WO2013191684A1

WO2013191684A1 - Remote hmi panel having location based operational restrictions

Info

Publication number: WO2013191684A1
Application number: PCT/US2012/043127
Authority: WO
Inventors: Daniel Long
Original assignee: Siemens Aktiengesellschaft
Priority date: 2012-06-19
Filing date: 2012-06-19
Publication date: 2013-12-27

Abstract

The disclosed embodiments relate to a wireless human machine interface ("HMI") for a programmable logic controller ("PLC") 102 implemented in a mobile device 124 which selectively enables an operator's access to and control of the PLC 102 functionality based on the location of the mobile device 124, allowing various subsets of operations to be performed from suitable locations. Thereby, efficient operation of the PLC 102 is achieved while complying with requirements for adequate protection of personal safety and protection of property.

Description

REMOTE HMI PANEL HAVING LOCATION BASED OPERATIONAL

RESTRICTIONS

BACKGROUND

[0001] A programmable logic controller ("PLC") or programmable controller is a digital computer used for automation of electromechanical processes, such as control of machinery on factory assembly lines, amusement rides, or light fixtures. PLCs are used in many industries and machines. Unlike general-purpose computers, the PLC is designed for multiple inputs and output arrangements, extended temperature ranges, immunity to electrical noise, and resistance to vibration and impact. Programs to control machine operation are typically stored in battery-backed-up or non-volatile memory. A PLC is an example of a hard real time system since output results must be produced in response to input conditions within a limited time, otherwise unintended operation will result.

[0002] The main difference from other computers is that PLCs are typically armored for severe conditions (such as dust, moisture, heat, cold) and have the facility for extensive input/output (I/O) arrangements to connect, for example, to sensors and actuators. PLCs may be capable of reading limit switches, analog process variables (such as temperature and pressure), and the positions of complex positioning systems. Some PLCs may use machine vision and/or may operate electric motors, pneumatic or hydraulic cylinders, magnetic relays, solenoids, or analog outputs. The input/output arrangements may be built into a simple PLC, or the PLC may have external I O modules, which may be referred to as "signal modules," attached to a computer network that plugs into the PLC.

[0003] Modular PLCs may include a chassis (also called a rack) into which are placed modules with different functions. The processor and selection of I/O modules are customized for the particular application. Several racks may be administered by a single processor, and may have thousands of inputs and outputs. A communications medium, such as a special high speed serial I/O link, may be used so that racks can be distributed away from the processor, reducing the wiring costs for large plants. [0004] PLCs may be used in mission critical environments where failures may compromise worker, public and/or environmental safety or otherwise result in substantial costs. As such, some PLCs may be designed with fail-safe and/or security features. Regardless, proper installation and configuration of such PLCs may be required to ensure correct operation as well as, for example, compliance with regulatory requirements.

[0005] To reduce the load on these controllers, automation systems have further specific devices, which form an interface for operating personnel. These are referred to as control and monitoring devices or HMI or Human Machine Interface devices.

[0006] The term HMI device is a generic term covering all components associated with this group of devices. One example is operator panels or OPs. These can be stationary or mobile. HMI devices are used in networked automation as aids for operating personnel so that they can display and control process data of the technical unit to be controlled. This function is referred to as Supervisor Control and Data Acquisition (SCAD A). To this end the HMI device generally has specific hardware. In other words it has a touchscreen for example and is specifically screened from environmental influences. Specific software is also operated therein. This provides functions, which enhance user-friendliness, quality and safety of operation by an operator. Thus HMI devices can be used to visualize, control, configure and generate interactive process maps of the technical unit to be operated. On the one hand this allows the selective display of responses of the technical unit, generally in the form of measured values and messages. On the other hand the customized predefinition of control operations and data inputs allows the technical unit to be switched to required states.

[0007] HMI devices are frequently permanently integrated, for example in the form of terminals, as stationary components in an automation system. Such terminals are then generally connected permanently to the automation system via cable connections. If these terminals are in the form of hand-held devices, their radius of action is limited by a connecting cable. In many instances this ensures that an operator can only carry out safety-relevant operations in direct proximity to the technical unit or at least when there is adequate visual contact.

[0008] However the situation is different when an HMI device is in the form of a mobile operator panel. Such a mobile control and monitoring device can for example be connected to the automation system via a radio link with a wide range. In such an instance it cannot be excluded that an operator using a mobile control and monitoring device moves so far from an associated technical unit that safety- relevant operations are carried out from a distance that is per se not permitted. In such an instance personal safety could not be ensured.

BRIEF DESCRIPTION OF THE DRAWINGS

[0009] Figures 1A and IB are a block diagrams of alternative exemplary

implementations of the system for remote control of a programmable logic controller.

[0010] Figure 2 depicts a flow chart showing operation of the system of Figure

1.

[0011] Figure 3 shows an illustrative embodiment of a general computer

system for use with the system of Figure 1.

DETAILED DESCRIPTION

[0012] The disclosed embodiments relate to a remote, e.g. wireless, human machine interface ("HMI") for a programmable logic controller ("PLC") implemented in, for example, a mobile device which selectively enables an operator's access to and control of the PLC's functionality based on the location of the mobile device, allowing various subsets of operations to be performed from different locations suitable therefore. Thereby, efficient and flexible operation of the PLC is achieved while complying with requirements for adequate protection of personal safety and protection of property.

[0013] In particular, in one embodiment, prior to enabling any remote operation of a PLC by a user, the location of the mobile device is determined. Based on the location of the mobile device, a subset of the functions of the PLC may be enabled such that user can perform only those functions with the mobile device with respect to the PLC. For example, when the user/mobile device is located away from the facility where the PLC is located, the functions enabled by device may be limited to retrieving and viewing status data or stopping a machine coupled with the PLC. Functions which may not be enabled include starting the machine, reversing the machine, etc. This is because the user, being located away from the facility, cannot observe the machine that they are controlling via the PLC and, accordingly, cannot know if there is, for example, a safety hazard present, such as a worker in close proximity to the machine. Accordingly, for safety concerns, the ability to start the machine may be disabled when the user/mobile device are located away from the facility or otherwise located so as not to have line of sight with the machine. Conversely, a stop function, to stop the operation of the machine, may be enabled as stopping the machine does not present a similar hazard. This would allow an offsite operator, for example, to respond to a hazardous condition and shut off a machine before safety or property is jeopardized.

