Patent Grant
7526802
Intrinsically safe field maintenance tools are known. Such tools are highly useful in the process control and measurement industry to allow operators to conveniently communicate with and/or interrogate field devices in a given process installation. Examples of such process installations include petroleum, pharmaceutical, chemical, pulp and other processing installations. In such installations, the process control and measurement network may include tens or even hundreds of various field devices which periodically require maintenance to ensure that such devices are functioning properly and/or calibrated. Moreover, when one or more errors in the process control and measurement installation is detected, the use of an intrinsically safe handheld field maintenance tool allows technicians to quickly diagnose such errors in the field.
One such device is sold under the trade designation Model 275 HART® Communicator available from Fisher-Rosemount Systems, Inc., of Eden Prairie, Minnesota. HART® is a registered trademark of the HART® Communication Foundation. The Model 275 provides a host of important functions and capabilities and generally allows highly effective field maintenance.
Intrinsic Safety requirements are intended to guarantee that instrument operation or failure cannot cause ignition if the instrument is properly installed in an environment that contains explosive gases. This is accomplished by limiting the maximum energy stored in the transmitter in a worst case failure situation. Excessive energy discharge may lead to sparking or excessive heat, which could ignite an explosive environment in which the transmitter may be operating.
Examples of intrinsic safety standards include European CENELEC standards EN50014 and 50020, Factory Mutual Standard FM3610, the Canadian Standard Association, the British Approval Service for Electrical Equipment in Flammable Atmospheres, the Japanese Industrial Standard, and the Standards Association of Australia.
In order to ensure stringent compliance with automation industry safety protocols and specifications, only equipment certified by an independent agency can be used in such locations. Any component of a handheld field maintenance tool which is removable must be replaced with another component that also satisfies all requisite safety requirements.
Another difficulty for modern intrinsically safe handheld field maintenance tools is that such tools can be provided with varying levels of functionality. Often times this functionality is controlled by software selections that are generated based upon a user purchasing specific groups of functionality. Since electric removable storage media usable with such devices is inherently portable, it is important to provide an authentication regime that not only ensures that electronic memory placed within the handheld field maintenance tool complies with intrinsic safety requirements, but also that such memory contains licensed code and not unauthorized software.
A memory authentication technique for field maintenance tools is provided. A non-volatile electronic memory includes a unique software identifier. A non-reversible algorithm is applied to the unique software identifier to obtain a result. The result is then encrypted and compared with a stored encrypted result previously stored on the electronic memory. Based upon this comparison, the tool can be fully enabled, fully disabled, or selectively enabled.
In this illustration, process communication or process control loop 18 is a FOUNDATION™ fieldbus process communication loop and is coupled to field devices 20, which are shown coupled arranged in a multi-drop configuration. An alternative process communication loop (not shown) is an HART® process communication loop.
While embodiments of the present invention will be described with respect to Secure Digital (SD) memory cards, it is expressly contemplated that embodiments of the present invention may be practiced with any form of electronic non-volatile memory.
The Secure Digital card is a very secure small-sized flash memory card. The SD card is currently used in a wide variety of consumer products. Such products include, for example, digital video camcorders, digital music players, car navigation systems, smart phones, electronic books, cellular phones and handheld computing devices. Each SD card has a unique software identifier known as the CID. This software identifier is in essence a unique serial number but can also be defined to mean other information. It should be noted that the CID is permanently stored on the SD card and not changeable by re-formatting the SD card. This unique, non-changeable software identifier can be used by an application in the handheld tool to ensure that the memory card is approved for use in a hazardous environment as well as for authenticating one or more aspects of software licensing for software contained within the electronic memory card. For example, to guard against copyright violations of a software application, an Identification Code file (that resides as a hidden file on the SD card) is created based upon the software identifier (CID). This Identification Code file is created by running the software identifier (CID) through an algorithm and then encrypting the results such that the process cannot be reverse-engineered. This process can be performed by encoding of the file checksum followed by encryption of the entire file (including the checksum) using a keyed exclusive OR pattern, for example.
When the electronic memory card is placed into its host unit (handheld field maintenance tool) an application in the host reads both the software identifier and the Identification Code file. The host then repeats the process of running the software identifier through the algorithm and encrypting the results. This result is then compared to that contained in the Identification Code file. Only the card that has a valid Identification Code file will match the host-generated result. Only that unit will become functional. In units where a mismatch occurs, all or parts of the functionality of the tool will be disabled. If the Identification Code file was copied from one SD card to another, the host-generated result will not match that contained in the Identification Code file. The host would then use the software identifier of the new SD card while the file contained a result generated with the original software identifier.
