US20110230991A1 - Systems and methods for queuing an action in industrial automation systems - Google Patents

Systems and methods for queuing an action in industrial automation systems Download PDF

Info

Publication number
US20110230991A1
US20110230991A1 US13116581 US201113116581A US2011230991A1 US 20110230991 A1 US20110230991 A1 US 20110230991A1 US 13116581 US13116581 US 13116581 US 201113116581 A US201113116581 A US 201113116581A US 2011230991 A1 US2011230991 A1 US 2011230991A1
Authority
US
Grant status
Application
Patent type
Prior art keywords
signature
system
command
electronic signature
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US13116581
Inventor
Clark L. Case
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Rockwell Automation Technologies Inc
Original Assignee
Rockwell Automation Technologies Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3231Biological data, e.g. fingerprint, voice or retina
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Abstract

The subject invention relates to a system and methodology facilitating automated manufacturing processes in a regulated industrial controller environment, wherein operator commands are tied to one or more signature requirements before the requested commands take effect in a batch system. In one aspect, a system is provided for signature processing in an industrial control environment. The system includes a queuing component to hold a pending request for an action. A signature component then determines when an electronic signature is completed for the action, wherein a batch processor executes the action from the queuing component after the electronic signature is completed. A policy component can be provided to define one or more conditions for completing the electronic signature.

