Patent Grant
11899604
Industrial control systems, such as standard industrial control systems (ICS) or programmable automation controllers (PAC), include various types of control equipment used in industrial production, such as supervisory control and data acquisition (SCADA) systems, distributed control systems (DCS), programmable logic controllers (PLC), and industrial safety systems certified to safety standards such as IEC1508. These systems are used in industries including electrical, water and wastewater, oil and gas production and refining, chemical, food, pharmaceuticals and robotics. Using information collected from various types of sensors to measure process variables, automated and/or operator-driven supervisory commands from the industrial control system can be transmitted to various actuator devices such as control valves, hydraulic actuators, magnetic actuators, electrical switches, motors, solenoids, and the like. These actuator devices collect data from sensors and sensor systems, open and close valves and breakers, regulate valves and motors, monitor the industrial process for alarm conditions, and so forth.
In other examples, SCADA systems can use open-loop control with process sites that may be widely separated geographically. These systems use Remote Terminal Units (RTUs) to send supervisory data to one or more control centers. SCADA applications that deploy RTU's include fluid pipelines, electrical distribution and large communication systems. DCS systems are generally used for real-time data collection and continuous control with high-bandwidth, low-latency data networks and are used in large campus industrial process plants, such as oil and gas, refining, chemical, pharmaceutical, food and beverage, water and wastewater, pulp and paper, utility power, and mining and metals. PLCs more typically provide Boolean and sequential logic operations, and timers, as well as continuous control and are often used in stand-alone machinery and robotics. Further, ICE and PAC systems can be used in facility processes for buildings, airports, ships, space stations, and the like (e.g., to monitor and control Heating, Ventilation, and Air Conditioning (HVAC) equipment and energy consumption). As industrial control systems evolve, new technologies are combining aspects of these various types of control systems. For instance, PACs can include aspects of SCADA, DCS, and PLCs.
Within industrial control systems, communications/control modules typically communicate with field devices (e.g., actuators, sensors, and the like) via input/output modules. Technical advances have created a demand for enhanced connectivity between field devices and higher level enterprise and industrial systems and a greater need for connectivity among the devices themselves. In this regard, industrial systems are evolving in a similar manner to the “internet of things” but with much higher security, reliability, and throughput requirements. Robust and secure input/output modules are needed to accommodate the emerging needs in industrial communications and control systems.
The present disclosure is directed to an input/output module with multi-channel switching capability that can be securely embedded within a communications backplane of an industrial control system. In some embodiments, the input/output module includes a plurality of communication channels, where each of the channels is configured to connect to one or more field devices. Switch fabric within the input/output module selectively facilitates connectivity between an external control module and the one or more field devices via the communication channels. In order to facilitate interconnectivity via the communications backplane, the input/output module can further include a serial communications port and a parallel communications port. The serial communications port can connect the input/output module to the control module in parallel with at least one additional (second) input/output module, where the serial communications port transmits information between the input/output module and the control module. The parallel communications port can separately connect the input/output module to the control module, where the parallel communications port transmits information between the input/output module and the control module, and also transmits information between the input/output module and the second input/output module.
This Summary is provided to introduce a selection of concepts in a simplified form that are further described below in the Detailed Description. This Summary is not intended to identify key features or essential features of the claimed subject matter, nor is it intended to be used as an aid in determining the scope of the claimed subject matter.
The Detailed Description is described with reference to the accompanying figures. The use of the same reference numbers in different instances in the description and the figures may indicate similar or identical items.
Overview
Input/output (I/O) modules are used in industrial control systems to establish communication between communications/control modules and field devices (e.g., actuators, sensors, and the like). Technical advances have created a demand for enhanced connectivity between field devices and higher level enterprise and industrial systems and a greater need for connectivity among the field devices themselves. In this regard, industrial systems are evolving in a similar manner to the “internet of things” but with much higher security, reliability, and throughput requirements. Multi-port switches can be used to securely facilitate TCP/IP communication protocols, among others. However, a switch (e.g., multi-port Ethernet switch) typically resides outside of an industrial control system communications backplane and can be more vulnerable to security threats as a result, possibly endangering devices communicatively coupled to the industrial control system via the switch and potentially placing the industrial control system as a whole at risk.
An I/O module with multi-channel switching capability is disclosed, where the I/O module is configured to be securely embedded within a communications backplane of an industrial control system. In some embodiments, the input/output module includes a plurality of communication channels that can be configured to accommodate a variety of communication protocols such as, but not limited to, Ethernet bus, H1 field bus, Process Field Bus (PROFIBUS), Highway Addressable Remote Transducer (HART) bus, Modbus, and Object Linking and Embedding for Process Control Unified Architecture (OPC UA) communication standards. In some embodiments, two or more distinct communication standards can be concurrently run on respective ones of the communication channels. For example, a first channel may run an OPC UA protocol while a second channel is running PROFIBUS, and so forth.
Example Implementations
In embodiments, the I/O module 100 includes a controller 106, such as a microprocessor, microcontroller, ASIC, FPGA, or other single or multiple core processing unit, configured to control the switch fabric 104. For example, the controller 106 can be configured to set arbitration rules or priorities for the switch fabric and so forth. The controller 106 may be configured to run/execute switch logic 110 (e.g., program instructions) for controlling the switch fabric 104 from a non-transitory medium 108 (e.g., flash or solid-state memory device) that is communicatively coupled to the controller 106. In some embodiments, the I/O module 100 is operable as an OPC UA client and/or server. For example, the controller 106 can be configured to run/execute switch logic 110 that causes the controller 106 to implement OPC UA client or server communications/control protocols.
In some embodiments, the controller 106 is configured to accommodate multiple communication standards running concurrently on respective channels 102. For example, a first channel 102 can be configured by the controller 106 to send and receive information utilizing a PROFIBUS protocol, and a second concurrently operable channel 102 can be configured by the controller 106 to send and receive information utilizing an OPC UA protocol. In general, two or more communication standards may be concurrently implemented via respective channels 102, where the communication standards can include, but are not limited to, Ethernet bus, H1 field bus, PROFIBUS, HART bus, Modbus, and OPC UA communication standards.
The I/O module 100 may be further configured to synchronize timing of connected field devices 217 according to a timing protocol, such as the IEEE 1588 Precision Time Protocol (PTP). In this regard, the I/O module 100 can implement a time distribution system, where the I/O module 100 is a synchronization master device or an intermediate synchronization device, the field devices 217 being lower than the I/O module 100 in the timing control hierarchy.
In addition to establishing connectivity to the field device 217 via communication channels 102, the I/O module 100 can be further configured to supply power to the field devices 217. In some embodiments, for example, the I/O module 100 includes Power-Over-Ethernet (POE) circuitry 120 configured to distribute incoming electrical power to one or more of the communication channels 102. Power may be supplied to the I/O module via a power backplane connection port 112 (e.g., E-core connection port) or an input jack 118. For example, the input jack 118 may be coupled to an external power source (e.g., local generator, backup power supply, etc.). In embodiments, the controller 106 can be configured to selectively enable power transfer via the communication channels 102. For example, POE functionality can be enabled for communication channels 102 coupled to field devices 217 having POE capabilities (e.g., low voltage actuators 218, sensor 220, or communication devices). Where a device 217 is configured to be powered by another source (e.g., connection to the power backplane 234, internal/external battery, or other internal/external power source), the controller 106 may be configured to disable POE functionality of the respective communication channel 102 that is coupled with the device 217.
The I/O module 100 further includes one or more connection ports (e.g., I-core connection ports) that facilitate interconnectivity with at least one communications/control module 214 via a communications backplane (e.g., switch fabric 202). In some embodiments, the I/O module 100 includes at least one serial communications port 114 and at least one parallel communications port 116. The serial communications port 114 can connect the I/O module 100 to the communications/control module 214 in parallel with at least one additional (second) I/O module 100. For example, the first and second I/O modules 100 can be concurrently connected to the communications/control module 214 via respective serial interface connections 204, where each I/O module 100 can receive information from and transmit information to the communications/control module 214 via the respective serial interface 204. The parallel communications port 116 can separately connect the I/O module 100 to the communications/control module 214 via a parallel communications interface 206, where the I/O module 100 can receive information from and transmit information to the communications/control module 214 via the parallel communications interface 206. The I/O module 100 can also communicate with other I/O modules 100 via the parallel communications port 116 and interface 206.
In embodiments, one or more ports (e.g., serial communication port 114, parallel communication port 116, power backplane input 112, and/or input jack 118) of the I/O module comprise or are coupled with electromagnetic connectors 207 of connector assemblies 208, such as those described in U.S. patent application Ser. No. 13/341,143 (Pub. No. US 2013/0170258) and Ser. No. 14/597,498, and in International Application No. PCT/US2012/072056 (International Pub. No. WO/2013/102069), all of which are entirely incorporated herein by reference. The electromagnetic connectors 207 may be used in any application where it is desirable to couple electrical circuits together for transmitting electrical signals and/or electrical power from one circuit to another, while maintaining isolation between the circuits. The electromagnetic connectors 207 can be used in applications including, but not necessarily limited to: industrial control systems/process control systems (e.g., to connect I/O modules 100 with power and/or communications signal transmission circuitry), telecommunications (e.g., for audio, broadband, video, and/or voice transmission), information/data communications (e.g., for connecting computer networking equipment, such as Ethernet equipment, modems, and so forth), computer hardware interconnection (e.g., for connecting peripherals, such as joysticks, keyboards, mice, monitors, and so on), game consoles, test/measurement instruments, electrical power connectors (e.g., for power transmission from AC mains), and the like.
Each one of the electromagnetic connectors 207 is configured to form a magnetic circuit portion, which includes a core member and a coil disposed of (e.g., around or within) the core member. For the purposes of the present disclosure, it should be noted that “core member” is used to refer to an incomplete part of a magnetic core, which is completed by another core member when the electromagnetic connectors 207 are coupled together. Each electromagnetic connector 207 is configured to mate with another electromagnetic connector 207 of a connector assembly 208 for transmitting power and/or communications signals between components that are connected via the electromagnetic connectors 207. For example, a first core member of an electromagnetic connector 207 can be configured to contact a second core member of another electromagnetic connector 207 when the first electromagnetic connector 207 is mated with the second electromagnetic connector 207. In this manner, a coil of the first electromagnetic connector 207 can be tightly coupled to another coil of the second electromagnetic connector 207 with a magnetic circuit formed from the magnetic circuit portion of the first electromagnetic connector 207 and the magnetic circuit portion of the second electromagnetic connector 207. The magnetic circuit is configured to induce a signal in one of the coils when the other coil is energized, allowing power and/or communications signals to be transmitted between components that are connected via the electromagnetic connectors 207. In implementations, the coils can be tightly coupled (e.g., using an iron core to provide a coupling coefficient of about one (1)), critically coupled (e.g., where energy transfer in the passband is optimal), or overcoupled (e.g., where a secondary coil is close enough to a primary coil to collapse the primary coil's field).
The first core member may not necessarily be configured to contact the second core member when the first electromagnetic connector 207 is mated with the second electromagnetic connector 207. Thus, an electromagnetic connector assembly 208 can be configured to transmit power and/or communications signals between components that are connected via electromagnetic connectors 207 using, for example, an interference fit configuration, where one coil is disposed around a first core member, while another coil is disposed within a second core member. The interference fit may be established using connectors having geometries including, but not necessarily limited to: conical, concentric, eccentric, geometric, sloped for friction fit, and so forth.
In implementations, one or both of the core members and/or coils can be at least partially (e.g., fully or partially) mechanically encased within a protective layer. The protective layer may be fabricated of a non-conductive/insulating material, such as a coating of thin film plastic material. The protective layer (e.g., non-conductive/insulating material) can be applied using techniques including, but not necessarily limited to: coating, painting, deposition, and so forth. For instance, the core member and coil of a first electromagnetic connector 207 included within the I/O module 100 can be partially enclosed by a cover, while a second electromagnetic connector 207 included within the power or communications backplane 202/234 may include a shaft configured to mate with the cover. In this manner, the cover and the shaft may be configured to ensure proper alignment of the first electromagnetic connector 207 with the second electromagnetic connector 207, while protecting the core members and/or the coil of the first electromagnetic connector 207 from corrosion, mechanical damage (e.g., fracture), and so forth. Encasement may be especially useful when a core member is constructed from a brittle material. For instance, the core member can be tightly encased in a protective layer formed of a plastic material. In this manner, when damage to the core member (e.g., cracks or breaks in the core member) occurs, the pieces of material can be maintained in substantial contact with one another within the casing, thus damage to the core material may not significantly decrease performance.
When the electromagnetic connectors 207 are mated, a core member of the power or communications backplane 202/234 and a core member of the I/O module 100 may be configured to couple the coils via a magnetic circuit. The magnetic circuit may induce a signal in a coil of the I/O module 100 when a respective coil of the power or communications backplane 202/234 is energized (e.g., with the AC signal from a DC/AC converter). The signal induced in the coil of the I/O module 100 may be used to power and/or furnish communications with circuitry of the module 100. It should be noted that while power or communications backplane 202/234 is described as inducing a signal in the I/O module 100, this implementation is provided by way of example only and is not meant to be restrictive of the present disclosure. The magnetic circuit can also be used to induce a signal in a coil of the power or communications backplane 202/234 when a coil of the I/O module 100 is energized to power and/or furnish communications with the power or communications backplane 202/234 (e.g., transmission of communications via switch fabric 202 to the communications/control module 214). Further, the coils included with mating electromagnetic connectors 207 may be energized in an alternating sequence (e.g., one after another) to provide bidirectional communication, and so forth.
The industrial control system 200 is configured to transmit data to and from the I/O modules 100. The I/O modules 100 can comprise input modules, output modules, and/or input and output modules. For instance, input modules can be used to receive information from input field devices 217 (e.g., sensors 218), while output modules can be used to transmit instructions to output field devices 217 (e.g., actuators 220). For example, an I/O module 100 can be connected to a process sensor for measuring pressure in piping for a gas plant, a refinery, and so forth and/or connected to a process actuator for controlling a valve, binary or multiple state switch, transmitter, or the like. Field devices 217 are communicatively coupled with the 10 modules 100 either directly or via network connections. For example, the field device 217 can be connective via communication channels 102 accommodating one or more TCP/IP standards. These devices 217 can include control valves, hydraulic actuators, magnetic actuators, motors, solenoids, electrical switches, transmitters, input sensors/receivers (e.g., illumination, radiation, gas, temperature, electrical, magnetic, and/or acoustic sensors) communications sub-busses, and the like.