[0014] In one embodiment, the disclosed embodiments may implement location based services and/or geo-fencing functionality in conjunction with the PLC HMI functionality. Location-based services ("LBS") are a general class of computer program-level services used to include specific controls for location and time data as control features in computer programs. A geo-fence is a virtual perimeter for a real-world geographic area. A geo-fence can be dynamically generated, such as a radius around a store or point location, or may be a predefined set of boundaries, like school attendance zones or neighborhood boundaries. In one application, when a location-aware device of an LBS user enters or exits a geo-fence, the device may receive a generated notification which may contain information about the location of the device. The geofence notice might be sent to a mobile telephone or an email account. In one implementation, geofencing may be used with child location services and may notify parents when a child leaves a designated area. Geofencing allows users of the system to draw, for example, zones around places of work, customers sites and secure areas. These geo-fences when crossed by an equipped vehicle or person can trigger a warning to the user or operator via SMS or Email. Other applications include sending an alert if a vehicle is stolen and notifying rangers when wildlife stray into farmland.

Geofencing in a security strategy model provides security to wireless local area networks. This is done by using predefined borders, e.g., an office space with borders established by positioning technology attached to a specially programmed server. The office space becomes an authorized location for designated users and wireless mobile devices.

[0015] In this manner, various levels of service, i.e. function enablement, may be provided as opposed to simple enablement/disablement of functionality. That is, as opposed to enabling all function or no functions based on location, the disclosed embodiments, enable varied subsets of available functions recognizing that, based on the location of the operator/mobile device, different operations may be appropriately performed. Thereby, increased efficiency of operation and flexibility are provided. Further, safety may be increased by reducing instances of unsupervised or unattended operations.

[0016] Figures 1A and IB show a system 100 for operating one or more programmable logic controllers ("PLC") 102 via a communications network 104, at least a portion of which includes a wireless communication medium, wherein the PLC 102 provides a plurality of functions. The system 100 includes first and second processors 108, 120 and first and second memories 110, 122 coupled therewith which may be implemented by one or more of the processor 302 and memory 304 as described below with respect to Figure 3. In particular, the system 100 may be implemented, at least in part, in a mobile device 124, such as a cellular telephone, smart phone, mobile navigation device or tablet computing device. Further, one or more parts of the system 100 may be implemented in the PLC 102 or in a server (not shown), e.g. remote from the mobile device, coupled with the mobile device via a network, such as a wired or wireless network, or combination thereof, e.g. the network 320 described below with respect to Figure 3. It will be appreciated that more than one communications medium may be utilized, such as cellular data and WiFi, so as to provide redundancy. In one embodiment, the first and second processors 108, 120 are both part of the mobile device 124 and may be the same processor. Similarly the memories 110, 122 may be implemented in the mobile device 124 and may be the same memory.

Alternatively, the first processor 108 and first memory 110 may be implemented in the mobile device 124 and the second processor 120 and second memory 122 may be implemented in the PLC 102 or in a separate server (not shown) as will be described.

[0017] Herein, the phrase "coupled with" is defined to mean directly connected to or indirectly connected through one or more intermediate components. Such intermediate components may include both hardware and software based components. Further, to clarify the use in the pending claims and to hereby provide notice to the public, the phrases "at least one of <A>, <B>, ... and <N>" or "at least one of <A>, <B>, ... <N>, or combinations thereof are defined by the Applicant in the broadest sense, superseding any other implied definitions herebefore or hereinafter unless expressly asserted by the Applicant to the contrary, to mean one or more elements selected from the group comprising A, B, ... and N, that is to say, any combination of one or more of the elements A, B, ... or N including any one element alone or in combination with one or more of the other elements which may also include, in combination, additional elements not listed.

[0018] The system 100 further includes first logic 112 stored in the first memory 110 and executable by the first processor 108 to cause the first processor 108 to determine a geographic location from which at least initiation of at least one of the plurality of functions of the PLC 102 is originated for communication to the PLC 102 via at least the communications network 104. While the disclosed embodiments are discussed in references to a singular PLC 102, it will be appreciated that the disclosed system may allow a user to control multiple PLCs 102 as described herein, individually, in subsets or all together. Wherein the system 100 is embodied, or at least the first processor 108 and first memory 110, in a mobile device 124, PLC 102 functions may be initiated via the various input devices offered by the mobile device 124, such as a touch screen, voice input, optical/camera input, accelerometer/motion/movement input, or combinations thereof. Further, the first logic 112 may be further executable to implement authentication protocols, such as by requiring a user id and password, unique touch input pattern, voice identification or other biometric input, e.g. facial recognition, or other form of authentication, from the user to initiate all or a subset of PLC 102 functions. It will be appreciated that the location based functionality described herein may be used alone, or in conjunction with other authentication protocols, to implement secured operations. For example, when the mobile device 124 is located within visual proximity of the PLC 102, no authentication may be required to initiate a PLC 102 function. However, when the mobile device 124 is located elsewhere, initiation of the same function of the PLC 102 may at least require that the user enter a password. The authentication protocol may be implemented entirely within the mobile device 124 or be implemented in conjunction with an authentication server, which may be a part of the PLC 102 or separately implemented, which manages user credentials and access levels. For some functions of the PLC 102 where the user is required to be near the PLC 102 or the machine controlled thereby, authentication may require that the user use the mobile device 124 to scan a static or dynamically generated code, such as a bar code or QR code, displayed on the PLC 102 or machine controlled thereby, such as on an electronic display thereof. This may ensure that the user is physically located in the desired location to perform the particular function. It will be appreciated that other suitable mechanisms may also be used for this purpose such as near field communications ("NFC") or radio frequency identification ("RFID"). The first logic 112 may be further executable by the first processor 108 to enable one or more functions of the PLC 102 when the communication network 104 is secure, i.e. implementing a secure communications protocol such as secure sockets layer ("SSL") or ProfiSafe.(IEC 61784-3-3). [0019] The first logic 112 may be further executable by the first processor 108 to determine the location using location determining device or function provided by the mobile device 124 such as a global positioning system ("GPS") device, an assisted global positioning system ("aGPS"), WiFi based locating, cellular tower triangulation, near field communication ("NFC"), or combinations thereof 126. The determined location may be an absolute geographic location, e.g.

latitude/longitude or other coordinate system, or a relative location, e.g. distance and direction from an origin location such as the location of the PLC 102.