Description

    PRIORITY CLAIM
  • This application claims priority to U.S. patent application Ser. No. 10/953,944, filed on Sep. 29, 2004, entitled “SYSTEMS AND METHODS FOR QUEUING AN ACTION IN INDUSTRIAL AUTOMATION SYSTEMS.” The entirety of the aforementioned application is incorporated by reference herein
  • TECHNICAL FIELD
  • The subject invention relates generally to industrial control systems, and more particularly to a system and methodology that enables industrial automation equipment to be regulated according to applicable standards via the employment of electronic signatures, wherein operator actions requiring signature verification are queued pending outcome of a completed signature or cancellation thereof.
  • BACKGROUND OF THE INVENTION
  • Industrial controllers are special-purpose computers utilized for controlling industrial processes, manufacturing equipment, and other factory automation, such as data collection or networked systems. Controllers often work in concert with other computer systems to form an environment whereby a majority of modern and automated manufacturing operations occur. These operations involve front-end processing of materials such as steel production to more intricate manufacturing processes such as automobile production that involves assembly of previously processed materials. Often such as in the case of automobiles, complex assemblies can be manufactured with high technology robotics assisting the industrial control process.
  • In many automated processes, including the basic production of commodities such as food, beverages, and pharmaceuticals, complex state logic is often designed and programmed by Systems Engineers or provided in some cases by automated equipment manufacturers. This logic is often programmed with common PLC ladder logic or higher level languages supported by Sequential Function Charts. Sequence logic can be employed for a plurality of tasks such as material movement and conveying operations, packaging operations, or as part of an assembly process itself, wherein various stages of an assembly are sequenced from stage to stage until a final assembly occurs. As can be appreciated, much planning and design is required to implement an automated production process that can involve hundreds of machines, computers, and program logic to facilitate proper operation of the respective sequences.
  • In modern systems, many layers of regulation are now being imposed on automated industries to ensure compliance to applicable standards. To document that these requirements are being adhered to, often one or more signatures are required which in some systems may be more than merely signing a journal record or document but, in increasing circumstances these procedures have become electronic. For instance, if a customer in an FDA regulated industry desires to use electronic signatures in place of handwritten signatures, they must do so in accordance with 21 CFR Part 11. In some existing systems, electronic signatures are only offered in association with report parameter verification in procedural phases, verification of procedural steps, and confirmation of batch and phase commands. However, these signatures may be lacking several key features required under 21 CFR Part 11. For example, the meanings of the signatures are not presented to the signers nor recorded, and in some electronic event journals it may be difficult or impossible to determine if an electronic signature was properly obtained or not.
  • Some of the notable aspects of 21 CFR Part 11 include:
  • (a) Signed electronic records shall contain information associated with the signing that clearly indicates all of the following:
      • (1) The printed name of the signer;
      • (2) The date and time when the signature was executed; and
      • (3) The meaning (such as review, approval, responsibility, or authorship) associated with the signature.
  • (b) The items identified in paragraphs (a)(1), (a)(2), and (a)(3) of this section shall be subject to the same controls as for electronic records and shall be included as part of any human readable form of the electronic record (such as electronic display or printout).
  • In addition to the components mentioned above, customer requirements include the ability to specify one or two signers for each signature, to specify security requirements for each signer, and to specify a comment requirement for each signer.
  • Journaling requirements are further described in the following 21 CFR Part 11 excerpt:
  • “Electronic signatures and handwritten signatures executed to electronic records shall be linked to their respective electronic records to ensure that the signatures cannot be excised, copied, or otherwise transferred to falsify and electronic record by ordinary means.”
  • In view of the above, many modern industrial automation systems are not equipped to process, record, and document required signature activities. For instance, in a typical factory setting, process steps and operator actions requiring possible signature authentication are highly distributed throughout various locations in the factories. Attempting to manage such activities from various locations can be a challenge even for the most sophisticated of automation systems. Moreover, current systems that may utilize some form of electronic process validation do not predicate such validation on the actual verification of a signature before continuing further system processing.
  • SUMMARY OF THE INVENTION
  • The following presents a simplified summary of the invention in order to provide a basic understanding of some aspects of the invention. This summary is not an extensive overview of the invention. It is intended to neither identify key or critical elements of the invention nor delineate the scope of the invention. Its sole purpose is to present some concepts of the invention in a simplified form as a prelude to the more detailed description that is presented later.
  • The subject invention relates to a system and methodology to automatically manage and control electronic signature activities in accordance with a distributed industrial control system. In one aspect, various operator actions such as commands to change operations within a batch processing system are conditioned upon electronic signature events (e.g., receiving and validating signature data from a user). Various conditions can be prescribed by a policy component that tag differing operator actions as requiring a completed electronic signature before the requested action takes place. A queuing component holds pending action requests from the batch processing system until the signature is completed or cancelled by an operator. Multi-operator conditions can also be specified, wherein signature data is supplied by two or more operators before a pending action held in the queuing component can be further processed or executed by the batch processing system.
  • In one example, if a user issues a command (e.g., START, STOP or HOLD) to a batch and that command has been configured to require a signature, the batch processing system queues the command and generates a signature (e.g., dialog interface to retrieve signature data from the user). The signature can then be completed or cancelled. If the signature is completed such as receiving a valid username and password form the user, the batch processing system executes the command, and if the signature is cancelled, the batch processing system removes the command from the queue and performs other processing. In addition to techniques such as password data being supplied to complete signature requirements, the subject invention can also employ various biometric technologies to complete the signatures and enable subsequent execution of requested actions.
  • The following description and the annexed drawings set forth in detail certain illustrative aspects of the invention. These aspects are indicative, however, of but a few of the various ways in which the principles of the invention may be employed and the present invention is intended to include all such aspects and their equivalents. Other advantages and novel features of the invention will become apparent from the following detailed description of the invention when considered in conjunction with the drawings.
  • BRIEF DESCRIPTION OF THE DRAWINGS
  • FIG. 1 is a schematic block diagram that illustrates a queuing architecture for signature processing in accordance with an aspect of the subject invention.
  • FIG. 2 illustrates a batch system for signature processing in accordance with an aspect of the subject invention.
  • FIG. 3 illustrates a policy component for signature in accordance with an aspect of the subject invention.
  • FIGS. 4 and 5 illustrate example signature processes in accordance with an aspect of the subject invention.
  • FIGS. 6 and 7 illustrate example user interfaces for signature processing in accordance with an aspect of the subject invention.
  • FIG. 8 illustrates biometric applications for generating signature data in accordance with an aspect of the subject invention.
  • DETAILED DESCRIPTION OF THE INVENTION