The industrial control system 200 includes switch fabric 202 facilitating interconnectivity of a communications backplane. In embodiments, the switch fabric 202 comprises a serial communications interface 204 and a parallel communications interface 206 for furnishing communications with a number of I/O modules 100. As shown in
In some embodiments, a “tongue and groove” configuration can be used that provides inherent fastening and support in three planes. For example, a printed circuit board included within an I/O module 100 can be configured to slide along and between two track segments in a direction perpendicular to the plane of a core member. Further, a core member can be mechanically isolated from (e.g., not touching) the circuit board. It should be noted that the implementation with planar primary and secondary windings is provided by way of example only and is not necessarily meant to be restrictive of the present disclosure. Thus, other implementations can use other coil configurations, such as wire wound coils, and so forth. For example, the primary coil may comprise a planar winding, and the secondary coil may comprise a wire wound coil. Further, the primary coil may comprise a wire wound coil, and the secondary coil may comprise a planar winding. In other implementations, primary and secondary coils may both comprise wire wound coils.
The serial communications interface 204 may be implemented using a group of connectors connected in parallel with one another. In some embodiments, the connectors may be configured as electromagnetic connectors 207/connector assemblies 208 (e.g., as previously described). For example, the serial communications interface 204 may be implemented using a multidrop bus 210, or the like. In implementations, the multidrop bus 210 may be used for configuration and diagnostic functions of the I/O modules 100/slave devices. The parallel communications interface 206 allows multiple signals to be transmitted simultaneously over multiple dedicated high speed parallel communication channels. For instance, the parallel communications interface 206 may be implemented using a cross switch 212, or the like.
In an embodiment shown in
The parallel communications interface 206 may be used for data collection from the I/O modules 100/slave devices. Further, because each I/O module 100/slave device has its own private bus to the communications/control module 214/master device, each I/O module 100/slave device can communicate with the communications/control module 214 at the same time. Thus, the total response time for the industrial control system 200/switch fabric 202 may be limited to that of the slowest I/O module 100/slave device, instead of the sum of all slave devices, as in the case of a typical multidrop bus.
In implementations, the switch fabric 202, the serial communications interface 204, and the parallel communications interface 206 may be implemented in a single, monolithic circuit board 216, e.g., with multiple E-shaped core members of electromagnetic connectors 207 extending through the circuit board 216, as shown in
The switch fabric 202 may be configured for connecting one or more I/O modules 100 (e.g., as slave devices) and transmitting data to and from the I/O modules 100. The I/O modules 100 may comprise input modules, output modules, and/or input and output modules. For instance, input modules can be used to receive information from input instruments in the process or the field, while output modules can be used to transmit instructions to output instruments in the field. For example, an I/O module 100 can be connected to a process sensor, such as a sensor 218 for measuring pressure in piping for a gas plant, a refinery, and so forth. In implementations, the I/O modules 100 can be used the industrial control system 200 collect data in applications including, but not necessarily limited to critical infrastructure and/or industrial processes, such as product manufacturing and fabrication, utility power generation, oil, gas, and chemical refining; pharmaceuticals, food and beverage, pulp and paper, metals and mining and facility and large campus industrial processes for buildings, airports, ships, and space stations (e.g., to monitor and control Heating, Ventilation, and Air Conditioning (HVAC) equipment and energy consumption).
In implementations, an I/O module 100 can be configured to convert analog data received from the sensor to digital data (e.g., using Analog-to-Digital Converter (ADC) circuitry, and so forth). An I/O module 100 can also be connected to one or more process actuators 220 such as a motor or a regulating valve or an electrical relay and other forms of actuators and configured to control one or more operating characteristics of the motor, such as motor speed, motor torque, or position of the regulating valve or state of the electrical relay and so forth. Further, the I/O module 100 can be configured to convert digital data to analog data for transmission to the actuator 220 (e.g., using Digital-to-Analog (DAC) circuitry, and so forth). In implementations, one or more of the I/O modules 100 can comprise a communications module configured for communicating via a communications sub-bus, such as an Ethernet bus, an H1 field bus, a PROFIBUS, a HART bus, a Modbus, an OPC UA bus, and so forth. Further, two or more I/O modules 100 can be used to provide fault tolerant and redundant connections for various field devices 217 such as control valves, hydraulic actuators, magnetic actuators, motors, solenoids, electrical switches, transmitters, input sensors/receivers (e.g., illumination, radiation, gas, temperature, electrical, magnetic, and/or acoustic sensors) communications sub-busses, and the like.
Each I/O module 100 may be provided with a unique identifier (ID) for distinguishing one I/O module 100 from another I/O module 100. In implementations, an I/O module 100 may be identified by its ID when it is connected to the industrial control system 200. Multiple I/O modules 100 can be used with the industrial control system 200 to provide redundancy. For example, two or more I/O modules 100 can be connected to the sensor 218, actuator 220, or any other field device 217, as shown in
One or more of the I/O modules 100 can include an interface for connecting to other networks including, but not necessarily limited to: a wide-area cellular telephone network, such as a 3G cellular network, a 4G cellular network, or a Global System for Mobile communications (GSM) network; a wireless computer communications network, such as a Wi-Fi network (e.g., a Wireless LAN (WLAN) operated using IEEE 802.11 network standards); a Personal Area Network (PAN) (e.g., a Wireless PAN (WPAN) operated using IEEE 802.15 network standards); a Wide Area Network (WAN); an intranet; an extranet; an internet; the Internet; and so on. Further, one or more of the I/O modules 100 can include a connection for connecting an I/O module 100 to a computer bus, and so forth.
The communications/control modules 214 can be used to monitor and control the I/O modules 100, and to connect two or more I/O modules 100 together. In embodiments of the disclosure, a communications/control module 214 can update a routing table when an I/O module 100 is connected to the industrial control system 200 based upon a unique ID for the I/O module 100. Further, when multiple redundant I/O modules 100 are used, each communications/control module 214 can implement mirroring of informational databases regarding the I/O modules 100 and update them as data is received from and/or transmitted to the I/O modules 100. In some embodiments, two or more communications/control module 214 are used to provide redundancy. For added security, the communications/control module 214 can be configured to perform an authentication sequence or handshake to authenticate one another at predefined events or times including such as startup, reset, installation of a new control module 214, replacement of a communications/control module 214, periodically, scheduled times, and the like. The I/O modules 100 can also be configured to perform an authentication sequence or “handshake,” as illustrated in
Data transmitted using the switch fabric 202 may be packetized, i.e., discrete portions of the data may be converted into data packets comprising the data portions along with network control information, and so forth. The industrial control system 200/switch fabric 202 may use one or more protocols for data transmission, including a bit-oriented synchronous data link layer protocol such as High-Level Data Link Control (HDLC). In a specific instance, the industrial control system 200/switch fabric 202 may implement HDLC according to an International Organization for Standardization (ISO) 13239 standard, or the like. Further, two or more communications/control modules 214 can be used to implement redundant HDLC. However, it should be noted that HDLC is provided by way of example only and is not meant to be restrictive of the present disclosure. Thus, the industrial control system 200 may use other various communications protocols in accordance with the present disclosure.
One or more of the communications/control modules 214 may be configured for exchanging information with components used for monitoring and/or controlling the instrumentation connected to the switch fabric 202 via the I/O modules 100, such as one or more control loop feedback mechanisms/controllers 226. In implementations, a controller 226 can be configured as a microcontroller/Programmable Logic Controller (PLC), a Proportional-Integral-Derivative (PID) controller, and so forth. One or more of the communications/control modules 214 may include a network interface 228 for connecting the industrial control system 200 to a controller 226 via a network 230. In implementations, the network interface 228 may be configured as a Gigabit Ethernet interface for connecting the switch fabric 202 to a Local Area Network (LAN). Further, two or more communications/control modules 214 can be used to implement redundant Gigabit Ethernet. However, it should be noted that Gigabit Ethernet is provided by way of example only and is not meant to be restrictive of the present disclosure. Thus, the network interface 228 may be configured for connecting the industrial control system 200 to other various networks, including but not necessarily limited to: a wide-area cellular telephone network, such as a 3G cellular network, a 4G cellular network, or a Global System for Mobile communications (GSM) network; a wireless computer communications network, such as a Wi-Fi network (e.g., a Wireless LAN (WLAN) operated using IEEE 802.11 network standards); a Personal Area Network (PAN) (e.g., a Wireless PAN (WPAN) operated using IEEE 802.15 network standards); a Wide Area Network (WAN); an intranet; an extranet; an internet; the Internet; and so on. Additionally, the network interface 228 may be implemented using computer bus. For example, the network interface 228 can include a Peripheral Component Interconnect (PCI) card interface, such as a Mini PCI interface, and so forth. Further, the network 230 may be configured to include a single network or multiple networks across different access points.
The industrial control system 200 may include one or more power modules 232 for supplying electrical power to field devices via the I/O modules 100. One or more of the power modules 232 may include an AC-to-DC (AC/DC) converter for converting Alternating Current (AC) (e.g., as supplied by AC mains, and so forth) to Direct Current (DC) for transmission to a field device, such as the motor 220 (e.g., in an implementation where the motor 220 comprises a DC motor). Two or more power modules 232 can be used to provide redundancy. For example, as shown in
The industrial control system 200 can receive electrical power from multiple sources. For example, AC power may be supplied from a power grid (e.g., using high voltage power from AC mains). AC power can also be supplied using local power generation (e.g., an on-site turbine or diesel local power generator). A power supply may distribute electrical power from the power grid to automation equipment of the industrial control system 200, such as controllers, I/O modules, and so forth. A power supply can also be used to distribute electrical power from the local power generator to the industrial control system equipment. The industrial control system 200 can also include additional (backup) power supplies configured to store and return DC power using multiple battery modules. For example, a power supply may function as a UPS. In some embodiments, multiple power supplies can be distributed (e.g., physically decentralized) within the industrial control system 200.
The industrial control system 200 may be implemented using a support frame 236. The support frame 236 may be used to support and/or interconnect the communications/control module(s) 214, the power module(s) 232, the switch fabric 202, the power backplane(s) 234, and/or the I/O modules 100. For example, the switch fabric 202 may be comprised of a circuit board 216. The circuit board 216 may be mounted to the support frame 236 using a fastener such as, for example, double sided tape, adhesive, or mechanical fasteners (e.g., screws, bolts, etc.). Additionally, the core members of the electromagnetic connectors 207 may be mounted to the support frame 236 using a fastener such as, for example, double sided tape, adhesive, or mechanical fasteners (e.g., screws, bolts, etc.). In some implementations, a template may be used to position the core members in the channel of the support frame 236. In implementations, the top surface of a core member may be substantially flush with a top surface of the circuit board 216. In other implementations, the top surface of a core member may be recessed some distance below a top surface of the circuit board 216 (e.g., by about one millimeter (1 mm)) and/or may extend above a top surface of the circuit board 216.
The support frame 236 may include slots 238 to provide registration for the I/O modules 100, such as for aligning connectors (e.g., electromagnetic connectors 207) of the I/O modules 100 with connectors (e.g., electromagnetic connectors 207) included with the circuit board 216 and/or connectors (e.g., electromagnetic connectors 207) of a power backplane 234. For example, an I/O module 100 may include connectors 240 having tabs/posts 242 for inserting into slots 238 and providing alignment of the I/O module 100 with respect to the circuit board 216. In implementations, one or more of the connectors 240 may be constructed from a thermally conductive material (e.g., metal) connected to a thermal plane of PCB 224 to conduct heat generated by components of the PCB 224 away from the PCB 224 and to the support frame 236, which itself may be constructed of a thermally conductive material (e.g., metal). Further, the industrial control system 200 may associate a unique physical ID with each physical slot 238 to uniquely identify each I/O module 100 coupled with a particular slot 238. For example, the ID of a particular slot 238 can be associated with an I/O module 100 coupled with the slot 238 and/or a second ID uniquely associated with the I/O module 100. Further, the ID of a particular I/O module 100 can be used as the ID for a slot 238 when the I/O module 100 is coupled with the slot 238. The support frame 236 can be constructed for cabinet mounting, rack mounting, wall mounting, and so forth.
It should be noted that while the industrial control system 200 is described in the accompanying figures as including one switch fabric 202, more than one switch fabric 202 may be provided with industrial control system 200. For example, two or more switch fabrics 202 may be used with the industrial control system 200 (e.g., to provide physical separation between redundant switch fabrics 202, and so forth). Each one of the switch fabrics 202 may be provided with its own support frame 236. Further, while both the serial communications interface 204 and the parallel communications interface 206 are described as included in a single switch fabric 202, it will be appreciated that physically separate switch fabrics may be provided, where one switch fabric includes the serial communications interface 204, and another switch fabric includes the parallel communications interface 206.
The control elements/subsystems and/or industrial elements (e.g., the I/O modules 100, the communications/control modules 214, the power modules 232, and so forth) can be connected together by one or more backplanes. For example, as described above, communications/control modules 214 can be connected to I/O modules 100 by a communications backplane (e.g., switch fabric 202). Further, power modules 232 can be connected to I/O modules 100 and/or to communications/control modules 214 by a power backplane 234. In some embodiments, physical interconnect devices (e.g., switches, connectors, or cables such as, but not limited to, those described in U.S. patent application Ser. No. 14/446,412, hereby incorporated by reference in its entirety) are used to connect to the I/O modules 100, the communications/control modules 214, the power modules 232, and possibly other industrial control system equipment. For example, a cable can be used to connect a communications/control module 214 to a network 230, another cable can be used to connect a power module 232 to a power grid, another cable can be used to connect a power module 232 to a local power generator, and so forth.
