EP1658539A2 - Hmi system for operating and monitoring a technical installation by means of a mobile operating and monitoring device and secure data transmission - Google Patents

Hmi system for operating and monitoring a technical installation by means of a mobile operating and monitoring device and secure data transmission

Info

Publication number
EP1658539A2
EP1658539A2 EP04763569A EP04763569A EP1658539A2 EP 1658539 A2 EP1658539 A2 EP 1658539A2 EP 04763569 A EP04763569 A EP 04763569A EP 04763569 A EP04763569 A EP 04763569A EP 1658539 A2 EP1658539 A2 EP 1658539A2
Authority
EP
European Patent Office
Prior art keywords
monitoring device
mobile operating
automation components
operating
data transmission
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP04763569A
Other languages
German (de)
French (fr)
Inventor
Gottfried Rieger
Ulrich Sinn
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Siemens AG
Original Assignee
Siemens AG
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Siemens AG filed Critical Siemens AG
Publication of EP1658539A2 publication Critical patent/EP1658539A2/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0209Architectural arrangements, e.g. perimeter networks or demilitarized zones
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/75Indicating network or usage conditions on the user display
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B2219/00Program-control systems
    • G05B2219/20Pc systems
    • G05B2219/23Pc programming
    • G05B2219/23043Remote and local control panel, programming unit, switch
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B2219/00Program-control systems
    • G05B2219/20Pc systems
    • G05B2219/23Pc programming
    • G05B2219/23067Control, human or man machine interface, interactive, HMI, MMI
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B2219/00Program-control systems
    • G05B2219/20Pc systems
    • G05B2219/25Pc structure of the system
    • G05B2219/25153Checking communication
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B2219/00Program-control systems
    • G05B2219/20Pc systems
    • G05B2219/25Pc structure of the system
    • G05B2219/25196Radio link, transponder
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/30Definitions, standards or architectural aspects of layered protocol stacks
    • H04L69/32Architecture of open systems interconnection [OSI] 7-layer type protocol stacks, e.g. the interfaces between the data link level and the physical level
    • H04L69/322Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions
    • H04L69/329Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions in the application layer [OSI layer 7]