Wherein the user is moving, the determined location may further include the direction and rate of movement and/or rate of change thereof.

[0020] In one embodiment, the plurality of functions of the PLC 102 may include initiation, pausing, resumption, reversing, etc. of operation of a machine (not shown) coupled with the PLC 102, inhibition of operation of the machine coupled with the PLC 102, variation of the operation of the machine coupled with the PLC 102, generation of alert or warning indicators/messages by the PLC 102 (e.g. via SMS messages, email messages, IM messages, notification badges, etc.,), retrieval of data from a memory of the PLC 102, storage or modification of data, such as recipes or register values, in the memory of the PLC 102, activating the PLC 102, deactivating the PLC 102, reset of the PLC 102, or combinations thereof.

[0021] The system 100 further includes second logic 114 stored in a second memory 122 and executable by a second processor 120 to cause the second processor 120 to evaluate the determined location to identify whether the determined location is one of a first location or a second location different from the first location. It will be appreciated that a given location may in fact be a range of locations, a zone or geographic area, geographic boundary or geo-fence, overlapping or non-overlapping, and that the granularity, resolution or accuracy of the specification of the locations may be implementation dependent. For example, a first location may defined as being within visual proximity/range of the PLC 102 or the machine controlled thereby. A second location may be defined as the area of the facility at which the PLC 102, or the machine controlled thereby, is located but not within visual proximity of the PLC 102 or machine. A third location may be defined as the area outside of the facility. It will be appreciated that the disclosed system may define more than two different locations from which various subsets of the functions of the PLC 102 are provided. The locations may be defined based on geographic or municipal boundaries and may or may not overlap. The locations may be defined based on the available functions of the PLC 102 and the suitability of performing those functions from different locations. For example, a first location may be defined as being within an unsafe distance from a machine controlled by the PLC 102 when the machine is operating, but okay when the machine is stopped, whereas a second location may be defined as being outside of the unsafe area.

[0022] In an embodiment wherein the first processor 108 and first memory 110 are implemented in a device, such as a mobile device 124, and the second processor 120 and second memory 122 are implemented in a separate device, such as the PLC 102 or a separate gateway or server coupled therewith, the first logic 112 may be further executable by the first processor 108 to cause the first processor 108 to communicate the determined location to the second processor 120, such as via the communications network 104.

[0023] The system 100 further includes third logic 116 stored in the second memory 122 and executable by the second processor 120 to cause the second processor 120 to enable a first subset of the plurality of functions when the determined location is identified as the first location, enable a second subset of the plurality of functions when the determined location is identified as the second location, and prevent the plurality of functions when the determined location is identified as neither the first or second location. It will be appreciated that there may be more than two subsets of functions depending upon the implementation, e.g. there may be multiple locations each associated with a defined subset of available functions. Further more, a subset of functions may include all of the available functions of the PLC 102. In addition, the subsets of functions may or may not overlap. In one embodiment where multiple areas or zones are defined so as to overlap, a first subset of functions may be enabled when the user/device 124 is located exclusively in the first zone, a second subset of functions may be enabled when the user/device is located exclusively in the second zone and a third subset of functions may be enabled (or alternatively all functions may be, for example, disabled) when the user/device 124 is located in the area where the first and second zones overlap. It will be appreciated that the combination of particular locations enabling particular subsets of functions of the PLC 102 may

implemented as a set of configurable rules, permissions or policies which may be stored in the memory 122 or a separate database (not shown) and may

reconfigurable as determined by the implementation. Furthermore, gradients of access/functionality may be defined, for example, based on distance from the PLC 102 or otherwise, to, for example, provided for different levels of available functions dependent upon location. For example, as the user/mobile device 124 moves further from the location of the PLC 102 or the machine controlled thereby, the available functions that the user can initiate from the mobile device 124 are reduced, e.g. from all functions when the user is close to the PLC 102/machine to limited functionality when the user is not close but still on-site to still more limited functionality when the user is off-site but within driving distance, to no functionality when the user is considered to be too far away. It will be appreciated that other parameters may be factored into the enablement of function subsets such as user privilege level/authorization level or security clearance, time of day, day of week. For example, during the week only a supervisor on-site may stop or start a machine. Whereas after business hours, or on a weekend, any employee may be enabled to stop a machine (from any location) but not start the machine unless they are on-site. It will be appreciated that some functions may always be available such as an emergency shutdown functions.

[0024] In one embodiment, the system 100 further includes fourth logic 118 stored in the first memory 110 and executable by the first processor 108 to cause the first processor 108 to present, via a user interface 128 coupled therewith, a first representation of the first subset of the plurality of functions when the location is identified as the first location and the first subset of the plurality of functions is enabled by the third logic 116, and present, via the user interface 128, a second representation of the second subset of the plurality of functions when the location is identified as the second location and the second subset of the plurality of functions is enabled by the third logic 116.

[0025] The user interface 128 may mimic the HMI panel which is local, i.e. hardwired, to the PLC 102. For example, an image of the HMI panel display as well as representations of the user interface, e.g. button, arrangement may be represented on the display of the mobile device 124. Furthermore, the presentation on the user interface may vary to reflect the available functions which are presently enabled as well those functions which are not enabled. For example, functions which are not enabled may be grayed out or not represented at all. Other indicators may be presented to indicate the user's present location, zone, etc. or other parameters so as to inform user as to basis for enabling some functions and not others. Furthermore, indicators may be provided to indicate to the user when they have changed or are about to change locations which may affect which functions are enabled. For example, as a user leaves the factory floor, the device may alert them that certain functions are no longer available. When the user returns to the factory floor, the device may alert the user that previously disabled functions are now enabled.

