This disclosure relates generally to data processing and, in particular, to synchronizing operational parameters of an industrial machine with encrypted time.
Many industries, such as hydrocarbon exploration and power generation, can rely heavily upon continuous operation of machinery. In industrial environments, failure of machines can incur significant costs, due to repair expenses as well as loss of production and potential injury to workers. Considering machine failure risks, operating parameters of machine components (e.g., position, vibration, temperature, speed, etc.) can be monitored to detect potential machine failures and to prevent or timely address machine failures. Monitoring of operating parameters of machine components can provide long term benefits such as lower production costs, reduced equipment down time, improved reliability, and enhanced safety.
In some implementations, a method incudes receiving data characterizing a plurality of operating parameters associated with an industrial machine, and receiving data characterizing a plurality of encrypted time. The method also includes identifying a first encrypted time from the plurality of encrypted times based on temporal location of the first encrypted time relative to a first system time of a plurality of system time. A first operating parameter of the plurality of operating parameters is received at the first system time. The method further includes generating an operating data set including at least the first operating parameter and a new encrypted time based at least on the identified first encrypted time. The new encrypted time is tagged to the first operating parameter. The method also includes providing the operating data set.
One or more of the following features can be included in any feasible combination.
In some implementations, the method further includes identifying a second encrypted time from the plurality of encrypted times based on temporal location of the second encrypted time relative to a first system time. The first encrypted time is received at a second system time and the second encrypted time is received at a third system time. The method further includes determining an interpolated encrypted time associated with a first system time at least based on the first encrypted time and the second encrypted time. The method also includes setting the new encrypted time to the interpolated encrypted time. In some implementations, the first system time is temporally located between the second system time and the third system time. In some implementations, the first encrypted time is received at the first system time, and the new encrypted time is set to the first encrypted time.
In some implementations, the method further includes generating, by an encryption algorithm, the first plurality of encryption times. The encryption algorithm and the plurality of system time is synchronized with a time source. In some implementations, the method further includes receiving the operating data set including the new encrypted time; and generating, by a decryption algorithm, a decrypted time by at least decrypting the new encrypted time. In some implementations, the method further including controlling the operation of the industrial machine based on the operating data set.
In some implementations, a condition monitoring system is configured to receive the data characterizing the plurality of operating parameters from a sensor operatively coupled to the industrial machine, receive the data characterizing the plurality of encrypted times, and generate the operating data set. An encryption system is configured to execute the encryption algorithm, and a decryption system is configured to execute the decryption algorithm. The encryption and the decryption systems are separate from the condition monitoring system. In some implementations, a condition monitoring system is configured to receive the data characterizing the plurality of operating parameters from a sensor operatively coupled to the industrial machine, execute the encryption algorithm to generate the plurality of encrypted times, and generate the operating data set. A decryption system is configured to execute the decryption algorithm, the decryption system is separate from the condition monitoring system. In some implementations, a condition monitoring system is configured to receive the data characterizing the plurality of operating parameters from a sensor operatively coupled to the industrial machine, execute the encryption algorithm to generate the plurality of encrypted times, generate the operating data set, and execute the decryption algorithm.
Non-transitory computer program products (i.e., physically embodied computer program products) are also described that store instructions, which when executed by one or more data processors of one or more computing systems, causes at least one data processor to perform operations herein. Similarly, computer systems are also described that may include one or more data processors and memory coupled to the one or more data processors. The memory may temporarily or permanently store instructions that cause at least one processor to perform one or more of the operations described herein. In addition, methods can be implemented by one or more data processors either within a single computing system or distributed among two or more computing systems. Such computing systems can be connected and can exchange data and/or commands or other instructions or the like via one or more connections, including a connection over a network (e.g. the Internet, a wireless wide area network, a local area network, a wide area network, a wired network, or the like), via a direct connection between one or more of the multiple computing systems, etc.
These and other capabilities of the disclosed subject matter will be more fully understood after a review of the following figures, detailed description, and claims.
