EP1658539A2 - Hmi system for operating and monitoring a technical installation by means of a mobile operating and monitoring device and secure data transmission - Google Patents
Hmi system for operating and monitoring a technical installation by means of a mobile operating and monitoring device and secure data transmissionInfo
- Publication number
- EP1658539A2 EP1658539A2 EP04763569A EP04763569A EP1658539A2 EP 1658539 A2 EP1658539 A2 EP 1658539A2 EP 04763569 A EP04763569 A EP 04763569A EP 04763569 A EP04763569 A EP 04763569A EP 1658539 A2 EP1658539 A2 EP 1658539A2
- Authority
- EP
- European Patent Office
- Prior art keywords
- monitoring device
- mobile operating
- automation components
- operating
- data transmission
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0209—Architectural arrangements, e.g. perimeter networks or demilitarized zones
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/75—Indicating network or usage conditions on the user display
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B2219/00—Program-control systems
- G05B2219/20—Pc systems
- G05B2219/23—Pc programming
- G05B2219/23043—Remote and local control panel, programming unit, switch
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B2219/00—Program-control systems
- G05B2219/20—Pc systems
- G05B2219/23—Pc programming
- G05B2219/23067—Control, human or man machine interface, interactive, HMI, MMI
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B2219/00—Program-control systems
- G05B2219/20—Pc systems
- G05B2219/25—Pc structure of the system
- G05B2219/25153—Checking communication
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B2219/00—Program-control systems
- G05B2219/20—Pc systems
- G05B2219/25—Pc structure of the system
- G05B2219/25196—Radio link, transponder
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/30—Definitions, standards or architectural aspects of layered protocol stacks
- H04L69/32—Architecture of open systems interconnection [OSI] 7-layer type protocol stacks, e.g. the interfaces between the data link level and the physical level
- H04L69/322—Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions
- H04L69/329—Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions in the application layer [OSI layer 7]
Definitions
- HMI system for operating and monitoring a technical system with a mobile operator control and monitoring device and secure data transmission
- the invention relates to an HMI system with at least one mobile operating and monitoring device for the automation components of a technical system.
- Technical systems are all types of technical devices and systems, both in individual arrangement and in data networking e.g. via a fieldbus. In industrial applications, this includes individual equipment, e.g. Drives, processing machines. However, a technical system can also be a production system in which an entire technical process is operated with locally distributed equipment, e.g. a chemical plant or production line.
- Technical systems are controlled and operated using special digital data processing systems, also called automation components.
- automation components serving for direct control of the technical system are present, i.e. programmable logic controllers PLC, also referred to as "PLC - Programmable Logic Controler".
- PLC programmable logic controller
- PLC programmable logic controller
- HMI devices i.e. Human machine interface.
- HMI device is a generic term and u encompasses all components belonging to this group of devices.
- HMI devices serve as aids for operating personnel to process data from the technical system to be controlled. to be able to show and operate. This function is called “Supervisor Control and Data Acquisition” (SCADA).
- SCADA Supervisor Control and Data Acquisition
- the HMI device is usually specially designed in terms of hardware, ie it has, for example, a touchscreen and is particularly shielded against environmental influences. Special software is also executed in it. This provides functions which improve the comfort, quality and safety of operation by an operator.
- interactive process images of the technical system to be operated can be visualized, operated, configured and generated using HMI devices.
- this enables a selective display of reactions of the technical system, usually in the form of measured values and messages.
- the targeted specification of operating actions and data entries enables the technical system to be brought into the desired states.
- the HMI devices are e.g. in the form of terminals or operator panels as stationary components permanently integrated in an automation system.
- the components are often connected via a fieldbus, which meets the requirements for industrial applications, particularly with regard to failure and transmission security.
- Such networks represent a closed system in automation technology and, due to this property, are secure against external access. If an automation system is opened in applications, in particular by connecting to the Internet, e.g. To exchange process, operating and monitoring data between a local automation system and a so-called "remote location" via the Internet, such a connection point can be implemented using known measures, such as e.g. the installation of a firewall, secured against unauthorized access.
- the invention is therefore based on the object of further designing an HMI system in such a way that mobile operating and monitoring devices are also integrated into an automation system in a manner which is safe from external interference.