In some embodiments, the industrial control system 200 implements a secure control system, as described in U.S. patent application Ser. No. 14/469,931 and International Application No. PCT/US2013/053721, which are entirely incorporated herein by reference. For example, the industrial control system 200 includes a security credential source (e.g., a factory) and a security credential implementer (e.g., a key management entity). The security credential source is configured to generate a unique security credential (e.g., a key, a certificate, etc., such as a unique identifier, and/or a security credential). The security credential implementer is configured to provision the control elements/subsystems and/or industrial elements (e.g., cables, devices 217, I/O modules 100, communications/control modules 214, power modules 232, and so forth) with a unique security credential generated by the security credential source.
Multiple (e.g., every) device 217, I/O module 100, communications/control module 214, power module 232, physical interconnect devices, etc., of the industrial control system 200 can be provisioned with security credentials for providing security at multiple (e.g., all) levels of the industrial control system 200. Still further, the control elements/subsystems and/or industrial elements including the sensors and/or actuators and so forth, can be provisioned with the unique security credentials (e.g., keys, certificates, etc.) during manufacture (e.g., at birth), and can be managed from birth by a key management entity of the industrial control system 200 for promoting security of the industrial control system 200.
In some embodiments, communications between the control elements/subsystems and/or industrial elements including the sensors and/or actuators and so forth, of the industrial control system 200 includes an authentication process. The authentication process can be performed for authenticating control elements/subsystem and/or industrial elements including the sensors and/or actuators and so forth, implemented in the industrial control system 200. Further, the authentication process can utilize security credentials associated with the element and/or physical interconnect device for authenticating that element and/or physical interconnect device. For example, the security credentials can include encryption keys, certificates (e.g., public key certificates, digital certificates, identity certificates, security certificates, asymmetric certificates, standard certificates, non-standard certificates) and/or identification numbers.
In implementations, multiple control elements/subsystems and/or industrial elements of the industrial control system 200 are provisioned with their own unique security credentials. For example, each element of the industrial control system 200 may be provisioned with its own unique set(s) of certificates, encryption keys and/or identification numbers when the element is manufactured (e.g., the individual sets of keys and certificates are defined at the birth of the element). The sets of certificates, encryption keys and/or identification numbers are configured for providing/supporting strong encryption. The encryption keys can be implemented with standard (e.g., commercial off-the-shelf (COTS)) encryption algorithms, such as National Security Agency (NSA) algorithms, National Institute of Standards and Technology (NIST) algorithms, or the like.
Based upon the results of the authentication process, the element being authenticated can be activated, partial functionality of the element can be enabled or disabled within the industrial control system 200, complete functionality of the element can be enabled within the industrial control system 200, and/or functionality of the element within the industrial control system 200 can be completely disabled (e.g., no communication facilitated between that element and other elements of the industrial control system 200).
In embodiments, the keys, certificates and/or identification numbers associated with an element of the industrial control system 200 can specify the original equipment manufacturer (OEM) of that element. As used herein, the term “original equipment manufacturer” or “OEM” can be defined as an entity that physically manufactures the device (e.g., element) and/or a supplier of the device such as an entity that purchases the device from a physical manufacturer and sells the device. Thus, in embodiments, a device can be manufactured and distributed (sold) by an OEM that is both the physical manufacturer and the supplier of the device. However, in other embodiments, a device can be distributed by an OEM that is a supplier, but is not the physical manufacturer. In such embodiments, the OEM can cause the device to be manufactured by a physical manufacturer (e.g., the OEM can purchase, contract, order, etc. the device from the physical manufacturer).
Additionally, where the OEM comprises a supplier that is not the physical manufacturer of the device, the device can bear the brand of the supplier instead of brand of the physical manufacturer. For example, in embodiments where an element (e.g., a communications/control module 214 or an I/O module 100) is associated with a particular OEM that is a supplier but not the physical manufacturer, the element's keys, certificates and/or identification numbers can specify that origin. During authentication of an element of the industrial control system 200, when a determination is made that an element being authenticated was manufactured or supplied by an entity that is different than the OEM of one or more other elements of the industrial control system 200, then the functionality of that element can be at least partially disabled within the industrial control system 200. For example, limitations can be placed upon communication (e.g., data transfer) between that element and other elements of the industrial control system 200, such that the element cannot work/function within the industrial control system 200. When one of the elements of the industrial control system 200 requires replacement, this feature can prevent a user of the industrial control system 200 from unknowingly replacing the element with a non-homogenous element (e.g., an element having a different origin (a different OEM) than the remaining elements of the industrial control system 200) and implementing the element in the industrial control system 200. In this manner, the techniques described herein can prevent the substitution of elements of other OEM's into a secure industrial control system 200. In one example, the substitution of elements that furnish similar functionality in place of elements provided by an originating OEM can be prevented, since the substituted elements cannot authenticate and operate within the originating OEM's system. In another example, a first reseller can be provided with elements having a first set of physical and cryptographic labels by an originating OEM, and the first reseller's elements can be installed in an industrial control system 200. In this example, a second reseller can be provided with elements having a second (e.g., different) set of physical and cryptographic labels by the same originating OEM. In this example, the second reseller's elements may be prevented from operating within the industrial control system 200, since they may not authenticate and operate with the first reseller's elements. However, it should also be noted that the first reseller and the second reseller may enter into a mutual agreement, where the first and second elements can be configured to authenticate and operate within the same industrial control system 200. Further, in some embodiments, an agreement between resellers to allow interoperation can also be implemented so the agreement only applies to a specific customer, group of customers, facility, etc.
In another instance, a user can attempt to implement an incorrectly designated (e.g., mismarked) element within the industrial control system 200. For example, the mismarked element can have a physical indicia marked upon it which falsely indicates that the element is associated with the same OEM as the OEM of the other elements of the industrial control system 200. In such instances, the authentication process implemented by the industrial control system 200 can cause the user to be alerted that the element is counterfeit. This process can also promote improved security for the industrial control system 200, since counterfeit elements are often a vehicle by which malicious software can be introduced into the industrial control system 200. In embodiments, the authentication process provides a secure air gap for the industrial control system 200, ensuring that the secure industrial control system is physically isolated from insecure networks.
In implementations, the secure industrial control system 200 includes a key management entity. The key management entity can be configured for managing cryptographic keys (e.g., encryption keys) in a cryptosystem. This managing of cryptographic keys (e.g., key management) can include the generation, exchange, storage, use, and/or replacement of the keys. For example, the key management entity is configured to serve as a security credentials source, generating unique security credentials (e.g., public security credentials, secret security credentials) for the elements of the industrial control system 200. Key management pertains to keys at the user and/or system level (e.g., either between users or systems).
In embodiments, the key management entity comprises a secure entity such as an entity located in a secure facility. The key management entity can be remotely located from the I/O modules 100, the communications/control modules 214, and the network 230. For example, a firewall can separate the key management entity from the control elements or subsystems and the network 230 (e.g., a corporate network). In implementations, the firewall can be a software and/or hardware-based network security system that controls ingoing and outgoing network traffic by analyzing data packets and determining whether the data packets should be allowed through or not, based on a rule set. The firewall thus establishes a barrier between a trusted, secure internal network (e.g., the network 230) and another network that is not assumed to be secure and trusted (e.g., a cloud and/or the Internet). In embodiments, the firewall allows for selective (e.g., secure) communication between the key management entity and one or more of the control elements or subsystems and/or the network 230. In examples, one or more firewalls can be implemented at various locations within the industrial control system 200. For example, firewalls can be integrated into switches and/or workstations of the network 230.
The secure industrial control system 200 can further include one or more manufacturing entities (e.g., factories). The manufacturing entities can be associated with original equipment manufacturers (OEMs) for the elements of the industrial control system 200. The key management entity can be communicatively coupled with the manufacturing entity via a network (e.g., a cloud). In implementations, when the elements of the industrial control system 200 are being manufactured at one or more manufacturing entities, the key management entity can be communicatively coupled with (e.g., can have an encrypted communications pipeline to) the elements. The key management entity can utilize the communications pipeline for provisioning the elements with security credentials (e.g., inserting keys, certificates and/or identification numbers into the elements) at the point of manufacture.
Further, when the elements are placed into use (e.g., activated), the key management entity can be communicatively coupled (e.g., via an encrypted communications pipeline) to each individual element worldwide and can confirm and sign the use of specific code, revoke (e.g., remove) the use of any particular code, and/or enable the use of any particular code. Thus, the key management entity can communicate with each element at the factory where the element is originally manufactured (e.g., born), such that the element is born with managed keys. A master database and/or table including all encryption keys, certificates and/or identification numbers for each element of the industrial control system 200 can be maintained by the key management entity. The key management entity, through its communication with the elements, is configured for revoking keys, thereby promoting the ability of the authentication mechanism to counter theft and re-use of components.
In implementations, the key management entity can be communicatively coupled with one or more of the control elements/subsystems, industrial elements, and/or the network 230 via another network (e.g., a cloud and/or the Internet) and firewall. For example, in embodiments, the key management entity can be a centralized system or a distributed system. Moreover, in embodiments, the key management entity can be managed locally or remotely. In some implementations, the key management entity can be located within (e.g., integrated into) the network 230 and/or the control elements or subsystems. The key management entity can provide management and/or can be managed in a variety of ways. For example, the key management entity can be implemented/managed: by a customer at a central location, by the customer at individual factory locations, by an external third party management company and/or by the customer at different layers of the industrial control system 200, and at different locations, depending on the layer.
Varying levels of security (e.g., scalable, user-configured amounts of security) can be provided by the authentication process. For example, a base level of security can be provided which authenticates the elements and protects code within the elements. Other layers of security can be added as well. For example, security can be implemented to such a degree that a component, such as the communications/control module 214 or the I/O module 100, cannot power up without proper authentication occurring. In implementations, encryption in the code is implemented in the elements, while security credentials (e.g., keys and certificates) are implemented on the elements. Security can be distributed (e.g., flows) through the industrial control system 200. For example, security can flow through the industrial control system 200 all the way to an end user, who knows what a module is designed to control in that instance. In embodiments, the authentication process provides encryption, identification of devices for secure communication and authentication of system hardware or software components (e.g., via digital signature).
In implementations, the authentication process can be implemented to provide for and/or enable interoperability within the secure industrial control system 200 of elements manufactured and/or supplied by different manufacturers/vendors/suppliers (e.g., OEMs). For example, selective (e.g., some) interoperability between elements manufactured and/or supplied by different manufacturers/vendors/suppliers can be enabled. In embodiments, unique security credentials (e.g., keys) implemented during authentication can form a hierarchy, thereby allowing for different functions to be performed by different elements of the industrial control system 200.
The communication links connecting the components of the industrial control system 200 can further employ data packets, such as runt packets (e.g., packets smaller than sixty-four (64) bytes), placed (e.g., injected and/or stuffed) therein, providing an added level of security. The use of runt packets increases the level of difficulty with which outside information (e.g., malicious content such as false messages, malware (viruses), data mining applications, etc.) can be injected onto the communications links. For example, runt packets can be injected onto a communication link within gaps between data packets transmitted from the I/O module 100 to one or more field devices 217 via one or more of the communication channels 102 to hinder an external entity's ability to inject malicious content onto the communication link.
As shown in
The action authenticator 304 can either be on-site with the action originator 302 (e.g., directly connected device lifecycle management system (“DLM”) 322 or secured workstation 326) or remotely located (e.g., DLM 322 connected via the network 318). In general, the action authenticator 304 includes a storage medium with a private key stored thereon and a processor configured to sign and/or encrypt the action request generated by the action originator 302 with the private key. The private key is stored in a memory that cannot be accessed via standard operator login. For instance, the secured workstation 326 can require a physical key, portable encryption device (e.g., smart card, RFID tag, or the like), and/or biometric input for access.
In some embodiments, the action authenticator 304 includes a portable encryption device such as a smart card 324 (which can include a secured microprocessor). The advantage of using a portable encryption device is that the entire device (including the privately stored key and processor in communication therewith) can be carried with an operator or user that has authorized access to an interface of the action originator 302. Whether the action authentication node 304 accesses the authentication path 300 via secured or unsecured workstation, the action request from the action originator 302 can be securely signed and/or encrypted within the architecture of the portable encryption device instead of a potentially less secure workstation or cloud-based architecture. This secures the industrial control system 200 from unauthorized actions. For instance, an unauthorized person would have to physically take possession of the smart card 324 before being able to authenticate any action requests sent via the action originator 302.
Furthermore, multiple layers of security can be employed. For example, the action authenticator 304 can include a secured workstation 326 that is only accessible to sign and/or encrypt action requests via smart card access or the like. Additionally, the secured workstation 326 can be accessible via a biometric or multifactor cryptography device 328 (e.g., fingerprint scanner, iris scanner, and/or facial recognition device). In some embodiments, a multifactor cryptography device 328 requires a valid biometric input before enabling the smart card 324 or other portable encryption device to sign the action request.
The I/O module 100 or any other industrial element/controller 306 being driven by the action originator 302 is configured to receive the signed action request, verify the authenticity of the signed action request, and perform a requested action when the authenticity of the signed action request is verified. In some embodiments, the industrial element/controller 306 includes a storage medium 330 (e.g., SD/micro-SD card, HDD, SSD, or any other non-transitory storage device) configured to store the action request (e.g., application image, control command, and/or any other data sent by the action originator). The I/O module 100 or any other industrial element/controller 306 further includes a processor 332 (e.g., controller 106) that performs/executes the action request (i.e., performs the requested action) after the signature is verified. In some embodiments, the action request is encrypted by the action originator 302 and/or the action authenticator 332 and must also be decrypted by the processor 332 before the requested action can be performed. In implementations, the I/O module 100 or any other industrial element/controller 306 includes a virtual key switch 334 (e.g., a software module running on the processor 332) that enables the processor 332 to perform the requested action only after the action request signature is verified and/or after the action request is decrypted. In some embodiments, each and every action or each one of a selection of critical actions must clear the authentication path before being run on the I/O module 100 or any other industrial element/controller 306.