These and other features will be more readily understood from the following detailed description taken in conjunction with the accompanying drawings, in which:
When practical, like labels are used to refer to same or similar items in the drawings
Implementations of the present disclosure are generally directed to monitoring industrial systems. More particularly, implementations of the present disclosure are directed to monitoring industrial systems using a synchronization of operational parameters of an industrial machine with encrypted time. A computing device (e.g., a computer) can include a mechanism to maintain an internal system clock of the computing device. In some implementations, the system clock can be synchronized to an external time source (e.g., indicative of the time zone associated with the computing device). The system clock time can be included in data communications associated with the computing device. For example, a computing device associated with an industrial machine (e.g., a condition monitoring system) can communicate operating data such as vibration data, waveform data associated with the industrial machine. The communicated data can include time information (e.g., time at which the operating data was detected). The operating data can be communicated with a network of computing devices associated with industrial machines in an industrial enterprise (e.g., industrial machines at an oil and gas site).
The timing information communicated among the computing devices of an industrial enterprise can include a time stamp indicative of the internal system clock time (or system time) of the computing devices. The process of data communication (e.g., receiving/transmitting operating data, communicating with other computing device, etc.) can allow an outside party to intercept the data and access the system time of the computing device (or multiple computing devices in the industrial enterprise). The data interception can render the computing device (or network of computing devices) vulnerable to an external attack by the outside party. The prevention (or reduction) of data interception can reduce the vulnerability of the computing device to the external attack. The vulnerability reduction can be achieved, for example, by preventing transmission of system time during data transmission.
In some implementations, data communicated among computing devices can include encrypted time instead of system time. This can prevent an external party from accessing the system time of the computing devices. In some implementation, an encryption algorithm can be synchronized with an external time source that is synchronized with the system time of the computing devices (e.g., the external time generated by the external time source is the same as the system time of the computing devices). The encryption algorithm can generate encrypted time from the external time information provided by the external time source and provide the encrypted time to a computing device. The computing device can tag the operating data (e.g., received from the industrial machine) with the encrypted time based on the time of receiving the operating data and the encrypted time, and transmit the tagged operating data to a second computing device. The second computing device can execute a decryption algorithm that can decrypt the tagged encrypted time to generate the system time of the computing device(s).
Some implementations of condition monitoring system described below can provide a technical solution to the technical problem of transmitting system time over communication channel that can be accessed by an outside party and render the condition monitoring system vulnerable to an external attack. For example, the system time in the communication can be replaced by an encrypted time. In some implementations, the encrypted time can be generated by an encryption algorithm executed outside the condition monitoring system. The condition monitoring system is designed to tag the received encrypted time values with the received operating parameters and transmit an operating data set (that includes the encrypted time and the operating parameters) over the communication channel. As a result, an outside party does not have access to the system time of the condition monitoring system. In some implementations, the condition monitoring system can seamlessly operate for different rates (or periodicity) of the encrypted time and the operating parameters (e.g., different rates at which the encrypted time and the operating parameters are received by the condition monitoring system).
At step 102, data characterizing a plurality of operating parameters associated with an industrial machine can be received. The operating parameters can be detected by one or more sensors (pressure sensors, temperature sensors, movement sensors, velocity sensors, chemical concentration sensors, volume sensors, or any other types of sensors) operatively coupled to the industrial machine or one or more components (engines, chambers, pipes, compressor, turbine or any type of rotating or moving components) of the industrial machine. The operating parameters can be received, by a condition monitoring system, as packages of parameter variations over time between pair of different time points.