- the HMI system according to the invention with at least one mobile operating and monitoring device for the automation components of a technical system has a radio link for contactless data transmission between the mobile operating and monitoring device and the automation components.
- a first firewall is provided to secure the data transmission from the automation components to the mobile operating and monitoring device and a second firewall to secure the data transmission from the mobile operating and monitoring device to the automation components.
- the invention has the advantage that using firewalls, ie when securing the acceptance of data, Tried and tested means of wired communication links can also be used to secure bidirectional data traffic on a radio link between a mobile operating and monitoring device and the other components of the automation of a technical system.
- the second firewall is advantageously integrated in an automation component. This means that additional hardware expenditure can be avoided. If the automation components have a radio interface, also called a radio access point, for coupling to the radio link, then an integration of the second firewall into this radio interface is particularly advantageous. This enables particularly good protection of all automation components behind it, especially if these are used together with the radio interface
- Radio interface are coupled together via a fieldbus.
- the first firewall is advantageously integrated directly into the mobile operating and monitoring device. This can make manipulations particularly difficult when the housing of the mobile operating and monitoring device is encapsulated.
- the data transmission security of the HMI system according to the invention can be further increased in that the automation components have a radius server, which is advantageously also connected to the fieldbus as a singular component.
- the Radius Server offers a so-called "Remote Authentication Dial-In Service”. Authentication of the users of the mobile operating and monitoring device, that is to say secure user administration, is thus possible.
- the invention is explained in more detail below on the basis of an exemplary embodiment shown in FIG. 1.
- the technical system TA in FIG. 1 has technical resources M, which can be part of a manufacturing or process engineering system, for example.
- automation components S are present, which intervene with the technical equipment M via a fieldbus FB, in particular through the intermediation of sensors, positioners and various other so-called "process instruments”.
- the automation components S in FIG. 1 have, for example, an automation device AS, e.g. a programmable logic controller PLC, which effects the control of the technical equipment M if necessary in real time.
- an automation device AS e.g. a programmable logic controller PLC
- the SP operator control and monitoring device has e.g. via a display SBD and a keyboard SBT. Like the other automation components, it is connected to a fieldbus FB.
- the HMI system shown in FIG. 1 has at least one mobile operating and monitoring device MP, e.g. a wireless hand-held terminal. This also has e.g. via a display MPD and a keyboard MPT. Furthermore, emergency stop and acknowledgment buttons and e.g. Key switch may be provided.
- the mobile operating and monitoring device MP exchanges data in a contactless manner via a radio link FS with the automation components S of the technical system TA.
- the radio link FS is designed bidirectionally.
- a first data stream in one of the automation components The transmission direction FAF running to the operating and monitoring device MP preferably transmits displays, alarms, messages, measured values and much more in order to inform a user, in particular, of the state of the technical system TA.
- a second data stream in a transmission direction MPF running from the operating and monitoring device MP to the automation components S transmits in particular acknowledgments, commands and much more, in particular to change the state of the technical system TA in a manner desired by the user of the mobile operating and monitoring device MP ,
- the bidirectional data transmission on the radio link FS is secured by a pair of firewalls MPW and FAW, preferably of the same design, the first firewall MPW securing the data transmission of the first data stream in the direction of FAF and the second firewall FAW securing the data transmission of the second data stream in the direction of MPF ,
- the security procedures loaded and active in the firewalls MPW and FAW are advantageously identical or at least equivalent.
- the first firewall MPW is advantageously integrated directly into the mobile operating and monitoring device MP. Accordingly, the second firewall FAW is advantageously integrated in an automation component S. In the preferred embodiment of the invention shown in FIG. 1, the second firewall FAW is integrated directly into a radio interface FA connected to the fieldbus FB, which interfaces the automation components S to the radio link FS.
- the automation components S have an additional RADIUS server RS, which is also advantageously connected to the fieldbus FB.
- This provides an additional service called "Remote Authentication Dail-In User".
- the authorization of a user can be zer of the mobile operating and monitoring device MP can be checked.
- the HMI system according to the invention thus has an excellent security against external access despite a radio interface to a mobile operating and monitoring device MP which is inherently at risk. This can be achieved through additional measures, e.g. the integration of a radius server can be further improved.