  • The subject invention relates to a system and methodology facilitating automated manufacturing processes in a regulated industrial controller environment, wherein operator commands are tied to one or more signature requirements before the requested commands take effect in a batch system. In one aspect, a system is provided for signature processing in an industrial control environment. The system includes a queuing component to hold a pending request for an action. A signature component then determines when an electronic signature is completed for the action, wherein a batch processor executes the action from the queuing component after the electronic signature is completed. A policy component can be provided to define one or more conditions for completing the electronic signature. Signature completion can include receiving data from distributed interfaces including typed or spoken names and security information such as passwords. Other forms of signature data can be communicated from one or more biometric devices that generate such data based on unique characteristics of users.
  • It is noted that as used in this application, terms such as “component,” “queue,” “object, ” “class,” and the like are intended to refer to a computer-related entity, either hardware, a combination of hardware and software, software, or software in execution as applied to an automation system for industrial control. For example, a component may be, but is not limited to being, a process running on a processor, a processor, an object, an executable, a thread of execution, a program and a computer. By way of illustration, both an application running on a server and the server can be components. One or more components may reside within a process and/or thread of execution and a component may be localized on one computer and/or distributed between two or more computers (e.g., via data packets and signals between the computers), industrial controllers, and/or modules communicating therewith.
  • Referring initially to FIG. 1, a system 100 illustrates a queuing architecture for electronic signature processing in accordance with an aspect of the subject invention. A queuing component 110 receives one or more actions 120 from remote system interfaces interacting with a batch processor 130 (or from process steps associated with the batch processor). The actions 120 include commands for change within the batch processor 130 such as start, stop, hold, abort, pause, and so forth which are described in more detail below. Other actions 120 include requests for process changes such as a change to a variable. A policy component 140 maps respective actions to a signature requirement. Thus, if an action 120 such as an abort command is tagged as requiring a signature by the policy component 140, the queuing component 110 will hold the requested action 120 or command until a signature component 150 receives a valid signature (or signatures) from the interfaces that issued the action. Signature requests can be generated via the signature component 150 by operator commands, automated phase logic uploading values outside of defined ranges, operators entering values outside of defined ranges, or with respect to other automated requirements of an automated process. After signatures are generated, they are managed centrally via the signature components 150, with distributed client applications interacting with the signature components as described below with respect to FIG. 2.
  • In general, the signature component 150 determines when a signature event or requirement is to be executed and then proceeds to automatically verify whether or not the requirement for signature has been met. Thus, the policy component 140 determines what type of actions 120 require signatures and the signature component executes a signature verification procedure for the actions tagged as requiring such signatures. Other features of the policy component 140 include the ability to link multiple signature requirements to an action 120. For instance, a command such as “Stop” could be configured to require three signatures by the policy component 140. Thus, when the “Stop” command is initiated by an operator, the command would be queued by the queuing component 110 until all three signatures were executed. As will be described in more detail below with respect to FIG. 3, various logical expressions can be formed for multiple signature conditions determine whether or not all or a subset of the multiple signatures are required before the action 120 can be executed.
  • A signature and its component parts can be configurable for any operator interaction with a running batch, however, signatures initiated by a process-connected device can not be canceled, whereas signatures initiated by an operator interaction can be canceled. In one aspect, signatures can be considered transactions—note that until the transactions are completed the actions they correlate to are not performed. Thus, signatures can be held active until they are completed, or, in some cases, canceled. Interactions with signatures, successful or not, are journaled (i.e., written to the batch record). Also, if a signature requires multiple signoffs, each signoff can be completed on different workstations. Before proceeding with a discussion of FIG. 2, the following definitions may be employed:
  • Electronic Signature
  • An electronic representation of a signature, including associated data. Can include one or more signoffs. Associated data includes meanings for the signoffs, comments, security requirements, and timestamps.
  • Signoff
  • A component of an electronic signature in which a user enters his username and password and optionally a comment. An electronic signature can require one or two signoffs or more.
  • Signoff Meaning
  • A short phrase describing the meaning attached to a given signoff. For example, “Done By” or “Checked By”.
  • Signature List
  • A list of pending signatures and their related commands, report parameters, etc. maintained on a Batch Server or processor.
  • Signature List UI
  • User interface for accessing signatures.
  • Signature Template
  • A collection of data to define a signature—number of signoffs, signoff meanings, signoff security requirements, and signoff comment requirements. Signature templates can be defined centrally, and can be referred to when defining signature requirements.
  • Cancel a Signature
  • When a user cancels a signature, this signals the batch system that the signature will not be completed. The Batch system will then let the originator of the signature know that it has been canceled so that it may take appropriate actions. Likely reasons for canceling a signature include incorrect data associated with the signature and the user desiring to prevent a command associated with a signature to complete.
  • Referring now to FIG. 2, a system 200 illustrates signature processing via a batch server in accordance with an aspect of the subject invention. The system 200 includes a batch server 210 for processing recipes or programs that are employed to manufacture a plurality of differing products in an automated industrial environment. The server 210 generally operates with one or more control systems 220 via network connections 230 (wireless and/or wired) to the server 210. Such network connections can include local factory networks such as ControlNet, DeviceNet or Ethernet and can include communications to remote systems such as over the Internet, for example. The control systems 220 can include programmable logic controllers, I/O modules, communications modules and so forth. In order to facilitate signature processing, one or more distributable signature components 240 are migrated to various locations across the factory. These components can include signature templates, Application Programming Interfaces (APIs), Schemas, and so forth that drive respective user interface components 250 to interact with various users or operators associated with the control systems 220 and/or batch server 210. The user interface 250 interacts with operators to control a process and mange signatures in accordance with the subject invention.
  • At 260, one or more operator actions can be input that may affect operations of the system 200. For instance, an operator may request to change a parameter or system variable. This request is fed back to the server 210, wherein a signature and verification component 270 determines whether or not the changed parameter requires signature verification for such request. These determinations are described can include policy or rule determinations and/or limit testing on the changed value. If the parameter change requires a signature, the batch server 210 initiates a signature verification procedure, wherein the operator (or operators) is required perform one or more signature requirements 280 at the user interface 250. These requirements 280 can include such procedures as entering a user name and password, for example. After entering the signature data, the data is transferred to the server where the data is verified by the signature and verification component 270. When the data has been verified, automated processes occur such updating a regulation record with the operator's electronic signature. After verification, the actual parameter change can be initiated on the batch server 210 and/or control system 220. At 290, one or more automated signature events (non-operator initiated) can occur such as an event that is detected during a recipe phase or step that requires signature verification and validation before proceeding with other phases or steps. Upon triggering of the automated event 290, the user can be directed to complete a signature requirement at 280 via the user interface 250.