Definitions

  • HMI system for operating and monitoring a technical system with a mobile operator control and monitoring device and secure data transmission
  • the invention relates to an HMI system with at least one mobile operating and monitoring device for the automation components of a technical system.
  • Technical systems are all types of technical devices and systems, both in individual arrangement and in data networking e.g. via a fieldbus. In industrial applications, this includes individual equipment, e.g. Drives, processing machines. However, a technical system can also be a production system in which an entire technical process is operated with locally distributed equipment, e.g. a chemical plant or production line.
  • Technical systems are controlled and operated using special digital data processing systems, also called automation components.
  • automation components serving for direct control of the technical system are present, i.e. programmable logic controllers PLC, also referred to as "PLC - Programmable Logic Controler".
  • PLC programmable logic controller
  • PLC programmable logic controller
  • HMI devices i.e. Human machine interface.
  • HMI device is a generic term and u encompasses all components belonging to this group of devices.
  • HMI devices serve as aids for operating personnel to process data from the technical system to be controlled. to be able to show and operate. This function is called “Supervisor Control and Data Acquisition” (SCADA).
  • SCADA Supervisor Control and Data Acquisition
  • the HMI device is usually specially designed in terms of hardware, ie it has, for example, a touchscreen and is particularly shielded against environmental influences. Special software is also executed in it. This provides functions which improve the comfort, quality and safety of operation by an operator.
  • interactive process images of the technical system to be operated can be visualized, operated, configured and generated using HMI devices.
  • this enables a selective display of reactions of the technical system, usually in the form of measured values and messages.
  • the targeted specification of operating actions and data entries enables the technical system to be brought into the desired states.
  • the HMI devices are e.g. in the form of terminals or operator panels as stationary components permanently integrated in an automation system.
  • the components are often connected via a fieldbus, which meets the requirements for industrial applications, particularly with regard to failure and transmission security.
  • Such networks represent a closed system in automation technology and, due to this property, are secure against external access. If an automation system is opened in applications, in particular by connecting to the Internet, e.g. To exchange process, operating and monitoring data between a local automation system and a so-called "remote location" via the Internet, such a connection point can be implemented using known measures, such as e.g. the installation of a firewall, secured against unauthorized access.
  • the invention is therefore based on the object of further designing an HMI system in such a way that mobile operating and monitoring devices are also integrated into an automation system in a manner which is safe from external interference.
  • the HMI system according to the invention with at least one mobile operating and monitoring device for the automation components of a technical system has a radio link for contactless data transmission between the mobile operating and monitoring device and the automation components.
  • a first firewall is provided to secure the data transmission from the automation components to the mobile operating and monitoring device and a second firewall to secure the data transmission from the mobile operating and monitoring device to the automation components.
  • the invention has the advantage that using firewalls, ie when securing the acceptance of data, Tried and tested means of wired communication links can also be used to secure bidirectional data traffic on a radio link between a mobile operating and monitoring device and the other components of the automation of a technical system.
  • the second firewall is advantageously integrated in an automation component. This means that additional hardware expenditure can be avoided. If the automation components have a radio interface, also called a radio access point, for coupling to the radio link, then an integration of the second firewall into this radio interface is particularly advantageous. This enables particularly good protection of all automation components behind it, especially if these are used together with the radio interface
  • Radio interface are coupled together via a fieldbus.
  • the first firewall is advantageously integrated directly into the mobile operating and monitoring device. This can make manipulations particularly difficult when the housing of the mobile operating and monitoring device is encapsulated.
  • the data transmission security of the HMI system according to the invention can be further increased in that the automation components have a radius server, which is advantageously also connected to the fieldbus as a singular component.
  • the Radius Server offers a so-called "Remote Authentication Dial-In Service”. Authentication of the users of the mobile operating and monitoring device, that is to say secure user administration, is thus possible.
  • the invention is explained in more detail below on the basis of an exemplary embodiment shown in FIG. 1.
  • the technical system TA in FIG. 1 has technical resources M, which can be part of a manufacturing or process engineering system, for example.
  • automation components S are present, which intervene with the technical equipment M via a fieldbus FB, in particular through the intermediation of sensors, positioners and various other so-called "process instruments”.
  • the automation components S in FIG. 1 have, for example, an automation device AS, e.g. a programmable logic controller PLC, which effects the control of the technical equipment M if necessary in real time.
  • an automation device AS e.g. a programmable logic controller PLC
  • the SP operator control and monitoring device has e.g. via a display SBD and a keyboard SBT. Like the other automation components, it is connected to a fieldbus FB.
  • the HMI system shown in FIG. 1 has at least one mobile operating and monitoring device MP, e.g. a wireless hand-held terminal. This also has e.g. via a display MPD and a keyboard MPT. Furthermore, emergency stop and acknowledgment buttons and e.g. Key switch may be provided.
  • the mobile operating and monitoring device MP exchanges data in a contactless manner via a radio link FS with the automation components S of the technical system TA.
  • the radio link FS is designed bidirectionally.
  • a first data stream in one of the automation components The transmission direction FAF running to the operating and monitoring device MP preferably transmits displays, alarms, messages, measured values and much more in order to inform a user, in particular, of the state of the technical system TA.
  • a second data stream in a transmission direction MPF running from the operating and monitoring device MP to the automation components S transmits in particular acknowledgments, commands and much more, in particular to change the state of the technical system TA in a manner desired by the user of the mobile operating and monitoring device MP ,
  • the bidirectional data transmission on the radio link FS is secured by a pair of firewalls MPW and FAW, preferably of the same design, the first firewall MPW securing the data transmission of the first data stream in the direction of FAF and the second firewall FAW securing the data transmission of the second data stream in the direction of MPF ,
  • the security procedures loaded and active in the firewalls MPW and FAW are advantageously identical or at least equivalent.
  • the first firewall MPW is advantageously integrated directly into the mobile operating and monitoring device MP. Accordingly, the second firewall FAW is advantageously integrated in an automation component S. In the preferred embodiment of the invention shown in FIG. 1, the second firewall FAW is integrated directly into a radio interface FA connected to the fieldbus FB, which interfaces the automation components S to the radio link FS.
  • the automation components S have an additional RADIUS server RS, which is also advantageously connected to the fieldbus FB.
  • This provides an additional service called "Remote Authentication Dail-In User".
  • the authorization of a user can be zer of the mobile operating and monitoring device MP can be checked.
  • the HMI system according to the invention thus has an excellent security against external access despite a radio interface to a mobile operating and monitoring device MP which is inherently at risk. This can be achieved through additional measures, e.g. the integration of a radius server can be further improved.

Abstract

Disclosed is an HMI system comprising at least one mobile operating and monitoring device (MP) for the automation components (S) of a technical installation (M) and a radio link (FS) for contactless data transmission (MPF; FAF) between the mobile operating and monitoring device and the automation components. A first firewall (MPW) is provided for securing data transmission (FAF) from the automation components (S) to the mobile operating and monitoring device (MP) while a second firewall (FAW) is supplied for securing data transmission from the mobile operating and monitoring device (MP) to the automation components (S). The advantage of the invention consists of the fact that bi-directional data traffic on the radio link between a mobile operating and monitoring device and the other automation components of a technical installation can also be secured by using two preferably equally effective firewalls (MPW, FAW).