At step 104, data characterizing a plurality of encrypted times can be received. The plurality of encrypted times can be generated by an encrypted time source that can be synchronized with an external time source. The encrypted time source can execute an encryption algorithm that can receive the external time from the external time source and generate the encrypted time. In some implementation, an encryption algorithm can be synchronized with an external time source that is synchronized with the system time of a computing devices, such as a controller of the industrial machine. The external time can be generated by the external time source is the same as the system time of the computing devices). The encryption algorithm can generate encrypted time from the external time information provided by the external time source and provide the encrypted time to the computing device. The operating parameters and the encrypted time are described in detail with reference to
The CM system 202 can be communicatively coupled to an encrypted time source 212. For example, the CM system 202 can receive data characterizing a plurality of encrypted times from the encrypted time source 212. The encrypted time source 212 (encryption module) can be synchronized with an external time source 208 (digital timer or clock). For example, the encrypted source 212 can receive an external time, from the external time source 208, can execute an encryption algorithm using the received external time, and can generate the encrypted time. The encrypted time source 212 can transmit (broadcast) the encrypted time (e.g., periodically broadcast), which can be received by the CM system 202.
The CM system 202 operates on a system time that can by synchronized with an external time source 208. For example, CM 202 can be synchronized with the external time source 208 that provides external time to the encrypted time source 212. Alternately, CM 202 can be synchronized to a second external time source that is synchronized with the external time source 208 (e.g., both the external time source 208 and the second external time source generate the time associated with the local time zone). As a result, the external time generated by the external time source 208 and the system time of the CM system 202 are synchronized.
In some implementations, the plurality of encrypted times and the plurality of system time can be periodic with same or different periodicity. For example, the plurality of encrypted times can be periodically broadcasted at a first rate (e.g., r1) and can be received by the CM system 202. In other words, temporally adjacent encrypted time broadcast can be separated by a time duration t1 (where t1=1/r1). The plurality of system time can have a rate/periodicity r2. In other words, a given system time of the plurality of system time can last for a time duration t2 (where t2=1/r2). In some implementations, r1 can be equal to r2. As a result, a single encrypted time can be received for a given system time. Alternately, the rate of the plurality of system time (r2) can be greater than the rate (r2) at which the broadcasted plurality of encrypted times are received. As a result, the encrypted time may not be received for one or more system time temporally located between a first system time and a second system time, when a first encrypted time and a second encrypted time are received, respectively.
Returning to
Returning back to
In some implementations, new encrypted time values can be calculated (e.g., based on interpolation) or identified (for multiple operating parameter values, such as operating parameter values OP1-OP7) that are received at various system times (e.g., system time values 306). For example, a new encrypted time can be calculated when a corresponding encrypted time is not available (e.g., as described in
The new encrypted time values can be tagged to the corresponding operating parameter values in the operating data set. For example, as illustrated in
The CM system 202 can include a calculation unit 210 and a memory 220. The calculation unit 210 can execute steps 102-108. For example, the calculation unit 210 can receive the operating parameter values (e.g., OP1-OP7) and encrypted time values (e.g., ET1-ET4), and calculate the operating data set that includes new encrypted time values. In some implementations, the calculation unit 210 may also generate the system time values (e.g., based on external time generated by external time source). The CM system 202 can include a memory 220 that can store various information associated with the generation of the operating data set.
Returning back to
In some implementations, the second computing device 206 can be a controller. The controller can receive the operating parameters and the corresponding encrypted time values and control the operations on an industrial machine (e.g., industrial machine 204, another industrial machine in the industrial enterprise that includes the industrial machine 204, etc.). For example, the controller can stop an industrial machine (e.g., industrial machine 204) when one or more operating parameter values exceed a predetermined threshold value. Alternately, the controller can vary the operating state or operating parameter of the industrial machine, set an alarm, generate a notification, etc., based on the operating parameter values as a function of system time.