  • Referring to FIG. 3, a policy component 300 for signature processing is illustrated in accordance with an aspect of the subject invention. The policy component 300 links signature requirements to respective commands such as start, stop, hold, abort, and so forth. Also, signature requirements can be linked to process variables or parameters such that if an operator attempts to change the parameter a request for signature can be generated. Other non-operator actions can also be configured such as process phases or steps that trigger a signature requirement. A selection component 310 (e.g., user interface) is employed to enable users to set which conditions an actions will trigger a signature to be generated. For instance, a start command may be selected to cause a signature to be generated whenever an operator issues a start command. A pause command in contrast and depending on the application may have no such requirement for signature and is thus not configured to generate a signature by the selection component 310.
  • Other conditions 320 that can be mapped relate to the requirement for an action or command to have multiple signatures before the signature can be completed. Thus, in a multiple signature configuration, a command such as hold could be configured to require two signoffs before the command can be removed from an associated queue and executed by a batch server. After the conditions and actions 320 have been identified as requiring a signature, one or more action/condition tags 330 are set representing the type of actions and respective joint signature requirements. Upon execution of any of these actions having a corresponding tag, the action will be queued, a signature requirement generated, and subsequently executed if the signature requirements are met. It is to be appreciated that the conditional requirements for multiple signatures can be set according to various logical expressions. For instance, a command having a multiple signature requirement can be configured in a logical AND arrangement to only be executed unless all parties to the signature requirement complete the signature. Another arrangement can be set in a logical OR arrangement whereby if any one of the parties configured for the signature signoff, the associated command or parameter change can then be executed. As can be appreciated, other logical expressions are also possible. Furthermore, hierarchical groupings 340 of expressions are possible. This could include complex expressions such as “Command 1 only requires a signature if Command 1 proceeds Command X.”
  • FIGS. 4 and 5 illustrate example processes 400 and 500 for signature processing in accordance with an aspect of the subject invention. While, for purposes of simplicity of explanation, the methodology is shown and described as a series of acts, it is to be understood and appreciated that the present invention is not limited by the order of acts, as some acts may, in accordance with the present invention, occur in different orders and/or concurrently with other acts from that shown and described herein. For example, those skilled in the art will understand and appreciate that a methodology could alternatively be represented as a series of interrelated states or events, such as in a state diagram. Moreover, not all illustrated acts may be required to implement a methodology in accordance with the invention.
  • Referring to FIG. 4, a process 400 illustrates generalized signal and condition processing in accordance with an aspect of the subject invention. Proceeding to 410, one or more actions are defined that may need signature verification. These can include specific parameters or variables, various system commands, and/or system processes such as a phase triggered events that can lead to a request for signature being directed to the operator. At 420, one or more signature conditions are defined. This can include policies that are configured to tag a particular command or variable as needing a signature. Also, conditions can be set whereby more than one signature is required for a given command or parameter. At 430, system processes are monitored for respective commands (e.g., execute batch operations). At 440, a determination is made as to whether or not any signatures have completed from pending signature requests stored in the queue. If not, the process adds any new pending actions to the queue and proceeds back to 430. If a signature has completed or canceled at 440, the signature request relating to the pending action in the queue is cleared from the queue at 460 and executed if not previously canceled. The process then proceeds back to 430.
  • Turning to FIG. 5, a process 500 illustrates signature generation and verification in response to a command or parameter change in accordance with an aspect of the present invention. The process 500 describes signatures and related processing that result from an operator entering a command such as stop start or hold that has been previously been configured to require signature verification. Also, the process 500 applies if the operator attempts to change a system parameter or variable that has been tagged as requiring signature verification. Proceeding to 512, a user attempts a batch command or changes a recipe parameter value. At 514, if the command or parameter change does not require signatures, the process proceeds to 516 to execute the command or implement the parameter change. If a command or parameter change requires a signature at 514, the process proceeds to 518, where the command or parameter change is queued and a signature verification procedure is initiated. At 524, a user enters sign-off data for the verification. At 528, a determination is made as to whether or not a user desires to cancel the verification. If so, the process proceeds to 532 where the signature cancellation is logged, an error is returned, and the command or parameter change request is removed from the queue.
  • Proceeding back to the determination at 528, and if the user does not cancel the previously queued command or parameter request, the process proceeds to verify a sign-off for a first user at 538. At 542, a determination is made as to whether or not the verification succeeded. If not, the process logs a verification failure at 544 and proceeds back to receive new sign-off data. If the verification is a success at 542, the process proceeds to 548 to log that a successful sign-off has occurred. At 550, a determination is made as to whether one or more sign-offs is required. If not, the process proceeds to 552 and clears the request for the signature. If another sign-off is required, the process proceeds to the acts represented at 554 to request signature verification from a subsequent user. These acts are similar to the acts represented at 524, 528, 538, 542, 548, and 548. As can be appreciated, sign-offs for a given signature requirement can occur with more than two users or other logical groupings of signatures as described above. After execution of the clear signature request at 552 the process ends at 516.
  • Before proceeding with a discussion of FIGS. 6 and 7, it is noted that example user interfaces are shown that can include various display and input capabilities. Thus, the user interface can be implemented as a Graphical User Interface (GUI) or interface application to interact with the systems previously described. This can include substantially any type of application that sends, retrieves, processes, and/or manipulates the various signature data and processes described herein. For example, such user interfaces can also be associated with an engine, controller, batch processor, web service, web site, and web browser although other type applications can be utilized. For example, depending on the detected recipe phase, the user interface may be converted from a normal operating interface to a guided sequence of instructions. This may be especially beneficial when all or portions of the recipe have changed and/or new procedures are to be installed. It is also noted that the user interface can be adapted to direct the operator to remote locations for respective information. For example, the interfaces can include hyperlinks for directing the operator to a remote web site, wherein further instructions are provided (e.g., mouse click at user interface automatically brings up web site).
  • The user interface can also include a display having one or more display objects including such aspects as configurable icons, buttons, sliders, input boxes, selection options, menus, tabs and so forth having multiple configurable dimensions, shapes, colors, text, data and sounds to facilitate operations with the systems and processes described herein. In addition, the user interface can also include a plurality of other inputs or controls for adjusting and configuring one or more aspects of the subject invention. This can include receiving user commands from a mouse, keyboard, speech input, web site, remote web service and/or other device such as a camera or video input, biometric device to affect or modify operations of the user interface.