Description

Beschreibungdescription
HMI System zur Bedienung und Beobachtung einer technischen Anlage mit einem mobilen Bedien- und Beobachtungsgerät und gesicherter DatenübertragungHMI system for operating and monitoring a technical system with a mobile operator control and monitoring device and secure data transmission
Die Erfindung betrifft ein HMI System mit zumindest einem mobilen Bedien- und Beobachtungsgerät für die Automatisierungskomponenten einer technischen Anlage .The invention relates to an HMI system with at least one mobile operating and monitoring device for the automation components of a technical system.
Technische Anlagen sind alle Arten, von technischen Geräten und Systemen sowohl in Einzelanordnung als auch in datentechnischer Vernetzung z .B . über einen Feldbus . Bei industriellen Anwendungen fallen darunter einzelne Betriebsmittel, z .B. An- triebe, Bearbeitungsmaschinen. Eine technische Anlage kann aber auch eine Produktionsanlage sein, bei der mit lokal verteilten Betriebsmitteln ein gesamter technischer Prozess betrieben wird, z .B . eine chemische Anlage oder Fertigungsstraße . Technische Anlagen werden mit speziellen digitalen Daten- Verarbeitungssystemen, auch Automatisierungskomponenten genannt, gesteuert und bedient . In einem solchen System sind einerseits zur direkten Steuerung der technischen Anlage dienende Komponenten vorhanden, d.h. speicherprogrammierbare Steuerungen SPS, auch als "PLC - Programmable Logic Control- 1er" bezeichnet . Zur Entlastung dieser Steuerungen weisen Automatisierungen weitere spezielle Geräte auf, welche eine Schnittstelle für Bedienpersonal bilden. Diese werden als Geräte zum "Bedienen- und Beobachten", abgekürzt "B+B", oder als HMI Geräte, d.h. Human Machine Interface, bezeichnet .Technical systems are all types of technical devices and systems, both in individual arrangement and in data networking e.g. via a fieldbus. In industrial applications, this includes individual equipment, e.g. Drives, processing machines. However, a technical system can also be a production system in which an entire technical process is operated with locally distributed equipment, e.g. a chemical plant or production line. Technical systems are controlled and operated using special digital data processing systems, also called automation components. In such a system, components serving for direct control of the technical system are present, i.e. programmable logic controllers PLC, also referred to as "PLC - Programmable Logic Controler". To relieve these controls, automations have other special devices that form an interface for operating personnel. These are called devices for "operator control and monitoring", abbreviated "B + B", or as HMI devices, i.e. Human machine interface.
Der Begriff HMI Gerät ist ein Oberbegriff und u fasst alle zu dieser Gruppe von Geräten gehörigen Komponenten. Als ein Beispiel sollen "Operator Panels", auch als "Bedienpanels" bzw. kurz als "OP" bezeichnet, genannt werden. Diese können stati- onär oder mobil ausgeführt sein. HMI Geräte dienen in einer vernetzten Automatisierung als Hilfsmittel für Bedienpersonal, um Prozessdaten der zu steuernden technischen Anlage an- zeigen und bedienen zu können. Diese Funktion wird mit "Supervisor Control and Data Akquisition" (SCADA) bezeichnet. Hierzu ist das HMI Gerät in der Regel hardwaremäßig speziell aufgebaut, d.h. es verfügt z.B. über einen Touchscreen und ist gegen Umwelteinflüsse besonders abgeschirmt. Weiterhin wird darin eine spezielle Software ausgeführt. Diese stellt Funktionen bereit, womit Komfort, Qualität und Sicherheit einer Bedienung durch eine Bedienperson verbessert. So können über HMI Geräte z.B. interaktive Prozessabbilder der zu be- dienenden technischen Anlage visualisiert, bedient, projektiert und generiert werden. Hiermit ist einerseits eine selektive Anzeige von Reaktionen der technischen Anlage möglich, meist in Form von Messwerten und Meldungen. Andererseits wird es durch gezielte Vorgabe von Bedienhandlungen und Dateneingaben ermöglicht, die technische Anlage in gewünschte Zustände zu überführen.The term HMI device is a generic term and u encompasses all components belonging to this group of devices. "Operator Panels", also referred to as "operating panels" or "OP" for short, should be mentioned as an example. These can be stationary or mobile. In networked automation, HMI devices serve as aids for operating personnel to process data from the technical system to be controlled. to be able to show and operate. This function is called "Supervisor Control and Data Acquisition" (SCADA). For this purpose, the HMI device is usually specially designed in terms of hardware, ie it has, for example, a touchscreen and is particularly shielded against environmental influences. Special software is also executed in it. This provides functions which improve the comfort, quality and safety of operation by an operator. For example, interactive process images of the technical system to be operated can be visualized, operated, configured and generated using HMI devices. On the one hand, this enables a selective display of reactions of the technical system, usually in the form of measured values and messages. On the other hand, the targeted specification of operating actions and data entries enables the technical system to be brought into the desired states.