To increase the flexibility of this authentication technique, the algorithm can also include a series of options that make the resultant Identification Code file unique to one or more selected options. For example, this includes the option to allow for programming of the handheld tool as well as the option to allow execution of a FOUNDATION™ Fieldbus application on the tool.
Once the process described above determines that the electronic memory card is valid for use with the handheld field maintenance tool, the tool can then read the Identification Code file to determine which option(s) are to be enabled on the handheld tool. In other words, the handheld tool can be shipped containing all of the hardware and software necessary for various options, with only options purchased by the user authorized and accordingly enabled.
For a user to license additional functionality, the Identification Code file for a particular SD card is replaced or modified. This can be done by replacing the entire card with one that contains the desired license, or it can be done through an external connection of the handheld field maintenance tool. Preferably, the handheld field maintenance tool will contain an infrared data access port that can be used to interface to a personal computer or in some cases directly to a network such as the internet. In either case, the user can access a website, or other destination, that contains an upgrade application. When the user starts the process, a request is made to have the software identifier and the license information passed to the internet database. An interactive application on a remote device, such as a server, will then display the license identity of the electronic media card. The user can then select which additional functionality he or she would like to add. At this point, a financial exchange, password or some other appropriate means of managing this feature is enforced. Once the step is complete, an Identification Code file based on the SD card software identifier and the newly licensed functionality is created via a new Identification Code file. This new file is sent to the portable tool via the personal computer and the infrared data access interface. The host unit will now contain functionality based on the new licensing.
The Identification Code file also preferably contains information that identifies the SD card as qualifying or otherwise meeting one or more requisite safety criteria for use in a hazardous area. Thus, not only will software licensing be facilitated, but only the use of approved memory cards will occur in the hazardous environments sometimes found in the process industry field.
At block 104, it is determined whether the handheld field maintenance tool has successfully established communications with the external computing device. If communications have not been established, control returns via block 106 to block 102 where communications are attempted again. In the event that the handheld field maintenance tool does establish communications with the external computing device, a request is sent from the external computing device to the handheld field maintenance tool for the tool to provide the software version information for the tool to the external computing device, as indicated at block 108. Subsequently, at block 110, the programmable license status is queried from the handheld field maintenance tool. At block 112, the queried information is reviewed to determine if both the software version and the license status are current. If this determination is in the negative, control passes to block 114 where it is determined whether the handheld field maintenance tool is safety flagged. In other words, it is determined whether the Identification Code file contains information indicating that the SD card within the handheld field maintenance tool complies with requisite safety regulations.
If the handheld field maintenance tool is flagged for safety regulations, control passes to block 116 where information is sent to the application to have the user thereof confirm an upgrade. If the user confirms the upgrade, control passes to block 118 where upgraded handheld field maintenance tool software and/or license information is passed to the handheld field maintenance tool. After block 118, control returns to block 108 where the handheld field maintenance tool software version information is queried again.
If during block 116, the user does not confirm the software and/or functionality upgrade, control passes to block 120 which determines whether the user of the application has finished maintenance/transfer operations. If the user indicates that he or she is finished, control passes to block 122 where the application on the external computing device ends. However, if the user indicates that further maintenance is required, then control passes to block 124 and a maintenance process is executed. If at block 120 the user indicates that a transfer process is requested, then control passes to block 126 where such process is initiated.
Returning to the determination at block 114 regarding whether the handheld field maintenance tool is safety flagged, if that determination is in the negative, then control passes to block 128 where it is determined whether the electronic memory is programmable. If the memory is not programmable, control passes to block 120. However, if the memory is programmable, control passes to block 116 and thereafter as indicated above.
Although the present invention has been described with reference to preferred embodiments, workers skilled in the art will recognize that changes may be made in form and detail without departing from the spirit and scope of the invention. For example, while authentication has been described above using the unique software identifier on the memory, additional unique identifiers, such as a serial number of the handheld tool, can be used to essentially lock a memory card to a handheld tool.