[0026] In one embodiment, the movement of the user/device 124, e.g. a change in location, may be used to initiate functions on the PLC 102. For example, if the user walks away from a machine which requires constant supervision, the device 124 may detect the change in location and automatically issue a stop command to the PLC 102 to stop the operation of the machine. When the user returns to the proper location, the device 124 may alert the user that they can start the machine but doe not automatically initiate the command. In this embodiment, the first and second logic may be further operative to continuously evaluate the user's/device's 124 location. It will be appreciate that additional safety measures may be implemented to ensure, for example, that a user does not leave their device 124 behind so that they can leave the vicinity of the machine without stopping it. For example, the system 100 may further require periodic interaction, such as a button press or other interaction with the user interface 128 to confirm that, not only is the device 124 present in the requisite location but the user is there too. In one implementation, the system 100 may rely on an accelerometer in the mobile device 124 which detects movement and is therefore indicative of the device 124 being on the person of the user as opposed to having been set down.

[0027] In implementations where multiple PLCs 102 may be controlled from the device 124, the system 100 may further selectively enable control of select PLCs 102 depending on proximity thereto. For example, when the user is next to one PLC 102 or machine controlled thereby, the system 100 may automatically present and enable functions only for that PLC 102.

[0028] In one embodiment, once a subset of functions are enabled, the system 100 may implement a reliable communications protocol to ensure that commands initiated by the user are in fact received by the PLC 102 as intended. Generally, wireless communications media may not reliably transmit data and some commands may be lost or otherwise compromised during transmission. It may be essential for the user to know that their command has been received and acted upon. For example, if a user s initiating a command for an emergency shut down, it would be important to ensure the command was successfully received by the PLC 102. Accordingly, the system 102 may implement a protocol, e.g. a handshake, between the mobile device 124 and the PLC 102, which may be implemented in combination with, i.e. layer on, other communications protocols. When a command is initiated from the mobile device 124, the PLC 102, upon receipt must transmit a receipt confirmation message and/or a confirmation of execution message. The device 124 will not confirm transmission or execution to the user until the confirmation of receipt or confirmation of execution is received from the PLC 102. [0029] In one embodiment, as was described above, a log/audit function is provided whereby the log is maintained of the user's activities, or attempted activities, with respect to the PLC 102. In one embodiment, the log is maintained by the PLC 102 or by a separate server or gateway device, which, as described above, may also be used to authenticate user access. Alternatively, the log may be maintained in the mobile device 124 and may be periodically reported to a central authority for review.

[0030] Figure 2 depicts a flow chart showing operation of the system 100 of Figure 1. In particular Figure 2 shows a computer implemented method for operating one or more programmable logic controllers ("PLC") 102 via a communications network 104, at least a portion of which includes a wireless communication medium, wherein the PLC 102 provides a plurality of functions. In particular, as discussed above, the system 100 may be implemented, at least in part, in a mobile device 124, such as a cellular telephone, smart phone, mobile navigation device or tablet computing device. Further, one or more parts of the system 100 may be implemented in the PLC 102 or in a server (not shown), e.g. remote from the mobile device, coupled with the mobile device via a network, such as a wired or wireless network, or combination thereof, e.g. the network 320 described below with respect to Figure 3. It will be appreciated that more than one communications medium may be utilized, such as cellular data and WiFi, so as to provide redundancy. In one embodiment, the first and second processors 108, 120 are both part of the mobile device 124 and may be the same processor. Similarly the memories 110, 122 may be implemented in the mobile device 124 and may be the same memory. Alternatively, the first processor 108 and first memory 110 may be implemented in the mobile device 124 and the second processor 120 and second memory 122 may be implemented in the PLC 102 or in a separate server (not shown) as will be described.

[0031] The operation of the system 100 includes: determining, by a first processor 108, a location from which at least initiation of at least one of the plurality of functions of the PLC 102 is originated for communication to the PLC 102 via at least the communications network 104 [Block 202], such as by using a global positioning system ("GPS") device, an assisted global positioning system ("aGPS"), WiFi based locating, cellular tower triangulation, near field

communication ("NFC"), or combinations thereof 126 [Block 212]; evaluating, by a second processor 120, the determined location to identify whether the determined location is one of a first location, e.g. within visual range of the PLC 102 or machine controlled thereby, or a second location different from the first location, such as a location not within visual range of the PLC 102 or the machine controlled thereby [Block 204]; enabling, by the second processor 120, a first subset of the plurality of functions, such as all of the functions, when the determined location is identified as the first location [Block 206]; enabling, by the second processor 120, a second subset of the plurality of functions, such as less than all of the functions, when the determined location is identified as the second location [Block 208]; and preventing, by the second processor 120, the plurality of functions when the determined location is identified as neither the first or second location [Block 210].

[0032] Wherein the first processor 108 is comprised by a device 124, located at the determined location, from which the at least one of the plurality of functions is initiated, the second processor 120 being comprised by the PLC 102, the operation of the system 100 may further include communicating the determined location by the first processor 108 to the second processor 120 [Block 214].

[0033] In one embodiment, the plurality of functions of the PLC 102 may include initiation, pausing, resumption, reversing, etc. of operation of a machine (not shown) coupled with the PLC 102, inhibition of operation of the machine coupled with the PLC 102, variation of the operation of the machine coupled with the PLC 102, generation of alert or warning indicators/messages by the PLC 102 (e.g. via SMS messages, email messages, IM messages, notification badges, etc.,), retrieval of data from a memory of the PLC 102, storage or modification of data, such as recipes or register values, in the memory of the PLC 102, activating the PLC 102, deactivating the PLC 102, reset of the PLC 102, or combinations thereof.

[0034] Operation of the system 100 may be further understood by way of the following examples.

[0035] In one example, an employee's iPad™ starts sounding an alarm and flashing at 03:00 on a Saturday morning indicating that there is a critical problem at the factory where the employee works. The employee determines that the best course of action is to issue an emergency shut-down command. He taps the "Emergency Stop" button on his HMI iPad™ App implemented in accordance with the disclosed embodiments. The App asks him to authenticate himself by entering his user name and password. When the employee enters the correct user name and password, the App sends the shut-down signal to the PLC 102 on the factory floor and the production line immediately shuts down. Since this is an emergency situation, the App logs his user name, as well as the time and date that he sent the shutdown command, for later review.

[0036] In another example, an employee is at home watching TV when he gets an alert on his iPad™ that there is another problem at the employee's plant. Since the employee is at home and the problem is not life-threatening, the App checks his credentials and then only shows the employee the status of the PLC 102 that is having the problem. He does not have the option to actually control the PLC 102.