Vielfach sind die HMI Geräte z.B. in Form von Terminals oder Operator Panels als stationäre Komponenten in ein Automati- sierungssystem fest integriert. Dabei sind die Komponenten vielfach über einen Feldbus verbunden, der insbesondere bezüglich Ausfall- und Übertragungssicherheit die bei industriellen Anwendungen notwendigen Anforderungen erfüllt. Derartige Netzwerke stellen in der Automatisierungstechnik ein geschlossenes System dar und sind auf Grund dieser Eigenschaft sicher gegenüber Fremdzugriffen. Falls dennoch in Anwendungsfällen eine Öffnung eines Automatisierungssystems insbesondere durch Anbindung an das Internet erfolgt, um z.B. Prozess-, Bedien- und Beobachtungsdaten zwischen einem loka- len Automatisierungssystem und einer sogenannten "Remote Lo- cation" über das Internet auszutauschen, so kann ein derartiger Anschlusspunkt mit bekannten Maßnahmen, wie z.B. der Installation einer Firewall, gegenüber Fremdzugriffen abgesichert werden.In many cases the HMI devices are e.g. in the form of terminals or operator panels as stationary components permanently integrated in an automation system. The components are often connected via a fieldbus, which meets the requirements for industrial applications, particularly with regard to failure and transmission security. Such networks represent a closed system in automation technology and, due to this property, are secure against external access. If an automation system is opened in applications, in particular by connecting to the Internet, e.g. To exchange process, operating and monitoring data between a local automation system and a so-called "remote location" via the Internet, such a connection point can be implemented using known measures, such as e.g. the installation of a firewall, secured against unauthorized access.
Anders ist die Situation, wenn die HMI Geräte nicht ausschließlich stationär, sondern auch in Form von mobilen Ope- rator Panels ausgeführt sind. Ein derartiges Automatisierungssystem, dessen Feldbus um mindestens eine Funkstrecke zu einem mobilen Bedien- und Beobachtungsgerät erweitert ist, kann zwar logisch weiterhin als geschlossen angesehen werden. Dennoch stellt die Funkstrecke einen Bereich dar, der besonders gefährdet ist gegenüber beabsichtigten und zufälligen Fremdeingriffen. Diese können in Automatisierungssystemen Wirkungen hervorrufen, die über die bekannten Auswirkungen z.B. von Virenangriffen auf private und kommerzielle Computer und Computernetzwerke hin ausgehen. So sind in einem solchen Falle nicht nur wirtschaftliche Einbußen verursacht durch einen Ausfall des Automatisierungssystems und einer von abhängigen Fertigungsanlage zu befürchten. Vielmehr ist es nicht ausgeschlossen, dass die Sicherheit von Personen in einer Fertigungsanlage in Frage gestellt wird, wenn Fremdeingriffe auf eine Funkstrecke zwischen einem mobilen Bedien- und Beobachtungsgerät und den weiteren Komponenten einer Automatisierungsanlage ausgeübt werden.The situation is different when the HMI devices are not only stationary, but also in the form of mobile operating rator panels are executed. Such an automation system, the fieldbus of which is expanded by at least one radio link to a mobile operating and monitoring device, can logically still be regarded as closed. Nevertheless, the radio link is an area that is particularly vulnerable to intentional and accidental interference. In automation systems, these can produce effects that go beyond the known effects of, for example, virus attacks on private and commercial computers and computer networks. In such a case, there is not only a fear of economic losses caused by a failure of the automation system and a dependent production system. Rather, it is not out of the question that the safety of people in a production system is questioned if external interventions are carried out on a radio link between a mobile operating and monitoring device and the other components of an automation system.
Der Erfindung liegt somit die Aufgabe zu Grunde, ein HMI System so weiter zu gestalten, dass auch mobile Bedien- und Beobachtungsgeräte in einer gegenüber Fremdeingriffen sicheren Weise in ein Automatisierungssystem eingebunden sind.The invention is therefore based on the object of further designing an HMI system in such a way that mobile operating and monitoring devices are also integrated into an automation system in a manner which is safe from external interference.
Das erfindungsgemäße HMI System mit zumindest einem mobilen Bedien- und Beobachtungsgerät für die Automatisierungskomponenten einer technischen Anlage weist eine Funkstrecke zur berührungslosen Datenübertragung zwischen dem mobilen Bedien- und Beobachtungsgerät und den Automatisierungskomponenten auf. Zur Sicherung der Datenübertragung von den Automatisierungskomponenten zum mobilen Bedien- und Beobachtungsgerät ist eine erste Firewall und zur Sicherung der Datenübertragung vom mobilen Bedien- und Beobachtungsgerät zu den Automatisierungskomponenten eine zweite Firewall vorhanden.The HMI system according to the invention with at least one mobile operating and monitoring device for the automation components of a technical system has a radio link for contactless data transmission between the mobile operating and monitoring device and the automation components. A first firewall is provided to secure the data transmission from the automation components to the mobile operating and monitoring device and a second firewall to secure the data transmission from the mobile operating and monitoring device to the automation components.
Die Erfindung hat den Vorteil, dass unter Einsatz von Firewalls, d.h. bei der Sicherung der Entgegennahme von Daten ü- ber kabelgebundene Kommunikationsstrecken erprobten Mitteln, eine Absicherung auch des bidirektionalen Datenverkehrs auf einer Funkstrecke zwischen einem mobilen Bedien- und Beobachtungsgerät und den weiteren Komponenten der Automatisierung einer technischen Anlage erfolgen kann.The invention has the advantage that using firewalls, ie when securing the acceptance of data, Tried and tested means of wired communication links can also be used to secure bidirectional data traffic on a radio link between a mobile operating and monitoring device and the other components of the automation of a technical system.
