Patent application number | Description | Published |
20100031340 | NETWORK SECURITY MODULE FOR ETHERNET-RECEIVING INDUSTRIAL CONTROL DEVICES - A high-speed security device for network connected industrial controls provides hybrid processing in tandem hardware and software security components. The software security component establishes state-less data identifying each packet that requires high-speed processing and loads a data table in the hardware component. The hardware component may then allow packets matching data of the data table to bypass the software component while passing other non-matching packets to the software component for more sophisticated state analysis. | 02-04-2010 |
20100246385 | INDUSTRIAL CONTROLLER EMPLOYING THE NETWORK RING TOPOLOGY - A network for an industrial control system employs a ring topology that is normally opened by a ring supervisor at the ring supervisor. Upon failure of the network, the ring supervisor reconnects the ring to provide an alternative transmission path around the failure point. High speed operation is reconciled with the ability to use commercial switching integrated circuits through a dual communication channel of communicating a network state as either closed or open using both high-speed hardware handled beacon frames and low-speed software processed announce frames. | 09-30-2010 |
20110060427 | Diagnostic Module For Distributed Industrial Network Including Industrial Control Devices - A network component for an industrial automation system. The component includes a network switch processor configured to implement a networking switching function, at least one communication port configured to provide a communication channel between the network switch processor and at least one industrial control device over a network, and a diagnostic module configured to be implemented by the network switch processor and configured to retrieve diagnostic information from the at least one industrial control device. | 03-10-2011 |
20110283350 | Firewall Method and Apparatus for Industrial Systems - Method and apparatus for use with systems including networked resources where communication between resources is via dual packet protocols wherein a first protocol includes a frame that specifies a destination device/resource and a data field and the second protocol specifies a final destination device/resource and includes a data field, where the second packets are encapsulated in the first protocol packet frames, the method including specifying access control information for resources, for each first protocol packet transmitted on the network, intercepting the first protocol packet prior to the first protocol destination resource, examining a subset of the additional embedded packet information to identify one of the intermediate path resources and the final destination resource, identifying the access control information associated with the identified at least one of the intermediate path resources and the final destination resource and restricting transmission of the first protocol packet as a function of the identified access control information. | 11-17-2011 |
20120005480 | METHODS FOR FIRMWARE SIGNATURE - A method for installing embedded firmware is provided. The method includes generating one or more firmware file instances and generating one or more digital certificate instances that are separate instances from the firmware file instances. The method includes associating the one or more digital certificate instances with the one or more firmware file instances to facilitate updating signature-unaware modules with signature-aware firmware or to facilitate updating signature-aware modules with signature-unaware firmware. | 01-05-2012 |
20130033497 | SYSTEMS AND METHODS THAT UTILIZE SCALABLE VECTOR GRAPHICS TO PROVIDE WEB-BASED VISUALIZATION OF A DEVICE - The present invention relates to systems and methods that employ scalable vector graphics (SVG) to view and effectuate an industrial device from a remote Web interface. The systems and methods can be utilized to retrieve an SVG XML markup language-based file associated with the device and execute the SVG file via basic ASCII drawing commands. Thus, a faceplate of an industrial device and/or other device-related information can be represented via SVG syntax and stored with the device. A user can employ a Web browser from a remote location (e.g., via a Web client) to retrieve the SVG file, wherein the file can be loaded within the Web browser and/or an open source software package. The SVG file can be executed to render an interactive graphical faceplate that can depict LEDs, alphanumeric displays, inputs/output, etc., trending mechanisms (e.g., graphs, charts, etc.), and capabilities to load parameters. | 02-07-2013 |
20130123947 | GENERATION AND PUBLICATION OF SHARED TAGSETS - Systems and methods are provided to facilitate receipt of tag requests from one or more interfaces, based upon which a single tagset is compiled at a controller comprising all the requested tags for a given update rate, whereupon the single compiled tagset is subsequently forwarded to the one or more interfaces. A controller generates a superset of tags associated with an industrial process. Each interface can request a copy of the superset, from which the required tags are selected. The controller receives the requested tags from all of the interfaces and combines the requested tags into a single tagset, for a given update rate, comprising the various parameters associated with the tags. At the selected update rate, the tagset is forwarded to the interfaces. A masterset can be utilized to identify the sequence of tags in a tagset and check code can ensure continuity of the tags in the tagset. | 05-16-2013 |
20130238886 | METHODS FOR FIRMWARE SIGNATURE - A method for installing embedded firmware is provided. The method includes generating one or more firmware file instances and generating one or more digital certificate instances that are separate instances from the firmware file instances. The method includes associating the one or more digital certificate instances with the one or more firmware file instances to facilitate updating signature-unaware modules with signature-aware firmware or to facilitate updating signature-aware modules with signature-unaware firmware. | 09-12-2013 |
20140033295 | NETWORK SECURITY MODULE FOR ETHERNET-RECEIVING INDUSTRIAL CONTROL DEVICES - A high-speed security device for network connected industrial controls provides hybrid processing in tandem hardware and software security components. The software security component establishes state-less data identifying each packet that requires high-speed processing and loads a data table in the hardware component. The hardware component may then allow packets matching data of the data table to bypass the software component while passing other non-matching packets to the software component for more sophisticated state analysis. | 01-30-2014 |
