2004 Rockwell Automation RSLogix Emulate Debugging Your Logic Has Never Been Easiery l page document obtained from http www software rockwell com rslogixemulate print 1 page last updated Jun 10 2004 O 2004 Rockwell Automation RSNetWorx 4 Powerful Configuration and Diagnostics Tool for ControlNet DeviceNet and EtherNet IP Users 2 page document obtained from http www software rockwell com rsnetworx print 1 page last updated Jun 10 2004 O 2004 Rockwell Auto mation RSTestStand Zest Your Control System Off line Out of the Critical Path of Start up 2 page document obtained from http www software rockwell com rsteststand print 1 page last updated Jun 10 2004 O 2004 Rockwell Automation RSTestStand Enterprise Interactively Design and Test Your Control System l page document obtained from http www software rockwell com rsteststandenterprise print 1 page last updat
82. urces and resource group ings once and then reuse them repeatedly A large distributed system may be programmed on one computer taken to an automation environment and deployed to the correct loca tions by simply changing the name of the hardware on which the parameter resides This also works in reverse by allowing users to go out to a site move the deployed system onto a notebook computer modify it and then re deploy it Entire duplicate entire HMI projects can be duplicated and logic 20 25 30 35 40 45 50 55 65 16 programs from entire lines or areas of an application and can be reused in the same application The directory module 152 may be used to support central ized management of the security features described herein For example using the directory module 152 a system administrator responsible for setting the access rights of vari ous users may quickly browse various automation devices and or I O points in the automation system to set the access rights of a user potentially on a device by device or param eter by parameter basis The security module 150 and or the security interfaces 18 may also be used to limit a user s ability to view and access information by way ofthe directory module 152 The real time data module 154 provides reliable enter prise wide access to real time information from the automa tion system 10 The real time data module 154 provides ser vices that transfer high speed ma
83. usiness management information systems in an office environment as opposed to a plant floor environment e g a company wide intranet The network 129 may be used to connect personal laptop computers such as used in office wide intranets extranets and also including the Internet The network 129 may for example be an Eth ernet based network The system 100 further comprises an information server 130 which is connected to the network 110 and to the network 129 Although the information server 130 is depicted as being located between the networks 114 and 129 it will be appre ciated that other configurations are possible For example one or more bridges or gateways may also be used to inter connect separate networks Additionally while the informa tion server 130 is shown as a separate component it will be appreciated that other configurations are possible For example the functionality of the information server 130 may be distributed to the individual automation devices 12 The information server 130 standardizes communication from different automation devices manufacturing execution US 7 530 113 B2 15 systems and external business computing systems including databases to connect the automation devices to each other and to the manufacturing execution systems and external business systems The information server 130 provides a common framework for communication by offering a consistent for mat for sharing data allowing use
84. ustive orto limit the invention to the precise form disclosed and modifications and varia tions are possible in light of the above teachings or may be acquired from practice of the invention The embodiments were chosen and described in order to explain the principals of the invention and its practical application to enable one skilled in the art to utilize the invention in various embodi ments and with various modifications as are suited to the particular use contemplated What is claimed is 1 An industrial automation system comprising a security access device an industrial automation device a user interface configured to provide a user with access to data stored inside the industrial automation device a first security interface configured to receive information from the access device and based on the information received from the access device to provide authoriza tion for the user to access the data stored inside the industrial automation device using the user interface a second security interface a communication network coupled between 1 the combi nation of the industrial automation device and the first security interface and ii the combination of the user interface and the second security interface a plurality of additional automation devices coupled to the communication network 20 25 30 35 40 45 50 55 60 65 22 a plurality of additional user interfaces coupled to the com muni
85. utomation devices 23 A system according to claim 22 wherein the informa tion server further comprises a data model module configured to provide a common terminology to describe manufacturing operations 24 A system according to claim 22 wherein the informa tion server further comprises a portal module configured to provide access to information stored in the plurality of indus trial automation devices to workstations remotely connected to the industrial automation system by way of the Internet 25 system according to claim 22 wherein the informa tion server further comprises an audit module configured to maintain a comprehensive list of changes made to the plural ity of industrial automation devices 26 system according to claim 1 wherein the user inter face comprises a viewer tool configured to display trending 20 25 30 35 40 45 50 55 60 65 24 alarming and other runtime information pertaining to the industrial automation device and the plurality of additional automation devices 27 system according to claim 1 wherein the user inter face comprises a viewer tool configured to provide real time animation ofthe equipment controlled by the industrial auto mation device and the plurality of additional automation devices 28 A system according to claim 1 wherein the user inter face comprises an analysis tool configured to provide infor mation regarding the performance of the industr
86. vided with the industrial automation device US 7 530 113 B2 25 42 n industrial automation system comprising a user interface a security access device a plurality of security interfaces a communication network a plurality of motor drives coupled to each other by way of the communication network each respective motor drive having associated therewith a respective one of the plurality of security interfaces the respective security interface being configured to receive information from the access device and based on the information received from the access device to provide authorization for the user to access the data stored inside the respective motor drive using the user interface a plurality of automation controllers coupled to each other and to the plurality of motor drives by way of the com munication network each respective automation con troller having associated therewith a respective one of the plurality of security interfaces the respective secu rity interface being configured to receive information from the access device and based on the information received from the access device to provide authoriza tion for the user to access the data stored inside the respective automation controller using the user inter face wherein at least one ofthe plurality of automation control lers is configured to transmit messages to other ones of the plurality of automation controllers that may have also received the i
Download Pdf Manuals
Related Search