Vorteilhaft ist die zweite Firewall in eine Automatisierungskomponente integriert. Hierdurch kann ein zusätzlicher Hardware Aufwand vermieden werden. Weisen die Automatisierungs- komponenten eine Funkschnittstelle, auch Funk Access Point genannt, zur Ankopplung an die Funkstrecke auf, so ist eine Integration der zweiten Firewall in diese Funkschnittstelle besonders vorteilhaft. Hierdurch ist eine besonders gute Absicherung aller dahinter liegenden Automatisierungskomponen- ten besonders dann möglich, wenn diese gemeinsam mit derThe second firewall is advantageously integrated in an automation component. This means that additional hardware expenditure can be avoided. If the automation components have a radio interface, also called a radio access point, for coupling to the radio link, then an integration of the second firewall into this radio interface is particularly advantageous. This enables particularly good protection of all automation components behind it, especially if these are used together with the
Funkschnittstelle über einen Feldbus miteinander verkoppelt sind.Radio interface are coupled together via a fieldbus.
Weiterhin ist die erste Firewall vorteilhaft unmittelbar in das mobile Bedien- und Beobachtungsgerät integriert. Hierdurch können Manipulationen insbesondere bei einer gekapselten Ausführung des Gehäuses des mobilen Bedien- und Beobachtungsgeräts erschwert werden.Furthermore, the first firewall is advantageously integrated directly into the mobile operating and monitoring device. This can make manipulations particularly difficult when the housing of the mobile operating and monitoring device is encapsulated.
Schließlich kann die Datenübertragungssicherheit des erfindungsgemäßen HMI Systems weiter dadurch erhöht werden, dass die Automatisierungskomponenten einen Radius-Server aufweisen, der vorteilhaft ebenfalls als singuläre Komponente an den Feldbus angeschlossen ist. Zusätzlich zu den Filtermecha- nismen der Firewalls bietet der Radius Server einen sogenannten "Remote Authentification Dial-In Service". Es ist somit eine Authentifizierung der Benutzer des mobilen Bedien- und Beobachtungsgeräts, also eine gesicherte Benutzerverwaltung, möglich.Finally, the data transmission security of the HMI system according to the invention can be further increased in that the automation components have a radius server, which is advantageously also connected to the fieldbus as a singular component. In addition to the filter mechanisms of the firewalls, the Radius Server offers a so-called "Remote Authentication Dial-In Service". Authentication of the users of the mobile operating and monitoring device, that is to say secure user administration, is thus possible.
Die Erfindung wird anhand von einem, in der Figur 1 dargestellten Ausführungsbeispiel nachfolgend näher erläutert. Die technische Anlage TA in Fig. 1 verfügt über technische Betriebsmittel M, die z.B. Bestandteil einer fertigungs- oder prozesstechnischen Anlage sein können. Zu deren Steuerung sind Automatisierungskomponenten S vorhanden, die über einen Feldbus FB auf die technischen Betriebsmittel M insbesondere durch Vermittlung von Messwertgebern, Stellungsreglern und verschiedenen anderen sogenannten "Process Instruments" eingreifen.The invention is explained in more detail below on the basis of an exemplary embodiment shown in FIG. 1. The technical system TA in FIG. 1 has technical resources M, which can be part of a manufacturing or process engineering system, for example. To control them, automation components S are present, which intervene with the technical equipment M via a fieldbus FB, in particular through the intermediation of sensors, positioners and various other so-called "process instruments".
Die Automatisierungskomponenten S in FIG 1 verfügen beispielhaft über ein Automatisierungsgerät AS, z.B. eine speicherprogrammierbare Steuerung SPS, welche die Steuerung der technischen Betriebsmittel M gegebenenfalls in Echtzeit bewirkt. Zur Bedienung- und Beobachtung der Steuerung, der technischen Betriebsmittel M und z.B. von ablaufenden Steuerungs-, Diagnose, Alarverarbeitungs- und Langzeitbeobachtungsprozessen ist ein stationäres Bedien- und Beobachtungsgerät SP vorhanden, dass z.B. als ein Operator Panel mit Touch Screen und Mitteln zum Fronteinbau in einen Schaltschrank ausgeführt sein kann. Das stationäre Bedien- und Beobachtungsgerät SP verfügt z.B. über ein Display SBD und eine Tastatur SBT. Es ist wie die anderen Automatisierungskomponenten an einen Feldbus FB angeschlossen.The automation components S in FIG. 1 have, for example, an automation device AS, e.g. a programmable logic controller PLC, which effects the control of the technical equipment M if necessary in real time. For operating and monitoring the control system, the technical equipment M and e.g. of running control, diagnosis, alarm processing and long-term observation processes there is a stationary operating and monitoring device SP, e.g. can be designed as an operator panel with a touch screen and means for front installation in a control cabinet. The SP operator control and monitoring device has e.g. via a display SBD and a keyboard SBT. Like the other automation components, it is connected to a fieldbus FB.