  • Turning to FIG. 6, an interface 600 illustrates an example policy configuration in accordance with an aspect of the subject invention. Batch and phase command verification policies can be configured as part of an area model that describes class objects that relate to actual equipment for executing a batch. For each command, the user selects whether or not a signature is required for that particular command, and if so, which signature template is required. In this aspect, the interface 600 enables users to select commands that tag (e.g., select check-box) whether or not a particular command requires a signature. If a command is selected, when the respective command is executed by the batch server, the command will be queued by the batch server and a signature verification using the selected signature template will be performed with the user. After the verification is completed or the command canceled, the command will be removed from the queue with the batch server then executing the command if not previously canceled. As noted above, signature policies can also include associating a signature requirement with parameter changes, variable changes, program changes, process changes and so forth that affect how the system performs. Other actions or commands depicted on the interface 600 include commands such as start, hold, restart, abort, stop, reset, manual, pause, resume, acknowledge, and disconnect, for example. Still yet other commands include auto, download, semi-auto, add batch, remove batch, step change, clear failures, acquire, release, and bind, for example.
  • FIG. 7 is an example interface 700 illustrating a signature completion dialog in accordance with an aspect of the subject invention. When a batch or phase command is attempted that requires a signature, that command can be put into a pending state via the queue described above, and a signature will be placed on a signature list. In addition, a dialog will such as shown in the interface 700 will be presented to the operator to complete the signature. The interface 700 shows a batch for which a Hold has been requested. In this case, a Hold command has been configured to require a single signature, wherein the dialog includes inputs to enter a user ID, a password and comment, if desired at 710 to complete the signature request issued from the batch server in response to the aforementioned Hold command.
  • FIG. 8 illustrates example biometric applications 800 for completing signatures in accordance with an aspect of the subject invention. Biometric authentication devices and applications 800 can be employed to collect signature data in order to validate users' identities based on unique biological characteristics such as voice, fingerprint, or facial characteristics, for example. In one aspect, a fingerprint recognition system 810 can be utilized to gather signature data to be subsequently used for validation purposes at the batch system. These systems can include Integrated Circuit IC-based devices to measure skin capacitance in order to develop an image of a fingerprint's various characteristics. For instance, some fingerprint sensors utilize solid-state capacitance sensing to collect fingerprint data. When a user places a finger on the IC sensor, the finger acts as one of the plates of a capacitor. The other plate, on the surface of the sensor, is a silicon chip that includes a plurality of capacitor plates. The capacitor sensing plates create an image of the finger's ridges and valleys. This information is then converted to a video signal, which is fed to an algorithm that creates a template of the image. The template-not the image of the print itself-verifies the user on subsequent logins. In some systems, IC-based fingerprint readers include a rectangular fingerprint-detection surface called the sensor matrix. This is an active antennae array of more than sixteen thousand elements that are protected by a scratch- and impact-resistant transparent coating. The sensor matrix is surrounded by an annular drive ring, which transmits a small signal that the individual antennae elements can detect.
  • Software can be provided, which operates in conjunction with associated hardware devices, analyzes below the outer layer of the skin (the epidermis) to the living layer below where the unique ridge and valley patterns of the fingerprint originate. When a user places a finger on the chip's detection surface, the drive ring couples a small signal onto the finger's living sub-dermal layer. This signal creates a digital pattern that reflects the fingerprint's unique underlying structure. Using “under-pixel” amplifiers and other signal conditioners, these systems can manage and combine the output of thousands of individual sensor elements to form an accurate, undistorted image of the fingerprint. The image is then rendered into a template, which is used for future verification.
  • In some cases, biometric applications 800 can be combined with smart cards and card keys. For example, some systems have integrated a fingerprint reader onto an ID badge. The half-inch-thick badge communicates via infrared signals with a badge reader, similar to access-control cards used in many organizations to open doors. Users may be required to first enroll their fingerprint in the system, creating a template of their print that's stored on the card. In other systems, the template of the user's fingerprint is stored in memory on the card during the enrollment process, which matches the template to the user's private encryption key. Then, when the user puts the smart card into the reader and touches a finger to its sensor, the key authenticates the user.
  • At 820, hand recognition systems can be employed. Hand-geometric scanners are ideal for highly secure, high-traffic environments, including server rooms. These systems are accurate, with low False Rejection Rates (FRRs)—that is, incidences of turning away valid users. Low FRRs are important for several reasons, most notably to reduce user frustration and discomfort with the biometric device. Hand-geometry readers take a three-dimensional picture of the hand, measuring characteristics such as finger length, thickness, and hand surface area. In all, some systems take more than 90 measurements, which are then converted into a data template for later comparison. The template can be stored locally, on individual hand scanners, or in a central database.
  • At 830, face recognition applications can be employed to gather signature data. Face-scanning technology is well suited for a number of applications in which other biometric technologies are unusable. This technology uses distinctive features or characteristics of the human face—such as eyes, nose, and lips—to verify an individual's identity. Many of these systems employ mathematical algorithms to help identify users.
  • One advantage of facial scanning is that it can be used in conjunction with the types of cameras shipped standard with personal computer (PCs).
  • At 840, voice recognition can be employed to generate signature data. Voice-systems benefit from economic factors similar to those of face-recognition systems. These systems can be used with equipment (microphones, for example) that is standard with many PCs, so they benefit from a low cost of ownership. Voice-authentication systems are more apt to be integrated into telephony applications than used for network logons. Voice-authentication systems typically work together with voice-recognition. That is, the authentication system first recognized the context of the words spoken, then authenticate the individual. During enrollment and a subsequent identification process, voice-authentication systems make use of “features of the voice that are unique to each individual,” such as pitch, tone, and frequency.
  • At 850, retinal recognition can also be employed as a biometric application of the subject invention. The human retina generally offers the “most unique biometric pattern. Not even identical twins have the same blood vessel pattern at the back of the eye.
  • Some systems employ retina-scanning technology that reflects an infrared beam of light on the blood vessels on the retina, collecting views from several different angles. As with other biometric devices, the information collected is parsed with various algorithms to produce a data template that uniquely identifies the respective person.
  • What have been described above are preferred aspects of the subject invention. It is, of course, not possible to describe every conceivable combination of components or methodologies for purposes of describing the present invention, but one of ordinary skill in the art will recognize that many further combinations and permutations of the present invention are possible. Accordingly, the present invention is intended to embrace all such alterations, modifications and variations that fall within the spirit and scope of the appended claims.