For enhanced security, the I/O module 100 or any other industrial element/controller 306 can be further configured to perform an authentication sequence with the action authenticator 304 (e.g., with a smart card 324 or the like) before the requested action is run by the I/O module 100 or any other industrial element/controller 306. For example, the so-called “handshake” can be performed prior to step 410 or even prior to step 406. In some embodiments, the signature and verification steps 404 and 408 can be completely replaced with a more intricate authentication sequence. Alternatively, the authentication sequence can be performed as an additional security measure to augment the simpler signature verification and/or decryption measures.
In some embodiments, the authentication sequence implemented by the I/O module 100 or any other industrial element/controller 306 can include: sending a request datagram to the action authenticator 304, the request datagram including a first nonce, a first device authentication key certificate (e.g., a first authentication certificate that contains a device authentication key), and a first identity attribute certificate; receiving a response datagram from the action authenticator 304, the response datagram including a second nonce, a first signature associated with the first and second nonces, a second device authentication key certificate (e.g., a second authentication certificate that contains a device authentication key), and a second identity attribute certificate; validating the response datagram by verifying the first signature associated with the first and second nonces, the second device authentication key certificate, and the second identity attribute certificate; and sending an authentication datagram to the action authenticator 304 when the response datagram is valid, the authentication datagram including a second signature associated with the first and second nonces.
Alternatively, the action authenticator 304 can initiate the handshake, in which case the authentication sequence implemented by the I/O module 100 or any other industrial element/controller 306 can include: receiving a request datagram from the action authenticator 304, the request datagram including a first nonce, a first device authentication key certificate, and a first identity attribute certificate; validating the request datagram by verifying the first device authentication key certificate and the first identity attribute certificate; sending a response datagram to the action authenticator 304 when the request datagram is valid, the response datagram including a second nonce, a first signature associated with the first and second nonces, a second device authentication key certificate, and a second identity attribute certificate; receiving an authentication datagram from the action authenticator 304, the authentication datagram including a second signature associated with the first and second nonces; and validating the authentication datagram by verifying the second signature associated with the first and second nonces.
The handshake or authentication sequence that can be implemented by the I/O module 100 or any other industrial element/controller 306 and the action authenticator 304 is further described in U.S. patent application Ser. No. 14/519,047, which is fully incorporated herein by reference. Those skilled in the art will appreciate the applicability of the handshake between redundant communications/control modules 106 to the handshake described herein between the I/O module 100 or any other industrial element/controller 306 and the action authenticator 304.
Each of the action originator 302, the action authenticator 304, and the I/O module 100 or any other industrial element/controller 306 can include circuitry and/or logic enabled to perform the functions or operations (e.g., blocks of method 400 and the authentication sequence) described herein. For example, each of the action originator 302, the action authenticator 304, and the I/O module 100 or any other industrial element/controller 306 can include one or more processors that execute program instruction stored permanently, semi-permanently, or temporarily by a non-transitory machine readable medium such as, but not limited to: a hard disk drive (HDD), solid-state disk (SDD), optical disk, magnetic storage device, flash drive, or SD/micro-SD card.
As discussed above, two or more I/O modules 100 may be connected in parallel with one another, and may be capable of communicating with one another. In some embodiments, for further security, the I/O modules 100 are configured to perform an authentication sequence or handshake to authenticate one another at predefined events or times including such as startup, reset, installation of a new I/O module 100, replacement of an I/O module 100, periodically, at scheduled times, and so forth. By causing the I/O modules 100 to authenticate one another, counterfeit or maliciously introduced I/O modules 100 can be avoided.
The second I/O module 100B is configured to validate the request datagram by verifying the first device authentication key certificate (CertDAKA) and the first identity attribute certificate (IACA) with public keys that are generated by a device lifecycle management system (DLM) or derived utilizing crypto library functions. In this regard, the public keys may be stored in SRAM or another local memory of the I/O module 100 and used with crypto library functions to verify or cryptographically sign exchanged data, such as the nonces exchanged between the I/O modules 100. In some embodiments, the second I/O module 100B may verify the certificates with an elliptic curve digital signing algorithm (hereinafter “ECDSA”) or other verification operation. In some embodiments, the second I/O module 100B may be further configured to validate the certificate values from plain text values by verifying the following: certificate type is device authentication key (hereinafter “DAK”) or identity attribute certificate (hereinafter “IAC”) for each certificate; IAC names match, DAK certificate module type matches module type argument; and/or microprocessor serial number (hereinafter “MPSN”) of each certificate in the message payload match each other. In some embodiments, the second I/O module 100B may be further configured to verify the DAK and IAC certificates are not in a local revocation list (e.g., a list or database including revoked and/or invalid certificates). When the second I/O module 100B fails to validate the request datagram, the second I/O module 100B may generate an error message, partially or completely disable the first I/O module 100A, and/or discontinue or restrict communications to/from the first I/O module 100A.
Responsive to a valid request datagram 502, the second I/O module 100B is configured to transmit a response datagram 504 to the first I/O module 100A. In implementations, the response datagram 504 includes a second plain text nonce (NonceB), a first signature associated with the first and second nonces (SigB[NonceA∥NonceB]), a second device authentication key certificate (certDAKB) containing a second device authentication key (DAKB), and a second identity attribute certificate (IACB). In some embodiments, the second I/O module 100B is configured to generate the second nonce (NonceB) with a TRNG, concatenate or otherwise combine the first nonce (NonceA) and the second nonce (NonceB), and sign the concatenated/combined nonces with a private key (e.g., DAK) that is locally stored by the second I/O module 100B. The second I/O module 100B is further configured to concatenate or otherwise combine the second nonce (NonceB), the first signature associated with the first and second nonces (SigB[NonceA∥NonceB]), the second device authentication key certificate (certDAKB), and the second identity attribute certificate (IACB) to generate the response datagram 504. In some embodiments, the second device authentication key certificate (CertDAKB) and the second identity attribute certificate (IACB) are locally stored by the second I/O module 100B. For example, the certificates may be stored in a local memory (e.g., ROM, RAM, flash memory, or other non-transitory storage medium) of the second I/O module 100B.
The first I/O module 100A is configured to validate the response datagram by verifying the second device authentication key certificate (CertDAKB) and the second identity attribute certificate (IACB) with public keys that are locally stored or retrieved from a crypto library utilizing ECDSA or another verification operation. In some embodiments, the first I/O module 100A may be further configured to validate the certificate values from plain text values by verifying the following: IAC & DAK certificates have matching MPSNs, IAC names match, certificate types are correct on both certificates (IAC & DAK), the correct issuer name is on both certificates, DAK module type is the correct type (e.g., check to see if module type=communications/control module). In some embodiments, the first I/O module 100A may be further configured to verify the DAK and IAC certificates are not in a local revocation list.
To validate the response datagram, the first I/O module 100A may be further configured to verify the first signature associated with the first and second nonces (sigB[NonceA∥NonceB]). In some embodiments, the first I/O module 100A is configured to verify the first signature (sigB[NonceA∥NonceB]) by concatenating the first locally stored nonce (NonceA) and the second plaintext nonce (NonceB) received from the second I/O module 100B, verifying the first cryptographic signature (sigB[NonceA∥NonceB]) with a public device authentication key (e.g., using DAKB from certDAKB), and comparing the locally generated concatenation of the first nonce and the second nonce with the cryptographically verified concatenation of the first nonce and the second nonce. When the first I/O module 100A fails to validate the response datagram, the first I/O module 100A may generate an error message, partially or completely disable the second I/O module 100B, and/or discontinue or restrict communications to/from the second I/O module 100B.
The first I/O module 100A is further configured to transmit an authentication datagram 506 to the second I/O module 100B when the response datagram 504 is valid. In implementations, the authentication datagram 506 includes a second signature associated with the first and second nonces (sigA[NonceA∥NonceB]). In some embodiments, the first I/O module 100A is configured to sign the locally generated concatenation of the first and second nonces a private key (e.g., DAK) that is locally stored by the first I/O module 100A. When the response datagram is invalid, the authentication datagram 506 may be replaced with a “failed” authentication datagram 506 including a signature associated with the second nonce and an error reporting (e.g., “failure”) message (sigA[NonceB∥Error]) generated by the first I/O module 100A.
Responsive to the authentication datagram 506, the second I/O module 100B may be further configured to transmit a responsive authentication datagram 508 to the first I/O module 100A. In implementations, the responsive authentication datagram 508 includes a signature associated with the first nonce and an error reporting (e.g., “success” or “failure”) message (sigB[NonceA∥Error]) generated by the second I/O module 100B. In some embodiments, the second I/O module 100B is configured to validate the authentication datagram 506 by verifying the second signature associated with the first and second nonces (sigA[NonceA∥NonceB]). In some embodiments, the second I/O module 100B is configured to verify the second signature (sigA[NonceA∥NonceB]) by concatenating the first plaintext nonce (NonceA) received from the first I/O module 100A and the second locally stored nonce (NonceB), verifying the second cryptographic signature (sigA[NonceA∥NonceB]) with a public device authentication key (e.g., using DAKA from certDAKA), and comparing the locally generated concatenation of the first nonce and the second nonce with the cryptographically verified concatenation of the first nonce and the second nonce. In addition to the error reporting message, when the second I/O module 100B fails to validate the authentication datagram, the second I/O module 100B may partially or completely disable the first I/O module 100A, and/or discontinue or restrict communications to/from the first I/O module 100A.
In implementations where the I/O modules 100 are arranged according to a “master-slave” configuration, the master (e.g., the first I/O module 100A) may be configured to authenticate each slave. In the event of a failed authentication, the master may at least partially disable or restrict communications to/from the unauthenticated slave. Alternatively, two or more slave I/O modules 100 and/or two or more I/O modules 100 operating in parallel without a master may authenticate one another. A failed authentication may result in both devices or a pseudo-secondary device (e.g., non-initiating I/O module) being partially or completely disabled. For example, two or more redundant I/O modules 100 can be disabled should they fail to successfully complete the authentication sequence at startup or another predefined time/event.
Each I/O module 100 may include circuitry and/or logic enabled to perform the functions described herein. For example, the controller 106 may be configured to execute program instructions stored permanently, semi-permanently, or temporarily by a non-transitory machine readable medium 108 such as a hard disk drive (HDD), solid-state disk (SDD), optical disk, magnetic storage device, flash drive, or the like. Accordingly, the controller 106 may be configured to carry out an authentication initiator sequence 600 and/or an authentication responder sequence 700 illustrated in
Referring to
Referring to
In some embodiments, the I/O modules 100 can be further configured to authenticate with and/or be authenticated by other elements of the industrial control system 200, such as communications/control modules 214, field devices 217 (e.g. sensors 218 or actuators 220), power modules 232, physical interconnect devices, switches, and the like. Industrial controllers/elements can be configured to authenticate one another or other devices by performing a sequence or handshake such as the authentication sequence (between redundant I/O modules 100) described above. For example, the I/O module 100 can be configured to perform an authentication sequence (e.g., as described above) with a communications/control module 214 or a field device 217. It is further contemplated that, communicatively coupled field devices 217 (e.g., sensors 218 or actuators 220) can also be configured to authenticate with each other in a manner similar to the authentication process described above.
It should be understood that any of the functions described herein can be implemented using hardware (e.g., fixed logic circuitry such as integrated circuits), software, firmware, manual processing, or a combination thereof. Thus, the blocks, operations, functions, or steps discussed in the above disclosure generally represent hardware (e.g., fixed logic circuitry such as integrated circuits), software, firmware, or a combination thereof. In the instance of a hardware configuration, the various blocks discussed in the above disclosure may be implemented as integrated circuits along with other functionality. Such integrated circuits may include all of the functions of a given block, system, or circuit, or a portion of the functions of the block, system, or circuit. Further, elements of the blocks, systems, or circuits may be implemented across multiple integrated circuits. Such integrated circuits may comprise various integrated circuits, including, but not necessarily limited to: a monolithic integrated circuit, a flip chip integrated circuit, a multichip module integrated circuit, and/or a mixed signal integrated circuit. In the instance of a software implementation, the various blocks discussed in the above disclosure represent executable instructions (e.g., program code) that perform specified tasks when executed on a processor. These executable instructions can be stored in one or more tangible computer readable media. In some such instances, the entire system, block, or circuit may be implemented using its software or firmware equivalent. In other instances, one part of a given system, block, or circuit may be implemented in software or firmware, while other parts are implemented in hardware.
Although the subject matter has been described in language specific to structural features and/or process operations, it is to be understood that the subject matter defined in the appended claims is not necessarily limited to the specific features or acts described above. Rather, the specific features and acts described above are disclosed as example forms of implementing the claims.