[0037] In another example, the employee is back at work and is currently in his office. He wants to keep an eye on how things are going back on the production floor, so he brings up the overview screen on his HMI iPad™ App. After checking his credentials, the App queries the status of every PLC 102 on the factory floor at regular intervals and organizes the results into an overview presentation on the display of the iPad™.

[0038] In another example, the employee is at his office and notices that there is a minor problem on one of the assembly lines. He uses his HMI iPad™ App to bring up the status of the PLC 102 that is having a problem and sends a command to pause the assembly line while he goes to the factory floor to see the problem for himself. When he attempts to issue the command, the App queries his location. Since he is not on the actual factory floor, but on the grounds of the facility, the employee is allowed to send his command. Since the command is not a highly sensitive or emergency command, the employee is not required to enter his password before being allowed to issue it. Since he is at his office and cannot directly see the factory floor and what is happening there, he is not allowed to send more sensitive commands such as reverse or resume.

[0039] In another example, the employee arrives on the factory floor to check on a problem. When he enters the factory floor building, he quickly sees that the problem is caused by a jam in one of the conveyor belts. He sends a stop command on the PLC 102 controlling the conveyor using his HMI iPad™ App. The App queries the employee's location and sees that he is directly on the factory floor, able to see what is going on and therefore sends the employee's command to the PLC 102 and it stops operation.

[0040] In another example, to remedy a problem on his factory floor, the employee must run his production line in reverse for a short time to remove a blocking item. This is a highly irregular operation and the HMI iPad™ App checks the employee's location before sending the command to the PLC 102. Unless the employee is standing next to the production line that he wants to run in reverse so he can see exactly what is going on, he will not be permitted to issue that command. The employee is currently standing right in front of the jammed machine, so the App checks his credentials and asks the employee to confirm his action before issuing the command to the PLC 102. If the employee's credentials are invalid or expired, he will be asked to authenticate himself using his user name and password before the command will be issued.

[0041] In another example, the employee is on the factory floor when he notices a fire has started on his production line. He attempts to use his HMI iPad™ App to issue an emergency stop command to stop the line and save valuable resources. The App checks the employee's location and sees that he is on the factory floor, right where the fire is. Since he is currently is in immediate physical danger, the App does not let the employee send any commands but instead alerts him to the nearest exit where he will be able to pull a fire alarm that will automatically shut down the plant and alert the fire department, as well as bring him to safety.

[0042] Referring to Figure 3, an illustrative embodiment of a general computer system 300 is shown. The computer system 300 can include a set of instructions that can be executed to cause the computer system 300 to perform any one or more of the methods or computer based functions disclosed herein. The computer system 300 may operate as a standalone device or may be connected, e.g., using a network, to other computer systems or peripheral devices. Any of the components discussed above, such as the processor 108, may be a computer system 300 or a component in the computer system 300. The computer system 300 may implement an industrial control system, of which the disclosed embodiments are a component thereof.

[0043] In a networked deployment, the computer system 300 may operate in the capacity of a server or as a client user computer in a client-server user network environment, or as a peer computer system in a peer-to-peer (or distributed) network environment. The computer system 300 can also be implemented as or incorporated into various devices, such as a personal computer (PC), a tablet PC, a set-top box (STB), a personal digital assistant (PDA), a mobile device, a palmtop computer, a laptop computer, a desktop computer, a communications device, a wireless telephone, a land-line telephone, a control system, a camera, a scanner, a facsimile machine, a printer, a pager, a personal trusted device, a web appliance, a network router, switch or bridge, or any other machine capable of executing a set of instructions (sequential or otherwise) that specify actions to be taken by that machine. In a particular embodiment, the computer system 300 can be implemented using electronic devices that provide voice, video or data

communication. Further, while a single computer system 300 is illustrated, the term "system" shall also be taken to include any collection of systems or sub- systems that individually or jointly execute a set, or multiple sets, of instructions to perform one or more computer functions.

[0044] As illustrated in Figure 3, the computer system 300 may include a processor 302, e.g., a central processing unit (CPU), a graphics processing unit (GPU), or both. The processor 302 may be a component in a variety of systems. For example, the processor 302 may be part of a standard personal computer or a workstation. The processor 302 may be one or more general processors, digital signal processors, application specific integrated circuits, field programmable gate arrays, servers, networks, digital circuits, analog circuits, combinations thereof, or other now known or later developed devices for analyzing and processing data. The processor 302 may implement a software program, such as code generated manually (i.e., programmed).

[0045] The computer system 300 may include a memory 304 that can communicate via a bus 308. The memory 304 may be a main memory, a static memory, or a dynamic memory. The memory 304 may include, but is not limited to computer readable storage media such as various types of volatile and nonvolatile storage media, including but not limited to random access memory, readonly memory, programmable read-only memory, electrically programmable readonly memory, electrically erasable read-only memory, flash memory, magnetic tape or disk, optical media and the like. In one embodiment, the memory 304 includes a cache or random access memory for the processor 302. In alternative embodiments, the memory 304 is separate from the processor 302, such as a cache memory of a processor, the system memory, or other memory. The memory 304 may be an external storage device or database for storing data. Examples include a hard drive, compact disc ("CD"), digital video disc ("DVD"), memory card, memory stick, floppy disc, universal serial bus ("USB") memory device, or any other device operative to store data. The memory 304 is operable to store instructions executable by the processor 302. The functions, acts or tasks illustrated in the figures or described herein may be performed by the programmed processor 302 executing the instructions 312 stored in the memory 304. The functions, acts or tasks are independent of the particular type of instructions set, storage media, processor or processing strategy and may be performed by software, hardware, integrated circuits, firm-ware, micro-code and the like, operating alone or in combination. Likewise, processing strategies may include multiprocessing, multitasking, parallel processing and the like.

[0046] As shown, the computer system 300 may further include a display unit 314, such as a liquid crystal display (LCD), an organic light emitting diode (OLED), a flat panel display, a solid state display, a cathode ray tube (CRT), a projector, a printer or other now known or later developed display device for outputting determined information. The display 314 may act as an interface for the user to see the functioning of the processor 302, or specifically as an interface with the software stored in the memory 304 or in the drive unit 306. A tactile output may further be provides such a mechanical or piezoelectric vibration motor.