Claims (20)

  1. 1. A system that facilitates regulation of an automated manufacturing process, comprising:
    a batch server configured to process a program, comprising a command, to facilitate execution of the automated manufacturing process;
    a signature component configured to identify that the command is associated with a request for an electronic signature; and
    a queuing component configured to prohibit execution of the command until the electronic signature is received.
  2. 2. The system of claim 1, wherein the request includes reception of at least one of a username, a password, or a comment via a user interface.
  3. 3. The system of claim 1, wherein the batch server is further configured to send the request for the electronic signature via a user interface.
  4. 4. The system of claim 1, further comprising, a verification component configured to authenticate the electronic signature received via a user interface, wherein the batch server is configured to facilitate execution of the command in response to a successful authentication of the electronic signature.
  5. 5. The system of claim 4, wherein the batch server is further configured to operate with one or more control systems and execute the command via the one or more control systems, in response to the successful authentication of the electronic signature.
  6. 6. The system of claim 1, wherein the signature component is further configured to identify that the command is associated with the request based on a predefined rule.
  7. 7. The system of claim 1, wherein the signature component is further configured to identify that the command is associated with the request based on a limit test of a parameter value, which is changed by execution of the command.
  8. 8. The system of claim 1, wherein the request includes reception of at least two electronic signatures from disparate users.
  9. 9. The system of claim 1, further comprising, one or more distributable signature components, residing at different locations and coupled to the batch server, that are configured to at least one of define, manage, modify, or delete the electronic signature by utilization of at least one of a signature template, an application programming interface (API), or a schema.
  10. 10. The system of claim 1, wherein the command is initiated by at least one of a user or an automated event.
  11. 11. The system of claim 1, wherein the queuing component comprises a queue that is configured to store the command until the electronic signature is received and verified.
  12. 12. A method to facilitate regulation of an automated manufacturing process, comprising:
    displaying, via a graphical user interface, a list of one or more actions relating to the automated manufacturing process;
    receiving a first input, via the graphical user interface, for selecting a set of the one or more actions for which an electronic signature is to be requested before processing;
    receiving a second input, via the graphical user interface, for specifying data associated with the electronic signature associated with one of the set of the one or more actions; and
    queuing a request for the one of the set of the one or more actions at run-time, pending receipt and verification of the data.
  13. 13. The method of claim 12, further comprising, defining one or more conditions that trigger a query for the data in response to receiving the one of the set of the one or more actions at a batch processor.
  14. 14. The method of claim 13, further comprising, receiving the data in response to the query.
  15. 15. The method of claim 14, further comprising:
    verifying the data; and
    executing the one of the set of the one or more actions in response to the verifying being successful.
  16. 16. The method of claim 15, further comprising logging a result of the verifying.
  17. 17. The method of claim 14, wherein the receiving includes receiving at least one of a phrase indicative of a meaning of an electronic signature.
  18. 18. A computer readable storage medium comprising computer-executable instructions that, in response to execution by an industrial automation system, cause the industrial automation system to perform operations, comprising:
    identifying, within a program being processed by a batch processor, an action that requests verification of an electronic signature associated with the action, prior to execution;
    retrieving and verifying data, associated with the electronic signature, that is predefined by a user; and
    prohibiting execution of the action until the verifying is determined to be successful.
  19. 19. The computer readable storage medium of claim 18, the operations further comprising, displaying a signature completion dialog window that enables input of the data.
  20. 20. The computer readable storage medium of claim 19, wherein the verifying includes performing biometric authentication.
US13116581 2004-09-29 2011-05-26 Systems and methods for queuing an action in industrial automation systems Abandoned US20110230991A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
US10953944 US7979706B1 (en) 2004-09-29 2004-09-29 Systems and methods for queuing an action in industrial automation systems
US13116581 US20110230991A1 (en) 2004-09-29 2011-05-26 Systems and methods for queuing an action in industrial automation systems