The present application is a continuation under 35 U.S.C. § 120 of U.S. Non-Provisional application Ser. No. 15/665,950 (now U.S. Pat. No. 11,055,246), filed on Aug. 1, 2017 (now U.S. Pat. No. 11,055,246), and titled “INPUT/OUTPUT MODULE WITH MULTI-CHANNEL SWITCHING CAPABILITY,” which is a continuation under 35 U.S.C. § 120 of U.S. Non-Provisional application Ser. No. 14/618,292 (U.S. Pat. No. 9,727,511), filed Feb. 10, 2015 and titled “INPUT/OUTPUT MODULE WITH MULTI-CHANNEL SWITCHING CAPABILITY.” The present application further claims priority under 35 U.S.C. § 119(e) to U.S. Provisional Application Ser. No. 62/114,030, filed Feb. 9, 2015, and titled “INPUT/OUTPUT MODULE WITH MULTI-CHANNEL SWITCHING CAPABILITY.” The present application is also a continuation-in-part of International Application No. PCT/US2013/053721, filed Aug. 6, 2013, and titled “SECURE INDUSTRIAL CONTROL SYSTEM.” The present application is also a continuation-in-part under 35 U.S.C. § 120 of U.S. patent application Ser. No. 14/469,931, filed Aug. 27, 2014, and titled “SECURE INDUSTRIAL CONTROL SYSTEM.” The present application is also a continuation-in-part under 35 U.S.C. § 120 of U.S. patent application Ser. No. 14/446,412, filed Jul. 30, 2014, and titled “INDUSTRIAL CONTROL SYSTEM CABLE,” which claims priority under 35 U.S.C. § 119(e) to U.S. Provisional Application Ser. No. 62/021,438, filed Jul. 7, 2014, and titled “INDUSTRIAL CONTROL SYSTEM CABLE.” The present application is also a continuation-in-part under 35 U.S.C. § 120 of U.S. patent application Ser. No. 14/519,066, filed Oct. 20, 2014, and titled “OPERATOR ACTION AUTHENTICATION IN AN INDUSTRIAL CONTROL SYSTEM.” The present application is also a continuation-in-part under 35 U.S.C. § 120 of U.S. patent application Ser. No. 14/519,047, filed Oct. 20, 2014, and titled “INDUSTRIAL CONTROL SYSTEM REDUNDANT COMMUNICATIONS/CONTROL MODULES AUTHENTICATION.” The present application is also a continuation-in-part under 35 U.S.C. § 120 of U.S. patent application Ser. No. 14/597,498, filed Jan. 15, 2015, and titled “ELECTROMAGNETIC CONNECTOR,” which is a continuation under 35 U.S.C. § 120 of U.S. patent application Ser. No. 13/341,143, filed Dec. 30, 2011, and titled “ELECTROMAGNETIC CONNECTOR.” The present application is also a continuation-in-part of International Application No. PCT/US2012/072056, filed Dec. 28, 2012 (having a priority date of Dec. 30, 2011), and titled “ELECTROMAGNETIC CONNECTOR AND COMMUNICATIONS/CONTROL SYSTEM/SWITCH FABRIC WITH SERIAL AND PARALLEL COMMUNICATIONS INTERFACES.” The present application is also a continuation-in-part under 35 U.S.C. § 120 of U.S. patent application Ser. No. 14/501,974, filed Sep. 30, 2014, and titled “SWITCH FABRIC HAVING A SERIAL COMMUNICATIONS INTERFACE AND A PARALLEL COMMUNICATIONS INTERFACE,” which is a continuation under 35 U.S.C. § 120 of U.S. patent application Ser. No. 13/341,161, filed Dec. 30, 2011, and titled “SWITCH FABRIC HAVING A SERIAL COMMUNICATIONS INTERFACE AND A PARALLEL COMMUNICATIONS INTERFACE.” The present application is also a continuation-in-part under 35 U.S.C. § 120 of U.S. patent application Ser. No. 14/502,006, filed Sep. 30, 2014, and titled “COMMUNICATIONS CONTROL SYSTEM WITH A SERIAL COMMUNICATIONS INTERFACE AND A PARALLEL COMMUNICATIONS INTERFACE,” which is a continuation under 35 U.S.C. § 120 of U.S. patent application Ser. No. 13/341,176, filed Dec. 30, 2011, and titled “COMMUNICATIONS CONTROL SYSTEM WITH A SERIAL COMMUNICATIONS INTERFACE AND A PARALLEL COMMUNICATIONS INTERFACE.” Each of the patent applications cross-referenced above is incorporated herein by reference in its entirety.
| Number | Name | Date | Kind |
|---|---|---|---|
| 1778549 | Conner | Oct 1930 | A |
| 1961013 | Battista et al. | May 1934 | A |
| 2540575 | Tomun et al. | Feb 1951 | A |
| 3702983 | Chace et al. | Nov 1972 | A |
| 4079440 | Ohnuma et al. | Mar 1978 | A |
| 4082984 | Iwata | Apr 1978 | A |
| 4337499 | Cronin et al. | Jun 1982 | A |
| 4403286 | Fry et al. | Sep 1983 | A |
| 4508414 | Kusui et al. | Apr 1985 | A |
| 4628308 | Robert | Dec 1986 | A |
| 4656622 | Lea | Apr 1987 | A |
| 4672529 | Kupersmit | Jun 1987 | A |
| 4691384 | Jobe | Sep 1987 | A |
| 4789792 | Ruedi | Dec 1988 | A |
| 4882702 | Struger et al. | Nov 1989 | A |
| 4929939 | Varma et al. | May 1990 | A |
| 4932892 | Hatch | Jun 1990 | A |
| 5013247 | Watson | May 1991 | A |
| 5128664 | Bishop | Jul 1992 | A |
| 5229652 | Hough | Jul 1993 | A |
| 5325046 | Young et al. | Jun 1994 | A |
| 5378166 | Gallagher, Sr. | Jan 1995 | A |
| 5385487 | Beitman | Jan 1995 | A |
| 5385490 | Demeter et al. | Jan 1995 | A |
| 5388099 | Poole | Feb 1995 | A |
| 5422558 | Stewart | Jun 1995 | A |
| 5469334 | Balakrishnan | Nov 1995 | A |
| 5519583 | Kolling et al. | May 1996 | A |
| 5546463 | Caputo et al. | Aug 1996 | A |
| 5572511 | Ouyang et al. | Nov 1996 | A |
| 5590284 | Crosetto | Dec 1996 | A |
| 5602754 | Beatty et al. | Feb 1997 | A |
| 5603044 | Annapareddy et al. | Feb 1997 | A |
| 5719483 | Abbott et al. | Feb 1998 | A |
| 5724349 | Cloonan et al. | Mar 1998 | A |
| 5735707 | O'Groske et al. | Apr 1998 | A |
| 5757795 | Schnell | May 1998 | A |
| 5773962 | Nor | Jun 1998 | A |
| 5860824 | Fan | Jan 1999 | A |
| 5896473 | Kaspari | Apr 1999 | A |
| 5909368 | Nixon et al. | Jun 1999 | A |
| 5951666 | Ilting et al. | Sep 1999 | A |
| 5958030 | Kwa | Sep 1999 | A |
| 5963448 | Flood et al. | Oct 1999 | A |
| 5980312 | Chapman et al. | Nov 1999 | A |
| 6002675 | Ben-Michael et al. | Dec 1999 | A |
| 6009410 | Lemole et al. | Dec 1999 | A |
| 6016310 | Muller | Jan 2000 | A |
| 6046513 | Jouper et al. | Apr 2000 | A |
| 6104913 | McAllister | Aug 2000 | A |
| 6124778 | Rowley et al. | Sep 2000 | A |
| 6178474 | Hamano et al. | Jan 2001 | B1 |
| 6218740 | Mildice | Apr 2001 | B1 |
| 6219789 | Little et al. | Apr 2001 | B1 |
| 6220889 | Ely et al. | Apr 2001 | B1 |
| 6347963 | Falkenberg et al. | Feb 2002 | B1 |
| 6393565 | Lockhart et al. | May 2002 | B1 |
| 6435409 | Hu | Aug 2002 | B1 |
| 6453416 | Epstein | Sep 2002 | B1 |
| 6480963 | Tachibana et al. | Nov 2002 | B1 |
| 6490176 | Holzer et al. | Dec 2002 | B2 |
| 6574681 | White et al. | Jun 2003 | B1 |
| 6597683 | Gehring et al. | Jul 2003 | B1 |
| 6643777 | Chu | Nov 2003 | B1 |
| 6680904 | Kaplan et al. | Jan 2004 | B1 |
| 6695620 | Huang | Feb 2004 | B1 |
| 6714541 | Iyer | Mar 2004 | B1 |
| 6799234 | Moon et al. | Sep 2004 | B1 |
| 6812803 | Goergen | Nov 2004 | B2 |
| 6814580 | Li et al. | Nov 2004 | B2 |
| 6828894 | Sorger et al. | Dec 2004 | B1 |
| 6840795 | Takeda et al. | Jan 2005 | B1 |
| 6956355 | Vaillancourt et al. | Oct 2005 | B2 |
| 6988162 | Goergen | Jan 2006 | B2 |
| 7114070 | Willming et al. | Sep 2006 | B1 |
| 7164255 | Hui | Jan 2007 | B2 |
| 7172428 | Huang | Feb 2007 | B2 |
| 7200692 | Singla et al. | Apr 2007 | B2 |
| 7234963 | Huang | Jun 2007 | B1 |
| 7254452 | Davlin et al. | Aug 2007 | B2 |
| 7402074 | Leblanc et al. | Jul 2008 | B2 |
| 7415368 | Gilbert et al. | Aug 2008 | B2 |
| 7426585 | Rourke | Sep 2008 | B1 |
| 7460482 | Pike | Dec 2008 | B2 |
| 7510420 | Mori | Mar 2009 | B2 |
| 7526676 | Chou et al. | Apr 2009 | B2 |
| 7529862 | Isani et al. | May 2009 | B2 |
| 7536548 | Batke et al. | May 2009 | B1 |
| 7554288 | Gangstoe et al. | Jun 2009 | B2 |
| 7587481 | Osburn, III | Sep 2009 | B1 |
| 7614909 | Lin | Nov 2009 | B2 |
| 7619386 | Sasaki et al. | Nov 2009 | B2 |
| 7622994 | Galal | Nov 2009 | B2 |
| 7660098 | Walmsley | Feb 2010 | B2 |
| 7670190 | Shi et al. | Mar 2010 | B2 |
| 7685349 | Allen et al. | Mar 2010 | B2 |
| 7730304 | Katsube et al. | Jun 2010 | B2 |
| 7746846 | Boora et al. | Jun 2010 | B2 |
| 7761640 | Hikabe | Jul 2010 | B2 |
| 7774074 | Davlin et al. | Aug 2010 | B2 |
| 7788431 | Deshpande et al. | Aug 2010 | B2 |
| 7790304 | Hendricks et al. | Sep 2010 | B2 |
| 7811136 | Hsieh et al. | Oct 2010 | B1 |
| 7815471 | Wu | Oct 2010 | B2 |
| 7822994 | Hamaguchi | Oct 2010 | B2 |
| 7839025 | Besser et al. | Nov 2010 | B2 |
| 7872561 | Matumoto | Jan 2011 | B2 |
| 7948758 | Buhler et al. | May 2011 | B2 |
| 7960870 | Besser et al. | Jun 2011 | B2 |
| 7971052 | Lucas et al. | Jun 2011 | B2 |
| 8013474 | Besser et al. | Sep 2011 | B2 |
| 8019194 | Morrison et al. | Sep 2011 | B2 |
| 8032745 | Bandholz et al. | Oct 2011 | B2 |
| 8062070 | Jeon et al. | Nov 2011 | B2 |
| 8125208 | Gyland | Feb 2012 | B2 |
| 8132231 | Amies et al. | Mar 2012 | B2 |
| 8143858 | Tsugawa et al. | Mar 2012 | B2 |
| 8149587 | Baran et al. | Apr 2012 | B2 |
| 8157569 | Liu | Apr 2012 | B1 |
| 8181262 | Cooper et al. | May 2012 | B2 |
| 8189101 | Cummings et al. | May 2012 | B2 |
| 8212399 | Besser et al. | Jul 2012 | B2 |
| 8266360 | Agrawal | Sep 2012 | B2 |
| 8281386 | Milligan et al. | Oct 2012 | B2 |
| 8287306 | Daugherty et al. | Oct 2012 | B2 |
| 8295770 | Seil et al. | Oct 2012 | B2 |
| 8310380 | Aria et al. | Nov 2012 | B2 |
| 8341717 | Delker et al. | Dec 2012 | B1 |
| 8380905 | Djabbari et al. | Feb 2013 | B2 |
| 8390441 | Covaro et al. | Mar 2013 | B2 |
| 8465762 | Lee et al. | Jun 2013 | B2 |
| 8480438 | Mattson | Jul 2013 | B2 |
| 8532119 | Snively | Sep 2013 | B2 |
| 8560147 | Taylor et al. | Oct 2013 | B2 |
| 8587318 | Chandler et al. | Nov 2013 | B2 |
| 8651874 | Ku et al. | Feb 2014 | B2 |
| 8677145 | Maletsky et al. | Mar 2014 | B2 |
| 8694770 | Osburn, III | Apr 2014 | B1 |
| 8777671 | Huang | Jul 2014 | B2 |
| 8862802 | Calvin et al. | Oct 2014 | B2 |
| 8868813 | Calvin et al. | Oct 2014 | B2 |
| 8971072 | Calvin et al. | Mar 2015 | B2 |
| 9071082 | Nishibayashi et al. | Jun 2015 | B2 |
| 9318917 | Kubota et al. | Apr 2016 | B2 |
| 9436641 | Calvin et al. | Sep 2016 | B2 |
| 9465762 | Calvin et al. | Oct 2016 | B2 |
| 9467297 | Clish et al. | Oct 2016 | B2 |
| 9812803 | Toyoda et al. | Nov 2017 | B2 |
| 10103875 | Roth et al. | Oct 2018 | B1 |
| 10613567 | Rooyakkers et al. | Apr 2020 | B2 |
| 10832861 | Rooyakkers et al. | Nov 2020 | B2 |
| 11093427 | Calvin et al. | Aug 2021 | B2 |
| 20020070835 | Dadafshar | Jun 2002 | A1 |
| 20020080828 | Ofek et al. | Jun 2002 | A1 |
| 20020080829 | Ofek et al. | Jun 2002 | A1 |
| 20020084698 | Kelly et al. | Jul 2002 | A1 |
| 20020086678 | Salokannel et al. | Jul 2002 | A1 |
| 20020095573 | O'Brien | Jul 2002 | A1 |
| 20020097031 | Cook et al. | Jul 2002 | A1 |
| 20020116619 | Maruyama et al. | Aug 2002 | A1 |
| 20020124198 | Bormann et al. | Sep 2002 | A1 |
| 20020171525 | Kobayashi et al. | Nov 2002 | A1 |
| 20020182898 | Takahashi et al. | Dec 2002 | A1 |
| 20020189910 | Yano et al. | Dec 2002 | A1 |
| 20030005289 | Gougeon et al. | Jan 2003 | A1 |
| 20030013727 | Maw et al. | Jan 2003 | A1 |
| 20030040897 | Murphy et al. | Feb 2003 | A1 |
| 20030074489 | Steger et al. | Apr 2003 | A1 |
| 20030094855 | Lohr et al. | May 2003 | A1 |
| 20030105601 | Kobayashi et al. | Jun 2003 | A1 |
| 20030137277 | Mori et al. | Jul 2003 | A1 |
| 20030166397 | Aura | Sep 2003 | A1 |