The controller can, among other things, monitor operating parameters of the industrial machine 204, send signals to actuate and/or adjust various operating parameters of such industrial machines 204. As shown in
The controller can be implemented with various levels of autonomy. In some implementations, the controller can alert an operator that an operating parameter is out of an optimal operating range (defined by a corresponding specification as corresponding to a functional range with low risk of leading to operational defects) during a period of time. For example, emissions that are above a target threshold along a set period of time can be identified in an alert sent to the operator who can adjusts engine parameter to move the emissions below the desired emissions threshold. In some implementations, the controller alerts the operator that an operating parameter is out of the optimal operating range (defined by a corresponding specification) during a period of time, and provides recommendations to the operator to adjust an operation of the industrial machine 204 to adjust the operational parameter to be within the operational range. The operator can select an option and the controller adjusts operations accordingly. In some implementations, the controller can determine that an operating parameter is out of the optimal operating range (defined by a corresponding specification) during a period of time, and can be configured to automatically change or otherwise adjusts operations of the industrial machine 204 to adjust the operating parameter within the optimal operating range with no input from the operator. The automatic adjustment of operating parameters can also prevent the industrial machine 204 from becoming unfunctional.
One skilled in the art will appreciate further features and advantages of the subject matter described herein based on the above-described embodiments. Accordingly, the present application is not to be limited specifically by what has been particularly shown and described. All publications and references cited herein are expressly incorporated herein by reference in their entirety.
Other embodiments are within the scope and spirit of the disclosed subject matter. Those skilled in the art will understand that the systems, devices, and methods specifically described herein and illustrated in the accompanying drawings are non-limiting examples of embodiments and that the scope of the present invention is defined solely by the claims. The features illustrated or described in connection with one exemplary embodiment may be combined with the features of other embodiments. Such modifications and variations are intended to be included within the scope of the present invention.
Further, in the present disclosure, like-named components of the embodiments generally have similar features, and thus within a particular embodiment each feature of each like-named component is not necessarily fully elaborated upon. Additionally, to the extent that linear or circular dimensions are used in the description of the disclosed systems, devices, and methods, such dimensions are not intended to limit the types of shapes that can be used in conjunction with such systems, devices, and methods. A person skilled in the art will recognize that an equivalent to such linear and circular dimensions can easily be determined for any geometric shape.
In the descriptions above and in the claims, phrases such as “at least one of” or “one or more of” may occur followed by a conjunctive list of elements or features. The term “and/or” may also occur in a list of two or more elements or features. Unless otherwise implicitly or explicitly contradicted by the context in which it is used, such a phrase is intended to mean any of the listed elements or features individually or any of the recited elements or features in combination with any of the other recited elements or features. For example, the phrases “at least one of A and B;” “one or more of A and B;” and “A and/or B” are each intended to mean “A alone, B alone, or A and B together.” A similar interpretation is also intended for lists including three or more items. For example, the phrases “at least one of A, B, and C;” “one or more of A, B, and C;” and “A, B, and/or C” are each intended to mean “A alone, B alone, C alone, A and B together, A and C together, B and C together, or A and B and C together.” In addition, use of the term “based on,” above and in the claims is intended to mean, “based at least in part on,” such that an unrecited feature or element is also permissible.
The subject matter described herein can be implemented in digital electronic circuitry, or in computer software, firmware, or hardware, including the structural means disclosed in this specification and structural equivalents thereof, or in combinations of them. The subject matter described herein can be implemented as one or more computer program products, such as one or more computer programs tangibly embodied in an information carrier (e.g., in a machine-readable storage device), or embodied in a propagated signal, for execution by, or to control the operation of, data processing apparatus (e.g., a programmable processor, a computer, or multiple computers). A computer program (also known as a program, software, software application, or code) can be written in any form of programming language, including compiled or interpreted languages, and it can be deployed in any form, including as a stand-alone program or as a module, component, subroutine, or other unit suitable for use in a computing environment. A computer program does not necessarily correspond to a file. A program can be stored in a portion of a file that holds other programs or data, in a single file dedicated to the program in question, or in multiple coordinated files (e.g., files that store one or more modules, sub-programs, or portions of code). A computer program can be deployed to be executed on one computer or on multiple computers at one site or distributed across multiple sites and interconnected by a communication network.