Abstract
Description
Claims
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
DE20313562U DE20313562U1 (en) | 2003-08-29 | 2003-08-29 | HMI system for operating and monitoring a technical system with a mobile operator control and monitoring device and secure data transmission |
PCT/EP2004/008456 WO2005029810A2 (en) | 2003-08-29 | 2004-07-28 | Hmi system for operating and monitoring a technical installation by means of a mobile operating and monitoring device and secure data transmission |
Publications (1)
Publication Number | Publication Date |
---|---|
EP1658539A2 true EP1658539A2 (en) | 2006-05-24 |
Family
ID=29432963
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP04763569A Withdrawn EP1658539A2 (en) | 2003-08-29 | 2004-07-28 | Hmi system for operating and monitoring a technical installation by means of a mobile operating and monitoring device and secure data transmission |
Country Status (4)
Country | Link |
---|---|
US (1) | US20060212557A1 (en) |
EP (1) | EP1658539A2 (en) |
DE (1) | DE20313562U1 (en) |
WO (1) | WO2005029810A2 (en) |
Families Citing this family (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE102004007229A1 (en) * | 2004-02-13 | 2005-09-08 | Siemens Ag | Configuration procedure for an automation system |
DE102004051308A1 (en) * | 2004-10-21 | 2006-05-04 | Giesecke & Devrient Gmbh | Mobile station secured against attacks from insecure networks |
US8285326B2 (en) | 2005-12-30 | 2012-10-09 | Honeywell International Inc. | Multiprotocol wireless communication backbone |
EP2614415B1 (en) | 2010-09-10 | 2017-08-30 | Gleason Metrology Systems Corporation | Remote operator pendant for a metrology machine tool |
DE102013216347A1 (en) | 2013-08-19 | 2015-02-19 | Robert Bosch Gmbh | Operating device and method for controlling at least one machine |
US10680886B1 (en) | 2014-08-29 | 2020-06-09 | Schneider Electric Systems Usa, Inc. | Remote wireless sensors and systems including remote wireless sensors |
EP3847548A4 (en) * | 2018-09-10 | 2022-06-01 | AVEVA Software, LLC | Edge hmi module server system and method |
CN113169861A (en) | 2018-12-06 | 2021-07-23 | 施耐德电子系统美国股份有限公司 | One-time pad encryption for industrial wireless instruments |
US11184420B2 (en) | 2020-01-06 | 2021-11-23 | Tencent America LLC | Methods and apparatuses for dynamic adaptive streaming over HTTP |
Family Cites Families (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5909368A (en) * | 1996-04-12 | 1999-06-01 | Fisher-Rosemount Systems, Inc. | Process control system using a process control strategy distributed among multiple control elements |
US6282454B1 (en) * | 1997-09-10 | 2001-08-28 | Schneider Automation Inc. | Web interface to a programmable controller |
US6574661B1 (en) * | 1997-09-26 | 2003-06-03 | Mci Communications Corporation | Integrated proxy interface for web based telecommunication toll-free network management using a network manager for downloading a call routing tree to client |
DE19904331C1 (en) * | 1999-01-28 | 2000-08-03 | Siemens Ag | System and method for transmitting data, in particular data for operating and monitoring an automation system, via the Internet with an asymmetrical Internet connection |
US6788980B1 (en) * | 1999-06-11 | 2004-09-07 | Invensys Systems, Inc. | Methods and apparatus for control using control devices that provide a virtual machine environment and that communicate via an IP network |
DE10000609B4 (en) * | 2000-01-10 | 2006-04-13 | Gira Giersiepen Gmbh & Co. Kg | Interface device for a data connection between an electrical installation system and a Komminikationssystem and equipped therewith electrical installation system |
US7814208B2 (en) * | 2000-04-11 | 2010-10-12 | Science Applications International Corporation | System and method for projecting content beyond firewalls |
DE10038552A1 (en) * | 2000-08-03 | 2002-02-28 | Siemens Ag | System and method for the transmission of OPC data via data networks, in particular the Internet, with an asynchronous data connection |
AU2002223813A1 (en) * | 2000-11-17 | 2002-05-27 | Ipwireless, Inc. | Use of internet web technology for wireless internet access |
EP1249747A1 (en) * | 2001-04-09 | 2002-10-16 | Patria Ailon | Control system and method for controlling processes |
US7089586B2 (en) * | 2001-05-02 | 2006-08-08 | Ipr Licensing, Inc. | Firewall protection for wireless users |
EP1298506A1 (en) * | 2001-09-27 | 2003-04-02 | Siemens Aktiengesellschaft | Dynamic access to automation resources |
-
2003
- 2003-08-29 DE DE20313562U patent/DE20313562U1/en not_active Expired - Lifetime
-
2004