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US13116581 US20110230991A1 (en) 2004-09-29 2011-05-26 Systems and methods for queuing an action in industrial automation systems

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
US10953944 Continuation US7979706B1 (en) 2004-09-29 2004-09-29 Systems and methods for queuing an action in industrial automation systems

Publications (1)

Publication Number Publication Date
US20110230991A1 true true US20110230991A1 (en) 2011-09-22

Family

ID=44245658

Family Applications (2)

Application Number Title Priority Date Filing Date
US10953944 Active 2029-03-14 US7979706B1 (en) 2004-09-29 2004-09-29 Systems and methods for queuing an action in industrial automation systems
US13116581 Abandoned US20110230991A1 (en) 2004-09-29 2011-05-26 Systems and methods for queuing an action in industrial automation systems

Family Applications Before (1)

Application Number Title Priority Date Filing Date
US10953944 Active 2029-03-14 US7979706B1 (en) 2004-09-29 2004-09-29 Systems and methods for queuing an action in industrial automation systems

Country Status (1)

Country Link
US (2) US7979706B1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013052894A1 (en) * 2011-10-05 2013-04-11 Opteon Corporation Methods, apparatus, and systems for monitoring and/or controlling dynamic environments
US20150148916A1 (en) * 2013-11-22 2015-05-28 Schneider Electric Industries Sas Control device able to connect to a communication network linking a control interface and an equipment
US10037241B2 (en) 2015-10-22 2018-07-31 International Business Machines Corporation Category dependent pre-processor for batch commands

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090178126A1 (en) * 2008-01-03 2009-07-09 Sterling Du Systems and methods for providing user-friendly computer services
US20130331961A1 (en) * 2012-06-11 2013-12-12 General Electric Company Data exchange system providing flexible and robust handling of units of measure
DE102012218488A1 (en) * 2012-10-10 2014-06-12 Continental Automotive Gmbh Method and apparatus for operating an application of a vehicle
US20140236904A1 (en) * 2013-02-20 2014-08-21 Verizon Patent And Licensing Inc. Batch analysis

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5367624A (en) * 1993-06-11 1994-11-22 Consilium, Inc. Interface for controlling transactions in a manufacturing execution system
US5634130A (en) * 1993-09-20 1997-05-27 International Business Machines Corporation Method and apparatus for spurious interrupt detection in a data processing system
US20020183056A1 (en) * 2001-05-31 2002-12-05 Laurence Lundblade Safe application distribution and execution in a wireless environment
US6581020B1 (en) * 2000-10-10 2003-06-17 Velquest Corporation Process-linked data management system
US6675095B1 (en) * 2001-12-15 2004-01-06 Trimble Navigation, Ltd On-board apparatus for avoiding restricted air space in non-overriding mode
US20040093526A1 (en) * 2002-11-12 2004-05-13 Hirsch Thomas Steven Instrument access control system
US20040117624A1 (en) * 2002-10-21 2004-06-17 Brandt David D. System and methodology providing automation security analysis, validation, and learning in an industrial controller environment
US6935951B2 (en) * 2001-09-04 2005-08-30 Igt Electronic signature capability in a gaming machine
US7620807B1 (en) * 2004-02-11 2009-11-17 At&T Corp. Method and apparatus for automatically constructing application signatures