[0047] Additionally, the computer system 300 may include an input device 316 configured to allow a user to interact with any of the components of system 300. The input device 316 may be a number pad, a keyboard, or a cursor control device, such as a mouse, or a joystick, touch screen display, remote control,

accelerometer, motion sensor, proximity sensor, optional sensor, e.g. a camera, or any other device operative to interact with the system 300.

[0048] In a particular embodiment, as depicted in Figure 3, the computer system 300 may also include a disk or optical drive unit 306. The disk drive unit 306 may include a computer-readable medium 310 in which one or more sets of instructions 312, e.g. software, can be embedded. Further, the instructions 312 may embody one or more of the methods or logic as described herein. In a particular embodiment, the instructions 312 may reside completely, or at least partially, within the memory 304 and/or within the processor 302 during execution by the computer system 300. The memory 304 and the processor 302 also may include computer-readable media as discussed above.

[0049] The present disclosure contemplates a computer-readable medium that includes instructions 312 or receives and executes instructions 312 responsive to a propagated signal, so that a device connected to a network 320 can communicate voice, video, audio, images or any other data over the network 320. Further, the instructions 312 may be transmitted or received over the network 320 via a communication interface 318. The communication interface 318 may be a part of the processor 302 or may be a separate component. The communication interface 318 may be created in software or may be a physical connection in hardware. The communication interface 318 is configured to connect with a network 320, external media, the display 314, or any other components in system 300, or combinations thereof. The connection with the network 320 may be a physical connection, such as a wired Ethernet connection or may be established wirelessly as discussed below. Likewise, the additional connections with other components of the system 300 may be physical connections or may be established wirelessly.

[0050] The network 320 may include wired networks, wireless networks, or combinations thereof. The wireless network may be a cellular telephone network, an 802.11, 802.16, 802.20, or WiMax network. Further, the network 320 may be a public network, such as the Internet, a private network, such as an intranet, or combinations thereof, and may utilize a variety of networking protocols now available or later developed including, but not limited to TCP/IP based networking protocols.

[0051] Embodiments of the subject matter and the functional operations described in this specification can be implemented in digital electronic circuitry, or in computer software, firmware, or hardware, including the structures disclosed in this specification and their structural equivalents, or in combinations of one or more of them. Embodiments of the subject matter described in this specification can be implemented as one or more computer program products, i.e., one or more modules of computer program instructions encoded on a computer readable medium for execution by, or to control the operation of, data processing apparatus. While the computer-readable medium is shown to be a single non-transitory medium, the term "computer-readable medium" includes a single non-transitory medium or multiple media, such as a centralized or distributed database, and/or associated caches and servers that store one or more sets of instructions. The term "computer-readable medium" shall also include any medium that is capable of storing, encoding or carrying a set of instructions for execution by a processor or that cause a computer system to perform any one or more of the methods or operations disclosed herein. The computer readable medium can be a machine- readable storage device, a machine-readable storage substrate, a memory device, or a combination of one or more of them. The term "data processing apparatus" encompasses all apparatus, devices, and machines for processing data, including by way of example a programmable processor, a computer, or multiple processors or computers. The apparatus can include, in addition to hardware, code that creates an execution environment for the computer program in question, e.g., code that constitutes processor firmware, a protocol stack, a database management system, an operating system, or a combination of one or more of them.

[0052] In a particular non-limiting, exemplary embodiment, the computer- readable medium can include a solid-state memory such as a memory card or other package that houses one or more non-volatile read-only memories. Further, the computer-readable medium can be a random access memory or other volatile rewritable memory. Additionally, the computer-readable medium can include a magneto-optical or optical medium, such as a disk or tapes or other storage device to capture carrier wave signals such as a signal communicated over a transmission medium. A digital file attachment to an e-mail or other self-contained information archive or set of archives may be considered a distribution medium that is a tangible storage medium. Accordingly, the disclosure is considered to include any one or more of a computer-readable medium or a distribution medium and other equivalents and successor media, in which data or instructions may be stored.

[0053] In an alternative embodiment, dedicated hardware implementations, such as application specific integrated circuits, programmable logic arrays and other hardware devices, can be constructed to implement one or more of the methods described herein. Applications that may include the apparatus and systems of various embodiments can broadly include a variety of electronic and computer systems. One or more embodiments described herein may implement functions using two or more specific interconnected hardware modules or devices with related control and data signals that can be communicated between and through the modules, or as portions of an application- specific integrated circuit. Accordingly, the present system encompasses software, firmware, and hardware implementations.

[0054] In accordance with various embodiments of the present disclosure, the methods described herein may be implemented by software programs executable by a computer system. Further, in an exemplary, non-limited embodiment, implementations can include distributed processing, component/object distributed processing, and parallel processing. Alternatively, virtual computer system processing can be constructed to implement one or more of the methods or functionality as described herein.

[0055] Although the present specification describes components and functions that may be implemented in particular embodiments with reference to particular standards and protocols, the invention is not limited to such standards and protocols. For example, standards for Internet and other packet switched network transmission (e.g., TCP/IP, UDP/IP, HTML, HTTP, HTTPS) represent examples of the state of the art. Such standards are periodically superseded by faster or more efficient equivalents having essentially the same functions. Accordingly, replacement standards and protocols having the same or similar functions as those disclosed herein are considered equivalents thereof.

[0056] A computer program (also known as a program, software, software application, script, or code) can be written in any form of programming language, including compiled or interpreted languages, and it can be deployed in any form, including as a standalone program or as a module, component, subroutine, or other unit suitable for use in a computing environment. A computer program does not necessarily correspond to a file in a file system. A program can be stored in a portion of a file that holds other programs or data (e.g., one or more scripts stored in a markup language document), in a single file dedicated to the program in question, or in multiple coordinated files (e.g., files that store one or more modules, sub programs, or portions of code). A computer program can be deployed to be executed on one computer or on multiple computers that are located at one site or distributed across multiple sites and interconnected by a communication network.

[0057] The processes and logic flows described in this specification can be performed by one or more programmable processors executing one or more computer programs to perform functions by operating on input data and generating output. The processes and logic flows can also be performed by, and apparatus can also be implemented as, special purpose logic circuitry, e.g., an FPGA (field programmable gate array) or an ASIC (application specific integrated circuit).

