Abstract: An edge controller may be used for obtaining device data from one or more local devices at a local facility and to provide a representation of at least some of the device data to a remote server. The edge controller may include a network communication port, a cellular communication port and a device communication port. A controller is operatively coupled to the network communication port, the cellular communication port and the device communication port and is configured to receive configuration information and to install the received configuration information on the edge controller. The installed configuration information configures the controller to obtain the device data from the one or more local devices and to send a representation of at least some of the device data to the remote server.

Abstract: A method of securing data in an industrial processing facility (IPF) includes creating a private blockchain (PB) using a OPC UA standard functionality and storing the PB in an OPC UA address space adding it to an OPC UA communication protocol framework including edge-nodes coupled to a cloud-based or edge-located data storage. The edge-nodes are PB participant nodes, and a regulator or leader assigns them a single role as a blockmaker, block voter, or observer. The hash in the public ledger is updated once a new block is validated by a majority of the block voters, and the new block is propagated to all PB participant nodes. The regulator, leader or observer utilizes a time bound majority voting consensus to determine whether the PB participant nodes come to a consensus on a current state in the storage medium, and if a consensus the new block added to the public ledger.

Abstract: A method of controlling tunneling in a communication network of an industrial process facility including a client computer and server computer running different communication protocols coupled by the communication network. The method includes providing the client and server computer with a processor connected to a memory. The processor implements a tunneling reliability program including a training model including labeled groups representing reliability data and security data determined from data sources received across the communication network and a learning classifying algorithm for classifying the reliability data and security data as being reliable or not reliable. The processor determines if the communication network is reliable based on the classified reliability data and security data. In response to determining that the communication network is not reliable or secure a notification is generated for a user that the communication network is not reliable and the notification is transmitted to the user.

Abstract: A method and apparatus for identifying malicious activity. At least one memory is configured to store historical communication data. At least one processor is configured to retrieve the historical communication data related to communications between a server and a plurality of clients in a system. The processor is further configured to cluster the historical communication data to group communications of the historical communication data. The processor is further configured to identify a plurality of patterns that indicate malicious activity based on the grouped communications. The processor is further configured to receive current communication data. The processor is further configured to determine whether the current communication data matches the one of the plurality of patterns.

Abstract: A method of securing data in an industrial processing facility (IPF) includes creating a private blockchain (PB) using a OPC UA standard functionality and storing the PB in an OPC UA address space adding it to an OPC UA communication protocol framework including edge-nodes coupled to a cloud-based or edge-located data storage. The edge-nodes are PB participant nodes, and a regulator or leader assigns them a single role as a blockmaker, block voter, or observer. The hash in the public ledger is updated once a new block is validated by a majority of the block voters, and the new block is propagated to all PB participant nodes. The regulator, leader or observer utilizes a time bound majority voting consensus to determine whether the PB participant nodes come to a consensus on a current state in the storage medium, and if a consensus the new block added to the public ledger.

Abstract: A method and apparatus for identifying malicious activity. At least one memory is configured to store historical communication data. At least one processor is configured to retrieve the historical communication data related to communications between a server and a plurality of clients in a system. The processor is further configured to cluster the historical communication data to group communications of the historical communication data. The processor is further configured to identify a plurality of patterns that indicate malicious activity based on the grouped communications. The processor is further configured to receive current communication data. The processor is further configured to determine whether the current communication data matches the one of the plurality of patterns.

Abstract: A head mounted combination for use in an industrial facility includes an eye shield and an augmented reality headset computer system for communicating over a wireless channel including a processor, system memory, transceiver, a location, orientation and a gaze sensor. A display(s) is embedded in or on an inside surface of the eye shield or lens and coupled to the processor. Client software stored in the system memory determines what the user is looking at together with a 3D model of system elements in the industrial facility used for overlaying computer generated representations of viewed system elements within the user's field of view. Display marker(s) is added to the viewed system elements which have further data available to indicate availability. Responsive to the user triggering the display marker, the first element data is displayed in the display for viewing by the user together with the real world view.

Abstract: A system, method and computer program product for dynamically changing access tokens in a communication system. A client computer system is communicatively coupled by a communication channel to at least one target server. The client computer system includes a processor connected to a storage device that has a non-transitory machine-readable storage medium. The storage device stores a connection failure recovery program. The client computer system is programmed to implement the connection failure recovery program. The client computer system initiates a session by transmitting a first request for a connection to the target server using a first token type such as a client security token and if the first request fails, transmits a second request for a connection to the target server using a different token type.

Abstract: A system and method which dynamically generate proxy connections in a communication system. A client computer system has a processor that is coupled by a communications path including at least one proxy connection to a first target server. An algorithm for dynamically generating proxy connections is stored in machine readable storage. The algorithm is implemented by the processor causing the client computer system to execute generating an additional one of the proxy connections in response to receiving a request and to generate a program identifier which identifies the additional proxy connection. The processor determines if the program identifier is a unique program identifier. If the program identifier is not unique, the processor changes the identifier to render it a modified program identifier so that it is unique and stores the program identifier or the modified program identifier to a configuration file at the client computer system.

Abstract: A system and method of diagnosing and correcting errors in a server computer. A server computer is coupled by a communication path to a client computer. A storage device stores a diagnostic error detecting and correcting program and the server computer is programmed to implement the diagnostic error detecting and correcting program. The server computer detects several selected operating parameters during operation of the server process and determines if at least a first of the selected operating parameters are outside a pre-determined specification for the selected operating parameters. In response to the selected operating parameters being outside the pre-determined specification, the server computer notifies the client computer of an error with the server process. The server computer can also detect communication errors and attempt to restore communications by modifying communication parameter(s).

Abstract: A system and method of diagnosing and correcting errors in a server computer. A server computer is coupled by a communication path to a client computer. A storage device stores a diagnostic error detecting and correcting program and the server computer is programmed to implement the diagnostic error detecting and correcting program. The server computer detects several selected operating parameters during operation of the server process and determines if at least a first of the selected operating parameters are outside a pre-determined specification for the selected operating parameters. In response to the selected operating parameters being outside the pre-determined specification, the server computer notifies the client computer of an error with the server process. The server computer can also detect communication errors and attempt to restore communications by modifying communication parameter(s).

Abstract: A system, method and computer program product for dynamically changing access tokens in a communication system. A client computer system is communicatively coupled by a communication channel to at least one target server. The client computer system includes a processor connected to a storage device that has a non-transitory machine-readable storage medium. The storage device stores a connection failure recovery program. The client computer system is programmed to implement the connection failure recovery program. The client computer system initiates a session by transmitting a first request for a connection to the target server using a first token type such as a client security token and if the first request fails, transmits a second request for a connection to the target server using a different token type.

Abstract: A system and method which dynamically generate proxy connections in a communication system. A client computer system has a processor that is coupled by a communications path including at least one proxy connection to a first target server. An algorithm for dynamically generating proxy connections is stored in machine readable storage. The algorithm is implemented by the processor causing the client computer system to execute generating an additional one of the proxy connections in response to receiving a request and to generate a program identifier which identifies the additional proxy connection. The processor determines if the program identifier is a unique program identifier. If the program identifier is not unique, the processor changes the identifier to render it a modified program identifier so that it is unique and stores the program identifier or the modified program identifier to a configuration file at the client computer system.