The processes and logic flows described in this specification, including the method steps of the subject matter described herein, can be performed by one or more programmable processors executing one or more computer programs to perform functions of the subject matter described herein by operating on input data and generating output. The processes and logic flows can also be performed by, and apparatus of the subject matter described herein can be implemented as, special purpose logic circuitry, e.g., an FPGA (field programmable gate array) or an ASIC (application-specific integrated circuit).
Processors suitable for the execution of a computer program include, by way of example, both general and special purpose microprocessors, and any one or more processor of any kind of digital computer. Generally, a processor will receive instructions and data from a read-only memory or a random access memory or both. The essential elements of a computer are a processor for executing instructions and one or more memory devices for storing instructions and data. Generally, a computer will also include, or be operatively coupled to receive data from or transfer data to, or both, one or more mass storage devices for storing data, e.g., magnetic, magneto-optical disks, or optical disks. Information carriers suitable for embodying computer program instructions and data include all forms of non-volatile memory, including by way of example semiconductor memory devices, (e.g., EPROM, EEPROM, and flash memory devices); magnetic disks, (e.g., internal hard disks or removable disks); magneto-optical disks; and optical disks (e.g., CD and DVD disks). The processor and the memory can be supplemented by, or incorporated in, special purpose logic circuitry.
To provide for interaction with a user, the subject matter described herein can be implemented on a computer having a display device, e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor, for displaying information to the user and a keyboard and a pointing device, (e.g., a mouse or a trackball), by which the user can provide input to the computer. Other kinds of devices can be used to provide for interaction with a user as well. For example, feedback provided to the user can be any form of sensory feedback, (e.g., visual feedback, auditory feedback, or tactile feedback), and input from the user can be received in any form, including acoustic, speech, or tactile input.
The techniques described herein can be implemented using one or more modules. As used herein, the term “module” refers to computing software, firmware, hardware, and/or various combinations thereof. At a minimum, however, modules are not to be interpreted as software that is not implemented on hardware, firmware, or recorded on a non-transitory processor readable recordable storage medium (i.e., modules are not software per se). Indeed “module” is to be interpreted to always include at least some physical, non-transitory hardware such as a part of a processor or computer. Two different modules can share the same physical hardware (e.g., two different modules can use the same processor and network interface). The modules described herein can be combined, integrated, separated, and/or duplicated to support various applications. Also, a function described herein as being performed at a particular module can be performed at one or more other modules and/or by one or more other devices instead of or in addition to the function performed at the particular module. Further, the modules can be implemented across multiple devices and/or other components local or remote to one another. Additionally, the modules can be moved from one device and added to another device, and/or can be included in both devices.
The subject matter described herein can be implemented in a computing system that includes a back-end component (e.g., a data server), a middleware component (e.g., an application server), or a front-end component (e.g., a client computer having a graphical user interface or a web browser through which a user can interact with an implementation of the subject matter described herein), or any combination of such back-end, middleware, and front-end components. The components of the system can be interconnected by any form or medium of digital data communication, e.g., a communication network. Examples of communication networks include a local area network (“LAN”) and a wide area network (“WAN”), e.g., the Internet.
Approximating language, as used herein throughout the specification and claims, may be applied to modify any quantitative representation that could permissibly vary without resulting in a change in the basic function to which it is related. Accordingly, a value modified by a term or terms, such as “about” and “substantially,” are not to be limited to the precise value specified. In at least some instances, the approximating language may correspond to the precision of an instrument for measuring the value. Here and throughout the specification and claims, range limitations may be combined and/or interchanged, such ranges are identified and include all the sub-ranges contained therein unless context or language indicates otherwise.
The present application claims priority to U.S. Provisional Patent Appl. No. 63/325,996 to Hess et al., filed Mar. 31, 2022, and entitled “Secure Time Synchronization,” and incorporates its disclosure herein by reference in its entirety.
Number | Date | Country | |
---|---|---|---|
63325996 | Mar 2022 | US |