[0058] As used in this application, the term 'circuitry' or 'circuit' refers to all of the following: (a)hardware-only circuit implementations (such as

implementations in only analog and/or digital circuitry) and (b) to combinations of circuits and software (and/or firmware), such as (as applicable): (i) to a combination of processor(s) or (ii) to portions of processor(s)/software (including digital signal processor(s)), software, and memory(ies) that work together to cause an apparatus, such as a mobile phone or server, to perform various functions) and (c) to circuits, such as a microprocessor(s) or a portion of a microprocessor(s), that require software or firmware for operation, even if the software or firmware is not physically present.

[0059] This definition of 'circuitry' applies to all uses of this term in this application, including in any claims. As a further example, as used in this application, the term "circuitry" would also cover an implementation of merely a processor (or multiple processors) or portion of a processor and its (or their) accompanying software and/or firmware. The term "circuitry" would also cover, for example and if applicable to the particular claim element, a baseband integrated circuit or applications processor integrated circuit for a mobile phone or a similar integrated circuit in server, a cellular network device, or other network device. [0060] Processors suitable for the execution of a computer program include, by way of example, both general and special purpose microprocessors, and anyone or more processors of any kind of digital computer. Generally, a processor will receive instructions and data from a read only memory or a random access memory or both. The essential elements of a computer are a processor for performing instructions and one or more memory devices for storing instructions and data. Generally, a computer will also include, or be operatively coupled to receive data from or transfer data to, or both, one or more mass storage devices for storing data, e.g., magnetic, magneto optical disks, or optical disks. However, a computer need not have such devices. Moreover, a computer can be embedded in another device, e.g., a mobile telephone, a personal digital assistant (PDA), a mobile audio player, a Global Positioning System (GPS) receiver, to name just a few. Computer readable media suitable for storing computer program instructions and data include all forms of non volatile memory, media and memory devices, including by way of example semiconductor memory devices, e.g., EPROM, EEPROM, and flash memory devices; magnetic disks, e.g., internal hard disks or removable disks; magneto optical disks; and CD ROM and DVD-ROM disks. The processor and the memory can be supplemented by, or incorporated in, special purpose logic circuitry.

[0061] To provide for interaction with a user, embodiments of the subject matter described in this specification can be implemented on a device having a display, e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor, for displaying information to the user and a keyboard and a pointing device, e.g., a mouse or a trackball, by which the user can provide input to the computer. Other kinds of devices can be used to provide for interaction with a user as well; for example, feedback provided to the user can be any form of sensory feedback, e.g., visual feedback, auditory feedback, or tactile feedback; and input from the user can be received in any form, including acoustic, speech, or tactile input.

[0062] Embodiments of the subject matter described in this specification can be implemented in a computing system that includes a back end component, e.g., as a data server, or that includes a middleware component, e.g., an application server, or that includes a front end component, e.g., a client computer having a graphical user interface or a Web browser through which a user can interact with an implementation of the subject matter described in this specification, or any combination of one or more such back end, middleware, or front end components. The components of the system can be interconnected by any form or medium of digital data communication, e.g., a communication network. Examples of communication networks include a local area network ("LAN") and a wide area network ("WAN"), e.g., the Internet.

[0063] The computing system can include clients and servers. A client and server are generally remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other.

[0064] The illustrations of the embodiments described herein are intended to provide a general understanding of the structure of the various embodiments. The illustrations are not intended to serve as a complete description of all of the elements and features of apparatus and systems that utilize the structures or methods described herein. Many other embodiments may be apparent to those of skill in the art upon reviewing the disclosure. Other embodiments may be utilized and derived from the disclosure, such that structural and logical substitutions and changes may be made without departing from the scope of the disclosure.

Additionally, the illustrations are merely representational and may not be drawn to scale. Certain proportions within the illustrations may be exaggerated, while other proportions may be minimized. Accordingly, the disclosure and the figures are to be regarded as illustrative rather than restrictive.

[0065] While this specification contains many specifics, these should not be construed as limitations on the scope of the invention or of what may be claimed, but rather as descriptions of features specific to particular embodiments of the invention. Certain features that are described in this specification in the context of separate embodiments can also be implemented in combination in a single embodiment. Conversely, various features that are described in the context of a single embodiment can also be implemented in multiple embodiments separately or in any suitable sub-combination. Moreover, although features may be described above as acting in certain combinations and even initially claimed as such, one or more features from a claimed combination can in some cases be excised from the combination, and the claimed combination may be directed to a sub-combination or variation of a sub-combination.

[0066] Similarly, while operations are depicted in the drawings and described herein in a particular order, this should not be understood as requiring that such operations be performed in the particular order shown or in sequential order, or that all illustrated operations be performed, to achieve desirable results. In certain circumstances, multitasking and parallel processing may be advantageous.

Moreover, the separation of various system components in the embodiments described above should not be understood as requiring such separation in all embodiments, and it should be understood that the described program components and systems can generally be integrated together in a single software product or packaged into multiple software products.

[0067] One or more embodiments of the disclosure may be referred to herein, individually and/or collectively, by the term "invention" merely for convenience and without intending to voluntarily limit the scope of this application to any particular invention or inventive concept. Moreover, although specific embodiments have been illustrated and described herein, it should be appreciated that any subsequent arrangement designed to achieve the same or similar purpose may be substituted for the specific embodiments shown. This disclosure is intended to cover any and all subsequent adaptations or variations of various embodiments. Combinations of the above embodiments, and other embodiments not specifically described herein, will be apparent to those of skill in the art upon reviewing the description. [0068] The Abstract of the Disclosure is provided to comply with 37 C.F.R. § 1.72(b) and is submitted with the understanding that it will not be used to interpret or limit the scope or meaning of the claims. In addition, in the foregoing Detailed Description, various features may be grouped together or described in a single embodiment for the purpose of streamlining the disclosure. This disclosure is not to be interpreted as reflecting an intention that the claimed embodiments require more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive subject matter may be directed to less than all of the features of any of the disclosed embodiments. Thus, the following claims are incorporated into the Detailed Description, with each claim standing on its own as defining separately claimed subject matter.

[0069] It is therefore intended that the foregoing detailed description be regarded as illustrative rather than limiting, and that it be understood that it is the following claims, including all equivalents, that are intended to define the spirit and scope of this invention.