| Number | Name | Date | Kind |
|---|---|---|---|
| 3774693 | Orthman | Nov 1973 | A |
| 3955132 | Greenwood | May 1976 | A |
| 4290647 | Hensel et al. | Sep 1981 | A |
| 4337516 | Murphy et al. | Jun 1982 | A |
| 4535636 | Blackburn et al. | Aug 1985 | A |
| 4630265 | Sexton | Dec 1986 | A |
| 4630483 | Engdahl | Dec 1986 | A |
| 4635214 | Kasai et al. | Jan 1987 | A |
| 4707796 | Calabro et al. | Nov 1987 | A |
| 4749934 | Alexander et al. | Jun 1988 | A |
| 4825392 | Freeman | Apr 1989 | A |
| 4954923 | Hoeflich et al. | Sep 1990 | A |
| 4964125 | Kim | Oct 1990 | A |
| 4988990 | Warrior | Jan 1991 | A |
| 5005142 | Lipchak et al. | Apr 1991 | A |
| 5099539 | Forester | Mar 1992 | A |
| 5103409 | Shimizu et al. | Apr 1992 | A |
| 5113303 | Herres | May 1992 | A |
| 5148378 | Shibayama et al. | Sep 1992 | A |
| 5150289 | Badavas | Sep 1992 | A |
| 5197328 | Fitzgerald | Mar 1993 | A |
| 5412312 | Crass et al. | May 1995 | A |
| 5426774 | Banerjee et al. | Jun 1995 | A |
| 5434774 | Seberger | Jul 1995 | A |
| 5442639 | Crowder et al. | Aug 1995 | A |
| 5469156 | Kogure | Nov 1995 | A |
| 5471698 | Francis et al. | Dec 1995 | A |
| 5481200 | Voegele et al. | Jan 1996 | A |
| 5501107 | Snyder et al. | Mar 1996 | A |
| 5570300 | Henry et al. | Oct 1996 | A |
| 5573032 | Lenz et al. | Nov 1996 | A |
| 5581033 | Hess | Dec 1996 | A |
| 5598521 | Kilgore et al. | Jan 1997 | A |
| 5623605 | Keshav et al. | Apr 1997 | A |
| 5665899 | Willcox | Sep 1997 | A |
| 5697453 | Van Den Bosch | Dec 1997 | A |
| 5742845 | Wagner | Apr 1998 | A |
| 5752249 | Macon, Jr. et al. | May 1998 | A |
| 5764891 | Warrior | Jun 1998 | A |
| 5771287 | Gilley et al. | Jun 1998 | A |
| 5793963 | Tapperson et al. | Aug 1998 | A |
| 5828567 | Eryurek et al. | Oct 1998 | A |
| 5838187 | Embree | Nov 1998 | A |
| 5903455 | Sharpe et al. | May 1999 | A |
| 5909368 | Nixon et al. | Jun 1999 | A |
| 5923557 | Eidson | Jul 1999 | A |
| 5940290 | Dixon | Aug 1999 | A |
| 5956663 | Eryurek | Sep 1999 | A |
| 5960214 | Sharpe, Jr. et al. | Sep 1999 | A |
| 5970430 | Burns et al. | Oct 1999 | A |
| 5980078 | Krivoshein et al. | Nov 1999 | A |
| 5982899 | Probst | Nov 1999 | A |
| 5995916 | Nixon et al. | Nov 1999 | A |
| 6017143 | Eryurek et al. | Jan 2000 | A |
| 6023399 | Kogure | Feb 2000 | A |
| 6026352 | Burns et al. | Feb 2000 | A |
| 6037778 | Makhija | Mar 2000 | A |
| 6047222 | Burns et al. | Apr 2000 | A |
| 6052655 | Kobayashi et al. | Apr 2000 | A |
| 6091968 | Koohgoli et al. | Jul 2000 | A |
| 6094600 | Sharpe et al. | Jul 2000 | A |
| 6098095 | Nelson et al. | Aug 2000 | A |
| 6111738 | McGoogan | Aug 2000 | A |
| 6119047 | Eryurek et al. | Sep 2000 | A |
| 6179964 | Begemann et al. | Jan 2001 | B1 |
| 6192281 | Brown et al. | Feb 2001 | B1 |
| 6195591 | Nixon et al. | Feb 2001 | B1 |
| 6199018 | Quist et al. | Mar 2001 | B1 |
| 6211623 | Wilhelm et al. | Apr 2001 | B1 |
| 6236334 | Tapperson et al. | May 2001 | B1 |
| 6263487 | Stripf et al. | Jul 2001 | B1 |
| 6270920 | Nakanishi et al. | Aug 2001 | B1 |
| 6294287 | Lee et al. | Sep 2001 | B1 |
| 6298377 | Hartkainen et al. | Oct 2001 | B1 |
| 6304934 | Pimenta et al. | Oct 2001 | B1 |
| 6307483 | Westfield et al. | Oct 2001 | B1 |
| 6309986 | Flashinski et al. | Oct 2001 | B1 |
| 6312364 | Selsam | Nov 2001 | B1 |