Zusätzlich zum stationären Bedien- und Beobachtungsgerät SP verfügt das in FIG 1 dargestellte HMI System über zumindest ein mobiles Bedien- und Beobachtungsgerät MP, z.B. ein kabelloses Hand-Held Terminal. Auch dieses verfügt z.B. über ein Display MPD und eine Tastatur MPT. Weiterhin können Not-Aus- und Quittungstaste und z.B. Schlüsselschalter vorgesehen sein.In addition to the stationary operating and monitoring device SP, the HMI system shown in FIG. 1 has at least one mobile operating and monitoring device MP, e.g. a wireless hand-held terminal. This also has e.g. via a display MPD and a keyboard MPT. Furthermore, emergency stop and acknowledgment buttons and e.g. Key switch may be provided.
Das mobile Bedien- und Beobachtungsgerät MP tauscht in einer berührungslosen Weise Daten über eine Funkstrecke FS mit den Automatisierungskomponenten S der technische Anlage TA aus. Dabei ist die Funkstrecke FS bidirektional ausgeführt. Ein erster Datenstrom in einer von den Automatisierungskomponen- ten S zu dem Bedien- und Beobachtungsgerät MP verlaufenden Übertragungsrichtung FAF übermittelt bevorzugt Anzeigen, A- larme, Meldungen, Messwerte und vieles mehr, um einen Benutzer insbesondere über den Zustand der technischen Anlage TA in Kenntnis zu setzen. Ein zweiter Datenstrom in einer vom Bedien- und Beobachtungsgerät MP zu den Automatisierungskomponenten S verlaufenden Übertragungsrichtung MPF übermittelt insbesondere Quittierungen, Befehle und vieles mehr, um insbesondere den Zustand der technischen Anlage TA in einer vom Benutzer des mobilen Bedien- und Beobachtungsgeräts MP gewünschten Weise zu verändern.The mobile operating and monitoring device MP exchanges data in a contactless manner via a radio link FS with the automation components S of the technical system TA. The radio link FS is designed bidirectionally. A first data stream in one of the automation components The transmission direction FAF running to the operating and monitoring device MP preferably transmits displays, alarms, messages, measured values and much more in order to inform a user, in particular, of the state of the technical system TA. A second data stream in a transmission direction MPF running from the operating and monitoring device MP to the automation components S transmits in particular acknowledgments, commands and much more, in particular to change the state of the technical system TA in a manner desired by the user of the mobile operating and monitoring device MP ,
Erfindungsgemäß ist die bidirektionale Datenübertragung auf der Funkstrecke FS durch ein Paar von vorzugsweise ausfüh- rungsgleichen Firewalls MPW und FAW abgesichert, wobei die erste Firewall MPW die Datenübertragung des ersten Datenstromes in Richtung FAF und die zweite Firewall FAW die Datenübertragung des zweiten Datenstromes in Richtung MPF absichert. Die in den Firewalls MPW und FAW geladenen und aktiven Sicherungsprozeduren sind vorteilhaft übereinstimmend bzw. zumindest gleichwirkend.According to the invention, the bidirectional data transmission on the radio link FS is secured by a pair of firewalls MPW and FAW, preferably of the same design, the first firewall MPW securing the data transmission of the first data stream in the direction of FAF and the second firewall FAW securing the data transmission of the second data stream in the direction of MPF , The security procedures loaded and active in the firewalls MPW and FAW are advantageously identical or at least equivalent.
Vorteilhaft ist die erste Firewall MPW direkt in das mobile Bedien- und Beobachtungsgerät MP integriert. Entsprechend ist die zweite Firewall FAW vorteilhaft in eine Automatisierungskomponente S integriert. Bei der in FIG 1 dargestellten, bevorzugten Ausführung der Erfindung ist die zweite Firewall FAW direkt in eine an den Feldbus FB angeschlossene Funkschnittstelle FA integriert, welche die Automatisieruncjskom- ponenten S an die Funkstrecke FS ankoppelt.The first firewall MPW is advantageously integrated directly into the mobile operating and monitoring device MP. Accordingly, the second firewall FAW is advantageously integrated in an automation component S. In the preferred embodiment of the invention shown in FIG. 1, the second firewall FAW is integrated directly into a radio interface FA connected to the fieldbus FB, which interfaces the automation components S to the radio link FS.
Gemäß einer weiteren, in FIG 1 bereits dargestellten Ausführung weisen die Automatisierungskomponenten S einen zusätzlichen RADIUS Server RS auf, der vorteilhaft ebenfalls an den Feldbus FB angeschlossen ist. Dieser stellt einen zusätzlichen, "Remote Authentification Dail-In User" genannten Service zur Verfügung. Hierüber kann die Berechtigung eines Benut- zers des mobile Bedien- und Beobachtungsgeräts MP überprüft werden.According to a further embodiment, already shown in FIG. 1, the automation components S have an additional RADIUS server RS, which is also advantageously connected to the fieldbus FB. This provides an additional service called "Remote Authentication Dail-In User". The authorization of a user can be zer of the mobile operating and monitoring device MP can be checked.
Das in FIG 1 beispielhaft dargestellte, erfindungsgemäße HMI System weist somit trotz einer an sich sicherheitsgefährdeten Funkschnittstelle zu einem mobilen Bedien- und Beobachtungsgerät MP eine hervorragende Absicherung gegenüber Fremdzugriffen auf. Diese kann durch zusätzliche Maßnahmen, wie z.B. die Einbindung eines Radius Servers noch weiter verbes- sert werden. The HMI system according to the invention, shown by way of example in FIG. 1, thus has an excellent security against external access despite a radio interface to a mobile operating and monitoring device MP which is inherently at risk. This can be achieved through additional measures, e.g. the integration of a radius server can be further improved.