| 20030202330 | Lopata et al. | Oct 2003 | A1 |
| 20030204756 | Ransom et al. | Oct 2003 | A1 |
| 20030236998 | Gilstrap et al. | Dec 2003 | A1 |
| 20040178770 | Gagnon et al. | Sep 2004 | A1 |
| 20050001589 | Edington et al. | Jan 2005 | A1 |
| 20050019143 | Bishman | Jan 2005 | A1 |
| 20050091432 | Adams et al. | Apr 2005 | A1 |
| 20050102535 | Patrick et al. | May 2005 | A1 |
| 20050144437 | Ransom et al. | Jun 2005 | A1 |
| 20050144440 | Catherman et al. | Jun 2005 | A1 |
| 20050151720 | Cruz-Hernandez et al. | Jul 2005 | A1 |
| 20050162019 | Masciarelli et al. | Jul 2005 | A1 |
| 20050182876 | Kim et al. | Aug 2005 | A1 |
| 20050189910 | Hui | Sep 2005 | A1 |
| 20050198522 | Shaw et al. | Sep 2005 | A1 |
| 20050229004 | Callaghan | Oct 2005 | A1 |
| 20060015590 | Patil et al. | Jan 2006 | A1 |
| 20060020782 | Kakii | Jan 2006 | A1 |
| 20060108972 | Araya | May 2006 | A1 |
| 20060119315 | Sasaki et al. | Jun 2006 | A1 |
| 20060155990 | Katsube et al. | Jul 2006 | A1 |
| 20060156415 | Rubinstein et al. | Jul 2006 | A1 |
| 20070072442 | DiFonzo et al. | Mar 2007 | A1 |
| 20070076768 | Chiesa et al. | Apr 2007 | A1 |
| 20070123304 | Pattenden et al. | May 2007 | A1 |
| 20070123316 | Little | May 2007 | A1 |
| 20070143838 | Milligan et al. | Jun 2007 | A1 |
| 20070174524 | Kato et al. | Jul 2007 | A1 |
| 20070177298 | Jaatinen et al. | Aug 2007 | A1 |
| 20070192134 | Littenberg et al. | Aug 2007 | A1 |
| 20070194944 | Galera et al. | Aug 2007 | A1 |
| 20070214296 | Takamatsu et al. | Sep 2007 | A1 |
| 20070229302 | Penick et al. | Oct 2007 | A1 |
| 20070260897 | Cochran et al. | Nov 2007 | A1 |
| 20080067874 | Tseng | Mar 2008 | A1 |
| 20080077976 | Schulz | Mar 2008 | A1 |
| 20080080395 | Law et al. | Apr 2008 | A1 |
| 20080082449 | Wilkinson et al. | Apr 2008 | A1 |
| 20080123669 | Oliveti et al. | May 2008 | A1 |
| 20080140888 | Blair et al. | Jun 2008 | A1 |
| 20080181316 | Crawley et al. | Jul 2008 | A1 |
| 20080189441 | Jundt et al. | Aug 2008 | A1 |
| 20080194124 | Di Stefano | Aug 2008 | A1 |
| 20080209216 | Kelly et al. | Aug 2008 | A1 |
| 20080285755 | Camus et al. | Nov 2008 | A1 |
| 20080303351 | Jansen et al. | Dec 2008 | A1 |
| 20090036164 | Rowley | Feb 2009 | A1 |
| 20090061678 | Minoo et al. | Mar 2009 | A1 |
| 20090066291 | Tien et al. | Mar 2009 | A1 |
| 20090083843 | Wilkinson, Jr. et al. | Mar 2009 | A1 |
| 20090091513 | Kuhn | Apr 2009 | A1 |
| 20090092248 | Rawson | Apr 2009 | A1 |
| 20090121704 | Shibahara | May 2009 | A1 |
| 20090204458 | Wiese et al. | Aug 2009 | A1 |
| 20090217043 | Metke et al. | Aug 2009 | A1 |
| 20090222885 | Batke et al. | Sep 2009 | A1 |
| 20090234998 | Kuo | Sep 2009 | A1 |
| 20090239468 | He et al. | Sep 2009 | A1 |
| 20090245245 | Malwankar et al. | Oct 2009 | A1 |
| 20090254655 | Kidwell et al. | Oct 2009 | A1 |
| 20090256717 | Iwai | Oct 2009 | A1 |
| 20090278509 | Boyles et al. | Nov 2009 | A1 |
| 20090287321 | Lucas et al. | Nov 2009 | A1 |
| 20090288732 | Gielen | Nov 2009 | A1 |
| 20100052428 | Imamura et al. | Mar 2010 | A1 |
| 20100066340 | Delforge | Mar 2010 | A1 |
| 20100082869 | Lloyd et al. | Apr 2010 | A1 |
| 20100122081 | Sato et al. | May 2010 | A1 |
| 20100148721 | Little | Jun 2010 | A1 |
| 20100149997 | Law et al. | Jun 2010 | A1 |
| 20100151816 | Besehanic et al. | Jun 2010 | A1 |
| 20100153751 | Tseng et al. | Jun 2010 | A1 |
| 20100197366 | Pattenden et al. | Aug 2010 | A1 |
| 20100197367 | Pattenden et al. | Aug 2010 | A1 |
| 20100233889 | Kiani et al. | Sep 2010 | A1 |
| 20100262312 | Kubota et al. | Oct 2010 | A1 |
| 20110010016 | Giroti | Jan 2011 | A1 |
| 20110038114 | Pance et al. | Feb 2011 | A1 |
| 20110057291 | Slupsky et al. | Mar 2011 | A1 |
| 20110066309 | Matsuoka et al. | Mar 2011 | A1 |
| 20110074349 | Ghovanloo | Mar 2011 | A1 |
| 20110080056 | Low et al. | Apr 2011 | A1 |
| 20110082621 | Berkobin et al. | Apr 2011 | A1 |
| 20110089900 | Hogari | Apr 2011 | A1 |
| 20110140538 | Jung et al. | Jun 2011 | A1 |
| 20110150431 | Klappert | Jun 2011 | A1 |
| 20110172940 | Wood et al. | Jul 2011 | A1 |
| 20110185196 | Asano et al. | Jul 2011 | A1 |
| 20110196997 | Ruberg et al. | Aug 2011 | A1 |
| 20110197009 | Agrawal | Aug 2011 | A1 |
| 20110202992 | Xiao et al. | Aug 2011 | A1 |
| 20110285847 | Riedel et al. | Nov 2011 | A1 |
| 20110291491 | Lemmens et al. | Dec 2011 | A1 |
| 20110296066 | Xia | Dec 2011 | A1 |
| 20110313547 | Hernandez et al. | Dec 2011 | A1 |
| 20120028498 | Na et al. | Feb 2012 | A1 |
| 20120036364 | Yoneda et al. | Feb 2012 | A1 |
| 20120046015 | Little | Feb 2012 | A1 |
| 20120053742 | Tsuda | Mar 2012 | A1 |
| 20120102334 | O'Loughlin et al. | Apr 2012 | A1 |
| 20120124373 | Dangoor et al. | May 2012 | A1 |
| 20120143586 | Vetter et al. | Jun 2012 | A1 |
| 20120159210 | Hosaka | Jun 2012 | A1 |
| 20120204033 | Etchegoyen et al. | Aug 2012 | A1 |
| 20120236769 | Powell et al. | Sep 2012 | A1 |
| 20120242459 | Lambert | Sep 2012 | A1 |
| 20120265361 | Billingsley et al. | Oct 2012 | A1 |
| 20120271576 | Kamel et al. | Oct 2012 | A1 |
| 20120274273 | Jacobs et al. | Nov 2012 | A1 |
| 20120282805 | Ku et al. | Nov 2012 | A1 |
| 20120284354 | Mukundan et al. | Nov 2012 | A1 |
| 20120284514 | Lambert | Nov 2012 | A1 |
| 20120295451 | Hyun-Jun et al. | Nov 2012 | A1 |
| 20120297101 | Neupaertl et al. | Nov 2012 | A1 |
| 20120311071 | Karaffa et al. | Dec 2012 | A1 |
| 20120322513 | Pattenden et al. | Dec 2012 | A1 |
| 20120328094 | Pattenden et al. | Dec 2012 | A1 |
| 20130011719 | Yasui et al. | Jan 2013 | A1 |
| 20130026973 | Luke et al. | Jan 2013 | A1 |
| 20130031382 | Jau et al. | Jan 2013 | A1 |
| 20130070788 | Deiretsbacher et al. | Mar 2013 | A1 |
| 20130082641 | Nishibayashi et al. | Apr 2013 | A1 |
| 20130170258 | Calvin et al. | Jul 2013 | A1 |
| 20130173832 | Calvin et al. | Jul 2013 | A1 |
| 20130211547 | Buchdunger et al. | Aug 2013 | A1 |
| 20130212390 | Du et al. | Aug 2013 | A1 |
| 20130224048 | Gillingwater et al. | Aug 2013 | A1 |
| 20130233924 | Burns | Sep 2013 | A1 |
| 20130244062 | Teramoto et al. | Sep 2013 | A1 |
| 20130290706 | Socky et al. | Oct 2013 | A1 |
| 20130291085 | Chong et al. | Oct 2013 | A1 |
| 20140015488 | Despesse | Jan 2014 | A1 |
| 20140068712 | Frenkel et al. | Mar 2014 | A1 |
| 20140075186 | Austen | Mar 2014 | A1 |
| 20140089692 | Hanafusa | Mar 2014 | A1 |
| 20140091623 | Shippy et al. | Apr 2014 | A1 |
| 20140095867 | Smith et al. | Apr 2014 | A1 |
| 20140097672 | Takemura et al. | Apr 2014 | A1 |
| 20140129162 | Hallman et al. | May 2014 | A1 |
| 20140131450 | Gordon et al. | May 2014 | A1 |
| 20140142725 | Boyd | May 2014 | A1 |
| 20140280520 | Baier et al. | Sep 2014 | A1 |
| 20140285318 | Audéon et al. | Sep 2014 | A1 |
| 20140312913 | Kikuchi et al. | Oct 2014 | A1 |
| 20140327318 | Calvin et al. | Nov 2014 | A1 |
| 20140335703 | Calvin et al. | Nov 2014 | A1 |
| 20140341220 | Lessmann | Nov 2014 | A1 |
| 20150019790 | Calvin et al. | Jan 2015 | A1 |
| 20150046701 | Rooyakkers et al. | Feb 2015 | A1 |
| 20150048684 | Rooyakkers et al. | Feb 2015 | A1 |
| 20150115711 | Kouroussis et al. | Apr 2015 | A1 |
| 20150303729 | Kasai et al. | Oct 2015 | A1 |
| 20150365240 | Callaghan | Dec 2015 | A1 |
| 20160036098 | Washiro | Feb 2016 | A1 |
| 20160065656 | Patin et al. | Mar 2016 | A1 |
| 20160069174 | Cannan et al. | Mar 2016 | A1 |
| 20160141894 | Beaston | May 2016 | A1 |
| 20160172635 | Stimm et al. | Jun 2016 | A1 |
| 20160224048 | Rooyakkers et al. | Aug 2016 | A1 |
| 20160301695 | Trivelpiece et al. | Oct 2016 | A1 |
| 20200310480 | Rooyakkers et al. | Oct 2020 | A1 |
| 20210109161 | Huot-Marchand et al. | Apr 2021 | A1 |
| Number | Date | Country |
|---|---|---|
| 2162746 | Apr 1994 | CN |
| 1408129 | Apr 2003 | CN |
| 1440254 | Sep 2003 | CN |
| 2596617 | Dec 2003 | CN |
| 1571335 | Jan 2005 | CN |
| 1702582 | Nov 2005 | CN |
| 1839581 | Sep 2006 | CN |
| 1864305 | Nov 2006 | CN |
| 2899151 | May 2007 | CN |
| 101005359 | Jul 2007 | CN |
| 101069407 | Nov 2007 | CN |
| 101262401 | Sep 2008 | CN |
| 101322089 | Dec 2008 | CN |
| 101349916 | Jan 2009 | CN |
| 101447861 | Jun 2009 | CN |
| 101533380 | Sep 2009 | CN |
| 101576041 | Nov 2009 | CN |
| 201515041 | Jun 2010 | CN |
| 101809557 | Aug 2010 | CN |
| 201590580 | Sep 2010 | CN |
| 101919139 | Dec 2010 | CN |
| 101977104 | Feb 2011 | CN |
| 102035220 | Apr 2011 | CN |
| 102123031 | Jul 2011 | CN |
| 102236329 | Nov 2011 | CN |
| 102237680 | Nov 2011 | CN |
| 202205977 | Apr 2012 | CN |
| 102480352 | May 2012 | CN |
| 1934766 | Jun 2012 | CN |
| 102546707 | Jul 2012 | CN |
| 102809950 | Dec 2012 | CN |
| 102812578 | Dec 2012 | CN |
| 103064032 | Apr 2013 | CN |
| 203180248 | Sep 2013 | CN |
| 103376766 | Oct 2013 | CN |
| 103682883 | Mar 2014 | CN |
| 103701919 | Apr 2014 | CN |
| 203645015 | Jun 2014 | CN |
| 104025387 | Sep 2014 | CN |
| 203932181 | Nov 2014 | CN |
| 104185969 | Dec 2014 | CN |
| 104297691 | Jan 2015 | CN |
| 104505894 | Apr 2015 | CN |
| 204243110 | Apr 2015 | CN |
| 105278327 | Jan 2016 | CN |
| 105556762 | May 2016 | CN |
| 104025387 | Jul 2018 | CN |
| 102013213550 | Jan 2015 | DE |
| 0473336 | Mar 1992 | EP |
| 0507360 | Oct 1992 | EP |
| 1176616 | Jan 2002 | EP |
| 1241800 | Sep 2002 | EP |
| 1246563 | Oct 2002 | EP |
| 1571559 | Sep 2005 | EP |
| 1877915 | Jan 2008 | EP |
| 1885085 | Feb 2008 | EP |
| 2179364 | Apr 2010 | EP |
| 2317743 | May 2011 | EP |
| 2450921 | May 2012 | EP |
| 1396065 | Jul 2012 | EP |
| 2557657 | Feb 2013 | EP |
| 2557670 | Feb 2013 | EP |
| 1885085 | Mar 2013 | EP |
| 2613421 | Jul 2013 | EP |
| 2777796 | Sep 2014 | EP |
| 2806319 | Nov 2014 | EP |
| 2966806 | Jan 2016 | EP |
| S5974413 | May 1984 | JP |
| S59177226 | Nov 1984 | JP |
| H0163190 | Apr 1989 | JP |
| H02164012 | Jun 1990 | JP |
| H04153705 | May 1992 | JP |
| H04245411 | Sep 1992 | JP |
| H05346809 | Dec 1993 | JP |
| 07075143 | Mar 1995 | JP |
| H0794354 | Apr 1995 | JP |
| H07105328 | Apr 1995 | JP |
| H07320963 | Dec 1995 | JP |
| H0837121 | Feb 1996 | JP |
| H0898274 | Apr 1996 | JP |
| H08241824 | Sep 1996 | JP |
| H08322252 | Dec 1996 | JP |
| H09182324 | Jul 1997 | JP |
| H09213548 | Aug 1997 | JP |
| H1189103 | Mar 1999 | JP |
| H1198215 | Apr 1999 | JP |
| H1198707 | Apr 1999 | JP |
| H11230504 | Aug 1999 | JP |
| H11235044 | Aug 1999 | JP |
| H11312013 | Nov 1999 | JP |
| 2000041068 | Feb 2000 | JP |
| 2000124890 | Apr 2000 | JP |
| 2000252143 | Sep 2000 | JP |
| 2001100809 | Apr 2001 | JP |
| 2001242971 | Sep 2001 | JP |
| 2001292176 | Oct 2001 | JP |
| 2001307055 | Nov 2001 | JP |
| 2002134071 | May 2002 | JP |
| 2002280238 | Sep 2002 | JP |
| 2002343655 | Nov 2002 | JP |
| 2002359131 | Dec 2002 | JP |
| 3370931 | Jan 2003 | JP |
| 2003047912 | Feb 2003 | JP |
| 2003068543 | Mar 2003 | JP |
| 2003142327 | May 2003 | JP |
| 2003152703 | May 2003 | JP |
| 2003152708 | May 2003 | JP |
| 2003216237 | Jul 2003 | JP |
| 2004501540 | Jan 2004 | JP |
| 2004303701 | Oct 2004 | JP |
| 2004532596 | Oct 2004 | JP |