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040083184A1 (en) * 1999-04-19 2004-04-29 First Data Corporation Anonymous card transactions
EP1335306A3 (en) * 2002-02-08 2005-04-27 Matsushita Electric Industrial Co., Ltd. System for jointly transmitting hypertext content and a UI operation program
WO2007047846A3 (en) * 2005-10-18 2007-10-18 Intertrust Tech Corp Methods for digital rights management

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5367624A (en) * 1993-06-11 1994-11-22 Consilium, Inc. Interface for controlling transactions in a manufacturing execution system
US5634130A (en) * 1993-09-20 1997-05-27 International Business Machines Corporation Method and apparatus for spurious interrupt detection in a data processing system
US6581020B1 (en) * 2000-10-10 2003-06-17 Velquest Corporation Process-linked data management system
US6681198B2 (en) * 2000-10-10 2004-01-20 Velquest Corporation Unified data acquisition system
US20020183056A1 (en) * 2001-05-31 2002-12-05 Laurence Lundblade Safe application distribution and execution in a wireless environment
US6935951B2 (en) * 2001-09-04 2005-08-30 Igt Electronic signature capability in a gaming machine
US6675095B1 (en) * 2001-12-15 2004-01-06 Trimble Navigation, Ltd On-board apparatus for avoiding restricted air space in non-overriding mode
US20040117624A1 (en) * 2002-10-21 2004-06-17 Brandt David D. System and methodology providing automation security analysis, validation, and learning in an industrial controller environment
US20040093526A1 (en) * 2002-11-12 2004-05-13 Hirsch Thomas Steven Instrument access control system
US7620807B1 (en) * 2004-02-11 2009-11-17 At&T Corp. Method and apparatus for automatically constructing application signatures

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013052894A1 (en) * 2011-10-05 2013-04-11 Opteon Corporation Methods, apparatus, and systems for monitoring and/or controlling dynamic environments
US9459607B2 (en) 2011-10-05 2016-10-04 Opteon Corporation Methods, apparatus, and systems for monitoring and/or controlling dynamic environments
US9494926B2 (en) 2011-10-05 2016-11-15 Opteon Corporation Methods and apparatus employing an action engine for monitoring and/or controlling dynamic environments
US10101720B2 (en) 2011-10-05 2018-10-16 Opteon Corporation Methods, apparatus, and systems for monitoring and/or controlling dynamic environments
US20150148916A1 (en) * 2013-11-22 2015-05-28 Schneider Electric Industries Sas Control device able to connect to a communication network linking a control interface and an equipment
US10037241B2 (en) 2015-10-22 2018-07-31 International Business Machines Corporation Category dependent pre-processor for batch commands

Also Published As

Publication number Publication date Type
US7979706B1 (en) 2011-07-12 grant

Similar Documents

Publication Publication Date Title
Mansfield et al. Biometric product testing final report
US6341169B1 (en) System and method for evaluating a document and creating a record of the evaluation process and an associated transaction
US20010048025A1 (en) System and method of biometric smart card user authentication
US6687390B2 (en) System for and method of web signature recognition system based on object map
US20050074147A1 (en) Biometric system
US20130259330A1 (en) Method of and system for enrolling and matching biometric data
US20050063567A1 (en) Authentication apparatus and authentication method
Nanavati et al. Biometrics: identity verification in a networked world
US20080028447A1 (en) Method and system for providing a one time password to work in conjunction with a browser
US20060120571A1 (en) System and method for passive face recognition
US20020091937A1 (en) Random biometric authentication methods and systems
US20140090039A1 (en) Secure System Access Using Mobile Biometric Devices
US7362884B2 (en) Multimodal biometric analysis
US20150347734A1 (en) Access Control Through Multifactor Authentication with Multimodal Biometrics
US20080212846A1 (en) Biometric authentication using biologic templates
Sim et al. Continuous verification using multimodal biometrics
US20050193118A1 (en) Session manager for secured remote computing
US20070205861A1 (en) RFID/biometric area protection
US20150242605A1 (en) Continuous authentication with a mobile device
US20120106805A1 (en) Online identity verification
US20060294390A1 (en) Method and apparatus for sequential authentication using one or more error rates characterizing each security challenge
US20050192908A1 (en) Method of controlling electronic records
US7725732B1 (en) Object authentication system
US8020005B2 (en) Method and apparatus for multi-model hybrid comparison system
US20080016371A1 (en) System and Method for Registering a Fingerprint, for Setting a Login Method of an Application, and for Logining in the Application

Legal Events

Date Code Title Description
AS Assignment

Owner name: ROCKWELL AUTOMATION TECHNOLOGIES, INC., OHIO

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:CASE, CLARK L.;REEL/FRAME:026347/0393

Effective date: 20040928