Claims

Patentansprüche claims
1. HMI System mit zumindest einem mobilen Bedien- und Beobachtungsgerät (MP) für die Automatisierungskomponenten (S) einer technischen Anlage (TA) , mit a) einer Funkstrecke (FS; FAF,MPF) zur berührungslosen Datenübertragung (MPF, FAF) zwischen dem mobilen Bedien- und Beobachtungsgerät (MP) und den Automatisierungskomponenten (S) , und mit b) einer ersten Firewall (MPW) zur Sicherung der Datenübertragung (FAF) von den Automatisierungskomponenten (S) zum mobilen Bedien- und Beobachtungsgerät (MP) und einer zweiten Firewall (FAW) zur Sicherung der Datenübertragung (MPF) vom mobilen Bedien- und Beobachtungsgerät (MP) zu den Automatisierungskomponenten (S) .1. HMI system with at least one mobile operating and monitoring device (MP) for the automation components (S) of a technical system (TA), with a) a radio link (FS; FAF, MPF) for contactless data transmission (MPF, FAF) between the mobile operating and monitoring device (MP) and the automation components (S), and with b) a first firewall (MPW) for securing data transmission (FAF) from the automation components (S) to the mobile operating and monitoring device (MP) and a second Firewall (FAW) to secure data transmission (MPF) from the mobile operator control and monitoring device (MP) to the automation components (S).
2. HMI System nach Anspruch 1, wobei die Sicherungsprozeduren in der ersten und zweiten Firewall (MPW, FAW) übereinstimmend bzw. zumindest gleichwirkend sind.2. HMI system according to claim 1, wherein the security procedures in the first and second firewall (MPW, FAW) are identical or at least equivalent.
3. HMI System nach einem der Anspruch 1 oder 2, wobei die erste Firewall (MPW) in das mobile Bedien- und Beobachtungsgerät (MP) integriert ist.3. HMI system according to one of claims 1 or 2, wherein the first firewall (MPW) is integrated in the mobile operating and monitoring device (MP).
4. HMI System nach Anspruch 3, wobei das mobile Bedien- und Beobachtungsgerät (MP) gekapselt ist.4. HMI system according to claim 3, wherein the mobile control and monitoring device (MP) is encapsulated.
5. HMI System nach einem der vorangegangenen Ansprüche, wobei die zweite Firewall (FAW) in eine Automatisierungskompo- nente (S) integriert ist.5. HMI system according to one of the preceding claims, wherein the second firewall (FAW) is integrated in an automation component (S).
6. HMI System nach Anspruch 5, wobei die Automatisierungskomponenten (S) zur Ankopplung an die Funkstrecke (FS) eine Funkschnittstelle (FA) aufweisen, in welche die zweite Fire- wall (FAW) integriert ist. 6. HMI system according to claim 5, wherein the automation components (S) for coupling to the radio link (FS) have a radio interface (FA) in which the second firewall (FAW) is integrated.
7. HMI System nach Anspruch 6, wobei die Automatisierungskomponenten (S) einen Feldbus (FB) aufweisen, an den die Funkschnittstelle (FA) angeschlossen ist.7. HMI system according to claim 6, wherein the automation components (S) have a fieldbus (FB) to which the radio interface (FA) is connected.
8. HMI System nach einem der vorangegangenen Ansprüche, wobei die Automatisierungskomponenten (S) einen Radius-Server (RS) aufweisen.8. HMI system according to one of the preceding claims, wherein the automation components (S) have a radius server (RS).
9. HMI System nach Anspruch 1 , wobei die Auto atisierungs- komponenten (S) einen Radius-Server (RS) aufweisen, welcher an den Feldbus (FB) angeschlossen ist. 9. HMI system according to claim 1, wherein the automation components (S) have a radius server (RS) which is connected to the fieldbus (FB).
EP04763569A 2003-08-29 2004-07-28 Hmi system for operating and monitoring a technical installation by means of a mobile operating and monitoring device and secure data transmission Withdrawn EP1658539A2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE20313562U DE20313562U1 (en) 2003-08-29 2003-08-29 HMI system for operating and monitoring a technical system with a mobile operator control and monitoring device and secure data transmission
PCT/EP2004/008456 WO2005029810A2 (en) 2003-08-29 2004-07-28 Hmi system for operating and monitoring a technical installation by means of a mobile operating and monitoring device and secure data transmission

Publications (1)

Publication Number Publication Date
EP1658539A2 true EP1658539A2 (en) 2006-05-24

Family

ID=29432963

Family Applications (1)

Application Number Title Priority Date Filing Date
EP04763569A Withdrawn EP1658539A2 (en) 2003-08-29 2004-07-28 Hmi system for operating and monitoring a technical installation by means of a mobile operating and monitoring device and secure data transmission

Country Status (4)

Country Link
US (1) US20060212557A1 (en)
EP (1) EP1658539A2 (en)
DE (1) DE20313562U1 (en)
WO (1) WO2005029810A2 (en)

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102004007229A1 (en) * 2004-02-13 2005-09-08 Siemens Ag Configuration procedure for an automation system
DE102004051308A1 (en) * 2004-10-21 2006-05-04 Giesecke & Devrient Gmbh Mobile station secured against attacks from insecure networks
US8285326B2 (en) 2005-12-30 2012-10-09 Honeywell International Inc. Multiprotocol wireless communication backbone
EP2614415B1 (en) 2010-09-10 2017-08-30 Gleason Metrology Systems Corporation Remote operator pendant for a metrology machine tool
DE102013216347A1 (en) 2013-08-19 2015-02-19 Robert Bosch Gmbh Operating device and method for controlling at least one machine
US10680886B1 (en) 2014-08-29 2020-06-09 Schneider Electric Systems Usa, Inc. Remote wireless sensors and systems including remote wireless sensors
EP3847548A4 (en) * 2018-09-10 2022-06-01 AVEVA Software, LLC Edge hmi module server system and method
CN113169861A (en) 2018-12-06 2021-07-23 施耐德电子系统美国股份有限公司 One-time pad encryption for industrial wireless instruments
US11184420B2 (en) 2020-01-06 2021-11-23 Tencent America LLC Methods and apparatuses for dynamic adaptive streaming over HTTP