| 2005020759 | Jan 2005 | JP |
| 2005038411 | Feb 2005 | JP |
| 2005513956 | May 2005 | JP |
| 2005151720 | Jun 2005 | JP |
| 2005250833 | Sep 2005 | JP |
| 2005275777 | Oct 2005 | JP |
| 2005531235 | Oct 2005 | JP |
| 2005327231 | Nov 2005 | JP |
| 2005332406 | Dec 2005 | JP |
| 2006060779 | Mar 2006 | JP |
| 2006164706 | Jun 2006 | JP |
| 2006180460 | Jul 2006 | JP |
| 2006223950 | Aug 2006 | JP |
| 2006238274 | Sep 2006 | JP |
| 2006254650 | Sep 2006 | JP |
| 2007034711 | Feb 2007 | JP |
| 2007096817 | Apr 2007 | JP |
| 2007519150 | Jul 2007 | JP |
| 2007238696 | Sep 2007 | JP |
| 2007252081 | Sep 2007 | JP |
| 2007535235 | Nov 2007 | JP |
| 2008008861 | Jan 2008 | JP |
| 2008172873 | Jul 2008 | JP |
| 2008215028 | Sep 2008 | JP |
| 2008257707 | Oct 2008 | JP |
| 2008538668 | Oct 2008 | JP |
| 4245411 | Mar 2009 | JP |
| 2009054086 | Mar 2009 | JP |
| 2009065759 | Mar 2009 | JP |
| 2009157913 | Jul 2009 | JP |
| 2009163909 | Jul 2009 | JP |
| 2009538112 | Oct 2009 | JP |
| 2010011351 | Jan 2010 | JP |
| 2010503134 | Jan 2010 | JP |
| 4439340 | Mar 2010 | JP |
| 2010515407 | May 2010 | JP |
| 2010135903 | Jun 2010 | JP |
| 2010205163 | Sep 2010 | JP |
| 2010233167 | Oct 2010 | JP |
| 2010533387 | Oct 2010 | JP |
| 2011078249 | Apr 2011 | JP |
| 2011217037 | Oct 2011 | JP |
| 2011223544 | Nov 2011 | JP |
| 2012033491 | Feb 2012 | JP |
| 5013019 | Aug 2012 | JP |
| 2012190583 | Oct 2012 | JP |
| 2012195259 | Oct 2012 | JP |
| 2013021798 | Jan 2013 | JP |
| 2013031358 | Feb 2013 | JP |
| 2013153596 | Aug 2013 | JP |
| 2013170258 | Sep 2013 | JP |
| 2013192389 | Sep 2013 | JP |
| 5362930 | Dec 2013 | JP |
| 2014507721 | Mar 2014 | JP |
| 2014080952 | May 2014 | JP |
| 2015023375 | Feb 2015 | JP |
| 2016021763 | Feb 2016 | JP |
| 2016512039 | Apr 2016 | JP |
| 2016149128 | Aug 2016 | JP |
| 2016527844 | Sep 2016 | JP |
| 6189479 | Aug 2017 | JP |
| 2019146257 | Aug 2019 | JP |
| 2020115457 | Jul 2020 | JP |
| 20020088540 | Nov 2002 | KR |
| 20050014790 | Feb 2005 | KR |
| 20060034244 | Apr 2006 | KR |
| 100705380 | Apr 2007 | KR |
| 100807377 | Feb 2008 | KR |
| 20130039174 | Apr 2013 | KR |
| 201310344 | Mar 2013 | TW |
| 0180442 | Oct 2001 | WO |
| 02097946 | Dec 2002 | WO |
| 2005070733 | Aug 2005 | WO |
| 2005081659 | Sep 2005 | WO |
| 2006059195 | Jun 2006 | WO |
| 2007041866 | Apr 2007 | WO |
| 2007148462 | Dec 2007 | WO |
| 2008083387 | Jul 2008 | WO |
| 2009032797 | Mar 2009 | WO |
| 2009142053 | Nov 2009 | WO |
| 2010117082 | Oct 2010 | WO |
| 2011104935 | Sep 2011 | WO |
| 2013031124 | Mar 2013 | WO |
| 2013033247 | Mar 2013 | WO |
| 2013102069 | Jul 2013 | WO |
| 2014061307 | Apr 2014 | WO |
| 2014147896 | Sep 2014 | WO |
| 2014179556 | Nov 2014 | WO |
| 2014179566 | Nov 2014 | WO |
| 2015020633 | Feb 2015 | WO |
| Entry |
|---|
| Supplementary Search Report for European Application No. 14791210.9, dated Dec. 6, 2016. |
| Supplementary European Search Report for European Patent Application No. EP 13890953 dated Feb. 6, 2017, 9 pages. |
| Zafirovic-Vukotic, M. et al., “Secure SCADA network supporting NERC CIP”, Power & Energy Society General Meeting, 2009, PES '09, IEEE, Piscataway, NJ, USA, Jul. 26, 2009, pp. 1-8, XP031538542. |
| Office Action in Japan for Application No. 2021-160356, dated Dec. 16, 2022. |
| Final Decision of Rejection and Decision of Dismissal of Amendment for Japanese Application No. 2016-080207, dated Sep. 10, 2021. |
| Generex System Gmbh, “BACS—Battery Analysis & Care System,” Aug. 17, 2014 , XP055290320, Retrieved from the Internet: URL :HTTP://web.archive.org/we/2040929060116/http://www.generex.de/generex/download/datasheets/datasheet_BACS_C20_de.pdf. |
| Generex Systems GMBH, “SACS—Battery Analysis & Care System,” Aug. 17, 2014, XP055290320. |
| Hosseinabady, Mohammad, et al., “Using the inter- and intra-switch regularity in NoC switch testing,” Design, Automation & Test in Europe Conference & Exhibition: Nice, France, Apr. 16-20, 2007, IEEE Service Center, Apr. 16, 2007 (XP058290046). |
| International Search Report and Written Opinion for PCT/US2014/036368, dated Sep. 12, 2014. |
| International Search Report and Written Opinion dated May 12, 2014 in International Application# PCT/US2013/053721. |
| International Search Report and Written Opinion of the International Searching Authority dated Apr. 29, 2013, International Application No. PCT/US2012/072056. |
| International Search Report for Application No. PCT/US2013/053721 dated May 12, 2014. |
| “Introduction to Cryptography,” Network Associates, Inc., PGP 6.5.1, 1990-1999, Retrieved@ [ftp:/!ftp.pgpi.org/pub/pgp/6.5/docs/english/IntroToCrypto.pdf] on Mar. 17, 2016, (refer to pp. 16-20). |
| Japanese Office Action for Application No. JP2014-550508 dated Sep. 15, 2017. |
| Keith S., et al. “Guide to Industrial Control Systems (ICS) Security,” NIST, Special Publication 800-882, Jun. 2011, (refer to pp. 2-1 to 2-10). |
| Molva, R. Ed et al., “Internet security architecture”, Computer Networks, Elsevier Science Publishers B. V., Amsterdam, NL, vol. 31, No. 8, Apr. 23, 1999, pp. 787-804, XP004304518. |
| Extended European Search Report in European Application No. 17208183.8, dated Jun. 22, 2018. |
| Notice of Reason for Rejection for Japanese Application No. 2016-080207, dated Feb. 4, 2021. |
| Notice of Reason for Rejection for Japanese Application No. 2016-080207, dated Jun. 4, 2020. |
| Notice of Reason for Rejection for Japanese Application No. 2014-243827, dated Feb. 1, 2021. |
| Notice of Reason for Rejection for Japanese Application No. 2014-243827, dated Jan. 24, 2019. |
| Notice of Reason for Rejection for Japanese Patent Application No. 2014-243830, dated Jul. 10, 2019. |
| Notice of Reason for Rejection for Japanese Patent Application No. 2014-243830, dated Sep. 21, 2018 . |
| Notice of Reason for Rejection for JP Patent Application No. 2018-109151, dated Jun. 25, 2019. |
| Notice of Reason for Rejection for Patent Application No. 2016-021763, dated Nov. 27, 2019. |
| Notice of Reasons for Rejection dated Jul. 13, 2017 for Japanese Application No. JP2016-533279. |
| Notice of Reasons for Rejection dated Mar. 1, 2018 for Japanese Application No. JP2016-533279. |
| Notice of Reasons for Rejection for Japanese Patent Application No. 2020-035778, dated Apr. 15, 2021. |
| Notification of the Second Office Action for Chinese Application No. 201380079514.4, dated Nov. 5, 2018. |
| Office Action for Canadian Application No. 2,875,515, dated Feb. 17, 2016. |
| Office Action for Canadian Application No. 2,920,133, dated Jan. 30, 2017. |
| Office Action for Canadian Application No. 2,920,133, dated Oct. 19, 2016. |
| Office Action for Chinese Application No. 2015103905202.2, dated Jun. 20, 2018. |
| Office Action for Chinese Application No. 2015103905202.2, dated Mar. 6, 2019. |
| Office Action for Chinese Application No. 2015103905202.2, dated Aug. 6, 2019. |
| Office Action dated Dec. 2, 2016 for JP Application No. 2014-550508. |
| Office Action dated Feb. 5, 2018 for Chinese Application No. CN201380079514.4. |
| Office Action for Canadian Application No. 2,875,515, dated Jun. 1, 2016. |
| Office Action for Canadian Application No. 2,875,515, dated Oct. 6, 2016. |
| Office Action for Canadian Application No. 2,875,518, dated Apr. 22, 2016. |
| Office Action for Canadian Application No. 2,875,518, dated Jun. 3, 2015. |
| Office Action for Chinese Application No. 201280065564.2 dated Oct. 19, 2017. |
| Office Action for Chinese Application No. 201410383686.7, dated Feb. 23, 2018. |
| Office Action for Chinese Application No. 201480034066.0, dated May 3, 2017. |
| Office Action for Chinese Appln No. 201380079515.9, dated Feb. 25, 2019. |
| Office Action for Chinese Patent Application 201410802889.5, dated May 7, 2019. |
| Office Action for Japanese Application No. 2014-080952, dated Jan. 7, 2019. |
| Office Action for Japanese Application No. 2014-080952, dated May 2, 2018. |
| Office Action for Japanese Application No. 2014-159475, dated Feb. 15, 2019. |
| Office Action for Japanese Application No. 2014-159475, dated Jun. 11, 2018. |
| Office Action for Japanese Application No. 2016-512039, dated Feb. 5, 2019. |
| Office Action for Japanese Application No. 2016-512039, dated Jun. 5, 2018. |
| Office Action for Japanese Application No. 2016-533280, dated Apr. 11, 2018. |
| Office Action for Japanese Application No. 2016-533280, dated Jan. 7, 2019. |
| Office Action for Japanese Application No. 2016-533280, dated Jun. 29, 2020. |
| Office Action for Canadian Application No. 2,920,133, dated Apr. 14, 2016. |
| Office Action for Canadian Application No. 2,875,515 dated Feb. 10, 2017 . |
| Office Action for Canadian Application No. 2,875,515 dated Jul. 5, 2017 . |
| Office Action for Candian Application No. 2,875,517 dated May 4, 2015. |
| Office Action for Chinese Application No. 201280065564.2, dated Aug. 3, 2016. |
| Office Action for Chinese Application No. 20141079995.2, dated Jul. 3, 2019. |
| Office Action for Chinese Application No. 201610229230.4, dated Mar. 18, 2021. |
| Office Action for Chinese Application No. 201711349441.2, dated May 27, 2021. |
| Office Action for Chinese Application No. 201910660260.4, dated Nov. 18, 2021. |
| Office Action for Chinese Application No. 2020101058999, dated Sep. 3, 2021. |
| Office Action for Chinese Application No. 201410802889.5 dated Jul. 26, 2018. |
| Office Action for Chinese Patent Application No. 201610236358.3, dated Jan. 25, 2021. |
| Office Action for Chinese Patent Application No. 201610236358.3, dated Jun. 24, 2020. |
| Office Action for Chinese Patent Application No. 201610236358.3, dated Sep. 4, 2019. |
| Office Action for EP Application No. 14196409.8 dated Jan. 22, 2018. |
| Office Action for Japanese Application No. 2014-243830, dated Jun. 29, 2021. |
| Office Action for Japanese Application No. 2016-021763, dated Jun. 11, 2021. |
| Office Action for Japanese Application No. 2017-237592, dated Dec. 27, 2021. |
| Office Action for Japanese Application No. 2020-135564, dated Jul. 20, 2021. |
| Office Action for Japanese Application No. 2016-533280, dated Jun. 28, 2017. |
| Office Action forChinese Patent Application 201410802889.5, dated Dec. 4, 2019. |
| Office Action from Chinese Patent Application No. 201610229230.4, dated Jul. 15, 2020. |
| Office Action from Chinese Patent Application No. 201610229230.4, dated Oct. 24, 2019. |
| Office Action from EP Application No. 14196406.4, dated Jul. 29, 2019. |
| Office Action for Chinese Application No. 201280065564.2, dated Feb. 28, 2017. |
| Office Action for Japanese Application No. 2015-136186, dated Oct. 10, 2019. |
| Partial European Search Report in European Application No. 17208183.8, dated Mar. 28, 2018. |
| Partial Supplementary European Search Report in Application No. 12862174.5, dated Nov. 3, 2015. |
| Partial European Search Report for European Patent Application No. EP 15175744 dated Jan. 4, 2016, 7 pages. |