- 2004-07-28 US US10/568,116 patent/US20060212557A1/en not_active Abandoned
- 2004-07-28 EP EP04763569A patent/EP1658539A2/en not_active Withdrawn
- 2004-07-28 WO PCT/EP2004/008456 patent/WO2005029810A2/en active Application Filing
Non-Patent Citations (1)
Title |
---|
None * |
Also Published As
Publication number | Publication date |
---|---|
WO2005029810A2 (en) | 2005-03-31 |
WO2005029810A3 (en) | 2005-06-16 |
US20060212557A1 (en) | 2006-09-21 |
DE20313562U1 (en) | 2003-11-06 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP1325458B1 (en) | System and method for the central control of devices used during an operation | |
DE102007045729B4 (en) | System and method of communication between two process controls within a process control system | |
DE10038552A1 (en) | System and method for the transmission of OPC data via data networks, in particular the Internet, with an asynchronous data connection | |
WO2004114621A1 (en) | Method for the secure transmission of data via a field bus | |
WO2006111376A1 (en) | Device for secure remote access | |
CH702454B1 (en) | Arrangement with a superordinate control unit and at least one connected with the control unit intelligent field device. | |
WO2007128836A1 (en) | Operator panel for exchanging data with a field device in an automation system | |
WO2005029810A2 (en) | Hmi system for operating and monitoring a technical installation by means of a mobile operating and monitoring device and secure data transmission | |
EP2506100A2 (en) | Interface module for a modular control device | |
WO2008064381A2 (en) | Method for the operation of a wireless communication link between a mobile manual operator device and a machine controller, and corresponding system components | |
WO2005036492A1 (en) | Hmi system with a mobile control and monitoring device for security-relevant operations in a technical system | |
DE10038557B4 (en) | System and method for the transmission of data over data networks, in particular the Internet, with asynchronous data connection | |
WO2011076184A1 (en) | Communication device and method for monitoring and controlling security systems | |
EP3122016A1 (en) | Automation network and method of surveillance for security of the transmission of data packets | |
EP3056953A1 (en) | Self-contained field device used in automation technology for remote monitoring | |
WO2003026338A1 (en) | Method for remotely diagnosing process flows in systems | |
DE102005007477B4 (en) | Programmable control for machine and / or plant automation with standard control and safety functions and communication with a safety I / O and method for operating the programmable controller | |
WO2004055610A1 (en) | System and method for monitoring technical installations and objects | |
DE10038562B4 (en) | System and method for transmitting data over data networks with data conversion by a COM car sounder | |
DE102015116401A1 (en) | System, in particular augmented reality system, for operation and / or maintenance of a technical system | |
WO2023111142A1 (en) | It architecture for blood treatment systems | |
DE10304649A1 (en) | HMI device with a computer user station with an interface for the transmission of communication data | |
DE102004033624A1 (en) | Security module for network, has interfaces for connection to superordinate and subordinate networks, respectively, and third interface connected to separate network node and with former two interfaces through respective firewalls | |
DE102017216668A1 (en) | Method and arrangement for communication with at least one field device of a technical installation | |
EP1260951A2 (en) | Mobile control- and/or observation device with field bus connection, especially for industrial processes |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
17P | Request for examination filed |
Effective date: 20060227 |
|
AK | Designated contracting states |
Kind code of ref document: A2 Designated state(s): DE FR GB IT |
|
DAX | Request for extension of the european patent (deleted) | ||
RBV | Designated contracting states (corrected) |
Designated state(s): DE FR GB IT |
|
17Q | First examination report despatched |
Effective date: 20070209 |
|
RAP1 | Party data changed (applicant data changed or rights of an application transferred) |
Owner name: SIEMENS AKTIENGESELLSCHAFT |
|
RAP1 | Party data changed (applicant data changed or rights of an application transferred) |
Owner name: SIEMENS AKTIENGESELLSCHAFT |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN |
|
18D | Application deemed to be withdrawn |
Effective date: 20150203 |