Family Cites Families (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5909368A (en) * 1996-04-12 1999-06-01 Fisher-Rosemount Systems, Inc. Process control system using a process control strategy distributed among multiple control elements
US6282454B1 (en) * 1997-09-10 2001-08-28 Schneider Automation Inc. Web interface to a programmable controller
US6574661B1 (en) * 1997-09-26 2003-06-03 Mci Communications Corporation Integrated proxy interface for web based telecommunication toll-free network management using a network manager for downloading a call routing tree to client
DE19904331C1 (en) * 1999-01-28 2000-08-03 Siemens Ag System and method for transmitting data, in particular data for operating and monitoring an automation system, via the Internet with an asymmetrical Internet connection
US6788980B1 (en) * 1999-06-11 2004-09-07 Invensys Systems, Inc. Methods and apparatus for control using control devices that provide a virtual machine environment and that communicate via an IP network
DE10000609B4 (en) * 2000-01-10 2006-04-13 Gira Giersiepen Gmbh & Co. Kg Interface device for a data connection between an electrical installation system and a Komminikationssystem and equipped therewith electrical installation system
US7814208B2 (en) * 2000-04-11 2010-10-12 Science Applications International Corporation System and method for projecting content beyond firewalls
DE10038552A1 (en) * 2000-08-03 2002-02-28 Siemens Ag System and method for the transmission of OPC data via data networks, in particular the Internet, with an asynchronous data connection
AU2002223813A1 (en) * 2000-11-17 2002-05-27 Ipwireless, Inc. Use of internet web technology for wireless internet access
EP1249747A1 (en) * 2001-04-09 2002-10-16 Patria Ailon Control system and method for controlling processes
US7089586B2 (en) * 2001-05-02 2006-08-08 Ipr Licensing, Inc. Firewall protection for wireless users
EP1298506A1 (en) * 2001-09-27 2003-04-02 Siemens Aktiengesellschaft Dynamic access to automation resources

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
None *

Also Published As

Publication number Publication date
WO2005029810A2 (en) 2005-03-31
WO2005029810A3 (en) 2005-06-16
US20060212557A1 (en) 2006-09-21
DE20313562U1 (en) 2003-11-06

Similar Documents

Publication Publication Date Title
EP1325458B1 (en) System and method for the central control of devices used during an operation
DE102007045729B4 (en) System and method of communication between two process controls within a process control system
DE10038552A1 (en) System and method for the transmission of OPC data via data networks, in particular the Internet, with an asynchronous data connection
WO2004114621A1 (en) Method for the secure transmission of data via a field bus
WO2006111376A1 (en) Device for secure remote access
CH702454B1 (en) Arrangement with a superordinate control unit and at least one connected with the control unit intelligent field device.
WO2007128836A1 (en) Operator panel for exchanging data with a field device in an automation system
WO2005029810A2 (en) Hmi system for operating and monitoring a technical installation by means of a mobile operating and monitoring device and secure data transmission
EP2506100A2 (en) Interface module for a modular control device
WO2008064381A2 (en) Method for the operation of a wireless communication link between a mobile manual operator device and a machine controller, and corresponding system components
WO2005036492A1 (en) Hmi system with a mobile control and monitoring device for security-relevant operations in a technical system
DE10038557B4 (en) System and method for the transmission of data over data networks, in particular the Internet, with asynchronous data connection
WO2011076184A1 (en) Communication device and method for monitoring and controlling security systems
EP3122016A1 (en) Automation network and method of surveillance for security of the transmission of data packets
EP3056953A1 (en) Self-contained field device used in automation technology for remote monitoring
WO2003026338A1 (en) Method for remotely diagnosing process flows in systems
DE102005007477B4 (en) Programmable control for machine and / or plant automation with standard control and safety functions and communication with a safety I / O and method for operating the programmable controller
WO2004055610A1 (en) System and method for monitoring technical installations and objects
DE10038562B4 (en) System and method for transmitting data over data networks with data conversion by a COM car sounder
DE102015116401A1 (en) System, in particular augmented reality system, for operation and / or maintenance of a technical system
WO2023111142A1 (en) It architecture for blood treatment systems
DE10304649A1 (en) HMI device with a computer user station with an interface for the transmission of communication data
DE102004033624A1 (en) Security module for network, has interfaces for connection to superordinate and subordinate networks, respectively, and third interface connected to separate network node and with former two interfaces through respective firewalls
DE102017216668A1 (en) Method and arrangement for communication with at least one field device of a technical installation
EP1260951A2 (en) Mobile control- and/or observation device with field bus connection, especially for industrial processes

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20060227

AK Designated contracting states

Kind code of ref document: A2

Designated state(s): DE FR GB IT

DAX Request for extension of the european patent (deleted)
RBV Designated contracting states (corrected)

Designated state(s): DE FR GB IT

17Q First examination report despatched

Effective date: 20070209

RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: SIEMENS AKTIENGESELLSCHAFT

RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: SIEMENS AKTIENGESELLSCHAFT

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20150203