| Partial Search Report for European Application No. 15175744.0, dated Dec. 14, 2015. |
| Partial Supplementary European Search Report dated Nov. 10, 2015 in Application# EP12862174.5. |
| Reason for Rejection in Japanese Patent Application No. 2016-533279, dated Aug. 13, 2018. |
| Reason for Rejection for Japanese Application No. 2015-136186, dated May 7, 2020. |
| Reason for Rejection for Japanese Application No. 2020-061935, dated Mar. 31, 2021. |
| Rodrigues A., “SCADA Security Device: Design and Implementation”, Master of Science Thesis, Wichita State University, Dec. 2011. |
| Rodrigues, A., et al., “SCADA security device”, Proceedings of the Seventh Annual Workshop on Cyber Security and Information Intelligence Research, CSIIRW '11, Jan. 1, 2011, p. 1, XP055230335, New York, New York, USA. |
| Roman Kleinerman, Daniel Feldman (May 2011), Power over Ethernet (PoE): An Energy-Efficient Alternative (PDF), Marvell, retrieved Sep. 25, 2018 @ http://www.marvell.com/switching/assets/Marveii-PoE-An-Energy-Efficient-Aiternative.pdf (Year: 2011). |
| Search Report for European Application No. 14196406.4, dated Nov. 4, 2015. |
| Search Report for European Application No. 16154943.1 dated Jun. 17, 2016. |
| Search Report for European Application No. 14196409.8, dated May 19, 2016. |
| Search Report for European Application No. 15175744.0, dated Apr. 26, 2016. |
| Seimens AG, “ERTEC400—Enhanced Real-Time Ethernet Controller—Handbuch,” XP002637652, Version 1.2.2, Jul. 31, 2010, pp. 1-98. |
| Siemens AG: “ERTEC 400 | Enhanced Real-Time Ethernet Controller | Handbuch”,No. Version 1.2.2 pp. 1-98, XP002637652, Retrieved from the Internet: URL:http:llcache.automation.siemens.comldniiDUIDUxNDgzNwAA_21631481_HBIERTEC400_Handbuch_V122.pdf [retrieved on May 2, 2011]. |
| Siemens, “Uninterruptible 24 V DC Power Supply High-Performance, communicative and integrated in TIA,” Mar. 31, 2015,XP055290324. |
| Summons to attend oral proceedings for European Application No. 14196409.8, dated Nov. 13, 2019. |
| Supplementary European Search Report for European Patent Application No. EP 14791210 dated Dec. 16, 2016, 11 pages. |
| Supplementary Search Report for European Application No. 13890953.6 dated Jan. 26, 2017. |
| Supplementary Search Report for European Application No. 13891327.2, dated Jan. 10, 2017. |
| Baran, M. et al., “Overcurrent Protection on Voltage-Source-Converter-Based Multiterminal DC Distribution Systems,” IEEE Transactions on Power Delivery, vol. 22, No. 1, Jan. 2007, pp. 406-412. |
| Canadian Office Action for Application No. 2920133 dated Jan. 30, 2017. |
| Canadian Office Action for Application No. 2920133 dated Oct. 19, 2016. |
| CGI, White Paper on “Public Key Encryption and Digital Signature: How do they work?”, 2004 (refer to pp. 3-4). |
| Chen, et al., “Active Diagnosability of Discrete Event Systems and its Application to Battery Fault Diagnosis,” IEEE Transactions on Control Systems Technology, vol. 22, No. 5, Sep. 2014. |
| Chinese Office Action for Application No. 201380079515.9 dated Aug. 7, 2018. |
| Chinese Office Action for Application No. 201380079515.9 dated Nov. 16, 2017. |
| Chinese Office Action for Application No. 202010105899.9, dated Dec. 3, 2020. |
| Chinese Office Action for Application No. CN201610239130.X dated Aug. 2, 2017. |
| Chinese Office Action for Application No. CN201610239130.X dated Feb. 14, 2018. |
| Chinese Office Action for Application No. 201410383686.7 dated May 31, 2017. |
| Chinese Office Action for Application No. 201410799473.2, dated Oct. 12, 2018. |
| Chinese Office Action for Application No. CN201410182071.8 dated Mar. 1, 2017 . |
| Decision of Rejection for Japanese Application No. 2014-243830, dated Mar. 18, 2020. |
| Decision of Rejection for Patent Application No. 2014-243827, dated Nov. 28, 2019. |
| Decision of Rejection for Chinese Application No. 2015103905202.2, dated Nov. 5, 2019. |
| Emerson Process Management, “DeltaV Digital Automation System—System Overview,” XP055402326, Jan. 1, 2009, pp. 1-40. |
| European Search Report for European Application No. 14196406.4, dated Sep. 23, 2015. |
| European Examination Report for Application No. 14196406.4, dated May 12, 2020. |
| European Search Report for EP Application No. 14196408.0, dated Nov. 24, 2015. |
| European Search Report in Application No. 12862174.5, dated Feb. 15, 2016. |
| European Search Report dated Dec. 2, 2015 for EP Application No. 14196408.0. |
| European Search Report for Application No. 20173319.3, dated Nov. 24, 2020. |
| European search report for European Patent Application No. EP14196406 dated Oct. 2, 2015, 6 pages. |
| European Search Report published Nov. 4, 2015 in Application No. EP14196406.4 . |
| Examination Report in European Application No. 17208183.8, dated Feb. 27, 2019. |
| Examination Report for European Application No. 14180106.8, dated Jun. 28, 2017. |
| Examination Report for European Application No. 14196406.4, dated Mar. 31, 2021. |
| Examination Report for European Application No. 17178867.2, dated Mar. 13, 2019. |
| Examination Report for European Application No. 13891327.2, dated Sep. 26, 2018. |
| Examination Report for European Application No. 16165112.0, dated Apr. 17, 2019. |
| Examination Report for European Application No. 16165112.0, dated Feb. 16, 2018 . |
| Examination Report for European Patent Application No. 16154943.1, dated May 16, 2019. |
| Examination Report for European Patent Application No. 1720883.8, dated Oct. 29, 2019. |
| Extended European Search Report for European Patent Application No. EP 14166908 dated Jan. 7, 2015, 10 pages. |
| Extended European Search Report for 21187809.5, dated Nov. 29, 2021. |
| Extended European Search Report for Application No. EP14180106.8, dated Aug. 12, 2015. |
| Extended European Search Report for European Application No. 20150993.2, dated Apr. 29, 2020. |
| Extended European Search Report for European Application No. 20201408.0, dated Apr. 7, 2021. |
| Extended European Search Report for European Patent Application No. EP 14196409 dated May 31, 2016, 10pages. |
| Extended European Search Report for European Patent Application No. EP 16154943 dated Jun. 29, 2016, 9pages. |
| Extended European Search Report for European Patent Application No. EP 17178867 dated Nov. 2, 2017, 13pages. |
| Extended European Search Report for European Patent Application No. EP 18176358 dated Sep. 11, 2018, 11 pages. |
| Extended European Search Reported for European Application No. 20201403.1, dated Apr. 29, 2021. |
| Extended Search Report for European Application No. 14180106.8, dated Jul. 13, 2015. |
| Extented European search report for European Patent Application No. EP16165112 dated Sep. 6, 2016, 12 pages. |
| Fabien F., “Raspberry Pi + Mihini, Controlling an off-the-grid Electrical Installation, Part I,” Apr. 11, 2014, XP055290314. |
| Fang et al., “Application of expert diagnosis system in rechargeable battery,” Department of Computer Science, Qinghua University, Beijing, China, vol. 26, No. 3, Jun. 2002. |
| Final Decision for Rejection for Patent Application No. 2016-021763, dated Jul. 31, 2020. |
| D. Dzung, M. Naedele, T. P. Von Hoff and M. Crevatin, “Security for Industrial Communication Systems,” in Proceedings of the IEEE, vol. 93, No. 6, pp. 1152-1177, Jun. 2005, doi: 10.11 09/JPROC.2005.849714. (Year: 2005). |
| Decision of Rejection for Chinese Application No. 201711349441.2, dated Jun. 23, 2022. |
| Notice of Preliminary Rejection for Korean Application No. 10-2016-0015889, dated Jul. 6, 2022. |
| Notice of Reason for Rejection for Patent Application No. 2022-002389, dated Nov. 25, 2022. |
| Notice of Reasons for Rejection for Japanese Patent Application No. 2021-148592, dated Oct. 28, 2022. |
| Office Action for Japanese Application No. 2020-135564, dated Mar. 8, 2022. |
| Office Action for Japanese Application No. 2020-135564, dated Sep. 14, 2022. |
| Office Action for Japanese Application No. 2021-112729, dated Jun. 27, 2022. |
| Office Action for Japanese Application No. 2021-117572, dated Oct. 14, 2022. |
| Reasons for Rejection for Japanese Application No. 2021-138773, dated Jun. 29, 2022. |
| Decision of Rejection for Japanese Patent Application No. 2021-112729, dated Feb. 6, 2023. |
| Notice of Preliminary Rejection for Korean Application No. 10-2016-0045717, dated Apr. 18, 2023. |
| Notice of Reason for Rejection for Patent Application No. 2022-002389, dated Mar. 17, 2023. |
| Office Action for Chinese Patent Application No. 201711349441.2, dated Mar. 20, 2023. |
| Decision for Rejection for Japanese Application No. 2021-160356, dated Jun. 22, 2023. |
| Decision of Dismissal of Amendment for Japanese Application 2021-117572, dated May 12, 2023. |
| Decision of Reexamination of Chinese Application No. 201711349441.2, dated May 23, 2023. |
| Decision of Rejection for Japanese Application No. 2021-148592, dated May 10, 2023. |
| Examination Report for Application No. EP20201403.1, dated Aug. 10, 2023. |
| Examination Report for European Application No. 21187809.5, dated Jan. 3, 2023. |
| Extended European Search Report for Application No. 22206775.3, dated May 2, 2023. |
| Shrnatikov, V. and Wang, M. H. Timing Analysis in Low-Latency Mix Networks: Attacks and Defenses. In ESORICS 2006, pp. 18-33 . (Year: 2006). |
| Luo, X., Ji, X. and Park, M.S., 2010, April. Location privacy against traffic analysis attacks in wireless sensor networks. In 2010 International Conference on Information Science and Applications (pp. 1-6). IEEE. (Year: 2010). |
| Notice of Final Rejection for Korean Application No. 10-2016-0045717, dated Oct. 17, 2023. |
| Notice of Reasons for Rejection for Japanese Application No. 2022-092303, dated Aug. 31, 2023. |
| Number | Date | Country | |
|---|---|---|---|
| 20220004514 A1 | Jan 2022 | US |
| Number | Date | Country | |
|---|---|---|---|
| 62114030 | Feb 2015 | US | |
| 62021438 | Jul 2014 | US |
| Number | Date | Country | |
|---|---|---|---|
| Parent | 14618292 | Feb 2015 | US |
| Child | 15665950 | US | |
| Parent | 14446412 | Jul 2014 | US |
| Child | 14469931 | US | |
| Parent | 13341143 | Dec 2011 | US |
| Child | 14597498 | US | |
| Parent | 13341176 | Dec 2011 | US |
| Child | 14502006 | US | |
| Parent | 13341161 | Dec 2011 | US |
| Child | 14501974 | US |
| Number | Date | Country | |
|---|---|---|---|
| Parent | 15665950 | Aug 2017 | US |
| Child | 17368247 | US | |
| Parent | 14597498 | Jan 2015 | US |
| Child | 14618292 | US | |
| Parent | 14519047 | Oct 2014 | US |
| Child | 14597498 | US | |
| Parent | 14519066 | Oct 2014 | US |
| Child | 14519047 | US | |
| Parent | 14501974 | Sep 2014 | US |
| Child | 14519066 | US | |
| Parent | 14502006 | Sep 2014 | US |
| Child | 14501974 | US | |
| Parent | 14469931 | Aug 2014 | US |
| Child | 14502006 | US | |
| Parent | PCT/US2013/053721 | Aug 2013 | US |
| Child | 14446412 | US | |
| Parent | PCT/US2012/072056 | Dec 2012 | US |
| Child | PCT/US2013/053721 | US |