Claims

WHAT IS CLAIMED IS:

1. A computer implemented method for operating a programmable logic

controller ("PLC") 102 via a communications network 104, at least a portion of which includes a wireless communication medium, wherein the PLC 102 provides a plurality of functions, the method comprising:

determining, by a first processor 108, a location from which at least initiation of at least one of the plurality of functions of the PLC 102 is originated for communication to the PLC 102 via at least the

communications network 104 [Block 202];

evaluating, by a second processor 120, the determined location to identify whether the determined location is one of a first location or a second location different from the first location [Block 204];

enabling, by the second processor 120, a first subset of the plurality of functions when the determined location is identified as the first location [Block 206];

enabling, by the second processor 120, a second subset of the plurality of functions when the determined location is identified as the second location [Block 208]; and

preventing, by the second processor 120, the plurality of functions when the determined location is identified as neither the first or second location [Block 210].

2. The computer implemented method of claim 1 wherein the operation of the PLC 102 is originated from a mobile device 124.

3. The computer implemented method of claim 1 wherein the plurality of functions comprise initiation of operation of a machine coupled with the PLC 102, inhibition of operation of the machine coupled with the PLC 102, variation of the operation of the machine coupled with the PLC 102, retrieval of data from a memory of the PLC 102, storage of data in the memory of the PLC 102, activating the PLC 102, deactivating the PLC 102, reset of the PLC 102, or combinations thereof.

4. The computer implemented method of claim 1 wherein the determining further comprises determining the location using a global positioning system ("GPS") device, an assisted global positioning system ("aGPS"), WiFi based locating, cellular tower triangulation, near field communication ("NFC"), or combinations thereof 126 [Block 212].

5. The computer implemented method of claim 1 wherein the first location is within visual range of the PLC 102 and the second location is not within visual range of the PLC 102.

6. The computer implemented method of claim 1 wherein the first subset of the plurality of functions comprises all of the plurality of functions.

7. The computer implemented method of claim 1 wherein the first subset of the plurality of functions is different from the second subset of the plurality of functions.

8. The computer implemented method of claim 1 wherein the first and second processors 108, 120 are both comprised by a device 124, located at the determined location, from which the at least one of the plurality of functions is initiated.

9. The computer implemented method of claim 1 wherein the first processor 108 is comprised by a device 124, located at the determined location, from which the at least one of the plurality of functions is initiated, the second processor 120 being comprised by the PLC 102, wherein the method further comprises communicating the determined location by the first processor 108 to the second processor 120. [Block 214]

10. A system 100 for operating a programmable logic controller ("PLC") 102 via a communications network 104, at least a portion of which includes a wireless communication medium, wherein the PLC 102 provides a plurality of functions, the system 100 comprising:

first logic 112 stored in a first memory 110 and executable by a first processor 108 to cause the first processor 108 to determine a geographic location from which at least initiation of at least one of the plurality of functions of the PLC 102 is originated for communication to the PLC 102 via at least the communications network 104;

second logic 114 stored in a second memory 122 and executable by a second processor 120 to cause the second processor 120 to evaluate the determined location to identify whether the determined location is one of a first location or a second location different from the first location;

third logic 116 stored in the second memory 122 and executable by the second processor 120 to cause the second processor 120 to enable a first subset of the plurality of functions when the determined location is identified as the first location, enable a second subset of the plurality of functions when the determined location is identified as the second location, and prevent the plurality of functions when the determined location is identified as neither the first or second location.

11. The system 100 of claim 10 wherein at least the first processor 108, the first memory 110 and the first logic 112 are comprised by a mobile device 124 from which the operation of the PLC 102 is originated.

12. The system 100 of claim 10 wherein the plurality of functions comprise initiation of operation of a machine coupled with the PLC 102, inhibition of operation of the machine coupled with the PLC 102, variation of the operation of the machine coupled with the PLC 102, retrieval of data from a memory of the PLC 102, storage of data in the memory of the PLC 102, activating the PLC 102, deactivating the PLC 102, reset of the PLC 102, or combinations thereof.

13. The system 100 of claim 10 wherein the first logic 112 is further executable by the first processor 108 to determine the location using a global positioning system ("GPS") device, an assisted global positioning system ("aGPS"), WiFi based locating, cellular tower triangulation, near field communication ("NFC"), or combinations thereof 126.

14. The system 100 of claim 10 wherein the first location is within visual range of the PLC 102 and the second location is not within visual range of the PLC 102.

15. The system 100 of claim 10 wherein the first subset of the plurality of functions comprises all of the plurality of functions.

16. The system 100 of claim 10 wherein the first subset of the plurality of functions is different from the second subset of the plurality of functions.

17. The system 100 of claim 10 wherein the first and second processors 108, 120 are both comprised by a device 124, located at the determined location, from which the at least one of the plurality of functions is initiated.

18. The system 100 of claim 10 wherein the first processor 108 is comprised by a device 124, located at the determined location, from which the at least one of the plurality of functions is initiated, the second processor 120 being comprised by the PLC 102, wherein the first logic 112 is further executable by the first processor 108 to cause the first processor 108 to communicate the determined location to the second processor 120.

19. The system 100 of claim 10 further comprising fourth logic 118 stored in the first memory 110 and executable by the first processor 108 to cause the first processor 108 to present, via a user interface 128 coupled therewith, a first representation of the first subset of the plurality of functions when the location is identified as the first location and the first subset of the plurality of functions is enabled by the third logic 116, and present, via the user interface 128, a second representation of the second subset of the plurality of functions when the location is identified as the second location and the second subset of the plurality of functions is enabled by the third logic 116.

A system 100 for operating a programmable logic controller ("PLC") 102 via a communications network 104, at least a portion of which includes a wireless communication medium, wherein the PLC 102 provides a plurality of functions, the system 100 comprising:

means for determining a location from which at least initiation of at least one of the plurality of functions of the PLC 102 is originated for communication to the PLC 102 via at least the wireless communication medium;

means for evaluating the determined location to identify whether the determined location is one of a first location or a second location different from the first location;

means for enabling a first subset of the plurality of functions when the determined location is identified as the first location;

means for enabling a second subset of the plurality of functions when the determined location is identified as the second location; and

means for preventing the plurality of functions when the determined location is identified as neither the first or second location.