| 6317701 | Pyotsia et al. | Nov 2001 | B1 |
| 6324607 | Korowitz et al. | Nov 2001 | B1 |
| 6356191 | Kirkpatrick et al. | Mar 2002 | B1 |
| 6370448 | Eryurek | Apr 2002 | B1 |
| 6377859 | Brown et al. | Apr 2002 | B1 |
| 6386456 | Chen et al. | May 2002 | B1 |
| 6397114 | Eryurek et al. | May 2002 | B1 |
| 6434504 | Eryurek et al. | Aug 2002 | B1 |
| 6444350 | Toya et al. | Sep 2002 | B1 |
| 6449574 | Eryurek et al. | Sep 2002 | B1 |
| 6473710 | Eryurek | Oct 2002 | B1 |
| 6487462 | Reeves | Nov 2002 | B1 |
| 6505517 | Eryurek et al. | Jan 2003 | B1 |
| 6519546 | Eryurek et al. | Feb 2003 | B1 |
| 6532392 | Eryurek et al. | Mar 2003 | B1 |
| 6539267 | Eryurek et al. | Mar 2003 | B1 |
| 6539384 | Zellner et al. | Mar 2003 | B1 |
| 6594603 | Eryurek et al. | Jul 2003 | B1 |
| 6594621 | Meeker | Jul 2003 | B1 |
| 6598828 | Fiebick et al. | Jul 2003 | B2 |
| 6601005 | Eryurek et al. | Jul 2003 | B1 |
| 6611775 | Coursolle et al. | Aug 2003 | B1 |
| 6615149 | Wehrs | Sep 2003 | B1 |
| 6629059 | Borgeson et al. | Sep 2003 | B2 |
| 6654697 | Eryurek et al. | Nov 2003 | B1 |
| 6656145 | Morton | Dec 2003 | B1 |
| 6697681 | Stoddard et al. | Feb 2004 | B1 |
| 6714969 | Klein et al. | Mar 2004 | B1 |
| 6733376 | Williams | May 2004 | B2 |
| 6748631 | Iguchi et al. | Jun 2004 | B2 |
| 6775271 | Johnson et al. | Aug 2004 | B1 |
| 6789205 | Patino et al. | Sep 2004 | B1 |
| 6834347 | Goodman et al. | Dec 2004 | B2 |
| 6851612 | Iasso et al. | Feb 2005 | B2 |
| 6889166 | Zielinski et al. | May 2005 | B2 |
| 6993664 | Padole et al. | Jan 2006 | B2 |
| 20010053065 | Cudini et al. | Dec 2001 | A1 |
| 20020004370 | Stengele et al. | Jan 2002 | A1 |
| 20020049909 | Jackson et al. | Apr 2002 | A1 |
| 20020065631 | Loechner | May 2002 | A1 |
| 20020077711 | Nixon et al. | Jun 2002 | A1 |
| 20020116540 | Maeda et al. | Aug 2002 | A1 |
| 20020123864 | Eryurek et al. | Sep 2002 | A1 |
| 20030017383 | Ura et al. | Jan 2003 | A1 |
| 20030023408 | Wight et al. | Jan 2003 | A1 |
| 20030023795 | Packwood et al. | Jan 2003 | A1 |
| 20030033040 | Billings | Feb 2003 | A1 |
| 20030058277 | Bowman-Amuah | Mar 2003 | A1 |
| 20030119568 | Menard | Jun 2003 | A1 |
| 20030158795 | Markham et al. | Aug 2003 | A1 |
| 20030181074 | Liu | Sep 2003 | A1 |
| 20030204373 | Zielinski et al. | Oct 2003 | A1 |
| 20040148503 | Sidman | Jul 2004 | A1 |
| 20040172526 | Tann et al. | Sep 2004 | A1 |
| 20040225796 | Hanson et al. | Nov 2004 | A1 |
| 20040230327 | Opheim et al. | Nov 2004 | A1 |
| 20040230899 | Pagnano et al. | Nov 2004 | A1 |
| 20040248619 | Graiger et al. | Dec 2004 | A1 |
| 20050036372 | Sasaki | Feb 2005 | A1 |
| 20060094466 | Tran | May 2006 | A1 |
| Number | Date | Country |
|---|---|---|
| 0 177 225 | Sep 1985 | EP |
| 0 633 420 | Jan 1995 | EP |
| 0 676 818 | Oct 1995 | EP |
| 1022626 | Jul 2000 | EP |
| 1 387 619 | Mar 1975 | GB |
| 2347232 | Aug 2000 | GB |
| 2753592 | Jan 1990 | JP |
| 2001-70224 | Mar 2001 | JP |
| WO9612993 | May 1996 | WO |
| WO9721157 | Jun 1997 | WO |
| WO9814855 | Apr 1998 | WO |
| WO9839718 | Sep 1998 | WO |
| WO0041050 | Jul 2000 | WO |
| WO 0055700 | Sep 2000 | WO |
| WO 0180331 | Oct 2001 | WO |
| WO 0102891 | Nov 2001 | WO |
| WO0227418 | Apr 2002 | WO |
| Number | Date | Country | |
|---|---|---|---|
| 20040230821 A1 | Nov 2004 | US |
