What technology area does this patent fall under?

Primary CPC classification H04L41/08. Mapped technology areas include Electricity.

When was this patent published?

Publication date Thu May 26 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).

Process plant network with secured external access

US2016147206A1 · US · A1

Patent metadata
Field	Value
Publication number	US-2016147206-A1
Application number	US-201414549909-A
Country	US
Kind code	A1
Filing date	Nov 21, 2014
Priority date	Nov 21, 2014
Publication date	May 26, 2016
Grant date	—

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

A process control system having an external data server that provides process control data to external networks via one or more firewalls implements a cost-effective security mechanism that reduces or eliminates the ability of the external data server to be compromised by viruses or other security attacks. The security mechanism includes a DMZ gateway disposed outside of the process control network that connects to an external data server located within the process control network. A configuration engine is located within the process control network and configures the external data server to publish one or more preset or pre-established data views to the DMZ gateway, which then receives the data/events/alarms as defined by the data views from the control system automatically, without performing read and write requests to the external data server. The DMZ gateway then republishes the data within the data views on an external network to make the process control data within the published data views available to one or more client applications connected to the external network. Because this security mechanism does not support client read, write, or configuration access to the external data server within the control system, this security mechanism limits the opportunity of viruses to use the structure in the DMZ gateway device to access the process control network.

First claim

Opening claim text (preview).

What is claimed is: 1 . A communication system, comprising: a process control network including a plurality of process control devices communicatively connected together; an external data server disposed within the process control network; an external communications network disposed outside of the process control network; a gateway device communicatively coupled between the external data server and the external communications network; and a configuration application stored on a computer memory within a device within the process control network, that executes on a processor within the device within the process control network to configure the external data server to publish data to the external communications network according to one or more data views, wherein each of the one or more data views defines a set of process control data to be published. 2 . The communication system of claim 1 , wherein the configuration application further executes on the processor within the device within the process control network to configure the external data server to include data view files specifying the data within one or more data views and to publish the data view files to the gateway device connected to the external communications network. 3 . The communication system of claim 1 , wherein the external data server is unable to respond to read calls from the gateway device. 4 . The communication system of claim 1 , wherein the external data server is unable to respond to write calls from the gateway device. 5 . The communication system of claim 1 , wherein the external data server is unable to respond to configuration calls from the gateway device. 6 . The communication system of claim 1 , wherein one of the one or more data views specifies a set of process control data generated or collected by one more process controllers within the process control network. 7 . The communication system of claim 1 , wherein one of the one or more data views specifies process control data generated or collected by one more field devices within the process control network. 8 . The communication system of claim 1 , wherein one of the one or more data views specifies process control configuration data stored in a memory of a further device within the process control network. 9 . The communication system of claim 1 , wherein one of the one or more data views specifies maintenance data about one or more process control devices within the process control network. 10 . The communication system of claim 1 , wherein the configuration application executes to configure the external data server to periodically publish data according to the one or more data views. 11 . The communication system of claim 1 , wherein the external data server conforms to the OPC protocol. 12 . The communication system of claim 1 , wherein the external data server is configured to receive and act upon configuration commands only from devices within the process control network. 13 . The communication system of claim 1 , wherein the configuration application is stored and executed within the external data server. 14 . The communication system of claim 1 , further including a data or event historian disposed within the process control network and wherein the external data server obtains some of the process control data defined by the one or more data views from the data or event historian. 15 . The communication system of claim 1 , wherein the gateway device includes a firewall. 16 . The communication system of claim 1 , wherein the gateway device is configured to republish data according to the one or more data views as received from the external data server to one or more client applications on the external communications network. 17 . The communication system of claim 1 , wherein the gateway device is unable to execute read or write or configuration calls to the external data server. 18 . A communication system, comprising: a process control network including a plurality of process control devices communicatively connected together; an external data server disposed within the process control network; an external communications network disposed outside of the process control network; and a gateway device communicatively coupled between the external data server and the external communications network; wherein the external data server stores one or more data view files and executes to publish data to the gateway device according to one or more data view files, wherein each of the one or more data view files defines a set of process control data from within the process control network to be published and wherein the gateway device stores a set of further data view files defining data to be received from the external data server via publications from the external data server and the gateway device is configured to republish data to one or more client applications connected to the external communications network using the set of further data view files. 19 . The communication system of claim 18 , wherein the external data server periodically publishes data to the gateway device according to the one or more data view files. 20 . The communication system of claim 18 , further including a configuration application stored within a device within the process control network that executes to configure the external data server to store the one or more data view files. 21 . The communication system of claim 20 , wherein the configuration application is stored in the external data server. 22 . The communication system of claim 18 , wherein the gateway device stores the one or more further data view files. 23 . The communication system of claim 18 , wherein the external data server is configured to be unable to respond to read or write calls from the gateway device. 24 . The communication system of claim 18 , wherein the gateway device includes a firewall disposed between the external data server and the external communications network. 25 . The communication system of claim 18 , wherein the gateway device is configured to be unable to send read or write calls to the external data server. 26 . The communication system of claim 18 , wherein the external data server is configured to only respond to configuration commands from a source within the process control network. 27 . The communication system of claim 18 , wherein the external data server is configured to obtain data defined by the one or more data views via the process control network. 28 . A method of securely providing information from a process control network to an external communications network in a system having an external data server coupled within the process control network and that is communicatively connected to a gateway device that is connected to the external communications network, comprising: storing one or more data view files in the external data server, wherein each data view file specifies a set of process control data to be regularly published to the external communications network; configuring the external data server to communicate with the gateway device using data publish signals; causing the external data server to automatically publish process control data specified by the one or more data view files to the gateway device; and preventing the external data server from responding to read, write

Assignees

Fisher Rosemount Systems Inc

Inventors

Classifications

H04L41/08Primary
Configuration management of networks or network elements (address allocation H04L61/50) · CPC title
G05B15/02Primary
electric · CPC title
H04L12/462
LAN interconnection over a bridge based backbone · CPC title
H04L12/66
Arrangements for connecting between networks having differing types of switching systems, e.g. gateways · CPC title
G05B19/4185
characterised by the network communication · CPC title

Patent family

Related publications grouped by family.

View patent family 55132789

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US2016147206A1 cover?: A process control system having an external data server that provides process control data to external networks via one or more firewalls implements a cost-effective security mechanism that reduces or eliminates the ability of the external data server to be compromised by viruses or other security attacks. The security mechanism includes a DMZ gateway disposed outside of the process control net…
Who is the assignee on this patent?: Fisher Rosemount Systems Inc
What technology area does this patent fall under?: Primary CPC classification H04L41/08. Mapped technology areas include Electricity.
When was this patent published?: Publication date Thu May 26 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).