20140105004 | Hardware-Based Granular Traffic Storm Protection - Aspects of the present invention provide a device, method and system which utilize hardware-based granular evaluation of industrial control protocol packets to withstand traffic storms. In an embodiment, packet evaluation circuitry coupled to a port may be adapted to evaluate one or more protocol fields contained in each inbound packet before switching circuitry can send the inbound packet to the proper destination. The inbound packet may be sent by the switching circuitry if it is a particular message, or may be selectively inhibited from being sent by the switching circuitry if the inbound packet does not contain the particular message for being sent and if the total number of bytes of the inbound packet type exceeds a threshold for the outbound port during a given period of time. As such, critical industrial applications may continue to operate in the presence of a traffic storm. | 04-17-2014 |
20140143429 | Juxtaposition BASED Machine Addressing - A method and apparatus for use with a plurality of resources integrated within a space for performing a process and a program run by a processor for controlling the process, the apparatus for associating the resources with the program and comprising a processor running a program to perform the steps of identifying at least a first reference point within the space, identifying the relative juxtaposition of at least a first resource with respect to the first reference point and associating the first resource with the program as a function of the relative juxtaposition of the first resource to the reference point. | 05-22-2014 |
20140250493 | FIREWALL METHOD AND APPARATUS FOR INDUSTRIAL SYSTEMS - Method and apparatus for use with systems including networked resources where communication between resources is via dual packet protocols wherein a first protocol includes a frame that specifies a destination device/resource and a data field and the second protocol specifies a final destination device/resource and includes a data field, where the second packets are encapsulated in the first protocol packet frames, the method including specifying access control information for resources, for each first protocol packet transmitted on the network, intercepting the first protocol packet prior to the first protocol destination resource, examining a subset of the additional embedded packet information to identify one of the intermediate path resources and the final destination resource, identifying the access control information associated with the identified at least one of the intermediate path resources and the final destination resource and restricting transmission of the first protocol packet as a function of the identified access control information. | 09-04-2014 |
20140250520 | FIREWALL METHOD AND APPARATUS FOR INDUSTRIAL SYSTEMS - Method and apparatus for use with systems including networked resources where communication between resources is via dual packet protocols wherein a first protocol includes a frame that specifies a destination device/resource and a data field and the second protocol specifies a final destination device/resource and includes a data field, where the second packets are encapsulated in the first protocol packet frames, the method including specifying access control information for resources, for each first protocol packet transmitted on the network, intercepting the first protocol packet prior to the first protocol destination resource, examining a subset of the additional embedded packet information to identify one of the intermediate path resources and the final destination resource, identifying the access control information associated with the identified at least one of the intermediate path resources and the final destination resource and restricting transmission of the first protocol packet as a function of the identified access control information. | 09-04-2014 |
20140259099 | FIREWALL METHOD AND APPARATUS FOR INDUSTRIAL SYSTEMS - Methods and apparatus for controlling access in an electronic network include receiving a communication from a source device, the communication comprising a first protocol packet having first protocol packet information including a first protocol destination resource identifier, wherein a second protocol packet is embedded in the first protocol packet; retrieving at least one access rule based on at least one characteristic of the second protocol packet; applying the at least one access rule to at least one characteristic of the first protocol packet to determine an access rule outcome; and controlling access of the communication to a first protocol destination resource associated with the first protocol destination resource identifier according to the access rule outcome. | 09-11-2014 |
20140331038 | METHODS FOR FIRMWARE SIGNATURE - A method for installing embedded firmware is provided. The method includes generating one or more firmware file instances and generating one or more digital certificate instances that are separate instances from the firmware file instances. The method includes associating the one or more digital certificate instances with the one or more firmware file instances to facilitate updating signature-unaware modules with signature-aware firmware or to facilitate updating signature-aware modules with signature-unaware firmware. | 11-06-2014 |
20140351705 | SYSTEMS AND METHODS THAT UTILIZE SCALABLE VECTOR GRAPHICS TO PROVIDE WEB-BASED VISUALIZATION OF A DEVICE - The present invention relates to systems and methods that employ scalable vector graphics (SVG) to view and effectuate an industrial device from a remote Web interface. The systems and methods can be utilized to retrieve an SVG XML markup language-based file associated with the device and execute the SVG file via basic ASCII drawing commands. Thus, a faceplate of an industrial device and/or other device-related information can be represented via SVG syntax and stored with the device. A user can employ a Web browser from a remote location (e.g., via a Web client) to retrieve the SVG file, wherein the file can be loaded within the Web browser and/or an open source software package. The SVG file can be executed to render an interactive graphical faceplate that can depict LEDs, alphanumeric displays, inputs/output, etc., trending mechanisms (e.g., graphs, charts, etc.), and capabilities to load parameters. | 11-27-2014 |